Rename images to remove architecture, and refactored image creation (#22

) * renamed images * tweak * tweak * tweak * tweak * tweak * tweak * new multi-arch dockerfile * tweak * tweak * tweak * tweak * tweak * tweak * tweak * tweak * tweak * tweak * build and test all * build and test all * bump action versions * pre-pr tidy * pre-pr tidy
slalombuild · Jan 25, 2024 · 739d4cd · 739d4cd
1 parent d586cd5
commit 739d4cd
Show file tree

Hide file tree

Showing 14 changed files with 453 additions and 844 deletions.
diff --git a/.github/workflows/docker-build-and-publish.yml b/.github/workflows/docker-build-and-publish.yml
@@ -18,309 +18,75 @@ env:
   IMAGE_TAG: 1.0.${{ github.run_number }}
 
 jobs:
-  standard-alpine-amd64:
-    name: Build standard-alpine-amd64
+  build-standard:
+    name: Build standard images
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
-      - name: Build the Docker image
-        run: docker build . --file images/standard-alpine-amd64/Dockerfile --no-cache -t standard-alpine-amd64:${{ github.sha }}
+      - uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: "standard-alpine-amd64:${{ github.sha }}"
-          format: "table"
-          exit-code: "1"
-          ignore-unfixed: true
-          severity: "CRITICAL,HIGH"
-          hide-progress: true
-          vuln-type: "os"
-
-      - uses: actions/checkout@v3
-      - name: Docker Image Size
-        run: docker inspect -f "{{ .Size }}" standard-alpine-amd64:${{ github.sha }} | numfmt --to=si
-
-      - name: Publish to Registry
-        id: publish-standard-alpine-amd64
-        uses: elgohr/Publish-Docker-Github-Action@v5
-        with:
-          name: SlalomBuild/pe-toolkit-standard-alpine-amd64
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ghcr.io
-          buildoptions: "--compress --force-rm"
-          dockerfile: images/standard-alpine-amd64/Dockerfile
-          platforms: linux/amd64
-          tags: "latest,${{ env.IMAGE_TAG }},amd64"
-
-  standard-alpine-arm64:
-    name: Build standard-alpine-arm64
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Build the Docker image
-        run: |
-          docker buildx install
-          docker buildx create --use
-          docker build . --platform linux/arm64 --load --file images/standard-alpine-arm64/Dockerfile --no-cache -t standard-alpine-arm64:${{ github.sha }}
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: "standard-alpine-arm64:${{ github.sha }}"
-          format: "table"
-          exit-code: "1"
-          ignore-unfixed: true
-          severity: "CRITICAL,HIGH"
-          hide-progress: true
-          vuln-type: "os"
-
-      - uses: actions/checkout@v3
-      - name: Docker Image Size
-        run: docker inspect -f "{{ .Size }}" standard-alpine-arm64:${{ github.sha }} | numfmt --to=si
-
-      - name: Publish to Registry
-        id: publish-standard-alpine-arm64
-        uses: elgohr/Publish-Docker-Github-Action@v5
-        with:
-          name: SlalomBuild/pe-toolkit-standard-alpine-arm64
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ghcr.io
-          buildoptions: "--compress --force-rm"
-          dockerfile: images/standard-alpine-arm64/Dockerfile
-          platforms: linux/arm64
-          tags: "latest,${{ env.IMAGE_TAG }},arm64"
-
-  standard-ubuntu-arm64:
-    name: Build standard-ubuntu-arm64
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Build the Docker image
-        run: |
-          docker buildx install
-          docker buildx create --use
-          docker build . --platform linux/arm64 --load --file images/standard-ubuntu-arm64/Dockerfile --no-cache -t standard-ubuntu-arm64:${{ github.sha }}
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: "standard-ubuntu-arm64:${{ github.sha }}"
-          format: "table"
-          exit-code: "1"
-          ignore-unfixed: true
-          severity: "CRITICAL,HIGH"
-          hide-progress: true
-          vuln-type: "os"
