Merge pull request #1337 from bpfman/dependabot/cargo/production-depe… #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: bpfman-image-build | |
on: # yamllint disable-line rule:truthy | |
push: | |
branches: [main] | |
tags: | |
- v* | |
pull_request: | |
paths: | |
- .github/workflows/image-build.yml | |
- Containerfile.bpfman.multi.arch | |
- Containerfile.bytecode.multi.arch | |
- examples/**/container-deployment/Containerfile** | |
workflow_dispatch: | |
jobs: | |
# Build bpfman and store the bpfman CLI binary in artifacts for the | |
# "build-and-push-bytecode-images" step. It will be used to generate | |
# build args with the "bpfman image generate-build-args" command. | |
build-bpfman-for-build-arg-gen: | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Checkout bpfman | |
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # @v4 | |
- name: Build bpfman binary | |
run: cargo build -p bpfman --verbose | |
- name: archive bpfman binary | |
run: | | |
cd target/debug | |
tar -czvf bpfman.tar.gz bpfman | |
- name: Archive bpfman Binaries | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # @v4 | |
with: | |
name: bpfman-for-build-args | |
path: | | |
./target/debug/bpfman.tar.gz | |
# Build bpfman for each architecture and store the bpfman binaries in artifacts | |
# for the "build-and-push-userspace-images" step. The rust tool `cross` cannot be run in a | |
# container, so build the binaries locally, and the container build will just copy | |
# the files into the container. | |
build-bpfman-per-arch: | |
permissions: | |
contents: read | |
packages: write | |
id-token: write # needed for signing the images with GitHub OIDC Token | |
runs-on: ubuntu-24.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: | |
- arch: amd64 | |
rust-target: x86_64-unknown-linux-gnu | |
filename: linux-x86_64 | |
command: cargo | |
- arch: arm64 | |
rust-target: aarch64-unknown-linux-gnu | |
filename: linux-arm64 | |
command: cross | |
- arch: ppc64le | |
rust-target: powerpc64le-unknown-linux-gnu | |
filename: linux-ppc64le | |
command: cross | |
- arch: s390x | |
rust-target: s390x-unknown-linux-gnu | |
filename: linux-s390x | |
command: cross | |
name: Build bpfman (bpfman-${{ matrix.arch.arch }}) | |
steps: | |
- name: Checkout bpfman | |
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # @v4 | |
- name: Install rust toolchain - stable | |
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # @v1 | |
with: | |
toolchain: stable | |
override: true | |
target: ${{ matrix.arch.rust-target }} | |
# Only install cross if we need it | |
- name: Install Cross | |
if: ${{ matrix.arch.command == 'cross' }} | |
shell: bash | |
run: | | |
cargo install cross --git https://github.com/cross-rs/cross | |
# TODO: Is this needed? Quick glance this action is supposed to speed up rust builds | |
# with some caching, but not sure of the details. Need to run with it enabled | |
# and disabled and see if it speeds anything up or not. | |
# - uses: Swatinem/rust-cache@v2 | |
- name: Build Binary | |
run: | | |
${{ matrix.arch.command }} build --release --target ${{ matrix.arch.rust-target }} | |
- name: Package bpfman Binaries | |
run: | | |
cd target/${{ matrix.arch.rust-target }}/release | |
tar -czvf bpfman-build-${{ matrix.arch.filename }}.tar.gz bpfman bpfman-rpc bpfman-ns bpf-metrics-exporter bpf-log-exporter | |
- name: Archive bpfman Binaries | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # @v4 | |
with: | |
name: bpfman-build-${{ matrix.arch.filename }} | |
path: ./target/${{ matrix.arch.rust-target }}/release/bpfman-build-${{ matrix.arch.filename }}.tar.gz | |
# Build all the userspace images and push them to quay.io. This includes bpfman | |
# as well as the go-*-counter examples. | |
build-and-push-userspace-images: | |
needs: [build-bpfman-per-arch] | |
permissions: | |
contents: read | |
packages: write | |
id-token: write # needed for signing the images with GitHub OIDC Token | |
runs-on: ubuntu-24.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
image: | |
- registry: quay.io | |
repository: bpfman | |
image: bpfman | |
dockerfile: ./Containerfile.bpfman.multi.arch | |
context: . | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
repository: bpfman-userspace | |
image: go-xdp-counter | |
context: . | |
dockerfile: ./examples/go-xdp-counter/container-deployment/Containerfile.go-xdp-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
repository: bpfman-userspace | |
image: go-tc-counter | |
context: . | |
dockerfile: ./examples/go-tc-counter/container-deployment/Containerfile.go-tc-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
repository: bpfman-userspace | |
image: go-tcx-counter | |
context: . | |
