devcontributeatgithub
diff --git a/‎.github/workflows/build-fd-image.yaml
Lines changed: 0 additions & 415 deletions b/‎.github/workflows/build-fd-image.yaml
Lines changed: 0 additions & 415 deletions
diff --git a/‎.github/workflows/build-fluentd-image.yaml
Lines changed: 168 additions & 0 deletions b/‎.github/workflows/build-fluentd-image.yaml
Lines changed: 168 additions & 0 deletions
diff --git a/‎RELEASE.md
Lines changed: 12 additions & 23 deletions b/‎RELEASE.md
Lines changed: 12 additions & 23 deletions
diff --git a/‎cmd/fluent-watcher/README.md
Lines changed: 1 addition & 1 deletion b/‎cmd/fluent-watcher/README.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎cmd/fluent-watcher/fluentd/Dockerfile
Lines changed: 52 additions & 0 deletions b/‎cmd/fluent-watcher/fluentd/Dockerfile
Lines changed: 52 additions & 0 deletions
diff --git a/‎cmd/fluent-watcher/fluentd/Dockerfile.amd64
Lines changed: 0 additions & 85 deletions b/‎cmd/fluent-watcher/fluentd/Dockerfile.amd64
Lines changed: 0 additions & 85 deletions
@@ -0,0 +1,168 @@
+name: Publish Fluentd image 
+
+on:
+  workflow_dispatch:
+
+env:
+  GHCR_REPO: 'ghcr.io/${{ github.repository }}/fluentd'
+  DOCKERHUB_REPO: 'kubesphere/fluentd'
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  get-version:
+    name: Fetch fluentd version 
+    runs-on: ubuntu-latest
+    outputs:
+      VERSION: ${{ steps.get-version.outputs.VERSION }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref }}
+      
+      - name: Read fluentd version from VERSION file
+        id: get-version
+        run: |
+          VERSION=$(cat cmd/fluent-watcher/fluentd/VERSION)
+          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
+
+  determine-tags: 
+    needs: [get-version]
+    runs-on: ubuntu-latest
+    name: Determine image tags
+    outputs:
+      IMAGE_BASE_TAG: ${{ steps.determine-tags.outputs.IMAGE_BASE_TAG }}
+      IMAGE_MAJOR_MINOR: ${{ steps.determine-tags.outputs.IMAGE_MAJOR_MINOR }}
+
+    steps:
+      - name: Determine image version tag
+        id: determine-tags
+        run: |
+          VERSION=${{ needs.get-version.outputs.VERSION }}
+          VERSION_WITHOUT_V=${VERSION#v}
+          MAJOR_MINOR=$(echo $VERSION_WITHOUT_V | cut -d. -f1-2)
+
+          if skopeo inspect docker://${{ env.GHCR_REPO }}:${VERSION}; then
+            echo "${VERSION} tag already exists, assuming we're building a patch release!"
+            LATEST_PATCH_VERSION=$(skopeo list-tags docker://${{ env.GHCR_REPO }} | grep -E "${VERSION}-[0-9]+" | sort | uniq | tail -1 | tr -d \" | cut -d'-' -f2 | tr -d ',')
+            NEW_PATCH_VERSION=$((LATEST_PATCH_VERSION + 1))
+            IMAGE_BASE_TAG="${VERSION}-${NEW_PATCH_VERSION}"
+            echo "Building patch release ${IMAGE_BASE_TAG}!"
+          else
+            echo "${VERSION} tag does not exist, assuming we're building a new release!"
+            IMAGE_BASE_TAG="${VERSION}"
+          fi
+  
+          echo "IMAGE_BASE_TAG=$IMAGE_BASE_TAG" >> $GITHUB_OUTPUT
+          echo "IMAGE_MAJOR_MINOR=$MAJOR_MINOR" >> $GITHUB_OUTPUT
+
+  build:
+    name: Build/push image (${{ matrix.platform }})
+    runs-on: ${{ matrix.runs-on }}
+    needs: [get-version,determine-tags]
+    permissions:
+      actions: read
+      packages: write
+    outputs:
+      digest_amd64: ${{ steps.output-digests.outputs.amd64 }}
+      digest_arm64: ${{ steps.output-digests.outputs.arm64 }}
+      tags: ${{ steps.image-metadata.outputs.tags }}
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+        include:
+          - runs-on: ubuntu-latest
+          - runs-on: ubuntu-24.04-arm # Builds arm64 on arm64 hosts 
+            platform: linux/arm64
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+    
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: docker.io
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Configure image tags 
+        id: image-metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.GHCR_REPO }}
+            ${{ env.DOCKERHUB_REPO }}
+          flavor:
+            latest=false
+          tags: |
+            type=raw,value=latest
+            type=raw,value=${{ needs.determine-tags.outputs.IMAGE_BASE_TAG }}
+            type=raw,value=v${{ needs.determine-tags.outputs.IMAGE_BASE_TAG }}
+            type=raw,value=${{ needs.determine-tags.outputs.IMAGE_MAJOR_MINOR }}
+            type=raw,value=v${{ needs.determine-tags.outputs.IMAGE_MAJOR_MINOR }}
+
+      - name: Build and push image
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: cmd/fluent-watcher/fluentd/Dockerfile
+          platforms: ${{ matrix.platform }}
+          labels: ${{ steps.image-metadata.outputs.labels }}
+          provenance: false
+          build-args:
+            FLUENTD_BASE_VERSION=${{ needs.get-version.outputs.VERSION }}
+          outputs: type=image,"name=${{ env.GHCR_REPO }},${{ env.DOCKERHUB_REPO }}",push-by-digest=true,name-canonical=true,push=true
+
+      - name: Output image digests
+        id: output-digests
+        run: |
+          platform="${{ matrix.platform }}"
+          # Convert "linux/amd64" to just amd64 for the output variable name
+          arch=${platform#linux/}
+          echo "${arch}=${{ steps.build.outputs.digest }}" >> $GITHUB_OUTPUT
+
+  manifest:
+    name: Publish image manifest
+    runs-on: ubuntu-latest
+    needs: [build, determine-tags]
+    steps:
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: docker.io
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Create image manifest
+        uses: int128/docker-manifest-create-action@v2
+        with:
+          push: true
+          tags: ${{ needs.build.outputs.tags }} # Includes GHCR and Docker Hub 
+          sources: | 
+            ${{ env.GHCR_REPO }}@${{ needs.build.outputs.digest_amd64 }}
+            ${{ env.GHCR_REPO }}@${{ needs.build.outputs.digest_arm64 }}
@@ -128,33 +128,22 @@ This repo includes a "development" chart in the [charts/](./charts/fluent-operat
 - Bump `version` and `appVersion` in the [charts/fluet-operator/Chart.yaml](./charts/fluent-operator/Chart.yaml) file in this repo
 - Manually "sync" (copy, open a PR) the local [chart](./charts/fluent-operator) to [fluent/helm-charts](https://github.com/fluent/helm-charts/tree/main/charts/fluent-operator/)
 
