update(ci): update ci jobs to generate Falco images with modern probe

Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
falcosecurity · Dec 15, 2022 · ae51c03 · ae51c03
1 parent 2b3b543
commit ae51c03
Show file tree

Hide file tree

Showing 3 changed files with 123 additions and 56 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -3,51 +3,54 @@ jobs:
   "build-arm64":
     machine:
       enabled: true
-      image: ubuntu-2004:202101-01
+      image: ubuntu-2204:2022.10.2
     resource_class: arm.medium
     steps:
-      - checkout:
-          path: /tmp/source-arm64/falco
-      - run:
-          name: Prepare project
-          command: |
-            mkdir -p /tmp/build-arm64 && mkdir -p /tmp/build-arm64/release && \
-            docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \
-              falcosecurity/falco-builder:latest \
-              cmake
-      - run:
-          name: Build
-          command: |
-            docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \
-              falcosecurity/falco-builder:latest \
-              all
+
+      # Install dependencies to build the modern BPF probe skeleton.
       - run:
-          name: Run unit tests
+          name: Install deps ⛓️
           command: |
-            docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \
-              falcosecurity/falco-builder:latest \
-              tests
+            sudo apt update
+            sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 git pkg-config autoconf automake libelf-dev
+            sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90
+            sudo update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90
+            git clone https://github.com/libbpf/bpftool.git --branch v7.0.0 --single-branch
+            cd bpftool
+            git submodule update --init
+            cd src && sudo make install
+
+      # Path to the source code
+      - checkout:
+          path: /tmp/source-arm64/falco
+
+      # Build the skeleton
       - run:
-          name: Build packages
+          name: Build modern BPF skeleton 🐝
           command: |
-            docker run -e BUILD_TYPE="release" -it -v /tmp/source-arm64:/source -v /tmp/build-arm64:/build \
-              falcosecurity/falco-builder:latest \
-              package
+            mkdir -p /tmp/source-arm64/falco/skeleton-build
+            cd /tmp/source-arm64/falco/skeleton-build && cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_FALCO_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off ../
+            make ProbeSkeleton
+
+      # Build the Falco packages (tar, deb, rpm) inside the centos7 builder.
+      # This dockerfile returns as output:
+      # - the build directory. (under /tmp/${DEST_BUILD_DIR})
+      # - the 3 packages: tar, deb, rpm. (under /tmp/packages)
       - run:
-          name: Prepare Artifacts
+          name: Build Falco packages 🏗️
           command: |
-            mkdir -p /tmp/packages
-            cp /tmp/build-arm64/release/*.deb /tmp/packages
-            cp /tmp/build-arm64/release/*.tar.gz /tmp/packages
-            cp /tmp/build-arm64/release/*.rpm /tmp/packages
+            DOCKER_BUILDKIT=1 docker build -f /tmp/source-arm64/falco/docker/builder/modern-falco-builder.Dockerfile --output type=local,dest=/tmp --build-arg CMAKE_OPTIONS="-DCMAKE_BUILD_TYPE=Release -DUSE_BUNDLED_DEPS=On -DFALCO_ETC_DIR=/etc/falco -DBUILD_FALCO_MODERN_BPF=ON -DMODERN_BPF_SKEL_DIR=/source/skeleton-build/skel_dir -DBUILD_DRIVER=Off -DBUILD_BPF=Off" --build-arg DEST_BUILD_DIR=/build-arm64/release /tmp/source-arm64/falco
+
       - store_artifacts:
           path: /tmp/packages
           destination: /packages
+
       - persist_to_workspace:
           root: /tmp
           paths:
             - build-arm64/release
             - source-arm64
+
   # Build a statically linked Falco release binary using musl
   # This build is 100% static, there are no host dependencies
   "build-musl":
@@ -96,43 +99,57 @@ jobs:
           paths:
             - build-static/release
             - source-static
-  # Build using our own builder base image using centos 7
+
   # This build is static, dependencies are bundled in the Falco binary
   "build-centos7":
-    docker:
-      - image: falcosecurity/falco-builder:latest
-        environment:
-          BUILD_TYPE: "release"
+    machine:
+      enabled: true
+      image: ubuntu-2204:2022.10.2
     steps:
-      - checkout:
-          path: /source/falco
-      - run:
-          name: Prepare project
-          command: /usr/bin/entrypoint cmake
-      - run:
-          name: Build
-          command: /usr/bin/entrypoint all
+
+      # Install dependencies to build the modern BPF probe skeleton.
       - run:
-          name: Run unit tests
-          command: /usr/bin/entrypoint tests
+          name: Install deps ⛓️
+          command: |
+            sudo apt update
+            sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 git pkg-config autoconf automake libelf-dev
+            sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90
+            sudo update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90
+            git clone https://github.com/libbpf/bpftool.git --branch v7.0.0 --single-branch
+            cd bpftool
+            git submodule update --init
+            cd src && sudo make install
+
+      # Path for the source code
+      - checkout:
+          path: /tmp/source/falco
+
       - run:
-          name: Build packages
-          command: /usr/bin/entrypoint package
-      - persist_to_workspace:
-          root: /
-          paths:
-            - build/release
-            - source
+          name: Build modern BPF skeleton 🐝
+          command: |
+            mkdir -p /tmp/source/falco/skeleton-build
+            cd /tmp/source/falco/skeleton-build && cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_FALCO_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off ../
+            make ProbeSkeleton
+
+      # Build the Falco packages (tar, deb, rpm) inside the centos7 builder.
+      # This dockerfile returns as output:
+      # - the build directory. (under /tmp/${DEST_BUILD_DIR})
+      # - the 3 packages: tar, deb, rpm. (under /tmp/packages)
       - run:
-          name: Prepare artifacts
+          name: Build Falco packages 🏗️
           command: |
-            mkdir -p /tmp/packages
-            cp /build/release/*.deb /tmp/packages
-            cp /build/release/*.tar.gz /tmp/packages
-            cp /build/release/*.rpm /tmp/packages
+            DOCKER_BUILDKIT=1 docker build -f /tmp/source/falco/docker/builder/modern-falco-builder.Dockerfile --output type=local,dest=/tmp --build-arg CMAKE_OPTIONS="-DCMAKE_BUILD_TYPE=Release -DUSE_BUNDLED_DEPS=On -DFALCO_ETC_DIR=/etc/falco -DBUILD_FALCO_MODERN_BPF=ON -DMODERN_BPF_SKEL_DIR=/source/skeleton-build/skel_dir -DBUILD_DRIVER=Off -DBUILD_BPF=Off" --build-arg DEST_BUILD_DIR=/build/release /tmp/source/falco
+
       - store_artifacts:
           path: /tmp/packages
           destination: /packages
+
+      - persist_to_workspace:
+          root: /tmp
+          paths:
+            - build/release
+            - source
+
   # Execute integration tests based on the build results coming from the "build-centos7" job
   "tests-integration":
     docker:

