Skip to content

feat: upgrade to falco libs 0.17 #417

feat: upgrade to falco libs 0.17

feat: upgrade to falco libs 0.17 #417

Workflow file for this run

name: ci
on:
push:
branches:
- master
- dev
tags:
- '*'
pull_request:
branches:
- master
- dev
types:
- opened
- edited
- reopened
- synchronize
- ready_for_review
- unlocked
- review_requested
workflow_dispatch:
env:
DOCKER_REGISTRY_REPOSITORY: sysflowtelemetry/sf-collector
UBI_DOCKER_REGISTRY_REPOSITORY: sysflowtelemetry/ubi
ALPINE_DOCKER_REGISTRY_REPOSITORY: sysflowtelemetry/alpine
GH_ORGANIZATION: sysflow-telemetry
jobs:
lint:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
strategy:
matrix:
path:
- 'src/collector'
- 'src/libs'
- 'examples'
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run clang-format style check
uses: jidicula/[email protected]
with:
clang-format-version: '12'
check-path: ${{ matrix.path }}
ubi:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 0
- name: Read manifest
shell: bash
run: |
echo "FALCO_VERSION=$(awk -F'=' '/FALCO_VERSION/{print $2}' makefile.manifest.inc)" >> $GITHUB_ENV
echo "FALCO_LIBS_VERSION=$(awk -F'=' '/FALCO_LIBS_VERSION/{print $2}' makefile.manifest.inc)" >> $GITHUB_ENV
echo "UBI_VERSION=$(awk -F'=' '/UBI_VERSION/{print $2}' makefile.manifest.inc)" >> $GITHUB_ENV
- name: Set image tags
shell: bash
run: |
echo "BASE_TAG=$(echo base-${{ env.FALCO_LIBS_VERSION }}-${{ env.FALCO_VERSION }}-${{ env.UBI_VERSION }})" >> $GITHUB_ENV
echo "MODS_TAG=$(echo mods-${{ env.FALCO_LIBS_VERSION }}-${{ env.FALCO_VERSION }}-${{ env.UBI_VERSION }})" >> $GITHUB_ENV
echo "DRIVER_TAG=$(echo driver-${{ env.FALCO_LIBS_VERSION }}-${{ env.FALCO_VERSION }}-${{ env.UBI_VERSION }})" >> $GITHUB_ENV
- name: Check package version
id: checks
shell: bash
run: |
echo "BASE_EXISTS=$(curl --silent -f --head -lL https://hub.docker.com/v2/repositories/${{ env.UBI_DOCKER_REGISTRY_REPOSITORY }}/tags/${{ env.BASE_TAG }}/ > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV
echo "MODS_EXISTS=$(curl --silent -f --head -lL https://hub.docker.com/v2/repositories/${{ env.UBI_DOCKER_REGISTRY_REPOSITORY }}/tags/${{ env.MODS_TAG }}/ > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV
echo "DRIVER_EXISTS=$(curl --silent -f --head -lL https://hub.docker.com/v2/repositories/${{ env.UBI_DOCKER_REGISTRY_REPOSITORY }}/tags/${{ env.DRIVER_TAG }}/ > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV
- name: Init modules
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 || env.DRIVER_EXISTS == 0 }}
run: make -C modules init
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 || env.DRIVER_EXISTS == 0 }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 || env.DRIVER_EXISTS == 0 }}
- name: Login to DockerHub
uses: docker/login-action@v2
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 || env.DRIVER_EXISTS == 0 }}
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 || env.DRIVER_EXISTS == 0 }}
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set build args
id: args
shell: bash
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 || env.DRIVER_EXISTS == 0 }}
run: |
echo "BRANCH=$(echo ${GITHUB_REF#refs/*/})" >> $GITHUB_ENV
echo "SHA_SHORT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Build and push base
id: base_docker_build
uses: docker/build-push-action@v3
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 || env.DRIVER_EXISTS == 0 }}
with:
context: .
