github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-09 01:58:13 +00:00
Code Issues Projects Releases Wiki Activity
4,220 Commits 118 Branches 173 Tags 105 MiB
fix_CI_4
Commit Graph

231 Commits

Author SHA1 Message Date
Federico Di Pierro
47959abfed chore(docker): improve usage helper message. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-12 18:23:44 +01:00
Federico Di Pierro
8db79da647 chore(cmake,docker): bumped falcoctl to v0.7.0-beta5. 
Moreover, small fix in docker images entrypoints regarding the name printed in usage.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-12 18:23:44 +01:00
Federico Di Pierro
f2ebdfaf8e fix(docker): small fixes in docker entrypoints for new driver loader. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-12 09:56:42 +01:00
Federico Di Pierro
ade27c2546 chore(scripts): use new default value for falcoctl driver.host-root config key. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-11 16:37:39 +01:00
Federico Di Pierro
0c9538241d chore(docker): cleaned up useless removal of falcoctl. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2023-12-11 16:37:39 +01:00
Federico Di Pierro
be100f7ad5 new(docker,scripts): dropped falco-driver-loader in favor of new falcoctl driver command. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-11 16:37:39 +01:00
Federico Di Pierro
0ba0dd8671 chore(docker/falco): add back some deps to falco docker image. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2023-12-05 18:34:26 +01:00
Andrea Terzolo
16a37e5c2e fix(dockerfile): remove useless CMD 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
 2023-09-21 17:38:47 +02:00
Leonardo Grasso
fe50ac22ee update: add SPDX license identifier 
See https://github.com/falcosecurity/evolution/issues/318

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-09-21 13:21:47 +02:00
Luca Guerra
e5e7a4761d fix(build): set the right bucket and version for driver legacy 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-09-13 15:19:40 +02:00
Luca Guerra
7b4264918b update(docs): add driver-loader-legacy to readme and fix bad c&p 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-09-12 13:33:35 +02:00
Luca Guerra
37ce18f457 fix(docker): prevent variable expansion with FALCO_DRIVER_LOADER_OPTIONS 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-09-11 14:59:30 +02:00
Luca Guerra
dae36c798a new(docker): allow passing options to falco-driver-loader from the container image 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-09-11 14:59:30 +02:00
Luca Guerra
d5e80fee0b update(docs): add section about the experimental distroless image 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-09-11 10:03:13 +02:00
Adrian Mouat
de5eec5285 new(docker): add distroless Dockerfile 
Signed-off-by: Adrian Mouat <adrian@chainguard.dev>
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-09-11 10:03:13 +02:00
Luca Guerra
c2b940f8c4 update(docker): remove packages that are not strictly necessary 
Signed-off-by: Luca Guerra <luca@guerra.sh>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2023-09-07 15:55:59 +02:00
Luca Guerra
1616ac666b update(docker): add the legacy driver loader image 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-09-07 15:55:59 +02:00
Luca Guerra
02982e0375 update(docker): upgrade Falco driver loader image 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-09-07 15:55:59 +02:00
Luca Guerra
d1b932d2e9 update(docker): use debian 12 slim for falco no driver 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-09-07 12:49:59 +02:00
Leonardo Grasso
e3be7a7309 chore(docker): remove UBI 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-08-04 15:43:22 +02:00
Leonardo Grasso
120a3accc8 docs(docker): remove UBI 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2023-08-04 15:43:22 +02:00
Jason Dellaluce
babfafc5ab cleanup: remove builder image 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-04 10:32:21 +02:00
Jason Dellaluce
35fab0a60c cleanup(docker/builder): remove workaround for circleci tests 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-04 10:32:21 +02:00
Jason Dellaluce
b546a3932a cleanup: remove tester and local images 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-08-04 10:32:21 +02:00
Daniel Wright
2e7a0b026f feat: add jq and curl to falco-no-driver docker image 
To supoprt the use of outputs that are documented in the falco
examples (e.g. jq piped to curl) I would like to propose including
these tools in the falco-no-driver image. They add a very minimal
size and dependency to the image but would make things a lot easier
for users getting started.

