Skip to content

Commit

Permalink
update(ci): move version computation logic to main jobs master/release
Browse files Browse the repository at this point in the history 
Signed-off-by: Luca Guerra <luca@guerra.sh>
  • Loading branch information
@LucaGuerra
LucaGuerra committed May 8, 2023
1 parent 51c79f8 commit 014b159
Show file tree
Hide file tree
Showing 6 changed files with 105 additions and 87 deletions.
54 changes: 47 additions & 7 deletions .github/workflows/master.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,46 +9,86 @@ concurrency:
cancel-in-progress: true

jobs:
# We need to use an ubuntu-latest to fetch Falco version because
# Falco version is computed by some cmake scripts that do git sorceries
# to get the current version.
# But centos7 jobs have a git version too old and actions/checkout does not
# fully clone the repo, but uses http rest api instead.
fetch-version:
runs-on: ubuntu-latest
# Map the job outputs to step outputs
outputs:
version: ${{ steps.store_version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Install build dependencies
run: |
sudo apt update
sudo apt install -y cmake build-essential
- name: Configure project
run: |
mkdir build && cd build
cmake -DUSE_BUNDLED_DEPS=On ..
- name: Load and store Falco version output
id: store_version
run: |
FALCO_VERSION=$(cat build/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
echo "version=${FALCO_VERSION}" >> $GITHUB_OUTPUT
build-dev-packages:
needs: [fetch-version]
uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@master
with:
arch: x86_64
version: ${{ needs.fetch-version.outputs.version }}
secrets: inherit

build-dev-packages-arm64:
needs: [fetch-version]
uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@master
with:
arch: aarch64
version: ${{ needs.fetch-version.outputs.version }}
secrets: inherit

publish-dev-packages:
needs: [build-dev-packages, build-dev-packages-arm64]
needs: [fetch-version, build-dev-packages, build-dev-packages-arm64]
uses: falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml@master
with:
bucket_suffix: '-dev'
version: ${{ needs.build-dev-packages.outputs.version }}
version: ${{ needs.fetch-version.outputs.version }}
secrets: inherit

# Both build-dev-docker and its arm64 counterpart require build-dev-packages because they use its output
build-dev-docker:
needs: [build-dev-packages, publish-dev-packages]
needs: [fetch-version, build-dev-packages, publish-dev-packages]
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
with:
arch: x86_64
bucket_suffix: '-dev'
version: ${{ needs.build-dev-packages.outputs.version }}
version: ${{ needs.fetch-version.outputs.version }}
tag: ${{ github.ref_name }}
secrets: inherit

build-dev-docker-arm64:
needs: [build-dev-packages, publish-dev-packages]
needs: [fetch-version, build-dev-packages, publish-dev-packages]
uses: falcosecurity/falco/.github/workflows/reusable_build_docker.yaml@master
with:
arch: aarch64
bucket_suffix: '-dev'
version: ${{ needs.build-dev-packages.outputs.version }}
version: ${{ needs.fetch-version.outputs.version }}
tag: ${{ github.ref_name }}
secrets: inherit

publish-dev-docker:
needs: [build-dev-docker, build-dev-docker-arm64]
needs: [fetch-version, build-dev-docker, build-dev-docker-arm64]
uses: falcosecurity/falco/.github/workflows/reusable_publish_docker.yaml@master
with:
tag: ${{ github.ref_name }}
secrets: inherit
11 changes: 8 additions & 3 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ jobs:
uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@master
with:
arch: x86_64
version: ${{ github.event.release.tag_name }}
secrets: inherit

build-packages-arm64:
Expand All @@ -62,6 +63,7 @@ jobs:
uses: falcosecurity/falco/.github/workflows/reusable_build_packages.yaml@master
with:
arch: aarch64
version: ${{ github.event.release.tag_name }}
secrets: inherit

publish-packages:
Expand All @@ -70,7 +72,7 @@ jobs:
uses: falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml@master
with:
bucket_suffix: ${{ needs.release-settings.outputs.bucket_suffix }}
version: ${{ needs.build-packages.outputs.version }}
version: ${{ github.event.release.tag_name }}
secrets: inherit

