github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-30 16:42:14 +00:00
Code Issues Projects Releases Wiki Activity

refactor(ci): Avoid using command make directly

Browse Source 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
This commit is contained in:
Federico Aponte 2024-02-20 09:17:00 +01:00 committed by poiana
parent a5297c4f29
commit 3954ff233b
5 changed files with 64 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/codeql.yaml vendored
View File

@ -60,16 +60,11 @@ jobs:
- name: Prepare project - name: Prepare project
run: | run: |
mkdir build cmake -B build -S . -DBUILD_BPF=On -DUSE_BUNDLED_DEPS=Off -DUSE_BUNDLED_NLOHMANN_JSON=On -DUSE_BUNDLED_CXXOPTS=On -DUSE_BUNDLED_CPPHTTPLIB=On
pushd build
cmake -DBUILD_BPF=On -DUSE_BUNDLED_DEPS=Off -DUSE_BUNDLED_NLOHMANN_JSON=On -DUSE_BUNDLED_CXXOPTS=On -DUSE_BUNDLED_CPPHTTPLIB=On ..
popd
- name: Build - name: Build
run: | run: |
pushd build KERNELDIR=/lib/modules/$(uname -r)/build cmake --build build -j4
KERNELDIR=/lib/modules/$(uname -r)/build make -j4 all
popd
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5

10
.github/workflows/reusable_build_dev.yaml vendored
View File

@ -53,9 +53,7 @@ jobs:
- name: Prepare project - name: Prepare project
run: | run: |
mkdir build cmake -B build -S .\
pushd build
cmake \
-DBUILD_FALCO_UNIT_TESTS=On \ -DBUILD_FALCO_UNIT_TESTS=On \
-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} \ -DCMAKE_BUILD_TYPE=${{ inputs.build_type }} \
-DBUILD_BPF=${{ inputs.minimal == true && 'OFF' || 'ON' }} \ -DBUILD_BPF=${{ inputs.minimal == true && 'OFF' || 'ON' }} \
@ -65,14 +63,10 @@ jobs:
-DUSE_BUNDLED_NLOHMANN_JSON=On \ -DUSE_BUNDLED_NLOHMANN_JSON=On \
-DUSE_BUNDLED_CXXOPTS=On \ -DUSE_BUNDLED_CXXOPTS=On \
-DUSE_BUNDLED_CPPHTTPLIB=On \ -DUSE_BUNDLED_CPPHTTPLIB=On \
..
popd
- name: Build - name: Build
run: | run: |
pushd build KERNELDIR=/lib/modules/$(uname -r)/build cmake --build build -j4
KERNELDIR=/lib/modules/$(uname -r)/build make -j4 all
popd
- name: Run unit tests - name: Run unit tests
run: | run: |

