Push Images to GHCR.io

.github/workflows/build-fb-image.yaml

@@ -8,19 +8,28 @@ on:
       - 'v*'
     paths:
       - ".github/workflows/build-fb-image.yaml"
+      - ".github/workflows/scan-docker-image-action.yaml"
       - "cmd/fluent-watcher/fluentbit/**"
       - "cmd/fluent-watcher/hooks/**"
       - "pkg/filenotify/**"
 
 env:
-  FB_IMG: 'kubesphere/fluent-bit:v2.2.2'
-  FB_IMG_DEBUG: 'kubesphere/fluent-bit:v2.2.2-debug'
+  FB_IMG: "kubesphere/fluent-bit:${{ github.ref_name }}"                # kubesphere/fluent-bit:v2.2.2
+  FB_IMG_DEBUG: "kubesphere/fluent-bit:${{ github.ref_name }}-debug"    # kubesphere/fluent-bit:v2.2.2-debug
+
+  FB_IMG_GHCR: "${{ github.repository }}/fluent-bit:${{ github.ref_name }}"              # fluent/fluent-operator/fluent-bit:v2.2.2
+  FB_IMG_DEBUG_GHCR: "${{ github.repository }}/fluent-bit:${{ github.ref_name }}-debug"  # fluent/fluent-operator/fluent-bit:v2.2.2-debug
 
 jobs:
   build:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     name: Build Image for Fluent Bit
+    outputs:
+      FB_IMG: ${{ env.FB_IMG }}
+      FB_IMG_DEBUG: ${{ env.FB_IMG_DEBUG }}
+      FB_IMG_GHCR: ${{env.FB_IMG_GHCR}}
+      FB_IMG_DEBUG_GHCR: ${{ env.FB_IMG_DEBUG_GHCR }}
     steps:
       - name: Install Go
         uses: actions/setup-go@v4
@@ -36,18 +45,100 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
 
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
+          registry: docker.io
           username: ${{ secrets.REGISTRY_USER }}
           password: ${{ secrets.REGISTRY_PASSWORD }}
 
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v3
-
+      
       - name: Build and Push Image for Fluent Bit
-        run: |
-          make build-fb -e FB_IMG=${{ env.FB_IMG }}
-          make build-fb-debug -e FB_IMG_DEBUG=${{ env.FB_IMG_DEBUG }}
+        id: docker-build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./cmd/fluent-watcher/fluentbit/Dockerfile
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ env.FB_IMG}}
+
+      - name: Build and Push Debug Image for Fluent Bit
+        id: docker-build-debug
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./cmd/fluent-watcher/fluentbit/Dockerfile.debug
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ env.FB_IMG_DEBUG }}
+
+  scan-docker-image:
+    name: Scan Docker Image
+    needs: 
+      - build
+    uses: ./.github/workflows/scan-docker-image-action.yaml
+    with:
+      source_image: ${{ needs.build.outputs.FB_IMG }}
+      source_registry: docker.io
+      platforms: '["linux/arm64", "linux/amd64"]'
+    secrets:
+      registry_username: ${{ secrets.REGISTRY_USER }}
+      registry_password: ${{ secrets.REGISTRY_PASSWORD }}
+
+  release-image-to-gchr:
+    name: Release Image to GitHub Container Registry
+    uses: ./.github/workflows/clone-docker-image-action.yaml
+    needs: 
+      - scan-docker-image
+      - build
+    with:
+      source_image: ${{ needs.build.outputs.FB_IMG }}
+      source_registry: docker.io
+      target_image: ${{ needs.build.outputs.FB_IMG_GHCR }}
+      target_registry: ghcr.io
+      platforms: "['linux/arm64', 'linux/amd64']"
+    secrets:
+      source_registry_username:  ${{ secrets.REGISTRY_USER }}
+      target_registry_username: ${{ github.actor }}
+      source_registry_token: ${{ secrets.REGISTRY_PASSWORD }}
+      target_registry_token: ${{ secrets.GITHUB_TOKEN }}
+
+  scan-debug-image:
+    name: Scan Debug Image
+    needs: 
+      - build
+    uses: ./.github/workflows/scan-docker-image-action.yaml
+    with:
+      source_image: ${{ needs.build.outputs.FB_IMG_DEBUG }}
+      source_registry: docker.io
+      platforms: '["linux/arm64", "linux/amd64"]'
+    secrets:
+      registry_username: ${{ secrets.REGISTRY_USER }}
+      registry_password: ${{ secrets.REGISTRY_PASSWORD }}
+
+
+  release-debug-image-to-gchr:
+    name: Release Debug Image to GitHub Container Registry
+    uses: ./.github/workflows/clone-docker-image-action.yaml
+    needs: 
+      - scan-debug-image
+      - build
+    with:
+      source_image: ${{ needs.build.outputs.FB_IMG_DEBUG }}
+      source_registry: docker.io
+      target_image: ${{ needs.build.outputs.FB_IMG_DEBUG_GHCR }}
+      target_registry: ghcr.io
+      platforms: "['linux/arm64', 'linux/amd64']"
+    secrets:
+      source_registry_username:  ${{ secrets.REGISTRY_USER }}
+      target_registry_username: ${{ github.actor }}
+      source_registry_token: ${{ secrets.REGISTRY_PASSWORD }}
+      target_registry_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/build-fd-image.yaml