dockerfile: ./examples/go-tcx-counter/container-deployment/Containerfile.go-tcx-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
# build_language: go - Not building locally, so don't install go tools | |
repository: bpfman-userspace | |
image: go-tracepoint-counter | |
context: . | |
dockerfile: ./examples/go-tracepoint-counter/container-deployment/Containerfile.go-tracepoint-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
repository: bpfman-userspace | |
image: go-kprobe-counter | |
context: . | |
dockerfile: ./examples/go-kprobe-counter/container-deployment/Containerfile.go-kprobe-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
repository: bpfman-userspace | |
image: go-uprobe-counter | |
context: . | |
dockerfile: ./examples/go-uprobe-counter/container-deployment/Containerfile.go-uprobe-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
repository: bpfman-userspace | |
image: go-uretprobe-counter | |
context: . | |
dockerfile: ./examples/go-uretprobe-counter/container-deployment/Containerfile.go-uretprobe-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
repository: bpfman-userspace | |
image: go-target | |
context: . | |
dockerfile: ./examples/go-target/container-deployment/Containerfile.go-target | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
repository: bpfman-userspace | |
image: go-app-counter | |
context: . | |
dockerfile: ./examples/go-app-counter/container-deployment/Containerfile.go-app-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
name: Build Image (${{ matrix.image.image }}) | |
steps: | |
- name: Checkout bpfman | |
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # @v4 | |
- name: Install cosign | |
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # @v3.7.0 | |
- name: Login to quay.io/bpfman | |
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # @v1 | |
if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && matrix.image.repository == 'bpfman'}} | |
with: | |
registry: ${{ matrix.image.registry }} | |
username: ${{ secrets.BPFMAN_USERNAME }} | |
password: ${{ secrets.BPFMAN_ROBOT_TOKEN }} | |
- name: Login to quay.io/bpfman-userspace | |
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # @v1 | |
if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && matrix.image.repository == 'bpfman-userspace'}} | |
with: | |
registry: ${{ matrix.image.registry }} | |
username: ${{ secrets.BPFMAN_USERSPACE_USERNAME }} | |
password: ${{ secrets.BPFMAN_USERSPACE_ROBOT_TOKEN }} | |
- name: Extract metadata (tags, labels) for image | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # @v5.5.1 | |
with: | |
images: ${{ matrix.image.registry }}/${{ matrix.image.repository }}/${{ matrix.image.image }} | |
tags: ${{ matrix.image.tags }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # @v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # @v3 | |
# bpfman ONLY | |
- name: Update .dockerignore to allow "target/" directory | |
if: ${{ matrix.image.image == 'bpfman'}} | |
run: | | |
sed -i '/target/d' ./.dockerignore | |
# bpfman ONLY | |
- name: Download built bpfman Binaries | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # @v4 | |
if: ${{ matrix.image.image == 'bpfman'}} | |
with: | |
pattern: bpfman-build-* | |
merge-multiple: true | |
# bpfman ONLY | |
- name: Unpack built bpfman binaries | |
if: ${{ matrix.image.image == 'bpfman'}} | |
run: | | |
mkdir -p target/x86_64-unknown-linux-gnu/release | |
tar -C target/x86_64-unknown-linux-gnu/release -xzvf bpfman-build-linux-x86_64.tar.gz | |
mkdir -p target/aarch64-unknown-linux-gnu/release | |
tar -C target/aarch64-unknown-linux-gnu/release -xzvf bpfman-build-linux-arm64.tar.gz | |
mkdir -p target/powerpc64le-unknown-linux-gnu/release | |
tar -C target/powerpc64le-unknown-linux-gnu/release -xzvf bpfman-build-linux-ppc64le.tar.gz | |
mkdir -p target/s390x-unknown-linux-gnu/release | |
tar -C target/s390x-unknown-linux-gnu/release -xzvf bpfman-build-linux-s390x.tar.gz | |
- name: Build and push | |
id: build-push-image | |
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # @v6 | |
with: | |
platforms: linux/amd64, linux/arm64, linux/ppc64le, linux/s390x | |
push: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
file: ${{ matrix.image.dockerfile }} | |
build-args: ${{ matrix.image.build_args }} | |
context: ${{ matrix.image.context }} | |
- name: Sign the images with GitHub OIDC Token | |
if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }} | |
run: | | |
readarray -t tags <<<"${{ steps.meta.outputs.tags }}" | |
for tag in ${tags[@]}; do | |
cosign sign -y "${tag}@${{ steps.build-push-image.outputs.digest }}" | |
done | |