push: true
file: Dockerfile.ubi.amd64
tags: |
${{ env.UBI_DOCKER_REGISTRY_REPOSITORY }}:${{ env.BASE_TAG }}
ghcr.io/${{ env.GH_ORGANIZATION }}/ubi:${{ env.BASE_TAG }}
target: base
build-args: |
UBI_VER=${{ env.UBI_VERSION }}
BUILD_NUMBER=${{ env.SHA_SHORT }}
VERSION=${{ env.BRANCH }}
RELEASE=${{ env.SHA_SHORT }}
secrets: |
rhuser=${{ secrets.RH_USERNAME }}
rhpassword=${{ secrets.RH_PASSWORD }}
- name: Build and push mods
id: mods_docker_build
uses: docker/build-push-action@v3
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 || env.DRIVER_EXISTS == 0 }}
with:
context: .
push: true
file: Dockerfile.ubi.amd64
tags: |
${{ env.UBI_DOCKER_REGISTRY_REPOSITORY }}:${{ env.MODS_TAG }}
ghcr.io/${{ env.GH_ORGANIZATION }}/ubi:${{ env.MODS_TAG }}
target: mods
build-args: |
UBI_VER=${{ env.UBI_VERSION }}
BUILD_NUMBER=${{ env.SHA_SHORT }}
VERSION=${{ env.BRANCH }}
RELEASE=${{ env.SHA_SHORT }}
secrets: |
rhuser=${{ secrets.RH_USERNAME }}
rhpassword=${{ secrets.RH_PASSWORD }}
- name: Build and push driver
id: driver_docker_build
uses: docker/build-push-action@v3
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 || env.DRIVER_EXISTS == 0 }}
with:
context: .
push: true
file: Dockerfile.driver.amd64
tags: |
${{ env.UBI_DOCKER_REGISTRY_REPOSITORY }}:${{ env.DRIVER_TAG }}
ghcr.io/${{ env.GH_ORGANIZATION }}/ubi:${{ env.DRIVER_TAG }}
target: driver
build-args: |
UBI_VER=${{ env.UBI_VERSION }}
FALCO_VER=${{ env.FALCO_VERSION }}
FALCO_LIBS_VER=${{ env.FALCO_LIBS_VERSION }}
BUILD_NUMBER=${{ env.SHA_SHORT }}
VERSION=${{ env.BRANCH }}
RELEASE=${{ env.SHA_SHORT }}
secrets: |
rhuser=${{ secrets.RH_USERNAME }}
rhpassword=${{ secrets.RH_PASSWORD }}
- name: Image digest
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 || env.DRIVER_EXISTS == 0 }}
run: |
echo ${{ steps.base_docker_build.outputs.digest }}
echo ${{ steps.mods_docker_build.outputs.digest }}
echo ${{ steps.driver_docker_build.outputs.digest }}
alpine:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 0
- name: Read manifest
shell: bash
run: |
echo "FALCO_VERSION=$(awk -F'=' '/FALCO_VERSION/{print $2}' makefile.manifest.inc)" >> $GITHUB_ENV
echo "FALCO_LIBS_VERSION=$(awk -F'=' '/FALCO_LIBS_VERSION/{print $2}' makefile.manifest.inc)" >> $GITHUB_ENV
echo "ALPINE_VERSION=$(awk -F'=' '/ALPINE_VERSION/{print $2}' makefile.manifest.inc)" >> $GITHUB_ENV
- name: Set image tags
shell: bash
run: |
echo "BASE_TAG=$(echo base-${{ env.FALCO_LIBS_VERSION }}-${{ env.FALCO_VERSION }}-${{ env.ALPINE_VERSION }})" >> $GITHUB_ENV
echo "MODS_TAG=$(echo mods-${{ env.FALCO_LIBS_VERSION }}-${{ env.FALCO_VERSION }}-${{ env.ALPINE_VERSION }})" >> $GITHUB_ENV
- name: Check package version
id: checks
shell: bash
run: |
echo "BASE_EXISTS=$(curl --silent -f --head -lL https://hub.docker.com/v2/repositories/${{ env.ALPINE_DOCKER_REGISTRY_REPOSITORY }}/tags/${{ env.BASE_TAG }}/ > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV
echo "MODS_EXISTS=$(curl --silent -f --head -lL https://hub.docker.com/v2/repositories/${{ env.ALPINE_DOCKER_REGISTRY_REPOSITORY }}/tags/${{ env.MODS_TAG }}/ > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV
- name: Init modules
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 }}
run: make -C modules init
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 }}
- name: Login to DockerHub
uses: docker/login-action@v2
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 }}
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 }}
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set build args
id: args
shell: bash
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 }}
run: |
echo "BRANCH=$(echo ${GITHUB_REF#refs/*/})" >> $GITHUB_ENV
echo "SHA_SHORT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Build and push base
id: base_docker_build
uses: docker/build-push-action@v3
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 }}
with:
context: .
