allow bytecode image to ship multiple programs #66
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: bpfman-image-build | ||
| on: # yamllint disable-line rule:truthy | ||
| push: | ||
| branches: [main] | ||
| tags: | ||
| - v* | ||
| pull_request: | ||
| paths: [.github/workflows/image-build.yaml] | ||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Build bpfman binary | ||
| run: cargo build -p bpfman --verbose | ||
| - name: archive bpfman binary | ||
| run: | | ||
| cd target/debug | ||
| tar -czvf bpfman.tar.gz bpfman | ||
| - name: Archive bpfman Binaries | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: bpfman | ||
| path: | | ||
| ./target/debug/bpfman.tar.gz | ||
| build-and-push-images: | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| id-token: write # needed for signing the images with GitHub OIDC Token | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| image: | ||
| - registry: quay.io | ||
| # build_language: rust - Not building locally, so don't install rust toolchain | ||
| repository: bpfman | ||
| image: bpfman | ||
| dockerfile: ./Containerfile.bpfman | ||
| context: . | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=tag | ||
| type=ref,event=pr | ||
| type=sha,format=long | ||
| # set latest tag for default branch | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| - registry: quay.io | ||
| # build_language: go - Not building locally, so don't install go tools | ||
| repository: bpfman | ||
| image: bpfman-agent | ||
| dockerfile: ./bpfman-operator/Containerfile.bpfman-agent | ||
| context: . | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=tag | ||
| type=ref,event=pr | ||
| type=sha,format=long | ||
| # set latest tag for default branch | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| - registry: quay.io | ||
| # build_language: go - Not building locally, so don't install go tools | ||
| repository: bpfman | ||
| image: bpfman-operator | ||
| dockerfile: ./bpfman-operator/Containerfile.bpfman-operator | ||
| context: . | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=tag | ||
| type=ref,event=pr | ||
| type=sha,format=long | ||
| # set latest tag for default branch | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| - registry: quay.io | ||
| # build_language: go - Not building locally, so don't install go tools | ||
| repository: bpfman | ||
| image: bpfman-operator-bundle | ||
| context: ./bpfman-operator | ||
| dockerfile: ./bpfman-operator/Containerfile.bundle | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=tag | ||
| type=ref,event=pr | ||
| type=sha,format=long | ||
| # set latest tag for default branch | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| - registry: quay.io | ||
| # build_language: go - Not building locally, so don't install go tools | ||
| repository: bpfman-userspace | ||
| image: go-xdp-counter | ||
| context: . | ||
| dockerfile: ./examples/go-xdp-counter/container-deployment/Containerfile.go-xdp-counter | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=tag | ||
| type=ref,event=pr | ||
| type=sha,format=long | ||
| # set latest tag for default branch | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| - registry: quay.io | ||
| # build_language: go - Not building locally, so don't install go tools | ||
| repository: bpfman-userspace | ||
| image: go-tc-counter | ||
| context: . | ||
| dockerfile: ./examples/go-tc-counter/container-deployment/Containerfile.go-tc-counter | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=tag | ||
| type=ref,event=pr | ||
| type=sha,format=long | ||
| # set latest tag for default branch | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| - registry: quay.io | ||
| # build_language: go - Not building locally, so don't install go tools | ||
| repository: bpfman-userspace | ||
| image: go-tracepoint-counter | ||
| context: . | ||
