falco

mirror of https://github.com/falcosecurity/falco.git synced 2026-04-02 18:12:15 +00:00

Author	SHA1	Message	Date
Leonardo Di Giovanna	1d73b2f0a9	ci: restore minimum set of required permissions Commit #8171176 reduced workflow permissions and only allowed read accesses to repo content. However, some workflows require write permissions for token-id and attestations: these requirements resulted in both master and release CIs being broken in the last month. While still applying least privilege principle, this patch restores the minimum set of required ones. Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>	2026-04-01 11:28:39 +02:00
Gagan H R	8171176e31	ci: add top-level permissions to workflow files Add `permissions: contents: read` at the workflow level for bump-libs.yaml, format.yaml, master.yaml, and release.yaml to follow the principle of least privilege. Job-level permissions that require elevated access will override this as expected. Signed-off-by: Gagan H R <hrgagan4@gmail.com>	2026-03-11 18:05:08 +01:00
Leonardo Di Giovanna	43aaffc4e0	chore!: drop gRPC output and server support Falco 0.43.0 deprecated the gRPC output and server supports. Drop their supports as well as any reference to them. BREAKING CHANGE: drop gRPC output and server support Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>	2026-02-05 17:21:54 +01:00
Leonardo Di Giovanna	387499546f	chore!: drop legacy BPF probe Falco 0.43.0 deprecated the legacy eBPF probe. Drop it as well as any reference to it. BREAKING CHANGE: drop legacy eBPF probe Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>	2026-02-05 13:15:54 +01:00
Leonardo Grasso	ae9c2fbbc3	revert: "chore(.github): put back temporary action for GPG key roation" This reverts commit `abcc058605`. Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2026-01-29 09:25:20 +01:00
Leonardo Grasso	929b27b897	fix: consolidate RPM signing logic into `publish-rpm` Co-authored-by: irozzo-1A <iacopo@sysdig.com> Co-authored-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com> Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2026-01-19 16:36:17 +01:00
irozzo-1A	abcc058605	chore(.github): put back temporary action for GPG key roation This reverts commit `c93a6a8bd9`. Signed-off-by: irozzo-1A <iacopo@sysdig.com>	2026-01-19 16:36:17 +01:00
Leonardo Grasso	c93a6a8bd9	revert: chore(.github): temporary action for GPG key roation This reverts commit `edcb7a5dca`. Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2026-01-14 12:05:56 +01:00
Leonardo Grasso	edcb7a5dca	chore(.github): temporary action for GPG key roation Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2026-01-12 17:10:44 +01:00
irozzo-1A	11e8f82c6c	Revert "fix(.github): ghcr.io rate-limit mitigation" This reverts commit `2d9f1f1abc`. Signed-off-by: irozzo-1A <iacopo@sysdig.com>	2025-12-12 13:08:39 +01:00
irozzo-1A	03adda8656	Revert "chore(build): attempt mitigation to rate-limiter issuo on ghcr.io" This reverts commit `a9e8063e58`. Signed-off-by: irozzo-1A <iacopo@sysdig.com>	2025-12-12 13:08:39 +01:00
irozzo-1A	a9e8063e58	chore(build): attempt mitigation to rate-limiter issuo on ghcr.io Signed-off-by: irozzo-1A <iacopo@sysdig.com>	2025-12-01 12:54:18 +01:00
Leonardo Grasso	2d9f1f1abc	fix(.github): ghcr.io rate-limit mitigation Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2025-11-27 19:14:54 +01:00
Leonardo Grasso	ecbf70b354	fix(.github/workflow): upgrade (no more available) systemd-rpm-macros package Signed-off-by: Leonardo Grasso <me@leonardograsso.com>	2025-10-31 16:09:47 +01:00
Samuel Gaist	5faef4e65a	fix(ci): install NSIS for building Windows package Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>	2025-09-16 09:38:29 +02:00
José Carlos Chávez	801e8bdbff	chore: adds labels to falco-debian, driver-loader and driver-loader-buster Signed-off-by: José Carlos Chávez <jcchavezs@gmail.com>	2025-08-11 10:46:35 +02:00
José Carlos Chávez	1fb0c85b19	feat: includes sha on the image labels Signed-off-by: José Carlos Chávez <jcchavezs@gmail.com>	2025-08-11 10:46:35 +02:00
Federico Di Pierro	08b9e0f065	chore(ci): disable mimalloc for master builds. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-07-28 11:31:05 +02:00
Federico Di Pierro	e13e384d37	new(ci): add optional input to reusable_build_packages workflow to enable jemalloc or mimalloc. Enable mimalloc in all CIs but release CI (keep it with jemalloc for now). Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-07-25 16:58:43 +02:00
Federico Di Pierro	68465f6f2e	fix(ci): use clang-19 to build modern_ebpf skeleton. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-04-23 16:36:26 +02:00
Federico Di Pierro	e8a6f72bc9	chore(ci): install systemd rpm macros from centos9. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-04-14 11:28:32 +02:00
Federico Di Pierro	7c3c8eccc4	fix(ci): properly install rpm `systemd-rpm-macro` package on building packages pipeline. Refs #3503: we need it because rpm pre/post install/remove scripts are evaluated at rpm package building time. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-04-11 10:49:11 +02:00