# Both build-docker and its arm64 counterpart require build-packages because they use its output
Expand All @@ -82,7 +84,8 @@ jobs:
arch: x86_64
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
bucket_suffix: ${{ needs.release-settings.outputs.bucket_suffix }}
version: ${{ needs.build-packages.outputs.version }}
version: ${{ github.event.release.tag_name }}
tag: ${{ github.event.release.tag_name }}
secrets: inherit

build-docker-arm64:
Expand All @@ -93,7 +96,8 @@ jobs:
arch: aarch64
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
bucket_suffix: ${{ needs.release-settings.outputs.bucket_suffix }}
version: ${{ needs.build-packages.outputs.version }}
version: ${{ github.event.release.tag_name }}
tag: ${{ github.event.release.tag_name }}
secrets: inherit

publish-docker:
Expand All @@ -103,3 +107,4 @@ jobs:
secrets: inherit
with:
is_latest: ${{ needs.release-settings.outputs.is_latest == 'true' }}
tag: ${{ github.event.release.tag_name }}
28 changes: 16 additions & 12 deletions .github/workflows/reusable_build_docker.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,11 @@ on:
default: ''
type: string
version:
description: 'Falco version extracted from userspace/falco/config_falco.h'
description: The Falco version to use when building images
required: true
type: string
tag:
description: The tag to use (e.g. "master" or "0.35.0")
required: true
type: string
is_latest:
Expand Down Expand Up @@ -44,10 +48,10 @@ jobs:
VERSION_BUCKET=bin${{ inputs.bucket_suffix }}
FALCO_VERSION=${{ inputs.version }}
tags: |
falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ github.ref_name }}
falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}-slim
public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ github.ref_name }}
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}-slim
falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ inputs.tag }}
falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}-slim
public.ecr.aws/falcosecurity/falco-no-driver:${{ inputs.arch }}-${{ inputs.tag }}
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}-slim
outputs: type=docker,dest=/tmp/falco-no-driver-${{ inputs.arch }}.tar

- name: Build falco image
Expand All @@ -58,19 +62,19 @@ jobs:
VERSION_BUCKET=deb${{ inputs.bucket_suffix }}
FALCO_VERSION=${{ inputs.version }}
tags: |
falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ github.ref_name }}
falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-${{ inputs.tag }}
outputs: type=docker,dest=/tmp/falco-${{ inputs.arch }}.tar

- name: Build falco-driver-loader image
uses: docker/build-push-action@v3
with:
context: ${{ github.workspace }}/docker/driver-loader/
build-args: |
FALCO_IMAGE_TAG=${{ inputs.arch }}-${{ github.ref_name }}
FALCO_IMAGE_TAG=${{ inputs.arch }}-${{ inputs.tag }}
tags: |
falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ github.ref_name }}
public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ github.ref_name }}
falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ inputs.tag }}
public.ecr.aws/falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ inputs.tag }}
outputs: type=docker,dest=/tmp/falco-driver-loader-${{ inputs.arch }}.tar

- name: Build no-driver latest image
Expand All @@ -80,7 +84,7 @@ jobs:
context: ${{ github.workspace }}/docker/no-driver/
build-args: |
VERSION_BUCKET=bin
FALCO_VERSION=${{ github.ref_name }}
FALCO_VERSION=${{ inputs.version }}
tags: |
falcosecurity/falco-no-driver:${{ inputs.arch }}-latest
falcosecurity/falco:${{ inputs.arch }}-latest-slim
Expand All @@ -95,7 +99,7 @@ jobs:
context: ${{ github.workspace }}/docker/falco/
build-args: |
VERSION_BUCKET=deb
FALCO_VERSION=${{ github.ref_name }}
FALCO_VERSION=${{ inputs.version }}
tags: |
falcosecurity/falco:${{ inputs.arch }}-latest
public.ecr.aws/falcosecurity/falco:${{ inputs.arch }}-latest
Expand Down
61 changes: 13 additions & 48 deletions .github/workflows/reusable_build_packages.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,49 +6,15 @@ on:
description: x86_64 or aarch64
required: true
type: string
outputs:
version:
description: 'Falco version extracted from config_falco.h'
value: ${{ jobs.fetch-version.outputs.version }}
description: The Falco version to use when building packages
required: true
type: string

