-
Notifications
You must be signed in to change notification settings - Fork 289
/
Copy pathcilium-1.15.yaml
218 lines (193 loc) · 6.35 KB
/
cilium-1.15.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
package:
name: cilium-1.15
version: 1.15.2
epoch: 1
description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane
copyright:
- license: Apache-2.0
dependencies:
runtime:
- bpftool
# cilium does compilations at runtime on the node.
- clang
- cni-plugins-loopback
- iproute2
- ipset
- iptables
- kmod
- llvm15
- llvm15-tools
provides:
- cilium=${{package.full-version}}
environment:
contents:
packages:
- bash
- bazel-6
- binutils
- build-base
- busybox
- ca-certificates-bundle
- clang~15
- cmake
- coreutils # for GNU install
# We need to stick to gcc 12 for now, envoy doesn't build with gcc >= 13
- gcc-12-default
- git
- go
- grep
- iptables # for cilium-iptables
- libtool
- llvm-lld-15
- llvm15
- llvm15-cmake-default
- llvm15-dev
- llvm15-tools
- openjdk-11
- patch
- python3-dev
- samurai
- wolfi-baselayout
vars:
# https://github.com/cilium/cilium/blob/v1.15.2/images/cilium/Dockerfile
CILIUM_PROXY_COMMIT: "99c1c8f42c8de70fc8f6dd594f4a425cd38b6688"
pipeline:
- uses: git-checkout
with:
repository: https://github.com/cilium/cilium
tag: v${{package.version}}
expected-commit: 7cf5782920423b07e7a4e6e67fafd81e1d4a1d33
- uses: patch
with:
patches: loopback-location.patch
- uses: patch
with:
patches: go.mod.patch
- runs: |
# Remove groupadd from Makefile: it's not doing anything useful in
# a package build anyway, and it's not available in busybox.
find . -name Makefile -exec sed -i '/groupadd/d' {} \;
DESTDIR=${{targets.destdir}} DISABLE_ENVOY_INSTALLATION=1 make build-container
DESTDIR=${{targets.destdir}} DISABLE_ENVOY_INSTALLATION=1 make install-container
- runs: |
# Check the Dockerfile for a SHA and match against the proxy SHA
ENVOY_SHA=$(grep 'FROM.*cilium-envoy' ./images/cilium/Dockerfile \
| sed "s/^FROM.*:v[0-9.]\+-//g" | cut -d@ -f1)
if [ "$ENVOY_SHA" != "${{vars.CILIUM_PROXY_COMMIT}}" ]; then
echo "Expected vars.CILIUM_PROXY_COMMIT to be $ENVOY_SHA. Please update" 1>&2
exit 1
fi
- runs: |
# TODO: Replace with git-checkout when `commit` parameter
# is supported.
tmpdir=$(mktemp -d)
git config --global --add safe.directory $tmpdir
git config --global --add safe.directory /home/build
git clone https://github.com/cilium/proxy $tmpdir
cd $tmpdir
git reset --hard ${{vars.CILIUM_PROXY_COMMIT}}
mkdir -p /home/build/envoy
tar -c . | (cd /home/build/envoy && tar -x)
rm -rf $tmpdir
- uses: patch
with:
patches: toolchains-paths.patch
- runs: |
cd /home/build/envoy/proxylib
make
mkdir -p ${{targets.destdir}}/usr/lib
cp -v libcilium.so ${{targets.destdir}}/usr/lib/libcilium.so
cd /home/build/envoy
# The Python interpreter complains about being run as root, there's a flag to pass to disable that warning.
sed -i 's/envoy_dependencies_extra()/envoy_dependencies_extra(ignore_root_user_error=True)/g' WORKSPACE
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk
mkdir -p .cache/bazel/_bazel_root
./bazel/setup_clang.sh /usr
mkdir -p ${{targets.destdir}}/usr/bin
for target in cilium-envoy-starter cilium-envoy; do
bazel build --fission=no --config=clang \
--discard_analysis_cache \
--nokeep_state_after_build \
--notrack_incremental_state \
--conlyopt="-Wno-strict-prototypes" \
--verbose_failures -c opt //:${target}
cp -v bazel-bin/${target} ${{targets.destdir}}/usr/bin/${target}
done
- uses: strip
subpackages:
- name: ${{package.name}}-container-init
description: init scripts for cilium
dependencies:
provides:
- cilium-container-init=${{package.full-version}}
pipeline:
- runs: |
mkdir -p ${{targets.subpkgdir}}/usr/bin
cp images/cilium/init-container.sh \
plugins/cilium-cni/install-plugin.sh \
plugins/cilium-cni/cni-uninstall.sh \
${{targets.subpkgdir}}/usr/bin
- name: ${{package.name}}-container-init-compat
description: init scripts for cilium
dependencies:
runtime:
- ${{package.name}}-container-init
provides:
- cilium-container-init-compat=${{package.full-version}}
pipeline:
- runs: |
mkdir -p ${{targets.subpkgdir}}
ln -sf /usr/bin/init-container.sh ${{targets.subpkgdir}}/init-container.sh
ln -sf /usr/bin/install-plugin.sh ${{targets.subpkgdir}}/install-plugin.sh
ln -sf /usr/bin/cni-uninstall.sh ${{targets.subpkgdir}}/cni-uninstall.sh
- name: ${{package.name}}-iptables
description: iptables compatibility package for cilium
dependencies:
runtime:
- iptables
provides:
- cilium-iptables=${{package.full-version}}
pipeline:
- runs: |
# This script generates a wrapper based on the version
# of iptables provided by the build environment.
./images/runtime/iptables-wrapper-installer.sh
mkdir -p ${{targets.subpkgdir}}/sbin
mv /sbin/iptables-wrapper ${{targets.subpkgdir}}/sbin/iptables-wrapper
- uses: strip
- name: ${{package.name}}-operator-generic
description: Generic operator for cilium
dependencies:
runtime:
- gops
provides:
- cilium-operator-generic=${{package.full-version}}
pipeline:
- uses: go/bump
with:
deps: github.com/go-jose/go-jose/[email protected]
- runs: |
cd /home/build/operator
make cilium-operator-generic
DESTDIR=${{targets.subpkgdir}} make install-generic
- uses: strip
- name: ${{package.name}}-hubble-relay
description: Hubble relay
dependencies:
provides:
- cilium-hubble-relay=${{package.full-version}}
pipeline:
- runs: |
cd /home/build/hubble-relay
make hubble-relay
DESTDIR=${{targets.subpkgdir}} make install
- uses: strip
test:
pipeline:
- runs: cilium version
update:
enabled: true
github:
identifier: cilium/cilium
strip-prefix: v
tag-filter-prefix: v1.15.