sysdiglabs
diff --git a/‎.github/ISSUE_TEMPLATE/bug_report.md
-33 b/‎.github/ISSUE_TEMPLATE/bug_report.md
-33
diff --git a/‎.github/ISSUE_TEMPLATE/config.yml
-1 b/‎.github/ISSUE_TEMPLATE/config.yml
-1
diff --git a/‎.github/ISSUE_TEMPLATE/question.md
-29 b/‎.github/ISSUE_TEMPLATE/question.md
-29
diff --git a/‎.github/workflows/codeql-analysis.yml
-52 b/‎.github/workflows/codeql-analysis.yml
-52
diff --git a/‎.github/workflows/image-builder-workflow.yaml
+31-8 b/‎.github/workflows/image-builder-workflow.yaml
+31-8
diff --git a/‎.github/workflows/release.yaml
+38 b/‎.github/workflows/release.yaml
+38
diff --git a/‎build/Jenkinsfile
+26-10 b/‎build/Jenkinsfile
+26-10
diff --git a/‎docker/Dockerfile
+41 b/‎docker/Dockerfile
+41
@@ -1,4 +1,4 @@
-name: buildandDeploy
+name: Build and scan
 
 # Controls when the action will run. Triggers the workflow on push or pull request
 # events but only for the master branch
@@ -11,7 +11,8 @@ jobs:
   # This workflow contains a single job called "build"
   build:
     env:
-      VERSION: "v1.24.0"
+      VERSION: latest
+      EXPORTER_NAME: redis-exporter
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
     steps:
@@ -27,15 +28,27 @@ jobs:
           registry: artifactory.internal.sysdig.com
           username: [email protected]
           password: ${{ secrets.ARTI_TOKEN }}
-      - name: Build docker image
+      - name: Increase version and build
         run: |
-          docker build -f ./docker/Dockerfile.amd64 -t temp-redis-exporter:latest .
-      
+          docker pull artifactory.internal.sysdig.com/$EXPORTER_NAME:$VERSION
+          export RELEASE=$(docker inspect --format '{{ index .Config.Labels "release" }}' artifactory.internal.sysdig.com/$EXPORTER_NAME:$VERSION)
+          docker build --label release=$RELEASE -f ./docker/Dockerfile -t $EXPORTER_NAME:$VERSION --target scratch .
+          docker build --label version=$RELEASE -f ./docker/Dockerfile -t $EXPORTER_NAME:$VERSION-ubi --target ubi .  
+
       - name: Scan local image
         id: scan-local
         uses: sysdiglabs/scan-action@v3
         with:
-          image-tag: "temp-redis-exporter:latest"
+          image-tag: "redis-exporter:latest"
+          sysdig-secure-token: ${{ secrets.SYSDIG_SECURE_TOKEN }}
+          ignore-failed-scan: true
+          input-type: docker-daemon
+          run-as-user: root
+      - name: Scan local image 2
+        id: scan-local2
+        uses: sysdiglabs/scan-action@v3
+        with:
+          image-tag: "redis-exporter:latest-ubi"
           sysdig-secure-token: ${{ secrets.SYSDIG_SECURE_TOKEN }}
           ignore-failed-scan: true
           input-type: docker-daemon
@@ -49,8 +62,18 @@ jobs:
 
       - name: Change the tag of the image
         run: |
-          docker tag temp-redis-exporter:latest artifactory.internal.sysdig.com/redis-exporter:$VERSION
+          docker tag $EXPORTER_NAME:$VERSION artifactory.internal.sysdig.com/$EXPORTER_NAME:$VERSION
+          docker tag $EXPORTER_NAME:$VERSION-ubi artifactory.internal.sysdig.com/$EXPORTER_NAME:$VERSION-ubi
 
       - name: Push the image
         run: |
-          docker push artifactory.internal.sysdig.com/redis-exporter:$VERSION
+          docker push artifactory.internal.sysdig.com/$EXPORTER_NAME:$VERSION
+          docker push artifactory.internal.sysdig.com/$EXPORTER_NAME:$VERSION-ubi
+
+      - name: Fake Upload master to Quay.io
+        uses: fjogeleit/http-request-action@master
+        with:
+          url: 'https://sysdig-jenkins.internal.sysdig.com/view/Integrations/job/integrations-redis-exporter/buildWithParameters?token=${{ secrets.JENKINS_PROMCAT_LAUNCH_TOKEN }}&EXPORTER=redis-exporter&DRY_RUN=true'
+          method: 'POST'
+          username: [email protected]
+          password: ${{ secrets.JENKINS_PROMCAT_API_TOKEN }}
@@ -0,0 +1,38 @@
+on:
+  release:
+    types: [released]
+name: Build, test and publish
+jobs:
+  buildDockerImage:
+    env:
+      EXPORTER_NAME: redis-exporter
+    name: Build docker image
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+    - name: Login to Artifactory
+      uses: docker/login-action@v1 
+      with:
+        registry: artifactory.internal.sysdig.com
+        username: [email protected]
+        password: ${{ secrets.ARTI_TOKEN }}
+    - name: Release if tagged
+      if: "!startswith(github.ref, 'refs/tags/v')"
+      run: exit 78
+    - name: Build image
+      run: |
+        docker build --label release=${{ github.event.release.tag_name }} -f ./docker/Dockerfile --target scratch -t artifactory.internal.sysdig.com/$EXPORTER_NAME:latest .
+        docker build --label release=${{ github.event.release.tag_name }} -f ./docker/Dockerfile --target ubi -t artifactory.internal.sysdig.com/$EXPORTER_NAME:${{ github.event.release.tag_name }}-ubi .
+    - name: Publish docker image
+      run: |
+        docker tag artifactory.internal.sysdig.com/$EXPORTER_NAME:latest artifactory.internal.sysdig.com/$EXPORTER_NAME:${{ github.event.release.tag_name }}
+        docker push artifactory.internal.sysdig.com/$EXPORTER_NAME:${{ github.event.release.tag_name }}
+        docker push artifactory.internal.sysdig.com/$EXPORTER_NAME:${{ github.event.release.tag_name }}-ubi
+        docker push artifactory.internal.sysdig.com/$EXPORTER_NAME:latest
+    - name: Upload master to Quay.io
+      uses: fjogeleit/http-request-action@master
+      with:
+        url: 'https://sysdig-jenkins.internal.sysdig.com/view/Integrations/job/integrations-redis-exporter/buildWithParameters?token=${{ secrets.JENKINS_PROMCAT_LAUNCH_TOKEN }}&EXPORTER=redis-exporter&DRY_RUN=false'
+        method: 'POST'
+        username: [email protected]
+        password: ${{ secrets.JENKINS_PROMCAT_API_TOKEN }}
@@ -1,40 +1,56 @@
+string projectName = "prometheus-integrations"
+
 pipeline {
-    agent {
-        label 'qa_terminating_j8'
-    }
+    agent none
+
 
