cilium-envoy.yaml

package:
  name: cilium-envoy
  # cilium/proxy is refered by the build in cilium/cilium using
  # digest. the project itself does not have any tag nor release.
  version: "1.25_git20231010"
  epoch: 6
  description: Envoy proxy for Cilium with minimal Envoy extensions and Cilium policy enforcement filters.
  copyright:
    - license: Apache-2.0

environment:
  contents:
    packages:
      - bash
      - bazel-6
      - binutils
      - build-base
      - busybox
      - ca-certificates-bundle
      - clang~15
      - cmake
      - coreutils
      # We need to stick to gcc 12 for now, envoy doesn't build with gcc >= 13
      - gcc-12-default
      - git
      - go
      - libtool
      - llvm-lld-15
      - llvm15
      - llvm15-cmake-default
      - llvm15-dev
      - llvm15-tools
      - openjdk-11
      - patch
      - python3-dev
      - samurai
      - wolfi-baselayout

vars:
  # From latest cilium/cilium release:
  #   https://github.com/cilium/cilium/blob/v1.14.3/images/cilium/Dockerfile
  CILIUM_PROXY_COMMIT: "f71a313bd0daee41470af31ce6ea20c750fe35dd"

pipeline:
  - runs: |
      # TODO: Replace with git-checkout when `commit` parameter
      #       is supported.
      tmpdir=$(mktemp -d)
      git config --global --add safe.directory $tmpdir
      git config --global --add safe.directory /home/build
      git clone https://github.com/cilium/proxy $tmpdir
      cd $tmpdir
      git reset --hard ${{vars.CILIUM_PROXY_COMMIT}}
      tar -c . | (cd /home/build && tar -x)
      rm -rf $tmpdir

  - uses: patch
    with:
      patches: toolchains-paths.patch

  - uses: go/bump
    with:
      deps: golang.org/x/net@v0.17.0 google.golang.org/grpc@v1.56.3

  - runs: |
      cd /home/build/proxylib
      make
      mkdir -p ${{targets.destdir}}/usr/lib
      cp -v libcilium.so ${{targets.destdir}}/usr/lib/libcilium.so

      cd /home/build

      export JAVA_HOME=/usr/lib/jvm/java-11-openjdk
      mkdir -p .cache/bazel/_bazel_root

      ./bazel/setup_clang.sh /usr

      mkdir -p ${{targets.destdir}}/usr/bin
      bazel build --fission=no --config=clang \
        --discard_analysis_cache \
        --nokeep_state_after_build \
        --notrack_incremental_state \
        --conlyopt="-Wno-strict-prototypes" \
        --verbose_failures -c opt //:cilium-envoy

      cp -v bazel-bin/cilium-envoy ${{targets.destdir}}/usr/bin/cilium-envoy

  - uses: strip

update:
  enabled: false