diff --git a/docker/builder/README.md b/docker/builder/README.md
@@ -0,0 +1,8 @@
+# Builder folder
+
+* We use `Dockerfile` to build the `centos7` Falco builder image.
+* We use `modern-falco-builder.Dockerfile` to build Falco with the modern probe and return it as a Dockerfile output. This Dockerfile doesn't generate a Docker image but returns as output (through the `--output` command):
+  * Falco `tar.gz`.
+  * Falco `deb` package.
+  * Falco `rpm` package.
+  * Falco build directory, used by other CI jobs.
diff --git a/docker/builder/modern-falco-builder.Dockerfile b/docker/builder/modern-falco-builder.Dockerfile
@@ -0,0 +1,42 @@
+
+FROM centos:7 AS build-stage
+
+# To build Falco you need to pass the cmake option
+ARG CMAKE_OPTIONS=""
+ARG MAKE_JOBS=4
+
+# Install all the dependencies
+WORKDIR /
+
+RUN yum -y install centos-release-scl; \
+    yum -y install devtoolset-8-gcc devtoolset-8-gcc-c++; \
+    source scl_source enable devtoolset-8; \
+    yum install -y git wget make m4 rpm-build
+
+# With some previous cmake versions it fails when downloading `zlib` with curl in the libs building phase
+RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz; \
+    gzip -d /tmp/cmake.tar.gz; \
+    tar -xpf /tmp/cmake.tar --directory=/tmp; \
+    cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr; \
+    rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/
+
+# Copy Falco folder from the build context
+COPY . /source
+WORKDIR /build/release
+
+# We need `make tests` and `make all` for integration tests.
+RUN source scl_source enable devtoolset-8; \
+    cmake ${CMAKE_OPTIONS} /source; \
+    make falco -j${MAKE_JOBS}; \
+    make package; \
+    make tests -j${MAKE_JOBS}; \
+    make all -j${MAKE_JOBS}
+
+FROM scratch AS export-stage
+
+ARG DEST_BUILD_DIR="/build"
+
+COPY --from=build-stage /build/release/falco-*.tar.gz /packages/
+COPY --from=build-stage /build/release/falco-*.deb /packages/
+COPY --from=build-stage /build/release/falco-*.rpm /packages/
+COPY --from=build-stage /build/release/ ${DEST_BUILD_DIR}