chore(ci): enable jemalloc in musl build. #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a reusable workflow used by master and release CI | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| arch: | ||
| description: x86_64 or aarch64 | ||
| required: true | ||
| type: string | ||
| version: | ||
| description: The Falco version to use when building packages | ||
| required: true | ||
| type: string | ||
| enable_debug: | ||
| description: Also create a debug build | ||
| required: false | ||
| type: boolean | ||
| default: false | ||
| enable_sanitizers: | ||
| description: Also create a sanitizer build | ||
| required: false | ||
| type: boolean | ||
| default: false | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| build-modern-bpf-skeleton: | ||
| # See https://github.com/actions/runner/issues/409#issuecomment-1158849936 | ||
| runs-on: ${{ (inputs.arch == 'aarch64' && 'oracle-aarch64-4cpu-16gb') || 'ubuntu-latest' }} | ||
| container: fedora:latest | ||
| steps: | ||
| # Always install deps before invoking checkout action, to properly perform a full clone. | ||
| - name: Install build dependencies | ||
| run: | | ||
| dnf install -y bpftool ca-certificates cmake make automake gcc gcc-c++ kernel-devel clang git pkg-config autoconf automake | ||
| - name: Checkout | ||
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| - name: Build modern BPF skeleton | ||
| run: | | ||
| cmake -B skeleton-build -S . \ | ||
| -DUSE_BUNDLED_DEPS=ON -DCREATE_TEST_TARGETS=Off -DFALCO_VERSION=${{ inputs.version }} | ||
| cmake --build skeleton-build --target ProbeSkeleton -j6 | ||
| - name: Upload skeleton | ||
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | ||
| with: | ||
| name: bpf_probe_${{ inputs.arch }}.skel.h | ||
| path: skeleton-build/skel_dir/bpf_probe.skel.h | ||
| retention-days: 1 | ||
| build-packages-release: | ||
| # See https://github.com/actions/runner/issues/409#issuecomment-1158849936 | ||
| runs-on: ${{ (inputs.arch == 'aarch64' && 'oracle-aarch64-4cpu-16gb') || 'ubuntu-latest' }} | ||
| needs: [build-modern-bpf-skeleton] | ||
| steps: | ||
| # Always install deps before invoking checkout action, to properly perform a full clone. | ||
| - name: Install build deps | ||
| run: | | ||
| sudo apt update && sudo apt install -y --no-install-recommends ca-certificates cmake curl wget build-essential git pkg-config autoconf automake libtool m4 rpm | ||
| - name: Checkout | ||
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| - name: Download skeleton | ||
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | ||
| with: | ||
| name: bpf_probe_${{ inputs.arch }}.skel.h | ||
| path: /tmp | ||
| - name: Install zig | ||
| if: inputs.sanitizers == false | ||
| uses: falcosecurity/libs/.github/actions/install-zig@master | ||
| - name: Prepare project | ||
| run: | | ||
| cmake -B build -S . \ | ||
| -DCMAKE_BUILD_TYPE=Release \ | ||
| -DUSE_BUNDLED_DEPS=On \ | ||
| -DFALCO_ETC_DIR=/etc/falco \ | ||
| -DMODERN_BPF_SKEL_DIR=/tmp \ | ||
| -DBUILD_DRIVER=Off \ | ||
| -DBUILD_BPF=Off \ | ||
| -DUSE_JEMALLOC=ON \ | ||
| -DFALCO_VERSION=${{ inputs.version }} | ||
| - name: Build project | ||
| run: | | ||
| cmake --build build --target falco -j6 | ||
| - name: Build packages | ||
| run: | | ||
| cmake --build build --target package | ||
| - name: Upload Falco tar.gz package | ||
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | ||
| with: | ||
| name: falco-${{ inputs.version }}-${{ inputs.arch }}.tar.gz | ||
| path: | | ||
| ${{ github.workspace }}/build/falco-*.tar.gz | ||
| - name: Upload Falco deb package | ||
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | ||
| with: | ||
| name: falco-${{ inputs.version }}-${{ inputs.arch }}.deb | ||
| path: | | ||
| ${{ github.workspace }}/build/falco-*.deb | ||
| - name: Upload Falco rpm package | ||
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | ||
| with: | ||
| name: falco-${{ inputs.version }}-${{ inputs.arch }}.rpm | ||
| path: | | ||
| ${{ github.workspace }}/build/falco-*.rpm | ||
| build-packages-debug: | ||
| # See https://github.com/actions/runner/issues/409#issuecomment-1158849936 | ||