Closes #2580

Signed-off-by: Daniel Wright <danielwright@bitgo.com>
 2023-05-31 13:21:31 +02:00
Daniel Wright
498b64b469 feat: add image source OCI label to docker images 
Closes #2591

Signed-off-by: Daniel Wright <danielwright@bitgo.com>
 2023-05-29 11:17:24 +02:00
Luca Guerra
09b5cb7c7b fix(ci): load falco image before building falco-driver-loader 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2023-05-15 15:35:24 +02:00
Andrea Terzolo
0d62fb9133 ci: remove unit tests from circleCI 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-02-10 11:41:24 +01:00
Aldo Lacuku
43c802d045 fix(dockerfile/no-driver): install ca-certificates 
Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
 2023-02-09 17:31:31 +01:00
Andrea Terzolo
1d99e3d7b3 fix(ci): remove application rules from docker build 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-01-30 13:44:17 +01:00
Andrea Terzolo
229633ee8a update(CI): mitigate frequent failure in CircleCI jobs 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-01-26 12:37:43 +01:00
Andrea Terzolo
acd1e0dc28 update: split the build phase in multiple RUN commands 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-01-26 12:37:43 +01:00
Jason Dellaluce
cfc96e899b fix(docker/falco): trust latest GPG key 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2023-01-19 12:33:46 +01:00
Thomas Labarussias
bb9edea666 install ca-certificates in falco:no-driver image 
Signed-off-by: Thomas Labarussias <issif+github@gadz.org>
 2023-01-16 10:35:18 +01:00
Andrea Terzolo
19d5430f5d update: modern falco builder 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2023-01-09 09:04:54 +01:00
Andrea Terzolo
647c085041 ci: bump resource class 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-21 11:26:02 +01:00
Andrea Terzolo
c861f0b02a update(ci): update ci jobs to generate Falco images with modern probe 
Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
 2022-12-21 11:26:02 +01:00
Federico Di Pierro
818f717622 chore(scripts,cmake): dialog is an optional dep, do not list it among deps. 
Cleaned up unused vars in postinst scripts.
Finally, only show dialog window in interactive shells.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-12-15 14:09:19 +01:00
Federico Di Pierro
d0ceba83b4 update(cmake, docker, circleci): updated libs and driver to latest master. 
Docker builder image was updated to remove the libelf and libz deps as they are now properly bundled, in BUNDLED_DEPS mode.
Finally, circleci musl job was updated to enforce the use of alpine-provided libelf package, since it is already static,
and building libelf on musl is pretty cumbersome.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-11-11 14:56:10 +01:00
Jason Dellaluce
6c1f908ca5 cleanup(cmake): rename legacy cmake variables 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-08-29 15:42:33 +02:00
Jason Dellaluce
0cab9ba6ed chore(OWNERS): remove duplicates in reviewers 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2022-07-20 10:39:56 +02:00
Federico Di Pierro
610b67838b fix(docker): fixed deb tester sub image. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-06-29 11:52:31 +02:00
Jeremi Piotrowski
6d56571e23 update(docker,falco_scripts): fix kernel module build on Flatcar 
Relocate necessary tools from the kernel module build system to run using host
dynlinker and libraries, so that compiling falco module on Flatcar works.

Since Flatcar v2983.0.0, Flatcar ships with glibc-2.33, but the
falco-driver-loader container is based on debian:buster and so has a much older
glibc. This prevents some necessary tools within /lib/modules/*/build from
working which causes the falco module to fail to compile using dkms.

To make the tools work, we need to relocate them so we add patchelf to the
falco and local dockerfiles. The relocation is based on the approach done by
the sysdig agent-kmodule build system, but I'm unable to find the source code
for it. The host linker and libs will be found at /host/usr/lib64, so we change
the interpreter and rpath on the tools. The relocation happens on a copy of the
tools which are then bind mounted at the right location. The result allows the
module build to work.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
 2022-06-13 10:34:43 +02:00
Federico Di Pierro
a98bf52345 update(docker): updated falco-builder to fix multiarch support. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
 2022-06-09 09:33:39 +02:00
Federico Di Pierro
984b94f734 new(docker,scripts): port all docker images to be multiarch ready. 
They can be pushed with `docker buildx` for various architectures.

Moreover, updated falco-driver-loader to support multiple architectures.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2022-06-07 11:02:54 +02:00
Mateusz Gozdek
cb4cec6f57 Fix typos 
Found by running the following command:
codespell -f -H -L aks,creat,chage -S .git

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
 2022-04-06 14:40:31 +02:00
Frederico Araujo
26a3b7a01e refator(image): commented and moved symlinks inside SKIP_DRIVER_LOADER check 
Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>
 2022-03-23 15:39:03 +01:00
Frederico Araujo
55700f80e4 refactor(image): remove -x flag in ubi docker entrypoint 
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>
 2022-03-23 15:39:03 +01:00
Frederico Araujo
54a817bf3c feat(image): set default value for UBI_VERSION build arg 
Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>
 2022-03-23 15:39:03 +01:00
Frederico Araujo
04cadee6fa fix(image): update package cache cleanup command 
Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>
 2022-03-23 15:39:03 +01:00