# Build all the bytecode images and push them to quay.io. This includes the dispatchers | |
# for TC and XDP, all the go-*-counter examples and the bytecode images used by integration | |
# tests. | |
build-and-push-bytecode-images: | |
needs: [build-bpfman-for-build-arg-gen] | |
permissions: | |
contents: read | |
packages: write | |
id-token: write # needed for signing the images with GitHub OIDC Token | |
runs-on: ubuntu-24.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
image: | |
- registry: quay.io | |
build_language: go | |
bpf_build_wrapper: go | |
repository: bpfman-bytecode | |
image: go-xdp-counter | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./examples/go-xdp-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: go | |
bpf_build_wrapper: go | |
repository: bpfman-bytecode | |
image: go-tc-counter | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./examples/go-tc-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: go | |
bpf_build_wrapper: go | |
repository: bpfman-bytecode | |
image: go-tcx-counter | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./examples/go-tcx-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: go | |
bpf_build_wrapper: go | |
repository: bpfman-bytecode | |
image: go-tracepoint-counter | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./examples/go-tracepoint-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: go | |
bpf_build_wrapper: go | |
repository: bpfman-bytecode | |
image: go-kprobe-counter | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./examples/go-kprobe-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: go | |
bpf_build_wrapper: go | |
repository: bpfman-bytecode | |
image: go-uprobe-counter | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./examples/go-uprobe-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: go | |
bpf_build_wrapper: go | |
repository: bpfman-bytecode | |
image: go-uretprobe-counter | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./examples/go-uretprobe-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: go | |
bpf_build_wrapper: go | |
repository: bpfman-bytecode | |
image: go-app-counter | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./examples/go-app-counter | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: rust | |
bpf_build_wrapper: rust | |
repository: bpfman-bytecode | |
image: xdp_pass | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./tests/integration-test/bpf/.output/xdp_pass.bpf | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: rust | |
bpf_build_wrapper: rust | |
repository: bpfman-bytecode | |
image: xdp_pass_private | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./tests/integration-test/bpf/.output/xdp_pass.bpf | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: rust | |
bpf_build_wrapper: rust | |
repository: bpfman-bytecode | |
image: tc_pass | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./tests/integration-test/bpf/.output/tc_pass.bpf | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: rust | |
bpf_build_wrapper: rust | |
repository: bpfman-bytecode | |
image: tcx_test | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./tests/integration-test/bpf/.output/tcx_test.bpf | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: rust | |
bpf_build_wrapper: rust | |
repository: bpfman-bytecode | |
image: tracepoint | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./tests/integration-test/bpf/.output/tp_openat.bpf | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: rust | |
bpf_build_wrapper: rust | |
repository: bpfman-bytecode | |
image: uprobe | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./tests/integration-test/bpf/.output/uprobe.bpf | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: rust | |
bpf_build_wrapper: rust | |
repository: bpfman-bytecode | |
image: uretprobe | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./tests/integration-test/bpf/.output/uprobe.bpf | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: rust | |
bpf_build_wrapper: rust | |
repository: bpfman-bytecode | |
image: kprobe | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./tests/integration-test/bpf/.output/kprobe.bpf | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: rust | |
bpf_build_wrapper: rust | |
repository: bpfman-bytecode | |
image: kretprobe | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./tests/integration-test/bpf/.output/kprobe.bpf | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: rust | |
bpf_build_wrapper: rust | |
repository: bpfman-bytecode | |
image: fentry | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./tests/integration-test/bpf/.output/fentry.bpf | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: rust | |
bpf_build_wrapper: rust | |
repository: bpfman-bytecode | |
