mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 19:44:57 +00:00
d0ceba83b4
Docker builder image was updated to remove the libelf and libz deps as they are now properly bundled, in BUNDLED_DEPS mode. Finally, circleci musl job was updated to enforce the use of alpine-provided libelf package, since it is already static, and building libelf on musl is pretty cumbersome. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
933 lines
38 KiB
YAML
933 lines
38 KiB
YAML
version: 2.1
|
|
jobs:
|
|
"build-arm64":
|
|
machine:
|
|
enabled: true
|
|
image: ubuntu-2004:202101-01
|
|
resource_class: arm.medium
|
|
steps:
|
|
- checkout:
|
|
path: /tmp/source-arm64/falco
|
|
- run:
|
|
name: Prepare project
|
|
command: |
|
|
mkdir -p /tmp/build-arm64 && mkdir -p /tmp/build-arm64/release && \
|
|
docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \
|
|
falcosecurity/falco-builder:latest \
|
|
cmake
|
|
- run:
|
|
name: Build
|
|
command: |
|
|
docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \
|
|
falcosecurity/falco-builder:latest \
|
|
all
|
|
- run:
|
|
name: Run unit tests
|
|
command: |
|
|
docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \
|
|
falcosecurity/falco-builder:latest \
|
|
tests
|
|
- run:
|
|
name: Build packages
|
|
command: |
|
|
docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \
|
|
falcosecurity/falco-builder:latest \
|
|
package
|
|
- run:
|
|
name: Prepare Artifacts
|
|
command: |
|
|
mkdir -p /tmp/packages
|
|
cp /tmp/build-arm64/release/*.deb /tmp/packages
|
|
cp /tmp/build-arm64/release/*.tar.gz /tmp/packages
|
|
cp /tmp/build-arm64/release/*.rpm /tmp/packages
|
|
- store_artifacts:
|
|
path: /tmp/packages
|
|
destination: /packages
|
|
- persist_to_workspace:
|
|
root: /tmp
|
|
paths:
|
|
- build-arm64/release
|
|
- source-arm64
|
|
# Build a statically linked Falco release binary using musl
|
|
# This build is 100% static, there are no host dependencies
|
|
"build-musl":
|
|
docker:
|
|
- image: alpine:3.12
|
|
steps:
|
|
- checkout:
|
|
path: /source-static/falco
|
|
- run:
|
|
name: Update base image
|
|
command: apk update
|
|
- run:
|
|
name: Install build dependencies
|
|
command: apk add g++ gcc cmake make git bash perl linux-headers autoconf automake m4 libtool elfutils-dev libelf-static patch binutils
|
|
- run:
|
|
name: Prepare project
|
|
command: |
|
|
mkdir -p /build-static/release
|
|
cd /build-static/release
|
|
cmake -DCPACK_GENERATOR=TGZ -DBUILD_BPF=Off -DBUILD_DRIVER=Off -DCMAKE_BUILD_TYPE=Release -DUSE_BUNDLED_DEPS=On -DUSE_BUNDLED_LIBELF=Off -DMUSL_OPTIMIZED_BUILD=On -DFALCO_ETC_DIR=/etc/falco /source-static/falco
|
|
- run:
|
|
name: Build
|
|
command: |
|
|
cd /build-static/release
|
|
make -j4 all
|
|
- run:
|
|
name: Package
|
|
command: |
|
|
cd /build-static/release
|
|
make -j4 package
|
|
- run:
|
|
name: Run unit tests
|
|
command: |
|
|
cd /build-static/release
|
|
make tests
|
|
- run:
|
|
name: Prepare artifacts
|
|
command: |
|
|
mkdir -p /tmp/packages
|
|
cp /build-static/release/*.tar.gz /tmp/packages
|
|
- store_artifacts:
|
|
path: /tmp/packages
|
|
destination: /packages
|
|
- persist_to_workspace:
|
|
root: /
|
|
paths:
|
|
- build-static/release
|
|
- source-static
|
|
# Build using our own builder base image using centos 7
|
|
# This build is static, dependencies are bundled in the Falco binary
|
|
"build-centos7":
|
|
docker:
|
|
- image: falcosecurity/falco-builder:latest
|
|
environment:
|
|
BUILD_TYPE: "release"
|
|
steps:
|
|
- checkout:
|
|
path: /source/falco
|
|
- run:
|
|
name: Prepare project
|
|
command: /usr/bin/entrypoint cmake
|
|
- run:
|
|
name: Build
|
|
command: /usr/bin/entrypoint all
|
|
- run:
|
|
name: Run unit tests
|
|
command: /usr/bin/entrypoint tests
|
|
- run:
|
|
name: Build packages
|
|
command: /usr/bin/entrypoint package
|
|
- persist_to_workspace:
|
|
root: /
|
|
paths:
|
