From f5410fadc52b0bdd85daad8e3672b102549f1411 Mon Sep 17 00:00:00 2001 From: Ivan Milchev Date: Wed, 27 Sep 2023 11:14:02 +0300 Subject: [PATCH] build v9 cnspec container with pre-installed providers Signed-off-by: Ivan Milchev --- .github/workflows/cnspec.yaml | 91 +++++++++++++++++++++++++++++++++++ cnspec.Dockerfile | 10 ++++ 2 files changed, 101 insertions(+) create mode 100644 .github/workflows/cnspec.yaml create mode 100644 cnspec.Dockerfile diff --git a/.github/workflows/cnspec.yaml b/.github/workflows/cnspec.yaml new file mode 100644 index 000000000..cc5b705d6 --- /dev/null +++ b/.github/workflows/cnspec.yaml @@ -0,0 +1,91 @@ +name: Publish cnspec container with providers + +on: + workflow_dispatch: + inputs: + version: + description: 'Version of the cnspec container to publish' + type: string + required: false + default: 'latest' + +env: + IMAGE: ghcr.io/mondoo-operator/cnspec + +jobs: + build-cnspec: + name: Build cnspec container + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + strategy: + matrix: + os: [linux] + arch: [amd64, arm64, arm] + tag: + - ${{ github.event.inputs.version }} + - ${{ github.event.inputs.version }}-rootless + - ${{ github.event.inputs.version }}-ubi-rootless + - ${{ github.event.inputs.version }}-ubi + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push cnspec image + id: build-and-push-operator + uses: docker/build-push-action@v4 + with: + context: . + file: cnspec.Dockerfile + build-args: VERSION=${{ github.event.inputs.version }} + platforms: ${{ matrix.os }}/${{ matrix.arch }} + push: true + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ env.IMAGE }}:${{ matrix.tag }}-${{ matrix.arch }} + + push-virtual-tag: + name: Push multi-platform virtual tag + runs-on: ubuntu-latest + needs: + - build-cnspec + + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.IMAGE }} + + - name: Push multi-platform virtual tag and sign + run: bash scripts/push-virtual-tag.sh + env: + TAGS: ${{ steps.meta.outputs.tags }} + CPU_ARCHS: amd64 arm64 arm \ No newline at end of file diff --git a/cnspec.Dockerfile b/cnspec.Dockerfile new file mode 100644 index 000000000..77b74e8cc --- /dev/null +++ b/cnspec.Dockerfile @@ -0,0 +1,10 @@ +# Copyright (c) Mondoo, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +ARG VERSION + +FROM mondoo/cnspec:$VERSION + +RUN cnspec providers install os +RUN cnspec providers install network +RUN cnspec providers install k8s \ No newline at end of file