Skip to content

gc for security group #13103

gc for security group

gc for security group #13103

name: Build arm64 Image
on:
pull_request:
branches:
- master
paths-ignore:
- 'docs/**'
- '**.md'
push:
branches:
- master
- release-*
paths-ignore:
- 'docs/**'
- '**.md'
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
env:
GO_VERSION: ''
jobs:
build:
name: Build arm64
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/setup-qemu-action@v3
with:
platforms: arm64
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION || '' }}
go-version-file: go.mod
check-latest: true
cache: false
- name: Setup environment variables
run: |
echo "TAG=$(cat VERSION)" >> "$GITHUB_ENV"
echo "GO_FULL_VER=$(go env GOVERSION)" >> "$GITHUB_ENV"
- name: Go Cache
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-${{ env.GO_FULL_VER }}-arm64-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-${{ env.GO_FULL_VER }}-arm64-
- name: Scan base image
uses: aquasecurity/[email protected]
with:
scan-type: image
scanners: vuln
image-ref: docker.io/kubeovn/kube-ovn-base:${{ env.TAG }}
format: json
output: trivy-result.json
ignore-unfixed: true
trivyignores: .trivyignore
vuln-type: library
- name: Build kubectl and CNI plugins from source
env:
CGO_ENABLED: "0"
GOARCH: arm64
GO_INSTALL: "go install -v -mod=mod -trimpath"
run: |
cat trivy-result.json
dockerfile=${{ github.workspace }}/dist/images/Dockerfile
cni_plugins_version=`go list -m -f '{{.Version}}' github.com/containernetworking/plugins`
cni_plugins_build_flags="-ldflags '-extldflags -static -X github.com/containernetworking/plugins/pkg/utils/buildversion.BuildVersion=$cni_plugins_version'"
jq -r '.Results[] | select((.Type=="gobinary") and (.Vulnerabilities!=null)) | .Target' trivy-result.json | while read f; do
bin=`basename $f`
go_bin_dir=`go env GOPATH`/bin/linux_arm64
case $bin in
loopback|macvlan)
echo "Building $bin@$cni_plugins_version from source..."
sh -c "cd /tmp && $GO_INSTALL $cni_plugins_build_flags github.com/containernetworking/plugins/plugins/main/$bin@$cni_plugins_version"
echo "COPY $bin /$f" >> "$dockerfile"
cp -a $go_bin_dir/$bin `dirname "$dockerfile"`
;;
portmap)
echo "Building $bin@$cni_plugins_version from source..."
sh -c "cd /tmp && $GO_INSTALL $cni_plugins_build_flags github.com/containernetworking/plugins/plugins/meta/$bin@$cni_plugins_version"
echo "COPY $bin /$f" >> "$dockerfile"
cp -a $go_bin_dir/$bin `dirname "$dockerfile"`
;;
kubectl)
go mod tidy
version=`go list -m -f '{{.Version}}' k8s.io/kubernetes`
mod_dir=`go list -m -f '{{.Dir}}' k8s.io/kubernetes`
source "$mod_dir/hack/lib/util.sh"
source "$mod_dir/hack/lib/logging.sh"
source "$mod_dir/hack/lib/version.sh"
repo=kubernetes/kubernetes
commit=unknown
read type tag_sha < <(echo $(curl -s "https://api.github.com/repos/$repo/git/ref/tags/$version" |
jq -r '.object.type,.object.sha'))
if [ $type = "commit" ]; then
commit=$tag_sha
else
commit=$(curl -s "https://api.github.com/repos/$repo/git/tags/$tag_sha" | jq -r '.object.sha')
fi
export KUBE_GIT_COMMIT="${commit}"
export KUBE_GIT_TREE_STATE='clean'
export KUBE_GIT_VERSION="${version}"
export KUBE_GIT_MAJOR=`echo $KUBE_GIT_VERSION | cut -d. -f1 | sed 's/$v//'`
export KUBE_GIT_MINOR=`echo $KUBE_GIT_VERSION | cut -d. -f2`
goldflags="all=$(kube::version::ldflags) -s -w"
echo "Building $bin@$version from source..."
$GO_INSTALL -ldflags="${goldflags}" k8s.io/kubernetes/cmd/kubectl
echo "COPY $bin /$f" >> "$dockerfile"
cp -a $go_bin_dir/$bin `dirname "$dockerfile"`
;;
*)
;;
esac
done
- name: Build
run: make release-arm
- name: Push
if: github.ref_name == github.event.repository.default_branch || startsWith(github.ref_name, 'release-')
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
COMMIT: ${{ github.sha }}
run: |
TAG=$(cat VERSION)
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
docker tag kubeovn/kube-ovn:$TAG kubeovn/kube-ovn:$TAG-arm
docker tag kubeovn/kube-ovn:$TAG kubeovn/kube-ovn-dev:$COMMIT-arm
docker tag kubeovn/kube-ovn:$TAG-debug kubeovn/kube-ovn:$TAG-debug-arm
docker tag kubeovn/vpc-nat-gateway:$TAG kubeovn/vpc-nat-gateway:$TAG-arm
docker tag kubeovn/vpc-nat-gateway:$TAG kubeovn/vpc-nat-gateway-dev:$COMMIT-arm
docker images
docker push kubeovn/kube-ovn:$TAG-arm
docker push kubeovn/kube-ovn:$TAG-debug-arm
docker push kubeovn/kube-ovn-dev:$COMMIT-arm
docker push kubeovn/vpc-nat-gateway:$TAG-arm
docker push kubeovn/vpc-nat-gateway-dev:$COMMIT-arm