diff --git a/.github/actions/build-push/action.yml b/.github/actions/build-push/action.yml new file mode 100644 index 00000000..4b947345 --- /dev/null +++ b/.github/actions/build-push/action.yml @@ -0,0 +1,52 @@ +--- +name: docker build and push +inputs: + docker-registry: + description: 'The docker registry' + required: true + docker-username: + description: 'The docker username' + required: true + docker-password: + description: 'The docker password' + required: true + make-directory: + description: 'What directory to run make from' + required: true + make-file: + description: 'What Makefile' + required: true + make-goal-suffix: + description: 'What make goal suffix' + required: true + +runs: + using: "composite" + steps: + # TODO: use google auth action + - name: Docker login + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + with: + registry: ${{ inputs.docker-registry }} + username: ${{ inputs.docker-username }} + password: ${{ inputs.docker-password }} + + - name: Docker build + run: make -C "${MAKE_DIR}" -f "${MAKEFILE}" build${MAKE_GOAL_SUFFIX} + env: + MAKE_DIR: "${{ inputs.make-directory }}" + MAKEFILE: "${{ inputs.make-file }}" + MAKE_GOAL_SUFFIX: "${{ inputs.make-goal-suffix }}" + shell: bash + + - name: Docker build + run: make -C "${MAKE_DIR}" -f "${MAKEFILE}" push${MAKE_GOAL_SUFFIX} + env: + MAKE_DIR: "${{ inputs.make-directory }}" + MAKEFILE: "${{ inputs.make-file }}" + MAKE_GOAL_SUFFIX: "${{ inputs.make-goal-suffix }}" + shell: bash + + - name: Docker images + run: docker images --format "table {{.Repository}}:{{.Tag}}\t{{.Size}}" + shell: bash diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..344beeac --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,86 @@ +--- +name: ci + +on: + push: ~ + +permissions: + contents: read + +env: + # TODO: support for other release branches with the format [0-9]+.[0-9]+ + REPOSITORY: "${{ startsWith(github.head_ref, 'main') && 'docker.elastic.co/beats-dev' || 'docker.elastic.co/observability-ci' }}" + # TODO: use the google bucket instead + GS_BUCKET_PATH: "golang-crossbuild-tmp" + # TODO: bypass access to the google bucket for now + CI: "false" + # NOTE: as long as we don't use the google bucket but downloading from github + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +jobs: + build-push: + permissions: + contents: read + id-token: write + strategy: + fail-fast: false + matrix: + makefile: [ + "Makefile", + "Makefile.debian9", + "Makefile.debian10", + "Makefile.debian11", + "Makefile.debian12" + ] + fips: [ "false", "true" ] + runs-on: "ubuntu-24.04" + env: + FIPS: "${{matrix.fips}}" + steps: + - uses: actions/checkout@v4 + + # TODO: move to the build-push composite action + # then need to enable the support ci-fpm ane ci-llvm-apple + - uses: elastic/oblt-actions/google/auth@v1 + + - name: Debug gcloud CLI + run: | + gcloud info || true + gsutil list -lra gs://golang-crossbuild-tmp/private || true + gcloud auth list --filter=status:ACTIVE --format="value(account)" || true + + - name: Docker build and push + uses: ./.github/actions/build-push + with: + docker-registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }} + docker-username: ${{ secrets.ELASTIC_DOCKER_USERNAME }} + docker-password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }} + make-directory: 'go' + make-file: "${{matrix.makefile}}" + + build-push-arm: + permissions: + contents: read + id-token: write + strategy: + fail-fast: false + matrix: + fips: [ "false", "true" ] + runs-on: "ubuntu-24.04-arm" + env: + FIPS: "${{matrix.fips}}" + steps: + - uses: actions/checkout@v4 + + # TODO: move to the build-push composite action + - uses: elastic/oblt-actions/google/auth@v1 + + - name: Docker build and push + uses: ./.github/actions/build-push + with: + docker-registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }} + docker-username: ${{ secrets.ELASTIC_DOCKER_USERNAME }} + docker-password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }} + make-directory: 'go' + make-file: 'Makefile.debian9' + make-goal-suffix: '-arm' diff --git a/Makefile.common b/Makefile.common index 5e0dd98b..be7dc8dd 100644 --- a/Makefile.common +++ b/Makefile.common @@ -7,7 +7,7 @@ NPCAP_VERSION := 1.80 NPCAP_FILE := npcap-$(NPCAP_VERSION)-oem.exe SUFFIX_NPCAP_VERSION := -npcap-$(NPCAP_VERSION) NPCAP_REPOSITORY := docker.elastic.co/observability-ci -GS_BUCKET_PATH ?= ingest-buildkite-ci +GS_BUCKET_PATH ?= ifeq ($(BUILDX),1) @@ -18,18 +18,28 @@ endif # Requires login at google storage. copy-npcap: + @echo 'cp gs://$(GS_BUCKET_PATH)/private/$(NPCAP_FILE)' ifeq ($(CI),true) @gsutil cp gs://$(GS_BUCKET_PATH)/private/$(NPCAP_FILE) ../npcap/lib/$(NPCAP_FILE) else @echo 'Only available if running in the CI' + mkdir -p ../npcap/lib/ + touch ../npcap/lib/npcap-1.80-oem.exe endif # Requires login at google storage. copy-sdks: + @echo 'cp gs://$(GS_BUCKET_PATH)/sdks' ifeq ($(CI),true) - @gcloud storage cp gs://ingest-buildkite-ci/sdks . --recursive + @gcloud storage cp gs://$(GS_BUCKET_PATH)/sdks . --recursive else @echo 'Only available if running in the CI' + mkdir -p sdks/ + gh api https://github.com/the-tcpdump-group/tcpdump-htdocs/raw/refs/heads/master/release/libpcap-1.8.1.tar.gz -H "Accept: application/vnd.github.raw" > sdks/libpcap-1.8.1.tar.gz + curl -sSfL -o sdks/MacOSX10.11.sdk.tar.xz https://s3.amazonaws.com/beats-files/deps/MacOSX10.11.sdk.tar.xz + curl -sSfL -o sdks/WpdPack_4_1_2.zip https://www.winpcap.org/install/bin/WpdPack_4_1_2.zip +# see https://github.com/elastic/golang-crossbuild/pull/454/files#diff-36b826ca106e191815b93280143b7cfd13c583e4adc3e27442a5057ac7294586L54 + curl -sSfL -o sdks/MacOSX11.3.sdk.tar.xz https://github.com/phracker/MacOSX-SDKs/releases/download/11.3/MacOSX11.3.sdk.tar.xz endif push: