From 5da1554bd2bfbc9f688e5e122af1e51edfcac0db Mon Sep 17 00:00:00 2001 From: Daichi Sakaue Date: Thu, 5 Dec 2024 19:16:59 +0900 Subject: [PATCH] wip: Fix cilium-agent image Signed-off-by: Daichi Sakaue --- .../actions/build_cilium-agent/action.yaml | 22 ++++-- .../build_cilium-image-tools/action.yaml | 69 ++++++++++++------- cilium/Dockerfile | 22 ++++-- cilium/TAG | 2 +- 4 files changed, 79 insertions(+), 36 deletions(-) diff --git a/.github/actions/build_cilium-agent/action.yaml b/.github/actions/build_cilium-agent/action.yaml index e234739b3..9bce8b2d1 100644 --- a/.github/actions/build_cilium-agent/action.yaml +++ b/.github/actions/build_cilium-agent/action.yaml @@ -30,25 +30,26 @@ runs: github_token: ${{ inputs.github_token }} request-scan: "true" - - name: Build Cilium Envoy + - name: Build Cilium image tools if: ${{ steps.prepare.outputs.build }} - uses: ./.github/actions/build_cilium-envoy + uses: ./.github/actions/build_cilium-image-tools with: github_token: ${{ inputs.github_token }} - cilium-proxy_version: ${{ inputs.cilium-proxy_version }} + image-tools_version: ${{ inputs.image-tools_version }} - - name: Build Cilium image tools + - name: Build Cilium Envoy if: ${{ steps.prepare.outputs.build }} - uses: ./.github/actions/build_cilium-image-tools + uses: ./.github/actions/build_cilium-envoy with: github_token: ${{ inputs.github_token }} - image-tools_version: ${{ inputs.image-tools_version }} + cilium-proxy_version: ${{ inputs.cilium-proxy_version }} - name: Build cilium-agent image and push if: ${{ steps.prepare.outputs.build }} uses: docker/build-push-action@v5 with: context: cilium + load: true platforms: "linux/amd64" provenance: false push: ${{ steps.prepare.outputs.docker_push }} @@ -56,6 +57,15 @@ runs: ${{ steps.prepare.outputs.tag }} ${{ steps.prepare.outputs.branch }} + - name: Test images + if: ${{ steps.prepare.outputs.build }} + shell: bash + run: | + docker run --rm --entrypoint bash ${{ steps.prepare.outputs.tag }} -c 'bpftool version' + docker run --rm --entrypoint bash ${{ steps.prepare.outputs.tag }} -c 'clang --version' + docker run --rm --entrypoint bash ${{ steps.prepare.outputs.tag }} -c 'ip -V' + docker run --rm --entrypoint bash ${{ steps.prepare.outputs.tag }} -c 'ss -V' + - name: Scan images if: ${{ steps.prepare.outputs.scan }} uses: ./.github/actions/trivy_scan diff --git a/.github/actions/build_cilium-image-tools/action.yaml b/.github/actions/build_cilium-image-tools/action.yaml index 3c15365b8..38869b8a6 100644 --- a/.github/actions/build_cilium-image-tools/action.yaml +++ b/.github/actions/build_cilium-image-tools/action.yaml @@ -12,31 +12,11 @@ runs: env: DEBIAN_FRONTEND: noninteractive run: | - sudo apt-get update + sudo apt-get -q update sudo ln -fs /usr/share/zoneinfo/UTC /etc/localtime - sudo apt-get install -y --no-install-recommends \ - automake \ - binutils \ - bison \ - build-essential \ - ca-certificates \ - cmake \ - curl \ - flex \ - g++ \ - gcc-9 \ - git \ - libelf-dev \ - libmnl-dev \ - libtool \ - make \ - ninja-build \ - pkg-config \ + sudo apt-get -q install -y --no-install-recommends \ python2 \ - python3 \ - python3-pip \ - llvm \ - unzip + llvm sudo update-alternatives --install /usr/bin/python python /usr/bin/python2 1 sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 2 @@ -47,14 +27,41 @@ runs: curl -sSLf https://github.com/cilium/image-tools/archive/${{ inputs.image-tools_version }}.tar.gz | \ tar zxf - --strip-components 1 -C cilium/src/image-tools + - name: Build llvm image + uses: docker/build-push-action@v5 + with: + context: cilium + load: true + platforms: "linux/amd64" + provenance: false + push: false + tags: cilium-llvm:dev + target: cilium-llvm + + - name: Install dependencies + shell: bash + working-directory: cilium/src/image-tools/images/compilers + run: | + # https://github.com/cilium/image-tools/blob/master/images/compilers/install-deps.sh + PACKAGES_FROM=$(grep -n packages= install-deps.sh | cut -d: -f1 | jq '. + 1') + PACKAGES_TO=$(grep -n ')' install-deps.sh | cut -d: -f1 | jq -n "[inputs | select(. >= ${PACKAGES_FROM})] | min - 1") + PACKAGES=$(cat install-deps.sh | sed -n ${PACKAGES_FROM},${PACKAGES_TO}p | awk '{ print $1 }' | grep -v arm64 | tr '\n' ' ') + sudo apt-get -q install -y --no-install-recommends ${PACKAGES} + + PACKAGES_FROM=$(grep -n packages_amd64= install-deps.sh | cut -d: -f1 | jq '. + 1') + PACKAGES_TO=$(grep -n ')' install-deps.sh | cut -d: -f1 | jq -n "[inputs | select(. >= ${PACKAGES_FROM})] | min - 1") + PACKAGES=$(cat install-deps.sh | sed -n ${PACKAGES_FROM},${PACKAGES_TO}p | awk '{ print $1 }' | grep -v arm64 | tr '\n' ' ') + sudo apt-get -q install -y --no-install-recommends ${PACKAGES} + - name: Build llvm shell: bash run: | + # https://github.com/cilium/image-tools/blob/master/images/llvm/checkout-llvm.sh WORKSPACE=$(pwd)/cilium/src/workspace cd cilium/src/image-tools sudo images/llvm/checkout-llvm.sh - # images/llvm/build-llvm-native.sh + # https://github.com/cilium/image-tools/blob/master/images/llvm/build-llvm-native.sh sudo mkdir -p /src/llvm/llvm/build-native cd /src/llvm/llvm/build-native sudo cmake .. -G "Ninja" \ @@ -77,7 +84,19 @@ runs: - name: Build bpftool shell: bash run: | + # https://github.com/libbpf/bpftool/tree/main?tab=readme-ov-file#build-bpftool + WORKSPACE=$(pwd)/cilium/src/workspace cd cilium/src/image-tools sudo images/bpftool/checkout-linux.sh - sudo images/bpftool/build-bpftool-native.sh + sudo bash -c 'echo ${PATH}' + sudo which clang + sudo clang --version + ldconfig -v 2>/dev/null || true + ls -al ${WORKSPACE}/bin + sudo bash -c "echo ${WORKSPACE}" + sudo bash -c "echo ${PATH}" + sudo bash -c "PATH=${WORKSPACE}/bin:${PATH} which clang" + sudo bash -c "PATH=${WORKSPACE}/bin:${PATH} clang --version" + sudo bash -c "PATH=${WORKSPACE}/bin:${PATH} EXTRA_CFLAGS=-v images/bpftool/build-bpftool-native.sh" + ldd /out/linux/amd64/bin/bpftool sudo mv /out/linux/amd64/bin/bpftool ../workspace/usr/local/bin/ diff --git a/cilium/Dockerfile b/cilium/Dockerfile index ece300607..5a025f409 100644 --- a/cilium/Dockerfile +++ b/cilium/Dockerfile @@ -1,9 +1,23 @@ -ARG GOLANG_IMAGE=ghcr.io/cybozu/golang:1.22-jammy -ARG UBUNTU_IMAGE=ghcr.io/cybozu/ubuntu:22.04 +ARG GOLANG_IMAGE=ghcr.io/cybozu/golang:1.23-jammy +ARG UBUNTU_IMAGE=ghcr.io/cybozu/ubuntu:24.04 ARG DESTDIR=/tmp/install/linux/amd64 +# https://github.com/cilium/image-tools/blob/master/images/compilers/Dockerfile +FROM ${UBUNTU_IMAGE} AS cilium-compiler +COPY src/image-tools/images/compilers/install-deps.sh /tmp/install-deps.sh + +RUN /tmp/install-deps.sh + +# https://github.com/cilium/image-tools/blob/master/images/llvm/Dockerfile +FROM cilium-compiler AS cilium-llvm +COPY src/image-tools/images/llvm/checkout-llvm.sh /tmp/checkout-llvm.sh +COPY src/image-tools/images/llvm/build-llvm-native.sh /tmp/build-llvm-native.sh + +RUN /tmp/checkout-llvm.sh +RUN /tmp/build-llvm-native.sh + # Stage1: build common -FROM ${GOLANG_IMAGE} as build-base +FROM ${GOLANG_IMAGE} AS build-base ARG DESTDIR ENV DESTDIR=${DESTDIR} COPY TAG / @@ -34,7 +48,7 @@ RUN mkdir -p ${DESTDIR} \ && images/cilium/download-hubble.sh -FROM build-base as builder +FROM build-base AS builder COPY src/workspace/bin/llvm-objcopy /bin/ COPY src/workspace/bin/clang src/workspace/bin/llc /bin/ WORKDIR /go/src/github.com/cilium/cilium diff --git a/cilium/TAG b/cilium/TAG index 1171808b7..18639a5a3 100644 --- a/cilium/TAG +++ b/cilium/TAG @@ -1 +1 @@ -1.15.11.1-rc.1 +1.15.11.1-rc.2