| dockerfile: ./examples/go-tracepoint-counter/container-deployment/Containerfile.go-tracepoint-counter | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=tag | ||
| type=ref,event=pr | ||
| type=sha,format=long | ||
| # set latest tag for default branch | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| - registry: quay.io | ||
| # build_language: go - Not building locally, so don't install go tools | ||
| repository: bpfman-userspace | ||
| image: go-kprobe-counter | ||
| context: . | ||
| dockerfile: ./examples/go-kprobe-counter/container-deployment/Containerfile.go-kprobe-counter | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=tag | ||
| type=ref,event=pr | ||
| type=sha,format=long | ||
| # set latest tag for default branch | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| - registry: quay.io | ||
| # build_language: go - Not building locally, so don't install go tools | ||
| repository: bpfman-userspace | ||
| image: go-uprobe-counter | ||
| context: . | ||
| dockerfile: ./examples/go-uprobe-counter/container-deployment/Containerfile.go-uprobe-counter | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=tag | ||
| type=ref,event=pr | ||
| type=sha,format=long | ||
| # set latest tag for default branch | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| - registry: quay.io | ||
| # build_language: go - Not building locally, so don't install go tools | ||
| repository: bpfman-userspace | ||
| image: go-uretprobe-counter | ||
| context: . | ||
| dockerfile: ./examples/go-uretprobe-counter/container-deployment/Containerfile.go-uretprobe-counter | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=tag | ||
| type=ref,event=pr | ||
| type=sha,format=long | ||
| # set latest tag for default branch | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| - registry: quay.io | ||
| # build_language: go - Not building locally, so don't install go tools | ||
| repository: bpfman-userspace | ||
| image: go-target | ||
| context: . | ||
| dockerfile: ./examples/go-target/container-deployment/Containerfile.go-target | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=tag | ||
| type=ref,event=pr | ||
| type=sha,format=long | ||
| # set latest tag for default branch | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| name: Build Image (${{ matrix.image.image }}) | ||
| steps: | ||
| - name: Checkout bpfman | ||
| uses: actions/checkout@v4 | ||
| - name: Install cosign | ||
| uses: sigstore/[email protected] | ||
| - name: Generate olm bundle on disk | ||
| if: ${{ matrix.image.image == 'bpfman-operator-bundle' }} | ||
| run: | | ||
| cd bpfman-operator && make bundle | ||
| - name: Login to quay.io/bpfman | ||
| uses: redhat-actions/podman-login@v1 | ||
| if: ${{ github.event_name == 'push' && matrix.image.repository == 'bpfman'}} | ||
| with: | ||
| registry: ${{ matrix.image.registry }} | ||
| username: ${{ secrets.BPFMAN_USERNAME }} | ||
| password: ${{ secrets.BPFMAN_ROBOT_TOKEN }} | ||
| - name: Login to quay.io/bpfman-userspace | ||
| uses: redhat-actions/podman-login@v1 | ||
| if: ${{ github.event_name == 'push' && matrix.image.repository == 'bpfman-userspace'}} | ||
| with: | ||
| registry: ${{ matrix.image.registry }} | ||
| username: ${{ secrets.BPFMAN_USERSPACE_USERNAME }} | ||
| password: ${{ secrets.BPFMAN_USERSPACE_ROBOT_TOKEN }} | ||
| - name: Extract metadata (tags, labels) for image | ||
| id: meta | ||
| uses: docker/[email protected] | ||
| with: | ||
| images: ${{ matrix.image.registry }}/${{ matrix.image.repository }}/${{ matrix.image.image }} | ||
| tags: ${{ matrix.image.tags }} | ||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Set push flag | ||
| id: set-push | ||
| run: | | ||
| if [ ${{ github.event_name }} == 'push' ]; then | ||
| echo "push_flag=true" >> "$GITHUB_OUTPUT" | ||
| else | ||
| echo "push_flag=false" >> "$GITHUB_OUTPUT" | ||
| fi | ||
| - name: Build and push | ||