image: fexit | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./tests/integration-test/bpf/.output/fentry.bpf | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
# set latest tag for default branch | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: rust | |
bpf_build_wrapper: rust | |
repository: bpfman | |
image: xdp-dispatcher | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./.output/xdp_dispatcher_v2.bpf | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
type=raw,value=latest,enable={{is_default_branch}} | |
- registry: quay.io | |
build_language: rust | |
bpf_build_wrapper: rust | |
repository: bpfman | |
image: tc-dispatcher | |
context: . | |
dockerfile: ./Containerfile.bytecode.multi.arch | |
bytecode_dir: ./.output/tc_dispatcher.bpf | |
tags: | | |
type=ref,event=branch | |
type=ref,event=tag | |
type=ref,event=pr | |
type=sha,format=long | |
type=raw,value=latest,enable={{is_default_branch}} | |
name: Build eBPF Image (${{ matrix.image.image }}) | |
steps: | |
- name: Checkout bpfman | |
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # @v4 | |
- name: Install Golang | |
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # @v5 | |
if: ${{ matrix.image.build_language == 'go' }} | |
with: | |
# prettier-ignore | |
go-version: '1.22' # yamllint disable-line rule:quoted-strings | |
- name: Install cosign | |
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # @v3.7.0 | |
- name: Checkout libbpf | |
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # @v4 | |
if: ${{ matrix.image.bpf_build_wrapper == 'rust' }} | |
with: | |
repository: libbpf/libbpf | |
path: libbpf | |
- name: Install rust toolchain - stable | |
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # @v1 | |
if: ${{ matrix.image.build_language == 'rust' }} | |
with: | |
toolchain: stable | |
override: true | |
- name: Install libelf-dev | |
if: ${{ matrix.image.bpf_build_wrapper == 'rust' || matrix.image.bpf_build_wrapper == 'go' }} | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y linux-headers-`uname -r` clang lldb lld libelf-dev gcc-multilib libbpf-dev | |
- name: Build rust wrapped eBPF | |
if: ${{ matrix.image.bpf_build_wrapper == 'rust' }} | |
run: | | |
cargo xtask build-ebpf --libbpf-dir ./libbpf | |
- name: Generate go wrapped eBPF | |
if: ${{ matrix.image.bpf_build_wrapper == 'go' }} | |
run: | | |
cd examples && make generate | |
- name: Login to quay.io/bpfman | |
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # @v1 | |
if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && matrix.image.repository == 'bpfman'}} | |
with: | |
registry: ${{ matrix.image.registry }} | |
username: ${{ secrets.BPFMAN_USERNAME }} | |
password: ${{ secrets.BPFMAN_ROBOT_TOKEN }} | |
- name: Login to quay.io/bpfman-bytecode | |
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # @v1 | |
if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && matrix.image.repository == 'bpfman-bytecode' }} | |
with: | |
registry: ${{ matrix.image.registry }} | |
username: ${{ secrets.BPFMAN_BYTECODE_USERNAME }} | |
password: ${{ secrets.BPFMAN_BYTECODE_ROBOT_TOKEN }} | |
- name: Download bpfman binary | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # @v4 | |
with: | |
name: bpfman-for-build-args | |
- name: Unpack bpfman binary | |
run: | | |
tar -C /usr/local/bin -xzvf bpfman.tar.gz | |
- name: Extract metadata (tags, labels) for image | |
id: meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # @v5.5.1 | |
with: | |
images: ${{ matrix.image.registry }}/${{ matrix.image.repository }}/${{ matrix.image.image }} | |
tags: ${{ matrix.image.tags }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # @v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # @v3 | |
- name: Manually generate build args | |
id: build-tags | |
run: | | |
bytecode_data=$(bpfman image generate-build-args --cilium-ebpf-project ${{ matrix.image.bytecode_dir }}) | |
build_args="${bytecode_data}\n" | |
printf BUILD_ARGS="$build_args" >> $GITHUB_ENV | |
{ | |
echo 'BUILD_ARGS<<EOF' | |
printf "$build_args" | |
echo EOF | |
} >> "$GITHUB_ENV" | |
- name: Build and push | |
id: build-push-image | |
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # @v6 | |
with: | |
platforms: linux/amd64, linux/arm64, linux/ppc64le, linux/s390x | |
push: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
file: ${{ matrix.image.dockerfile }} | |
build-args: ${{ env.BUILD_ARGS }} | |
context: ${{ matrix.image.context }} | |
- name: Sign the images with GitHub OIDC Token | |
if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }} | |
run: | | |
readarray -t tags <<<"${{ steps.meta.outputs.tags }}" | |
for tag in ${tags[@]}; do | |
cosign sign -y "${tag}@${{ steps.build-push-image.outputs.digest }}" | |
done |