|
- build/release
|
|
- source
|
|
- run:
|
|
name: Prepare artifacts
|
|
command: |
|
|
mkdir -p /tmp/packages
|
|
cp /build/release/*.deb /tmp/packages
|
|
cp /build/release/*.tar.gz /tmp/packages
|
|
cp /build/release/*.rpm /tmp/packages
|
|
- store_artifacts:
|
|
path: /tmp/packages
|
|
destination: /packages
|
|
# Execute integration tests based on the build results coming from the "build-centos7" job
|
|
"tests-integration":
|
|
docker:
|
|
- image: falcosecurity/falco-tester:latest
|
|
environment:
|
|
SOURCE_DIR: "/source"
|
|
BUILD_DIR: "/build"
|
|
BUILD_TYPE: "release"
|
|
steps:
|
|
- setup_remote_docker
|
|
- attach_workspace:
|
|
at: /
|
|
- run:
|
|
name: Execute integration tests
|
|
command: /usr/bin/entrypoint test
|
|
- store_test_results:
|
|
path: /build/release/integration-tests-xunit
|
|
"tests-integration-static":
|
|
docker:
|
|
- image: falcosecurity/falco-tester:latest
|
|
environment:
|
|
SOURCE_DIR: "/source-static"
|
|
BUILD_DIR: "/build-static"
|
|
BUILD_TYPE: "release"
|
|
SKIP_PACKAGES_TESTS: "true"
|
|
SKIP_PLUGINS_TESTS: "true"
|
|
steps:
|
|
- setup_remote_docker
|
|
- attach_workspace:
|
|
at: /
|
|
- run:
|
|
name: Execute integration tests
|
|
command: /usr/bin/entrypoint test
|
|
- store_test_results:
|
|
path: /build-static/release/integration-tests-xunit
|
|
# Execute integration tests based on the build results coming from the "build-arm64" job
|
|
"tests-integration-arm64":
|
|
machine:
|
|
enabled: true
|
|
image: ubuntu-2004:202101-01
|
|
resource_class: arm.medium
|
|
steps:
|
|
- attach_workspace:
|
|
at: /tmp
|
|
- run:
|
|
name: Execute integration tests
|
|
command: |
|
|
docker run -e BUILD_TYPE="release" -e BUILD_DIR="/build" -e SOURCE_DIR="/source" -it -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \
|
|
falcosecurity/falco-tester:latest \
|
|
test
|
|
- store_test_results:
|
|
path: /tmp/build-arm64/release/integration-tests-xunit
|
|
"tests-driver-loader-integration":
|
|
machine:
|
|
image: ubuntu-2004:202107-02
|
|
steps:
|
|
- attach_workspace:
|
|
at: /tmp/ws
|
|
- run:
|
|
name: Execute driver-loader integration tests
|
|
command: /tmp/ws/source/falco/test/driver-loader/run_test.sh /tmp/ws/build/release/
|
|
# Code quality
|
|
"quality-static-analysis":
|
|
docker:
|
|
- image: falcosecurity/falco-builder:latest
|
|
environment:
|
|
BUILD_TYPE: "release"
|
|
steps:
|
|
- run:
|
|
name: Install cppcheck
|
|
command: |
|
|
yum update -y
|
|
yum install epel-release -y
|
|
yum install cppcheck cppcheck-htmlreport -y
|
|
- checkout:
|
|
path: /source/falco
|
|
- run:
|
|
name: Prepare project
|
|
command: /usr/bin/entrypoint cmake
|
|
- run:
|
|
name: cppcheck
|
|
command: /usr/bin/entrypoint cppcheck
|
|
- run:
|
|
name: cppcheck html report
|
|
command: /usr/bin/entrypoint cppcheck_htmlreport
|
|
- store_artifacts:
|
|
path: /build/release/static-analysis-reports
|
|
destination: /static-analysis-reports
|
|
# Sign rpm packages
|
|
"rpm-sign":
|
|
docker:
|
|
- image: falcosecurity/falco-builder:latest
|
|
steps:
|
|
- attach_workspace:
|
|
at: /
|
|
- run:
|
|
name: Install rpmsign
|
|
command: |
|
|
yum update -y
|
|
yum install rpm-sign -y
|
|
- run:
|
|
name: Prepare
|
|
command: |
|
|
echo "%_signature gpg" > ~/.rpmmacros
|
|
echo "%_gpg_name Falcosecurity Package Signing" >> ~/.rpmmacros
|
|
echo "%__gpg_sign_cmd %{__gpg} --force-v3-sigs --batch --no-armor --passphrase-fd 3 --no-secmem-warning -u \"%{_gpg_name}\" -sb --digest-algo sha256 %{__plaintext_filename}'" >> ~/.rpmmacros
|
|
cat > ~/sign \<<EOF
|
|
#!/usr/bin/expect -f
|
|
spawn rpmsign --addsign {*}\$argv
|
|
expect -exact "Enter pass phrase: "
|
|
send -- "\n"
|
|
expect eof
|
|
EOF
|
|
chmod +x ~/sign
|
|
echo $GPG_KEY | base64 -d | gpg --import
|
|
- run:
|
|
name: Sign rpm x86_64
|
|
command: |
|
|
cd /build/release/
|
|
~/sign *.rpm
|
|