| runs-on: ${{ (inputs.arch == 'aarch64' && 'oracle-aarch64-4cpu-16gb') || 'ubuntu-22.04' }} | ||
| if: ${{ inputs.enable_debug == true }} | ||
| needs: [build-modern-bpf-skeleton] | ||
| steps: | ||
| # Always install deps before invoking checkout action, to properly perform a full clone. | ||
| - name: Install build deps | ||
| run: | | ||
| sudo apt update && sudo apt install -y --no-install-recommends ca-certificates cmake curl wget build-essential git pkg-config autoconf automake libtool m4 rpm | ||
| - name: Checkout | ||
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| - name: Download skeleton | ||
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | ||
| with: | ||
| name: bpf_probe_${{ inputs.arch }}.skel.h | ||
| path: /tmp | ||
| - name: Install zig | ||
| if: inputs.sanitizers == false | ||
| uses: falcosecurity/libs/.github/actions/install-zig@master | ||
| - name: Prepare project | ||
| run: | | ||
| cmake -B build -S . \ | ||
| -DCMAKE_BUILD_TYPE=Debug \ | ||
| -DUSE_BUNDLED_DEPS=On \ | ||
| -DFALCO_ETC_DIR=/etc/falco \ | ||
| -DMODERN_BPF_SKEL_DIR=/tmp \ | ||
| -DBUILD_DRIVER=Off \ | ||
| -DBUILD_BPF=Off \ | ||
| -DUSE_JEMALLOC=On \ | ||
| -DFALCO_VERSION=${{ inputs.version }} | ||
| - name: Build project | ||
| run: | | ||
| cmake --build build --target falco -j6 | ||
| - name: Build packages | ||
| run: | | ||
| cmake --build build --target package | ||
| - name: Upload Falco tar.gz package | ||
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | ||
| with: | ||
| name: falco-${{ inputs.version }}-${{ inputs.arch }}-debug.tar.gz | ||
| path: | | ||
| ${{ github.workspace }}/build/falco-*.tar.gz | ||
| build-packages-sanitizers: | ||
| # See https://github.com/actions/runner/issues/409#issuecomment-1158849936 | ||
| runs-on: ${{ (inputs.arch == 'aarch64' && 'oracle-aarch64-4cpu-16gb') || 'ubuntu-latest' }} | ||
| if: ${{ inputs.enable_sanitizers == true }} | ||
| needs: [build-modern-bpf-skeleton] | ||
| steps: | ||
| # Always install deps before invoking checkout action, to properly perform a full clone. | ||
| - name: Install build deps | ||
| run: | | ||
| sudo apt update && sudo apt install -y --no-install-recommends ca-certificates cmake curl wget build-essential git pkg-config autoconf automake libtool m4 rpm | ||
| - name: Checkout | ||
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| - name: Download skeleton | ||
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | ||
| with: | ||
| name: bpf_probe_${{ inputs.arch }}.skel.h | ||
| path: /tmp | ||
| - name: Prepare project | ||
| # Jemalloc and ASAN don't play very well together. | ||
| run: | | ||
| cmake -B build -S . \ | ||
| -DCMAKE_BUILD_TYPE=Debug \ | ||
| -DUSE_BUNDLED_DEPS=On \ | ||
| -DFALCO_ETC_DIR=/etc/falco \ | ||
| -DMODERN_BPF_SKEL_DIR=/tmp \ | ||
| -DBUILD_DRIVER=Off \ | ||
| -DBUILD_BPF=Off \ | ||
| -DUSE_JEMALLOC=Off \ | ||
| -DUSE_ASAN=On \ | ||
| -DFALCO_VERSION=${{ inputs.version }} | ||
| - name: Build project | ||
| run: | | ||
| cmake --build build --target falco -j6 | ||
| - name: Build packages | ||
| run: | | ||
| cmake --build build --target package | ||
| - name: Upload Falco tar.gz package | ||
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | ||
| with: | ||
| name: falco-${{ inputs.version }}-${{ inputs.arch }}-sanitizers.tar.gz | ||
| path: | | ||
| ${{ github.workspace }}/build/falco-*.tar.gz | ||
| build-musl-package: | ||
| # x86_64 only for now | ||
| if: ${{ inputs.arch == 'x86_64' }} | ||
| runs-on: ubuntu-latest | ||
| container: alpine:3.17 | ||
| steps: | ||
| # Always install deps before invoking checkout action, to properly perform a full clone. | ||
| - name: Install build dependencies | ||
| run: | | ||
| apk add g++ gcc cmake make git bash perl linux-headers autoconf automake m4 libtool elfutils-dev libelf-static patch binutils clang llvm | ||
| git clone https://github.com/libbpf/bpftool.git --branch v7.3.0 --single-branch | ||
| cd bpftool | ||
| git submodule update --init | ||
| cd src && make install | ||
| - name: Checkout | ||
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Prepare project | ||
