From ddafdb81c641d44309e05c25e767712edd766163 Mon Sep 17 00:00:00 2001 From: Roberto Scolaro Date: Tue, 21 Jan 2025 20:12:18 +0000 Subject: [PATCH] refactor(ci): integrate arm64 runner + clenaup Signed-off-by: Roberto Scolaro --- .github/workflows/ci.yaml | 2 +- .github/workflows/release-draft.yaml | 295 +++++++++++++-------------- 2 files changed, 138 insertions(+), 159 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index bfc4d966b3..1ef16efd51 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -84,7 +84,7 @@ jobs: - name: Set artifact name id: artifact_name run: | - echo "name=sysdig-dev-linux-$(echo ${{ matrix.platform }} | sed -e 's|/|-|g')" >> $GITHUB_OUTPUT + echo "name=sysdig-dev-linux-$(echo ${{ matrix.platform }} | sed -e 's|/|-|g')" >> "$GITHUB_OUTPUT" - name: Upload rpm package uses: actions/upload-artifact@v4 diff --git a/.github/workflows/release-draft.yaml b/.github/workflows/release-draft.yaml index 2481b1efd3..0de84f6c99 100644 --- a/.github/workflows/release-draft.yaml +++ b/.github/workflows/release-draft.yaml @@ -6,206 +6,180 @@ on: - '[0-9]+.[0-9]+.[0-9]+-[a-z]+' - '[0-9]+.[0-9]+.[0-9]+-[a-z]+[0-9]+' -jobs: +env: + BUILD_VERSION: ${{ github.ref_name }} - build-skeleton-sysdig-linux-amd64: - runs-on: ubuntu-latest +jobs: + build-release-linux: + runs-on: ubuntu-24.04${{ matrix.platform == 'arm64' && '-arm' || '' }} container: - image: ghcr.io/draios/sysdig-skel-builder:dev - steps: - - name: Checkout Sysdig - uses: actions/checkout@v4 - with: - path: sysdig - - name: Link paths - run: | - mkdir -p /source - ln -s "$GITHUB_WORKSPACE/sysdig" /source/sysdig - - name: Prepare build skeleton - run: build cmake-skeleton - - name: Build skeleton - run: build make-skeleton - - name: Cache build skeleton - uses: actions/cache/save@v3 - if: always() - id: cache - with: - path: /build-skeleton - key: build-skeleton-${{ github.run_id }} + image: ubuntu:22.04 + strategy: + matrix: + platform: + - amd64 + - arm64 + include: + - platform: amd64 + base_arch: x86_64 + release_arch: x86_64 + - platform: arm64 + base_arch: aarch64 + release_arch: aarch64 - build-release-linux-amd64: - needs: build-skeleton-sysdig-linux-amd64 - runs-on: ubuntu-latest env: - BUILD_VERSION: ${{ github.ref_name }} - ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true - container: - image: ghcr.io/draios/sysdig-builder:dev + ZIG_VERSION: 0.14.0-dev.2851+b074fb7dd + steps: - name: Checkout Sysdig uses: actions/checkout@v4 with: - path: sysdig - - name: Link paths + fetch-depth: 0 + + - name: Install deps run: | - mkdir -p /source - ln -s "$GITHUB_WORKSPACE/sysdig" /source/sysdig - - name: Restore build skeleton - id: cache - uses: actions/cache/restore@v3 - with: - path: /build-skeleton - key: build-skeleton-${{ github.run_id }} - restore-keys: build-skeleton- - - name: Build - run: build cmake - - name: Build packages - run: build package - - name: Upload Artifacts - uses: actions/upload-artifact@v3 - with: - name: sysdig-release-${{ env.BUILD_VERSION }}-x86_64 - path: /build/release/sysdig-${{ env.BUILD_VERSION }}* - - build-release-linux-arm64: - runs-on: ubuntu-latest - env: - REGISTRY: ghcr.io - BUILD_VERSION: ${{ github.ref_name }} - ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true - steps: - - name: Checkout Sysdig - uses: actions/checkout@v4 - with: - path: sysdig - - name: Create build dir + cp -v scripts/zig-cc /usr/bin/ + cp -v scripts/zig-c++ /usr/bin/ + apt update && \ + apt install -y --no-install-recommends \ + autoconf \ + automake \ + build-essential \ + ca-certificates \ + clang \ + cmake \ + curl \ + git \ + libelf-dev \ + libtool \ + llvm \ + ninja-build \ + pkg-config \ + rpm \ + wget \ + xz-utils && \ + git clone https://github.com/libbpf/bpftool.git --branch v7.3.0 --single-branch && \ + cd bpftool && \ + git submodule update --init && \ + cd src && \ + make install && \ + cd ../.. && \ + rm -fr bpftool && \ + curl -LO https://ziglang.org/builds/zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \ + tar -xaf zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \ + rm -v zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \ + cd zig-linux-$(uname -m)-${ZIG_VERSION} && \ + cp -v zig /usr/bin && \ + find lib -exec cp --parents {} /usr/ \; && \ + cd .. && \ + rm -fr zig* + + - name: Build Sysdig + env: + CC: zig-cc + CXX: zig-c++ + AR: zig ar + RANLIB: zig ranlib run: | - mkdir -p ${{ github.workspace }}/sysdig-build-aarch64 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: 'amd64,arm64' - - name: Run the build skeleton process with Docker - uses: addnab/docker-run-action@v3 - with: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - registry: ${{ env.REGISTRY }} - image: ghcr.io/draios/sysdig-skel-builder:dev - options: --platform=linux/arm64 -v ${{ github.workspace }}/sysdig:/source/sysdig -v ${{ github.workspace }}/sysdig-build-aarch64:/build/release-packages -v ${{ github.workspace }}/skeleton-build:/build-skeleton -e BUILD_VERSION=${{ env.BUILD_VERSION }} - run: | - mkdir -p /build/release-packages && \ - build cmake-skeleton && \ - build make-skeleton - - name: Run the build process with Docker - uses: addnab/docker-run-action@v3 - with: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - registry: ${{ env.REGISTRY }} - image: ghcr.io/draios/sysdig-builder:dev - options: --platform=linux/arm64 -v ${{ github.workspace }}/sysdig:/source/sysdig -v ${{ github.workspace }}/sysdig-build-aarch64:/build/release-packages -v ${{ github.workspace }}/skeleton-build:/build-skeleton -e BUILD_VERSION=${{ env.BUILD_VERSION }} - run: | - mkdir -p /build/release-packages && \ - build cmake && \ - build package && \ - cp /build/release/sysdig-${{ env.BUILD_VERSION }}* /build/release-packages + cmake \ + -DUSE_BUNDLED_DEPS=ON \ + -DBUILD_BPF=OFF \ + -DBUILD_DRIVER=OFF \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_INSTALL_PREFIX="/usr" \ + -DSYSDIG_VERSION="${{ env.BUILD_VERSION }}" \ + -Wno-dev \ + -S . \ + -B build \ + -G Ninja + cmake --build build --target package --config Release - name: Upload Artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: - name: sysdig-release-${{ env.BUILD_VERSION }}-aarch64 - path: ${{ github.workspace }}/sysdig-build-aarch64/sysdig-${{ env.BUILD_VERSION }}* - + name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.release_arch }} + path: | + build/sysdig-${{ env.BUILD_VERSION }}* + build-release-others-amd64: name: build-release-others-amd64 strategy: matrix: - os: [windows-latest, macos-13] + os: [windows-latest, macos-13, macos-14] include: - os: windows-latest artifact_name: win artifact_ext: exe + arch: x86_64 - os: macos-13 artifact_name: osx artifact_ext: dmg - env: - BUILD_VERSION: ${{ github.ref_name }} - runs-on: ${{ matrix.os }} - steps: - - name: Checkout Sysdig - uses: actions/checkout@v4 - - name: Build - run: | - mkdir -p build - cd build && cmake -Wno-dev -DBUILD_DRIVER=OFF -DSYSDIG_VERSION="${{ env.BUILD_VERSION }}" .. - cmake --build . --target package --config Release - - name: Upload Artifacts - uses: actions/upload-artifact@v3 - with: - name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.artifact_name }}-x86_64 - path: build/sysdig-${{ env.BUILD_VERSION }}*.${{ matrix.artifact_ext }} - - build-release-others-arm64: - name: build-release-others-arm64 - strategy: - matrix: - os: [macos-14] - include: + arch: x86_64 - os: macos-14 artifact_name: osx artifact_ext: dmg - env: - BUILD_VERSION: ${{ github.ref_name }} - runs-on: ${{ matrix.os }} + arch: arm64 + runs-on: ${{ matrix.os }} steps: - name: Checkout Sysdig uses: actions/checkout@v4 - name: Build run: | - mkdir -p build - cd build && cmake -Wno-dev -DBUILD_DRIVER=OFF -DSYSDIG_VERSION="${{ env.BUILD_VERSION }}" .. - cmake --build . --target package --config Release + cmake -Wno-dev -DBUILD_DRIVER=OFF -DSYSDIG_VERSION="${{ env.BUILD_VERSION }}" -S . -B build + cmake --build build --target package --config Release - name: Upload Artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: - name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.artifact_name }}-arm64 + name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.artifact_name }}-${{ matrix.arch }} path: build/sysdig-${{ env.BUILD_VERSION }}*.