104
.github/workflows/reusable_build_packages.yaml vendored
View File

@ -21,23 +21,23 @@ jobs:
- name: Install build dependencies - name: Install build dependencies
run: | run: |
dnf install -y bpftool ca-certificates cmake make automake gcc gcc-c++ kernel-devel clang git pkg-config autoconf automake libbpf-devel elfutils-libelf-devel dnf install -y bpftool ca-certificates cmake make automake gcc gcc-c++ kernel-devel clang git pkg-config autoconf automake libbpf-devel elfutils-libelf-devel
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Build modern BPF skeleton - name: Build modern BPF skeleton
run: | run: |
mkdir skeleton-build && cd skeleton-build cmake -B skeleton-build -S . \
cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_FALCO_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off -DFALCO_VERSION=${{ inputs.version }} .. -DUSE_BUNDLED_DEPS=ON -DBUILD_FALCO_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off -DFALCO_VERSION=${{ inputs.version }}
make ProbeSkeleton -j6 cmake --build skeleton-build --target ProbeSkeleton -j6
- name: Upload skeleton - name: Upload skeleton
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with: with:
name: bpf_probe_${{ inputs.arch }}.skel.h name: bpf_probe_${{ inputs.arch }}.skel.h
path: skeleton-build/skel_dir/bpf_probe.skel.h path: skeleton-build/skel_dir/bpf_probe.skel.h
retention-days: 1 retention-days: 1
build-packages: build-packages:
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936 # See https://github.com/actions/runner/issues/409#issuecomment-1158849936
runs-on: ${{ (inputs.arch == 'aarch64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-latest' }} runs-on: ${{ (inputs.arch == 'aarch64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-latest' }}
@ -51,30 +51,26 @@ jobs:
yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++
source /opt/rh/devtoolset-9/enable source /opt/rh/devtoolset-9/enable
yum install -y wget git make m4 rpm-build elfutils-libelf-devel perl-IPC-Cmd yum install -y wget git make m4 rpm-build elfutils-libelf-devel perl-IPC-Cmd
- name: Checkout - name: Checkout
# It is not possible to upgrade the checkout action to versions >= v4.0.0 because of incompatibilities with centos 7's libc. # It is not possible to upgrade the checkout action to versions >= v4.0.0 because of incompatibilities with centos 7's libc.
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Download skeleton - name: Download skeleton
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
name: bpf_probe_${{ inputs.arch }}.skel.h name: bpf_probe_${{ inputs.arch }}.skel.h
path: /tmp path: /tmp
- name: Install updated cmake - name: Install updated cmake
run: | run: |
curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz curl -L https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz \
gzip -d /tmp/cmake.tar.gz | tar --directory=/usr --strip-components=1 -xzp
tar -xpf /tmp/cmake.tar --directory=/tmp
cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr
rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)
- name: Prepare project - name: Prepare project
run: | run: |
mkdir build && cd build
source /opt/rh/devtoolset-9/enable source /opt/rh/devtoolset-9/enable
cmake \ cmake -B build -S . \
-DCMAKE_BUILD_TYPE=Release \ -DCMAKE_BUILD_TYPE=Release \
-DUSE_BUNDLED_DEPS=On \ -DUSE_BUNDLED_DEPS=On \
-DFALCO_ETC_DIR=/etc/falco \ -DFALCO_ETC_DIR=/etc/falco \
@ -82,20 +78,17 @@ jobs:
-DMODERN_BPF_SKEL_DIR=/tmp \ -DMODERN_BPF_SKEL_DIR=/tmp \
-DBUILD_DRIVER=Off \ -DBUILD_DRIVER=Off \
-DBUILD_BPF=Off \ -DBUILD_BPF=Off \
-DFALCO_VERSION=${{ inputs.version }} \ -DFALCO_VERSION=${{ inputs.version }}
..
- name: Build project - name: Build project
run: | run: |
cd build
source /opt/rh/devtoolset-9/enable source /opt/rh/devtoolset-9/enable
make falco -j6 cmake --build build --target falco -j6
- name: Build packages - name: Build packages
run: | run: |
cd build
source /opt/rh/devtoolset-9/enable source /opt/rh/devtoolset-9/enable
make package cmake --build build --target package
- name: Upload Falco tar.gz package - name: Upload Falco tar.gz package
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
@ -103,27 +96,27 @@ jobs:
name: falco-${{ inputs.version }}-${{ inputs.arch }}.tar.gz name: falco-${{ inputs.version }}-${{ inputs.arch }}.tar.gz
path: | path: |
${{ github.workspace }}/build/falco-*.tar.gz ${{ github.workspace }}/build/falco-*.tar.gz
- name: Upload Falco deb package - name: Upload Falco deb package
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with: with:
name: falco-${{ inputs.version }}-${{ inputs.arch }}.deb name: falco-${{ inputs.version }}-${{ inputs.arch }}.deb
path: | path: |
${{ github.workspace }}/build/falco-*.deb ${{ github.workspace }}/build/falco-*.deb
- name: Upload Falco rpm package - name: Upload Falco rpm package