| id: build-push-image | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| platforms: linux/amd64, linux/arm64 | ||
| # TBD: linux/ppc64le, linux/s390x | ||
| push: ${{ fromJSON(steps.set-push.outputs.push_flag) }} | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| file: ${{ matrix.image.dockerfile }} | ||
| build-args: ${{ matrix.image.build_args }} | ||
| context: ${{ matrix.image.context }} | ||
| - name: Sign the images with GitHub OIDC Token | ||
| if: ${{ github.event_name == 'push' }} | ||
| run: | | ||
| readarray -t tags <<<"${{ steps.meta.outputs.tags }}" | ||
| for tag in ${tags[@]}; do | ||
| cosign sign -y "${tag}@${{ steps.build-push-image.outputs.digest }}" | ||
| done | ||
| build-and-push-bytecode-images: | ||
| needs: [build] | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| id-token: write # needed for signing the images with GitHub OIDC Token | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| image: | ||
| - registry: quay.io | ||
| build_language: go | ||
| bpf_build_wrapper: go | ||
| repository: bpfman-bytecode | ||
| image: go-xdp-counter | ||
| context: . | ||
| dockerfile: ./Containerfile.bytecode | ||
| bytecode_path: ./examples/go-xdp-counter/bpf_bpfel.o | ||
| tags: | | ||
| type=ref,event=branch | ||
| type=ref,event=tag | ||
| type=ref,event=pr | ||
| type=sha,format=long | ||
| # set latest tag for default branch | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: go | ||
| # bpf_build_wrapper: go | ||
| # repository: bpfman-bytecode | ||
| # image: go-tc-counter | ||
| # context: ./examples/go-tc-counter | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=go-tc-counter | ||
| # BPF_FUNCTION_NAME=stats | ||
| # PROGRAM_TYPE=tc | ||
| # BYTECODE_FILENAME=bpf_bpfel.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: go | ||
| # bpf_build_wrapper: go | ||
| # repository: bpfman-bytecode | ||
| # image: go-tracepoint-counter | ||
| # context: ./examples/go-tracepoint-counter | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=go-tracepoint-counter | ||
| # BPF_FUNCTION_NAME=tracepoint_kill_recorder | ||
| # PROGRAM_TYPE=tracepoint | ||
| # BYTECODE_FILENAME=bpf_bpfel.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: go | ||
| # bpf_build_wrapper: go | ||
| # repository: bpfman-bytecode | ||
| # image: go-kprobe-counter | ||
| # context: ./examples/go-kprobe-counter | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=kprobe_counter | ||
| # BPF_FUNCTION_NAME=kprobe_counter | ||
| # PROGRAM_TYPE=kprobe | ||
| # BYTECODE_FILENAME=bpf_bpfel.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: go | ||
| # bpf_build_wrapper: go | ||
| # repository: bpfman-bytecode | ||
| # image: go-uprobe-counter | ||
| # context: ./examples/go-uprobe-counter | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=uprobe_counter | ||
| # BPF_FUNCTION_NAME=uprobe_counter | ||
| # PROGRAM_TYPE=uprobe | ||
| # BYTECODE_FILENAME=bpf_bpfel.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: go | ||
| # bpf_build_wrapper: go | ||
| # repository: bpfman-bytecode | ||
| # image: go-uretprobe-counter | ||
| # context: ./examples/go-uretprobe-counter | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=uretprobe_counter | ||
| # BPF_FUNCTION_NAME=uretprobe_counter | ||
| # PROGRAM_TYPE=uretprobe | ||
| # BYTECODE_FILENAME=bpf_x86_bpfel.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: rust | ||
| # bpf_build_wrapper: rust | ||
| # repository: bpfman-bytecode | ||
| # image: xdp_pass | ||
| # context: ./tests/integration-test/bpf/.output | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=xdp_pass | ||
| # BPF_FUNCTION_NAME=pass | ||
| # PROGRAM_TYPE=xdp | ||
| # BYTECODE_FILENAME=xdp_pass.bpf.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: rust | ||
| # bpf_build_wrapper: rust | ||
| # repository: bpfman-bytecode | ||
| # image: xdp_pass_private | ||
| # context: ./tests/integration-test/bpf/.output | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=xdp_pass_private | ||