Federico Di Pierro	79bed43862	cleanup(ci): drop test-packages static jobs. Container plugin cannot be dynamically loaded on musl build, therefore some falcosecurity/testing tests are failing on it. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-02-26 13:08:26 +01:00
Federico Di Pierro	2752e0d60f	chore(ci): cleanup unused fields. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-02-26 13:08:26 +01:00
Federico Di Pierro	3d70a2cbd0	new(docker,scripts,ci): use an override config file to enable ISO 8601 output timeformat on docker images. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-02-12 18:13:06 +01:00
Federico Di Pierro	8ea272e7ed	chore: add back Falco static package to the release template. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-01-29 10:01:37 +01:00
Federico Di Pierro	aba535b76f	fix(ci): fixed reusable_build/publish_docker workflows. `upload-artifact` action since v4 does not allow to upload same artifact name multiple times. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-01-21 11:37:59 +01:00
Federico Di Pierro	c9e7047d1f	chore(ci): enable test-drivers for arm64 too. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-01-17 10:01:32 +01:00
Federico Di Pierro	ed4f330a2c	chore(ci:) switch to github provided arm runners. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-01-17 10:01:32 +01:00
Federico Di Pierro	b66814fdd0	chore(ci): bumped actions/upload-download-artifact. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-01-17 10:01:32 +01:00
Federico Di Pierro	437ec7633c	fix(ci): fixed Falco release debug symbols names. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-01-16 16:20:27 +01:00
Federico Di Pierro	5664e8715c	chore(ci): build Falco in RelWithDebInfo, and upload Falco debug symbols as github artifacts. Then, upload these artifacts as release assets. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-01-16 16:20:27 +01:00
Luca Guerra	1e455f30a6	update(ci): use 4cpu-16gb runners Signed-off-by: Luca Guerra <luca@guerra.sh>	2025-01-16 09:27:55 +01:00
Federico Di Pierro	0bdc5909ee	chore(ci): use another arm64 runner to enable back arm64 jobs. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2025-01-15 14:49:50 +01:00
Federico Di Pierro	3277d6e00b	chore(ci): enable jemalloc in musl build. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2024-12-20 13:17:54 +01:00
Luca Guerra	02f3db9835	cleanup(build): remove libelf dependency Signed-off-by: Luca Guerra <luca@guerra.sh>	2024-12-19 10:31:48 +01:00
Luca Guerra	129087a08b	fix(ci): consolidate sanitizers/not sanitizers jobs Signed-off-by: Luca Guerra <luca@guerra.sh>	2024-12-19 10:31:48 +01:00
Luca Guerra	3bc27afc14	fix(ci): use ubuntu 22.04 to build wasm due to a regression (undefined _main) Signed-off-by: Luca Guerra <luca@guerra.sh>	2024-12-19 10:31:48 +01:00
Luca Guerra	42de47a488	fix(ci): upgrade bpftool for static build Signed-off-by: Luca Guerra <luca@guerra.sh>	2024-12-19 10:31:48 +01:00
Luca Guerra	092b54cab6	update(build): link (BSD) libelf statically by default Signed-off-by: Luca Guerra <luca@guerra.sh>	2024-12-19 10:31:48 +01:00
Luca Guerra	e652d7fc85	Revert "update(build): disable musl builds" This reverts commit `30df5738a5`. Signed-off-by: Luca Guerra <luca@guerra.sh>	2024-12-19 10:31:48 +01:00
Federico Di Pierro	72f4715688	chore(ci): drop jemalloc from ASAN builds. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2024-12-10 15:11:03 +01:00
Federico Di Pierro	d007418fd3	new(cmake,ci): added support for using jemalloc allocator instead of glibc one. The jemalloc allocator is enabled by default for published packages. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2024-12-10 15:11:03 +01:00
cpanato	257ae9a8c0	add attestation Signed-off-by: cpanato <ctadeu@gmail.com>	2024-12-05 17:34:41 +01:00
Federico Di Pierro	c44d323b4b	chore(ci,docker): more fixes. Signed-off-by: Federico Di Pierro <nierro92@gmail.com> Co-authored-by: Leonardo Grasso <me@leonardograsso.com>	2024-11-05 17:38:11 +01:00
Federico Di Pierro	01ab1661c0	cleanup(ci): drop `-slim` tag. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2024-11-05 17:38:11 +01:00
Federico Di Pierro	58930ea8c0	new(ci,docker): renamed driver-loader-legacy to driver-loader-buster. Moreover, ported docker images CI to new images. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2024-11-05 17:38:11 +01:00
Luca Guerra	e4107c05a4	update(ci): replace aarch64 actuated runners with oracle Signed-off-by: Luca Guerra <luca@guerra.sh>	2024-11-05 10:59:09 +01:00
Federico Di Pierro	c19b637e36	fix(ci): fixed shasum computation for bump-libs CI. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2024-10-15 16:16:37 +02:00
Federico Di Pierro	b242f90510	chore(ci): use redhat advised method to check rpmsign success. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2024-10-10 10:17:17 +02:00

1 2 3 4 5

237 Commits