rpm --qf %{SIGPGP:pgpsig} -qp *.rpm | grep SHA256
|
|
- run:
|
|
name: Sign rpm arm64
|
|
command: |
|
|
cd /build-arm64/release/
|
|
~/sign *.rpm
|
|
rpm --qf %{SIGPGP:pgpsig} -qp *.rpm | grep SHA256
|
|
- persist_to_workspace:
|
|
root: /
|
|
paths:
|
|
- build/release/*.rpm
|
|
- build-arm64/release/*.rpm
|
|
# Publish the dev packages
|
|
"publish-packages-dev":
|
|
docker:
|
|
- image: docker.io/centos:7
|
|
steps:
|
|
- attach_workspace:
|
|
at: /
|
|
- run:
|
|
name: Setup
|
|
command: |
|
|
yum install epel-release -y
|
|
yum update -y
|
|
yum install createrepo gpg python python-pip -y
|
|
pip install awscli==1.19.47
|
|
echo $GPG_KEY | base64 -d | gpg --import
|
|
- run:
|
|
name: Publish rpm-dev
|
|
command: |
|
|
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
|
|
/source/falco/scripts/publish-rpm -f /build/release/falco-${FALCO_VERSION}-x86_64.rpm -f /build-arm64/release/falco-${FALCO_VERSION}-aarch64.rpm -r rpm-dev
|
|
- run:
|
|
name: Publish bin-dev
|
|
command: |
|
|
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
|
|
/source/falco/scripts/publish-bin -f /build/release/falco-${FALCO_VERSION}-x86_64.tar.gz -r bin-dev -a x86_64
|
|
/source/falco/scripts/publish-bin -f /build-arm64/release/falco-${FALCO_VERSION}-aarch64.tar.gz -r bin-dev -a aarch64
|
|
- run:
|
|
name: Publish bin-static-dev
|
|
command: |
|
|
FALCO_VERSION=$(cat /build-static/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
|
|
cp -f /build-static/release/falco-${FALCO_VERSION}-x86_64.tar.gz /build-static/release/falco-${FALCO_VERSION}-static-x86_64.tar.gz
|
|
/source/falco/scripts/publish-bin -f /build-static/release/falco-${FALCO_VERSION}-static-x86_64.tar.gz -r bin-dev -a x86_64
|
|
"publish-packages-deb-dev":
|
|
docker:
|
|
- image: docker.io/debian:stable
|
|
steps:
|
|
- attach_workspace:
|
|
at: /
|
|
- run:
|
|
name: Setup
|
|
command: |
|
|
apt update -y
|
|
apt-get install apt-utils bzip2 gpg python python3-pip -y
|
|
pip install awscli
|
|
echo $GPG_KEY | base64 -d | gpg --import
|
|
- run:
|
|
name: Publish deb-dev
|
|
command: |
|
|
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
|
|
/source/falco/scripts/publish-deb -f /build/release/falco-${FALCO_VERSION}-x86_64.deb -f /build-arm64/release/falco-${FALCO_VERSION}-aarch64.deb -r deb-dev
|
|
|
|
"build-docker-dev":
|
|
docker:
|
|
- image: alpine:3.16
|
|
steps:
|
|
- attach_workspace:
|
|
at: /
|
|
- setup_remote_docker:
|
|
version: 20.10.12
|
|
docker_layer_caching: true
|
|
- run:
|
|
name: Install deps
|
|
command: |
|
|
apk update
|
|
apk add make bash git docker docker-cli-buildx py3-pip
|
|
pip install awscli
|
|
- run:
|
|
name: Login to registries
|
|
command: |
|
|
echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
|
|
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/falcosecurity
|
|
- run:
|
|
name: Build and publish no-driver-dev
|
|
command: |
|
|
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
|
|
cd /source/falco
|
|
docker buildx build --push --build-arg VERSION_BUCKET=bin-dev --build-arg FALCO_VERSION=${FALCO_VERSION} \
|
|
-t falcosecurity/falco-no-driver:x86_64-master \
|
|
-t falcosecurity/falco:x86_64-master-slim \
|
|
-t public.ecr.aws/falcosecurity/falco-no-driver:x86_64-master \
|
|
-t public.ecr.aws/falcosecurity/falco:x86_64-master-slim \
|
|
docker/no-driver
|
|
- run:
|
|
name: Build and publish falco-dev
|
|
command: |
|
|
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
|
|
cd /source/falco
|
|
docker buildx build --push --build-arg VERSION_BUCKET=deb-dev --build-arg FALCO_VERSION=${FALCO_VERSION} \
|
|
-t falcosecurity/falco:x86_64-master \
|
|
-t public.ecr.aws/falcosecurity/falco:x86_64-master \
|
|
docker/falco
|
|
- run:
|
|
name: Build and publish falco-driver-loader-dev
|
|
command: |
|
|
cd /source/falco
|
|
docker buildx build --push --build-arg FALCO_IMAGE_TAG=x86_64-master \
|
|
