Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

new(build): bump libs, reintroduce static build #3428

Merged
merged 9 commits into from
Dec 19, 2024
Merged

new(build): bump libs, reintroduce static build #3428

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
006e1b0
update(falco): update libs to latest master
LucaGuerra Dec 13, 2024
4284d8f
Revert "update(build): disable musl builds"
LucaGuerra Dec 13, 2024
cb9e146
update(build): link (BSD) libelf statically by default
LucaGuerra Dec 13, 2024
75497f6
fix(ci): upgrade bpftool for static build
LucaGuerra Dec 13, 2024
cd339ae
fix(build): remove zlib requirement from cpp-httplib
LucaGuerra Dec 16, 2024
3184674
fix(ci): use ubuntu 22.04 to build wasm due to a regression (undefine…
LucaGuerra Dec 17, 2024
599663b
fix(ci): consolidate sanitizers/not sanitizers jobs
LucaGuerra Dec 17, 2024
5b3703b
fix(falco): prevent use-after-return in webserver
LucaGuerra Dec 17, 2024
1e6783e
cleanup(build): remove libelf dependency
LucaGuerra Dec 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 10 additions & 21 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,45 +19,34 @@ jobs:
fetch-version:
uses: ./.github/workflows/reusable_fetch_version.yaml

build-dev-packages-sanitizers-x86_64:
needs: [fetch-version]
uses: ./.github/workflows/reusable_build_packages.yaml
with:
arch: x86_64
version: ${{ needs.fetch-version.outputs.version }}
build_type: Debug
sanitizers: true

build-dev-packages-x86_64:
needs: [fetch-version]
uses: ./.github/workflows/reusable_build_packages.yaml
with:
arch: x86_64
version: ${{ needs.fetch-version.outputs.version }}
build_type: Release
enable_debug: true
enable_sanitizers: true

build-dev-packages-arm64:
needs: [fetch-version]
uses: ./.github/workflows/reusable_build_packages.yaml
with:
arch: aarch64
version: ${{ needs.fetch-version.outputs.version }}
build_type: Debug
sanitizers: false
enable_debug: true

test-dev-packages:
needs: [fetch-version, build-dev-packages-sanitizers-x86_64]
needs: [fetch-version, build-dev-packages-x86_64]
uses: ./.github/workflows/reusable_test_packages.yaml
# The musl build job is currently disabled because we link libelf dynamically and it is
# not possible to dynamically link with musl
# strategy:
# fail-fast: false
# matrix:
# static: ["static", ""]
strategy:
fail-fast: false
matrix:
static: ["static", ""]
with:
arch: x86_64
sanitizers: true
# static: ${{ matrix.static != '' && true || false }}
sanitizers: ${{ matrix.static == '' && true || false }}
static: ${{ matrix.static != '' && true || false }}
version: ${{ needs.fetch-version.outputs.version }}

test-dev-packages-arm64:
Expand Down
12 changes: 5 additions & 7 deletions .github/workflows/master.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,15 +31,13 @@ jobs:
test-dev-packages:
needs: [fetch-version, build-dev-packages]
uses: ./.github/workflows/reusable_test_packages.yaml
# The musl build job is currently disabled because we link libelf dynamically and it is
# not possible to dynamically link with musl
# strategy:
# fail-fast: false
# matrix:
# static: ["static", ""]
strategy:
fail-fast: false
matrix:
static: ["static", ""]
with:
arch: x86_64
# static: ${{ matrix.static != '' && true || false }}
static: ${{ matrix.static != '' && true || false }}
version: ${{ needs.fetch-version.outputs.version }}

test-dev-packages-arm64:
Expand Down
13 changes: 5 additions & 8 deletions .github/workflows/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,16 +69,13 @@ jobs:
test-packages:
needs: [release-settings, build-packages]
uses: ./.github/workflows/reusable_test_packages.yaml