| run: | | ||
| cmake -B build -S . \ | ||
| -DCMAKE_BUILD_TYPE=Release \ | ||
| -DCPACK_GENERATOR=TGZ \ | ||
| -DBUILD_BPF=Off -DBUILD_DRIVER=Off \ | ||
| -DUSE_JEMALLOC=On \ | ||
| -DUSE_BUNDLED_DEPS=On \ | ||
| -DMUSL_OPTIMIZED_BUILD=On \ | ||
| -DFALCO_ETC_DIR=/etc/falco \ | ||
| -DFALCO_VERSION=${{ inputs.version }} | ||
| - name: Build project | ||
| run: | | ||
| cmake --build build -j6 | ||
| - name: Build packages | ||
| run: | | ||
| cmake --build build -j6 --target package | ||
| - name: Rename static package | ||
| run: | | ||
| cd build | ||
| mv falco-${{ inputs.version }}-x86_64.tar.gz falco-${{ inputs.version }}-static-x86_64.tar.gz | ||
| - name: Upload Falco static package | ||
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | ||
| with: | ||
| name: falco-${{ inputs.version }}-static-x86_64.tar.gz | ||
| path: | | ||
| ${{ github.workspace }}/build/falco-${{ inputs.version }}-static-x86_64.tar.gz | ||
| build-wasm-package: | ||
| if: ${{ inputs.arch == 'x86_64' }} | ||
| runs-on: ubuntu-22.04 | ||
| steps: | ||
| # Always install deps before invoking checkout action, to properly perform a full clone. | ||
| - name: Install build dependencies | ||
| run: | | ||
| sudo apt update | ||
| sudo DEBIAN_FRONTEND=noninteractive apt install cmake build-essential git emscripten -y | ||
| - name: Select node version | ||
| uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 | ||
| with: | ||
| node-version: 14 | ||
| - name: Checkout | ||
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Prepare project | ||
| run: | | ||
| emcmake cmake -B build -S . \ | ||
| -DCMAKE_BUILD_TYPE=Release \ | ||
| -DUSE_BUNDLED_DEPS=On \ | ||
| -DFALCO_ETC_DIR=/etc/falco \ | ||
| -DBUILD_FALCO_UNIT_TESTS=On \ | ||
| -DFALCO_VERSION=${{ inputs.version }} | ||
| - name: Build project | ||
| run: | | ||
| cd build | ||
| emmake make -j6 all | ||
| - name: Run unit Tests | ||
| run: | | ||
| cd build | ||
| node ./unit_tests/falco_unit_tests.js | ||
| - name: Build packages | ||
| run: | | ||
| cd build | ||
| emmake make -j6 package | ||
| - name: Upload Falco WASM package | ||
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | ||
| with: | ||
| name: falco-${{ inputs.version }}-wasm.tar.gz | ||
| path: | | ||
| ${{ github.workspace }}/build/falco-${{ inputs.version }}-wasm.tar.gz | ||
| build-win32-package: | ||
| if: ${{ inputs.arch == 'x86_64' }} | ||
| runs-on: windows-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| with: | ||
| fetch-depth: 0 | ||
| # NOTE: Backslash doesn't work as line continuation on Windows. | ||
| - name: Prepare project | ||
| run: | | ||
| cmake -B build -S . -DCMAKE_BUILD_TYPE=Release -DMINIMAL_BUILD=On -DUSE_BUNDLED_DEPS=On -DBUILD_FALCO_UNIT_TESTS=On -DFALCO_VERSION=${{ inputs.version }} | ||
| - name: Build project | ||
| run: | | ||
| cmake --build build --target package --config Release | ||
| - name: Run unit Tests | ||
| run: | | ||
| build/unit_tests/Release/falco_unit_tests.exe | ||
| - name: Upload Falco win32 installer | ||
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | ||
| with: | ||
| name: falco-installer-Release-win32.exe | ||
| path: build/falco-*.exe | ||
| - name: Upload Falco win32 package | ||
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | ||
| with: | ||
| name: falco-Release-win32.exe | ||
| path: | | ||
| ${{ github.workspace }}/build/userspace/falco/Release/falco.exe | ||
| build-macos-package: | ||
| if: ${{ inputs.arch == 'x86_64' }} | ||
| runs-on: macos-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Prepare project | ||
| run: | | ||
| cmake -B build -S . \ | ||
| -DMINIMAL_BUILD=On -DUSE_BUNDLED_DEPS=On -DBUILD_FALCO_UNIT_TESTS=On -DFALCO_VERSION=${{ inputs.version }} | ||
| - name: Build project | ||
| run: | | ||
| cmake --build build --target package | ||
| - name: Run unit Tests | ||
| run: | | ||
| sudo build/unit_tests/falco_unit_tests | ||
| - name: Upload Falco macos package | ||
| uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | ||
| with: | ||
| name: falco-${{ inputs.version }}-macos | ||
| path: | | ||
| ${{ github.workspace }}/build/userspace/falco/falco | ||
