From 07cc915d5436580c567c28c9df5e517f3800cf54 Mon Sep 17 00:00:00 2001 From: "Han Verstraete (OpenFaaS Ltd)" Date: Mon, 17 Jun 2024 17:13:36 +0200 Subject: [PATCH 1/2] Update watchdogs for function auth Signed-off-by: Han Verstraete (OpenFaaS Ltd) --- alpine/Dockerfile | 2 +- curl/Dockerfile | 2 +- ffmpeg/Dockerfile | 2 +- figlet/Dockerfile | 2 +- hey/Dockerfile | 2 +- imagemagick/Dockerfile | 2 +- nmap/Dockerfile | 2 +- nslookup/Dockerfile | 2 +- sentimentanalysis/Dockerfile | 2 +- shasum/Dockerfile | 2 +- youtube-dl/Dockerfile | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/alpine/Dockerfile b/alpine/Dockerfile index efedba2..86c061f 100644 --- a/alpine/Dockerfile +++ b/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.1.4 as watchdog +FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.3.1 as watchdog FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.19.1 diff --git a/curl/Dockerfile b/curl/Dockerfile index bd41309..2b9775e 100644 --- a/curl/Dockerfile +++ b/curl/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.1.4 as watchdog +FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.3.1 as watchdog FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.19.1 diff --git a/ffmpeg/Dockerfile b/ffmpeg/Dockerfile index 37d3e55..acc1b32 100644 --- a/ffmpeg/Dockerfile +++ b/ffmpeg/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.1.4 as watchdog +FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.3.1 as watchdog FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.19.1 diff --git a/figlet/Dockerfile b/figlet/Dockerfile index 903c5e9..3481af4 100644 --- a/figlet/Dockerfile +++ b/figlet/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.1.4 as watchdog +FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.3.1 as watchdog FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.19.1 diff --git a/hey/Dockerfile b/hey/Dockerfile index 0677fd3..8171bac 100644 --- a/hey/Dockerfile +++ b/hey/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.1.4 as watchdog +FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.3.1 as watchdog FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.16-alpine as builder ARG TARGETPLATFORM diff --git a/imagemagick/Dockerfile b/imagemagick/Dockerfile index d9cedd0..59b158d 100644 --- a/imagemagick/Dockerfile +++ b/imagemagick/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.1.4 as watchdog +FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.3.1 as watchdog FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.19.1 diff --git a/nmap/Dockerfile b/nmap/Dockerfile index 54479f7..85fd617 100644 --- a/nmap/Dockerfile +++ b/nmap/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.1.4 as watchdog +FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.3.1 as watchdog FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.19.1 diff --git a/nslookup/Dockerfile b/nslookup/Dockerfile index 57915da..e373f5f 100644 --- a/nslookup/Dockerfile +++ b/nslookup/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.1.4 as watchdog +FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.3.1 as watchdog FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.19.1 diff --git a/sentimentanalysis/Dockerfile b/sentimentanalysis/Dockerfile index 41e7564..d09bf53 100644 --- a/sentimentanalysis/Dockerfile +++ b/sentimentanalysis/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.1.4 as watchdog +FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.3.1 as watchdog FROM --platform=${TARGETPLATFORM:-linux/amd64} python:3.11 RUN mkdir -p /home/app diff --git a/shasum/Dockerfile b/shasum/Dockerfile index ec757d7..f736cc4 100644 --- a/shasum/Dockerfile +++ b/shasum/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.1.4 as watchdog +FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.3.1 as watchdog FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.19.1 diff --git a/youtube-dl/Dockerfile b/youtube-dl/Dockerfile index 2faaeb8..9f15cca 100644 --- a/youtube-dl/Dockerfile +++ b/youtube-dl/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.2.2 as watchdog +FROM --platform=${TARGETPLATFORM:-linux/amd64} ghcr.io/openfaas/classic-watchdog:0.3.1 as watchdog FROM --platform=${TARGETPLATFORM:-linux/amd64} alpine:3.19.1 as ship From 2a0a9d5fb7537bd3762a0a0315a50a24c337f6c0 Mon Sep 17 00:00:00 2001 From: "Han Verstraete (OpenFaaS Ltd)" Date: Tue, 18 Jun 2024 15:13:33 +0200 Subject: [PATCH 2/2] Create separate build and publish workflows - Prevent failing CI for PRs bacause of missing permission to push images. - Prevent image builds from users with sufficient permission to get published on PRs and branches other than master. Signed-off-by: Han Verstraete (OpenFaaS Ltd) --- .github/workflows/build.yaml | 22 +++++-------- .github/workflows/publish.yaml | 58 ++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/publish.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 065e6ca..61c225c 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -34,29 +34,23 @@ jobs: id: get_repo_owner run: echo "REPO_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" > $GITHUB_ENV - - name: Docker Login - run: > - echo ${{ secrets.GITHUB_TOKEN }} | - docker login ghcr.io --username - ${{ env.REPO_OWNER }} - --password-stdin - - name: Publish multi-arch functions + - name: Pull templates + run: faas-cli template pull + + - name: Build multi-arch functions run: > OWNER="${{ env.REPO_OWNER }}" TAG="latest" SERVER="ghcr.io" - faas-cli publish - --extra-tag ${{ github.sha }} + faas-cli build --build-arg GO111MODULE=on - --platforms linux/arm/v7,linux/arm64,linux/amd64 + -f stack.yml - - name: Publish amd64-only functions + - name: Build amd64-only functions run: > OWNER="${{ env.REPO_OWNER }}" TAG="latest" SERVER="ghcr.io" - faas-cli publish - --extra-tag ${{ github.sha }} - --platforms linux/amd64 + faas-cli build -f stack-amd64.yml diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 0000000..0c54caf --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,58 @@ +name: publish + +on: + push: + branches: + - 'master' + +jobs: + build: + concurrency: + group: ${{ github.ref }} + cancel-in-progress: true + + permissions: + packages: write + checks: write + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@master + with: + fetch-depth: 1 + - name: Get faas-cli + run: curl -sLSf https://cli.openfaas.com | sudo sh + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Get Repo Owner + id: get_repo_owner + run: echo "REPO_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" > $GITHUB_ENV + + - name: Docker Login + run: > + echo ${{ secrets.GITHUB_TOKEN }} | + docker login ghcr.io --username + ${{ env.REPO_OWNER }} + --password-stdin + - name: Publish multi-arch functions + run: > + OWNER="${{ env.REPO_OWNER }}" + TAG="latest" + SERVER="ghcr.io" + faas-cli publish + --extra-tag ${{ github.sha }} + --build-arg GO111MODULE=on + --platforms linux/arm/v7,linux/arm64,linux/amd64 + + - name: Publish amd64-only functions + run: > + OWNER="${{ env.REPO_OWNER }}" + TAG="latest" + SERVER="ghcr.io" + faas-cli publish + --extra-tag ${{ github.sha }} + --platforms linux/amd64 + -f stack-amd64.yml \ No newline at end of file