github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-08 09:37:58 +00:00
Code Issues Projects Releases Wiki Activity

ARM64 build

Browse Source 
Signed-off-by: odidev <odidev@puresoftware.com>
This commit is contained in:
odidev 2022-05-09 10:01:01 +00:00 committed by poiana
parent 0ebc7cd969
commit 4aa0fe1b95
1 changed files with 78 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

173
.circleci/config.yml
View File

@ -1,27 +1,32 @@
version: 2.1 version: 2.1
jobs: jobs:
"build-on-arm64": "build-arm64":
machine: machine:
enabled: true enabled: true
image: ubuntu-2004:202101-01 image: ubuntu-2004:202101-01
resource-class: arm.medium resource_class: arm.medium
steps: steps:
- run: - run:
- command: | command: |
docker run -e BUILD_TYPE="release" -it falcosecturity/falco-builder:latest /bin/sh -c "cd source/falco && \ docker run -e BUILD_TYPE="release" -it falcosecurity/falco-builder:latest /bin/sh -c "cd source/falco && \
./usr/bin/entrypoint cmake && \ ./usr/bin/entrypoint cmake && \
./usr/bin/entrypoint all && \ ./usr/bin/entrypoint all && \
./usr/bin/entrypoint tests && \ ./usr/bin/entrypoint tests && \
./usr/bin/entrypoint package && \ ./usr/bin/entrypoint package"
cd ../.. && \ - run:
mkdir -p /temp/packages && \ name: Prepare Artifacts
cp /build/release/*.deb /temp/packages && \ command: |
cp /build/release/*/tar.gz /temp/packages && \ mkdir -p /tmp/packages
cp /build/release/*.rpm /temp/packages" docker cp falcosecurity/falco-builder:/build/release/*.deb /tmp/packages
docker cp falcosecurity/falco-builder:/build/release/*.tar.gz /tmp/packages
docker cp falcosecurity/falco-builder:/build/release/*.rpm /tmp/packages
- store_artifacts:
path: /tmp/packages
destination: /packages
# Build a statically linked Falco release binary using musl # Build a statically linked Falco release binary using musl
# This build is 100% static, there are no host dependencies # This build is 100% static, there are no host dependencies
"build/musl": "build-musl":
docker: docker:
- image: alpine:3.12 - image: alpine:3.12
steps: steps:
@ -69,7 +74,7 @@ jobs:
- source-static - source-static
# Build using our own builder base image using centos 7 # Build using our own builder base image using centos 7
# This build is static, dependencies are bundled in the Falco binary # This build is static, dependencies are bundled in the Falco binary
"build/centos7": "build-centos7":
docker: docker:
- image: falcosecurity/falco-builder:latest - image: falcosecurity/falco-builder:latest
environment: environment:
@ -105,7 +110,7 @@ jobs:
path: /tmp/packages path: /tmp/packages
destination: /packages destination: /packages
# Execute integration tests based on the build results coming from the "build/centos7" job # Execute integration tests based on the build results coming from the "build/centos7" job
"tests/integration": "tests-integration":
docker: docker:
- image: falcosecurity/falco-tester:latest - image: falcosecurity/falco-tester:latest
environment: environment:
@ -121,7 +126,7 @@ jobs:
command: /usr/bin/entrypoint test command: /usr/bin/entrypoint test
- store_test_results: - store_test_results:
path: /build/release/integration-tests-xunit path: /build/release/integration-tests-xunit
"tests/integration-static": "tests-integration-static":
docker: docker:
- image: falcosecurity/falco-tester:latest - image: falcosecurity/falco-tester:latest
environment: environment:
@ -139,7 +144,7 @@ jobs:
command: /usr/bin/entrypoint test command: /usr/bin/entrypoint test
- store_test_results: - store_test_results:
path: /build-static/release/integration-tests-xunit path: /build-static/release/integration-tests-xunit
"tests/driver-loader/integration": "tests-driver-loader-integration":
machine: machine:
image: ubuntu-2004:202107-02 image: ubuntu-2004:202107-02
steps: steps:
@ -149,7 +154,7 @@ jobs:
name: Execute driver-loader integration tests name: Execute driver-loader integration tests
command: /tmp/ws/source/falco/test/driver-loader/run_test.sh /tmp/ws/build/release/ command: /tmp/ws/source/falco/test/driver-loader/run_test.sh /tmp/ws/build/release/
# Code quality # Code quality
"quality/static-analysis": "quality-static-analysis":
docker: docker:
- image: falcosecurity/falco-builder:latest - image: falcosecurity/falco-builder:latest
environment: environment:
@ -176,7 +181,7 @@ jobs:
path: /build/release/static-analysis-reports path: /build/release/static-analysis-reports
destination: /static-analysis-reports destination: /static-analysis-reports
# Sign rpm packages # Sign rpm packages
"rpm/sign": "rpm-sign":
docker: docker:
- image: falcosecurity/falco-builder:latest - image: falcosecurity/falco-builder:latest
steps: steps:
@ -207,7 +212,7 @@ jobs:
paths: paths:
- build/release/*.rpm - build/release/*.rpm
# Publish the dev packages # Publish the dev packages
"publish/packages-dev": "publish-packages-dev":
docker: docker:
- image: docker.io/centos:7 - image: docker.io/centos:7
steps: steps:
@ -225,19 +230,20 @@ jobs:
name: Publish rpm-dev name: Publish rpm-dev
command: | command: |
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
/source/falco/scripts/publish-rpm -f /build/release/falco-${FALCO_VERSION}-x86_64.rpm -r rpm-dev /source/falco/scripts/publish-rpm -f /build/release/falco-${FALCO_VERSION}-x86_64.rpm -f /build/release/falco-${FALCO_VERSION}-aarch64.rpm -r rpm-dev
- run: - run:
name: Publish bin-dev name: Publish bin-dev
command: | command: |
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
/source/falco/scripts/publish-bin -f /build/release/falco-${FALCO_VERSION}-x86_64.tar.gz -r bin-dev -a x86_64 /source/falco/scripts/publish-bin -f /build/release/falco-${FALCO_VERSION}-x86_64.tar.gz -r bin-dev -a x86_64
/source/falco/scripts/publish-bin -f /build/release/falco-${FALCO_VERSION}-aarch64.tar.gz -r bin-dev -a aarch64
- run: - run:
name: Publish bin-static-dev name: Publish bin-static-dev
command: | command: |
FALCO_VERSION=$(cat /build-static/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') FALCO_VERSION=$(cat /build-static/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
cp -f /build-static/release/falco-${FALCO_VERSION}-x86_64.tar.gz /build-static/release/falco-${FALCO_VERSION}-static-x86_64.tar.gz cp -f /build-static/release/falco-${FALCO_VERSION}-x86_64.tar.gz /build-static/release/falco-${FALCO_VERSION}-static-x86_64.tar.gz
/source/falco/scripts/publish-bin -f /build-static/release/falco-${FALCO_VERSION}-static-x86_64.tar.gz -r bin-dev -a x86_64 /source/falco/scripts/publish-bin -f /build-static/release/falco-${FALCO_VERSION}-static-x86_64.tar.gz -r bin-dev -a x86_64
"publish/packages-deb-dev": "publish-packages-deb-dev":
docker: docker:
- image: docker.io/debian:stable - image: docker.io/debian:stable
steps: steps:
@ -254,48 +260,10 @@ jobs:
name: Publish deb-dev name: Publish deb-dev
command: | command: |
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
/source/falco/scripts/publish-deb -f /build/release/falco-${FALCO_VERSION}-x86_64.deb -r deb-dev /source/falco/scripts/publish-deb -f /build/release/falco-${FALCO_VERSION}-x86_64.deb -f /build/release/falco-${FALCO_VERSION}-aarch64.deb -r deb-dev
"publish/packages-dev-arm64":
machine:
enabled: true
image: ubuntu-2004:202101-01
resource-class: arm.medium
steps:
- run:
name: Setup
command: |
docker run -it docker.io/centos:7 /bin/sh -c "yum install epel-release -y && \
yum update -y && \
yum install createrepo gpg python python-pip -y && \
pip install awscli==1.19.47 && \
echo $GPG_KEY | base64 -d | gpg --import && \
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') && \