@@ -8,20 +8,30 @@ on:
       - 'v*'
     paths:
       - ".github/workflows/build-fd-image.yaml"
+      - ".github/workflows/scan-docker-image-action.yaml"
       - "cmd/fluent-watcher/fluentd/**"
       - "cmd/fluent-watcher/hooks/**"
       - "pkg/filenotify/**"
 
 env:
-  FD_IMG: 'kubesphere/fluentd:v1.15.3'
-  ARCH: '-arm64'
-  FD_IMG_BASE: 'kubesphere/fluentd:v1.15.3-arm64-base'
+
+  FD_IMG: "kubesphere/fluentd:${{ github.ref_name }}"                                 # kubesphere/fluentd:v2.2.2
+  FD_IMAGE_ARCH: "kubesphere/fluentd:${{ github.ref_name }}-arm64"              # kubesphere/fluentd:v2.2.2-arm64
+  FD_IMAGE_ARCH_BASE: "kubesphere/fluentd:${{ github.ref_name }}-arm64-base"    # kubesphere/fluentd:v2.2.2-arm64-base
+
+
+  FD_IMAGE_GHCR: "${{ github.repository }}/fluentd:${{ github.ref_name }}"                              # fluent/fluent-operator/fluentd:v2.2.2
+  FD_IMAGE_ARCH_GHCR: "${{ github.repository }}/fluentd:${{ github.ref_name }}-arm64"                  # fluent/fluent-operator/fluentd:v2.2.2-arm64
+  FD_IMAGE_ARCH_BASE_GHCR: "${{ github.repository }}/fluentd:${{ github.ref_name }}-arm64-base"        # fluent/fluent-operator/fluentd:v2.2.2-arm64-base
 
 jobs:
-  build-amd64:
+  build-fluetd-amd64:
     runs-on: ubuntu-latest
     timeout-minutes: 30
-    name: Build amd64 Image for Fluentd
+    name: Build Fluentd amd64 docker image
+    outputs:
+      FD_IMG: ${{ env.FD_IMG }}
+      FD_IMAGE_GHCR: ${{ env.FD_IMAGE_GHCR }}
     steps:
       - name: Install Go
         uses: actions/setup-go@v4
@@ -32,6 +42,9 @@ jobs:
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
 
       - name: Checkout code
         uses: actions/checkout@v4
@@ -43,16 +56,59 @@ jobs:
         with:
           username: ${{ secrets.REGISTRY_USER }}
           password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
 
-      - name: Build and Push amd64 Image for Fluentd
-        run: |
-          make build-fd-amd64 -e FD_IMG=${{ env.FD_IMG }}
-          docker push ${{ env.FD_IMG }}
+      - name: Build and Push Image for Fluentd
+        id: docker-build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./cmd/fluent-watcher/fluentd/Dockerfile.amd64
+          push: true
+          platforms: 'linux/amd64'
+          tags: ${{ env.FD_IMG }}
+
+  scan-fluetd-amd64-image:
+    name: Trivy + Dockle scan Fluentd amd64 docker image
+    needs: 
+      - build-fluetd-amd64
+    uses: ./.github/workflows/scan-docker-image-action.yaml
+    with:
+      source_image: "${{ needs.build-fluetd-amd64.outputs.FD_IMG }}"
+      source_registry: docker.io
+      platforms: '["linux/amd64"]'
+    secrets:
+      registry_username: ${{ secrets.REGISTRY_USER }}
+      registry_password: ${{ secrets.REGISTRY_PASSWORD }}
+
+  release-fluentd-amd64-image-to-ghcr:
+    name: Release Fluentd amd64 docker image to GitHub Container Registry
+    uses: ./.github/workflows/clone-docker-image-action.yaml
+    needs: 
+      - build-fluetd-amd64
+      - scan-fluetd-amd64-image
+    with:
+      source_image: "${{ needs.build-fluetd-amd64.outputs.FD_IMG }}"
+      source_registry: docker.io
+      target_image: "${{ needs.build-fluetd-amd64.outputs.FD_IMAGE_GHCR }}"
+      target_registry: ghcr.io
+      platforms: '["linux/amd64"]'
+    secrets:
+      source_registry_username:  ${{ secrets.REGISTRY_USER }}
+      target_registry_username: ${{ github.actor }}
+      source_registry_token: ${{ secrets.REGISTRY_PASSWORD }}
+      target_registry_token: ${{ secrets.GITHUB_TOKEN }}
 
