gc for security group #13103
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build arm64 Image | |
on: | |
pull_request: | |
branches: | |
- master | |
paths-ignore: | |
- 'docs/**' | |
- '**.md' | |
push: | |
branches: | |
- master | |
- release-* | |
paths-ignore: | |
- 'docs/**' | |
- '**.md' | |
concurrency: | |
group: "${{ github.workflow }}-${{ github.ref }}" | |
cancel-in-progress: true | |
env: | |
GO_VERSION: '' | |
jobs: | |
build: | |
name: Build arm64 | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: docker/setup-buildx-action@v3 | |
- uses: docker/setup-qemu-action@v3 | |
with: | |
platforms: arm64 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION || '' }} | |
go-version-file: go.mod | |
check-latest: true | |
cache: false | |
- name: Setup environment variables | |
run: | | |
echo "TAG=$(cat VERSION)" >> "$GITHUB_ENV" | |
echo "GO_FULL_VER=$(go env GOVERSION)" >> "$GITHUB_ENV" | |
- name: Go Cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-${{ env.GO_FULL_VER }}-arm64-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-${{ env.GO_FULL_VER }}-arm64- | |
- name: Scan base image | |
uses: aquasecurity/[email protected] | |
with: | |
scan-type: image | |
scanners: vuln | |
image-ref: docker.io/kubeovn/kube-ovn-base:${{ env.TAG }} | |
format: json | |
output: trivy-result.json | |
ignore-unfixed: true | |
trivyignores: .trivyignore | |
vuln-type: library | |
- name: Build kubectl and CNI plugins from source | |
env: | |
CGO_ENABLED: "0" | |
GOARCH: arm64 | |
GO_INSTALL: "go install -v -mod=mod -trimpath" | |
run: | | |
cat trivy-result.json | |
dockerfile=${{ github.workspace }}/dist/images/Dockerfile | |
cni_plugins_version=`go list -m -f '{{.Version}}' github.com/containernetworking/plugins` | |
cni_plugins_build_flags="-ldflags '-extldflags -static -X github.com/containernetworking/plugins/pkg/utils/buildversion.BuildVersion=$cni_plugins_version'" | |
jq -r '.Results[] | select((.Type=="gobinary") and (.Vulnerabilities!=null)) | .Target' trivy-result.json | while read f; do | |
bin=`basename $f` | |
go_bin_dir=`go env GOPATH`/bin/linux_arm64 | |
case $bin in | |
loopback|macvlan) | |
echo "Building $bin@$cni_plugins_version from source..." | |
sh -c "cd /tmp && $GO_INSTALL $cni_plugins_build_flags github.com/containernetworking/plugins/plugins/main/$bin@$cni_plugins_version" | |
echo "COPY $bin /$f" >> "$dockerfile" | |
cp -a $go_bin_dir/$bin `dirname "$dockerfile"` | |
;; | |
portmap) | |
echo "Building $bin@$cni_plugins_version from source..." | |
sh -c "cd /tmp && $GO_INSTALL $cni_plugins_build_flags github.com/containernetworking/plugins/plugins/meta/$bin@$cni_plugins_version" | |
echo "COPY $bin /$f" >> "$dockerfile" | |
cp -a $go_bin_dir/$bin `dirname "$dockerfile"` | |
;; | |
kubectl) | |
go mod tidy | |
version=`go list -m -f '{{.Version}}' k8s.io/kubernetes` | |
mod_dir=`go list -m -f '{{.Dir}}' k8s.io/kubernetes` | |
source "$mod_dir/hack/lib/util.sh" | |
source "$mod_dir/hack/lib/logging.sh" | |
source "$mod_dir/hack/lib/version.sh" | |
repo=kubernetes/kubernetes | |
commit=unknown | |
read type tag_sha < <(echo $(curl -s "https://api.github.com/repos/$repo/git/ref/tags/$version" | | |
jq -r '.object.type,.object.sha')) | |
if [ $type = "commit" ]; then | |
commit=$tag_sha | |
else | |
commit=$(curl -s "https://api.github.com/repos/$repo/git/tags/$tag_sha" | jq -r '.object.sha') | |
fi | |
export KUBE_GIT_COMMIT="${commit}" | |
export KUBE_GIT_TREE_STATE='clean' | |
export KUBE_GIT_VERSION="${version}" | |
export KUBE_GIT_MAJOR=`echo $KUBE_GIT_VERSION | cut -d. -f1 | sed 's/$v//'` | |
export KUBE_GIT_MINOR=`echo $KUBE_GIT_VERSION | cut -d. -f2` | |
goldflags="all=$(kube::version::ldflags) -s -w" | |
echo "Building $bin@$version from source..." | |
$GO_INSTALL -ldflags="${goldflags}" k8s.io/kubernetes/cmd/kubectl | |
echo "COPY $bin /$f" >> "$dockerfile" | |
cp -a $go_bin_dir/$bin `dirname "$dockerfile"` | |
;; | |
*) | |
;; | |
esac | |
done | |
- name: Build | |
run: make release-arm | |
- name: Push | |
if: github.ref_name == github.event.repository.default_branch || startsWith(github.ref_name, 'release-') | |
env: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
COMMIT: ${{ github.sha }} | |
run: | | |
TAG=$(cat VERSION) | |
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin | |
docker tag kubeovn/kube-ovn:$TAG kubeovn/kube-ovn:$TAG-arm | |
docker tag kubeovn/kube-ovn:$TAG kubeovn/kube-ovn-dev:$COMMIT-arm | |
docker tag kubeovn/kube-ovn:$TAG-debug kubeovn/kube-ovn:$TAG-debug-arm | |
docker tag kubeovn/vpc-nat-gateway:$TAG kubeovn/vpc-nat-gateway:$TAG-arm | |
docker tag kubeovn/vpc-nat-gateway:$TAG kubeovn/vpc-nat-gateway-dev:$COMMIT-arm | |
docker images | |
docker push kubeovn/kube-ovn:$TAG-arm | |
docker push kubeovn/kube-ovn:$TAG-debug-arm | |
docker push kubeovn/kube-ovn-dev:$COMMIT-arm | |
docker push kubeovn/vpc-nat-gateway:$TAG-arm | |
docker push kubeovn/vpc-nat-gateway-dev:$COMMIT-arm |