diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 51066dc..a1f4a86 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: outputs: crawler_changed: ${{ steps.filter.outputs.crawler }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: dorny/paths-filter@v2 id: filter with: @@ -29,25 +29,12 @@ jobs: if: needs.paths-filter.outputs.crawler_changed == 'true' steps: - name: Checkout repo ⤵️ - uses: actions/checkout@v3 - - - name: Install deps - run: | - sudo apt update - sudo apt install python3 python3-pip python3-pygit2 jq - - - name: Install crawler - run: | - pip3 install . + uses: actions/checkout@v4 - name: Run crawler - run: | - kernel-crawler crawl --distro "*" > kernels.json - - - name: Validate json - run: | - cat kernels.json | jq empty + id: crawler + uses: ./ - uses: actions/upload-artifact@v3 with: - path: kernels.json + path: ${{ steps.crawler.outputs.json }} diff --git a/.github/workflows/update-kernels.yml b/.github/workflows/update-kernels.yml index ddaf1d6..b02e4a3 100644 --- a/.github/workflows/update-kernels.yml +++ b/.github/workflows/update-kernels.yml @@ -14,36 +14,29 @@ concurrency: jobs: update-kernels: runs-on: ubuntu-latest - container: - image: falcosecurity/kernel-crawler:latest - options: -u root permissions: contents: read pages: write id-token: write steps: - - name: Checkout crawler - uses: actions/checkout@v3 - - name: Run crawler for x86_64 - run: | - mkdir site/x86_64 - kernel-crawler crawl --distro="*" > site/x86_64/list.json + id: crawler_x86_64 + uses: falcosecurity/kernel-crawler@main + with: + arch: 'x86_64' - name: Run crawler for aarch64 - run: | - mkdir site/aarch64 - kernel-crawler crawl --distro="*" --arch=aarch64 > site/aarch64/list.json - - - name: Install deps - run: | - apt update - apt install -y jq + id: crawler_aarch64 + uses: falcosecurity/kernel-crawler@main + with: + arch: 'aarch64' - - name: Validate jsons + - name: Move generated files to site folder run: | - cat site/x86_64/list.json | jq empty - cat site/aarch64/list.json | jq empty + mkdir site/x86_64 + mv ${{ steps.crawler_x86_64.outputs.json }} site/x86_64/list.json + mkdir site/aarch64 + mv ${{ steps.crawler_aarch64.outputs.json }} site/aarch64/list.json - uses: actions/upload-pages-artifact@v1 with: diff --git a/README.md b/README.md index 57fe653..0cdba5e 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,8 @@ Output json can be found, for each supported architecture, on gh pages: https:// A weekly [github action workflow](https://github.com/falcosecurity/kernel-crawler/actions/workflows/update-kernels.yml) will open a PR on this repo to update the json. As soon as the PR is merged and the json updated, a [prow job](https://github.com/falcosecurity/test-infra/blob/master/config/jobs/update-dbg/update-dbg.yaml) will create a PR on [test-infra](https://github.com/falcosecurity/test-infra) to generate the new Driverkit configs from the updated json. +## Usage + Helper text and options: Main: @@ -32,13 +34,33 @@ Crawl command: Usage: kernel-crawler crawl [OPTIONS] Options: - --distro [AmazonLinux|AmazonLinux2|AmazonLinux2022|AmazonLinux2023|BottleRocket|CentOS|Debian|Fedora|Flatcar|Minikube|OracleLinux|PhotonOS|Redhat|Talos|Ubuntu|*] + --distro [alinux|almalinux|amazonlinux|amazonlinux2|amazonlinux2022|amazonlinux2023|arch|bottlerocket|centos|debian|fedora|flatcar|minikube|ol|opensuse|photon|redhat|rocky|talos|ubuntu|*] --version TEXT --arch [x86_64|aarch64] --image TEXT Option is required when distro is Redhat. --help Show this message and exit. ``` +## CI Usage + +To better suit the CI usage, a [Github composite action](https://docs.github.com/en/actions/creating-actions/creating-a-composite-action) has been developed. +Therefore, running kernel-crawler in your Github workflow is as easy as adding this step: +``` +- name: Crawl kernels + uses: falcosecurity/kernel-crawler@main + with: + # Desired architecture. Either x86_64 or aarch64. + # Default: 'x86_64'. + arch: 'aarch64' + + # Desired distro. + # Refer to crawl command helper message (above) to check supported distros. + # Default: '*'. + distro: 'ubuntu' +``` + +> __NOTE:__ Since we don't use annotated tags, one cannot use eg: falcosecurity/kernel-crawler@v0, but only either exact tag name, branch name or commit hash. + ## Docker image A docker image is provided for releases, by a GitHub Actions workflow: `falcosecurity/kernel-crawler:latest`. diff --git a/action.yml b/action.yml new file mode 100644 index 0000000..0d68ac8 --- /dev/null +++ b/action.yml @@ -0,0 +1,50 @@ +name: 'kernel-crawler' +description: 'A tool to crawl existing Linux kernel versions from multiple distros' + +inputs: + arch: + description: 'Architecture to run against. x86_64 or aarch64.' + required: false + default: 'x86_64' + distro: + description: 'Distro to run against. Defaults to all.' + required: false + default: '*' + +outputs: + json: + description: "Generated json" + value: ${{ steps.store-outputs.outputs.json }} + +runs: + using: "composite" + steps: + - name: Install deps + shell: bash + run: | + sudo apt update -y + sudo apt install -y --no-install-recommends python3 python3-pip python3-pygit2 jq + + - name: Install crawler + shell: bash + working-directory: ${{ github.action_path }} + run: | + pip3 install . + + - name: Run crawler + shell: bash + working-directory: ${{ github.action_path }} + run: | + kernel-crawler crawl --distro=${{ inputs.distro }} --arch=${{ inputs.arch }} > kernels_${{ inputs.arch }}.json + + - name: Validate json + shell: bash + working-directory: ${{ github.action_path }} + run: | + cat kernels_${{ inputs.arch }}.json | jq empty + + - name: Set output + id: store-outputs + shell: bash + run: | + echo "json=${{ github.action_path }}/kernels_${{ inputs.arch }}.json" >> $GITHUB_OUTPUT