| # BPF_FUNCTION_NAME=pass | ||
| # PROGRAM_TYPE=xdp | ||
| # BYTECODE_FILENAME=xdp_pass.bpf.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: rust | ||
| # bpf_build_wrapper: rust | ||
| # repository: bpfman-bytecode | ||
| # image: tc_pass | ||
| # context: ./tests/integration-test/bpf/.output | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=tc_pass | ||
| # BPF_FUNCTION_NAME=pass | ||
| # PROGRAM_TYPE=tc | ||
| # BYTECODE_FILENAME=tc_pass.bpf.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: rust | ||
| # bpf_build_wrapper: rust | ||
| # repository: bpfman-bytecode | ||
| # image: tracepoint | ||
| # context: ./tests/integration-test/bpf/.output | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=tracepoint | ||
| # BPF_FUNCTION_NAME=enter_openat | ||
| # PROGRAM_TYPE=tracepoint | ||
| # BYTECODE_FILENAME=tp_openat.bpf.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: rust | ||
| # bpf_build_wrapper: rust | ||
| # repository: bpfman-bytecode | ||
| # image: uprobe | ||
| # context: ./tests/integration-test/bpf/.output | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=uprobe | ||
| # BPF_FUNCTION_NAME=my_uprobe | ||
| # PROGRAM_TYPE=uprobe | ||
| # BYTECODE_FILENAME=uprobe.bpf.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: rust | ||
| # bpf_build_wrapper: rust | ||
| # repository: bpfman-bytecode | ||
| # image: uretprobe | ||
| # context: ./tests/integration-test/bpf/.output | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=uretprobe | ||
| # BPF_FUNCTION_NAME=my_uretprobe | ||
| # PROGRAM_TYPE=uretprobe | ||
| # BYTECODE_FILENAME=uprobe.bpf.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: rust | ||
| # bpf_build_wrapper: rust | ||
| # repository: bpfman-bytecode | ||
| # image: kprobe | ||
| # context: ./tests/integration-test/bpf/.output | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=kprobe | ||
| # BPF_FUNCTION_NAME=my_kprobe | ||
| # PROGRAM_TYPE=kprobe | ||
| # BYTECODE_FILENAME=kprobe.bpf.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: rust | ||
| # bpf_build_wrapper: rust | ||
| # repository: bpfman-bytecode | ||
| # image: kretprobe | ||
| # context: ./tests/integration-test/bpf/.output | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=kretprobe | ||
| # BPF_FUNCTION_NAME=my_kretprobe | ||
| # PROGRAM_TYPE=kretprobe | ||
| # BYTECODE_FILENAME=kprobe.bpf.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: rust | ||
| # bpf_build_wrapper: rust | ||
| # repository: bpfman-bytecode | ||
| # image: fentry | ||
| # context: ./tests/integration-test/bpf/.output | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=do_unlinkat | ||
| # BPF_FUNCTION_NAME=test_fentry | ||
| # PROGRAM_TYPE=fentry | ||
| # BYTECODE_FILENAME=fentry.bpf.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: rust | ||
| # bpf_build_wrapper: rust | ||
| # repository: bpfman-bytecode | ||
| # image: fexit | ||
| # context: ./tests/integration-test/bpf/.output | ||
| # dockerfile: ./Containerfile.bytecode | ||
| # build_args: | | ||
| # PROGRAM_NAME=do_unlinkat | ||
| # BPF_FUNCTION_NAME=test_fexit | ||
| # PROGRAM_TYPE=fexit | ||
| # BYTECODE_FILENAME=fentry.bpf.o | ||
| # tags: | | ||
| # type=ref,event=branch | ||
| # type=ref,event=tag | ||
| # type=ref,event=pr | ||
| # type=sha,format=long | ||
| # # set latest tag for default branch | ||
| # type=raw,value=latest,enable={{is_default_branch}} | ||
| # - registry: quay.io | ||
| # build_language: rust | ||
| # bpf_build_wrapper: rust | ||
| # repository: bpfman | ||
| # image: xdp-dispatcher | ||
| # context: . | ||
| # dockerfile: ./Containerfile.xdp_dispatcher_v1 | ||
| # tags: | | ||
| # type=sha,format=long | ||
| # type=raw,value=v1,enable=true | ||
| # - registry: quay.io | ||
| # build_language: rust | ||
| # bpf_build_wrapper: rust | ||
| # repository: bpfman | ||
| # image: xdp-dispatcher | ||
