new(docker): introduce a new development docker image

Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>

.circleci/config.yml

@@ -555,7 +555,7 @@ jobs:
           name: Build and publish no-driver
           command: |
             cd /source/falco
-            docker buildx build --push --build-arg VERSION_BUCKET=bin-dev --build-arg FALCO_VERSION=${CIRCLE_TAG} \
+            docker buildx build --push --build-arg VERSION_BUCKET=bin --build-arg FALCO_VERSION=${CIRCLE_TAG} \
               -t "falcosecurity/falco-no-driver:x86_64-${CIRCLE_TAG}" \
               -t falcosecurity/falco-no-driver:x86_64-latest \
               -t "falcosecurity/falco:x86_64-${CIRCLE_TAG}-slim" \
@@ -569,7 +569,7 @@ jobs:
           name: Build and publish falco
           command: |
             cd /source/falco
-            docker buildx build --push --build-arg VERSION_BUCKET=deb-dev --build-arg FALCO_VERSION=${CIRCLE_TAG} \
+            docker buildx build --push --build-arg VERSION_BUCKET=deb --build-arg FALCO_VERSION=${CIRCLE_TAG} \
               -t "falcosecurity/falco:x86_64-${CIRCLE_TAG}" \
               -t "falcosecurity/falco:x86_64-latest" \
               -t "public.ecr.aws/falcosecurity/falco:x86_64-${CIRCLE_TAG}" \
@@ -624,7 +624,7 @@ jobs:
           name: Build and publish falco
           command: |
             cd /tmp/source-arm64/falco
-            docker buildx build --push --build-arg VERSION_BUCKET=deb-dev --build-arg FALCO_VERSION=${CIRCLE_TAG} \
+            docker buildx build --push --build-arg VERSION_BUCKET=deb --build-arg FALCO_VERSION=${CIRCLE_TAG} \
               -t "falcosecurity/falco:aarch64-${CIRCLE_TAG}" \
               -t "falcosecurity/falco:aarch64-latest" \
               -t "public.ecr.aws/falcosecurity/falco:aarch64-${CIRCLE_TAG}" \

CMakeLists.txt

@@ -233,3 +233,5 @@ endif()
 
 # Packages configuration
 include(CPackConfig)
+
+add_subdirectory(docker/dev)

docker/README.md

@@ -13,5 +13,6 @@ This directory contains various ways to package Falco as a container and related
 | [falcosecurity/falco-builder:latest](https://hub.docker.com/repository/docker/falcosecurity/falco-builder) | docker/builder | The complete build tool chain for compiling Falco from source. See [the documentation](https://falco.org/docs/getting-started/source/) for more details on building from source. Used to build Falco (CI). |
 | [falcosecurity/falco-tester:latest](https://hub.docker.com/repository/docker/falcosecurity/falco-tester) | docker/tester | Container image for running the Falco test suite. Used to run Falco integration tests (CI). |
 | _not to be published_ | docker/local | Built on-the-fly and used by falco-tester. |
+| _not to be published_ | docker/dev | Built on-the-fly to test local Falco development. |
 
-> Note: `falco-builder`, `falco-tester` (and the `docker/local` image that it's built on the fly) are not integrated into the release process because they are development and CI tools that need to be manually pushed only when updated.
+> Note: `falco-builder`, `falco-tester`, `docker/local`, `docker/dev` images are not integrated into the release process because they are development and CI tools that need to be manually pushed only when updated.

docker/dev/CMakeLists.txt

@@ -0,0 +1,20 @@
+# Build a docker container for local development
+if(CMAKE_SYSTEM_NAME MATCHES "Linux")
+  set(DEV_DOCKER_CXT ${CMAKE_BINARY_DIR}/docker/dev-docker-ctx)
+
+  # This target prepares the `tar.gz` artifact that will be passed to the dockerfile.
+  add_custom_target(dev-docker-prepare
+    COMMAND mkdir -p ${DEV_DOCKER_CXT}
+    COMMAND "${CMAKE_COMMAND}" --build . --target package
+    COMMAND ${CMAKE_COMMAND} -E copy_if_different ${CMAKE_BINARY_DIR}/falco-${FALCO_VERSION}-${FALCO_TARGET_ARCH}.tar.gz ${DEV_DOCKER_CXT}/falco.tar.gz
+    DEPENDS falco
+  )
+
+  add_custom_target(dev-docker
+    COMMAND docker build
+      --tag falco-nodriver-dev
+      -f ${CMAKE_SOURCE_DIR}/docker/dev/nodriver.Dockerfile
+      ${DEV_DOCKER_CXT}
+    DEPENDS dev-docker-prepare
+  )
+endif()