-t falcosecurity/falco-driver-loader:x86_64-master \
|
|
-t public.ecr.aws/falcosecurity/falco-driver-loader:x86_64-master \
|
|
docker/driver-loader
|
|
|
|
"build-docker-dev-arm64":
|
|
machine:
|
|
enabled: true
|
|
image: ubuntu-2004:202101-01
|
|
docker_layer_caching: true
|
|
resource_class: arm.medium
|
|
steps:
|
|
- attach_workspace:
|
|
at: /tmp
|
|
- run:
|
|
name: Install deps
|
|
command: |
|
|
sudo apt update
|
|
sudo apt install groff less python3-pip
|
|
pip install awscli
|
|
- run:
|
|
name: Login to registries
|
|
command: |
|
|
echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
|
|
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/falcosecurity
|
|
- run:
|
|
name: Build and publish no-driver-dev
|
|
command: |
|
|
FALCO_VERSION=$(cat /tmp/build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
|
|
cd /tmp/source-arm64/falco
|
|
docker buildx build --push --build-arg VERSION_BUCKET=bin-dev --build-arg FALCO_VERSION=${FALCO_VERSION} \
|
|
-t falcosecurity/falco-no-driver:aarch64-master \
|
|
-t falcosecurity/falco:aarch64-master-slim \
|
|
-t public.ecr.aws/falcosecurity/falco-no-driver:aarch64-master \
|
|
-t public.ecr.aws/falcosecurity/falco:aarch64-master-slim \
|
|
docker/no-driver
|
|
- run:
|
|
name: Build and publish falco-dev
|
|
command: |
|
|
FALCO_VERSION=$(cat /tmp/build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
|
|
cd /tmp/source-arm64/falco
|
|
docker buildx build --push --build-arg VERSION_BUCKET=deb-dev --build-arg FALCO_VERSION=${FALCO_VERSION} \
|
|
-t falcosecurity/falco:aarch64-master \
|
|
-t public.ecr.aws/falcosecurity/falco:aarch64-master \
|
|
docker/falco
|
|
- run:
|
|
name: Build and publish falco-driver-loader-dev
|
|
command: |
|
|
cd /tmp/source-arm64/falco
|
|
docker buildx build --push --build-arg FALCO_IMAGE_TAG=aarch64-master \
|
|
-t falcosecurity/falco-driver-loader:aarch64-master \
|
|
-t public.ecr.aws/falcosecurity/falco-driver-loader:aarch64-master \
|
|
docker/driver-loader
|
|
|
|
# Publish docker packages
|
|
"publish-docker-dev":
|
|
docker:
|
|
- image: cimg/base:stable
|
|
user: root
|
|
steps:
|
|
- setup_remote_docker:
|
|
version: 20.10.12
|
|
- run:
|
|
name: Install deps
|
|
command: |
|
|
sudo apt update
|
|
sudo apt install groff less python3-pip
|
|
pip install awscli
|
|
- run:
|
|
name: Login to registries
|
|
command: |
|
|
echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
|
|
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/falcosecurity
|
|
- run:
|
|
name: Upload no-driver-dev manifest to registries
|
|
command: |
|
|
docker manifest create falcosecurity/falco-no-driver:master \
|
|
falcosecurity/falco-no-driver:aarch64-master \
|
|
falcosecurity/falco-no-driver:x86_64-master
|
|
docker manifest push falcosecurity/falco-no-driver:master
|
|
|
|
docker manifest create falcosecurity/falco:master-slim \
|
|
falcosecurity/falco:aarch64-master-slim \
|
|
falcosecurity/falco:x86_64-master-slim
|
|
docker manifest push falcosecurity/falco:master-slim
|
|
|
|
docker manifest create public.ecr.aws/falcosecurity/falco-no-driver:master \
|
|
public.ecr.aws/falcosecurity/falco-no-driver:aarch64-master \
|
|
public.ecr.aws/falcosecurity/falco-no-driver:x86_64-master
|
|
docker manifest push public.ecr.aws/falcosecurity/falco-no-driver:master
|
|
|
|
docker manifest create public.ecr.aws/falcosecurity/falco:master-slim \
|
|
public.ecr.aws/falcosecurity/falco:aarch64-master-slim \
|
|
public.ecr.aws/falcosecurity/falco:x86_64-master-slim
|
|
docker manifest push public.ecr.aws/falcosecurity/falco:master-slim
|
|
- run:
|
|
name: Upload falco-dev manifest to registries
|
|
command: |
|
|
docker manifest create falcosecurity/falco:master \
|
|
falcosecurity/falco:aarch64-master \
|
|
falcosecurity/falco:x86_64-master
|
|
docker manifest push falcosecurity/falco:master
|
|
|
|
