wip: Fix cilium-agent image

Signed-off-by: Daichi Sakaue <[email protected]>
cybozu · Dec 11, 2024 · 5da1554 · 5da1554
1 parent 0364dcc
commit 5da1554
Show file tree

Hide file tree

Showing 4 changed files with 79 additions and 36 deletions.
diff --git a/.github/actions/build_cilium-agent/action.yaml b/.github/actions/build_cilium-agent/action.yaml
@@ -30,32 +30,42 @@ runs:
         github_token: ${{ inputs.github_token }}
         request-scan: "true"
 
-    - name: Build Cilium Envoy
+    - name: Build Cilium image tools
       if: ${{ steps.prepare.outputs.build }}
-      uses: ./.github/actions/build_cilium-envoy
+      uses: ./.github/actions/build_cilium-image-tools
       with:
         github_token: ${{ inputs.github_token }}
-        cilium-proxy_version: ${{ inputs.cilium-proxy_version }}
+        image-tools_version: ${{ inputs.image-tools_version }}
 
-    - name: Build Cilium image tools
+    - name: Build Cilium Envoy
       if: ${{ steps.prepare.outputs.build }}
-      uses: ./.github/actions/build_cilium-image-tools
+      uses: ./.github/actions/build_cilium-envoy
       with:
         github_token: ${{ inputs.github_token }}
-        image-tools_version: ${{ inputs.image-tools_version }}
+        cilium-proxy_version: ${{ inputs.cilium-proxy_version }}
 
     - name: Build cilium-agent image and push
       if: ${{ steps.prepare.outputs.build }}
       uses: docker/build-push-action@v5
       with:
         context: cilium
+        load: true
         platforms: "linux/amd64"
         provenance: false
         push: ${{ steps.prepare.outputs.docker_push }}
         tags: |
           ${{ steps.prepare.outputs.tag }}
           ${{ steps.prepare.outputs.branch }}
 
+    - name: Test images
+      if: ${{ steps.prepare.outputs.build }}
+      shell: bash
+      run: |
+        docker run --rm --entrypoint bash ${{ steps.prepare.outputs.tag }} -c 'bpftool version'
+        docker run --rm --entrypoint bash ${{ steps.prepare.outputs.tag }} -c 'clang --version'
+        docker run --rm --entrypoint bash ${{ steps.prepare.outputs.tag }} -c 'ip -V'
+        docker run --rm --entrypoint bash ${{ steps.prepare.outputs.tag }} -c 'ss -V'
+
     - name: Scan images
       if: ${{ steps.prepare.outputs.scan }}
       uses: ./.github/actions/trivy_scan

diff --git a/.github/actions/build_cilium-image-tools/action.yaml b/.github/actions/build_cilium-image-tools/action.yaml
@@ -12,31 +12,11 @@ runs:
     env:
       DEBIAN_FRONTEND: noninteractive
     run: |
-      sudo apt-get update
+      sudo apt-get -q update
       sudo ln -fs /usr/share/zoneinfo/UTC /etc/localtime
-      sudo apt-get install -y --no-install-recommends \
-        automake \
-        binutils \
-        bison \
-        build-essential \
-        ca-certificates \
-        cmake \
-        curl \
-        flex \
-        g++ \
-        gcc-9 \
-        git \
-        libelf-dev \
-        libmnl-dev \
-        libtool \
-        make \
-        ninja-build \
-        pkg-config \
+      sudo apt-get -q install -y --no-install-recommends \
         python2 \
-        python3 \
-        python3-pip \
-        llvm \
-        unzip
+        llvm
       sudo update-alternatives --install /usr/bin/python python /usr/bin/python2 1
       sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 2
 
@@ -47,14 +27,41 @@ runs:
       curl -sSLf https://github.com/cilium/image-tools/archive/${{ inputs.image-tools_version }}.tar.gz | \
         tar zxf - --strip-components 1 -C cilium/src/image-tools
 