push: true
file: Dockerfile.alpine
tags: |
${{ env.ALPINE_DOCKER_REGISTRY_REPOSITORY }}:${{ env.BASE_TAG }}
ghcr.io/${{ env.GH_ORGANIZATION }}/alpine:${{ env.BASE_TAG }}
target: base
build-args: |
ALPINE_VER=${{ env.ALPINE_VERSION }}
BUILD_NUMBER=${{ env.SHA_SHORT }}
VERSION=${{ env.BRANCH }}
RELEASE=${{ env.SHA_SHORT }}
- name: Build and push mods
id: mods_docker_build
uses: docker/build-push-action@v3
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 }}
with:
context: .
push: true
file: Dockerfile.alpine
tags: |
${{ env.ALPINE_DOCKER_REGISTRY_REPOSITORY }}:${{ env.MODS_TAG }}
ghcr.io/${{ env.GH_ORGANIZATION }}/alpine:${{ env.MODS_TAG }}
target: mods
build-args: |
ALPINE_VER=${{ env.ALPINE_VERSION }}
BUILD_NUMBER=${{ env.SHA_SHORT }}
VERSION=${{ env.BRANCH }}
RELEASE=${{ env.SHA_SHORT }}
- name: Image digest
if: ${{ env.BASE_EXISTS == 0 || env.MODS_EXISTS == 0 }}
run: |
echo ${{ steps.base_docker_build.outputs.digest }}
echo ${{ steps.mods_docker_build.outputs.digest }}
tests:
runs-on: ubuntu-latest
needs: [lint, ubi, alpine]
if: "!contains(github.ref, '-skip-tests')"
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 0
- name: Init modules
run: make -C modules init
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Run tests
run: |
make docker-testing-build
make docker-test
docker:
runs-on: ubuntu-latest
needs: [tests, lint, ubi, alpine]
if: ${{ always() && !failure() && !cancelled() }}
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 0
- name: Read manifest
shell: bash
run: |
echo "FALCO_VERSION=$(awk -F'=' '/FALCO_VERSION/{print $2}' makefile.manifest.inc)" >> $GITHUB_ENV
echo "FALCO_LIBS_VERSION=$(awk -F'=' '/FALCO_LIBS_VERSION/{print $2}' makefile.manifest.inc)" >> $GITHUB_ENV
echo "FALCO_LIBS_DRIVER_VERSION=$(awk -F'=' '/FALCO_LIBS_DRIVER_VERSION/{print $2}' makefile.manifest.inc)" >> $GITHUB_ENV
echo "UBI_VERSION=$(awk -F'=' '/UBI_VERSION/{print $2}' makefile.manifest.inc)" >> $GITHUB_ENV
- name: Init modules
run: make -C modules init
- name: Build image metadata
id: meta
uses: docker/metadata-action@v4
with:
images: |
${{ env.DOCKER_REGISTRY_REPOSITORY }}
ghcr.io/${{ github.repository }}
tags: |
type=edge,branch=master
type=ref,event=branch
type=match,pattern=^\d.\d.\d$
type=ref,event=pr
type=sha,prefix=
type=sha,format=long,prefix=
labels: |
org.opencontainers.image.documentation=https://sysflow.readthedocs.io/
org.opencontainers.image.vendor=SysFlow
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
version: v0.6.3
- name: Login to DockerHub
uses: docker/login-action@v2
if: ${{ github.event_name != 'pull_request' }}
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
if: ${{ github.event_name != 'pull_request' }}
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set build args
id: args
shell: bash
run: |
echo "BRANCH=$(echo ${GITHUB_REF#refs/*/})" >> $GITHUB_ENV
echo "SHA_SHORT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Build and push
id: docker_build
uses: docker/build-push-action@v3
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: "${{ steps.meta.outputs.tags }}"
labels: "${{ steps.meta.outputs.labels }}"
target: runtime
build-args: |
UBI_VER=${{ env.UBI_VERSION }}