/source/falco/scripts/publish-rpm -f /build/release/falco-${FALCO_VERSION}-aarch64.rpm -r rpm-dev && \
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') && \
/source/falco/scripts/publish-bin -f /build/release/falco-${FALCO_VERSION}-aarch64.tar.gz -r bin-dev -a aarch64 && \
FALCO_VERSION=$(cat /build-static/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') && \
cp -f /build-static/release/falco-${FALCO_VERSION}-aarch64.tar.gz /build-static/release/falco-${FALCO_VERSION}-static-aarch64.tar.gz && \
/source/falco/scripts/publish-bin -f /build-static/release/falco-${FALCO_VERSION}-static-aarch64.tar.gz -r bin-dev -a aarch64"
"publish/packages-deb-dev-arm64":
machine:
enabled: true
image: ubuntu-2004:202101-01
resource-class: arm.medium
steps:
- run:
name: Setup
command: |
docker run -it docker.io/debian:stable /bin/sh -c "apt update -y && \
apt-get install apt-utils bzip2 gpg python python3-pip -y && \
pip install awscli && \
echo $GPG_KEY | base64 -d | gpg --import && \
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') && \
/source/falco/scripts/publish-deb -f /build/release/falco-${FALCO_VERSION}-aarch64.deb -r deb-dev"
# Publish docker packages # Publish docker packages
"publish/docker-dev": "publish-docker-dev":
docker: docker:
- image: cimg/base:stable - image: cimg/base:stable
user: root user: root
@ -360,7 +328,7 @@ jobs:
docker push public.ecr.aws/falcosecurity/falco-driver-loader:master docker push public.ecr.aws/falcosecurity/falco-driver-loader:master
# Publish the packages # Publish the packages
"publish/packages": "publish-packages":
docker: docker:
- image: docker.io/centos:7 - image: docker.io/centos:7
steps: steps:
@ -378,19 +346,20 @@ jobs:
name: Publish rpm name: Publish rpm
command: | command: |
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
/source/falco/scripts/publish-rpm -f /build/release/falco-${FALCO_VERSION}-x86_64.rpm -r rpm /source/falco/scripts/publish-rpm -f /build/release/falco-${FALCO_VERSION}-x86_64.rpm -f /build/release/falco-${FALCO_VERSION}-aarch64.rpm -r rpm
- run: - run:
name: Publish bin name: Publish bin
command: | command: |
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
/source/falco/scripts/publish-bin -f /build/release/falco-${FALCO_VERSION}-x86_64.tar.gz -r bin -a x86_64 /source/falco/scripts/publish-bin -f /build/release/falco-${FALCO_VERSION}-x86_64.tar.gz -r bin -a x86_64
/source/falco/scripts/publish-bin -f /build/release/falco-${FALCO_VERSION}-aarch64.tar.gz -r bin -a aarch64
- run: - run:
name: Publish bin-static name: Publish bin-static
command: | command: |
FALCO_VERSION=$(cat /build-static/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') FALCO_VERSION=$(cat /build-static/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
cp -f /build-static/release/falco-${FALCO_VERSION}-x86_64.tar.gz /build-static/release/falco-${FALCO_VERSION}-static-x86_64.tar.gz cp -f /build-static/release/falco-${FALCO_VERSION}-x86_64.tar.gz /build-static/release/falco-${FALCO_VERSION}-static-x86_64.tar.gz
/source/falco/scripts/publish-bin -f /build-static/release/falco-${FALCO_VERSION}-static-x86_64.tar.gz -r bin -a x86_64 /source/falco/scripts/publish-bin -f /build-static/release/falco-${FALCO_VERSION}-static-x86_64.tar.gz -r bin -a x86_64
"publish/packages-deb": "publish-packages-deb":
docker: docker:
- image: docker.io/debian:stable - image: docker.io/debian:stable
steps: steps:
@ -407,9 +376,9 @@ jobs:
name: Publish deb name: Publish deb
command: | command: |
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
/source/falco/scripts/publish-deb -f /build/release/falco-${FALCO_VERSION}-x86_64.deb -r deb /source/falco/scripts/publish-deb -f /build/release/falco-${FALCO_VERSION}-x86_64.deb -f /build/release/falco-${FALCO_VERSION}-aarch64.deb -r deb
# Publish docker packages # Publish docker packages
"publish/docker": "publish-docker":