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with: with:
name: falco-${{ inputs.version }}-${{ inputs.arch }}.rpm name: falco-${{ inputs.version }}-${{ inputs.arch }}.rpm
path: | path: |
${{ github.workspace }}/build/falco-*.rpm ${{ github.workspace }}/build/falco-*.rpm
# The musl build job is currently disabled because we link libelf dynamically and it is # The musl build job is currently disabled because we link libelf dynamically and it is
# not possible to dynamically link with musl # not possible to dynamically link with musl
build-musl-package: build-musl-package:
# x86_64 only for now # x86_64 only for now
# if: ${{ inputs.arch == 'x86_64' }} # if: ${{ inputs.arch == 'x86_64' }}
if: false if: false
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: alpine:3.17 container: alpine:3.17
steps: steps:
@ -131,32 +124,33 @@ jobs:
- name: Install build dependencies - name: Install build dependencies
run: | run: |
apk add g++ gcc cmake make git bash perl linux-headers autoconf automake m4 libtool elfutils-dev libelf-static patch binutils bpftool clang apk add g++ gcc cmake make git bash perl linux-headers autoconf automake m4 libtool elfutils-dev libelf-static patch binutils bpftool clang
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Prepare project - name: Prepare project
run: | run: |
mkdir build && cd build cmake -B build -S . \
cmake -DCPACK_GENERATOR=TGZ -DBUILD_BPF=Off -DBUILD_DRIVER=Off -DCMAKE_BUILD_TYPE=Release -DUSE_BUNDLED_DEPS=On -DUSE_BUNDLED_LIBELF=Off -DBUILD_LIBSCAP_MODERN_BPF=ON -DMUSL_OPTIMIZED_BUILD=On -DFALCO_ETC_DIR=/etc/falco ../ -DFALCO_VERSION=${{ inputs.version }} -DCMAKE_BUILD_TYPE=Release \
-DCPACK_GENERATOR=TGZ \
-DBUILD_BPF=Off -DBUILD_DRIVER=Off \
-DUSE_BUNDLED_DEPS=On -DUSE_BUNDLED_LIBELF=Off -DBUILD_LIBSCAP_MODERN_BPF=ON -DMUSL_OPTIMIZED_BUILD=On -DFALCO_ETC_DIR=/etc/falco -DFALCO_VERSION=${{ inputs.version }}
- name: Build project - name: Build project
run: | run: |
cd build cmake --build build -j6
make -j6 all
- name: Build packages - name: Build packages
run: | run: |
cd build cmake --build build -j6 --target package
make -j6 package
- name: Rename static package - name: Rename static package
run: | run: |
cd build cd build
mv falco-${{ inputs.version }}-x86_64.tar.gz falco-${{ inputs.version }}-static-x86_64.tar.gz mv falco-${{ inputs.version }}-x86_64.tar.gz falco-${{ inputs.version }}-static-x86_64.tar.gz
- name: Upload Falco static package - name: Upload Falco static package
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with: with:
@ -178,16 +172,15 @@ jobs:
uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
with: with:
node-version: 14 node-version: 14
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Prepare project - name: Prepare project
run: | run: |
mkdir build && cd build emcmake cmake -B build -S . \
emcmake cmake \
-DBUILD_BPF=Off \ -DBUILD_BPF=Off \
-DBUILD_DRIVER=Off \ -DBUILD_DRIVER=Off \
-DBUILD_LIBSCAP_MODERN_BPF=OFF \ -DBUILD_LIBSCAP_MODERN_BPF=OFF \
@ -195,24 +188,23 @@ jobs:
-DUSE_BUNDLED_DEPS=On \ -DUSE_BUNDLED_DEPS=On \
-DFALCO_ETC_DIR=/etc/falco \ -DFALCO_ETC_DIR=/etc/falco \
-DBUILD_FALCO_UNIT_TESTS=On \ -DBUILD_FALCO_UNIT_TESTS=On \
-DFALCO_VERSION=${{ inputs.version }} \ -DFALCO_VERSION=${{ inputs.version }}
..
- name: Build project - name: Build project
run: | run: |
cd build cd build
emmake make -j6 all emmake make -j6 all
- name: Run unit Tests - name: Run unit Tests
run: | run: |
cd build cd build
node ./unit_tests/falco_unit_tests.js node ./unit_tests/falco_unit_tests.js
- name: Build packages - name: Build packages
run: | run: |
cd build cd build
emmake make -j6 package emmake make -j6 package
- name: Upload Falco WASM package - name: Upload Falco WASM package
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with: with:
@ -229,11 +221,10 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
# NOTE: Backslash doesn't work as line continuation on Windows.
- name: Prepare project - name: Prepare project
run: | run: |
mkdir build cmake -B build -S . -DCMAKE_BUILD_TYPE=Release -DMINIMAL_BUILD=On -DUSE_BUNDLED_DEPS=On -DBUILD_FALCO_UNIT_TESTS=On -DFALCO_VERSION=${{ inputs.version }}
cd build
cmake -DCMAKE_BUILD_TYPE=Release -DMINIMAL_BUILD=On -DUSE_BUNDLED_DEPS=On -DBUILD_FALCO_UNIT_TESTS=On -DFALCO_VERSION=${{ inputs.version }} ..
- name: Build project - name: Build project
run: | run: |
@ -267,9 +258,8 @@ jobs:
- name: Prepare project - name: Prepare project
run: | run: |
mkdir build cmake -B build -S . \
cd build -DMINIMAL_BUILD=On -DUSE_BUNDLED_DEPS=On -DBUILD_FALCO_UNIT_TESTS=On -DFALCO_VERSION=${{ inputs.version }}
cmake -DMINIMAL_BUILD=On -DUSE_BUNDLED_DEPS=On -DBUILD_FALCO_UNIT_TESTS=On -DFALCO_VERSION=${{ inputs.version }} ..
- name: Build project - name: Build project
run: | run: |

