Rework building and pushing iovisor/bcc images

.github/workflows/bcc_versions.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+
+# Get latest version in Gentoo repo
+BCC_GENTOO_VERSION=$(ls -1 gentoo/dev-util/bcc/bcc-*.ebuild | \
+                         sed -e 's#^.*/bcc-\(.*\)\.ebuild#\1#' | \
+                         sort -V -r | \
+                         head -n1)
+echo "Found version in Gentoo: ${BCC_GENTOO_VERSION}"
+
+case ${ACCOUNT_TYPE} in
+    'org'|'user') :;;
+    '') echo "No account type passed through ACCOUNT_TYPE env var" >&2; exit 1;;
+    *) echo "Wrong account type ${ACCOUNT_TYPE@Q}, should be either 'user' or 'org'" >&2; exit 1;;
+esac
+
+if [[ -z ${ACCOUNT} ]]; then
+    echo "No account passed through ACCOUNT env var" >&2
+    exit 1
+fi
+
+if [[ -z ${TOKEN} ]]; then
+    echo "No token passed through TOKEN env var" >&2
+    exit 1
+fi
+
+if [[ ${FORCE:-} != 'true' ]]; then
+    FORCE=''
+fi
+
+if [[ -z ${FORCE} ]]; then
+    URL="https://api.github.com/${ACCOUNT_TYPE}s/${ACCOUNT}/packages/container/bcc/versions"
+
+    echo "Sending request to ${URL}"
+
+    # Get latest version in ghcr.io
+    curl_opts=(
+        --location
+        --request 'GET'
+        --url "${URL}"
+        --header "Authorization: Bearer ${TOKEN}"
+        --header 'X-GitHub-Api-Version: 2022-11-28'
+    )
+    curl "${curl_opts[@]}" >json_output
+    echo "Got reply:"
+    cat json_output
+    jq --raw-output '.[].metadata.container.tags.[]' json_output >versions
+    echo "Found versions in ghcr:"
+    cat versions
+    BCC_GHCR_VERSION=$(grep --invert-match --fixed-strings latest versions | \
+                           sort -V -r | \
+                           head -n1)
+    echo "Latest version in ghcr: ${BCC_GHCR_VERSION}"
+
+    # Given the versions, check if we should build a new image.
+    build_version=''
+    if [[ -z ${BCC_GENTOO_VERSION} ]]; then
+        echo "No dev-util/bcc ebuilds in Gentoo?"
+    elif [[ -z ${BCC_GHCR_VERSION} ]]; then
+        echo "No versioned images in ghcr, building an image"
+        build_version=${BCC_GENTOO_VERSION}
+    else
+        greater_version=$(printf '%s\n' "${BCC_GENTOO_VERSION}" "${BCC_GHCR_VERSION}" | \
+                              sort -V -r | \
+                              head -n1)
+        if [[ ${greater_version} != "${BCC_GHCR_VERSION}" ]]; then
+            echo "Gentoo has a greater version of bcc, building an image"
+            build_version=${BCC_GENTOO_VERSION}
+        else
+            echo "We have latest version available in ghcr"
+        fi
+    fi
+else
+    echo "Forcing the build of the image"
+    build_version=${BCC_GENTOO_VERSION}
+fi
+echo "BUILD_VERSION=${build_version}" >>"${GITHUB_OUTPUT}"

.github/workflows/build-push-iovisor-bcc.yaml

@@ -1,47 +1,86 @@
-name: Build and push iovisor/bcc ubuntu 22.04
+name: Build and push iovisor/bcc
 on:
+  schedule:
+    # run on Monday at 7
+    - cron:  '0 7 * * 1'
   workflow_dispatch:
     inputs:
-      ghcr_org:
+      ghcr_account:
         type: string
         required: false
         default: flatcar
         description: |
-          The name of the GitHub org where the docker images should be pushed.
+          The name of the GitHub org or user where the docker images should be pushed.
+      ghcr_account_type:
+        type: string
+        required: false
+        default: org
+        description: |
+          The type of the GitHub account, must be either "org" or "user".
+      force:
+        type: boolean
+        required: false
+        default: false
+        description: |
+          Forces the build, even if latest version already exists.
 
