feat(agentless): add agentless build to agent build workflow (#9)

* feat(agentless): add agentless build to agent build workflow

* fix: remove typo

---------

Co-authored-by: Michael Skalka <mskalka@nvidia.com>

Author: mskalka

.github/workflows/build_agent_container.yaml

@@ -5,7 +5,6 @@ on:
   push:
     branches: 
       - main
-      - docker_ci
     paths:
       - agent/**
       - .github/workflows/build_agent_container.yaml
@@ -18,10 +17,11 @@ on:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
+  DOCKER_CMD: docker
 
 # There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
 jobs:
-  build-and-push-image:
+  build-and-push-agent:
     runs-on: ubuntu-latest
     # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
     permissions:
@@ -33,7 +33,7 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
-      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      # Uses the `docker/login-action` action to log in to the Container registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
       - name: Log in to the Container registry
         uses: docker/login-action@v3
         with:
@@ -72,3 +72,52 @@ jobs:
           subject-digest: ${{ steps.build.outputs.digest }}
           push-to-registry: true
 
+  build-and-publish-agentless:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      # Uses the `docker/login-action` action to log in to the Container registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      
+      # Setup for multi-platform
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build the agent container image
+        id: build
+        run: |
+          source ./containers/agentless/versions.sh
+          cd agent
+          export TAGS=()
+          for version in $TEST_VERSIONS; do
+            TAGS+="-t ${{ env.REGISTRY }}/${{env.IMAGE_NAME}}/agentless:$version "
+          done
+
+          docker buildx build --push --platform linux/amd64,linux/arm64 $TAGS --metadata-file=metadata.json -f ../containers/agentless/Dockerfile ../containers/agentless
+
+          cat metadata.json
+          echo "digest=$(cat metadata.json | jq -r .\"containerimage.digest\")" >> $GITHUB_OUTPUT
+          cat $GITHUB_OUTPUT
+      
+      # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see [AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds). 
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{env.IMAGE_NAME}}/agentless
+          subject-digest: ${{ steps.build.outputs.digest }}
+          push-to-registry: true

.vscode/launch.json

@@ -17,12 +17,12 @@
                 "LOG_LEVEL": "info",
                 "REAPPLY_ON_REBOOT": "false",
                 // "AGENT_IMAGE": "nvcr.io/nvidian/swgpu-baseos/skyhook-agent:25.01.02-233800-38d9732d", 
-                "AGENT_IMAGE": "nvcr.io/nvidian/swgpu-baseos/agentless-test:6.2.0", // this is the mock image, if you need to test for real, use the real image.
+                "AGENT_IMAGE": "ghcr.io/nvidia/skyhook/agentless:6.2.0", // this is the mock image, if you need to test for real, use the real image.
                 // "COPY_DIR_ROOT": "/var/lib/google/skyhook"
             },
             "args": [],
             "showLog": true
-        },   
+        },
         {
             "name": "Test Current File",
             "type": "go",
@@ -32,6 +32,6 @@
             "env": {},
             "args": [],
             "showLog": true
-        }   
+        }
     ]
 }

k8s-tests/chainsaw/skyhook/config-skyhook/assert-update-no-interrupt.yaml

@@ -11,21 +11,21 @@ metadata:
         "baxter|3.2.1": {
             "name": "baxter",
             "version": "3.2.1",
-            "image": "nvcr.io/nvidian/swgpu-baseos/agentless-test",
+            "image": "ghcr.io/nvidia/skyhook/agentless",
             "stage": "config",
             "state": "complete"
         },
         "dexter|1.2.3": {
             "name": "dexter",
             "version": "1.2.3",
-            "image": "nvcr.io/nvidian/swgpu-baseos/agentless-test",
+            "image": "ghcr.io/nvidia/skyhook/agentless",
             "stage": "config",
             "state": "complete"
         },
         "spencer|3.2.3": {
             "name": "spencer",
             "version": "3.2.3",
-            "image": "nvcr.io/nvidian/swgpu-baseos/agentless-test",
+            "image": "ghcr.io/nvidia/skyhook/agentless",
             "stage": "post-interrupt",
             "state": "complete"
         }
@@ -53,19 +53,19 @@ status:
           state: complete
           version: '1.2.3'
           stage: config
-          image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+          image: ghcr.io/nvidia/skyhook/agentless
         baxter|3.2.1:
           name: baxter
           state: complete
           version: '3.2.1'
           stage: config
-          image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+          image: ghcr.io/nvidia/skyhook/agentless
         spencer|3.2.3:
           name: spencer
           state: complete
           version: '3.2.3'
           stage: post-interrupt
-          image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+          image: ghcr.io/nvidia/skyhook/agentless
   nodeStatus:
    # grab values should be one and is complete
     (values(@)):

