new(CI): add integration workflow

Signed-off-by: Aldo Lacuku <[email protected]>
falcosecurity · Nov 20, 2023 · 8e11d06 · 8e11d06
1 parent 0ab54aa
commit 8e11d06
Show file tree

Hide file tree

Showing 3 changed files with 199 additions and 12 deletions.
diff --git a/.github/workflows/docker-image.yaml b/.github/workflows/docker-image.yaml
@@ -0,0 +1,86 @@
+name: docker-image
+
+on:
+  workflow_call:
+    inputs:
+      release:
+        required: true
+        type: string
+      commit:
+        required: true
+        type: string
+      build_date:
+        required: true
+        type: string
+      sign:
+        required: false
+        default: false
+        type: boolean
+    outputs:
+      digest:
+        description: The digest of the pushed image.
+        value: ${{ jobs.docker-image.outputs.digest }}
+
+jobs:
+  docker-image:
+    runs-on: ubuntu-22.04
+    outputs:
+      image: ${{ steps.build-and-push.outputs.image }}
+      digest: ${{ steps.build-and-push.outputs.digest }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
+        with:
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+
+      - name: Set up Docker Buildx
+        id: Buildx
+        uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_SECRET }}
+
+      - name: Docker Meta
+        id: meta_image
+        uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4.3.0
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            docker.io/falcosecurity/k8s-metacollector
+          tags: |
+            type=ref,event=branch
+            type=semver,pattern={{ version }}
+            type=semver,pattern={{ major }}
+            type=semver,pattern={{ major }}.{{ minor }}
+
+      - name: Build and push
+        id: build-and-push
+        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta_image.outputs.tags }}
+          file: ./build/Dockerfile
+          build-args: |
+            RELEASE=${{ inputs.release }}
+            COMMIT=${{ inputs.commit }}
+            BUILD_DATE=${{ inputs.build_date }}
+
+      - name: Install Cosign
+        if: ${{ inputs.sign }}
+        uses: sigstore/cosign-installer@dd6b2e2b610a11fd73dd187a43d57cc1394e35f9 # v3.0.5
+
+      - name: Sign the images with GitHub OIDC Token
+        if: ${{ inputs.sign }}
+        env:
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          TAGS: ${{ steps.meta_image.outputs.tags }}
+          COSIGN_YES: "true"
+        run: echo "${TAGS}" | xargs -I {} cosign sign {}@${DIGEST}
diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml
@@ -0,0 +1,97 @@
+name: Integration Pipeline
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        goos:
+          - linux
+        goarch:
+          - arm64
+          - amd64
+    steps:
+      - name: Checkout commit
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        with:
+          go-version: '1.21.1'
+          check-latest: true
+
+      - name: Build k8s-metacollector
+        run: >
+          go build -ldflags="-s -w" -o k8s-metacollector-${{ matrix.goos }}-${{ matrix.goarch }} .
+        env:
+          CGO_ENABLED: 0
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+
+      - name: Create Archives
+        run: |
+          cp k8s-metacollector-${{ matrix.goos }}-${{ matrix.goarch }} k8s-metacollector
+          tar -czvf k8s-metacollector-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz k8s-metacollector LICENSE
+
+      - name: Upload k8s-metacollector artifacts
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        with:
+          name: k8s-metacollector-${{ matrix.goos }}-${{ matrix.goarch }}
+          path: ./k8s-metacollector-${{ matrix.goos }}-${{ matrix.goarch }}
+          retention-days: 1
+
+      - name: Upload k8s-metacollector archives
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        with:
+          name: k8s-metacollector-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz
+          path: ./k8s-metacollector-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz
+          retention-days: 1
+
+  docker-configure:
+    if: ${{ github.event_name == 'push' }}
+    runs-on: ubuntu-22.04
+    outputs:
+      release: ${{ steps.vars.outputs.release }}
+      commit: ${{ steps.vars.outputs.commit }}
+      build_date: ${{ steps.vars.outputs.build_date }}
+    steps:
+      - name: Set version fields
+        id: vars
+        run: |
+          echo "release=${{ github.sha }}" >> $GITHUB_OUTPUT
+          echo "commit=${{ github.sha }}" >> $GITHUB_OUTPUT
+          echo "build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+
+  docker-image:
+    if: ${{ github.event_name == 'push' }}
+    needs: docker-configure
+    uses: ./.github/workflows/docker-image.yaml
+    secrets: inherit
+    with:
+      release: ${{ needs.docker-configure.outputs.release }}
+      commit: ${{ needs.docker-configure.outputs.commit }}
+      build_date: ${{ needs.docker-configure.outputs.build_date }}
+
+  test:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout commit
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Setup Go
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        with:
+          go-version: '1.21.1'
+          check-latest: true
+
+      - name: Run tests
+        run: go test -cover ./...
diff --git a/Dockerfile → build/Dockerfile b/Dockerfile → build/Dockerfile
@@ -1,7 +1,10 @@
 # Build the manager binary
 FROM golang:1.21.1 as builder
-ARG TARGETOS
-ARG TARGETARCH
+
+ARG RELEASE
+ARG COMMIT
+ARG BUILD_DATE
+ARG PROJECT=github.com/falcosecurity/k8s-metacollector
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -12,19 +15,20 @@ COPY go.sum go.sum
 RUN go mod download
 
 # Copy the go source
-COPY main.go main.go
-COPY pkg/ pkg/
-COPY collectors/ collectors/
-COPY broker/ broker/
-COPY metadata/ metadata/
+COPY . ./
 
 # Build
-# the GOARCH has not a default value to allow the binary be built according to the host where the command
-# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
-# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
-# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
 RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -ldflags "-s -w" -o meta-collector main.go
-
+RUN CGO_ENABLED=0 \
+    GOOS=$(go env GOOS) \
+    GOARCH=$(go env GOARCH) \
+    go build -ldflags \
+    "-s \
+    -w \
+    -X '${PROJECT}/pkg/version.semVersion=${RELEASE}' \
+    -X '${PROJECT}/pkg/version.gitCommit=${COMMIT}' \
+    -X '${PROJECT}/pkg/version.buildDate=${BUILD_DATE}'" \
+    -o meta-collector main.go
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 FROM gcr.io/distroless/static:nonroot