diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml deleted file mode 100644 index 8794f6c1fa..0000000000 --- a/.github/workflows/docker.yml +++ /dev/null @@ -1,195 +0,0 @@ -name: Check and publish Docker images - -on: - pull_request: - push: - branches: [master] - tags: - - 'v*' - - '!v*-dev' - - 'release' - -defaults: - run: - shell: bash - -env: - IMAGE_NAME: zeek-image.tar - IMAGE_FILE: /tmp/zeek-image.tar - IMAGE_PATH: /tmp - -permissions: - contents: read - -jobs: - docker-build: - runs-on: ubuntu-latest - env: - TEST_TAG: zeek:latest - CONFFLAGS: --generator=Ninja --build-type=Release - steps: - - uses: actions/checkout@v3 - with: - submodules: "recursive" - - # Create and boot a loader. This will e.g., provide caching - # so we avoid rebuilds of the same image after this step. - - uses: docker/setup-buildx-action@v2 - - - name: Build image - uses: docker/build-push-action@v3 - with: - context: ./ - file: docker/Dockerfile - build-args: | - CONFFLAGS=${{ env.CONFFLAGS }} - load: true - tags: ${{ env.TEST_TAG }} - - - name: Run btests - run: make -C docker/btest - - - name: Save image tarball - run: docker save -o ${{ env.IMAGE_FILE }} ${{ env.TEST_TAG }} - - - name: Get version - id: version - run: echo "RELEASE_VERSION=$(cat VERSION)" >> $GITHUB_OUTPUT - - - name: Compute target tag - id: target - env: - RELEASE_VERSION: ${{ steps.version.outputs.RELEASE_VERSION }} - run: | - # Translate the GitHub reference into a tag name. - # - # - `release` tag maps to `zeek:latest` - # - `v*` tag (excluding `v*-dev` tags) maps to `zeek:RELEASE_VERSION` - # - `master` branch maps to `zeek-dev:latest` - # - # Any other refs are not published below. - if [ "${GITHUB_REF}" = "refs/tags/release" ]; then - echo "tag=zeek:latest" >> $GITHUB_OUTPUT - elif [ "${GITHUB_REF}" = "refs/heads/master" ]; then - echo "tag=zeek-dev:latest" >> $GITHUB_OUTPUT - elif [[ "${GITHUB_REF}" = refs/tags/v* ]] && [[ "${GITHUB_REF}" != refs/tags/v*-dev ]]; then - echo "tag=zeek:${RELEASE_VERSION}" >> $GITHUB_OUTPUT - fi - - - name: Login to ECR - # Don't publish on forks. Also note that secrets for the login are not - # available for pull requests, so trigger on pushes only. - if: github.repository == 'zeek/zeek' && github.event_name == 'push' - uses: docker/login-action@v1 - with: - registry: public.ecr.aws - username: ${{ secrets.AWS_ACCESS_KEY_ID }} - password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - - - name: Login to DockerHub - uses: docker/login-action@v2 - # Don't publish on forks. Also note that secrets for the login are not - # available for pull requests, so trigger on pushes only. - if: github.repository == 'zeek/zeek' && github.event_name == 'push' - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Push image - # Only publish if we did compute a tag. - if: github.repository == 'zeek/zeek' && github.event_name == 'push' && steps.target.outputs.tag != '' - uses: docker/build-push-action@v3 - with: - context: ./ - file: docker/Dockerfile - build-args: | - CONFFLAGS=${{ env.CONFFLAGS }} - push: true - tags: | - public.ecr.aws/zeek/${{ steps.target.outputs.tag }} - docker.io/zeekurity/${{ steps.target.outputs.tag }} - docker.io/zeek/${{ steps.target.outputs.tag }} - - - name: Preserve image artifact - uses: actions/upload-artifact@v3 - with: - name: ${{ env.IMAGE_NAME }} - path: ${{ env.IMAGE_FILE }} - retention-days: 1 - - - name: Preserve btest artifacts - uses: actions/upload-artifact@v3 - if: failure() - with: - name: docker-btest - path: docker/btest/.tmp - if-no-files-found: ignore - - cluster-testing: - # We need the Zeek Docker image build job to complete first, since we need - # the resulting image for our docker-compose setup. - needs: docker-build - runs-on: ubuntu-latest - steps: - # Grab the sources so we have access to btest. Could also use pip, but it - # seems appealing to be using the in-tree version of btest. btest is in a - # submodule; we check it out selectively to save time. - - uses: actions/checkout@v3 - - name: Check out btest - run: git submodule update --init ./auxil/btest - - - name: Download Docker image artifact - uses: actions/download-artifact@v3 - with: - name: ${{ env.IMAGE_NAME }} - path: ${{ env.IMAGE_PATH }} - - - name: Load Docker image - run: | - docker load --input ${{ env.IMAGE_FILE }} - docker tag zeek:latest zeektest:latest - - # The testsuite ref to use for this version of Zeek is stored in a file in - # the Zeek source tree. - - name: Get testsuite version - run: | - echo "TESTSUITE_COMMIT=$(cat ./testing/external/commit-hash.zeek-testing-cluster)" >> $GITHUB_ENV - - - name: Retrieve cluster testsuite - uses: actions/checkout@v3 - with: - repository: zeek/zeek-testing-cluster - path: testing/external/zeek-testing-cluster - ref: ${{ ENV.TESTSUITE_COMMIT }} - - - name: Run testsuite - run: make -C testing/external/zeek-testing-cluster - - # upload-artifact balks at certain characters in artifact - # filenames, so substitute them for dots. - - name: Sanitize artifacts - if: failure() - run: | - sudo apt-get -q update && sudo apt-get install -q -y rename - find testing/external/zeek-testing-cluster/.tmp -depth -execdir rename 's/[":<>|*?\r\n]/./g' "{}" \; - - - name: Preserve btest artifacts - uses: actions/upload-artifact@v3 - if: failure() - with: - name: cluster-btest - path: testing/external/zeek-testing-cluster/.tmp - if-no-files-found: ignore - - # To save storage space, truncate the Docker image artifact - # when this run was successful. - - name: Truncate Docker image - run: | - truncate -s0 ${{ env.IMAGE_FILE }} - - - name: Store truncated image artifact - uses: actions/upload-artifact@v3 - with: - name: ${{ env.IMAGE_NAME }} - path: ${{ env.IMAGE_FILE }} - retention-days: 1