tetragon: Add docs for data and matchData spec #13784
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Image CI Build | |
| on: | |
| pull_request_target: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| paths-ignore: | |
| - 'docs/**' | |
| push: | |
| branches: | |
| - main | |
| - test* | |
| paths-ignore: | |
| - 'docs/**' | |
| # Since this workflow can execute on pull_request_target, drop all the | |
| # permissions of the GITHUB_TOKEN except `contents: read` for access to the repo | |
| # with the actions/checkout action. | |
| permissions: | |
| contents: read | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| tag: ${{ steps.tag.outputs.tag }} | |
| strategy: | |
| matrix: | |
| include: | |
| - name: tetragon | |
| dockerfile: ./Dockerfile | |
| - name: tetragon-operator | |
| dockerfile: ./Dockerfile.operator | |
| - name: tetragon-rthooks | |
| dockerfile: ./Dockerfile.rthooks | |
| env: | |
| IMAGE: quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci | |
| steps: | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 | |
| with: | |
| platforms: arm64 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - name: Getting image tag | |
| id: tag | |
| env: | |
| HEAD_SHA: ${{ github.event.pull_request.head.sha }} | |
| SHA: ${{ github.sha }} | |
| EVENT_NAME: ${{ github.event_name }} | |
| REF_NAME: ${{ github.ref_name }} | |
| run: | | |
| echo "tag=${HEAD_SHA:-$SHA}" | tee -a $GITHUB_OUTPUT | |
| if [ "$EVENT_NAME" == "push" ]; then | |
| echo "name=$( [ "$REF_NAME" == "main" ] && echo "latest" || echo "$REF_NAME" )" | tee -a $GITHUB_OUTPUT | |
| fi | |
| - name: Checkout main branch | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ github.event.repository.default_branch }} | |
| fetch-depth: 0 | |
| # Install Go after checkout for caching mechanism to work | |
| - name: Install Go | |
| uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 | |
| with: | |
| # renovate: datasource=golang-version depName=go | |
| go-version: '1.25.1' | |
| # Warning: this must run before checking out the untrusted code | |
| - name: Get version | |
| run: echo "TETRAGON_VERSION=$(make version)" >> $GITHUB_ENV | |
| # Warning: since this is a privileged workflow, subsequent workflow job | |
| # steps must take care not to execute untrusted code. | |
| - name: Checkout pull request branch (NOT TRUSTED) | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ steps.tag.outputs.tag }} | |
| fetch-depth: 0 | |
| - name: Login to quay.io for CI | |
| uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.QUAY_USERNAME_CI }} | |
| password: ${{ secrets.QUAY_PASSWORD_CI }} | |
| # main branch pushes | |
| - name: CI Build (main) | |
| if: ${{ github.event_name == 'push' }} | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| id: docker_build_ci_main | |
| with: | |
| provenance: false | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| build-args: | | |
| TETRAGON_VERSION=${{ env.TETRAGON_VERSION }} | |
| tags: | | |
| ${{ env.IMAGE }}:${{ steps.tag.outputs.tag }} | |
| ${{ env.IMAGE }}:${{ steps.tag.outputs.name }} | |
| - name: CI Image Releases digests (main) | |
| if: github.event_name == 'push' | |
| run: | | |
| echo "| Info | Value |" >> $GITHUB_STEP_SUMMARY | |
| echo "| --- | --- |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Image** | \`$IMAGE\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Tag** | \`${{ steps.tag.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **SHA256** | \`${{ steps.docker_build_ci_main.outputs.digest }}\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Pull by tag** | \`$IMAGE:${{ steps.tag.outputs.tag }}\`|" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Pull by digest** | \`$IMAGE@${{ steps.docker_build_ci_main.outputs.digest }}\` |" >> $GITHUB_STEP_SUMMARY | |
| # PR updates | |
| - name: CI Build (PR) | |
| if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| id: docker_build_ci_pr | |
| with: | |
| provenance: false | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| build-args: | | |
| TETRAGON_VERSION=${{ env.TETRAGON_VERSION }} | |
| tags: | | |
| ${{ env.IMAGE }}:${{ steps.tag.outputs.tag }} | |
| - name: CI Image Releases digests (PR) | |
| if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' | |
| run: | | |
| echo "| Info | Value |" >> $GITHUB_STEP_SUMMARY | |
| echo "| --- | --- |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Image** | \`$IMAGE\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Tag** | \`${{ steps.tag.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **SHA256** | \`${{ steps.docker_build_ci_pr.outputs.digest }}\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Pull by tag** | \`$IMAGE:${{ steps.tag.outputs.tag }}\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Pull by digest** | \`$IMAGE@${{ steps.docker_build_ci_pr.outputs.digest }}\` |" >> $GITHUB_STEP_SUMMARY | |
| helm-chart: | |
| if: ${{ success() }} | |
| name: Push OCI Helm Chart | |
| runs-on: ubuntu-24.04 | |
| needs: build-and-push | |
| steps: | |
| - name: Checkout Source Code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| ref: ${{ needs.build-and-push.outputs.tag }} | |
| submodules: true | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - name: Get chart version | |
| id: version | |
| run: | | |
| echo "chart_version=$(make chart-version)" >> $GITHUB_OUTPUT | |
| - name: Push OCI Helm dev chart | |
| uses: cilium/reusable-workflows/.github/actions/push-helm-chart@6ae27958f2f37545bf48e44106b73df05b1f6d12 # v0.1.0 | |
| with: | |
| name: tetragon | |
| path: install/kubernetes/tetragon | |
| version: ${{ steps.version.outputs.chart_version }} | |
| values_file_changes: | | |
| { | |
| "tetragon.image.repository": "quay.io/cilium/tetragon-ci", | |
| "tetragon.image.tag": "${{ needs.build-and-push.outputs.tag }}", | |
| "tetragonOperator.image.repository": "quay.io/cilium/tetragon-operator-ci", | |
| "tetragonOperator.image.tag": "${{ needs.build-and-push.outputs.tag }}", | |
| } | |
| registry: quay.io | |
| registry_namespace: cilium-charts-dev | |
| registry_username: ${{ secrets.QUAY_CHARTS_DEV_USERNAME }} | |
| registry_password: ${{ secrets.QUAY_CHARTS_DEV_PASSWORD }} | |
| - name: Print helm command | |
| run: | | |
| echo "Example commands:" | |
| echo helm template -n tetragon oci://quay.io/cilium-charts-dev/tetragon --version ${{ steps.version.outputs.chart_version }} | |
| echo helm upgrade --install tetragon -n tetragon oci://quay.io/cilium-charts-dev/tetragon --version ${{ steps.version.outputs.chart_version }} |