-
-      - uses: actions/checkout@v3
-      - name: Docker Image Size
-        run: docker inspect -f "{{ .Size }}" standard-ubuntu-arm64:${{ github.sha }} | numfmt --to=si
-
-      - name: Publish to Registry
-        id: publish-standard-ubuntu-arm64
-        uses: elgohr/Publish-Docker-Github-Action@v5
-        with:
-          name: SlalomBuild/pe-toolkit-standard-ubuntu-arm64
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ghcr.io
-          buildoptions: "--compress --force-rm"
-          dockerfile: images/standard-ubuntu-arm64/Dockerfile
-          platforms: linux/arm64
-          tags: "latest,${{ env.IMAGE_TAG }},arm64"
-
-  standard-ubuntu-amd64:
-    name: Build standard-ubuntu-amd64
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Build the Docker image
-        run: docker build . --file images/standard-ubuntu-amd64/Dockerfile --no-cache -t standard-ubuntu-amd64:${{ github.sha }}
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: "standard-ubuntu-amd64:${{ github.sha }}"
-          format: "table"
-          exit-code: "1"
-          ignore-unfixed: true
-          severity: "CRITICAL,HIGH"
-          hide-progress: true
-          vuln-type: "os"
-
-      - uses: actions/checkout@v3
-      - name: Docker Image Size
-        run: docker inspect -f "{{ .Size }}" standard-ubuntu-amd64:${{ github.sha }} | numfmt --to=si
-
-      - name: Publish to Registry
-        id: publish-standard-ubuntu-amd64
-        uses: elgohr/Publish-Docker-Github-Action@v5
-        with:
-          name: SlalomBuild/pe-toolkit-standard-ubuntu-amd64
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ghcr.io
-          buildoptions: "--compress --force-rm"
-          dockerfile: images/standard-ubuntu-amd64/Dockerfile
-          platforms: linux/amd64
-          tags: "latest,${{ env.IMAGE_TAG }},amd64"
-
-  full-alpine-amd64:
-    name: Build full-alpine-amd64
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Build the Docker image
-        run: docker build . --file images/full-alpine-amd64/Dockerfile --no-cache -t full-alpine-amd64:${{ github.sha }}
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: "full-alpine-amd64:${{ github.sha }}"
-          format: "table"
-          exit-code: "1"
-          ignore-unfixed: true
-          severity: "CRITICAL,HIGH"
-          hide-progress: true
-          vuln-type: "os"
-
-      - uses: actions/checkout@v3
-      - name: Docker Image Size
-        run: docker inspect -f "{{ .Size }}" full-alpine-amd64:${{ github.sha }} | numfmt --to=si
-
-      - name: Publish to Registry
+      - name: Build and publish standard alpine
+        id: publish-standard-alpine
         uses: elgohr/Publish-Docker-Github-Action@v5
         with:
-          name: SlalomBuild/pe-toolkit-full-alpine-amd64
+          name: SlalomBuild/pe-toolkit-standard-alpine
+          dockerfile: images/dockerfile-standard-alpine
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
           registry: ghcr.io
           buildoptions: "--compress --force-rm"
-          dockerfile: images/full-alpine-amd64/Dockerfile
-          platforms: linux/amd64
-          tags: "latest,${{ env.IMAGE_TAG }},amd64"
-
-  full-alpine-arm64:
-    name: Build full-alpine-arm64
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Build the Docker image
-        run: |
-          docker buildx install
-          docker buildx create --use
-          docker build . --platform linux/arm64 --load --file images/full-alpine-arm64/Dockerfile --no-cache -t full-alpine-arm64:${{ github.sha }}
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: "full-alpine-arm64:${{ github.sha }}"
-          format: "table"
-          exit-code: "1"
-          ignore-unfixed: true
-          severity: "CRITICAL,HIGH"
-          hide-progress: true
-          vuln-type: "os"
+          platforms: linux/amd64,linux/arm64
+          tags: "latest,${{ env.IMAGE_TAG }},alpine"
 
