diff --git a/.github/ISSUE_TEMPLATE/release.md b/.github/ISSUE_TEMPLATE/release.md index f88324eb3..92441d0b2 100644 --- a/.github/ISSUE_TEMPLATE/release.md +++ b/.github/ISSUE_TEMPLATE/release.md @@ -78,7 +78,7 @@ title: 'vX.Y.Z release' git push origin "v$NEW_RELEASE" - [ ] Ping [`hubble-maintainers` team] on Slack to get an approval to run - [Image Release Build workflow]. + [Release workflow]. - [ ] Wait for the [`Create a release` workflow] to finish. - [ ] Find the release draft in the [Releases page]. Copy and paste release notes from CHANGELOG.md, and click on `Publish release` button. @@ -95,7 +95,7 @@ title: 'vX.Y.Z release' and then open a pull request against the `main` branch, get it reviewed and merged. [Cilium release tool]: https://github.com/cilium/release -[Image Release Build workflow]: https://github.com/cilium/hubble/actions/workflows/build-images-release.yaml +[Release workflow]: https://github.com/cilium/hubble/actions/workflows/release.yml [`hubble-maintainers` team]: https://github.com/orgs/cilium/teams/hubble-maintainers [Releases page]: https://github.com/cilium/hubble/releases [Cilium Slack #general channel]: https://cilium.slack.com/archives/C1MATJ5U5 diff --git a/.github/renovate.json5 b/.github/renovate.json5 index da9250f61..1363ec9dd 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -9,7 +9,6 @@ "gitAuthor": "renovate[bot] ", "includePaths": [ ".github/workflows/**", - "Dockerfile", "go.mod", "go.sum", "Makefile", diff --git a/.github/workflows/build-images-release.yaml b/.github/workflows/build-images-release.yaml deleted file mode 100644 index 9f4bf784c..000000000 --- a/.github/workflows/build-images-release.yaml +++ /dev/null @@ -1,155 +0,0 @@ -name: Image Release Build - -# Any change in triggers needs to be reflected in the concurrency group. -on: - push: - branches: - - main - tags: - - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10 - pull_request: - branches: - - main - - v* - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }} - cancel-in-progress: true - -permissions: read-all - -jobs: - determine-deployment: - if: ${{ github.repository == 'cilium/hubble' }} - name: Determine Deployment - runs-on: ubuntu-24.04 - steps: - - name: Determine deployment environment - id: environment - # use 'release' deployment if the workflow was triggered on a pushed tag starting with "v" - run: | - echo "deployment=${{ (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) && 'release' || '' }}" >> $GITHUB_OUTPUT - outputs: - name: ${{ steps.environment.outputs.deployment }} - - build-and-push: - if: ${{ github.repository == 'cilium/hubble' }} - environment: ${{ needs.determine-deployment.outputs.name }} - runs-on: ubuntu-24.04 - needs: determine-deployment - strategy: - # matrix for easier code-sharing with workflows from cilium/cilium - matrix: - include: - - name: hubble - dockerfile: ./Dockerfile - - steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - - - name: Login to quay.io - if: ${{ needs.determine-deployment.outputs.name == 'release' }} - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 - with: - registry: quay.io - username: ${{ secrets.QUAY_USERNAME_RELEASE_USERNAME }} - password: ${{ secrets.QUAY_PASSWORD_RELEASE_PASSWORD }} - - - name: Getting image tag - id: tag - run: | - echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT - - - name: Checkout Source Code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - - name: Release Build ${{ matrix.name }} - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 - id: docker_build_release - with: - context: . - file: ${{ matrix.dockerfile }} - push: ${{ needs.determine-deployment.outputs.name == 'release' }} - platforms: linux/amd64,linux/arm64 - tags: | - quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }} - - - name: Image Release Digest - shell: bash - run: | - mkdir -p image-digest/ - job_name=${{ matrix.name }} - job_name_capital=${job_name^^} - job_name_underscored=${job_name_capital//-/_} - echo "${job_name_underscored}_DIGEST := \"${{ steps.docker_build_release.outputs.digest }}\"" > image-digest/makefile-digest.txt - - echo "### ${{ matrix.name }}" > image-digest/${{ matrix.name }}.txt - echo "" >> image-digest/${{ matrix.name }}.txt - echo "\`quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_release.outputs.digest }}\`" >> image-digest/${{ matrix.name }}.txt - echo "" >> image-digest/${{ matrix.name }}.txt - - # Upload artifact digests - - name: Upload artifact digests - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 - with: - name: image-digest ${{ matrix.name }} - path: image-digest - retention-days: 1 - - image-digests: - if: ${{ github.repository == 'cilium/hubble' }} - name: Display Digests - runs-on: ubuntu-24.04 - needs: build-and-push - steps: - - name: Getting image tag - id: tag - run: | - echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT - - name: Downloading Image Digests - shell: bash - run: | - mkdir -p image-digest/ - - - name: Download digests of all images built - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - pattern: "*image-digest *" - path: image-digest/ - - - name: Image Digests Output - shell: bash - run: | - cd image-digest/ - echo "## Docker Manifests" > ../image-digest-output.txt - echo "" >> ../image-digest-output.txt - find -type f -not -name "makefile-digest.txt" | sort | xargs -d '\n' cat >> ../image-digest-output.txt - - - name: Image Makefile Digests - shell: bash - run: | - cd image-digest/ - echo "# File generated by .github/workflows/build-images-releases.yaml; DO NOT EDIT." > ../Makefile.digests - echo "# Copyright "$(date +'%Y')" Authors of Cilium" >> ../Makefile.digests - echo "# SPDX-License-Identifier: Apache-2.0" >> ../Makefile.digests - echo "" >> ../Makefile.digests - find -type f -name "makefile-digest.txt" | sort | xargs -d '\n' cat >> ../Makefile.digests - - # Upload artifact digests - - name: Upload artifact digests - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 - with: - name: image-digest-output.txt-${{ steps.tag.outputs.tag }} - path: image-digest-output.txt - retention-days: 1 - - # Upload artifact digests - - name: Upload artifact digests - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 - with: - name: Makefile.digests-${{ steps.tag.outputs.tag }} - path: Makefile.digests - retention-days: 1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e9482194e..6df109d22 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,6 +9,7 @@ name: Create a release jobs: build: name: Create Release + environment: release if: github.repository == 'cilium/hubble' runs-on: ubuntu-24.04 steps: diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 0757d18fd..000000000 --- a/Dockerfile +++ /dev/null @@ -1,18 +0,0 @@ -FROM docker.io/library/golang:1.23.4-alpine3.19@sha256:5f3336882ad15d10ac1b59fbaba7cb84c35d4623774198b36ae60edeba45fd84 as builder -WORKDIR /go/src/github.com/cilium/hubble -RUN apk add --no-cache git make -COPY . . -RUN make clean && make hubble - -# NOTE: As of 2021-07-14, Alpine 3.11, 3.13 and 3.14 suffer from a bug in -# busybox[0] that affects busybox's nslookup implementation. Under certain -# conditions that typically depend on `/etc/resolv.conf` configuration, -# nslookup returns with exit code 1 instead of 0 even when the given name is -# resolved successfully. More information about the bug can be found on this -# thread[1]. -# [0]: https://bugs.busybox.net/show_bug.cgi?id=12541 -# [1]: https://github.com/gliderlabs/docker-alpine/issues/539 -FROM docker.io/library/alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 -RUN apk add --no-cache bash curl jq -COPY --from=builder /go/src/github.com/cilium/hubble/hubble /usr/bin -CMD ["/usr/bin/hubble"]