mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-03-30 03:49:48 +00:00
170 lines
5.9 KiB
YAML
170 lines
5.9 KiB
YAML
name: Build and Push containers
|
||
|
||
on:
|
||
push:
|
||
branches:
|
||
- "v3"
|
||
- "master"
|
||
paths-ignore:
|
||
- ".github/**"
|
||
- "README.md"
|
||
- "docs/**"
|
||
- "ui/**"
|
||
- "api/**"
|
||
|
||
release:
|
||
types: [published]
|
||
|
||
env:
|
||
# AWS Configuration
|
||
AWS_REGION_STG: eu-west-1
|
||
AWS_REGION_PLATFORM: eu-west-1
|
||
AWS_REGION: us-east-1
|
||
|
||
# Container's configuration
|
||
IMAGE_NAME: prowler
|
||
DOCKERFILE_PATH: ./Dockerfile
|
||
|
||
# Tags
|
||
LATEST_TAG: latest
|
||
STABLE_TAG: stable
|
||
# The RELEASE_TAG is set during runtime in releases
|
||
RELEASE_TAG: ""
|
||
# The PROWLER_VERSION and PROWLER_VERSION_MAJOR are set during runtime in releases
|
||
PROWLER_VERSION: ""
|
||
PROWLER_VERSION_MAJOR: ""
|
||
# TEMPORARY_TAG: temporary
|
||
|
||
# Python configuration
|
||
PYTHON_VERSION: 3.12
|
||
|
||
jobs:
|
||
# Build Prowler OSS container
|
||
container-build-push:
|
||
# needs: dockerfile-linter
|
||
runs-on: ubuntu-latest
|
||
outputs:
|
||
prowler_version_major: ${{ steps.get-prowler-version.outputs.PROWLER_VERSION_MAJOR }}
|
||
prowler_version: ${{ steps.get-prowler-version.outputs.PROWLER_VERSION }}
|
||
env:
|
||
POETRY_VIRTUALENVS_CREATE: "false"
|
||
|
||
steps:
|
||
- name: Checkout
|
||
uses: actions/checkout@v4
|
||
|
||
- name: Setup Python
|
||
uses: actions/setup-python@v5
|
||
with:
|
||
python-version: ${{ env.PYTHON_VERSION }}
|
||
|
||
- name: Install Poetry
|
||
run: |
|
||
pipx install poetry
|
||
pipx inject poetry poetry-bumpversion
|
||
|
||
- name: Get Prowler version
|
||
id: get-prowler-version
|
||
run: |
|
||
PROWLER_VERSION="$(poetry version -s 2>/dev/null)"
|
||
echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_ENV}"
|
||
echo "PROWLER_VERSION=${PROWLER_VERSION}" >> "${GITHUB_OUTPUT}"
|
||
|
||
# Store prowler version major just for the release
|
||
PROWLER_VERSION_MAJOR="${PROWLER_VERSION%%.*}"
|
||
echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_ENV}"
|
||
echo "PROWLER_VERSION_MAJOR=${PROWLER_VERSION_MAJOR}" >> "${GITHUB_OUTPUT}"
|
||
|
||
case ${PROWLER_VERSION_MAJOR} in
|
||
3)
|
||
echo "LATEST_TAG=v3-latest" >> "${GITHUB_ENV}"
|
||
echo "STABLE_TAG=v3-stable" >> "${GITHUB_ENV}"
|
||
;;
|
||
|
||
4)
|
||
echo "LATEST_TAG=latest" >> "${GITHUB_ENV}"
|
||
echo "STABLE_TAG=stable" >> "${GITHUB_ENV}"
|
||
;;
|
||
|
||
*)
|
||
# Fallback if any other version is present
|
||
echo "Releasing another Prowler major version, aborting..."
|
||
exit 1
|
||
;;
|
||
esac
|
||
|
||
- name: Login to DockerHub
|
||
uses: docker/login-action@v3
|
||
with:
|
||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||
|
||
- name: Login to Public ECR
|
||
uses: docker/login-action@v3
|
||
with:
|
||
registry: public.ecr.aws
|
||
username: ${{ secrets.PUBLIC_ECR_AWS_ACCESS_KEY_ID }}
|
||
password: ${{ secrets.PUBLIC_ECR_AWS_SECRET_ACCESS_KEY }}
|
||
env:
|
||
AWS_REGION: ${{ env.AWS_REGION }}
|
||
|
||
- name: Set up Docker Buildx
|
||
uses: docker/setup-buildx-action@v3
|
||
|
||
- name: Build and push container image (latest)
|
||
if: github.event_name == 'push'
|
||
uses: docker/build-push-action@v6
|
||
with:
|
||
push: true
|
||
tags: |
|
||
${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
|
||
${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.LATEST_TAG }}
|
||
file: ${{ env.DOCKERFILE_PATH }}
|
||
cache-from: type=gha
|
||
cache-to: type=gha,mode=max
|
||
|
||
- name: Build and push container image (release)
|
||
if: github.event_name == 'release'
|
||
uses: docker/build-push-action@v6
|
||
with:
|
||
# Use local context to get changes
|
||
# https://github.com/docker/build-push-action#path-context
|
||
context: .
|
||
push: true
|
||
tags: |
|
||
${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
|
||
${{ secrets.DOCKER_HUB_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
|
||
${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.PROWLER_VERSION }}
|
||
${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.STABLE_TAG }}
|
||
file: ${{ env.DOCKERFILE_PATH }}
|
||
cache-from: type=gha
|
||
cache-to: type=gha,mode=max
|
||
|
||
dispatch-action:
|
||
needs: container-build-push
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- name: Get latest commit info (latest)
|
||
if: github.event_name == 'push'
|
||
run: |
|
||
LATEST_COMMIT_HASH=$(echo ${{ github.event.after }} | cut -b -7)
|
||
echo "LATEST_COMMIT_HASH=${LATEST_COMMIT_HASH}" >> $GITHUB_ENV
|
||
|
||
- name: Dispatch event (latest)
|
||
if: github.event_name == 'push' && needs.container-build-push.outputs.prowler_version_major == '3'
|
||
run: |
|
||
curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
|
||
-H "Accept: application/vnd.github+json" \
|
||
-H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
|
||
-H "X-GitHub-Api-Version: 2022-11-28" \
|
||
--data '{"event_type":"dispatch","client_payload":{"version":"v3-latest", "tag": "${{ env.LATEST_COMMIT_HASH }}"}}'
|
||
|
||
- name: Dispatch event (release)
|
||
if: github.event_name == 'release' && needs.container-build-push.outputs.prowler_version_major == '3'
|
||
run: |
|
||
curl https://api.github.com/repos/${{ secrets.DISPATCH_OWNER }}/${{ secrets.DISPATCH_REPO }}/dispatches \
|
||
-H "Accept: application/vnd.github+json" \
|
||
-H "Authorization: Bearer ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}" \
|
||
-H "X-GitHub-Api-Version: 2022-11-28" \
|
||
--data '{"event_type":"dispatch","client_payload":{"version":"release", "tag":"${{ needs.container-build-push.outputs.prowler_version }}"}}'
|