diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml index b5c7a3bb..c0e31102 100644 --- a/.github/workflows/build-image.yaml +++ b/.github/workflows/build-image.yaml @@ -11,11 +11,6 @@ on: description: 'image tag' required: true type: string - tag_latest: - description: 'should this image have the latest tag' - required: false - default: false - type: boolean image_name: description: 'image registry and name' required: true @@ -75,18 +70,11 @@ jobs: - name: Build and push image if: ${{ inputs.support_platforms }} - run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --platform linux/amd64,linux/arm64 + run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push --platform linux/amd64,linux/arm64 - name: Build and push image without amd64/arm64 support if: ${{ !inputs.support_platforms }} - run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} - - - name: Tag image as latest - if: ${{ inputs.tag_latest }} - run: docker tag ${{ inputs.image_name }}:${{ inputs.image_tag }} ${{ inputs.image_name }}:latest - - - name: Push image to registry - run: docker push ${{ inputs.image_name }} + run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push - name: Install cosign uses: sigstore/cosign-installer@main diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index bd29039b..2c114323 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -6,80 +6,80 @@ on: paths-ignore: - '**.md' jobs: - # test: - # uses: ./.github/workflows/test.yaml - # with: - # release: "v2.0.${{ github.run_number }}" - # client: test + test: + uses: ./.github/workflows/test.yaml + with: + release: "v2.0.${{ github.run_number }}" + client: test - # create-release: - # uses: ./.github/workflows/release.yaml - # needs: test - # with: - # release_name: "Release v2.0.${{ github.run_number }}" - # tag_name: "v2.0.${{ github.run_number }}" - # secrets: inherit + create-release: + uses: ./.github/workflows/release.yaml + needs: test + with: + release_name: "Release v2.0.${{ github.run_number }}" + tag_name: "v2.0.${{ github.run_number }}" + secrets: inherit - # publish-artifacts: - # name: Build and publish artifacts - # needs: create-release - # runs-on: ${{ matrix.os }} - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # strategy: - # matrix: - # os: [ubuntu-latest, macos-latest, windows-latest] - # steps: - # - uses: actions/checkout@v3 - # with: - # submodules: recursive + publish-artifacts: + name: Build and publish artifacts + needs: create-release + runs-on: ${{ matrix.os }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + strategy: + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + steps: + - uses: actions/checkout@v3 + with: + submodules: recursive - # - name: Set up Go - # uses: actions/setup-go@v3 - # with: - # go-version: 1.18 + - name: Set up Go + uses: actions/setup-go@v3 + with: + go-version: 1.18 - # - name: Install MSYS2 & libgit2 (Windows) - # shell: cmd - # run: .\build.bat all - # if: matrix.os == 'windows-latest' + - name: Install MSYS2 & libgit2 (Windows) + shell: cmd + run: .\build.bat all + if: matrix.os == 'windows-latest' - # - name: Install libgit2 (Linux/macOS) - # run: make libgit2 - # if: matrix.os != 'windows-latest' + - name: Install libgit2 (Linux/macOS) + run: make libgit2 + if: matrix.os != 'windows-latest' - # - name: Build - # env: - # RELEASE: v2.0.${{ github.run_number }} - # CLIENT: release - # CGO_ENABLED: 1 - # run: python3 --version && python3 build.py + - name: Build + env: + RELEASE: v2.0.