-  build-arm64:
+  build-fluentd-arm64-base:
     runs-on: ubuntu-latest
     timeout-minutes: 90 
-    name: Build arm64 Image for Fluentd
+    name: Build Fluentd arm64 base image
+    outputs:
+      FD_IMAGE_ARCH_BASE: ${{ env.FD_IMAGE_ARCH_BASE }}
+      FD_IMAGE_ARCH_BASE_GHCR: ${{ env.FD_IMAGE_ARCH_BASE_GHCR }}
     steps:
       - name: Install Go
         uses: actions/setup-go@v4
@@ -78,11 +134,121 @@ jobs:
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v3
+
+      - name: Build and Push Image for Fluentd
+        id: docker-build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./cmd/fluent-watcher/fluentd/Dockerfile.arm64.base
+          push: true
+          platforms: linux/arm64
+          tags: ${{ env.FD_IMAGE_ARCH_BASE }}
+
+  scan-fluetd-arm64-base-image:
+    name: Trivy + Dockle scan Fluentd arm64 base docker image
+    needs: 
+      - build-fluentd-arm64-base
+    uses: ./.github/workflows/scan-docker-image-action.yaml
+    with:
+      source_image: "${{ needs.build-fluentd-arm64-base.outputs.FD_IMAGE_ARCH_BASE }}"
+      source_registry: docker.io
+      platforms: '["linux/arm64"]'
+    secrets:
+      registry_username: ${{ secrets.REGISTRY_USER }}
+      registry_password: ${{ secrets.REGISTRY_PASSWORD }}
+
+  release-fluentd-arm64-base-image-to-ghcr:
+    name: Release Fluentd arm64 base docker image to GitHub Container Registry
+    uses: ./.github/workflows/clone-docker-image-action.yaml
+    needs: 
+      - build-fluentd-arm64-base
+      - scan-fluetd-arm64-base-image
+    with:
+      source_image: "${{ needs.build-fluentd-arm64-base.outputs.FD_IMAGE_ARCH_BASE }}"
+      source_registry: docker.io
+      target_image: "${{ needs.build-fluentd-arm64-base.outputs.FD_IMAGE_ARCH_BASE_GHCR }}"
+      target_registry: ghcr.io
+      platforms: '["linux/arm64"]'
+    secrets:
+      source_registry_username:  ${{ secrets.REGISTRY_USER }}
+      target_registry_username: ${{ github.actor }}
+      source_registry_token: ${{ secrets.REGISTRY_PASSWORD }}
+      target_registry_token: ${{ secrets.GITHUB_TOKEN }}
+
+  build-fluentd-arm64:
+    runs-on: ubuntu-latest
+    timeout-minutes: 90 
+    name: Build Fluentd arm64 image
+    outputs:
+      FD_IMAGE_ARCH: ${{ env.FD_IMAGE_ARCH }}
+      FD_IMAGE_ARCH_GHCR: ${{ env.FD_IMAGE_ARCH_GHCR }}
+    needs: 
+      - build-fluentd-arm64-base
+      - scan-fluetd-arm64-base-image
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.21
+
+      - uses: actions/cache@v3
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
 
-      - name: Build and Push arm64 base Image for Fluentd
-        run: |
-          make build-fd-arm64-base -e FD_IMG_BASE=${{ env.FD_IMG_BASE }}
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and Push Image for Fluentd
+        id: docker-build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./cmd/fluent-watcher/fluentd/Dockerfile.arm64.base
+          push: true
+          platforms: linux/arm64
+          tags: ${{ needs.build-fluentd-arm64-base.outputs.FD_IMAGE_ARCH_BASE }}
 
-      - name: Build and Push arm64 Image for Fluentd
-        run: |
-          make build-fd-arm64 -e FD_IMG=${{ env.FD_IMG }} -e ARCH=${{ env.ARCH }}
+  scan-fluetd-arm64-image:
+    name: Scan Fluentd arm64 docker image
+    needs: 
+      - build-fluentd-arm64
+    uses: ./.github/workflows/scan-docker-image-action.yaml
+    with:
+      source_image: "${{ needs.build-fluentd-arm64.outputs.FD_IMAGE_ARCH }}"
+      source_registry: docker.io
+      platforms: '["linux/arm64"]'
+    secrets:
+      registry_username: ${{ secrets.REGISTRY_USER }}
+      registry_password: ${{ secrets.REGISTRY_PASSWORD }}
+
+  release-fluentd-arm64-image-to-ghcr:
+    name: Release Fluentd arm64 docker image to GitHub Container Registry
+    uses: ./.github/workflows/clone-docker-image-action.yaml
+    needs: 
+      - build-fluentd-arm64
+      - scan-fluetd-arm64-image
+    with:
+      source_image: "${{ needs.build-fluentd-arm64.outputs.FD_IMAGE_ARCH }}"
+      source_registry: docker.io
+      target_image: "${{ needs.build-fluentd-arm64.outputs.FD_IMAGE_ARCH_GHCR }}"
+      target_registry: ghcr.io
+      platforms: '["linux/arm64"]'
+    secrets:
+      source_registry_username:  ${{ secrets.REGISTRY_USER }}
+      target_registry_username: ${{ github.actor }}
+      source_registry_token: ${{ secrets.REGISTRY_PASSWORD }}
+      target_registry_token: ${{ secrets.GITHUB_TOKEN }}