docker/dev/README.md

@@ -0,0 +1,59 @@
+# Falco development image
+
+This docker image can be easily generated starting from a clean Falco build.
+
+## 1. Clone the Falco repo ⬇️
+
+```bash
+git clone https://github.com/falcosecurity/falco.git
+```
+
+## 2. Prepare the build directory 🏗️
+
+### `falco-runner-image` tag
+
+The CMake command that we will see in the next section builds Falco locally on your machine, and push it into a docker image, so as you may imagine the final image that will run Falco must have a similar `GLIBC` version to your local one. For this reason, you have to use docker tags.
+
+The `nodriver.Dockerfile` will use the `falco-runner-image` tag to build the final image as you can see here:
+
+```dockerfile
+FROM falco-runner-image AS runner
+
+...
+```
+
+For example, if I build Falco locally on a un `ubuntu:22-04` machine I will instruct docker to use `ubuntu:22-04` as a final running image.
+
+```bash
+docker tag ubuntu:22.04 falco-runner-image
+```
+
+In this way the `nodriver.Dockerfile` will use `ubuntu:22-04` during the building phase.
+
+### Cmake command
+
+Now that we set the `falco-runner-image` tag, we are ready to build our Falco image. Starting from the project root:
+
+```bash
+mkdir build && cd build
+cmake -DUSE_BUNDLED_DEPS=On -DCREATE_TEST_TARGETS=Off -DCPACK_GENERATOR=TGZ -DFALCO_ETC_DIR=/etc/falco ..
+make dev-docker
+```
+> __Please note__: These cmake options `-DUSE_BUNDLED_DEPS=On -DCREATE_TEST_TARGETS=Off -DCPACK_GENERATOR=TGZ -DFALCO_ETC_DIR=/etc/falco` are the required ones but you can provide additional options to build the image according to your needs (for example you can pass `-DMINIMAL_BUILD=On` if you want a minimal build image or `-DBUILD_FALCO_MODERN_BPF=ON` if you want to include the modern bpf probe inside the image)
+
+## 3. Run the docker image locally 🏎️
+
+```bash
+docker run --rm -i -t \
+           --privileged \
+           -v /var/run/docker.sock:/host/var/run/docker.sock \
+           -v /dev:/host/dev \
+           -v /proc:/host/proc:ro \
+           falco-nodriver-dev
+```
+
+If you change something in the Falco source code you can simply rebuild the image with:
+
+```bash
+make dev-docker
+```

docker/dev/nodriver.Dockerfile

@@ -0,0 +1,33 @@
+FROM ubuntu:22.04 AS builder
+
+COPY ./falco.tar.gz /
+
+WORKDIR /
+
+# 1. We remove the Falco directory with the name related to the version and the arch
+# 2. We remove the source folder
+# 3. We remove the `falco-driver-loader` binary
+RUN mkdir falco; \
+    tar -xzf falco.tar.gz -C falco --strip-component 1; \
+    rm -rf /falco/usr/src; \
+    rm /falco/usr/bin/falco-driver-loader
+
+# the time displayed in log messages and output messages will be in ISO 8601.
+RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /falco/etc/falco/falco.yaml > /falco/etc/falco/falco.yaml.new; \
+    mv /falco/etc/falco/falco.yaml.new /falco/etc/falco/falco.yaml
+
+# Please note: it could be necessary to change this base image according
+# to the `glibc` version of the machine where you build the tar.gz package
+# use `docker tag ubuntu:22.04 falco-runner-image` for example
+FROM falco-runner-image AS runner
+
+LABEL name="falcosecurity/falco-nodriver-dev"
+LABEL maintainer="cncf-falco-dev@lists.cncf.io"
+LABEL usage="docker run -it --rm --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro --name NAME IMAGE"
+
+COPY --from=builder /falco /
+
+ENV HOST_ROOT /host
+ENV HOME /root
+
+CMD ["/usr/bin/falco", "-o", "time_format_iso_8601=true"]