+  - name: Build llvm image
+    uses: docker/build-push-action@v5
+    with:
+      context: cilium
+      load: true
+      platforms: "linux/amd64"
+      provenance: false
+      push: false
+      tags: cilium-llvm:dev
+      target: cilium-llvm
+
+  - name: Install dependencies
+    shell: bash
+    working-directory: cilium/src/image-tools/images/compilers
+    run: |
+      # https://github.com/cilium/image-tools/blob/master/images/compilers/install-deps.sh
+      PACKAGES_FROM=$(grep -n packages= install-deps.sh | cut -d: -f1 | jq '. + 1')
+      PACKAGES_TO=$(grep -n ')' install-deps.sh | cut -d: -f1 | jq -n "[inputs | select(. >= ${PACKAGES_FROM})] | min - 1")
+      PACKAGES=$(cat install-deps.sh | sed -n ${PACKAGES_FROM},${PACKAGES_TO}p | awk '{ print $1 }' | grep -v arm64 | tr '\n' ' ')
+      sudo apt-get -q install -y --no-install-recommends ${PACKAGES}
+
+      PACKAGES_FROM=$(grep -n packages_amd64= install-deps.sh | cut -d: -f1 | jq '. + 1')
+      PACKAGES_TO=$(grep -n ')' install-deps.sh | cut -d: -f1 | jq -n "[inputs | select(. >= ${PACKAGES_FROM})] | min - 1")
+      PACKAGES=$(cat install-deps.sh | sed -n ${PACKAGES_FROM},${PACKAGES_TO}p | awk '{ print $1 }' | grep -v arm64 | tr '\n' ' ')
+      sudo apt-get -q install -y --no-install-recommends ${PACKAGES}
+
   - name: Build llvm
     shell: bash
     run: |
+      # https://github.com/cilium/image-tools/blob/master/images/llvm/checkout-llvm.sh
       WORKSPACE=$(pwd)/cilium/src/workspace
       cd cilium/src/image-tools
       sudo images/llvm/checkout-llvm.sh
       
-      # images/llvm/build-llvm-native.sh
+      # https://github.com/cilium/image-tools/blob/master/images/llvm/build-llvm-native.sh
       sudo mkdir -p /src/llvm/llvm/build-native
       cd /src/llvm/llvm/build-native
       sudo cmake .. -G "Ninja" \
@@ -77,7 +84,19 @@ runs:
   - name: Build bpftool
     shell: bash
     run: |
+      # https://github.com/libbpf/bpftool/tree/main?tab=readme-ov-file#build-bpftool
+      WORKSPACE=$(pwd)/cilium/src/workspace
       cd cilium/src/image-tools
       sudo images/bpftool/checkout-linux.sh
-      sudo images/bpftool/build-bpftool-native.sh
+      sudo bash -c 'echo ${PATH}'
+      sudo which clang
+      sudo clang --version
+      ldconfig -v 2>/dev/null || true
+      ls -al ${WORKSPACE}/bin
+      sudo bash -c "echo ${WORKSPACE}"
+      sudo bash -c "echo ${PATH}"
+      sudo bash -c "PATH=${WORKSPACE}/bin:${PATH} which clang"
+      sudo bash -c "PATH=${WORKSPACE}/bin:${PATH} clang --version"
+      sudo bash -c "PATH=${WORKSPACE}/bin:${PATH} EXTRA_CFLAGS=-v images/bpftool/build-bpftool-native.sh"
+      ldd /out/linux/amd64/bin/bpftool
       sudo mv /out/linux/amd64/bin/bpftool ../workspace/usr/local/bin/
diff --git a/cilium/Dockerfile b/cilium/Dockerfile
@@ -1,9 +1,23 @@
-ARG GOLANG_IMAGE=ghcr.io/cybozu/golang:1.22-jammy
-ARG UBUNTU_IMAGE=ghcr.io/cybozu/ubuntu:22.04
+ARG GOLANG_IMAGE=ghcr.io/cybozu/golang:1.23-jammy
+ARG UBUNTU_IMAGE=ghcr.io/cybozu/ubuntu:24.04
 ARG DESTDIR=/tmp/install/linux/amd64
 
+# https://github.com/cilium/image-tools/blob/master/images/compilers/Dockerfile
+FROM ${UBUNTU_IMAGE} AS cilium-compiler
+COPY src/image-tools/images/compilers/install-deps.sh /tmp/install-deps.sh
+
+RUN /tmp/install-deps.sh
+
+# https://github.com/cilium/image-tools/blob/master/images/llvm/Dockerfile
+FROM cilium-compiler AS cilium-llvm
+COPY src/image-tools/images/llvm/checkout-llvm.sh /tmp/checkout-llvm.sh
+COPY src/image-tools/images/llvm/build-llvm-native.sh /tmp/build-llvm-native.sh
+
+RUN /tmp/checkout-llvm.sh
+RUN /tmp/build-llvm-native.sh
+
 # Stage1: build common
-FROM ${GOLANG_IMAGE} as build-base
+FROM ${GOLANG_IMAGE} AS build-base
 ARG DESTDIR
 ENV DESTDIR=${DESTDIR}
 COPY TAG /
@@ -34,7 +48,7 @@ RUN mkdir -p ${DESTDIR} \
     && images/cilium/download-hubble.sh
 
 
-FROM build-base as builder
+FROM build-base AS builder
 COPY src/workspace/bin/llvm-objcopy /bin/
 COPY src/workspace/bin/clang src/workspace/bin/llc /bin/
 WORKDIR /go/src/github.com/cilium/cilium

diff --git a/cilium/TAG b/cilium/TAG
@@ -1 +1 @@
-1.15.11.1-rc.1
+1.15.11.1-rc.2