refactor(ci): integrate arm64 runners + zig build #72
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create Sysdig draft/RC release | |
| on: | |
| pull_request: | |
| branches: [dev] | |
| push: | |
| branches: [dev] | |
| workflow_dispatch: | |
| #on: | |
| # push: | |
| # tags: | |
| # - '[0-9]+.[0-9]+.[0-9]+' | |
| # - '[0-9]+.[0-9]+.[0-9]+-[a-z]+' | |
| # - '[0-9]+.[0-9]+.[0-9]+-[a-z]+[0-9]+' | |
| jobs: | |
| build-release-sysdig-linux: | |
| runs-on: ubuntu-24.04${{ matrix.platform == 'arm64' && '-arm' || '' }} | |
| container: | |
| image: ubuntu:22.04 | |
| strategy: | |
| matrix: | |
| platform: | |
| - amd64 | |
| - arm64 | |
| env: | |
| ZIG_VERSION: 0.14.0-dev.2851+b074fb7dd | |
| BUILD_VERSION: ${{ github.ref_name }} | |
| steps: | |
| - name: Checkout Sysdig | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install deps | |
| run: | | |
| cp -v scripts/zig-cc /usr/bin/ | |
| cp -v scripts/zig-c++ /usr/bin/ | |
| apt update && \ | |
| apt install -y --no-install-recommends \ | |
| autoconf \ | |
| automake \ | |
| build-essential \ | |
| ca-certificates \ | |
| clang \ | |
| cmake \ | |
| curl \ | |
| git \ | |
| libelf-dev \ | |
| libtool \ | |
| llvm \ | |
| ninja-build \ | |
| pkg-config \ | |
| rpm \ | |
| wget \ | |
| xz-utils && \ | |
| git clone https://github.com/libbpf/bpftool.git --branch v7.3.0 --single-branch && \ | |
| cd bpftool && \ | |
| git submodule update --init && \ | |
| cd src && \ | |
| make install && \ | |
| cd ../.. && \ | |
| rm -fr bpftool && \ | |
| curl -LO https://ziglang.org/builds/zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \ | |
| tar -xaf zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \ | |
| rm -v zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \ | |
| cd zig-linux-$(uname -m)-${ZIG_VERSION} && \ | |
| cp -v zig /usr/bin && \ | |
| find lib -exec cp --parents {} /usr/ \; && \ | |
| cd .. && \ | |
| rm -fr zig* | |
| - name: Build Sysdig | |
| env: | |
| CC: zig-cc | |
| CXX: zig-c++ | |
| AR: zig ar | |
| RANLIB: zig ranlib | |
| run: | | |
| cmake \ | |
| -DUSE_BUNDLED_DEPS=ON \ | |
| -DBUILD_BPF=OFF \ | |
| -DBUILD_DRIVER=OFF \ | |
| -DCMAKE_BUILD_TYPE=Release \ | |
| -S . \ | |
| -B build \ | |
| -G Ninja | |
| cmake --build build --target package --config Release | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sysdig-release-${{ env.BUILD_VERSION }}-linux-${{ matrix.platform }} | |
| path: | | |
| build/sysdig-${{ env.BUILD_VERSION }}* | |
| build-release-others-amd64: | |
| name: build-release-others-amd64 | |
| strategy: | |
| matrix: | |
| os: [windows-latest, macos-13] | |
| include: | |
| - os: windows-latest | |
| artifact_name: win | |
| artifact_ext: exe | |
| - os: macos-13 | |
| artifact_name: osx | |
| artifact_ext: dmg | |
| env: | |
| BUILD_VERSION: ${{ github.ref_name }} | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout Sysdig | |
| uses: actions/checkout@v4 | |
| - name: Build | |
| run: | | |
| mkdir -p build | |
| cd build && cmake -Wno-dev -DBUILD_DRIVER=OFF -DSYSDIG_VERSION="${{ env.BUILD_VERSION }}" .. | |
| cmake --build . --target package --config Release | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.artifact_name }}-x86_64 | |
| path: build/sysdig-${{ env.BUILD_VERSION }}*.${{ matrix.artifact_ext }} | |
| build-release-others-arm64: | |
| name: build-release-others-arm64 | |
| strategy: | |
| matrix: | |
| os: [macos-14] | |
| include: | |
| - os: macos-14 | |
| artifact_name: osx | |
| artifact_ext: dmg | |
| env: | |
| BUILD_VERSION: ${{ github.ref_name }} | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout Sysdig | |
| uses: actions/checkout@v4 | |
| - name: Build | |
| run: | | |
| mkdir -p build | |
| cd build && cmake -Wno-dev -DBUILD_DRIVER=OFF -DSYSDIG_VERSION="${{ env.BUILD_VERSION }}" .. | |
| cmake --build . --target package --config Release | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.artifact_name }}-arm64 | |
| path: build/sysdig-${{ env.BUILD_VERSION }}*.${{ matrix.artifact_ext }} | |
| # push-container-image: | |
| # runs-on: ubuntu-latest | |
| # needs: [build-release-sysdig-linux, sign-rpms, sign-debs] | |
| # env: | |
| # BUILD_VERSION: ${{ github.ref_name }} | |
| # REGISTRY: ghcr.io | |
| # SYSDIG_IMAGE_BASE: ghcr.io/draios/sysdig | |
| # steps: | |
| # - name: Checkout Sysdig | |
| # uses: actions/checkout@v4 | |
| # - name: Download artifacts aarch64 | |
| # uses: actions/download-artifact@v3 | |