17
.github/workflows/reusable_fetch_version.yaml vendored
View File

@ -5,34 +5,33 @@ on:
version: version:
description: "Falco version" description: "Falco version"
value: ${{ jobs.fetch-version.outputs.version }} value: ${{ jobs.fetch-version.outputs.version }}
jobs: jobs:
# We need to use an ubuntu-latest to fetch Falco version because # We need to use an ubuntu-latest to fetch Falco version because
# Falco version is computed by some cmake scripts that do git sorceries # Falco version is computed by some cmake scripts that do git sorceries
# to get the current version. # to get the current version.
# But centos7 jobs have a git version too old and actions/checkout does not # But centos7 jobs have a git version too old and actions/checkout does not
# fully clone the repo, but uses http rest api instead. # fully clone the repo, but uses http rest api instead.
fetch-version: fetch-version:
runs-on: ubuntu-latest runs-on: ubuntu-latest
# Map the job outputs to step outputs # Map the job outputs to step outputs
outputs: outputs:
version: ${{ steps.store_version.outputs.version }} version: ${{ steps.store_version.outputs.version }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Install build dependencies - name: Install build dependencies
run: | run: |
sudo apt update sudo apt update
sudo apt install -y cmake build-essential sudo apt install -y cmake build-essential
- name: Configure project - name: Configure project
run: | run: |
mkdir build && cd build cmake -B build -S . -DUSE_BUNDLED_DEPS=On -DUSE_DYNAMIC_LIBELF=Off
cmake -DUSE_BUNDLED_DEPS=On -DUSE_DYNAMIC_LIBELF=Off ..
- name: Load and store Falco version output - name: Load and store Falco version output
id: store_version id: store_version
run: | run: |

9
.github/workflows/staticanalysis.yaml vendored
View File

@ -19,10 +19,11 @@ jobs:
- name: Build and run cppcheck 🏎️ - name: Build and run cppcheck 🏎️
run: | run: |
mkdir build cmake -B build -S . \
cd build && cmake -DUSE_BUNDLED_DEPS=On -DUSE_DYNAMIC_LIBELF=Off -DBUILD_WARNINGS_AS_ERRORS=ON -DCREATE_TEST_TARGETS=Off -DCMAKE_BUILD_TYPE="release" -DBUILD_BPF=Off -DBUILD_DRIVER=Off .. -DCMAKE_BUILD_TYPE="release" \
make -j4 cppcheck -DUSE_BUNDLED_DEPS=On -DUSE_DYNAMIC_LIBELF=Off -DBUILD_WARNINGS_AS_ERRORS=ON -DCREATE_TEST_TARGETS=Off -DBUILD_BPF=Off -DBUILD_DRIVER=Off
make -j4 cppcheck_htmlreport cmake --build build -j4 --target cppcheck
cmake --build build -j4 --target cppcheck_htmlreport
- name: Upload reports ⬆️ - name: Upload reports ⬆️
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3