Release Snapshot #529

Workflow file for this run

.github/workflows/release-snapshot.yaml at a8ddb7e

	#
	# On cron schedule or on demand: Release snapshot (amd64 and arm64)
	#
	# This workflow ensures that the main branch is ready for release and that all
	# build configuration files are valid. Also scans tracee container images for
	# vulnerabilities, and publishes to DockerHub as aquasec/tracee:dev and
	# aquasec/tracee:dev-full.
	#
	name: Release Snapshot
	on:
	workflow_dispatch: {}
	schedule:
	# Daily at 05:00
	- cron: "0 5 * * *"
	jobs:
	release-snapshot:
	name: Release Snapshot X64 (Default)
	runs-on:
	[
	"github-self-hosted_ami-0f4881c8d69684001_${{ github.event.number }}-${{ github.run_id }}",
	]
	permissions:
	contents: read
	packages: write
	id-token: write
	steps:
	- name: Install Cosign
	uses: sigstore/cosign-installer@main
	with:
	cosign-release: 'v2.0.2'
	- name: Checkout Code
	uses: actions/checkout@v3
	with:
	submodules: true
	fetch-depth: 0
	- name: AWS Environment
	run: \|
	dmidecode
	- name: Login to docker.io registry
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKERHUB_USER }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	- name: Build
	run: \|
	make -f builder/Makefile.release SNAPSHOT=1
	- name: Scan Docker Image for Vulnerabilities
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "tracee:latest"
	severity: "CRITICAL"
	exit-code: "1"
	- name: Publish to docker.io registry
	run: \|
	docker image tag tracee:latest aquasec/tracee:dev
	docker image tag tracee:latest aquasec/tracee:x86_64-dev
	docker image push aquasec/tracee:dev
	docker image push aquasec/tracee:x86_64-dev
	release-snapshot-arm64:
	name: Release Snapshot ARM64
	runs-on:
	[
	"github-self-hosted_ami-03217ce7c37572c4d_${{ github.event.number }}-${{ github.run_id }}",
	]
	permissions:
	contents: read
	packages: write
	id-token: write
	steps:
	- name: Install Cosign
	uses: sigstore/cosign-installer@main
	with:
	cosign-release: 'v2.0.2'
	- name: Checkout Code
	uses: actions/checkout@v3
	with:
	submodules: true
	fetch-depth: 0
	- name: AWS Environment
	run: \|
	dmidecode
	- name: Login to docker.io registry
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKERHUB_USER }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	- name: Build
	run: \|
	make -f builder/Makefile.release SNAPSHOT=1
	- name: Scan Docker Image for Vulnerabilities
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "tracee:latest"
	severity: "CRITICAL"
	exit-code: "1"
	- name: Publish to docker.io registry
	run: \|
	docker image tag tracee:latest aquasec/tracee:aarch64-dev
	docker image push aquasec/tracee:aarch64-dev

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release Snapshot #529

Workflow file

Release Snapshot #529

Jobs

Run details

Workflow file for this run