jobs:
# We need to use an ubuntu-latest to fetch Falco version because
# Falco version is computed by some cmake scripts that do git sorceries
# to get the current version.
# But centos7 jobs have a git version too old and actions/checkout does not
# fully clone the repo, but uses http rest api instead.
fetch-version:
runs-on: ubuntu-latest
# Map the job outputs to step outputs
outputs:
version: ${{ steps.store_version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Install build dependencies
run: |
sudo apt update
sudo apt install -y cmake build-essential
- name: Configure project
run: |
mkdir build && cd build
cmake -DUSE_BUNDLED_DEPS=On ..
- name: Load and store Falco version output
id: store_version
run: |
FALCO_VERSION=$(cat build/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
echo "version=${FALCO_VERSION}" >> $GITHUB_OUTPUT
build-modern-bpf-skeleton:
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
runs-on: ${{ (inputs.arch == 'aarch64' && fromJSON('[ "self-hosted", "linux", "ARM64" ]')) || 'ubuntu-latest' }}
needs: fetch-version
container: fedora:latest
steps:
# Always install deps before invoking checkout action, to properly perform a full clone.
Expand All @@ -62,7 +28,7 @@ jobs:
- name: Build modern BPF skeleton
run: |
mkdir skeleton-build && cd skeleton-build
cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_FALCO_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off -DFALCO_VERSION=${{ needs.fetch-version.outputs.version }} ..
cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_FALCO_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off -DFALCO_VERSION=${{ inputs.version }} ..
make ProbeSkeleton -j6
- name: Upload skeleton
Expand All @@ -74,7 +40,7 @@ jobs:
build-packages:
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
runs-on: ${{ (inputs.arch == 'aarch64' && fromJSON('[ "self-hosted", "linux", "ARM64" ]')) || 'ubuntu-latest' }}
needs: [fetch-version, build-modern-bpf-skeleton]
needs: [build-modern-bpf-skeleton]
container: centos:7
steps:
# Always install deps before invoking checkout action, to properly perform a full clone.
Expand Down Expand Up @@ -114,7 +80,7 @@ jobs:
-DMODERN_BPF_SKEL_DIR=/tmp \
-DBUILD_DRIVER=Off \
-DBUILD_BPF=Off \
-DFALCO_VERSION=${{ needs.fetch-version.outputs.version }} \
-DFALCO_VERSION=${{ inputs.version }} \
..
- name: Build project
Expand All @@ -132,26 +98,25 @@ jobs:
- name: Upload Falco tar.gz package
uses: actions/upload-artifact@v3
with:
name: falco-${{ needs.fetch-version.outputs.version }}-${{ inputs.arch }}.tar.gz
name: falco-${{ inputs.version }}-${{ inputs.arch }}.tar.gz
path: |
${{ github.workspace }}/build/falco-*.tar.gz
- name: Upload Falco deb package
uses: actions/upload-artifact@v3
with:
name: falco-${{ needs.fetch-version.outputs.version }}-${{ inputs.arch }}.deb
name: falco-${{ inputs.version }}-${{ inputs.arch }}.deb
path: |
${{ github.workspace }}/build/falco-*.deb
- name: Upload Falco rpm package
uses: actions/upload-artifact@v3
with:
name: falco-${{ needs.fetch-version.outputs.version }}-${{ inputs.arch }}.rpm
name: falco-${{ inputs.version }}-${{ inputs.arch }}.rpm
path: |
${{ github.workspace }}/build/falco-*.rpm
build-musl-package:
needs: fetch-version
# x86_64 only for now
if: ${{ inputs.arch == 'x86_64' }}
runs-on: ubuntu-latest
Expand All @@ -170,7 +135,7 @@ jobs:
- name: Prepare project
run: |
mkdir build && cd build
cmake -DCPACK_GENERATOR=TGZ -DBUILD_BPF=Off -DBUILD_DRIVER=Off -DCMAKE_BUILD_TYPE=Release -DUSE_BUNDLED_DEPS=On -DUSE_BUNDLED_LIBELF=Off -DBUILD_LIBSCAP_MODERN_BPF=ON -DMUSL_OPTIMIZED_BUILD=On -DFALCO_ETC_DIR=/etc/falco ../ -DFALCO_VERSION=${{ needs.fetch-version.outputs.version }}
cmake -DCPACK_GENERATOR=TGZ -DBUILD_BPF=Off -DBUILD_DRIVER=Off -DCMAKE_BUILD_TYPE=Release -DUSE_BUNDLED_DEPS=On -DUSE_BUNDLED_LIBELF=Off -DBUILD_LIBSCAP_MODERN_BPF=ON -DMUSL_OPTIMIZED_BUILD=On -DFALCO_ETC_DIR=/etc/falco ../ -DFALCO_VERSION=${{ inputs.version }}
- name: Build project
run: |
Expand All @@ -185,11 +150,11 @@ jobs:
- name: Rename static package
run: |
cd build
mv falco-${{ needs.fetch-version.outputs.version }}-x86_64.tar.gz falco-${{ needs.fetch-version.outputs.version }}-static-x86_64.tar.gz
mv falco-${{ inputs.version }}-x86_64.tar.gz falco-${{ inputs.version }}-static-x86_64.tar.gz
- name: Upload Falco static package
uses: actions/upload-artifact@v3
with:
name: falco-${{ needs.fetch-version.outputs.version }}-static-x86_64.tar.gz
name: falco-${{ inputs.version }}-static-x86_64.tar.gz
path: |
${{ github.workspace }}/build/falco-${{ needs.fetch-version.outputs.version }}-static-x86_64.tar.gz
${{ github.workspace }}/build/falco-${{ inputs.version }}-static-x86_64.tar.gz
Loading

0 comments on commit 014b159

Please sign in to comment.