| # with: | |
| # name: sysdig-release-${{ env.BUILD_VERSION }}-aarch64 | |
| # - name: Download artifacts x86_64 | |
| # uses: actions/download-artifact@v3 | |
| # with: | |
| # name: sysdig-release-${{ env.BUILD_VERSION }}-x86_64 | |
| # - name: Set up QEMU | |
| # uses: docker/setup-qemu-action@v3 | |
| # with: | |
| # platforms: 'amd64,arm64' | |
| # - name: Set up Docker Buildx | |
| # uses: docker/setup-buildx-action@v2 | |
| # - name: Login to Github Packages | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: ${{ env.REGISTRY }} | |
| # username: ${{ github.actor }} | |
| # password: ${{ secrets.GITHUB_TOKEN }} | |
| # - name: Build and push container images | |
| # uses: docker/build-push-action@v6 | |
| # with: | |
| # platforms: linux/amd64,linux/arm64 | |
| # file: docker/sysdig/Dockerfile | |
| # context: . | |
| # tags: ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.BUILD_VERSION }}-draft | |
| # push: true | |
| # build-args: | |
| # BUILD_VERSION=${{ env.BUILD_VERSION }} | |
| # | |
| # sign-rpms: | |
| # strategy: | |
| # matrix: | |
| # name: [amd64, arm64] | |
| # include: | |
| # - name: amd64 | |
| # arch: x86_64 | |
| # - name: arm64 | |
| # arch: aarch64 | |
| # needs: [build-release-linux-amd64, build-release-linux-arm64] | |
| # runs-on: ubuntu-latest | |
| # env: | |
| # BUILD_VERSION: ${{ github.ref_name }} | |
| # KEY_ID: EC51E8C4 | |
| # container: | |
| # image: fedora:39 | |
| # steps: | |
| # - name: Install deps | |
| # run: dnf install -y rpm-sign pinentry | |
| # - name: Download artifacts | |
| # uses: actions/download-artifact@v3 | |
| # with: | |
| # name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }} | |
| # - name: Import private key | |
| # env: | |
| # PRIVATE_KEY: ${{ secrets.SYSDIG_REPO_SIGNING_KEY }} | |
| # run: printenv PRIVATE_KEY | gpg --import - | |
| # - name: Sign RPMs | |
| # run: rpm --define "_gpg_name ${{ env.KEY_ID }}" --define "_binary_filedigest_algorithm 8" --addsign *.rpm | |
| # - name: Check signature | |
| # run: test "$(rpm -qpi *.rpm | awk '/Signature/' | grep -i none | wc -l)" -eq 0 | |
| # - name: Upload Signed RPMs | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }} | |
| # path: "*.rpm" | |
| # | |
| # sign-debs: | |
| # runs-on: ubuntu-latest | |
| # strategy: | |
| # matrix: | |
| # name: [amd64, arm64] | |
| # include: | |
| # - name: amd64 | |
| # arch: x86_64 | |
| # - name: arm64 | |
| # arch: aarch64 | |
| # needs: [build-release-linux-amd64, build-release-linux-arm64] | |
| # env: | |
| # BUILD_VERSION: ${{ github.ref_name }} | |
| # KEY_ID: EC51E8C4 | |
| # container: | |
| # image: debian:bullseye-slim | |
| # steps: | |
| # - name: Install deps | |
| # run: apt-get update && apt-get -y install dpkg-sig | |
| # - name: Download artifacts | |
| # uses: actions/download-artifact@v3 | |
| # with: | |
| # name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }} | |
| # - name: Import private key | |
| # env: | |
| # PRIVATE_KEY: ${{ secrets.SYSDIG_REPO_SIGNING_KEY }} | |
| # run: printenv PRIVATE_KEY | gpg --import - | |
| # - name: Sign DEBs | |
| # run: dpkg-sig -k ${{ env.KEY_ID }} -s builder *.deb | |
| # - name: Check signature | |
| # run: dpkg-sig --verify *.deb | |
| # - name: Upload Signed DEBs | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }} | |
| # path: "*.deb" | |
| # | |
| # create-draft-release: | |
| # runs-on: ubuntu-latest | |
| # needs: [push-container-image, build-release-linux-amd64, build-release-linux-arm64, sign-rpms, sign-debs] | |
| # env: | |
| # BUILD_VERSION: ${{ github.ref_name }} | |
| # steps: | |
| # - name: Download artifacts (linux-amd64) | |
| # uses: actions/download-artifact@v3 | |
| # with: | |
| # name: sysdig-release-${{ env.BUILD_VERSION }}-x86_64 | |
| # - name: Download artifacts (linux-arm64) | |
| # uses: actions/download-artifact@v3 | |
| # with: | |
| # name: sysdig-release-${{ env.BUILD_VERSION }}-aarch64 | |
| # - name: Download artifacts (win-amd64) | |
| # uses: actions/download-artifact@v3 | |
| # with: | |
| # name: sysdig-release-${{ env.BUILD_VERSION }}-win-x86_64 | |
| # - name: Download artifacts (osx-amd64) | |
| # uses: actions/download-artifact@v3 | |
| # with: | |
| # name: sysdig-release-${{ env.BUILD_VERSION }}-osx-x86_64 | |
| # - name: Create draft release | |
| # uses: softprops/action-gh-release@v1 | |
| # with: | |
| # files: | | |
| # sysdig-${{ env.BUILD_VERSION }}* | |
| # draft: true | |
| # |