FALCO_VER=${{ env.FALCO_VERSION }}
FALCO_LIBS_VER=${{ env.FALCO_LIBS_VERSION }}
FALCO_LIBS_DRIVER_VER=${{ env.FALCO_LIBS_DRIVER_VERSION }}
BUILD_NUMBER=${{ env.SHA_SHORT }}
VERSION=${{ env.BRANCH }}
RELEASE=${{ env.SHA_SHORT }}
- name: Push README to Dockerhub
uses: christian-korneck/update-container-description-action@v1
if: ${{ github.ref == 'refs/heads/master' && github.event_name != 'pull_request' }}
env:
DOCKER_USER: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKER_PASS: ${{ secrets.DOCKERHUB_TOKEN }}
with:
destination_container_repo: ${{ env.DOCKER_REGISTRY_REPOSITORY }}
provider: dockerhub
readme_file: "README.md"
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
release:
needs: [docker]
if: ${{ always() && !failure() && !cancelled() && startsWith(github.ref, 'refs/tags/') }}
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Setup cmake
uses: jwlawson/[email protected]
with:
cmake-version: '3.16.x'
- name: Get version from tag
id: tag_name
shell: bash
run: |
GHREF=${GITHUB_REF#refs/tags/}; echo "CURRENT_VERSION=${GHREF%%-*}" >> $GITHUB_ENV
echo "CURRENT_TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
- name: Init modules
run: make -C modules init
- name: Build Release Assets
id: build_release_assets
shell: bash
run: |
make docker-libs-build
make docker-runtime-build
make docker-libs-build/musl
make docker-runtime-build/musl
make package
make package-libs
make package-libs/musl
export $(sed 's/\?//g' makefile.manifest.inc | grep -v '^#' | xargs)
echo "BIN_DEB=$(ls ${{ github.workspace }}/scripts/cpack/sfcollector-$SYSFLOW_VERSION-x86_64.deb)" >> $GITHUB_ENV
echo "LIB_DEB=$(ls ${{ github.workspace }}/scripts/cpack/libsysflow-$SYSFLOW_VERSION-x86_64.deb)" >> $GITHUB_ENV
echo "LIBMUSL_DEB=$(ls ${{ github.workspace }}/scripts/cpack/libsysflow-musl-$SYSFLOW_VERSION-x86_64.deb)" >> $GITHUB_ENV
echo "BIN_RPM=$(ls ${{ github.workspace }}/scripts/cpack/sfcollector-$SYSFLOW_VERSION-x86_64.rpm)" >> $GITHUB_ENV
echo "LIB_RPM=$(ls ${{ github.workspace }}/scripts/cpack/libsysflow-$SYSFLOW_VERSION-x86_64.rpm)" >> $GITHUB_ENV
echo "LIBMUSL_RPM=$(ls ${{ github.workspace }}/scripts/cpack/libsysflow-musl-$SYSFLOW_VERSION-x86_64.rpm)" >> $GITHUB_ENV
echo "BIN_TGZ=$(ls ${{ github.workspace }}/scripts/cpack/sfcollector-$SYSFLOW_VERSION-x86_64.tar.gz)" >> $GITHUB_ENV
echo "LIB_TGZ=$(ls ${{ github.workspace }}/scripts/cpack/libsysflow-$SYSFLOW_VERSION-x86_64.tar.gz)" >> $GITHUB_ENV
echo "LIBMUSL_TGZ=$(ls ${{ github.workspace }}/scripts/cpack/libsysflow-musl-$SYSFLOW_VERSION-x86_64.tar.gz)" >> $GITHUB_ENV
- name: Get Changelog Entry
id: changelog_reader
uses: mindsers/changelog-reader-action@v2
with:
version: ${{ env.CURRENT_VERSION }}
path: ./CHANGELOG.md
- name: Release
uses: softprops/action-gh-release@v1
with:
body: ${{ steps.changelog_reader.outputs.changes }}
token: ${{ secrets.GITHUB_TOKEN }}
prerelease: ( contains(env.CURRENT_VERSION, '-rc') || contains(env.CURRENT_VERSION, '-alpha') || contains(env.CURRENT_VERSION, '-beta') )
draft: true
files: |
${{ env.BIN_DEB }}
${{ env.LIB_DEB }}
${{ env.LIBMUSL_DEB }}
${{ env.BIN_RPM }}
${{ env.LIB_RPM }}
${{ env.LIBMUSL_RPM }}
${{ env.BIN_TGZ }}
${{ env.LIB_TGZ }}
${{ env.LIBMUSL_TGZ }}