From 80a8cfb6a6b2c3a3ea93842baa234cae37b23056 Mon Sep 17 00:00:00 2001 From: Pepe Fagoaga Date: Wed, 21 Dec 2022 11:47:32 +0100 Subject: [PATCH] fix(build-push): Update for 3.0 (#1563) --- .../workflows/build-lint-push-containers.yml | 88 +++++++++---------- .github/workflows/pull-request.yml | 8 +- 2 files changed, 45 insertions(+), 51 deletions(-) diff --git a/.github/workflows/build-lint-push-containers.yml b/.github/workflows/build-lint-push-containers.yml index a734ecfa..ace8673a 100644 --- a/.github/workflows/build-lint-push-containers.yml +++ b/.github/workflows/build-lint-push-containers.yml @@ -3,21 +3,23 @@ name: build-lint-push-containers on: push: branches: - - 'master' + - "master" paths-ignore: - - '.github/**' - - 'README.md' + - ".github/**" + - "README.md" release: - types: [published] + types: [published, edited] env: AWS_REGION_STG: eu-west-1 + AWS_REGION_PLATFORM: eu-west-1 AWS_REGION_PRO: us-east-1 IMAGE_NAME: prowler LATEST_TAG: latest + STABLE_TAG: stable TEMPORARY_TAG: temporary - DOCKERFILE_PATH: util/Dockerfile + DOCKERFILE_PATH: ./Dockerfile jobs: # Lint Dockerfile using Hadolint @@ -45,14 +47,11 @@ jobs: # needs: dockerfile-linter runs-on: ubuntu-latest steps: - - - name: Checkout + - name: Checkout uses: actions/checkout@v3 - - - name: Set up Docker Buildx + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - - name: Build + - name: Build uses: docker/build-push-action@v2 with: # Without pushing to registries @@ -60,8 +59,7 @@ jobs: tags: ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} file: ${{ env.DOCKERFILE_PATH }} outputs: type=docker,dest=/tmp/${{ env.IMAGE_NAME }}.tar - - - name: Share image between jobs + - name: Share image between jobs uses: actions/upload-artifact@v2 with: name: ${{ env.IMAGE_NAME }}.tar @@ -102,27 +100,23 @@ jobs: runs-on: ubuntu-latest permissions: id-token: write - contents: read # This is required for actions/checkout + contents: read # This is required for actions/checkout steps: - - - name: Get container image from shared + - name: Get container image from shared uses: actions/download-artifact@v2 with: name: ${{ env.IMAGE_NAME }}.tar path: /tmp - - - name: Load Docker image + - name: Load Docker image run: | docker load --input /tmp/${{ env.IMAGE_NAME }}.tar docker image ls -a - - - name: Login to DockerHub + - name: Login to DockerHub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Login to Public ECR + - name: Login to Public ECR uses: docker/login-action@v2 with: registry: public.ecr.aws @@ -130,68 +124,68 @@ jobs: password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }} env: AWS_REGION: ${{ env.AWS_REGION_PRO }} - - - name: Configure AWS Credentials -- STG + - name: Configure AWS Credentials -- STG if: github.event_name == 'push' uses: aws-actions/configure-aws-credentials@v1 with: aws-region: ${{ env.AWS_REGION_STG }} role-to-assume: ${{ secrets.STG_IAM_ROLE_ARN }} role-session-name: build-lint-containers-stg - - - name: Login to ECR -- STG + - name: Login to ECR -- STG if: github.event_name == 'push' uses: docker/login-action@v2 with: registry: ${{ secrets.STG_ECR }} - - - name: Configure AWS Credentials -- PRO + - name: Configure AWS Credentials -- PLATFORM if: github.event_name == 'release' uses: aws-actions/configure-aws-credentials@v1 with: - aws-region: ${{ env.AWS_REGION_PRO }} - role-to-assume: ${{ secrets.PRO_IAM_ROLE_ARN }} + aws-region: ${{ env.AWS_REGION_PLATFORM }} + role-to-assume: ${{ secrets.STG_IAM_ROLE_ARN }} role-session-name: build-lint-containers-pro - - - name: Login to ECR -- PRO + - name: Login to ECR -- PLATFORM if: github.event_name == 'release' uses: docker/login-action@v2 with: - registry: ${{ secrets.PRO_ECR }} - - - # Push to master branch - push "latest" tag + registry: ${{ secrets.PLATFORM_ECR }} + - # Push to master branch - push "latest" tag name: Tag (latest) if: github.event_name == 'push' run: | - docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.STG_ECR }}/${{ secrets.STG_ECR_REPOSITORY }}:${{ env.LATEST_TAG }} + docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PLATFORM_ECR }}/${{ secrets.PLATFORM_ECR_REPOSITORY }}:${{ env.LATEST_TAG }} docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }} docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }} - - - # Push to master branch - push "latest" tag + - # Push to master branch - push "latest" tag name: Push (latest) if: github.event_name == 'push' run: | - docker push ${{ secrets.STG_ECR }}/${{ secrets.STG_ECR_REPOSITORY }}:${{ env.LATEST_TAG }} + docker push ${{ secrets.PLATFORM_ECR }}/${{ secrets.PLATFORM_ECR_REPOSITORY }}:${{ env.LATEST_TAG }} docker push ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }} docker push ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }} - - - # Push the new release + - # Tag the new release (stable and release tag) name: Tag (release) if: github.event_name == 'release' run: | - docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PRO_ECR }}/${{ secrets.PRO_ECR }}:${{ github.event.release.tag_name }} + docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PLATFORM_ECR }}/${{ secrets.PLATFORM_ECR_REPOSITORY }}:${{ github.event.release.tag_name }} docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }} docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }} - - - # Push the new release + + docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PLATFORM_ECR }}/${{ secrets.PLATFORM_ECR_REPOSITORY }}:${{ env.STABLE_TAG }} + docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }} + docker tag ${{ env.IMAGE_NAME }}:${{ env.TEMPORARY_TAG }} ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }} + + - # Push the new release (stable and release tag) name: Push (release) if: github.event_name == 'release' run: | - docker push ${{ secrets.PRO_ECR }}/${{ secrets.PRO_ECR }}:${{ github.event.release.tag_name }} + docker push ${{ secrets.PLATFORM_ECR }}/${{ secrets.PLATFORM_ECR_REPOSITORY }}:${{ github.event.release.tag_name }} docker push ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }} docker push ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ github.event.release.tag_name }} - - - name: Delete artifacts + + docker push ${{ secrets.PLATFORM_ECR }}/${{ secrets.PLATFORM_ECR_REPOSITORY }}:${{ env.STABLE_TAG }} + docker push ${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }} + docker push ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }} + - name: Delete artifacts if: always() uses: geekyeggo/delete-artifact@v1 with: diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 9299ad04..66319191 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -1,12 +1,12 @@ -name: Lint & Test +name: pr-lint-test on: push: branches: - - "prowler-3.0-dev" + - "master" pull_request: branches: - - "prowler-3.0-dev" + - "master" jobs: build: @@ -30,7 +30,7 @@ jobs: VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \ grep '"tag_name":' | \ sed -E 's/.*"v([^"]+)".*/\1/' \ - ) && curl -L -o /tmp/hadolint https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64 \ + ) && curl -L -o /tmp/hadolint "https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64" \ && chmod +x /tmp/hadolint - name: Lint with flake8 run: |