build(deps): bump the production-dependencies group with 5 updates #72
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: bpfman-image-build | |
| on: # yamllint disable-line rule:truthy | |
| push: | |
| branches: [main] | |
| tags: | |
| - v* | |
| pull_request: | |
| paths: [.github/workflows/image-build.yaml] | |
| jobs: | |
| build-and-push-images: | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write # needed for signing the images with GitHub OIDC Token | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: | |
| - registry: quay.io | |
| build_language: rust | |
| repository: bpfman | |
| image: bpfman | |
| dockerfile: ./Containerfile.bpfman | |
| context: . | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| repository: bpfman | |
| image: bpfman-agent | |
| dockerfile: ./bpfman-operator/Containerfile.bpfman-agent | |
| context: . | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| repository: bpfman | |
| image: bpfman-operator | |
| dockerfile: ./bpfman-operator/Containerfile.bpfman-operator | |
| context: . | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| repository: bpfman | |
| image: bpfman-operator-bundle | |
| context: ./bpfman-operator | |
| dockerfile: ./bpfman-operator/Containerfile.bundle | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| repository: bpfman-userspace | |
| image: go-xdp-counter | |
| context: . | |
| dockerfile: ./examples/go-xdp-counter/container-deployment/Containerfile.go-xdp-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| repository: bpfman-userspace | |
| image: go-tc-counter | |
| context: . | |
| dockerfile: ./examples/go-tc-counter/container-deployment/Containerfile.go-tc-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| repository: bpfman-userspace | |
| image: go-tracepoint-counter | |
| context: . | |
| dockerfile: ./examples/go-tracepoint-counter/container-deployment/Containerfile.go-tracepoint-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| repository: bpfman-userspace | |
| image: go-kprobe-counter | |
| context: . | |
| dockerfile: ./examples/go-kprobe-counter/container-deployment/Containerfile.go-kprobe-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| repository: bpfman-userspace | |
| image: go-uprobe-counter | |
| context: . | |
| dockerfile: ./examples/go-uprobe-counter/container-deployment/Containerfile.go-uprobe-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| repository: bpfman-userspace | |
| image: go-uretprobe-counter | |
| context: . | |
| dockerfile: ./examples/go-uretprobe-counter/container-deployment/Containerfile.go-uretprobe-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| repository: bpfman-userspace | |
| image: go-target | |
| context: . | |
| dockerfile: ./examples/go-target/container-deployment/Containerfile.go-target | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| bpf_build_wrapper: go | |
| repository: bpfman-bytecode | |
| image: go-xdp-counter | |
| context: ./examples/go-xdp-counter | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=go-xdp-counter | |
| BPF_FUNCTION_NAME=xdp_stats | |
| PROGRAM_TYPE=xdp | |
| BYTECODE_FILENAME=bpf_bpfel.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| bpf_build_wrapper: go | |
| repository: bpfman-bytecode | |
| image: go-tc-counter | |
| context: ./examples/go-tc-counter | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=go-tc-counter | |
| BPF_FUNCTION_NAME=stats | |
| PROGRAM_TYPE=tc | |
| BYTECODE_FILENAME=bpf_bpfel.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| bpf_build_wrapper: go | |
| repository: bpfman-bytecode | |
| image: go-tracepoint-counter | |
| context: ./examples/go-tracepoint-counter | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=go-tracepoint-counter | |
| BPF_FUNCTION_NAME=tracepoint_kill_recorder | |
| PROGRAM_TYPE=tracepoint | |
| BYTECODE_FILENAME=bpf_bpfel.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| bpf_build_wrapper: go | |
| repository: bpfman-bytecode | |
| image: go-kprobe-counter | |
| context: ./examples/go-kprobe-counter | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=kprobe_counter | |
| BPF_FUNCTION_NAME=kprobe_counter | |
| PROGRAM_TYPE=kprobe | |
| BYTECODE_FILENAME=bpf_bpfel.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| bpf_build_wrapper: go | |
| repository: bpfman-bytecode | |
| image: go-uprobe-counter | |
| context: ./examples/go-uprobe-counter | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=uprobe_counter | |
| BPF_FUNCTION_NAME=uprobe_counter | |
| PROGRAM_TYPE=uprobe | |
| BYTECODE_FILENAME=bpf_bpfel.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| bpf_build_wrapper: go | |
| repository: bpfman-bytecode | |
| image: go-uretprobe-counter | |
| context: ./examples/go-uretprobe-counter | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=uretprobe_counter | |
| BPF_FUNCTION_NAME=uretprobe_counter | |
| PROGRAM_TYPE=uretprobe | |
| BYTECODE_FILENAME=bpf_x86_bpfel.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: xdp_pass | |
| context: ./tests/integration-test/bpf/.output | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=xdp_pass | |
| BPF_FUNCTION_NAME=pass | |
| PROGRAM_TYPE=xdp | |
| BYTECODE_FILENAME=xdp_pass.bpf.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: xdp_pass_private | |
| context: ./tests/integration-test/bpf/.output | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=xdp_pass_private | |
| BPF_FUNCTION_NAME=pass | |
| PROGRAM_TYPE=xdp | |
| BYTECODE_FILENAME=xdp_pass.bpf.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: tc_pass | |
| context: ./tests/integration-test/bpf/.output | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=tc_pass | |
| BPF_FUNCTION_NAME=pass | |
| PROGRAM_TYPE=tc | |
| BYTECODE_FILENAME=tc_pass.bpf.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: tracepoint | |
| context: ./tests/integration-test/bpf/.output | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=tracepoint | |
| BPF_FUNCTION_NAME=enter_openat | |
| PROGRAM_TYPE=tracepoint | |
| BYTECODE_FILENAME=tp_openat.bpf.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: uprobe | |
| context: ./tests/integration-test/bpf/.output | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=uprobe | |
| BPF_FUNCTION_NAME=my_uprobe | |
| PROGRAM_TYPE=uprobe | |
| BYTECODE_FILENAME=uprobe.bpf.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: uretprobe | |
| context: ./tests/integration-test/bpf/.output | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=uretprobe | |
| BPF_FUNCTION_NAME=my_uretprobe | |
| PROGRAM_TYPE=uretprobe | |
| BYTECODE_FILENAME=uprobe.bpf.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: kprobe | |
| context: ./tests/integration-test/bpf/.output | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=kprobe | |
| BPF_FUNCTION_NAME=my_kprobe | |
| PROGRAM_TYPE=kprobe | |
| BYTECODE_FILENAME=kprobe.bpf.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: kretprobe | |
| context: ./tests/integration-test/bpf/.output | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=kretprobe | |
| BPF_FUNCTION_NAME=my_kretprobe | |
| PROGRAM_TYPE=kretprobe | |
| BYTECODE_FILENAME=kprobe.bpf.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: fentry | |
| context: ./tests/integration-test/bpf/.output | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=do_unlinkat | |
| BPF_FUNCTION_NAME=test_fentry | |
| PROGRAM_TYPE=fentry | |
| BYTECODE_FILENAME=fentry.bpf.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: fexit | |
| context: ./tests/integration-test/bpf/.output | |
| dockerfile: ./Containerfile.bytecode | |
| build_args: | | |
| PROGRAM_NAME=do_unlinkat | |
| BPF_FUNCTION_NAME=test_fexit | |
| PROGRAM_TYPE=fexit | |
| BYTECODE_FILENAME=fentry.bpf.o | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman | |
| image: xdp-dispatcher | |
| context: . | |
| dockerfile: ./Containerfile.xdp_dispatcher_v1 | |
| tags: | | |
| type=sha,format=long | |
| type=raw,value=v1,enable=true | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman | |
| image: xdp-dispatcher | |
| context: . | |
| dockerfile: ./Containerfile.xdp_dispatcher_v2 | |
| tags: | | |
| type=sha,format=long | |
| type=raw,value=v2,enable=true | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman | |
| image: tc-dispatcher | |
| context: . | |
| dockerfile: ./Containerfile.tc_dispatcher | |
| tags: | | |
| type=sha,format=long | |
| type=raw,value=v1,enable=true | |
| name: Build Image (${{ matrix.image.image }}) | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| if: ${{ matrix.image.build_language == 'go' }} | |
| with: | |
| # prettier-ignore | |
| go-version: '1.21' # yamllint disable-line rule:quoted-strings | |
| - uses: sigstore/[email protected] | |
| - uses: actions/checkout@v4 | |
| if: ${{ matrix.image.bpf_build_wrapper == 'rust' }} | |
| with: | |
| repository: libbpf/libbpf | |
| path: libbpf | |
| - uses: actions-rs/toolchain@v1 | |
| if: ${{ matrix.image.build_language == 'rust' }} | |
| with: | |
| toolchain: stable | |
| override: true | |
| - name: Install libelf-dev | |
| if: ${{ matrix.image.bpf_build_wrapper == 'rust' || matrix.image.bpf_build_wrapper == 'go' }} | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y linux-headers-`uname -r` clang lldb lld libelf-dev gcc-multilib libbpf-dev | |
| - name: Build rust wrapped eBPF | |
| if: ${{ matrix.image.bpf_build_wrapper == 'rust' }} | |
| run: | | |
| cargo xtask build-ebpf --libbpf-dir ./libbpf | |
| - name: Install bpf2go | |
| if: ${{ matrix.image.bpf_build_wrapper == 'go' }} | |
| run: | | |
| go install github.com/cilium/ebpf/cmd/[email protected] | |
| - name: Generate go wrapped eBPF | |
| if: ${{ matrix.image.bpf_build_wrapper == 'go' }} | |
| run: | | |
| cd examples && make generate | |
| - name: Generate olm bundle on disk | |
| if: ${{ matrix.image.image == 'bpfman-operator-bundle' }} | |
| run: | | |
| cd bpfman-operator && make bundle | |
| - name: Login to quay.io/bpfman | |
| uses: redhat-actions/podman-login@v1 | |
| if: ${{ github.event_name == 'push' && matrix.image.repository == 'bpfman'}} | |
| with: | |
| registry: ${{ matrix.image.registry }} | |
| username: ${{ secrets.BPFMAN_USERNAME }} | |
| password: ${{ secrets.BPFMAN_ROBOT_TOKEN }} | |
| - name: Login to quay.io/bpfman-userspace | |
| uses: redhat-actions/podman-login@v1 | |
| if: ${{ github.event_name == 'push' && matrix.image.repository == 'bpfman-userspace'}} | |
| with: | |
| registry: ${{ matrix.image.registry }} | |
| username: ${{ secrets.BPFMAN_USERSPACE_USERNAME }} | |
| password: ${{ secrets.BPFMAN_USERSPACE_ROBOT_TOKEN }} | |
| - name: Login to quay.io/bpfman-bytecode | |
| uses: redhat-actions/podman-login@v1 | |
| if: ${{ github.event_name == 'push' && matrix.image.repository == 'bpfman-bytecode' }} | |
| with: | |
| registry: ${{ matrix.image.registry }} | |
| username: ${{ secrets.BPFMAN_BYTECODE_USERNAME }} | |
| password: ${{ secrets.BPFMAN_BYTECODE_ROBOT_TOKEN }} | |
| - name: Extract metadata (tags, labels) for image | |
| id: meta | |
| uses: docker/[email protected] | |
| with: | |
| images: ${{ matrix.image.registry }}/${{ matrix.image.repository }}/${{ matrix.image.image }} | |
| tags: ${{ matrix.image.tags }} | |
| - name: Build image | |
| id: build-image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: ${{ matrix.image.image }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| containerfiles: ${{ matrix.image.dockerfile }} | |
| build-args: ${{ matrix.image.build_args }} | |
| context: ${{ matrix.image.context }} | |
| - name: Push to registry | |
| id: push-image | |
| uses: redhat-actions/push-to-registry@v2 | |
| if: ${{ github.event_name == 'push' }} | |
| with: | |
| tags: ${{ steps.meta.outputs.tags }} | |
| - name: Sign the images with GitHub OIDC Token | |
| if: ${{ github.event_name == 'push' }} | |
| run: | | |
| readarray -t tags <<<"${{ steps.meta.outputs.tags }}" | |
| for tag in ${tags[@]}; do | |
| cosign sign -y "${tag}@${{ steps.push-image.outputs.digest }}" | |
| done |