# The musl build job is currently disabled because we link libelf dynamically and it is
# not possible to dynamically link with musl
# strategy:
# fail-fast: false
# matrix:
# static: ["static", ""]
strategy:
fail-fast: false
matrix:
static: ["static", ""]
with:
arch: x86_64
# static: ${{ matrix.static != '' && true || false }}
static: ${{ matrix.static != '' && true || false }}
version: ${{ github.event.release.tag_name }}

test-packages-arm64:
Expand Down
161 changes: 130 additions & 31 deletions .github/workflows/reusable_build_packages.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,13 @@ on:
description: The Falco version to use when building packages
required: true
type: string
build_type:
description: The build type
enable_debug:
description: Also create a debug build
required: false
type: string
default: 'Release'
sanitizers:
description: enable sanitizer support
type: boolean
default: false
enable_sanitizers:
description: Also create a sanitizer build
required: false
type: boolean
default: false
Expand All @@ -33,7 +33,7 @@ jobs:
# Always install deps before invoking checkout action, to properly perform a full clone.
- name: Install build dependencies
run: |
dnf install -y bpftool ca-certificates cmake make automake gcc gcc-c++ kernel-devel clang git pkg-config autoconf automake libbpf-devel elfutils-libelf-devel
dnf install -y bpftool ca-certificates cmake make automake gcc gcc-c++ kernel-devel clang git pkg-config autoconf automake

- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
Expand All @@ -51,15 +51,15 @@ jobs:
path: skeleton-build/skel_dir/bpf_probe.skel.h
retention-days: 1

build-packages:
build-packages-release:
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
runs-on: ${{ (inputs.arch == 'aarch64' && 'oracle-aarch64-4cpu-16gb') || 'ubuntu-latest' }}
needs: [build-modern-bpf-skeleton]
steps:
# Always install deps before invoking checkout action, to properly perform a full clone.
- name: Install build deps
run: |
sudo apt update && sudo apt install -y --no-install-recommends ca-certificates cmake curl wget build-essential git pkg-config autoconf automake libtool libelf-dev m4 rpm
sudo apt update && sudo apt install -y --no-install-recommends ca-certificates cmake curl wget build-essential git pkg-config autoconf automake libtool m4 rpm

- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
Expand All @@ -78,14 +78,13 @@ jobs:
# Jemalloc and ASAN don't play very well together.
run: |
cmake -B build -S . \
-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} \
-DCMAKE_BUILD_TYPE=Release \
-DUSE_BUNDLED_DEPS=On \
-DFALCO_ETC_DIR=/etc/falco \
-DMODERN_BPF_SKEL_DIR=/tmp \
-DBUILD_DRIVER=Off \
-DBUILD_BPF=Off \
-DUSE_ASAN=${{ (inputs.sanitizers == true && inputs.arch == 'x86_64' && 'ON') || 'OFF' }} \
-DUSE_JEMALLOC=${{ (inputs.sanitizers == true && inputs.arch == 'x86_64' && 'OFF') || 'ON' }} \
-DUSE_JEMALLOC=ON \
-DFALCO_VERSION=${{ inputs.version }}

- name: Build project
Expand All @@ -99,37 +98,137 @@ jobs:
- name: Upload Falco tar.gz package
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: falco-${{ inputs.version }}-${{ inputs.arch }}${{ inputs.sanitizers == true && '-sanitizers' || '' }}.tar.gz
name: falco-${{ inputs.version }}-${{ inputs.arch }}.tar.gz
path: |
${{ github.workspace }}/build/falco-*.tar.gz

- name: Upload Falco deb package
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: falco-${{ inputs.version }}-${{ inputs.arch }}${{ inputs.sanitizers == true && '-sanitizers' || '' }}.deb
name: falco-${{ inputs.version }}-${{ inputs.arch }}.deb
path: |
${{ github.workspace }}/build/falco-*.deb

- name: Upload Falco rpm package
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: falco-${{ inputs.version }}-${{ inputs.arch }}${{ inputs.sanitizers == true && '-sanitizers' || '' }}.rpm
name: falco-${{ inputs.version }}-${{ inputs.arch }}.rpm
path: |
${{ github.workspace }}/build/falco-*.rpm

build-packages-debug:
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
runs-on: ${{ (inputs.arch == 'aarch64' && 'oracle-aarch64-4cpu-16gb') || 'ubuntu-22.04' }}
if: ${{ inputs.enable_debug == true }}
needs: [build-modern-bpf-skeleton]
steps:
# Always install deps before invoking checkout action, to properly perform a full clone.
- name: Install build deps
run: |
sudo apt update && sudo apt install -y --no-install-recommends ca-certificates cmake curl wget build-essential git pkg-config autoconf automake libtool m4 rpm

- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Download skeleton
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: bpf_probe_${{ inputs.arch }}.skel.h
path: /tmp

- name: Install zig
if: inputs.sanitizers == false
uses: falcosecurity/libs/.github/actions/install-zig@master

- name: Prepare project
run: |
cmake -B build -S . \
-DCMAKE_BUILD_TYPE=Debug \
-DUSE_BUNDLED_DEPS=On \
-DFALCO_ETC_DIR=/etc/falco \
-DMODERN_BPF_SKEL_DIR=/tmp \
-DBUILD_DRIVER=Off \
-DBUILD_BPF=Off \
-DUSE_JEMALLOC=On \
-DFALCO_VERSION=${{ inputs.version }}

- name: Build project
run: |
cmake --build build --target falco -j6

- name: Build packages
run: |
cmake --build build --target package

- name: Upload Falco tar.gz package
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: falco-${{ inputs.version }}-${{ inputs.arch }}-debug.tar.gz
path: |
${{ github.workspace }}/build/falco-*.rpm
${{ github.workspace }}/build/falco-*.tar.gz

build-packages-sanitizers:
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
runs-on: ${{ (inputs.arch == 'aarch64' && 'oracle-aarch64-4cpu-16gb') || 'ubuntu-latest' }}
if: ${{ inputs.enable_sanitizers == true }}
needs: [build-modern-bpf-skeleton]
steps:
# Always install deps before invoking checkout action, to properly perform a full clone.
- name: Install build deps
run: |
sudo apt update && sudo apt install -y --no-install-recommends ca-certificates cmake curl wget build-essential git pkg-config autoconf automake libtool m4 rpm

- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Download skeleton
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: bpf_probe_${{ inputs.arch }}.skel.h
path: /tmp

- name: Prepare project
run: |
cmake -B build -S . \
-DCMAKE_BUILD_TYPE=Debug \
-DUSE_BUNDLED_DEPS=On \
-DFALCO_ETC_DIR=/etc/falco \
-DMODERN_BPF_SKEL_DIR=/tmp \
-DBUILD_DRIVER=Off \
-DBUILD_BPF=Off \
-DUSE_JEMALLOC=Off \
-DUSE_ASAN=On \
-DFALCO_VERSION=${{ inputs.version }}

- name: Build project
run: |
cmake --build build --target falco -j6

- name: Build packages
run: |
cmake --build build --target package

- name: Upload Falco tar.gz package
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: falco-${{ inputs.version }}-${{ inputs.arch }}-sanitizers.tar.gz
path: |
${{ github.workspace }}/build/falco-*.tar.gz

# The musl build job is currently disabled because we link libelf dynamically and it is
# not possible to dynamically link with musl
build-musl-package:
# x86_64 only for now
# if: ${{ inputs.arch == 'x86_64' }}
if: false
if: ${{ inputs.arch == 'x86_64' }}
runs-on: ubuntu-latest
container: alpine:3.17
steps:
# Always install deps before invoking checkout action, to properly perform a full clone.
- name: Install build dependencies
run: |
apk add g++ gcc cmake make git bash perl linux-headers autoconf automake m4 libtool elfutils-dev libelf-static patch binutils bpftool clang
apk add g++ gcc cmake make git bash perl linux-headers autoconf automake m4 libtool elfutils-dev libelf-static patch binutils clang llvm
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: do we need elfutils-dev libelf-static deps here? Considering we are using a bundled build.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think they are required to build bpftool.

git clone https://github.com/libbpf/bpftool.git --branch v7.3.0 --single-branch
cd bpftool
git submodule update --init
cd src && make install

- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
Expand All @@ -139,10 +238,10 @@ jobs:
- name: Prepare project
run: |
cmake -B build -S . \
-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} \
-DCMAKE_BUILD_TYPE=Release \
Copy link
Contributor

@FedeDP FedeDP Dec 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to enforce jemalloc for musl build too?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure but I'm not a jemalloc expert. What do you think?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that all of our release artifact should spot the same behavior, therefore i'd say yes!