docker manifest create public.ecr.aws/falcosecurity/falco:master \
|
|
public.ecr.aws/falcosecurity/falco:aarch64-master \
|
|
public.ecr.aws/falcosecurity/falco:x86_64-master
|
|
docker manifest push public.ecr.aws/falcosecurity/falco:master
|
|
- run:
|
|
name: Upload falco-driver-loader-dev manifest to registries
|
|
command: |
|
|
docker manifest create falcosecurity/falco-driver-loader:master \
|
|
falcosecurity/falco-driver-loader:aarch64-master \
|
|
falcosecurity/falco-driver-loader:x86_64-master
|
|
docker manifest push falcosecurity/falco-driver-loader:master
|
|
|
|
docker manifest create public.ecr.aws/falcosecurity/falco-driver-loader:master \
|
|
public.ecr.aws/falcosecurity/falco-driver-loader:aarch64-master \
|
|
public.ecr.aws/falcosecurity/falco-driver-loader:x86_64-master
|
|
docker manifest push public.ecr.aws/falcosecurity/falco-driver-loader:master
|
|
|
|
# Publish the packages
|
|
"publish-packages":
|
|
docker:
|
|
- image: docker.io/centos:7
|
|
steps:
|
|
- attach_workspace:
|
|
at: /
|
|
- run:
|
|
name: Setup
|
|
command: |
|
|
yum install epel-release -y
|
|
yum update -y
|
|
yum install createrepo gpg python python-pip -y
|
|
pip install awscli==1.19.47
|
|
echo $GPG_KEY | base64 -d | gpg --import
|
|
- run:
|
|
name: Publish rpm
|
|
command: |
|
|
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
|
|
/source/falco/scripts/publish-rpm -f /build/release/falco-${FALCO_VERSION}-x86_64.rpm -f /build-arm64/release/falco-${FALCO_VERSION}-aarch64.rpm -r rpm
|
|
- run:
|
|
name: Publish bin
|
|
command: |
|
|
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
|
|
/source/falco/scripts/publish-bin -f /build/release/falco-${FALCO_VERSION}-x86_64.tar.gz -r bin -a x86_64
|
|
/source/falco/scripts/publish-bin -f /build-arm64/release/falco-${FALCO_VERSION}-aarch64.tar.gz -r bin -a aarch64
|
|
- run:
|
|
name: Publish bin-static
|
|
command: |
|
|
FALCO_VERSION=$(cat /build-static/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
|
|
cp -f /build-static/release/falco-${FALCO_VERSION}-x86_64.tar.gz /build-static/release/falco-${FALCO_VERSION}-static-x86_64.tar.gz
|
|
/source/falco/scripts/publish-bin -f /build-static/release/falco-${FALCO_VERSION}-static-x86_64.tar.gz -r bin -a x86_64
|
|
"publish-packages-deb":
|
|
docker:
|
|
- image: docker.io/debian:stable
|
|
steps:
|
|
- attach_workspace:
|
|
at: /
|
|
- run:
|
|
name: Setup
|
|
command: |
|
|
apt update -y
|
|
apt-get install apt-utils bzip2 gpg python python3-pip -y
|
|
pip install awscli
|
|
echo $GPG_KEY | base64 -d | gpg --import
|
|
- run:
|
|
name: Publish deb
|
|
command: |
|
|
FALCO_VERSION=$(cat /build/release/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
|
|
/source/falco/scripts/publish-deb -f /build/release/falco-${FALCO_VERSION}-x86_64.deb -f /build-arm64/release/falco-${FALCO_VERSION}-aarch64.deb -r deb
|
|
|
|
"build-docker":
|
|
docker:
|
|
- image: alpine:3.16
|
|
steps:
|
|
- attach_workspace:
|
|
at: /
|
|
- setup_remote_docker:
|
|
version: 20.10.12
|
|
docker_layer_caching: true
|
|
- run:
|
|
name: Install deps
|
|
command: |
|
|
apk update
|
|
apk add make bash git docker docker-cli-buildx py3-pip
|
|
pip install awscli
|
|
- run:
|
|
name: Login to registries
|
|
command: |
|
|
echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
|
|
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/falcosecurity
|
|
- run:
|
|
name: Build and publish no-driver
|
|
command: |
|
|
cd /source/falco
|
|
docker buildx build --push --build-arg VERSION_BUCKET=bin --build-arg FALCO_VERSION=${CIRCLE_TAG} \
|
|
-t "falcosecurity/falco-no-driver:x86_64-${CIRCLE_TAG}" \
|
|
-t falcosecurity/falco-no-driver:x86_64-latest \
|
|
-t "falcosecurity/falco:x86_64-${CIRCLE_TAG}-slim" \
|
|
-t "falcosecurity/falco:x86_64-latest-slim" \
|
|
-t "public.ecr.aws/falcosecurity/falco-no-driver:x86_64-${CIRCLE_TAG}" \
|
|
