diff --git a/.circleci/config.yml b/.circleci/config.yml index 04af60d1..b2d32482 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -3,46 +3,48 @@ jobs: "build-arm64": machine: enabled: true - image: ubuntu-2004:202101-01 + image: ubuntu-2204:2022.10.2 resource_class: arm.medium steps: + + # Install dependencies to build the modern BPF probe skeleton. + - run: + name: Install deps ⛓️ + command: | + sudo apt update + sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 git pkg-config autoconf automake libtool libelf-dev + sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90 + sudo update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90 + git clone https://github.com/libbpf/bpftool.git --branch v7.0.0 --single-branch + cd bpftool + git submodule update --init + cd src && sudo make install + + # Path to the source code - checkout: path: /tmp/source-arm64/falco + + # Build the skeleton - run: - name: Prepare project + name: Build modern BPF skeleton 🐝 command: | - mkdir -p /tmp/build-arm64 && mkdir -p /tmp/build-arm64/release && \ - docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \ - falcosecurity/falco-builder:latest \ - cmake + mkdir -p /tmp/source-arm64/falco/skeleton-build + cd /tmp/source-arm64/falco/skeleton-build && cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_FALCO_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off ../ + make ProbeSkeleton + + # Build the Falco packages (tar, deb, rpm) inside the centos7 builder. + # This dockerfile returns as output: + # - the build directory. (under /tmp/${DEST_BUILD_DIR}) + # - the 3 packages: tar, deb, rpm. (under /tmp/packages) - run: - name: Build + name: Build Falco packages 🏗️ command: | - docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \ - falcosecurity/falco-builder:latest \ - all - - run: - name: Run unit tests - command: | - docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \ - falcosecurity/falco-builder:latest \ - tests - - run: - name: Build packages - command: | - docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \ - falcosecurity/falco-builder:latest \ - package - - run: - name: Prepare Artifacts - command: | - mkdir -p /tmp/packages - cp /tmp/build-arm64/release/*.deb /tmp/packages - cp /tmp/build-arm64/release/*.tar.gz /tmp/packages - cp /tmp/build-arm64/release/*.rpm /tmp/packages + DOCKER_BUILDKIT=1 docker build -f /tmp/source-arm64/falco/docker/builder/centos7-builder.Dockerfile --output type=local,dest=/tmp --build-arg CMAKE_OPTIONS="-DCMAKE_BUILD_TYPE=Release -DUSE_BUNDLED_DEPS=On -DCREATE_TEST_TARGETS=Off -DFALCO_ETC_DIR=/etc/falco -DBUILD_FALCO_MODERN_BPF=ON -DMODERN_BPF_SKEL_DIR=/falco/skeleton-build/skel_dir -DBUILD_DRIVER=Off -DBUILD_BPF=Off" --build-arg DEST_BUILD_DIR=/build-arm64/release /tmp/source-arm64/falco + - store_artifacts: path: /tmp/packages destination: /packages + - persist_to_workspace: root: /tmp paths: @@ -96,43 +98,64 @@ jobs: paths: - build-static/release - source-static - # Build using our own builder base image using centos 7 # This build is static, dependencies are bundled in the Falco binary "build-centos7": - docker: - - image: falcosecurity/falco-builder:latest - environment: - BUILD_TYPE: "release" + machine: + enabled: true + image: ubuntu-2204:2022.10.2 steps: + + # Install dependencies to build the modern BPF probe skeleton. + - run: + name: Install deps ⛓️ + command: | + sudo apt update + sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 git pkg-config autoconf automake libtool libelf-dev + sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90 + sudo update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90 + git clone https://github.com/libbpf/bpftool.git --branch v7.0.0 --single-branch + cd bpftool + git submodule update --init + cd src && sudo make install + + # Path for the source code - checkout: path: /source/falco + - run: - name: Prepare project - command: /usr/bin/entrypoint cmake + name: Build modern BPF skeleton 🐝 + command: | + mkdir -p /source/falco/skeleton-build + cd /source/falco/skeleton-build && cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_FALCO_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off ../ + make ProbeSkeleton + + # Build the Falco packages (tar, deb, rpm) inside the centos7 builder. + # This dockerfile returns as output: + # - the build directory. (under /${DEST_BUILD_DIR}) + # - the 3 packages: tar, deb, rpm. (under /packages) - run: - name: Build - command: /usr/bin/entrypoint all + name: Build Falco packages 🏗️ + command: | + DOCKER_BUILDKIT=1 docker build -f /source/falco/docker/builder/centos7-builder.Dockerfile --output type=local,dest=/ --build-arg CMAKE_OPTIONS="-DCMAKE_BUILD_TYPE=Release -DUSE_BUNDLED_DEPS=On -DCREATE_TEST_TARGETS=Off -DFALCO_ETC_DIR=/etc/falco -DBUILD_FALCO_MODERN_BPF=ON -DMODERN_BPF_SKEL_DIR=/falco/skeleton-build/skel_dir -DBUILD_DRIVER=Off -DBUILD_BPF=Off" --build-arg DEST_BUILD_DIR=/build/release /source/falco + + # Move packages under /tmp/packages - run: - name: Run unit tests - command: /usr/bin/entrypoint tests - - run: - name: Build packages - command: /usr/bin/entrypoint package + name: Prepare Artifacts + command: | + cp /packages/*.deb /tmp/packages + cp /packages/*.tar.gz /tmp/packages + cp /packages/*.rpm /tmp/packages + + - store_artifacts: + path: /tmp/packages + destination: /packages + - persist_to_workspace: root: / paths: - build/release - source - - run: - name: Prepare artifacts - command: | - mkdir -p /tmp/packages - cp /build/release/*.deb /tmp/packages - cp /build/release/*.tar.gz /tmp/packages - cp /build/release/*.rpm /tmp/packages - - store_artifacts: - path: /tmp/packages - destination: /packages + # Execute integration tests based on the build results coming from the "build-centos7" job "tests-integration": docker: @@ -150,6 +173,8 @@ jobs: command: /usr/bin/entrypoint test - store_test_results: path: /build/release/integration-tests-xunit + + # Execute integration tests based on the build results coming from the "build-musl" job "tests-integration-static": docker: - image: falcosecurity/falco-tester:latest diff --git a/docker/builder/centos7-builder.Dockerfile b/docker/builder/centos7-builder.Dockerfile new file mode 100644 index 00000000..da9737c7 --- /dev/null +++ b/docker/builder/centos7-builder.Dockerfile @@ -0,0 +1,41 @@ +FROM centos:7 AS build-stage + +# To build Falco you need to pass the cmake option +ARG CMAKE_OPTIONS="" + +# Install all the dependencies +WORKDIR / + +RUN yum -y install centos-release-scl; \ + yum -y install devtoolset-8-gcc devtoolset-8-gcc-c++; \ + source scl_source enable devtoolset-8; \ + # We can remove `elfutils-libelf-devel-static` and `xz` when the PR on libelf bundled is merged + yum install -y elfutils-libelf-devel-static xz; \ + yum install -y git wget make m4 rpm-build + +# With some previous cmake versions it fails when downloading `zlib` with curl in the libs building phase +RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz; \ + gzip -d /tmp/cmake.tar.gz; \ + tar -xpf /tmp/cmake.tar --directory=/tmp; \ + cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr; \ + rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/ + +# Copy Falco folder from the build context +COPY . /falco +WORKDIR /falco + +RUN source scl_source enable devtoolset-8; \ + rm -rf build; \ + mkdir build && cd build; \ + cmake ${CMAKE_OPTIONS} ..; \ + make falco; \ + make package + +FROM scratch AS export-stage + +ARG DEST_BUILD_DIR="/build" + +COPY --from=build-stage /falco/build/falco-*.tar.gz /packages/ +COPY --from=build-stage /falco/build/falco-*.deb /packages/ +COPY --from=build-stage /falco/build/falco-*.rpm /packages/ +COPY --from=build-stage /falco/build/ ${DEST_BUILD_DIR}