feat(builder-indexes): Update builderrepo flag to handle index file path

Signed-off-by: Lyonel Martinez <[email protected]>

cmd/root.go

@@ -144,8 +144,7 @@ func NewRootCmd() *RootCmd {
 	flags.StringVar(&rootOpts.ModuleDeviceName, "moduledevicename", rootOpts.ModuleDeviceName, "kernel module device name (the default is falco, so the device will be under /dev/falco*)")
 	flags.StringVar(&rootOpts.ModuleDriverName, "moduledrivername", rootOpts.ModuleDriverName, "kernel module driver name, i.e. the name you see when you check installed modules via lsmod")
 	flags.StringVar(&rootOpts.BuilderImage, "builderimage", rootOpts.BuilderImage, "docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.")
-	flags.StringSliceVar(&rootOpts.BuilderRepos, "builderrepo", rootOpts.BuilderRepos, "list of docker repositories in descending priority order, used to search for builder images. Default falcosecurity/driverkit will always be enforced as lowest priority repo. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit")
-	flags.StringSliceVar(&rootOpts.BuilderIndexes, "builderindex", rootOpts.BuilderIndexes, "list of images, with the arch and Gcc versons. eg: --builderindex \"registy.myorg.com/falco/driverkit;any;9.0.0;8.0.0\" --builderindex \"registy.myorg.com/falco/other;target;6.0.0:5.0.0\"")
+	flags.StringSliceVar(&rootOpts.BuilderRepos, "builderrepo", rootOpts.BuilderRepos, "list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0")
 	flags.StringVar(&rootOpts.GCCVersion, "gccversion", rootOpts.GCCVersion, "enforce a specific gcc version for the build")
 
 	flags.StringSliceVar(&rootOpts.KernelUrls, "kernelurls", nil, "list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls \"<URL3>,<URL4>\")")

cmd/root_options.go

@@ -8,6 +8,7 @@ import (
 	"github.com/falcosecurity/driverkit/validate"
 	"github.com/go-playground/validator/v10"
 	logger "github.com/sirupsen/logrus"
+	"regexp"
 	"strings"
 )
 
@@ -33,8 +34,7 @@ type RootOptions struct {
 	Target           string   `validate:"required,target" name:"target"`
 	KernelConfigData string   `validate:"omitempty,base64" name:"kernel config data"` // fixme > tag "name" does not seem to work when used at struct level, but works when used at inner level
 	BuilderImage     string   `validate:"omitempty,imagename" name:"builder image"`
-	BuilderRepos     []string `validate:"omitempty" name:"docker repositories to look for builder images"`
-	BuilderIndexes   []string `validate:"omitempty" name:"builder images indexes"`
+	BuilderRepos     []string `validate:"omitempty" name:"docker repositories to look for builder images or absolute path pointing to a file container builder image index"`
 	GCCVersion       string   `validate:"omitempty,semvertolerant" name:"gcc version"`
 	KernelUrls       []string `name:"kernel header urls"`
 	Repo             RepoOptions
@@ -133,30 +133,25 @@ func (ro *RootOptions) toBuild() *builder.Build {
 		KernelUrls:       ro.KernelUrls,
 		RepoOrg:          ro.Repo.Org,
 		RepoName:         ro.Repo.Name,
-	}
-
-	// if BuilderIndexes in RootOptions has at leat one element, build the build.Images map by parsing the indexes
-	// by split index value by ';' to extract name, target and gcc versions
-	if len(ro.BuilderIndexes) > 0 {
-		build.Images = make(builder.ImagesMap)
-		for _, bi := range ro.BuilderIndexes {
-			infos := strings.Split(bi, ";")
-			name := infos[0]
-			target := builder.Type(infos[1])
-			gccVersions := infos[2:]
-			for _, gcc := range gccVersions {
-				buildImage := builder.Image{
-					Name:       name,
-					Target:     target,
-					GCCVersion: builder.MustParseTolerant(gcc),
-				}
-				build.Images[buildImage.ToKey()] = buildImage
+		Images:           make(builder.ImagesMap),
+	}
+
+	// loop over BuilderRepos to constuct the list ImagesListers based on the value of the builderRepo, if it's a local path, add FileImagesLister, otherwise add RepoImagesLister
+	for _, builderRepo := range ro.BuilderRepos {
+		if strings.HasPrefix(builderRepo, "/") {
+			build.ImagesListers = append(build.ImagesListers, &builder.FileImagesLister{FilePath: builderRepo})
+		} else {
+			if len(build.Regs) == 0 {
+				// Create the proper regexes to load "any" and target-specific images for requested arch
+				arch := kernelrelease.Architecture(build.Architecture).ToNonDeb()
+				build.Regs = make([]*regexp.Regexp, 0)
+				targetFmt := fmt.Sprintf("driverkit-builder-%s-%s(?P<gccVers>(_gcc[0-9]+.[0-9]+.[0-9]+)+)$", build.TargetType.String(), arch)
+				build.Regs = append(build.Regs, regexp.MustCompile(targetFmt))
+				genericFmt := fmt.Sprintf("driverkit-builder-any-%s(?P<gccVers>(_gcc[0-9]+.[0-9]+.[0-9]+)+)$", arch)
+				build.Regs = append(build.Regs, regexp.MustCompile(genericFmt))
 			}
+			build.ImagesListers = append(build.ImagesListers, &builder.RepoImagesLister{Repo: builderRepo})
 		}
-	} else {
-		// If no indexes is passed, append falcosecurity repo; Note: this is a prio first slice
-		// therefore, default falcosecurity repo has lowest prio.
-		build.BuilderRepos = append(build.BuilderRepos, "docker.io/falcosecurity/driverkit")
 	}
 
 	// attempt the build in case it comes from an invalid config

cmd/testdata/templates/flags.txt

@@ -1,8 +1,7 @@
 Flags:
       --architecture string       target architecture for the built driver, one of {{ .Architectures }} (default "{{ .CurrentArch }}")
       --builderimage string       docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
-      --builderindex strings      list of images, with the arch and Gcc versons. eg: --builderindex "registy.myorg.com/falco/driverkit;any;9.0.0;8.0.0" --builderindex "registy.myorg.com/falco/other;target;6.0.0:5.0.0"
-      --builderrepo strings       list of docker repositories in descending priority order, used to search for builder images. Default falcosecurity/driverkit will always be enforced as lowest priority repo. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit
+      --builderrepo strings       list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0
   -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
       --driverversion string      driver version as a git commit hash or as a git tag (default "master")
       --dryrun                    do not actually perform the action

docs/driverkit.md

@@ -11,8 +11,7 @@ driverkit
 ```
       --architecture string       target architecture for the built driver, one of [amd64,arm64] (default "amd64")
       --builderimage string       docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
-      --builderindex strings      list of images, with the arch and Gcc versons. eg: --builderindex "registy.myorg.com/falco/driverkit;any;9.0.0;8.0.0" --builderindex "registy.myorg.com/falco/other;target;6.0.0:5.0.0"
-      --builderrepo strings       list of docker repositories in descending priority order, used to search for builder images. Default falcosecurity/driverkit will always be enforced as lowest priority repo. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit
+      --builderrepo strings       list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0
   -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
       --driverversion string      driver version as a git commit hash or as a git tag (default "master")
       --dryrun                    do not actually perform the action

docs/driverkit_docker.md

@@ -11,8 +11,7 @@ driverkit docker [flags]
 ```
       --architecture string       target architecture for the built driver, one of [amd64,arm64] (default "amd64")
       --builderimage string       docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
-      --builderindex strings      list of images, with the arch and Gcc versons. eg: --builderindex "registy.myorg.com/falco/driverkit;any;9.0.0;8.0.0" --builderindex "registy.myorg.com/falco/other;target;6.0.0:5.0.0"
-      --builderrepo strings       list of docker repositories in descending priority order, used to search for builder images. Default falcosecurity/driverkit will always be enforced as lowest priority repo. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit
+      --builderrepo strings       list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0
   -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
       --driverversion string      driver version as a git commit hash or as a git tag (default "master")
       --dryrun                    do not actually perform the action

docs/driverkit_images.md

@@ -11,8 +11,7 @@ driverkit images [flags]
 ```
       --architecture string       target architecture for the built driver, one of [amd64,arm64] (default "amd64")
       --builderimage string       docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
-      --builderindex strings      list of images, with the arch and Gcc versons. eg: --builderindex "registy.myorg.com/falco/driverkit;any;9.0.0;8.0.0" --builderindex "registy.myorg.com/falco/other;target;6.0.0:5.0.0"
-      --builderrepo strings       list of docker repositories in descending priority order, used to search for builder images. Default falcosecurity/driverkit will always be enforced as lowest priority repo. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit
+      --builderrepo strings       list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0
   -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
       --driverversion string      driver version as a git commit hash or as a git tag (default "master")
       --dryrun                    do not actually perform the action

docs/driverkit_kubernetes-in-cluster.md

@@ -11,8 +11,7 @@ driverkit kubernetes-in-cluster [flags]
 ```
       --architecture string        target architecture for the built driver, one of [amd64,arm64] (default "amd64")
       --builderimage string        docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
-      --builderindex strings       list of images, with the arch and Gcc versons. eg: --builderindex "registy.myorg.com/falco/driverkit;any;9.0.0;8.0.0" --builderindex "registy.myorg.com/falco/other;target;6.0.0:5.0.0"
-      --builderrepo strings        list of docker repositories in descending priority order, used to search for builder images. Default falcosecurity/driverkit will always be enforced as lowest priority repo. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit
+      --builderrepo strings        list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0
   -c, --config string              config file path (default $HOME/.driverkit.yaml if exists)
       --driverversion string       driver version as a git commit hash or as a git tag (default "master")
       --dryrun                     do not actually perform the action

docs/driverkit_kubernetes.md

@@ -14,8 +14,7 @@ driverkit kubernetes [flags]
       --as-group stringArray           group to impersonate for the operation, this flag can be repeated to specify multiple groups
       --as-uid string                  uID to impersonate for the operation
       --builderimage string            docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
-      --builderindex strings           list of images, with the arch and Gcc versons. eg: --builderindex "registy.myorg.com/falco/driverkit;any;9.0.0;8.0.0" --builderindex "registy.myorg.com/falco/other;target;6.0.0:5.0.0"
-      --builderrepo strings            list of docker repositories in descending priority order, used to search for builder images. Default falcosecurity/driverkit will always be enforced as lowest priority repo. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit
+      --builderrepo strings            list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0
       --cache-dir string               default cache directory (default "$HOME/.kube/cache")
       --certificate-authority string   path to a cert file for the certificate authority
       --client-certificate string      path to a client certificate file for TLS

pkg/driverbuilder/builder/build.go

@@ -3,6 +3,7 @@ package builder
 import (
 	"fmt"
 	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+	"regexp"
 )
 
 // Build contains the info about the on-going build.
@@ -19,11 +20,13 @@ type Build struct {
 	ModuleDeviceName string
 	BuilderImage     string
 	BuilderRepos     []string
+	ImagesListers    []ImagesLister
 	KernelUrls       []string
 	GCCVersion       string
 	RepoOrg          string
 	RepoName         string
 	Images           ImagesMap
+	Regs             []*regexp.Regexp
 }
 
 func (b *Build) KernelReleaseFromBuildConfig() kernelrelease.KernelRelease {