-DCPACK_GENERATOR=TGZ \
-DBUILD_BPF=Off -DBUILD_DRIVER=Off \
-DUSE_BUNDLED_DEPS=On -DUSE_BUNDLED_LIBELF=Off -DBUILD_LIBSCAP_MODERN_BPF=ON -DMUSL_OPTIMIZED_BUILD=On -DFALCO_ETC_DIR=/etc/falco -DFALCO_VERSION=${{ inputs.version }}
-DUSE_BUNDLED_DEPS=On -DBUILD_LIBSCAP_MODERN_BPF=ON -DMUSL_OPTIMIZED_BUILD=On -DFALCO_ETC_DIR=/etc/falco -DFALCO_VERSION=${{ inputs.version }}

- name: Build project
run: |
Expand All @@ -166,7 +265,7 @@ jobs:

build-wasm-package:
if: ${{ inputs.arch == 'x86_64' }}
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
LucaGuerra marked this conversation as resolved.
Show resolved Hide resolved
steps:
# Always install deps before invoking checkout action, to properly perform a full clone.
- name: Install build dependencies
Expand All @@ -190,7 +289,7 @@ jobs:
-DBUILD_BPF=Off \
-DBUILD_DRIVER=Off \
-DBUILD_FALCO_MODERN_BPF=Off \
-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} \
-DCMAKE_BUILD_TYPE=Release \
-DUSE_BUNDLED_DEPS=On \
-DFALCO_ETC_DIR=/etc/falco \
-DBUILD_FALCO_UNIT_TESTS=On \
Expand Down Expand Up @@ -230,28 +329,28 @@ jobs:
# NOTE: Backslash doesn't work as line continuation on Windows.
- name: Prepare project
run: |
cmake -B build -S . -DCMAKE_BUILD_TYPE=${{ inputs.build_type }} -DMINIMAL_BUILD=On -DUSE_BUNDLED_DEPS=On -DBUILD_FALCO_UNIT_TESTS=On -DFALCO_VERSION=${{ inputs.version }}
cmake -B build -S . -DCMAKE_BUILD_TYPE=Release -DMINIMAL_BUILD=On -DUSE_BUNDLED_DEPS=On -DBUILD_FALCO_UNIT_TESTS=On -DFALCO_VERSION=${{ inputs.version }}

- name: Build project
run: |
cmake --build build --target package --config ${{ inputs.build_type }}
cmake --build build --target package --config Release

- name: Run unit Tests
run: |
build/unit_tests/${{ inputs.build_type }}/falco_unit_tests.exe
build/unit_tests/Release/falco_unit_tests.exe

- name: Upload Falco win32 installer
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: falco-installer-${{ inputs.version }}-win32.exe
name: falco-installer-Release-win32.exe
path: build/falco-*.exe

- name: Upload Falco win32 package
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: falco-${{ inputs.version }}-win32.exe
name: falco-Release-win32.exe
path: |
${{ github.workspace }}/build/userspace/falco/${{ inputs.build_type }}/falco.exe
${{ github.workspace }}/build/userspace/falco/Release/falco.exe

build-macos-package:
if: ${{ inputs.arch == 'x86_64' }}
Expand Down
8 changes: 1 addition & 7 deletions .github/workflows/reusable_publish_packages.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,7 @@ jobs:
name: falco-${{ inputs.version }}-aarch64.tar.gz
path: /tmp/falco-build-bin

# The musl build job is currently disabled because we link libelf dynamically and it is
# not possible to dynamically link with musl
- name: Download static binary x86_64
if: false
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: falco-${{ inputs.version }}-static-x86_64.tar.gz
Expand Down Expand Up @@ -102,11 +99,8 @@ jobs:
run: |
./scripts/publish-bin -f /tmp/falco-build-bin/falco-${{ inputs.version }}-x86_64.tar.gz -r bin${{ inputs.bucket_suffix }} -a x86_64
./scripts/publish-bin -f /tmp/falco-build-bin/falco-${{ inputs.version }}-aarch64.tar.gz -r bin${{ inputs.bucket_suffix }} -a aarch64

# The musl build job is currently disabled because we link libelf dynamically and it is
# not possible to dynamically link with musl

- name: Publish static
if: false
run: |
./scripts/publish-bin -f /tmp/falco-build-bin-static/falco-${{ inputs.version }}-static-x86_64.tar.gz -r bin${{ inputs.bucket_suffix }} -a x86_64

Expand Down
Loading
Loading