New release workflow #1367
New release workflow #1367
Conversation
|
I'm reviewing this now... sorry for the delay |
I'm working on testing this in my fork, with a separate container registry. Also want to note, that I want to be careful that we have consensus on the container image tags. We have 3 images now:
So the images have tags like:
And then there may be a need to have |
I agree to have the default set to Also, I'd like to keep the |
There was a problem hiding this comment.
Not sure if it's possible now, but I think we should also have a way to just run the release target and see that it works and builds release artifacts (executable binaries and container images) locally without creating Git tag and publishing to GitHub or DockerHub. In some other build systems, e.g. GoReleaser, it's called a release snapshot. Only when we pass PUBLISH=1 or similar explicit flag it would trigger an actual release. (Ideally such release snapshot would run in the PR validation workflow before we run integration tests.)
|
|
|
As it stands now, this is working. I believe this is how you described it @danielpacak. Tested it on my personal fork: https://github.com/grantseltzer/tracee/runs/4992692333?check_suite_focus=true |
|
I believe you're still working on this @grantseltzer, right ? Please let me know once you're good (so I can review). Thanks! |
I could have commented in here instead of messaging you offline, but regardless yes this is ready for review. The only thing I want to point out is asking your thoughts on the convention of 'aquasec/tracee:full-v0.6.6', as in having the version number in the tag. |
- Snapshot
- Builds tracee-ebpf, tracee-rules, rules
- Builds an archive of build artifacts along with license
- Takes checksum of archive
- Builds container images
- Publish
- Pushes container images to dockerhub
- Creates github release with the build artifact archive
For both of these targets the main environment variables to set are:
PUSH_DOCKER_REPO (default: aquasec/tracee)
SNAPSHOT_VERSION - the tag or SHA to label the release/snapshot as (default: latest git SHA)
This commit also does the following:
- Updates the github action for releasing to use this new makefile
- Fixes existing Makefile to cleanup intermediate images
Signed-off-by: grantseltzer <grantseltzer@gmail.com>
Signed-off-by: grantseltzer <grantseltzer@gmail.com>
Signed-off-by: grantseltzer <grantseltzer@gmail.com>
This PR:
Makefile.releasewhich has two targets:For both of these targets the main environment variables to set are:
PUSH_DOCKER_REPO (default: aquasec/tracee)
SNAPSHOT_VERSION - the tag or SHA to label the release/snapshot as (default: latest git SHA)
This PR also does the following: