diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index df33b35..f68ba0a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -27,11 +27,27 @@ jobs: with: github_token: ${{ secrets.GITHUB_TOKEN }} - name: Setup tools - run: make setup + run: make setup download-cilium-cli - name: Run code check run: make check-generate - name: Run lint run: make lint + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build cilium-agent-proxy + uses: docker/build-push-action@v6 + with: + context: . + file: ./Dockerfile + load: true + push: false + tags: cilium-agent-proxy:dev - name: Run environment working-directory: e2e run: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8da5898..f16a258 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -24,6 +24,8 @@ jobs: echo "Tag v${{ inputs.tag }} already exists" exit 1 fi + - name: Download Cilium CLI + run: make download-cilium-cli - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry diff --git a/Dockerfile b/Dockerfile index bd9d8d8..98b9d17 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,9 +10,10 @@ RUN go mod download # Copy the go source COPY cmd/cilium-agent-proxy/ cmd/cilium-agent-proxy/ +COPY Makefile Makefile # Build -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o cilium-agent-proxy ./cmd/cilium-agent-proxy +RUN make build-proxy # Compose the manager container FROM ghcr.io/cybozu/ubuntu:22.04 @@ -20,6 +21,6 @@ LABEL org.opencontainers.image.source=https://github.com/cybozu-go/network-polic WORKDIR / COPY bin/download/cilium / -COPY --from=builder /work/cilium-agent-proxy / +COPY --from=builder /work/bin/cilium-agent-proxy / ENTRYPOINT ["/cilium-agent-proxy"] diff --git a/Makefile b/Makefile index e7137d2..bf94765 100644 --- a/Makefile +++ b/Makefile @@ -19,7 +19,7 @@ help: ## Display this help @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) .PHONY: setup -setup: $(CILIUM_CLI) $(CUSTOMCHECKER) $(STATICCHECK) ## Install necessary tools +setup: $(CUSTOMCHECKER) $(STATICCHECK) ## Install necessary tools if ! which aqua; then \ echo 'setup needs aqua.'; \ exit 1; \ @@ -28,12 +28,12 @@ setup: $(CILIUM_CLI) $(CUSTOMCHECKER) $(STATICCHECK) ## Install necessary tools $(HELM) repo add cilium https://helm.cilium.io/ $(HELM) repo update cilium -$(CILIUM_CLI): +.PHONY: download-cilium-cli +download-cilium-cli: mkdir -p $(TOOLS_DIR) - CONTAINER_ID=$$(docker run --detach --entrypoint pause ghcr.io/cybozu/cilium:$(CILIUM_IMAGE_VERSION)); \ + CONTAINER_ID=$$(docker run --rm --detach --entrypoint pause ghcr.io/cybozu/cilium:$(CILIUM_IMAGE_VERSION)); \ docker cp $${CONTAINER_ID}:/usr/bin/cilium $(CILIUM_CLI); \ - docker stop $${CONTAINER_ID}; \ - docker rm $${CONTAINER_ID} + docker stop $${CONTAINER_ID} $(CUSTOMCHECKER): GOBIN=$(TOOLS_DIR) go install github.com/cybozu-go/golang-custom-analyzer/cmd/custom-checker@latest @@ -51,7 +51,12 @@ clean: .PHONY: build build: ## Build network-policy-viewer mkdir -p $(BIN_DIR) - go build -trimpath -ldflags "-w -s" -o $(BIN_DIR)/npv ./cmd/npv + CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags "-w -s" -o $(BIN_DIR)/npv ./cmd/npv + +.PHONY: build-proxy +build-proxy: ## Build cilium-agent-proxy + mkdir -p $(BIN_DIR) + CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags="-w -s" -o $(BIN_DIR)/cilium-agent-proxy ./cmd/cilium-agent-proxy .PHONY: check-generate check-generate: diff --git a/e2e/testdata/cilium-agent-proxy.yaml b/e2e/testdata/cilium-agent-proxy.yaml index 401248a..0727244 100644 --- a/e2e/testdata/cilium-agent-proxy.yaml +++ b/e2e/testdata/cilium-agent-proxy.yaml @@ -30,6 +30,7 @@ spec: - name: cilium-socket hostPath: path: /var/run/cilium + # "cilium bpf policy get" reads from /sys/fs/bpf - name: bpf hostPath: path: /sys/fs/bpf