github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-03-18 18:58:41 +00:00
Code Issues Projects Releases Wiki Activity

ci: introduce new CircleCI jobs to build modern BPF

Browse Source 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
This commit is contained in:
Andrea Terzolo
2022-11-06 13:31:04 +01:00
parent 2db6c033cc
commit cad172cbe5
2 changed files with 119 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
.circleci/config.yml
View File

@@ -3,46 +3,48 @@ jobs:
"build-arm64":
machine:
enabled: true
image: ubuntu-2004:202101-01
image: ubuntu-2204:2022.10.2
resource_class: arm.medium
steps:
# Install dependencies to build the modern BPF probe skeleton.
- run:
name: Install deps ⛓️
command: |
sudo apt update
sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 git pkg-config autoconf automake libtool libelf-dev
sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90
sudo update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90
git clone https://github.com/libbpf/bpftool.git --branch v7.0.0 --single-branch
cd bpftool
git submodule update --init
cd src && sudo make install
# Path to the source code
- checkout:
path: /tmp/source-arm64/falco
# Build the skeleton
- run:
name: Prepare project
name: Build modern BPF skeleton 🐝
command: |
mkdir -p /tmp/build-arm64 && mkdir -p /tmp/build-arm64/release && \
docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \
falcosecurity/falco-builder:latest \
cmake
mkdir -p /tmp/source-arm64/falco/skeleton-build
cd /tmp/source-arm64/falco/skeleton-build && cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_FALCO_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off ../
make ProbeSkeleton
# Build the Falco packages (tar, deb, rpm) inside the centos7 builder.
# This dockerfile returns as output:
# - the build directory. (under /tmp/${DEST_BUILD_DIR})
# - the 3 packages: tar, deb, rpm. (under /tmp/packages)
- run:
name: Build
name: Build Falco packages 🏗️
command: |
docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \
falcosecurity/falco-builder:latest \
all
- run:
name: Run unit tests
command: |
docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \
falcosecurity/falco-builder:latest \
tests
- run:
name: Build packages
command: |
docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \
falcosecurity/falco-builder:latest \
package
- run:
name: Prepare Artifacts
command: |
mkdir -p /tmp/packages
cp /tmp/build-arm64/release/*.deb /tmp/packages
cp /tmp/build-arm64/release/*.tar.gz /tmp/packages
cp /tmp/build-arm64/release/*.rpm /tmp/packages
DOCKER_BUILDKIT=1 docker build -f /tmp/source-arm64/falco/docker/builder/centos7-builder.Dockerfile --output type=local,dest=/tmp --build-arg CMAKE_OPTIONS="-DCMAKE_BUILD_TYPE=Release -DUSE_BUNDLED_DEPS=On -DCREATE_TEST_TARGETS=Off -DFALCO_ETC_DIR=/etc/falco -DBUILD_FALCO_MODERN_BPF=ON -DMODERN_BPF_SKEL_DIR=/falco/skeleton-build/skel_dir -DBUILD_DRIVER=Off -DBUILD_BPF=Off" --build-arg DEST_BUILD_DIR=/build-arm64/release /tmp/source-arm64/falco
- store_artifacts:
path: /tmp/packages
destination: /packages
- persist_to_workspace:
root: /tmp
paths:
@@ -96,43 +98,64 @@ jobs:
paths:
- build-static/release
- source-static
# Build using our own builder base image using centos 7
# This build is static, dependencies are bundled in the Falco binary
"build-centos7":
docker:
- image: falcosecurity/falco-builder:latest
environment:
BUILD_TYPE: "release"
machine:
enabled: true
image: ubuntu-2204:2022.10.2
steps:
# Install dependencies to build the modern BPF probe skeleton.
- run:
name: Install deps ⛓️
command: |
sudo apt update
sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 git pkg-config autoconf automake libtool libelf-dev
sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90
sudo update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90
git clone https://github.com/libbpf/bpftool.git --branch v7.0.0 --single-branch
cd bpftool
git submodule update --init
cd src && sudo make install
# Path for the source code
- checkout:
path: /source/falco
- run:
name: Prepare project
command: /usr/bin/entrypoint cmake
name: Build modern BPF skeleton 🐝
command: |
mkdir -p /source/falco/skeleton-build
cd /source/falco/skeleton-build && cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_FALCO_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off ../
make ProbeSkeleton
# Build the Falco packages (tar, deb, rpm) inside the centos7 builder.
# This dockerfile returns as output:
# - the build directory. (under /${DEST_BUILD_DIR})
# - the 3 packages: tar, deb, rpm. (under /packages)
- run:
name: Build
command: /usr/bin/entrypoint all
name: Build Falco packages 🏗️
command: |
DOCKER_BUILDKIT=1 docker build -f /source/falco/docker/builder/centos7-builder.Dockerfile --output type=local,dest=/ --build-arg CMAKE_OPTIONS="-DCMAKE_BUILD_TYPE=Release -DUSE_BUNDLED_DEPS=On -DCREATE_TEST_TARGETS=Off -DFALCO_ETC_DIR=/etc/falco -DBUILD_FALCO_MODERN_BPF=ON -DMODERN_BPF_SKEL_DIR=/falco/skeleton-build/skel_dir -DBUILD_DRIVER=Off -DBUILD_BPF=Off" --build-arg DEST_BUILD_DIR=/build/release /source/falco
# Move packages under /tmp/packages
- run:
name: Run unit tests
command: /usr/bin/entrypoint tests
- run:
name: Build packages
command: /usr/bin/entrypoint package
name: Prepare Artifacts
command: |
cp /packages/*.deb /tmp/packages
cp /packages/*.tar.gz /tmp/packages
cp /packages/*.rpm /tmp/packages
- store_artifacts:
path: /tmp/packages
destination: /packages
- persist_to_workspace:
root: /
paths:
- build/release
- source
- run:
name: Prepare artifacts
command: |
mkdir -p /tmp/packages
cp /build/release/*.deb /tmp/packages
cp /build/release/*.tar.gz /tmp/packages
cp /build/release/*.rpm /tmp/packages
- store_artifacts:
path: /tmp/packages
destination: /packages
# Execute integration tests based on the build results coming from the "build-centos7" job
"tests-integration":
docker:
@@ -150,6 +173,8 @@ jobs:
command: /usr/bin/entrypoint test
- store_test_results:
path: /build/release/integration-tests-xunit
# Execute integration tests based on the build results coming from the "build-musl" job
"tests-integration-static":
docker:
- image: falcosecurity/falco-tester:latest

