mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 19:44:57 +00:00
161 lines
5.7 KiB
YAML
161 lines
5.7 KiB
YAML
# This is a reusable workflow used by master and release CI
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
arch:
|
|
description: x86_64 or aarch64
|
|
required: true
|
|
type: string
|
|
version:
|
|
description: The Falco version to use when building packages
|
|
required: true
|
|
type: string
|
|
|
|
jobs:
|
|
build-modern-bpf-skeleton:
|
|
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
|
|
runs-on: ${{ (inputs.arch == 'aarch64' && fromJSON('[ "self-hosted", "linux", "ARM64" ]')) || 'ubuntu-latest' }}
|
|
container: fedora:latest
|
|
steps:
|
|
# Always install deps before invoking checkout action, to properly perform a full clone.
|
|
- name: Install build dependencies
|
|
run: |
|
|
dnf install -y bpftool ca-certificates cmake make automake gcc gcc-c++ kernel-devel clang git pkg-config autoconf automake libbpf-devel
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Build modern BPF skeleton
|
|
run: |
|
|
mkdir skeleton-build && cd skeleton-build
|
|
cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_FALCO_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off -DFALCO_VERSION=${{ inputs.version }} ..
|
|
make ProbeSkeleton -j6
|
|
|
|
- name: Upload skeleton
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: bpf_probe_${{ inputs.arch }}.skel.h
|
|
path: skeleton-build/skel_dir/bpf_probe.skel.h
|
|
|
|
build-packages:
|
|
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
|
|
runs-on: ${{ (inputs.arch == 'aarch64' && fromJSON('[ "self-hosted", "linux", "ARM64" ]')) || 'ubuntu-latest' }}
|
|
needs: [build-modern-bpf-skeleton]
|
|
container: centos:7
|
|
steps:
|
|
# Always install deps before invoking checkout action, to properly perform a full clone.
|
|
- name: Install build dependencies
|
|
run: |
|
|
yum -y install centos-release-scl
|
|
yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++
|
|
source /opt/rh/devtoolset-9/enable
|
|
yum install -y wget git make m4 rpm-build
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Download skeleton
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: bpf_probe_${{ inputs.arch }}.skel.h
|
|
path: /tmp
|
|
|
|
- name: Install updated cmake
|
|
run: |
|
|
curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz
|
|
gzip -d /tmp/cmake.tar.gz
|
|
tar -xpf /tmp/cmake.tar --directory=/tmp
|
|
cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr
|
|
rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)
|
|
|
|
- name: Prepare project
|
|
run: |
|
|
mkdir build && cd build
|
|
source /opt/rh/devtoolset-9/enable
|
|
cmake \
|
|
-DCMAKE_BUILD_TYPE=Release \
|
|
-DUSE_BUNDLED_DEPS=On \
|
|
-DFALCO_ETC_DIR=/etc/falco \
|
|
-DBUILD_FALCO_MODERN_BPF=ON \
|
|
-DMODERN_BPF_SKEL_DIR=/tmp \
|
|
-DBUILD_DRIVER=Off \
|
|
-DBUILD_BPF=Off \
|
|
-DFALCO_VERSION=${{ inputs.version }} \
|
|
..
|
|
|
|
- name: Build project
|
|
run: |
|
|
cd build
|
|
source /opt/rh/devtoolset-9/enable
|
|
make falco -j6
|
|
|
|
- name: Build packages
|
|
run: |
|
|
cd build
|
|
source /opt/rh/devtoolset-9/enable
|
|
make package
|
|
|
|
- name: Upload Falco tar.gz package
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: falco-${{ inputs.version }}-${{ inputs.arch }}.tar.gz
|
|
path: |
|
|
${{ github.workspace }}/build/falco-*.tar.gz
|
|
|
|
- name: Upload Falco deb package
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: falco-${{ inputs.version }}-${{ inputs.arch }}.deb
|
|
path: |
|
|
${{ github.workspace }}/build/falco-*.deb
|
|
|
|
- name: Upload Falco rpm package
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: falco-${{ inputs.version }}-${{ inputs.arch }}.rpm
|
|
path: |
|
|
${{ github.workspace }}/build/falco-*.rpm
|
|
|
|
build-musl-package:
|
|
# x86_64 only for now
|
|
if: ${{ inputs.arch == 'x86_64' }}
|
|
runs-on: ubuntu-latest
|
|
container: alpine:3.17
|
|
steps:
|
|
# Always install deps before invoking checkout action, to properly perform a full clone.
|
|
- name: Install build dependencies
|
|
run: |
|
|
apk add g++ gcc cmake make git bash perl linux-headers autoconf automake m4 libtool elfutils-dev libelf-static patch binutils bpftool clang
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Prepare project
|
|
run: |
|
|
mkdir build && cd build
|
|
cmake -DCPACK_GENERATOR=TGZ -DBUILD_BPF=Off -DBUILD_DRIVER=Off -DCMAKE_BUILD_TYPE=Release -DUSE_BUNDLED_DEPS=On -DUSE_BUNDLED_LIBELF=Off -DBUILD_LIBSCAP_MODERN_BPF=ON -DMUSL_OPTIMIZED_BUILD=On -DFALCO_ETC_DIR=/etc/falco ../ -DFALCO_VERSION=${{ inputs.version }}
|
|
|
|
- name: Build project
|
|
run: |
|
|
cd build
|
|
make -j6 all
|
|
|
|
- name: Build packages
|
|
run: |
|
|
cd build
|
|
make -j6 package
|
|
|
|
- name: Rename static package
|
|
run: |
|
|
cd build
|
|
mv falco-${{ inputs.version }}-x86_64.tar.gz falco-${{ inputs.version }}-static-x86_64.tar.gz
|
|
|
|
- name: Upload Falco static package
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: falco-${{ inputs.version }}-static-x86_64.tar.gz
|
|
path: |
|
|
${{ github.workspace }}/build/falco-${{ inputs.version }}-static-x86_64.tar.gz
|