diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000..0719d1ef40 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,5 @@ +* +** +!collector/ +!falcosecurity-libs/ +!CMakeLists.txt diff --git a/Makefile b/Makefile index d2e3c6a0d2..ecea0cee7a 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,9 @@ NPROCS ?= $(shell nproc) DEV_SSH_SERVER_KEY ?= $(CURDIR)/.collector_dev_ssh_host_ed25519_key BUILD_BUILDER_IMAGE ?= false +DOCKERFILE = collector/container/Dockerfile +BUILD_TYPE = rhel + export COLLECTOR_VERSION := $(COLLECTOR_TAG) .PHONY: tag @@ -18,7 +21,7 @@ builder-tag: .PHONY: container-dockerfile-dev container-dockerfile-dev: - sed '1s/ubi-minimal/ubi/' $(CURDIR)/collector/container/Dockerfile > \ + sed 's/ubi-minimal/ubi/' $(CURDIR)/collector/container/Dockerfile > \ $(CURDIR)/collector/container/Dockerfile.dev .PHONY: builder @@ -41,22 +44,24 @@ connscrape: unittest: make -C collector unittest -image: collector unittest +image: make -C collector txt-files docker buildx build --load --platform ${PLATFORM} \ + --build-arg BUILD_TYPE="$(BUILD_TYPE)" \ + --build-arg CMAKE_BUILD_TYPE="$(CMAKE_BUILD_TYPE)" \ + --build-arg USE_VALGRIND="$(USE_VALGRIND)" \ + --build-arg ADDRESS_SANITIZER="$(ADDRESS_SANITIZER)" \ + --build-arg TRACE_SINSP_EVENTS="$(TRACE_SINSP_EVENTS)" \ + --build-arg BPF_DEBUG_MODE="$(BPF_DEBUG_MODE)" \ --build-arg COLLECTOR_VERSION="$(COLLECTOR_TAG)" \ - -f collector/container/Dockerfile \ + --build-arg BUILDER_TAG="$(COLLECTOR_BUILDER_TAG)" \ + -f "$(DOCKERFILE)" \ -t quay.io/stackrox-io/collector:$(COLLECTOR_TAG) \ $(COLLECTOR_BUILD_CONTEXT) -image-dev: collector unittest container-dockerfile-dev - make -C collector txt-files - docker buildx build --load --platform ${PLATFORM} \ - --build-arg COLLECTOR_VERSION="$(COLLECTOR_TAG)" \ - --build-arg BUILD_TYPE=devel \ - -f collector/container/Dockerfile.dev \ - -t quay.io/stackrox-io/collector:$(COLLECTOR_TAG) \ - $(COLLECTOR_BUILD_CONTEXT) +image-dev: DOCKERFILE = collector/container/Dockerfile.dev +image-dev: BUILD_TYPE = devel +image-dev: container-dockerfile-dev image .PHONY: integration-tests-report integration-tests-report: diff --git a/Makefile-constants.mk b/Makefile-constants.mk index b4b4ebd83a..057ef50b98 100644 --- a/Makefile-constants.mk +++ b/Makefile-constants.mk @@ -17,5 +17,5 @@ TRACE_SINSP_EVENTS ?= false DISABLE_PROFILING ?= false BPF_DEBUG_MODE ?= false -COLLECTOR_BUILD_CONTEXT = collector/ +COLLECTOR_BUILD_CONTEXT = $(CURDIR) COLLECTOR_BUILDER_NAME ?= collector_builder_$(HOST_ARCH) diff --git a/ansible/ci-build-builder.yml b/ansible/ci-build-builder.yml index d91284aaee..5c720039f5 100644 --- a/ansible/ci-build-builder.yml +++ b/ansible/ci-build-builder.yml @@ -1,5 +1,5 @@ --- -- name: Build and push collector image +- name: Build and push collector-builder image hosts: "{{ build_hosts | default('all') }}" environment: diff --git a/ansible/ci-build-collector.yml b/ansible/ci-build-collector.yml index 960eb4d8f2..34b9d64e5f 100644 --- a/ansible/ci-build-collector.yml +++ b/ansible/ci-build-collector.yml @@ -27,11 +27,6 @@ recursive: true when: arch == "s390x" - - name: Run the builder image - community.general.make: - chdir: "{{ ansible_env.GITHUB_WORKSPACE | default(collector_root) }}" - target: start-builder - - name: Build the collector image community.general.make: chdir: "{{ ansible_env.GITHUB_WORKSPACE | default(collector_root) }}" diff --git a/collector/Makefile b/collector/Makefile index 0295a8d26d..dc3daec568 100644 --- a/collector/Makefile +++ b/collector/Makefile @@ -5,45 +5,10 @@ NPROCS ?