-t "public.ecr.aws/falcosecurity/falco-no-driver:x86_64-latest" \
|
|
-t "public.ecr.aws/falcosecurity/falco:x86_64-${CIRCLE_TAG}-slim" \
|
|
-t "public.ecr.aws/falcosecurity/falco:x86_64-latest-slim" \
|
|
docker/no-driver
|
|
- run:
|
|
name: Build and publish falco
|
|
command: |
|
|
cd /source/falco
|
|
docker buildx build --push --build-arg VERSION_BUCKET=deb --build-arg FALCO_VERSION=${CIRCLE_TAG} \
|
|
-t "falcosecurity/falco:x86_64-${CIRCLE_TAG}" \
|
|
-t "falcosecurity/falco:x86_64-latest" \
|
|
-t "public.ecr.aws/falcosecurity/falco:x86_64-${CIRCLE_TAG}" \
|
|
-t "public.ecr.aws/falcosecurity/falco:x86_64-latest" \
|
|
docker/falco
|
|
- run:
|
|
name: Build and publish falco-driver-loader
|
|
command: |
|
|
cd /source/falco
|
|
docker buildx build --push --build-arg FALCO_IMAGE_TAG=x86_64-${CIRCLE_TAG} \
|
|
-t "falcosecurity/falco-driver-loader:x86_64-${CIRCLE_TAG}" \
|
|
-t "falcosecurity/falco-driver-loader:x86_64-latest" \
|
|
-t "public.ecr.aws/falcosecurity/falco-driver-loader:x86_64-${CIRCLE_TAG}" \
|
|
-t "public.ecr.aws/falcosecurity/falco-driver-loader:x86_64-latest" \
|
|
docker/driver-loader
|
|
|
|
"build-docker-arm64":
|
|
machine:
|
|
enabled: true
|
|
image: ubuntu-2004:202101-01
|
|
docker_layer_caching: true
|
|
resource_class: arm.medium
|
|
steps:
|
|
- attach_workspace:
|
|
at: /tmp
|
|
- run:
|
|
name: Install deps
|
|
command: |
|
|
sudo apt update
|
|
sudo apt install groff less python3-pip
|
|
pip install awscli
|
|
- run:
|
|
name: Login to registries
|
|
command: |
|
|
echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
|
|
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/falcosecurity
|
|
- run:
|
|
name: Build and publish no-driver
|
|
command: |
|
|
cd /tmp/source-arm64/falco
|
|
docker buildx build --push --build-arg VERSION_BUCKET=bin --build-arg FALCO_VERSION=${CIRCLE_TAG} \
|
|
-t falcosecurity/falco-no-driver:aarch64-${CIRCLE_TAG} \
|
|
-t falcosecurity/falco-no-driver:aarch64-latest \
|
|
-t falcosecurity/falco:aarch64-${CIRCLE_TAG}-slim \
|
|
-t "falcosecurity/falco:aarch64-latest-slim" \
|
|
-t public.ecr.aws/falcosecurity/falco-no-driver:aarch64-${CIRCLE_TAG} \
|
|
-t "public.ecr.aws/falcosecurity/falco-no-driver:aarch64-latest" \
|
|
-t public.ecr.aws/falcosecurity/falco:aarch64-${CIRCLE_TAG}-slim \
|
|
-t "public.ecr.aws/falcosecurity/falco:aarch64-latest-slim" \
|
|
docker/no-driver
|
|
- run:
|
|
name: Build and publish falco
|
|
command: |
|
|
cd /tmp/source-arm64/falco
|
|
docker buildx build --push --build-arg VERSION_BUCKET=deb --build-arg FALCO_VERSION=${CIRCLE_TAG} \
|
|
-t "falcosecurity/falco:aarch64-${CIRCLE_TAG}" \
|
|
-t "falcosecurity/falco:aarch64-latest" \
|
|
-t "public.ecr.aws/falcosecurity/falco:aarch64-${CIRCLE_TAG}" \
|
|
-t "public.ecr.aws/falcosecurity/falco:aarch64-latest" \
|
|
docker/falco
|
|
- run:
|
|
name: Build and publish falco-driver-loader
|
|
command: |
|
|
cd /tmp/source-arm64/falco
|
|
docker buildx build --push --build-arg FALCO_IMAGE_TAG=aarch64-${CIRCLE_TAG} \
|
|
-t "falcosecurity/falco-driver-loader:aarch64-${CIRCLE_TAG}" \
|
|
-t "falcosecurity/falco-driver-loader:aarch64-latest" \
|
|
-t "public.ecr.aws/falcosecurity/falco-driver-loader:aarch64-${CIRCLE_TAG}" \
|
|
-t "public.ecr.aws/falcosecurity/falco-driver-loader:aarch64-latest" \
|
|
docker/driver-loader
|
|
|
|
# Publish docker packages
|
|
"publish-docker":
|
|
docker:
|
|
- image: cimg/base:stable
|
|
user: root
|
|
steps:
|
|
- setup_remote_docker:
|
|
version: 20.10.12
|
|
- run:
|
|
name: Install deps
|
|
command: |
|
|
sudo apt update
|
|
sudo apt install groff less python3-pip
|
|
pip install awscli
|
|
- run:
|
|
name: Login to registries
|
|
command: |
|
|
echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
|
|
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/falcosecurity
|
|
- run:
|
|
name: Upload no-driver manifest to registries