     options {
-        disableConcurrentBuilds()
+        skipDefaultCheckout()
     }
 
     environment {
         registryCredential = 'jenkins-artifactory'
         ARTIFACTORY_URL = 'docker.internal.sysdig.com'
-        EXPORTER = 'redis-exporter'
-        VERSION = 'v1.24.0'
     }
 
+    parameters {
+        booleanParam(name: 'DRY_RUN', defaultValue: true, description: 'Perform a dry run (does not push images)')
+        string(name: 'EXPORTER', defaultValue: "exporter", description: 'Exporter name')
+    }
+    
     stages {
         stage('Pull image from artifactory') {
+            agent any
             steps {
                 script {
-                    docker.withRegistry("https://${env.ARTIFACTORY_URL}",  registryCredential) {                        
+                    docker.withRegistry("https://${env.ARTIFACTORY_URL}",  registryCredential) {        
+                        sh """docker pull ${env.ARTIFACTORY_URL}/${env.EXPORTER}:latest"""
+                        env.VERSION = sh(script:"""docker inspect --format '{{ index .Config.Labels "release" }}' ${env.ARTIFACTORY_URL}/${env.EXPORTER}:latest""", returnStdout: true).trim()
+                        echo "VERSION = ${env.VERSION}"
                         sh """docker pull ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION}"""
+                        sh """docker pull ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION}-ubi"""
                     }
                 }
             }
         }
         stage('Push image to Quay'){
+            agent any
             steps {
                 script {
+                    if (params.DRY_RUN) {
+                        echo "docker push quay.io/sysdig/${env.EXPORTER}:${env.VERSION}"
+                    } else {
                     docker.withRegistry("https://quay.io", "QUAY") {
-                        sh """docker tag ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION} quay.io/sysdig/${env.EXPORTER}:latest"""
                         sh """docker tag ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION} quay.io/sysdig/${env.EXPORTER}:${env.VERSION}"""
-                        sh """docker push quay.io/sysdig/${env.EXPORTER}:latest"""
+                        sh """docker tag ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION} quay.io/sysdig/${env.EXPORTER}:latest"""
+                        sh """docker tag ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION}-ubi quay.io/sysdig/${env.EXPORTER}:${env.VERSION}-ubi"""
                         sh """docker push quay.io/sysdig/${env.EXPORTER}:${env.VERSION}"""
+                        sh """docker push quay.io/sysdig/${env.EXPORTER}:latest"""
+                        sh """docker push quay.io/sysdig/${env.EXPORTER}:${env.VERSION}-ubi"""
+                        }
                     }
                 }
             }
         }
-    }
+    } //stages
 }
@@ -0,0 +1,41 @@
+FROM golang:1.16-alpine as builder
+WORKDIR /go/src/github.com/oliver006/redis_exporter/
+
+ADD .  /go/src/github.com/oliver006/redis_exporter/
+
+ARG GOARCH="amd64"
+ARG SHA1="[no-sha]"
+ARG TAG="[no-tag]"
+
+RUN apk --no-cache add ca-certificates
+RUN BUILD_DATE=$(date +%F-%T) && CGO_ENABLED=0 GOOS=linux GOARCH=$GOARCH go build -o /redis_exporter \
+    -ldflags  "-s -w -extldflags \"-static\" -X main.BuildVersion=$TAG -X main.BuildCommitSha=$SHA1 -X main.BuildDate=$BUILD_DATE" .
+
+RUN [ $GOARCH = "amd64" ]  && /redis_exporter -version || ls -la /redis_exporter
+
+#
+# scratch release container
+#
+FROM scratch as scratch
+
+COPY --from=builder /redis_exporter /redis_exporter
+COPY --from=builder /etc/ssl/certs /etc/ssl/certs
+COPY --from=builder /etc/nsswitch.conf /etc/nsswitch.conf
+
+# Run as non-root user for secure environments
+USER 59000:59000
+
+EXPOSE     9121
+ENTRYPOINT [ "/redis_exporter" ]
+
+FROM quay.io/sysdig/sysdig-mini-ubi:1.1.10 as ubi
+
+COPY --from=builder /redis_exporter /redis_exporter
+COPY --from=builder /etc/ssl/certs /etc/ssl/certs
+COPY --from=builder /etc/nsswitch.conf /etc/nsswitch.conf
+
+# Run as non-root user for secure environments
+USER 59000:59000
+
+EXPOSE     9121
+ENTRYPOINT [ "/redis_exporter" ]