diff --git a/.circleci/config.yml b/.circleci/config.yml index ecf4bf352..a5f764f61 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,10 +2,48 @@ version: 2.1 executors: default: docker: - - image: circleci/golang:1.16.0 - docker-build: - docker: - - image: docker:stable + - image: cimg/go:1.16.11 + +install_buildx: &install_buildx + name: Install Docker buildx + command: | + mkdir -p ~/.docker/cli-plugins + curl -sSL -o ~/.docker/cli-plugins/docker-buildx https://github.com/docker/buildx/releases/download/v0.7.0/buildx-v0.7.0.linux-amd64 + chmod a+x ~/.docker/cli-plugins/docker-buildx + +setup_docker_multiarch: &setup_docker_multiarch + name: Create Docker context + command: | + docker context create falco-environment + docker buildx install + docker run --rm --privileged tonistiigi/binfmt:latest --install "$BUILDX_PLATFORMS" + docker buildx create --name docker-multiarch falco-environment \ + --platform linux/amd64,linux/arm/v7,linux/arm64 + docker buildx inspect --builder docker-multiarch --bootstrap + docker buildx use docker-multiarch + +install_goreleaser: &install_goreleaser + name: Install goreleaser + command: | + GORELEASER_URL="https://github.com/goreleaser/goreleaser/releases/download/v1.1.0/goreleaser_Linux_x86_64.tar.gz" + + curl --output goreleaser_Linux_x86_64.tar.gz \ + --silent --show-error --location --fail --retry 3 \ + "$GORELEASER_URL" + + sudo mkdir -p /usr/local/goreleaser + sudo tar -C /usr/local/goreleaser -xzf goreleaser_Linux_x86_64.tar.gz + export PATH=$PATH:/usr/local/goreleaser + goreleaser --version + +install_awscli: &install_awscli + name: Install pre-requisites + command: | + DIR=$(mktemp -d) && pushd $DIR + curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" + unzip awscliv2.zip + ./aws/install -i $HOME/.local/aws-cli -b $HOME/.local/bin + popd && rm -r $DIR jobs: lint: @@ -25,10 +63,22 @@ jobs: build-image: executor: name: default + environment: + DOCKER_BUILDKIT: 1 + BUILDX_PLATFORMS: linux/amd64,linux/arm64,linux/arm/v7 + DOCKER_CLI_EXPERIMENTAL: "enabled" steps: - checkout - setup_remote_docker - - run: make build-image + - run: *install_buildx + - run: *setup_docker_multiarch + - run: *install_goreleaser + - run: + command: | + export PATH=$PATH:/usr/local/goreleaser + goreleaser --snapshot --rm-dist + docker images + docker run falcosecurity/falcosidekick:latest-amd64 --help build-push-main: executor: @@ -36,59 +86,73 @@ jobs: steps: - checkout - setup_remote_docker - - run: make build-image + - run: *install_buildx + - run: *setup_docker_multiarch + - run: *install_goreleaser + - run: + command: | + export PATH=$PATH:/usr/local/goreleaser + goreleaser --snapshot --rm-dist + docker run falcosecurity/falcosidekick:latest-amd64 --help - run: command: | echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin - docker push falcosecurity/falcosidekick:latest + docker push falcosecurity/falcosidekick:latest-amd64 + docker push falcosecurity/falcosidekick:latest-arm64 + docker push falcosecurity/falcosidekick:latest-armv7 + docker manifest create --amend falcosecurity/falcosidekick:latest falcosecurity/falcosidekick:latest-amd64 \ + falcosecurity/falcosidekick:latest-arm64 falcosecurity/falcosidekick:latest-armv7 + docker manifest push --purge falcosecurity/falcosidekick:latest build-push-ecr: executor: - name: docker-build + name: default steps: - checkout - setup_remote_docker + - run: *install_buildx + - run: *setup_docker_multiarch + - run: *install_goreleaser + - run: *install_awscli - run: command: | - apk update - apk add --update make bash - make build-image - - run: - command: | - docker tag falcosecurity/falcosidekick:latest \ - public.ecr.aws/falcosecurity/falcosidekick:latest + export PATH=$PATH:/usr/local/goreleaser + goreleaser --snapshot --rm-dist + docker run public.ecr.aws/falcosecurity/falcosidekick:latest-amd64 --help - run: command: | - apk update - apk add --update groff less py-pip - pip install awscli aws ecr-public get-login-password --region us-east-1 | \ docker login --username AWS --password-stdin public.ecr.aws/falcosecurity - docker push public.ecr.aws/falcosecurity/falcosidekick:latest + docker push public.ecr.aws/falcosecurity/falcosidekick:latest-amd64 + docker push public.ecr.aws/falcosecurity/falcosidekick:latest-arm64 + docker push public.ecr.aws/falcosecurity/falcosidekick:latest-armv7 + docker manifest create --amend public.ecr.aws/falcosecurity/falcosidekick:latest public.ecr.aws/falcosecurity/falcosidekick:latest-amd64 \ + public.ecr.aws/falcosecurity/falcosidekick:latest-arm64 public.ecr.aws/falcosecurity/falcosidekick:latest-armv7 + docker manifest push --purge public.ecr.aws/falcosecurity/falcosidekick:latest release: executor: name: default + environment: + DOCKER_BUILDKIT: 1 + BUILDX_PLATFORMS: linux/amd64,linux/arm64,linux/arm/v7 + DOCKER_CLI_EXPERIMENTAL: "enabled" steps: - - checkout - - setup_remote_docker - - run: - name: Install pre-requisites - command: | - DIR=$(mktemp -d) && pushd $DIR - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - unzip awscliv2.zip - ./aws/install -i $HOME/.local/aws-cli -b $HOME/.local/bin - popd && rm -r $DIR - - run: - name: Prepare env - command: | - echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin - aws ecr-public get-login-password --region us-east-1 | \ - docker login --username AWS --password-stdin public.ecr.aws/falcosecurity - - run: - name: Release - command: curl -sL https://git.io/goreleaser | bash + - checkout + - setup_remote_docker + - run: *install_buildx + - run: *setup_docker_multiarch + - run: *install_goreleaser + - run: *install_awscli + - run: + name: Login Registries + command: | + echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin + aws ecr-public get-login-password --region us-east-1 | \ + docker login --username AWS --password-stdin public.ecr.aws/falcosecurity + - run: + name: Release + command: goreleaser release --rm-dist workflows: main: diff --git a/.goreleaser.yml b/.goreleaser.yml index 08a055e05..19a8595fb 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -1,46 +1,112 @@ project_name: falcosidekick + +snapshot: + name_template: 'latest' + +checksum: + name_template: 'checksums.txt' + builds: - id: "falcosidekick" goos: - - linux + - linux goarch: - - amd64 + - amd64 + - arm64 + - arm + goarm: + - '7' asmflags: - all=-trimpath={{.Env.GOPATH}} gcflags: - all=-trimpath={{.Env.GOPATH}} env: - CGO_ENABLED=0 + flags: + - -trimpath binary: falcosidekick dockers: - goos: linux goarch: amd64 dockerfile: Dockerfile + use: buildx + image_templates: + - "falcosecurity/falcosidekick:stable-amd64" + - "falcosecurity/falcosidekick:{{ .Version }}-amd64" + - "public.ecr.aws/falcosecurity/falcosidekick:stable-amd64" + - "public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}-amd64" + build_flag_templates: + - "--pull" + - "--label=org.opencontainers.image.created={{.Date}}" + - "--label=org.opencontainers.image.name={{.ProjectName}}" + - "--label=org.opencontainers.image.revision={{.FullCommit}}" + - "--label=org.opencontainers.image.version={{.Version}}" + - "--platform=linux/amd64" + extra_files: + - LICENSE + + - goos: linux + goarch: arm64 + dockerfile: Dockerfile + use: buildx + image_templates: + - "falcosecurity/falcosidekick:stable-arm64" + - "falcosecurity/falcosidekick:{{ .Version }}-arm64" + - "public.ecr.aws/falcosecurity/falcosidekick:stable-arm64" + - "public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}-arm64" + build_flag_templates: + - "--pull" + - "--label=org.opencontainers.image.created={{.Date}}" + - "--label=org.opencontainers.image.name={{.ProjectName}}" + - "--label=org.opencontainers.image.revision={{.FullCommit}}" + - "--label=org.opencontainers.image.version={{.Version}}" + - "--platform=linux/arm64" + extra_files: + - LICENSE + + - goos: linux + goarch: arm + goarm: '7' + dockerfile: Dockerfile + use: buildx image_templates: - - "falcosecurity/falcosidekick:stable" - - "falcosecurity/falcosidekick:{{ .Version }}" - - "public.ecr.aws/falcosecurity/falcosidekick:stable" - - "public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}" + - "falcosecurity/falcosidekick:stable-armv7" + - "falcosecurity/falcosidekick:{{ .Version }}-armv7" + - "public.ecr.aws/falcosecurity/falcosidekick:stable-armv7" + - "public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}-armv7" build_flag_templates: - "--pull" - "--label=org.opencontainers.image.created={{.Date}}" - "--label=org.opencontainers.image.name={{.ProjectName}}" - "--label=org.opencontainers.image.revision={{.FullCommit}}" - "--label=org.opencontainers.image.version={{.Version}}" + - "--platform=linux/arm/v7" extra_files: - - outputs - - types - - config.go - - handlers.go - - main.go - - stats_prometheus.go - - stats.go - - go.mod - - go.sum - - Makefile - LICENSE +docker_manifests: +- name_template: 'falcosecurity/falcosidekick:stable' + image_templates: + - 'falcosecurity/falcosidekick:stable-amd64' + - 'falcosecurity/falcosidekick:stable-arm64' + - 'falcosecurity/falcosidekick:stable-armv7' +- name_template: 'falcosecurity/falcosidekick:{{ .Version }}' + image_templates: + - 'falcosecurity/falcosidekick:{{ .Version }}-amd64' + - 'falcosecurity/falcosidekick:{{ .Version }}-arm64' + - 'falcosecurity/falcosidekick:{{ .Version }}-armv7' +- name_template: 'public.ecr.aws/falcosecurity/falcosidekick:stable' + image_templates: + - 'public.ecr.aws/falcosecurity/falcosidekick:stable-amd64' + - 'public.ecr.aws/falcosecurity/falcosidekick:stable-arm64' + - 'public.ecr.aws/falcosecurity/falcosidekick:stable-armv7' +- name_template: 'public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}' + image_templates: + - 'public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}-amd64' + - 'public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}-arm64' + - 'public.ecr.aws/falcosecurity/falcosidekick:{{ .Version }}-armv7' + release: github: prerelease: auto diff --git a/Dockerfile b/Dockerfile index 5be8697ee..529ac538a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,4 @@ -ARG BUILDER_IMAGE=golang:1.16-buster ARG BASE_IMAGE=alpine:3.12 - -FROM ${BUILDER_IMAGE} AS build-stage - -ENV CGO_ENABLED=0 - -WORKDIR /src -COPY . . - -RUN go mod download -RUN make falcosidekick - # Final Docker image FROM ${BASE_IMAGE} AS final-stage LABEL MAINTAINER "Thomas Labarussias " @@ -24,8 +12,8 @@ RUN addgroup -S falcosidekick && adduser -u 1234 -S falcosidekick -G falcosideki USER 1234 WORKDIR ${HOME}/app -COPY --from=build-stage /src/LICENSE . -COPY --from=build-stage /src/falcosidekick . +COPY LICENSE . +COPY falcosidekick . EXPOSE 2801 diff --git a/Makefile b/Makefile index 7caf8f2ff..bbbf0a66b 100644 --- a/Makefile +++ b/Makefile @@ -34,8 +34,12 @@ GOLANGCI_LINT := $(TOOLS_BIN_DIR)/$(GOLANGCI_LINT_BIN)-$(GOLANGCI_LINT_VER) falcosidekick: $(GO) build -gcflags all=-trimpath=/src -asmflags all=-trimpath=/src -a -installsuffix cgo -o $@ . +.PHONY: falcosidekick-linux-amd64 +falcosidekick-linux-amd64: + GOOS=linux GOARCH=amd64 $(GO) build -gcflags all=-trimpath=/src -asmflags all=-trimpath=/src -a -installsuffix cgo -o falcosidekick . + .PHONY: build-image -build-image: +build-image: falcosidekick-linux-amd64 $(DOCKER) build . -t falcosecurity/falcosidekick:latest ## --------------------------------------