|
|
command: |
|
|
docker manifest create falcosecurity/falco-no-driver:${CIRCLE_TAG} \
|
|
falcosecurity/falco-no-driver:aarch64-${CIRCLE_TAG} \
|
|
falcosecurity/falco-no-driver:x86_64-${CIRCLE_TAG}
|
|
docker manifest push falcosecurity/falco-no-driver:${CIRCLE_TAG}
|
|
|
|
docker manifest create falcosecurity/falco-no-driver:latest \
|
|
falcosecurity/falco-no-driver:aarch64-latest \
|
|
falcosecurity/falco-no-driver:x86_64-latest
|
|
docker manifest push falcosecurity/falco-no-driver:latest
|
|
|
|
docker manifest create falcosecurity/falco:${CIRCLE_TAG}-slim \
|
|
falcosecurity/falco:aarch64-${CIRCLE_TAG}-slim \
|
|
falcosecurity/falco:x86_64-${CIRCLE_TAG}-slim
|
|
docker manifest push falcosecurity/falco:${CIRCLE_TAG}-slim
|
|
|
|
docker manifest create falcosecurity/falco:latest-slim \
|
|
falcosecurity/falco:aarch64-latest-slim \
|
|
falcosecurity/falco:x86_64-latest-slim
|
|
docker manifest push falcosecurity/falco:latest-slim
|
|
|
|
docker manifest create public.ecr.aws/falcosecurity/falco-no-driver:${CIRCLE_TAG} \
|
|
public.ecr.aws/falcosecurity/falco-no-driver:aarch64-${CIRCLE_TAG} \
|
|
public.ecr.aws/falcosecurity/falco-no-driver:x86_64-${CIRCLE_TAG}
|
|
docker manifest push public.ecr.aws/falcosecurity/falco-no-driver:${CIRCLE_TAG}
|
|
|
|
docker manifest create public.ecr.aws/falcosecurity/falco-no-driver:latest \
|
|
public.ecr.aws/falcosecurity/falco-no-driver:aarch64-latest \
|
|
public.ecr.aws/falcosecurity/falco-no-driver:x86_64-latest
|
|
docker manifest push public.ecr.aws/falcosecurity/falco-no-driver:latest
|
|
|
|
docker manifest create public.ecr.aws/falcosecurity/falco:${CIRCLE_TAG}-slim \
|
|
public.ecr.aws/falcosecurity/falco:aarch64-${CIRCLE_TAG}-slim \
|
|
public.ecr.aws/falcosecurity/falco:x86_64-${CIRCLE_TAG}-slim
|
|
docker manifest push public.ecr.aws/falcosecurity/falco:${CIRCLE_TAG}-slim
|
|
|
|
docker manifest create public.ecr.aws/falcosecurity/falco:latest-slim \
|
|
public.ecr.aws/falcosecurity/falco:aarch64-latest-slim \
|
|
public.ecr.aws/falcosecurity/falco:x86_64-latest-slim
|
|
docker manifest push public.ecr.aws/falcosecurity/falco:latest-slim
|
|
- run:
|
|
name: Upload falco manifest to registries
|
|
command: |
|
|
docker manifest create falcosecurity/falco:${CIRCLE_TAG} \
|
|
falcosecurity/falco:aarch64-${CIRCLE_TAG} \
|
|
falcosecurity/falco:x86_64-${CIRCLE_TAG}
|
|
docker manifest push falcosecurity/falco:${CIRCLE_TAG}
|
|
|
|
docker manifest create falcosecurity/falco:latest \
|
|
falcosecurity/falco:aarch64-latest \
|
|
falcosecurity/falco:x86_64-latest
|
|
docker manifest push falcosecurity/falco:latest
|
|
|
|
docker manifest create public.ecr.aws/falcosecurity/falco:${CIRCLE_TAG} \
|
|
public.ecr.aws/falcosecurity/falco:aarch64-${CIRCLE_TAG} \
|
|
public.ecr.aws/falcosecurity/falco:x86_64-${CIRCLE_TAG}
|
|
docker manifest push public.ecr.aws/falcosecurity/falco:${CIRCLE_TAG}
|
|
|
|
docker manifest create public.ecr.aws/falcosecurity/falco:latest \
|
|
public.ecr.aws/falcosecurity/falco:aarch64-latest \
|
|
public.ecr.aws/falcosecurity/falco:x86_64-latest
|
|
docker manifest push public.ecr.aws/falcosecurity/falco:latest
|
|
- run:
|
|
name: Upload falco-driver-loader manifest to registries
|
|
command: |
|
|
docker manifest create falcosecurity/falco-driver-loader:${CIRCLE_TAG} \
|
|
falcosecurity/falco-driver-loader:aarch64-${CIRCLE_TAG} \
|
|
falcosecurity/falco-driver-loader:x86_64-${CIRCLE_TAG}
|
|
docker manifest push falcosecurity/falco-driver-loader:${CIRCLE_TAG}
|
|
|
|
docker manifest create falcosecurity/falco-driver-loader:latest \
|
|
falcosecurity/falco-driver-loader:aarch64-latest \
|
|
falcosecurity/falco-driver-loader:x86_64-latest
|
|
docker manifest push falcosecurity/falco-driver-loader:latest
|
|
|
|
docker manifest create public.ecr.aws/falcosecurity/falco-driver-loader:${CIRCLE_TAG} \
|
|