| # context: . | ||
| # dockerfile: ./Containerfile.xdp_dispatcher_v2 | ||
| # tags: | | ||
| # type=sha,format=long | ||
| # type=raw,value=v2,enable=true | ||
| # - registry: quay.io | ||
| # build_language: rust | ||
| # bpf_build_wrapper: rust | ||
| # repository: bpfman | ||
| # image: tc-dispatcher | ||
| # context: . | ||
| # dockerfile: ./Containerfile.tc_dispatcher | ||
| # tags: | | ||
| # type=sha,format=long | ||
| # type=raw,value=v1,enable=true | ||
| name: Build eBPF Image (${{ matrix.image.image }}) | ||
| steps: | ||
| - name: Checkout bpfman | ||
| uses: actions/checkout@v4 | ||
| - name: Install Golang | ||
| uses: actions/setup-go@v5 | ||
| if: ${{ matrix.image.build_language == 'go' }} | ||
| with: | ||
| # prettier-ignore | ||
| go-version: '1.22' # yamllint disable-line rule:quoted-strings | ||
| - name: Install cosign | ||
| uses: sigstore/[email protected] | ||
| - name: Checkout libbpf | ||
| uses: actions/checkout@v4 | ||
| if: ${{ matrix.image.bpf_build_wrapper == 'rust' }} | ||
| with: | ||
| repository: libbpf/libbpf | ||
| path: libbpf | ||
| - name: Install rust toolchain - stable | ||
| uses: actions-rs/toolchain@v1 | ||
| if: ${{ matrix.image.build_language == 'rust' }} | ||
| with: | ||
| toolchain: stable | ||
| override: true | ||
| - name: Install libelf-dev | ||
| if: ${{ matrix.image.bpf_build_wrapper == 'rust' || matrix.image.bpf_build_wrapper == 'go' }} | ||
| run: | | ||
| sudo apt-get update | ||
| sudo apt-get install -y linux-headers-`uname -r` clang lldb lld libelf-dev gcc-multilib libbpf-dev | ||
| - name: Build rust wrapped eBPF | ||
| if: ${{ matrix.image.bpf_build_wrapper == 'rust' }} | ||
| run: | | ||
| cargo xtask build-ebpf --libbpf-dir ./libbpf | ||
| - name: Generate go wrapped eBPF | ||
| if: ${{ matrix.image.bpf_build_wrapper == 'go' }} | ||
| run: | | ||
| cd examples && make generate | ||
| - name: Download bpfman binary | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: bpfman | ||
| - name: Unpack binary and put bpfman in path | ||
| run: | | ||
| tar -C /usr/local/bin -xzvf bpfman.tar.gz | ||
| - name: Login to quay.io/bpfman-bytecode | ||
| uses: redhat-actions/podman-login@v1 | ||
| if: ${{ github.event_name == 'push' && matrix.image.repository == 'bpfman-bytecode' }} | ||
| with: | ||
| registry: ${{ matrix.image.registry }} | ||
| username: ${{ secrets.BPFMAN_BYTECODE_USERNAME }} | ||
| password: ${{ secrets.BPFMAN_BYTECODE_ROBOT_TOKEN }} | ||
| - name: Extract metadata (tags, labels) for image | ||
| id: meta | ||
| uses: docker/[email protected] | ||
| with: | ||
| images: ${{ matrix.image.registry }}/${{ matrix.image.repository }}/${{ matrix.image.image }} | ||
| tags: ${{ matrix.image.tags }} | ||
| - name: Generate build args | ||
| id: build-tags | ||
| run: | | ||
| echo "BUILD_ARGS=$(bpfman image generate-build-args -b ${{ matrix.image.bytecode_path }})" | ||
| - name: Build image | ||
| id: build-image | ||
| uses: redhat-actions/buildah-build@v2 | ||
| with: | ||
| image: ${{ matrix.image.image }} | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| containerfiles: ${{ matrix.image.dockerfile }} | ||
| build-args: format('{0}\n{1}\n{2}', matrix.image.build_args, 'BYTECODE_FILE=${{ matrix.image.bytecode_path }}', ${{ env.BUILD_ARGS }}) | ||
| '${{ matrix.image.build_args }}/nBYTECODE_FILE=${{ matrix.image.bytecode_path }}' | ||
| context: ${{ matrix.image.context }} | ||
| - name: Push to registry | ||
| id: push-image | ||
| uses: redhat-actions/push-to-registry@v2 | ||
| if: ${{ github.event_name == 'push' }} | ||
| with: | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| - name: Sign the images with GitHub OIDC Token | ||
| if: ${{ github.event_name == 'push' }} | ||
| run: | | ||
| readarray -t tags <<<"${{ steps.meta.outputs.tags }}" | ||
| for tag in ${tags[@]}; do | ||
| cosign sign -y "${tag}@${{ steps.push-image.outputs.digest }}" | ||
| done | ||