docker: docker:
- image: cimg/base:stable - image: cimg/base:stable
user: root user: root
@ -456,7 +425,6 @@ jobs:
name: Login to aws ECR name: Login to aws ECR
command: | command: |
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/falcosecurity aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/falcosecurity
- run: - run:
name: Publish no-driver to AWS name: Publish no-driver to AWS
command: | command: |
@ -486,18 +454,19 @@ workflows:
version: 2.1 version: 2.1
build_and_test: build_and_test:
jobs: jobs:
- "build/musl" - "build-musl"
- "build/centos7" - "build-arm64"
- "tests/integration": - "build-centos7"
- "tests-integration":
requires: requires:
- "build/centos7" - "build-centos7"
- "tests/integration-static": - "tests-integration-static":
requires: requires:
- "build/musl" - "build-musl"
- "tests/driver-loader/integration": - "tests-driver-loader-integration":
requires: requires:
- "build/centos7" - "build-centos7"
- "rpm/sign": - "rpm-sign":
context: falco context: falco
filters: filters:
tags: tags:
@ -505,8 +474,9 @@ workflows:
branches: branches:
only: master only: master
requires: requires:
- "tests/integration" - "tests-integration"
- "publish/packages-dev": - "build-arm64"
- "publish-packages-dev":
context: context:
- falco - falco
- test-infra - test-infra
@ -516,9 +486,9 @@ workflows:
branches: branches:
only: master only: master
requires: requires:
- "rpm/sign" - "rpm-sign"
- "tests/integration-static" - "tests-integration-static"
- "publish/packages-deb-dev": - "publish-packages-deb-dev":
context: context:
- falco - falco
- test-infra - test-infra
@ -528,8 +498,9 @@ workflows:
branches: branches:
only: master only: master
requires: requires:
- "tests/integration" - "tests-integration"
- "publish/docker-dev": - "build-arm64"
- "publish-docker-dev":
context: falco context: falco
filters: filters:
tags: tags:
@ -537,63 +508,71 @@ workflows:
branches: branches:
only: master only: master
requires: requires:
- "publish/packages-dev" - "publish-packages-dev"
- "publish/packages-deb-dev" - "publish-packages-deb-dev"
- "tests/driver-loader/integration" - "tests-driver-loader-integration"
# - "quality/static-analysis" # This is temporarily disabled: https://github.com/falcosecurity/falco/issues/1526 # - "quality/static-analysis" # This is temporarily disabled: https://github.com/falcosecurity/falco/issues/1526
release: release:
jobs: jobs:
- "build/musl": - "build-musl":
filters: filters:
tags: tags:
only: /.*/ only: /.*/
branches: branches:
ignore: /.*/ ignore: /.*/
- "build/centos7": - "build-centos7":
filters: filters:
tags: tags:
only: /.*/ only: /.*/
branches: branches:
ignore: /.*/ ignore: /.*/
- "rpm/sign": - "build-arm64":
filters:
tags:
only: /.*/
branches:
ignore: /.*/
- "rpm-sign":
context: falco context: falco
requires: requires:
- "build/centos7" - "build-centos7"
- "build-arm64"
filters: filters:
tags: tags:
only: /.*/ only: /.*/
branches: branches:
ignore: /.*/ ignore: /.*/
- "publish/packages": - "publish-packages":
context: context:
- falco - falco
- test-infra - test-infra
requires: requires:
- "build/musl" - "build-musl"
- "rpm/sign" - "rpm-sign"
filters: filters:
tags: tags:
only: /.*/ only: /.*/
branches: branches:
ignore: /.*/ ignore: /.*/
- "publish/packages-deb": - "publish-packages-deb":
context: context:
- falco - falco
- test-infra - test-infra
requires: requires:
- "build/centos7" - "build-centos7"
- "build-arm64"
filters: filters:
tags: tags:
only: /.*/ only: /.*/
branches: branches:
ignore: /.*/ ignore: /.*/
- "publish/docker": - "publish-docker":
context: context:
- falco - falco
- test-infra - test-infra
requires: requires:
- "publish/packages" - "publish-packages"
- "publish/packages-deb" - "publish-packages-deb"
filters: filters:
tags: tags:
only: /.*/ only: /.*/