build multi platform images (#19) #35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Container Images | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| # supports manualy running a workflow | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - image: microsoft/defender-for-cloud/attacksimulation/victim | |
| dockerpath: Images/victim | |
| - image: microsoft/defender-for-cloud/attacksimulation/attacker | |
| dockerpath: Images/attacker | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: copy Notice file | |
| run: cp NOTICE ${{ matrix.dockerpath }}/NOTICE | |
| # configures QEMU emulation for the Arm portion of our multi-platform Docker image build. | |
| # This is required for multi-platform Docker image builds in GitHub Actions, as the hosted runners are Intel machines. | |
| - uses: docker/setup-qemu-action@v3 | |
| # configures buildx for the workflow. It's required for multi-platform Docker image builds in GitHub Actions | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ matrix.image }} | |
| tags: | | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Login to ${{ env.REGISTRY }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push Docker image | |
| id: build-and-push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ${{ matrix.dockerpath }} | |
| file: ${{ matrix.dockerpath }}/Dockerfile | |
| push: ${{ github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64 | |
| helm: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Helm | |
| uses: azure/[email protected] | |
| with: | |
| version: v3.15.0 | |
| - name: Login to ${{ env.REGISTRY }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Package and push Helm chart | |
| run: | | |
| helm package ./charts/mdc-simulation -d charts | |
| chart_version=$(helm show chart ./charts/mdc-simulation | grep '^version:' | awk '{print $2}') | |
| helm push ./charts/mdc-simulation-$chart_version.tgz oci://${{ env.REGISTRY }}/microsoft/defender-for-cloud/attacksimulation | |