k8s-tests/chainsaw/skyhook/config-skyhook/assert-update-while-running.yaml

@@ -11,21 +11,21 @@ metadata:
         "baxter|3.2.1": {
             "name": "baxter",
             "version": "3.2.1",
-            "image": "nvcr.io/nvidian/swgpu-baseos/agentless-test",
+            "image": "ghcr.io/nvidia/skyhook/agentless",
             "stage": "post-interrupt",
             "state": "complete"
         },
         "dexter|1.2.3": {
             "name": "dexter",
             "version": "1.2.3",
-            "image": "nvcr.io/nvidian/swgpu-baseos/agentless-test",
+            "image": "ghcr.io/nvidia/skyhook/agentless",
             "stage": "post-interrupt",
             "state": "complete"
         },
         "spencer|3.2.3": {
             "name": "spencer",
             "version": "3.2.3",
-            "image": "nvcr.io/nvidian/swgpu-baseos/agentless-test",
+            "image": "ghcr.io/nvidia/skyhook/agentless",
             "stage": "post-interrupt",
             "state": "complete"
         }
@@ -53,19 +53,19 @@ status:
           state: complete
           version: '1.2.3'
           stage: post-interrupt
-          image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+          image: ghcr.io/nvidia/skyhook/agentless
         baxter|3.2.1:
           name: baxter
           state: complete
           version: '3.2.1'
           stage: post-interrupt
-          image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+          image: ghcr.io/nvidia/skyhook/agentless
         spencer|3.2.3:
           name: spencer
           state: complete
           version: '3.2.3'
           stage: post-interrupt
-          image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+          image: ghcr.io/nvidia/skyhook/agentless
   nodeStatus:
    # grab values should be one and is complete
     (values(@)):

k8s-tests/chainsaw/skyhook/config-skyhook/assert-update.yaml

@@ -11,21 +11,21 @@ metadata:
         "baxter|3.2.1": {
             "name": "baxter",
             "version": "3.2.1",
-            "image": "nvcr.io/nvidian/swgpu-baseos/agentless-test",
+            "image": "ghcr.io/nvidia/skyhook/agentless",
             "stage": "post-interrupt",
             "state": "complete"
         },
         "dexter|1.2.3": {
             "name": "dexter",
             "version": "1.2.3",
-            "image": "nvcr.io/nvidian/swgpu-baseos/agentless-test",
+            "image": "ghcr.io/nvidia/skyhook/agentless",
             "stage": "post-interrupt",
             "state": "complete"
         },
         "spencer|3.2.3": {
             "name": "spencer",
             "version": "3.2.3",
-            "image": "nvcr.io/nvidian/swgpu-baseos/agentless-test",
+            "image": "ghcr.io/nvidia/skyhook/agentless",
             "stage": "post-interrupt",
             "state": "complete"
         }
@@ -53,19 +53,19 @@ status:
           state: complete
           version: '1.2.3'
           stage: post-interrupt
-          image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+          image: ghcr.io/nvidia/skyhook/agentless
         baxter|3.2.1:
           name: baxter
           state: complete
           version: '3.2.1'
           stage: post-interrupt
-          image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+          image: ghcr.io/nvidia/skyhook/agentless
         spencer|3.2.3:
           name: spencer
           state: complete
           version: '3.2.3'
           stage: post-interrupt
-          image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+          image: ghcr.io/nvidia/skyhook/agentless
   nodeStatus:
    # grab values should be one and is complete
     (values(@)):