public.ecr.aws/falcosecurity/falco-driver-loader:aarch64-${CIRCLE_TAG} \
|
|
public.ecr.aws/falcosecurity/falco-driver-loader:x86_64-${CIRCLE_TAG}
|
|
docker manifest push public.ecr.aws/falcosecurity/falco-driver-loader:${CIRCLE_TAG}
|
|
|
|
docker manifest create public.ecr.aws/falcosecurity/falco-driver-loader:latest \
|
|
public.ecr.aws/falcosecurity/falco-driver-loader:aarch64-latest \
|
|
public.ecr.aws/falcosecurity/falco-driver-loader:x86_64-latest
|
|
docker manifest push public.ecr.aws/falcosecurity/falco-driver-loader:latest
|
|
|
|
workflows:
|
|
version: 2.1
|
|
build_and_test:
|
|
jobs:
|
|
- "build-musl"
|
|
- "build-arm64"
|
|
- "build-centos7"
|
|
- "quality-static-analysis"
|
|
- "tests-integration":
|
|
requires:
|
|
- "build-centos7"
|
|
- "tests-integration-arm64":
|
|
requires:
|
|
- "build-arm64"
|
|
- "tests-integration-static":
|
|
requires:
|
|
- "build-musl"
|
|
- "tests-driver-loader-integration":
|
|
requires:
|
|
- "build-centos7"
|
|
- "rpm-sign":
|
|
context: falco
|
|
filters:
|
|
tags:
|
|
ignore: /.*/
|
|
branches:
|
|
only: master
|
|
requires:
|
|
- "tests-integration"
|
|
- "tests-integration-arm64"
|
|
- "publish-packages-dev":
|
|
context:
|
|
- falco
|
|
- test-infra
|
|
filters:
|
|
tags:
|
|
ignore: /.*/
|
|
branches:
|
|
only: master
|
|
requires:
|
|
- "rpm-sign"
|
|
- "tests-integration-static"
|
|
- "publish-packages-deb-dev":
|
|
context:
|
|
- falco
|
|
- test-infra
|
|
filters:
|
|
tags:
|
|
ignore: /.*/
|
|
branches:
|
|
only: master
|
|
requires:
|
|
- "tests-integration"
|
|
- "tests-integration-arm64"
|
|
- "build-docker-dev":
|
|
context:
|
|
- falco
|
|
- test-infra
|
|
filters:
|
|
tags:
|
|
ignore: /.*/
|
|
branches:
|
|
only: master
|
|
requires:
|
|
- "publish-packages-dev"
|
|
- "publish-packages-deb-dev"
|
|
- "tests-driver-loader-integration"
|
|
- "build-docker-dev-arm64":
|
|
context:
|
|
- falco
|
|
- test-infra
|
|
filters:
|
|
tags:
|
|
ignore: /.*/
|
|
branches:
|
|
only: master
|
|
requires:
|
|
- "publish-packages-dev"
|
|
- "publish-packages-deb-dev"
|
|
- "tests-driver-loader-integration"
|
|
- "publish-docker-dev":
|
|
context:
|
|
- falco
|
|
- test-infra
|
|
filters:
|
|
tags:
|
|
ignore: /.*/
|
|
branches:
|
|
only: master
|
|
requires:
|
|
- "build-docker-dev"
|
|
- "build-docker-dev-arm64"
|
|
# - "quality/static-analysis" # This is temporarily disabled: https://github.com/falcosecurity/falco/issues/1526
|
|
release:
|
|
jobs:
|
|
- "build-musl":
|
|
filters:
|
|
tags:
|
|
only: /.*/
|
|
branches:
|
|
ignore: /.*/
|
|
- "build-centos7":
|
|
filters:
|
|
tags:
|
|
only: /.*/
|
|
branches:
|
|
ignore: /.*/
|
|
- "build-arm64":
|
|
filters:
|
|
tags:
|
|
only: /.*/
|
|
branches:
|
|
ignore: /.*/
|
|
- "rpm-sign":
|
|
context: falco
|
|
requires:
|
|
- "build-centos7"
|
|
- "build-arm64"
|
|
filters:
|
|
tags:
|
|
only: /.*/
|
|
branches:
|
|
ignore: /.*/
|
|
- "publish-packages":
|
|
context:
|
|
- falco
|
|
- test-infra
|
|
requires:
|
|
- "build-musl"
|
|
- "rpm-sign"
|
|
filters:
|
|
tags:
|
|
only: /.*/
|
|
branches:
|
|
ignore: /.*/
|
|
- "publish-packages-deb":
|
|
context:
|
|
- falco
|
|
- test-infra
|
|
requires:
|
|
- "build-centos7"
|
|
- "build-arm64"
|
|
filters:
|
|
tags:
|
|
only: /.*/
|
|
branches:
|
|
ignore: /.*/
|
|
- "build-docker":
|
|
context:
|
|
- falco
|
|
- test-infra
|
|
requires:
|
|
- "publish-packages"
|
|
- "publish-packages-deb"
|
|
filters:
|
|
tags:
|
|
only: /.*/
|
|
branches:
|
|
ignore: /.*/
|
|
- "build-docker-arm64":
|
|
context:
|
|
- falco
|
|
- test-infra
|
|
requires:
|
|
- "publish-packages"
|
|
- "publish-packages-deb"
|
|
filters:
|
|
tags:
|
|
only: /.*/
|
|
branches:
|
|
ignore: /.*/
|
|
- "publish-docker":
|
|
context:
|
|
- falco
|
|
- test-infra
|
|
requires:
|
|
- "build-docker"
|
|
- "build-docker-arm64"
|
|
filters:
|
|
tags:
|
|
only: /.*/
|
|
branches:
|
|
ignore: /.*/
|