 permissions:
   contents: read
+  packages: write
 
 jobs:
   build_and_push:
-    permissions:
-      packages: write
     strategy:
       fail-fast: true
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - name: Mantle checkout
+      uses: actions/checkout@v6
+      with:
+        ref: main
+        sparse-checkout: |
+          /other-dockerfiles/bcc/**
+          /.github/**
+        sparse-checkout-cone-mode: false
+        path: mantle
+    - name: Sparse Gentoo checkout
+      uses: actions/checkout@v6
       with:
-        repository: iovisor/bcc
+        repository: gentoo/gentoo
         ref: master
-        fetch-depth: 0
-        fetch-tags: true
+        sparse-checkout: /dev-util/bcc/**
+        sparse-checkout-cone-mode: false
+        path: gentoo
+    - name: Get bcc versions from Gentoo and ghcr.io
+      id: bcc-versions
+      shell: bash
+      env:
+        TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        ACCOUNT: ${{ inputs.ghcr_account }}
+        ACCOUNT_TYPE: ${{ inputs.ghcr_account_type }}
+        FORCE: ${{ inputs.force }}
+      run: mantle/.github/workflows/bcc_versions.sh
     - name: Set up QEMU
+      if: ${{ steps.bcc-versions.outputs.BUILD_VERSION != '' }}
       uses: docker/setup-qemu-action@v3
     - name: Set up Docker Buildx
+      if: ${{ steps.bcc-versions.outputs.BUILD_VERSION != '' }}
       uses: docker/setup-buildx-action@v3
     - name: Login to GitHub Container Registry (ghcr)
+      if: ${{ steps.bcc-versions.outputs.BUILD_VERSION != '' }}
       uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - name: Build and push image
-      id: docker_build
-      uses: docker/build-push-action@v5
+      if: ${{ steps.bcc-versions.outputs.BUILD_VERSION != '' }}
+      uses: docker/build-push-action@v6
       with:
-        context: .
-        file: ./docker/Dockerfile.ubuntu
-        platforms: linux/amd64,linux/arm64/v8
+        context: ./mantle/other-dockerfiles/bcc
+        file: ./mantle/other-dockerfiles/bcc/Dockerfile
+        platforms: linux/amd64,linux/arm64
         push: true
-        tags: ghcr.io/${{ inputs.ghcr_org }}/bcc:latest
+        tags: |
+          ghcr.io/${{ inputs.ghcr_account }}/bcc:latest
+          ghcr.io/${{ inputs.ghcr_account }}/bcc:${{ steps.bcc-versions.outputs.BUILD_VERSION }}

kola/tests/bpf/bpf.go

@@ -51,7 +51,7 @@ func execsnoopTest(c cluster.TestCluster) {
 
 	// filter commands with `docker ps`
 	plog.Infof("running %s container", containerName)
-	cmd := fmt.Sprintf(cmdPrefix, containerName, "/usr/share/bcc/tools/execsnoop -n docker -l ps")
+	cmd := fmt.Sprintf(cmdPrefix, containerName, "execsnoop -n docker -l ps")
 	if _, err := c.SSH(m, cmd); err != nil {
 		c.Fatalf("unable to run SSH command '%s': %v", cmd, err)
 	}

other-dockerfiles/bcc/Dockerfile

@@ -0,0 +1,14 @@
+FROM gentoo/portage:latest AS portage
+
+FROM gentoo/stage3:latest AS gentoo
+
+# This is to know if we are building for amd64 or arm64.
+ARG TARGETARCH
+
+# Copy the entire portage volume in.
+COPY --from=portage /var/db/repos/gentoo /var/db/repos/gentoo
+
+RUN --mount=type=bind,source=prepare_bccrootfs.sh,target=/prepare_bccrootfs.sh /prepare_bccrootfs.sh ${TARGETARCH}
+
+FROM scratch
+COPY --from=gentoo /bccrootfs /