${{ github.run_number }} + CLIENT: release + CGO_ENABLED: 1 + run: python3 --version && python3 build.py - # - name: Upload release binaries - # id: upload-release-asset - # uses: actions/upload-release-asset@v1 - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # with: - # upload_url: ${{ needs.create-release.outputs.upload_url }} - # asset_path: build/${{ matrix.os }}/kubescape - # asset_name: kubescape-${{ matrix.os }} - # asset_content_type: application/octet-stream + - name: Upload release binaries + id: upload-release-asset + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: build/${{ matrix.os }}/kubescape + asset_name: kubescape-${{ matrix.os }} + asset_content_type: application/octet-stream - # - name: Upload release hash - # id: upload-release-hash - # uses: actions/upload-release-asset@v1 - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # with: - # upload_url: ${{ needs.create-release.outputs.upload_url }} - # asset_path: build/${{ matrix.os }}/kubescape.sha256 - # asset_name: kubescape-${{ matrix.os }}-sha256 - # asset_content_type: application/octet-stream + - name: Upload release hash + id: upload-release-hash + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: build/${{ matrix.os }}/kubescape.sha256 + asset_name: kubescape-${{ matrix.os }}-sha256 + asset_content_type: application/octet-stream publish-image: uses: ./.github/workflows/build-image.yaml - # needs: create-release + needs: create-release with: client: "image-release" image_name: "quay.io/${{ github.repository_owner }}/kubescape" diff --git a/.github/workflows/build_dev.yaml b/.github/workflows/build_dev.yaml index 3d57d461..e62b6861 100644 --- a/.github/workflows/build_dev.yaml +++ b/.github/workflows/build_dev.yaml @@ -13,13 +13,13 @@ jobs: release: "v2.0.${{ github.run_number }}" client: test - publish-dev-image: - uses: ./.github/workflows/build-image.yaml - needs: test - with: - client: "image-dev" - image_name: "quay.io/${{ github.repository_owner }}/kubescape" - image_tag: "dev-v2.0.${{ github.run_number }}" - support_platforms: true - cosign: true - secrets: inherit + # publish-dev-image: + # uses: ./.github/workflows/build-image.yaml + # needs: test + # with: + # client: "image-dev" + # image_name: "quay.io/${{ github.repository_owner }}/kubescape" + # image_tag: "dev-v2.0.${{ github.run_number }}" + # support_platforms: true + # cosign: true + # secrets: inherit diff --git a/README.md b/README.md index 30dd0bca..e7f87d89 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,9 @@ kubescape scan --enable-host-scan --verbose
## Architecture in short + +[Component architecture](docs/architecture.drawio.svg) + ### [CLI](#kubescape-cli)
cli-diagram diff --git a/docs/architecture.drawio.svg b/docs/architecture.drawio.svg new file mode 100644 index 00000000..4919c889 --- /dev/null +++ b/docs/architecture.drawio.svg @@ -0,0 +1 @@ +5Vpdc5s4FP01fkzGIAT2o2OndabpxLNuZ9tHGRRQC4gRIrbz61cyAgOisXdqDG0e4qArkKVzz/00IzCPdh8ZSoLP1MPhyBx7uxFYjEzTcGxL/JOSfS4Blp0LfEY8ddNRsCavWAnHSpoRD6e1GzmlISdJXejSOMYur8kQY3Rbv+2ZhvVvTZCPNcHaRaEu/Zd4PMilEzg+ypeY+EHxzcZYzUSouFkJ0gB5dFsRgfsRmDNKeX4V7eY4lOAVuOTPffjFbLkxhmN+zgOT5cO3r7vs8Z+Xm693/iuaZdPljQHyZV5QmKkTq93yfQHBNiAcrxPkyvFWqHkE7gIehWJkiEu1AGYc7365NaM8sGAKphHmbC9uKR4ACiNFEmOqxtsj5HbBiKAKd/EgUmr2y7WPSIgLBcb/AKZYuIID9gQz1JAyHlCfxii8P0rvGM1iD8tlx2J0vOeR0kSh9QNzvlc0RxmndSwFXmz/TT1/GHyXg1tYDBe76uRir0b5XuUG39aAOA/NmIvfYoQyWI6Yj/lJ6ug6ZThEnLzUd3Jx/RTbrBB3/nmh6ayuke6ZfGM1mGzrTJ60ENnpisfm9L3yGP4ZPIYaj5dfvqwGR+SStX0R2bA1oD5lG5y6KMEj00aRxCDepEl5/gp6AgdehwiFxI/FtSvwwEwIJFpExP2ZmoiI5+XGgFPyijaHpST2CSUxP5wO3o3gQq4l+J/mpiCXTjmjP/GchlSsu4hpLFd5JmHYEF1AS6YF6+4GQk1L0xYtdRY2i2TnrXzi2lQ2mlQe61QuZUE9meuKzI4Gk0hgn4mfMeFzaJxqoJ2ACaVJnv0+k52EVuf3JYC0G0CaEw1I56o+YaLB+LT5IYBID2WC/MAp/20sL2GoEA4LuuIIQzJU0ASpxVANB17TUAtUKjA9xEmmc+qvjTDGaecJrxph9Ip1xaiLU91n/q06AVPn9rSltLmT7rSil2O9uxNoOafdSVt21KE70bP9p4y/J38Cp9YZ3LWvyl29ssjThvGN+HtazYaQQACn4YfBeRbfXQKhp7DrbBORQaRbEDZMv9htFS2zBS2zK7T0THXFhFWKxT4QAdQAMLOhZpmFZfSFWlHd9tW8Ovarvlfnum9egbObV067Tq/TvAJ6ONMUlgayQSPC1j4kQi8MnI79m1yDj5tSgNyf/kGvIlqKZcq4pUIYvIwFNFwsaGl5GW0+tmwwXN4A9CptTgXpaKhnu1dvqzS6AZZzXkTqDiy9VsM7FyftDZWrw9Uobi1Tb9W1NVQ7S3ssvZDKe1C3vWM1GRqz9OoGcS6c0uCQMntGqmgFvLuIXbzWcDpiT/qM2JZe6/zJEdu0hxey9bro02QtBLPVQ+/uopni9O4vLL0uWlJZezd/0LND2Q7ZMHHly6vURXGMWe+IAjg0RKcaog8R8rH8SeQlC+P+ETMGFt2hnmTPfJ9hH/FBFOZWg2Idtn7E8PhC2mGu8lofuP8P \ No newline at end of file