diff --git a/scripts/jenkins/build-pipeline/Jenkinsfile b/scripts/jenkins/build-pipeline/Jenkinsfile index 232fa850..329eec95 100644 --- a/scripts/jenkins/build-pipeline/Jenkinsfile +++ b/scripts/jenkins/build-pipeline/Jenkinsfile @@ -1,66 +1,95 @@ void setBuildStatus(String context, String message, String state) { step([ - $class: "GitHubCommitStatusSetter", - reposSource: [$class: "ManuallyEnteredRepositorySource", url: "https://github.com/falcosecurity/falco"], - contextSource: [$class: "ManuallyEnteredCommitContextSource", context: context], - errorHandlers: [[$class: "ChangingBuildStatusErrorHandler", result: "UNSTABLE"]], - statusResultSource: [ $class: "ConditionalStatusResultSource", results: [[$class: "AnyBuildResult", message: message, state: state]] ] - ]); + $class: "GitHubCommitStatusSetter", + reposSource: [ + $class: "ManuallyEnteredRepositorySource", + url: "https://github.com/falcosecurity/falco" + ], + contextSource: [ + $class: "ManuallyEnteredCommitContextSource", + context: context + ], + errorHandlers: [[ + $class: "ChangingBuildStatusErrorHandler", + result: "UNSTABLE" + ]], + statusResultSource: [ + $class: "ConditionalStatusResultSource", + results: [[ + $class: "AnyBuildResult", + message: message, + state: state + ]] + ] + ]); } +def version = 'UNKNOWN' + pipeline { agent { label "agent-docker-builder" } stages { stage("Check out dependencies") { - steps { - dir("falco") { - checkout([$class: "GitSCM", - branches: [[name: "refs/heads/"+env.BRANCH_NAME]], - doGenerateSubmoduleConfigurations: false, - extensions: [], - submoduleCfg: [], - userRemoteConfigs: [[credentialsId: "github-jenkins-user-token", url: "https://github.com/draios/falco"]]]) - } - dir("sysdig") { - checkout([$class: "GitSCM", - branches: [[name: "dev"]], - doGenerateSubmoduleConfigurations: false, - extensions: [], - submoduleCfg: [], - userRemoteConfigs: [[credentialsId: "github-jenkins-user-token", url: "https://github.com/draios/sysdig"]]]) + steps { + dir("falco") { + checkout([ + $class: "GitSCM", + branches: [[name: "refs/heads/"+env.BRANCH_NAME]], + doGenerateSubmoduleConfigurations: false, + extensions: [], + submoduleCfg: [], + userRemoteConfigs: [[ + credentialsId: "github-jenkins-user-token", + url: "https://github.com/falcosecurity/falco" + ]] + ]) + } + dir("sysdig") { + checkout([ + $class: "GitSCM", + branches: [[name: "dev"]], + doGenerateSubmoduleConfigurations: false, + extensions: [], + submoduleCfg: [], + userRemoteConfigs: [[ + credentialsId: "github-jenkins-user-token", + url: "https://github.com/draios/sysdig" + ]] + ]) } + } } - } - stage("Build") { - steps { - script{ - sh("./falco/scripts/jenkins/build-pipeline/build.sh") - } - } - post { - success { - setBuildStatus("Build", "Build Successful", "SUCCESS") - } - failure { - setBuildStatus("Build", "Build Failed", "FAILURE") - } - } + stage("Build") { + steps { + script{ + version = sh(returnStdout: true, script: "./falco/scripts/jenkins/build-pipeline/version") + sh("./falco/scripts/jenkins/build-pipeline/build ${version}") + } + } + post { + success { + setBuildStatus("Build", "Build Successful", "SUCCESS") + } + failure { + setBuildStatus("Build", "Build Failed", "FAILURE") + } + } } stage("Run tests") { - steps { - script{ - sh("./falco/scripts/jenkins/build-pipeline/run-tests.sh") - } + steps { + script{ + sh("./falco/scripts/jenkins/build-pipeline/run-tests ${version}") + } + } + post { + success { + setBuildStatus("Run tests", "All tests passed", "SUCCESS") + } + failure { + setBuildStatus("Run tests", "One or more tests failed", "FAILURE") + } + } } - post { - success { - setBuildStatus("Run tests", "All tests passed", "SUCCESS") - } - failure { - setBuildStatus("Run tests", "One or more tests failed", "FAILURE") - } - } - } } post { always { diff --git a/scripts/jenkins/build-pipeline/build b/scripts/jenkins/build-pipeline/build new file mode 100755 index 00000000..9f145e9d --- /dev/null +++ b/scripts/jenkins/build-pipeline/build @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +set -eu -o pipefail + +if [ $# -eq 0 ]; then + >&2 echo "Missing arguments." + exit 1 +fi +if [ -z "$1" ]; then + >&2 echo "Missing version." + exit 1 +fi +if [ "$1" == "UNKNOWN" ]; then + >&2 echo "Unknown version." + exit 1 +fi + +FALCO_VERSION=$1 +BUILD_DIR="${WORKSPACE}/build" +FALCOBUILDER_IMAGE="falcosecurity/falco-builder:chore-travis" + +rm -rf "$BUILD_DIR" +mkdir "$BUILD_DIR" + +docker run -u "$(id -u):$(id -g)" -v /etc/passwd:/etc/passwd:ro -e FALCO_VERSION="$FALCO_VERSION" -v "$WORKSPACE":/source -v "$BUILD_DIR":/build "$FALCOBUILDER_IMAGE" cmake +docker run -u "$(id -u):$(id -g)" -v /etc/passwd:/etc/passwd:ro -e FALCO_VERSION="$FALCO_VERSION" -v $"$WORKSPACE":/source -v "$BUILD_DIR":/build "$FALCOBUILDER_IMAGE" package \ No newline at end of file diff --git a/scripts/jenkins/build-pipeline/build.sh b/scripts/jenkins/build-pipeline/build.sh deleted file mode 100755 index b1e38ed9..00000000 --- a/scripts/jenkins/build-pipeline/build.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -xeuo pipefail - -export FALCO_VERSION=0.1.$((2700+BUILD_NUMBER))dev - -rm -rf ${WORKSPACE}/build -mkdir ${WORKSPACE}/build - -docker run --user $(id -u):$(id -g) -v /etc/passwd:/etc/passwd:ro -e FALCO_VERSION=${FALCO_VERSION} -e MAKE_JOBS=4 -v ${WORKSPACE}:/source -v ${WORKSPACE}/build:/build falcosecurity/falco-builder cmake -docker run --user $(id -u):$(id -g) -v /etc/passwd:/etc/passwd:ro -e FALCO_VERSION=${FALCO_VERSION} -e MAKE_JOBS=4 -v ${WORKSPACE}:/source -v ${WORKSPACE}/build:/build falcosecurity/falco-builder package diff --git a/scripts/jenkins/build-pipeline/run-tests b/scripts/jenkins/build-pipeline/run-tests new file mode 100755 index 00000000..b5636b7b --- /dev/null +++ b/scripts/jenkins/build-pipeline/run-tests @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +set -eu -o pipefail + +if [ $# -eq 0 ]; then + >&2 echo "Missing arguments." + exit 1 +fi +if [ -z "$1" ]; then + >&2 echo "Missing version." + exit 1 +fi +if [ "$1" == "UNKNOWN" ]; then + >&2 echo "Unknown version." + exit 1 +fi + +FALCO_VERSION=$1 +BUILD_DIR="${WORKSPACE}/build" +FALCOTESTER_IMAGE="falcosecurity/falco-tester:chore-travis" + +docker run \ + -v /boot:/boot:ro \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v /etc/passwd:/etc/passwd:ro \ + -e FALCO_VERSION="$FALCO_VERSION" \ + -v "$WORKSPACE":/source \ + -v "$BUILD_DIR":/build \ + "$FALCOTESTER_IMAGE" test + +exit 0 \ No newline at end of file diff --git a/scripts/jenkins/build-pipeline/run-tests.sh b/scripts/jenkins/build-pipeline/run-tests.sh deleted file mode 100755 index cfeeab6e..00000000 --- a/scripts/jenkins/build-pipeline/run-tests.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -xeuo pipefail - -export FALCO_VERSION=0.1.$((2700+BUILD_NUMBER))dev - -docker pull falcosecurity/falco-tester -docker run -v /boot:/boot:ro -v /var/run/docker.sock:/var/run/docker.sock -v /etc/passwd:/etc/passwd:ro -e FALCO_VERSION=${FALCO_VERSION} -v ${WORKSPACE}:/source -v ${WORKSPACE}/build:/build falcosecurity/falco-tester - -exit 0 diff --git a/scripts/jenkins/build-pipeline/version b/scripts/jenkins/build-pipeline/version new file mode 100755 index 00000000..1fb954b8 --- /dev/null +++ b/scripts/jenkins/build-pipeline/version @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +set -eu -o pipefail + +BUILD_DIR="${WORKSPACE}/build" +FALCOBUILDER_IMAGE="falcosecurity/falco-builder:chore-travis" + +rm -rf "$BUILD_DIR" +mkdir "$BUILD_DIR" + +CMAKE_CMD="docker run -u $(id -u):$(id -g) -v /etc/passwd:/etc/passwd:ro -v $WORKSPACE:/source -v $BUILD_DIR:/build -a stdout -a stderr $FALCOBUILDER_IMAGE cmake" + +FALCO_VERSION=$($CMAKE_CMD | grep -oP "Falco version: v?\K(\d+)\.[a-z0-9]{1,7}(\.[a-z0-9]+)?" || echo "UNKNOWN") + +if [ "$FALCO_VERSION" == "UNKNOWN" ]; then + >&2 echo "Unknown version." + exit 1 +fi + +echo "$FALCO_VERSION.$((2700+BUILD_NUMBER))" \ No newline at end of file