${{ matrix.artifact_ext }} push-container-image: - runs-on: ubuntu-latest - needs: [build-release-linux-amd64, build-release-linux-arm64, sign-rpms, sign-debs] + runs-on: ubuntu-24.04${{ matrix.platform == 'arm64' && '-arm' || '' }} + container: + image: ubuntu:22.04 + strategy: + matrix: + platform: + - amd64 + - arm64 + include: + - platform: amd64 + base_arch: x86_64 + release_arch: x86_64 + - platform: arm64 + base_arch: aarch64 + release_arch: aarch64 + needs: [build-release-linux, sign-rpms, sign-debs] env: - BUILD_VERSION: ${{ github.ref_name }} REGISTRY: ghcr.io SYSDIG_IMAGE_BASE: ghcr.io/draios/sysdig steps: - name: Checkout Sysdig uses: actions/checkout@v4 + - name: Download artifacts aarch64 - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-aarch64 + - name: Download artifacts x86_64 - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-x86_64 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: 'amd64,arm64' + - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 + - name: Login to Github Packages uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push container images uses: docker/build-push-action@v6 with: - platforms: linux/amd64,linux/arm64 file: docker/sysdig/Dockerfile context: . tags: ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.BUILD_VERSION }}-draft @@ -222,10 +196,9 @@ jobs: arch: x86_64 - name: arm64 arch: aarch64 - needs: [build-release-linux-amd64, build-release-linux-arm64] + needs: build-release-linux runs-on: ubuntu-latest env: - BUILD_VERSION: ${{ github.ref_name }} KEY_ID: EC51E8C4 container: image: fedora:39 @@ -233,19 +206,19 @@ jobs: - name: Install deps run: dnf install -y rpm-sign pinentry - name: Download artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }} - name: Import private key env: PRIVATE_KEY: ${{ secrets.SYSDIG_REPO_SIGNING_KEY }} run: printenv PRIVATE_KEY | gpg --import - - - name: Sign RPMs + - name: Sign RPMs run: rpm --define "_gpg_name ${{ env.KEY_ID }}" --define "_binary_filedigest_algorithm 8" --addsign *.rpm - name: Check signature run: test "$(rpm -qpi *.rpm | awk '/Signature/' | grep -i none | wc -l)" -eq 0 - name: Upload Signed RPMs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }} path: "*.rpm" @@ -260,57 +233,63 @@ jobs: arch: x86_64 - name: arm64 arch: aarch64 - needs: [build-release-linux-amd64, build-release-linux-arm64] + needs: build-release-linux env: - BUILD_VERSION: ${{ github.ref_name }} KEY_ID: EC51E8C4 container: image: debian:bullseye-slim steps: - name: Install deps run: apt-get update && apt-get -y install dpkg-sig + - name: Download artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }} + - name: Import private key env: PRIVATE_KEY: ${{ secrets.SYSDIG_REPO_SIGNING_KEY }} run: printenv PRIVATE_KEY | gpg --import - + - name: Sign DEBs run: dpkg-sig -k ${{ env.KEY_ID }} -s builder *.deb + - name: Check signature run: dpkg-sig --verify *.deb + - name: Upload Signed DEBs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }} path: "*.deb" create-draft-release: runs-on: ubuntu-latest - needs: [push-container-image, build-release-linux-amd64, build-release-linux-arm64, sign-rpms, sign-debs] - env: - BUILD_VERSION: ${{ github.ref_name }} + needs: [push-container-image, build-release-linux, sign-rpms, sign-debs] steps: - name: Download artifacts (linux-amd64) - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-x86_64 - name: Download artifacts (linux-arm64) - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-aarch64 - name: Download artifacts (win-amd64) - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-win-x86_64 - name: Download artifacts (osx-amd64) - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-osx-x86_64 + - name: Download artifacts (osx-arm64) + uses: actions/download-artifact@v4 + with: + name: sysdig-release-${{ env.BUILD_VERSION }}-osx-arm64 - name: Create draft release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v2 with: files: | sysdig-${{ env.BUILD_VERSION }}*