diff --git a/.github/workflows/bats-hub.yml b/.github/workflows/bats-hub.yml index a5e797a3e..aa29f1e1f 100644 --- a/.github/workflows/bats-hub.yml +++ b/.github/workflows/bats-hub.yml @@ -28,13 +28,13 @@ jobs: echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id - name: "Check out CrowdSec repository" - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: true - name: "Set up Go" - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: "1.21.6" diff --git a/.github/workflows/bats-mysql.yml b/.github/workflows/bats-mysql.yml index aafa14cf2..7daab04a8 100644 --- a/.github/workflows/bats-mysql.yml +++ b/.github/workflows/bats-mysql.yml @@ -12,10 +12,6 @@ env: jobs: build: - strategy: - matrix: - go-version: ["1.21.6"] - name: "Build + tests" runs-on: ubuntu-latest timeout-minutes: 30 @@ -35,15 +31,15 @@ jobs: echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id - name: "Check out CrowdSec repository" - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: true - - name: "Set up Go ${{ matrix.go-version }}" - uses: actions/setup-go@v4 + - name: "Set up Go" + uses: actions/setup-go@v5 with: - go-version: ${{ matrix.go-version }} + go-version: "1.21.6" - name: "Install bats dependencies" env: diff --git a/.github/workflows/bats-postgres.yml b/.github/workflows/bats-postgres.yml index a8e4ef280..14fe2939c 100644 --- a/.github/workflows/bats-postgres.yml +++ b/.github/workflows/bats-postgres.yml @@ -8,10 +8,6 @@ env: jobs: build: - strategy: - matrix: - go-version: ["1.21.6"] - name: "Build + tests" runs-on: ubuntu-latest timeout-minutes: 30 @@ -44,15 +40,15 @@ jobs: echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id - name: "Check out CrowdSec repository" - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: true - - name: "Set up Go ${{ matrix.go-version }}" - uses: actions/setup-go@v4 + - name: "Set up Go" + uses: actions/setup-go@v5 with: - go-version: ${{ matrix.go-version }} + go-version: "1.21.6" - name: "Install bats dependencies" env: diff --git a/.github/workflows/bats-sqlite-coverage.yml b/.github/workflows/bats-sqlite-coverage.yml index 7d7c51f2d..309e4d6b3 100644 --- a/.github/workflows/bats-sqlite-coverage.yml +++ b/.github/workflows/bats-sqlite-coverage.yml @@ -9,10 +9,6 @@ env: jobs: build: - strategy: - matrix: - go-version: ["1.21.6"] - name: "Build + tests" runs-on: ubuntu-latest timeout-minutes: 20 @@ -25,15 +21,15 @@ jobs: echo githubciXXXXXXXXXXXXXXXXXXXXXXXX | sudo tee /etc/machine-id - name: "Check out CrowdSec repository" - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: true - - name: "Set up Go ${{ matrix.go-version }}" - uses: actions/setup-go@v4 + - name: "Set up Go" + uses: actions/setup-go@v5 with: - go-version: ${{ matrix.go-version }} + go-version: "1.21.6" - name: "Install bats dependencies" env: diff --git a/.github/workflows/cache-cleanup.yaml b/.github/workflows/cache-cleanup.yaml index d19365024..4f320cf24 100644 --- a/.github/workflows/cache-cleanup.yaml +++ b/.github/workflows/cache-cleanup.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Cleanup run: | diff --git a/.github/workflows/ci-windows-build-msi.yml b/.github/workflows/ci-windows-build-msi.yml index bfb2cdaca..26c981143 100644 --- a/.github/workflows/ci-windows-build-msi.yml +++ b/.github/workflows/ci-windows-build-msi.yml @@ -21,25 +21,21 @@ on: jobs: build: - strategy: - matrix: - go-version: ["1.21.6"] - name: Build runs-on: windows-2019 steps: - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: false - - name: "Set up Go ${{ matrix.go-version }}" - uses: actions/setup-go@v4 + - name: "Set up Go" + uses: actions/setup-go@v5 with: - go-version: ${{ matrix.go-version }} + go-version: "1.21.6" - name: Build run: make windows_installer BUILD_RE2_WASM=1 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f23355b49..0904769dd 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -44,7 +44,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # required to pick up tags for BUILD_VERSION fetch-depth: 0 @@ -72,7 +72,7 @@ jobs: # uses a compiled language - name: "Set up Go" - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: "1.21.6" cache-dependency-path: "**/go.sum" diff --git a/.github/workflows/docker-tests.yml b/.github/workflows/docker-tests.yml index 913c47662..fdf2b1a52 100644 --- a/.github/workflows/docker-tests.yml +++ b/.github/workflows/docker-tests.yml @@ -21,17 +21,17 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 with: config: .github/buildkit.toml - name: "Build flavor: slim" - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile @@ -43,7 +43,7 @@ jobs: cache-to: type=gha,mode=min - name: "Build flavor: full" - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile @@ -55,7 +55,7 @@ jobs: cache-to: type=gha,mode=min - name: "Build flavor: full (debian)" - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile.debian diff --git a/.github/workflows/go-tests-windows.yml b/.github/workflows/go-tests-windows.yml index 3f36327f3..63781a7b2 100644 --- a/.github/workflows/go-tests-windows.yml +++ b/.github/workflows/go-tests-windows.yml @@ -20,25 +20,21 @@ env: jobs: build: - strategy: - matrix: - go-version: ["1.21.6"] - name: "Build + tests" runs-on: windows-2022 steps: - name: Check out CrowdSec repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: false - - name: "Set up Go ${{ matrix.go-version }}" - uses: actions/setup-go@v4 + - name: "Set up Go" + uses: actions/setup-go@v5 with: - go-version: ${{ matrix.go-version }} + go-version: "1.21.6" - name: Build run: | diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml index f6d2f9c98..e8840c07f 100644 --- a/.github/workflows/go-tests.yml +++ b/.github/workflows/go-tests.yml @@ -118,13 +118,13 @@ jobs: steps: - name: Check out CrowdSec repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: false - name: "Set up Go" - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: "1.21.6" diff --git a/.github/workflows/publish-docker-master.yml b/.github/workflows/publish-docker-master.yml new file mode 100644 index 000000000..e6f9cebf7 --- /dev/null +++ b/.github/workflows/publish-docker-master.yml @@ -0,0 +1,47 @@ +name: Publish Docker image on Push to Master + +on: + push: + branches: [ master ] + paths: + - 'pkg/**' + - 'cmd/**' + - 'plugins/**' + - 'docker/docker_start.sh' + - 'docker/config.yaml' + - '.github/workflows/publish_docker-master.yml' + - '.github/workflows/publish-docker.yml' + - 'Dockerfile' + - 'Dockerfile.debian' + - 'go.mod' + - 'go.sum' + - 'Makefile' + +jobs: + dev-alpine: + uses: ./.github/workflows/publish-docker.yml + with: + platform: linux/amd64 + crowdsec_version: "" + image_version: dev + latest: false + push: true + slim: false + debian: false + secrets: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + + dev-debian: + uses: ./.github/workflows/publish-docker.yml + with: + platform: linux/amd64 + crowdsec_version: "" + image_version: dev + latest: false + push: true + slim: false + debian: true + secrets: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} diff --git a/.github/workflows/publish-docker-release.yml b/.github/workflows/publish-docker-release.yml new file mode 100644 index 000000000..648b08ce9 --- /dev/null +++ b/.github/workflows/publish-docker-release.yml @@ -0,0 +1,56 @@ +name: Publish Docker images + +on: + workflow_dispatch: + inputs: + image_version: + description: Docker Image version (base tag, i.e. v1.6.0-2) + required: true + crowdsec_version: + description: Crowdsec version (BUILD_VERSION) + required: true + latest: + description: Overwrite latest (and slim) tags? + default: false + required: true + push: + description: Really push? + default: false + required: true + +jobs: + alpine: + strategy: + matrix: + platform: ["linux/amd64", "linux/386", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] + + uses: ./.github/workflows/publish-docker.yml + secrets: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + with: + platform: ${{ matrix.platform }} + image_version: ${{ github.event.inputs.image_version }} + crowdsec_version: ${{ github.event.inputs.crowdsec_version }} + latest: ${{ github.event.inputs.latest == 'true' }} + push: ${{ github.event.inputs.push == 'true' }} + slim: true + debian: false + + debian: + strategy: + matrix: + platform: ["linux/amd64", "linux/386", "linux/arm64"] + + uses: ./.github/workflows/publish-docker.yml + secrets: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + with: + platform: ${{ matrix.platform }} + image_version: ${{ github.event.inputs.image_version }} + crowdsec_version: ${{ github.event.inputs.crowdsec_version }} + latest: ${{ github.event.inputs.latest == 'true' }} + push: ${{ github.event.inputs.push == 'true' }} + slim: false + debian: true diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml new file mode 100644 index 000000000..99218f588 --- /dev/null +++ b/.github/workflows/publish-docker.yml @@ -0,0 +1,125 @@ +name: Publish Docker image / platform + +on: + workflow_call: + secrets: + DOCKER_USERNAME: + required: true + DOCKER_PASSWORD: + required: true + inputs: + platform: + required: true + type: string + image_version: + required: true + type: string + crowdsec_version: + required: true + type: string + latest: + required: true + type: boolean + push: + required: true + type: boolean + slim: + required: true + type: boolean + debian: + required: true + type: boolean + +jobs: + push_to_registry: + name: Push Docker image to registries + runs-on: ubuntu-latest + steps: + + - name: Check out the repo + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + config: .github/buildkit.toml + + - name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Prepare (slim) + if: ${{ inputs.slim }} + id: slim + run: | + DOCKERHUB_IMAGE=${{ secrets.DOCKER_USERNAME }}/crowdsec + GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/crowdsec + VERSION=${{ inputs.image_version }} + DEBIAN=${{ inputs.debian && '-debian' || '' }} + TAGS="${DOCKERHUB_IMAGE}:${VERSION}-slim${DEBIAN},${GHCR_IMAGE}:${VERSION}-slim${DEBIAN}" + if [[ ${{ inputs.latest }} == true ]]; then + TAGS=$TAGS,${DOCKERHUB_IMAGE}:slim${DEBIAN},${GHCR_IMAGE}:slim${DEBIAN} + fi + echo "tags=${TAGS}" >> $GITHUB_OUTPUT + echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT + + - name: Prepare (full) + id: full + run: | + DOCKERHUB_IMAGE=${{ secrets.DOCKER_USERNAME }}/crowdsec + GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/crowdsec + VERSION=${{ inputs.image_version }} + DEBIAN=${{ inputs.debian && '-debian' || '' }} + TAGS="${DOCKERHUB_IMAGE}:${VERSION}${DEBIAN},${GHCR_IMAGE}:${VERSION}${DEBIAN}" + if [[ ${{ inputs.latest }} == true ]]; then + TAGS=$TAGS,${DOCKERHUB_IMAGE}:latest${DEBIAN},${GHCR_IMAGE}:latest${DEBIAN} + fi + echo "tags=${TAGS}" >> $GITHUB_OUTPUT + echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT + + - name: Build and push image (slim) + if: ${{ inputs.slim }} + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile${{ inputs.debian && '.debian' || '' }} + push: ${{ inputs.push }} + tags: ${{ steps.slim.outputs.tags }} + target: slim + platforms: ${{ inputs.platform }} + labels: | + org.opencontainers.image.source=${{ github.event.repository.html_url }} + org.opencontainers.image.created=${{ steps.slim.outputs.created }} + org.opencontainers.image.revision=${{ github.sha }} + build-args: | + BUILD_VERSION=${{ inputs.crowdsec_version }} + + - name: Build and push image (full) + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile${{ inputs.debian && '.debian' || '' }} + push: ${{ inputs.push }} + tags: ${{ steps.full.outputs.tags }} + target: full + platforms: ${{ inputs.platform }} + labels: | + org.opencontainers.image.source=${{ github.event.repository.html_url }} + org.opencontainers.image.created=${{ steps.full.outputs.created }} + org.opencontainers.image.revision=${{ github.sha }} + build-args: | + BUILD_VERSION=${{ inputs.crowdsec_version }} diff --git a/.github/workflows/release_publish-package.yml b/.github/workflows/publish-tarball-release.yml similarity index 77% rename from .github/workflows/release_publish-package.yml rename to .github/workflows/publish-tarball-release.yml index 855915824..202882791 100644 --- a/.github/workflows/release_publish-package.yml +++ b/.github/workflows/publish-tarball-release.yml @@ -1,5 +1,5 @@ # .github/workflows/build-docker-image.yml -name: build +name: Release on: release: @@ -12,24 +12,20 @@ permissions: jobs: build: - strategy: - matrix: - go-version: ["1.21.6"] - name: Build and upload binary package runs-on: ubuntu-latest steps: - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 submodules: false - - name: "Set up Go ${{ matrix.go-version }}" - uses: actions/setup-go@v4 + - name: "Set up Go" + uses: actions/setup-go@v5 with: - go-version: ${{ matrix.go-version }} + go-version: "1.21.6" - name: Build the binaries run: | diff --git a/.github/workflows/publish_docker-image_on_master-debian.yml b/.github/workflows/publish_docker-image_on_master-debian.yml deleted file mode 100644 index 17332adf0..000000000 --- a/.github/workflows/publish_docker-image_on_master-debian.yml +++ /dev/null @@ -1,71 +0,0 @@ -name: Publish Debian Docker image on Push to Master - -on: - push: - branches: [ master ] - paths: - - 'pkg/**' - - 'cmd/**' - - 'plugins/**' - - 'docker/docker_start.sh' - - 'docker/config.yaml' - - '.github/workflows/publish_docker-image_on_master-debian.yml' - - 'Dockerfile.debian' - - 'go.mod' - - 'go.sum' - - 'Makefile' - -jobs: - push_to_registry: - name: Push Debian Docker image to Docker Hub - runs-on: ubuntu-latest - if: ${{ github.repository_owner == 'crowdsecurity' }} - steps: - - - name: Check out the repo - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Prepare - id: prep - run: | - DOCKER_IMAGE=crowdsecurity/crowdsec - GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/crowdsec - VERSION=dev-debian - TAGS="${DOCKER_IMAGE}:${VERSION},${GHCR_IMAGE}:${VERSION}" - echo "tags=${TAGS}" >> $GITHUB_OUTPUT - echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - with: - config: .github/buildkit.toml - - - name: Login to DockerHub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push full image - uses: docker/build-push-action@v4 - with: - context: . - file: ./Dockerfile.debian - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.prep.outputs.tags }} - platforms: linux/amd64 - labels: | - org.opencontainers.image.source=${{ github.event.repository.html_url }} - org.opencontainers.image.created=${{ steps.prep.outputs.created }} - org.opencontainers.image.revision=${{ github.sha }} - cache-from: type=gha - cache-to: type=gha,mode=min diff --git a/.github/workflows/publish_docker-image_on_master.yml b/.github/workflows/publish_docker-image_on_master.yml deleted file mode 100644 index 345290200..000000000 --- a/.github/workflows/publish_docker-image_on_master.yml +++ /dev/null @@ -1,71 +0,0 @@ -name: Publish Docker image on Push to Master - -on: - push: - branches: [ master ] - paths: - - 'pkg/**' - - 'cmd/**' - - 'plugins/**' - - 'docker/docker_start.sh' - - 'docker/config.yaml' - - '.github/workflows/publish_docker-image_on_master.yml' - - 'Dockerfile' - - 'go.mod' - - 'go.sum' - - 'Makefile' - -jobs: - push_to_registry: - name: Push Docker image to Docker Hub - runs-on: ubuntu-latest - if: ${{ github.repository_owner == 'crowdsecurity' }} - steps: - - - name: Check out the repo - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Prepare - id: prep - run: | - DOCKER_IMAGE=crowdsecurity/crowdsec - GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/crowdsec - VERSION=dev - TAGS="${DOCKER_IMAGE}:${VERSION},${GHCR_IMAGE}:${VERSION}" - echo "tags=${TAGS}" >> $GITHUB_OUTPUT - echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - with: - config: .github/buildkit.toml - - - name: Login to DockerHub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push full image - uses: docker/build-push-action@v4 - with: - context: . - file: ./Dockerfile - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.prep.outputs.tags }} - platforms: linux/amd64 - labels: | - org.opencontainers.image.source=${{ github.event.repository.html_url }} - org.opencontainers.image.created=${{ steps.prep.outputs.created }} - org.opencontainers.image.revision=${{ github.sha }} - cache-from: type=gha - cache-to: type=gha,mode=min diff --git a/.github/workflows/release_publish_docker-image-debian.yml b/.github/workflows/release_publish_docker-image-debian.yml deleted file mode 100644 index e766dae09..000000000 --- a/.github/workflows/release_publish_docker-image-debian.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: Publish Docker Debian image - -on: - release: - types: - - released - - prereleased - workflow_dispatch: - -jobs: - push_to_registry: - name: Push Docker debian image to Docker Hub - runs-on: ubuntu-latest - steps: - - name: Check out the repo - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Prepare - id: prep - run: | - DOCKER_IMAGE=crowdsecurity/crowdsec - VERSION=bullseye - if [[ $GITHUB_REF == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -E 's#/+#-#g') - elif [[ $GITHUB_REF == refs/pull/* ]]; then - VERSION=pr-${{ github.event.number }} - fi - TAGS="${DOCKER_IMAGE}:${VERSION}-debian" - if [[ "${{ github.event.action }}" == "released" ]]; then - TAGS=$TAGS,${DOCKER_IMAGE}:latest-debian - fi - echo "version=${VERSION}" >> $GITHUB_OUTPUT - echo "tags=${TAGS}" >> $GITHUB_OUTPUT - echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - with: - config: .github/buildkit.toml - - - name: Login to DockerHub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Build and push - uses: docker/build-push-action@v4 - with: - context: . - file: ./Dockerfile.debian - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.prep.outputs.tags }} - platforms: linux/amd64,linux/arm64,linux/386 - labels: | - org.opencontainers.image.source=${{ github.event.repository.html_url }} - org.opencontainers.image.created=${{ steps.prep.outputs.created }} - org.opencontainers.image.revision=${{ github.sha }} diff --git a/.github/workflows/release_publish_docker-image.yml b/.github/workflows/release_publish_docker-image.yml deleted file mode 100644 index fa4eb8996..000000000 --- a/.github/workflows/release_publish_docker-image.yml +++ /dev/null @@ -1,86 +0,0 @@ -name: Publish Docker image - -on: - release: - types: - - released - - prereleased - -jobs: - push_to_registry: - name: Push Docker image to Docker Hub - runs-on: ubuntu-latest - steps: - - name: Check out the repo - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Prepare - id: prep - run: | - DOCKER_IMAGE=crowdsecurity/crowdsec - GHCR_IMAGE=ghcr.io/${{ github.repository_owner }}/crowdsec - VERSION=edge - if [[ $GITHUB_REF == refs/tags/* ]]; then - VERSION=${GITHUB_REF#refs/tags/} - elif [[ $GITHUB_REF == refs/heads/* ]]; then - VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -E 's#/+#-#g') - elif [[ $GITHUB_REF == refs/pull/* ]]; then - VERSION=pr-${{ github.event.number }} - fi - TAGS="${DOCKER_IMAGE}:${VERSION},${GHCR_IMAGE}:${VERSION}" - TAGS_SLIM="${DOCKER_IMAGE}:${VERSION}-slim,${GHCR_IMAGE}:${VERSION}-slim" - if [[ ${{ github.event.action }} == released ]]; then - TAGS=$TAGS,${DOCKER_IMAGE}:latest,${GHCR_IMAGE}:latest - TAGS_SLIM=$TAGS_SLIM,${DOCKER_IMAGE}:slim,${GHCR_IMAGE}:slim - fi - echo "version=${VERSION}" >> $GITHUB_OUTPUT - echo "tags=${TAGS}" >> $GITHUB_OUTPUT - echo "tags_slim=${TAGS_SLIM}" >> $GITHUB_OUTPUT - echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - with: - config: .github/buildkit.toml - - - name: Login to DockerHub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push slim image - uses: docker/build-push-action@v4 - with: - context: . - file: ./Dockerfile - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.prep.outputs.tags_slim }} - target: slim - platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6,linux/386 - labels: | - org.opencontainers.image.source=${{ github.event.repository.html_url }} - org.opencontainers.image.created=${{ steps.prep.outputs.created }} - org.opencontainers.image.revision=${{ github.sha }} - - - name: Build and push full image - uses: docker/build-push-action@v4 - with: - context: . - file: ./Dockerfile - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.prep.outputs.tags }} - platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6,linux/386 - labels: | - org.opencontainers.image.source=${{ github.event.repository.html_url }} - org.opencontainers.image.created=${{ steps.prep.outputs.created }} - org.opencontainers.image.revision=${{ github.sha }} diff --git a/.github/workflows/update_docker_hub_doc.yml b/.github/workflows/update_docker_hub_doc.yml index 0a5047ddc..1803802b6 100644 --- a/.github/workflows/update_docker_hub_doc.yml +++ b/.github/workflows/update_docker_hub_doc.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 if: ${{ github.repository_owner == 'crowdsecurity' }} - name: Update docker hub README diff --git a/Dockerfile b/Dockerfile index 7470beb57..0409f6e7c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,7 @@ # vim: set ft=dockerfile: -ARG GOVERSION=1.21.6 -ARG BUILD_VERSION +FROM golang:1.21.6-alpine3.18 AS build -FROM golang:${GOVERSION}-alpine3.18 AS build +ARG BUILD_VERSION WORKDIR /go/src/crowdsec diff --git a/Dockerfile.debian b/Dockerfile.debian index bc5b0aa2d..ef9d905ac 100644 --- a/Dockerfile.debian +++ b/Dockerfile.debian @@ -1,8 +1,7 @@ # vim: set ft=dockerfile: -ARG GOVERSION=1.21.6 -ARG BUILD_VERSION +FROM golang:1.21.6-bookworm AS build -FROM golang:${GOVERSION}-bookworm AS build +ARG BUILD_VERSION WORKDIR /go/src/crowdsec diff --git a/cmd/crowdsec-cli/require/require.go b/cmd/crowdsec-cli/require/require.go index 0ab5b5897..0f5ce182d 100644 --- a/cmd/crowdsec-cli/require/require.go +++ b/cmd/crowdsec-cli/require/require.go @@ -11,7 +11,7 @@ import ( ) func LAPI(c *csconfig.Config) error { - if err := c.LoadAPIServer(); err != nil { + if err := c.LoadAPIServer(true); err != nil { return fmt.Errorf("failed to load Local API: %w", err) } @@ -47,7 +47,7 @@ func CAPIRegistered(c *csconfig.Config) error { } func DB(c *csconfig.Config) error { - if err := c.LoadDBConfig(); err != nil { + if err := c.LoadDBConfig(true); err != nil { return fmt.Errorf("this command requires direct database access (must be run on the local API machine): %w", err) } diff --git a/cmd/crowdsec-cli/support.go b/cmd/crowdsec-cli/support.go index 40b73e047..99194e550 100644 --- a/cmd/crowdsec-cli/support.go +++ b/cmd/crowdsec-cli/support.go @@ -305,7 +305,7 @@ cscli support dump -f /tmp/crowdsec-support.zip infos[SUPPORT_AGENTS_PATH] = []byte(err.Error()) } - if err := csConfig.LoadAPIServer(); err != nil { + if err := csConfig.LoadAPIServer(true); err != nil { log.Warnf("could not load LAPI, skipping CAPI check") skipLAPI = true infos[SUPPORT_CAPI_STATUS_PATH] = []byte(err.Error()) diff --git a/cmd/crowdsec-cli/utils.go b/cmd/crowdsec-cli/utils.go index 362a8942f..d9a3a3932 100644 --- a/cmd/crowdsec-cli/utils.go +++ b/cmd/crowdsec-cli/utils.go @@ -48,7 +48,7 @@ func manageCliDecisionAlerts(ip *string, ipRange *string, scope *string, value * } func getDBClient() (*database.Client, error) { - if err := csConfig.LoadAPIServer(); err != nil || csConfig.DisableAPI { + if err := csConfig.LoadAPIServer(true); err != nil || csConfig.DisableAPI { return nil, err } ret, err := database.NewClient(csConfig.DbConfig) diff --git a/cmd/crowdsec/main.go b/cmd/crowdsec/main.go index bdb04023e..2040141bb 100644 --- a/cmd/crowdsec/main.go +++ b/cmd/crowdsec/main.go @@ -262,7 +262,7 @@ func LoadConfig(configFile string, disableAgent bool, disableAPI bool, quiet boo } if !cConfig.DisableAPI { - if