41
docker/builder/centos7-builder.Dockerfile Normal file
View File

@@ -0,0 +1,41 @@
FROM centos:7 AS build-stage
# To build Falco you need to pass the cmake option
ARG CMAKE_OPTIONS=""
# Install all the dependencies
WORKDIR /
RUN yum -y install centos-release-scl; \
yum -y install devtoolset-8-gcc devtoolset-8-gcc-c++; \
source scl_source enable devtoolset-8; \
# We can remove `elfutils-libelf-devel-static` and `xz` when the PR on libelf bundled is merged
yum install -y elfutils-libelf-devel-static xz; \
yum install -y git wget make m4 rpm-build
# With some previous cmake versions it fails when downloading `zlib` with curl in the libs building phase
RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz; \
gzip -d /tmp/cmake.tar.gz; \
tar -xpf /tmp/cmake.tar --directory=/tmp; \
cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr; \
rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/
# Copy Falco folder from the build context
COPY . /falco
WORKDIR /falco
RUN source scl_source enable devtoolset-8; \
rm -rf build; \
mkdir build && cd build; \
cmake ${CMAKE_OPTIONS} ..; \
make falco; \
make package
FROM scratch AS export-stage
ARG DEST_BUILD_DIR="/build"
COPY --from=build-stage /falco/build/falco-*.tar.gz /packages/
COPY --from=build-stage /falco/build/falco-*.deb /packages/
COPY --from=build-stage /falco/build/falco-*.rpm /packages/
COPY --from=build-stage /falco/build/ ${DEST_BUILD_DIR}