= $(shell nproc) CMAKE_BASE_DIR = cmake-build CMAKE_DIR= $(BASE_PATH)/$(CMAKE_BASE_DIR) -COLLECTOR_BIN_DIR = $(CMAKE_DIR)/collector -LIBSINSP_BIN_DIR = $(CMAKE_DIR)/collector/EXCLUDE_FROM_DEFAULT_BUILD/libsinsp SRC_MOUNT_DIR = /tmp/collector -HDRS := $(wildcard lib/*.h) $(shell find $(BASE_PATH)/falcosecurity-libs/userspace -name '*.h') - -SRCS := $(wildcard lib/*.cpp) collector.cpp - -COLLECTOR_BUILD_DEPS := $(HDRS) $(SRCS) $(shell find $(BASE_PATH)/falcosecurity-libs -name '*.h' -o -name '*.cpp' -o -name '*.c') - .SUFFIXES: -cmake-configure/collector: - docker exec $(COLLECTOR_BUILDER_NAME) \ - cmake -S $(BASE_PATH) -B $(CMAKE_DIR) \ - -DCMAKE_BUILD_TYPE=$(CMAKE_BUILD_TYPE) \ - -DDISABLE_PROFILING=$(DISABLE_PROFILING) \ - -DUSE_VALGRIND=$(USE_VALGRIND) \ - -DADDRESS_SANITIZER=$(ADDRESS_SANITIZER) \ - -DTRACE_SINSP_EVENTS=$(TRACE_SINSP_EVENTS) \ - -DBPF_DEBUG_MODE=$(BPF_DEBUG_MODE) \ - -DCOLLECTOR_VERSION=$(COLLECTOR_VERSION) - -cmake-build/collector: cmake-configure/collector $(COLLECTOR_BUILD_DEPS) - docker exec $(COLLECTOR_BUILDER_NAME) \ - cmake --build $(CMAKE_DIR) -- -j $(NPROCS) - docker exec $(COLLECTOR_BUILDER_NAME) \ - bash -c "[ $(CMAKE_BUILD_TYPE) == Release ] && strip --strip-unneeded $(COLLECTOR_BIN_DIR)/collector || exit 0" - -container/bin/collector: cmake-build/collector - mkdir -p container/bin - cp "$(COLLECTOR_BIN_DIR)/collector" container/bin/collector - cp "$(COLLECTOR_BIN_DIR)/self-checks" container/bin/self-checks - -.PHONY: collector -collector: container/bin/collector txt-files - mkdir -p container/libs - docker cp $(COLLECTOR_BUILDER_NAME):/THIRD_PARTY_NOTICES/ container/ - .PHONY: build-connscrape-test build-connscrape-test: docker build -f $(CURDIR)/connscrape-test/Dockerfile -t connscrape-test $(CURDIR)/connscrape-test @@ -54,7 +19,7 @@ connscrape: build-connscrape-test -v "$(BASE_PATH):$(SRC_MOUNT_DIR)" \ connscrape-test "$(SRC_MOUNT_DIR)/collector/connscrape-test/connscrape-test.sh" -unittest: collector +unittest: docker exec $(COLLECTOR_BUILDER_NAME) \ ctest -V --test-dir $(CMAKE_DIR) diff --git a/collector/container/Dockerfile b/collector/container/Dockerfile index e133ef0d22..70cbb91a5e 100644 --- a/collector/container/Dockerfile +++ b/collector/container/Dockerfile @@ -1,3 +1,39 @@ +ARG BUILDER_TAG=master +FROM quay.io/stackrox-io/collector-builder:${BUILDER_TAG} AS builder + +ARG CMAKE_BUILD_TYPE=Release +ARG USE_VALGRIND=false +ARG ADDRESS_SANITIZER=false +ARG TRACE_SINSP_EVENTS=false +ARG COLLECTOR_VERSION=0.0.0 +ARG BPF_DEBUG_MODE=false + +COPY . /collector-src +WORKDIR /collector-src + +RUN --mount=type=cache,target=/collector-src/build \ + if [[ "$(uname -m)" == "x86_64" ]]; \ + then DISABLE_PROFILING="OFF"; \ + else DISABLE_PROFILING="ON"; \ + fi ; \ + cmake -S . -B build/ \ + -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} \ + -DDISABLE_PROFILING=${DISABLE_PROFILING} \ + -DUSE_VALGRIND=${USE_VALGRIND} \ + -DADDRESS_SANITIZER=${ADDRESS_SANITIZER} \ + -DCOLLECTOR_VERSION=${COLLECTOR_VERSION} \ + -DBPF_DEBUG_MODE=${BPF_DEBUG_MODE} \ + -DTRACE_SINSP_EVENTS=${TRACE_SINSP_EVENTS} && \ + cmake --build build/ -- -j$(nproc) && \ + ctest -V --test-dir build && \ + # podman does not bake cache mounts into the final image, so + # we need to move the required binaries out of it. + if [[ "${CMAKE_BUILD_TYPE}" == "Release" ]]; \ + then strip -v --strip-unneeded -o /tmp/collector build/collector/collector; \ + else cp build/collector/collector /tmp/; \ + fi ; \ + cp build/collector/self-checks /tmp/ + FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3 ARG BUILD_TYPE=rhel @@ -16,17 +52,17 @@ LABEL name="collector" \ WORKDIR / -COPY container/${BUILD_TYPE}/install.sh / +COPY collector/container/${BUILD_TYPE}/install.sh / RUN ./install.sh && rm -f install.sh # Uncomment this line to enable generation of core for collector # RUN echo '/core/core.%e.%p.%t' > /proc/sys/kernel/core_pattern -COPY container/THIRD_PARTY_NOTICES/ /THIRD_PARTY_NOTICES/ -COPY kernel-modules /kernel-modules -COPY container/bin/collector /usr/local/bin/ -COPY container/bin/self-checks /usr/local/bin/self-checks -COPY container/status-check.sh /usr/local/bin/status-check.sh +COPY --from=builder /THIRD_PARTY_NOTICES/ /THIRD_PARTY_NOTICES/ +COPY collector/kernel-modules /kernel-modules +COPY --from=builder /tmp/collector /usr/local/bin/ +COPY --from=builder /tmp/self-checks /usr/local/bin/self-checks +COPY collector/container/status-check.sh /usr/local/bin/status-check.sh EXPOSE 8080 9090