-# Automations
+# Fluentd/Fluent-bit Images
 
-## Bump fluent-bit version
+Fluent Operator uses [custom builds](./cmd/fluent-watcher/README.md) of both Fluentd and Fluent-bit.  These images can (and often should be) be published out-of-band of Fluent Operator releases.
 
-To bump the fluent-bit version, you can run the [pipeline](https://github.com/fluent/fluent-operator/actions/workflows/bump-fluent-bit-version.yaml), by simply providing a x.y.z version number. You can check the [fluent-bit releases](https://github.com/fluent/fluent-bit/releases) to get the version number.
+## Fluent-bit 
 
-Or you can run the following command. Note that we need to remove the leading 'v'.
+To publish a new fluent-bit image:
 
-```bash
-curl --silent "https://api.github.com/repos/fluent/fluent-bit/releases/latest" |
-grep '"tag_name":' |
-sed -E 's/.*"([^"]+)".*/\1/'
-```
-
-The pipeline will use sed to replace the outdated fluent-bit version with the wanted one. A list of files can be found below:
-
-- cmd/fluent-watcher/fluentbit/VERSION
-- config/samples/fluentbit_v1alpha2_fluentbit.yaml
-- docs/best-practice/forwarding-logs-via-http/deploy/fluentbit-fluentBit.yaml
-- manifests/kubeedge/fluentbit-fluentbit-edge.yaml
-- manifests/logging-stack/fluentbit-fluentBit.yaml
-- manifests/quick-start/fluentbit.yaml
-- manifests/regex-parser/fluentbit-fluentBit.yaml
-- charts/fluent-operator/values.yaml
+* Execute the [bump-fluent-bit-version](https://github.com/fluent/fluent-operator/actions/workflows/bump-fluent-bit-version.yaml) workflow dispatch to generate a PR to update fluent-bit version references in this repo 
+* Merge the PR generated by the [bump-fluent-bit-version](https://github.com/fluent/fluent-operator/actions/workflows/bump-fluent-bit-version.yaml) workflow
+* Execute the [build-fb-image](https://github.com/fluent/fluent-operator/actions/workflows/build-fb-image.yaml) workflow dispatch to build and publish the new image 
 
-After the pipeline finishes, we just need to review and merge the pull requests.
+## Fluentd
 
-## Build the fluent-watcher image for fluent-bit
+To publish a new fluentd image:
 
-This [pipeline](https://github.com/fluent/fluent-operator/actions/workflows/build-fb-image.yaml) is used to build the image. It will read the version number from `cmd/fluent-watcher/fluentbit/VERSION`, which can be update automatically via the [pipeline](#bump-fluent-bit-version).
+* Open a PR to update all references of the image/tag in this repo with the new image tag (TODO: automate this like the fluent-bit release process) including the `cmd/fluent-watcher/fluentd/VERSION` file
+* Merge the PR
+* Execute the [publish-fluentd-image](https://github.com/fluent/fluent-operator/actions/workflows/publish-fluentd-image.yaml) workflow dispatch to build and publish the new image 
@@ -14,6 +14,6 @@ We strive to never overwrite existing image tags (eg, `ghcr.io/fluent/fluent-ope
 
 ## Building
 
-As a maintainer, to build the `ghcr.io/fluent/fluent-operator/fluent-bit` and `ghcr.io/fluent/fluent-operator/fluentd` images, you can run the "Build Fluent Bit image" or "Build Fluentd image" Github Action workflows in the "Actions" tab of this repository.
+As a maintainer, to build the `ghcr.io/fluent/fluent-operator/fluent-bit` and `ghcr.io/fluent/fluent-operator/fluentd` images, you can run the "Build Fluent Bit image" or "Publish Fluentd image" Github Action workflows in the "Actions" tab of this repository.
 
 Always specify the upstream Fluent Bit version (eg, `3.1.2`, `3.1.3`, etc) when running this workflow.  If the CI workflow detects that an image tag already exists for the version specified, it will assume that a patch release needs to be built and will automatically add a patch version to the image tag (eg, `3.1.2-1`, `3.1.2-2`, etc).
@@ -0,0 +1,52 @@
+ARG FLUENTD_BASE_VERSION
+FROM golang:1.24.0 as builder
+
+RUN mkdir -p /fluentd
+RUN mkdir -p /code
+COPY . /code/
+WORKDIR /code
+RUN echo $(ls -al /code)
+RUN CGO_ENABLED=0 go build -ldflags '-w -s' -o /fluentd/fluentd-watcher /code/cmd/fluent-watcher/fluentd/main.go
+
+# See https://github.com/fluent/fluentd-docker-image/issues/425
+FROM fluent/fluentd:v${FLUENTD_BASE_VERSION}-debian-1.0
+
+LABEL org.opencontainers.image.description "A Fluentd image for use with fluent-operator"
+
+USER root
+
+RUN buildDeps="make gcc g++ libc-dev" \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends $buildDeps \
+ && gem install \
+        fluent-plugin-s3 \
+        fluent-plugin-grok-parser \
+        fluent-plugin-rewrite-tag-filter \
+        fluent-plugin-oss \
+        fluent-plugin-dedot_filter \
+        fluent-plugin-sumologic_output \
+        fluent-plugin-kafka \
+        fluent-plugin-label-router \
+        fluent-plugin-record-modifier \
+        fluent-plugin-multi-format-parser \
+        fluent-plugin-aws-elasticsearch-service \
+        fluent-plugin-opensearch \
+        fluent-plugin-grafana-loki \
+        fluent-plugin-cloudwatch-logs \
+        fluent-plugin-datadog \
+        fluent-plugin-prometheus \
+ && gem sources --clear-all \
+ && apt-get purge -y --auto-remove \
+                  -o APT::AutoRemove::RecommendsImportant=false \
+                  $buildDeps \
+ && rm -rf /var/lib/apt/lists/* \
+ && rm -rf /tmp/* /var/tmp/* /usr/lib/ruby/gems/*/cache/*.gem
+
+ COPY ./cmd/fluent-watcher/fluentd/etc/fluent.conf /fluentd/etc/
+ COPY ./cmd/fluent-watcher/fluentd/etc/app.conf /fluentd/etc/
+ 
+ COPY --from=builder /fluentd/fluentd-watcher /fluentd/bin/fluentd-watcher
+
+ USER fluent
+
+ ENTRYPOINT ["/fluentd/bin/fluentd-watcher"]