-      - uses: actions/checkout@v3
-      - name: Docker Image Size
-        run: docker inspect -f "{{ .Size }}" full-alpine-arm64:${{ github.sha }} | numfmt --to=si
-
-      - name: Publish to Registry
+      - name: Build and publish standard ubuntu
+        id: publish-standard-ubuntu
         uses: elgohr/Publish-Docker-Github-Action@v5
         with:
-          name: SlalomBuild/pe-toolkit-full-alpine-arm64
+          name: SlalomBuild/pe-toolkit-standard-ubuntu
+          dockerfile: images/dockerfile-standard-ubuntu
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
           registry: ghcr.io
           buildoptions: "--compress --force-rm"
-          dockerfile: images/full-alpine-arm64/Dockerfile
-          platforms: linux/arm64
-          tags: "latest,${{ env.IMAGE_TAG }},arm64"
+          platforms: linux/amd64,linux/arm64
+          tags: "latest,${{ env.IMAGE_TAG }},ubuntu"
 
-  full-ubuntu-amd64:
-    name: Build full-ubuntu-amd64
+  build-full:
+    name: Build full images
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
-      - name: Build the Docker image
-        run: docker build . --file images/full-ubuntu-amd64/Dockerfile --no-cache -t full-ubuntu-amd64:${{ github.sha }}
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: "full-ubuntu-amd64:${{ github.sha }}"
-          format: "table"
-          exit-code: "1"
-          ignore-unfixed: true
-          severity: "CRITICAL,HIGH"
-          hide-progress: true
-          vuln-type: "os"
-
-      - uses: actions/checkout@v3
-      - name: Docker Image Size
-        run: docker inspect -f "{{ .Size }}" full-ubuntu-amd64:${{ github.sha }} | numfmt --to=si
+      - uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-      - name: Publish to Registry
+      - name: Build and publish full ubuntu
+        id: publish-full-ubuntu
         uses: elgohr/Publish-Docker-Github-Action@v5
         with:
-          name: SlalomBuild/pe-toolkit-full-ubuntu-amd64
+          name: SlalomBuild/pe-toolkit-full-ubuntu
+          dockerfile: images/dockerfile-full-ubuntu
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
           registry: ghcr.io
           buildoptions: "--compress --force-rm"
-          dockerfile: images/full-ubuntu-amd64/Dockerfile
-          platforms: linux/amd64
-          tags: "latest,${{ env.IMAGE_TAG }},amd64"
-
-  full-ubuntu-arm64:
-    name: Build full-ubuntu-arm64
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Build the Docker image
-        run: |
-          docker buildx install
-          docker buildx create --use
-          docker build . --platform linux/arm64 --load --file images/full-ubuntu-arm64/Dockerfile --no-cache -t full-ubuntu-arm64:${{ github.sha }}
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: "full-ubuntu-arm64:${{ github.sha }}"
-          format: "table"
-          exit-code: "1"
-          ignore-unfixed: true
-          severity: "CRITICAL,HIGH"
-          hide-progress: true
-          vuln-type: "os"
-
-      - uses: actions/checkout@v3
-      - name: Docker Image Size
-        run: docker inspect -f "{{ .Size }}" full-ubuntu-arm64:${{ github.sha }} | numfmt --to=si
+          platforms: linux/amd64,linux/arm64
+          tags: "latest,${{ env.IMAGE_TAG }},ubuntu"
 
-      - name: Publish to Registry
+      - name: Build and publish full alpine
+        id: publish-full-alpine
         uses: elgohr/Publish-Docker-Github-Action@v5
         with:
-          name: SlalomBuild/pe-toolkit-full-ubuntu-arm64
+          name: SlalomBuild/pe-toolkit-full-alpine
+          dockerfile: images/dockerfile-full-alpine
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
           registry: ghcr.io
           buildoptions: "--compress --force-rm"
-          dockerfile: images/full-ubuntu-arm64/Dockerfile
-          platforms: linux/arm64
-          tags: "latest,${{ env.IMAGE_TAG }},arm64"
+          platforms: linux/amd64,linux/arm64
+          tags: "latest,${{ env.IMAGE_TAG }},alpine"
 
   #  _____         _
   # |_   _|__  ___| |_ ___
@@ -331,17 +97,7 @@ jobs:
   test:
     name: Test ${{ matrix.type.name }}-${{ matrix.distro.id }}-${{ matrix.arch.id }}
     if: ${{ success() }}
-    needs:
-      [
-        standard-alpine-amd64,
-        standard-alpine-arm64,
-        standard-ubuntu-amd64,
-        standard-ubuntu-arm64,
-        full-alpine-amd64,
-        full-alpine-arm64,
-        full-ubuntu-amd64,
-        full-ubuntu-arm64,
-      ]
+    needs: [build-standard, build-full]
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -366,5 +122,5 @@ jobs:
           docker run \
             --rm \
             --platform linux/${{ matrix.arch.id }} \
-            ghcr.io/slalombuild/pe-toolkit-${{ matrix.type.name }}-${{ matrix.distro.id }}-${{ matrix.arch.id }}:${{ env.IMAGE_TAG }} \
+            ghcr.io/slalombuild/pe-toolkit-${{ matrix.type.name }}-${{ matrix.distro.id }}:${{ env.IMAGE_TAG }} \
             /bin/sh -c 'figlet terraform && terraform version && figlet atmos && atmos version && figlet tflint && tflint --version && figlet tfsec && tfsec --version && figlet opa && opa version'