err := cConfig.LoadAPIServer(); err != nil { + if err := cConfig.LoadAPIServer(false); err != nil { return nil, err } } diff --git a/docker/docker_start.sh b/docker/docker_start.sh index 1e44b64ac..5393feeb8 100755 --- a/docker/docker_start.sh +++ b/docker/docker_start.sh @@ -3,7 +3,7 @@ # shellcheck disable=SC2292 # allow [ test ] syntax # shellcheck disable=SC2310 # allow "if function..." syntax with -e -# set -e +set -e shopt -s inherit_errexit # match true, TRUE, True, tRuE, etc. @@ -109,6 +109,8 @@ cscli_if_clean() { for obj in $objs; do if cscli "$itemtype" inspect "$obj" -o json | yq -e '.tainted // false' >/dev/null 2>&1; then echo "Object $itemtype/$obj is tainted, skipping" + elif cscli "$itemtype" inspect "$obj" -o json | yq -e '.local // false' >/dev/null 2>&1; then + echo "Object $itemtype/$obj is local, skipping" else # # Too verbose? Only show errors if not in debug mode # if [ "$DEBUG" != "true" ]; then @@ -301,8 +303,8 @@ fi conf_set_if "$PLUGIN_DIR" '.config_paths.plugin_dir = strenv(PLUGIN_DIR)' ## Install hub items -cscli hub update -cscli hub upgrade +cscli hub update || true +cscli hub upgrade || true cscli_if_clean parsers install crowdsecurity/docker-logs cscli_if_clean parsers install crowdsecurity/cri-logs diff --git a/pkg/csconfig/api.go b/pkg/csconfig/api.go index 06b3d3828..d8e7c77a5 100644 --- a/pkg/csconfig/api.go +++ b/pkg/csconfig/api.go @@ -236,7 +236,7 @@ type LocalApiServerCfg struct { CapiWhitelists *CapiWhitelist `yaml:"-"` } -func (c *Config) LoadAPIServer() error { +func (c *Config) LoadAPIServer(inCli bool) error { if c.DisableAPI { log.Warning("crowdsec local API is disabled from flag") } @@ -289,7 +289,7 @@ func (c *Config) LoadAPIServer() error { log.Printf("push and pull to Central API disabled") } - if err := c.LoadDBConfig(); err != nil { + if err := c.LoadDBConfig(inCli); err != nil { return err } diff --git a/pkg/csconfig/api_test.go b/pkg/csconfig/api_test.go index e1e24e2be..e22c78204 100644 --- a/pkg/csconfig/api_test.go +++ b/pkg/csconfig/api_test.go @@ -240,7 +240,7 @@ func TestLoadAPIServer(t *testing.T) { for _, tc := range tests { tc := tc t.Run(tc.name, func(t *testing.T) { - err := tc.input.LoadAPIServer() + err := tc.input.LoadAPIServer(false) cstest.RequireErrorContains(t, err, tc.expectedErr) if tc.expectedErr != "" { return diff --git a/pkg/csconfig/database.go b/pkg/csconfig/database.go index 4d041c312..5149b4ae3 100644 --- a/pkg/csconfig/database.go +++ b/pkg/csconfig/database.go @@ -50,7 +50,7 @@ type FlushDBCfg struct { AgentsGC *AuthGCCfg `yaml:"agents_autodelete,omitempty"` } -func (c *Config) LoadDBConfig() error { +func (c *Config) LoadDBConfig(inCli bool) error { if c.DbConfig == nil { return fmt.Errorf("no database configuration provided") } @@ -77,10 +77,8 @@ func (c *Config) LoadDBConfig() error { c.DbConfig.DecisionBulkSize = maxDecisionBulkSize } - if c.DbConfig.Type == "sqlite" { - if c.DbConfig.UseWal == nil { - log.Warning("You are using sqlite without WAL, this can have a performance impact. If you do not store the database in a network share, set db_config.use_wal to true. Set explicitly to false to disable this warning.") - } + if !inCli && c.DbConfig.Type == "sqlite" && c.DbConfig.UseWal == nil { + log.Warning("You are using sqlite without WAL, this can have a performance impact. If you do not store the database in a network share, set db_config.use_wal to true. Set explicitly to false to disable this warning.") } return nil diff --git a/pkg/csconfig/database_test.go b/pkg/csconfig/database_test.go index 631e63ae2..a94602579 100644 --- a/pkg/csconfig/database_test.go +++ b/pkg/csconfig/database_test.go @@ -47,7 +47,7 @@ func TestLoadDBConfig(t *testing.T) { for _, tc := range tests { tc := tc t.Run(tc.name, func(t *testing.T) { - err := tc.input.LoadDBConfig() + err := tc.input.LoadDBConfig(false) cstest.RequireErrorContains(t, err, tc.expectedErr) if tc.expectedErr != "" { return