other-dockerfiles/bcc/prepare_bccrootfs.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+
+target_arch=${1}
+
+# Enforce single python version.
+pst=$(emerge --info | grep -o 'PYTHON_SINGLE_TARGET="[^"]*"')
+pt=${pst/PYTHON_SINGLE_TARGET/PYTHON_TARGETS}
+printf '%s\n' "# Enforce single python version" "${pst}" "${pt}" >>/etc/portage/make.conf
+
+# Make sure we will use binary packages, so we can avoid building the
+# whole llvm+clang stack.
+mkdir -p /etc/portage/binrepos.conf
+arch1=${target_arch}
+arch2=${target_arch}
+if [[ ${target_arch} = 'amd64' ]]; then arch2='x86-64'; fi
+uri="https://distfiles.gentoo.org/releases/${arch1}/binpackages/23.0/${arch2}"
+cat >/etc/portage/binrepos.conf/gentoobinhost.conf <<BINHOSTEOF
+[gentoo]
+priority = 1
+sync-uri = ${uri}
+location = /var/cache/binhost/gentoo
+verify-signature = true
+BINHOSTEOF
+printf '%s\n' '# Enable binary packages' 'FEATURES="${FEATURES} getbinpkg binpkg-request-signature"' >>/etc/portage/make.conf
+
+# Allow the latest version of dev-util/bcc, even if it's unstable.
+mkdir -p /etc/portage/package.accept_keywords
+echo 'dev-util/bcc' >/etc/portage/package.accept_keywords/bcc
+
+# Install bcc deps and then bcc itself.
+#
+# "emerge --getbinpkgonly --onlydeps dev-util/bcc" does not work if
+# dev-util/bcc has no binary packages, even if we are not installing
+# it.
+emerge --pretend --verbose --onlydeps dev-util/bcc | grep -e '^\[' >bcc-deps
+sed -i -e 's#^\[[^]]*\][[:space:]]*\([^[:space:]]*\)::.*#=\1#' bcc-deps
+emerge --getbinpkgonly --verbose --oneshot $(<bcc-deps) || exit 1
+rm -f bcc-deps
+emerge --verbose dev-util/bcc || exit 1
+
+# Drop the FEATURES line we added for binpkgs, so we can generate the
+# binary packages without dabbling with signatures and verifications.
+head -n -2 /etc/portage/make.conf >/etc/portage/make.conf.tmp
+mv /etc/portage/make.conf.tmp /etc/portage/make.conf
+rm -rf /etc/portage/binrepos.conf
+
+# Generate binpkgs from local system.
+quickpkg --include-config y $(ls -d1 /var/db/pkg/*/* | sed -e 's#/var/db/pkg/#=#') || exit 1
+
+# Create rootfs, avoid installing perl and docs into the rootfs,
+# install bcc and do some cleanups.
+mkdir -p /bccrootfs
+emerge --nodeps --root=/bccrootfs --usepkgonly sys-apps/baselayout || exit 1
+mkdir -p /etc/portage/profile/package.provided
+emerge --pretend --quiet --nodeps dev-lang/perl | grep -o 'dev-lang/perl-[0-9.]*' >/etc/portage/profile/package.provided/perl
+echo 'INSTALL_MASK="${INSTALL_MASK} /usr/share/locale /usr/share/doc /usr/share/man /usr/share/i18n"' >>/etc/portage/make.conf
+emerge --root=/bccrootfs --usepkgonly --verbose --tree dev-util/bcc || exit 1
+rm -rf /bccrootfs/var/db/pkg /bccrootfs/var/cache/edb