k8s-tests/chainsaw/skyhook/config-skyhook/assert.yaml

@@ -10,21 +10,21 @@ metadata:
         "baxter|3.2.1": {
             "name": "baxter",
             "version": "3.2.1",
-            "image": "nvcr.io/nvidian/swgpu-baseos/agentless-test",
+            "image": "ghcr.io/nvidia/skyhook/agentless",
             "stage": "apply",
             "state": "in_progress"
         },
         "dexter|1.2.3": {
             "name": "dexter",
             "version": "1.2.3",
-            "image": "nvcr.io/nvidian/swgpu-baseos/agentless-test",
+            "image": "ghcr.io/nvidia/skyhook/agentless",
             "stage": "apply",
             "state": "in_progress"
         },
         "spencer|3.2.3": {
             "name": "spencer",
             "version": "3.2.3",
-            "image": "nvcr.io/nvidian/swgpu-baseos/agentless-test",
+            "image": "ghcr.io/nvidia/skyhook/agentless",
             "stage": "apply",
             "state": "in_progress"
         }
@@ -51,19 +51,19 @@ status:
           state: in_progress
           version: '1.2.3'
           stage: apply
-          image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+          image: ghcr.io/nvidia/skyhook/agentless
         baxter|3.2.1:
           name: baxter
           state: in_progress
           version: '3.2.1'
           stage: apply
-          image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+          image: ghcr.io/nvidia/skyhook/agentless
         spencer|3.2.3:
           name: spencer
           state: in_progress
           version: '3.2.3'
           stage: apply
-          image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+          image: ghcr.io/nvidia/skyhook/agentless
   nodeStatus:
    # grab values should be one and is complete
     (values(@)):

k8s-tests/chainsaw/skyhook/config-skyhook/skyhook.yaml

@@ -14,13 +14,13 @@ spec:
   packages:
     spencer:
       version: "3.2.3"
-      image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+      image: ghcr.io/nvidia/skyhook/agentless
       interrupt: 
         type: service
         services: [cron]
     dexter:
       version: "1.2.3"
-      image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+      image: ghcr.io/nvidia/skyhook/agentless
       interrupt:
         type: reboot
       configInterrupts:
@@ -40,7 +40,7 @@ spec:
           how.nice.to.look=fairlyNice
     baxter:
       version: "3.2.1"
-      image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+      image: ghcr.io/nvidia/skyhook/agentless
       configInterrupts:
         game.properties:
           type: service

k8s-tests/chainsaw/skyhook/config-skyhook/update-no-interrupt.yaml

@@ -14,13 +14,13 @@ spec:
   packages:
     spencer:
       version: "3.2.3"
-      image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+      image: ghcr.io/nvidia/skyhook/agentless
       interrupt: 
         type: service
         services: [cron]
     dexter:
       version: "1.2.3"
-      image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+      image: ghcr.io/nvidia/skyhook/agentless
       interrupt:
         type: reboot
       configInterrupts:
@@ -34,7 +34,7 @@ spec:
           changed
     baxter:
       version: "3.2.1"
-      image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+      image: ghcr.io/nvidia/skyhook/agentless
       configInterrupts:
         game.properties:
           type: service

k8s-tests/chainsaw/skyhook/config-skyhook/update-while-running.yaml

@@ -14,13 +14,13 @@ spec:
   packages:
     spencer:
       version: "3.2.3"
-      image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+      image: ghcr.io/nvidia/skyhook/agentless
       interrupt: 
         type: service
         services: [cron]
     dexter:
       version: "1.2.3"
-      image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+      image: ghcr.io/nvidia/skyhook/agentless
       interrupt:
         type: reboot
       configInterrupts:
@@ -40,7 +40,7 @@ spec:
           how.nice.to.look=fairlyNice
     baxter:
       version: "3.2.1"
-      image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+      image: ghcr.io/nvidia/skyhook/agentless
       configInterrupts:
         game.properties:
           type: service

k8s-tests/chainsaw/skyhook/config-skyhook/update.yaml

@@ -14,13 +14,13 @@ spec:
   packages:
     spencer:
       version: "3.2.3"
-      image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+      image: ghcr.io/nvidia/skyhook/agentless
       interrupt: 
         type: service
         services: [cron]
     dexter:
       version: "1.2.3"
-      image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+      image: ghcr.io/nvidia/skyhook/agentless
       interrupt:
         type: reboot
       configInterrupts:
@@ -37,7 +37,7 @@ spec:
           how.nice.to.look=fairlyNice
     baxter:
       version: "3.2.1"
-      image: nvcr.io/nvidian/swgpu-baseos/agentless-test
+      image: ghcr.io/nvidia/skyhook/agentless
       configInterrupts:
         game.properties:
           type: service