diff --git a/.github/workflows/reusable_build_images.yml b/.github/workflows/reusable_build_images.yml index 0f49231..be27cd3 100644 --- a/.github/workflows/reusable_build_images.yml +++ b/.github/workflows/reusable_build_images.yml @@ -52,6 +52,10 @@ jobs: run: | echo "TAG=${{ inputs.version }}" >> $GITHUB_ENV + - name: Set CLEANUP env var (CI only, because of limited disk space) + run: | + echo "CLEANUP=true" >> $GITHUB_ENV + - name: Build images working-directory: ./images run: | @@ -65,5 +69,3 @@ jobs: cat failed.txt exit 1; fi - - diff --git a/ansible-playbooks/group_vars/all/vars.yml b/ansible-playbooks/group_vars/all/vars.yml index 49646ee..ffc109b 100644 --- a/ansible-playbooks/group_vars/all/vars.yml +++ b/ansible-playbooks/group_vars/all/vars.yml @@ -13,44 +13,47 @@ user: root # Images tag to be used. tag: main +# Image repository to be used. +repo: "ghcr.io/falcosecurity/kernel-testing" + # Each machine entry requires the following fields # name: the name given to the vm; # kernel: reference to an OCI image containing a kernel; # rootfs: reference to an OCI image used as base rootfs for the vm. # arch: architecture of the kernel and base images. (x86_64/aarch64). machines: - - {name: "amazonlinux2022-5.15", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2022-kernel:5.15-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2022-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "amazonlinux2023-6.1", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2023-kernel:6.1-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2023-image:6.1-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "amazonlinux2-4.19", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-kernel:4.19-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-image:4.19-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "amazonlinux2-5.10", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-kernel:5.10-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-image:5.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "amazonlinux2-5.15", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-kernel:5.15-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "amazonlinux2-5.4", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-kernel:5.4-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-image:5.4-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "archlinux-6.0", kernel: "ghcr.io/falcosecurity/kernel-testing/archlinux-kernel:6.0-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/archlinux-image:6.0-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "archlinux-6.7", kernel: "ghcr.io/falcosecurity/kernel-testing/archlinux-kernel:6.7-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/archlinux-image:6.7-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "centos-3.10", kernel: "ghcr.io/falcosecurity/kernel-testing/centos-kernel:3.10-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/centos-image:3.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "centos-4.18", kernel: "ghcr.io/falcosecurity/kernel-testing/centos-kernel:4.18-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/centos-image:4.18-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "centos-5.14", kernel: "ghcr.io/falcosecurity/kernel-testing/centos-kernel:5.14-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/centos-image:5.14-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "fedora-5.17", kernel: "ghcr.io/falcosecurity/kernel-testing/fedora-kernel:5.17-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/fedora-image:5.17-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "fedora-5.8", kernel: "ghcr.io/falcosecurity/kernel-testing/fedora-kernel:5.8-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/fedora-image:5.8-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "fedora-6.2", kernel: "ghcr.io/falcosecurity/kernel-testing/fedora-kernel:6.2-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/fedora-image:6.2-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "oraclelinux-3.10", kernel: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-kernel:3.10-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-image:3.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "oraclelinux-4.14", kernel: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-kernel:4.14-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-image:4.14-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "oraclelinux-5.15", kernel: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-kernel:5.15-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "oraclelinux-5.4", kernel: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-kernel:5.4-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-image:5.4-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "ubuntu-4.15", kernel: "ghcr.io/falcosecurity/kernel-testing/ubuntu-kernel:4.15-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/ubuntu-image:4.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "ubuntu-6.5", kernel: "ghcr.io/falcosecurity/kernel-testing/ubuntu-kernel:6.5-x86_64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/ubuntu-image:6.5-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "amazonlinux2022-5.15", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2022-kernel:5.15-aarch64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2022-image:5.15-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] - - {name: "amazonlinux2-5.4", kernel: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-kernel:5.4-aarch64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/amazonlinux2-image:5.4-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] - - {name: "fedora-6.2", kernel: "ghcr.io/falcosecurity/kernel-testing/fedora-kernel:6.2-aarch64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/fedora-image:6.2-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] - - {name: "oraclelinux-4.14", kernel: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-kernel:4.14-aarch64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-image:4.14-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] - - {name: "oraclelinux-5.15", kernel: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-kernel:5.15-aarch64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/oraclelinux-image:5.15-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] - - {name: "ubuntu-6.5", kernel: "ghcr.io/falcosecurity/kernel-testing/ubuntu-kernel:6.5-aarch64-{{ tag }}", rootfs: "ghcr.io/falcosecurity/kernel-testing/ubuntu-image:6.5-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] + - {name: "amazonlinux2022-5.15", kernel: "{{ repo }}/amazonlinux2022-kernel:5.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2022-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "amazonlinux2023-6.1", kernel: "{{ repo }}/amazonlinux2023-kernel:6.1-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2023-image:6.1-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "amazonlinux2-4.19", kernel: "{{ repo }}/amazonlinux2-kernel:4.19-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:4.19-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "amazonlinux2-5.10", kernel: "{{ repo }}/amazonlinux2-kernel:5.10-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "amazonlinux2-5.15", kernel: "{{ repo }}/amazonlinux2-kernel:5.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "amazonlinux2-5.4", kernel: "{{ repo }}/amazonlinux2-kernel:5.4-x86_64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.4-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "archlinux-6.0", kernel: "{{ repo }}/archlinux-kernel:6.0-x86_64-{{ tag }}", rootfs: "{{ repo }}/archlinux-image:6.0-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "archlinux-6.7", kernel: "{{ repo }}/archlinux-kernel:6.7-x86_64-{{ tag }}", rootfs: "{{ repo }}/archlinux-image:6.7-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "centos-3.10", kernel: "{{ repo }}/centos-kernel:3.10-x86_64-{{ tag }}", rootfs: "{{ repo }}/centos-image:3.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "centos-4.18", kernel: "{{ repo }}/centos-kernel:4.18-x86_64-{{ tag }}", rootfs: "{{ repo }}/centos-image:4.18-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "centos-5.14", kernel: "{{ repo }}/centos-kernel:5.14-x86_64-{{ tag }}", rootfs: "{{ repo }}/centos-image:5.14-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "fedora-5.17", kernel: "{{ repo }}/fedora-kernel:5.17-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:5.17-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "fedora-5.8", kernel: "{{ repo }}/fedora-kernel:5.8-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:5.8-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "fedora-6.2", kernel: "{{ repo }}/fedora-kernel:6.2-x86_64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:6.2-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "oraclelinux-3.10", kernel: "{{ repo }}/oraclelinux-kernel:3.10-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:3.10-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "oraclelinux-4.14", kernel: "{{ repo }}/oraclelinux-kernel:4.14-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:4.14-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "oraclelinux-5.15", kernel: "{{ repo }}/oraclelinux-kernel:5.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "oraclelinux-5.4", kernel: "{{ repo }}/oraclelinux-kernel:5.4-x86_64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.4-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "ubuntu-4.15", kernel: "{{ repo }}/ubuntu-kernel:4.15-x86_64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:4.15-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "ubuntu-6.5", kernel: "{{ repo }}/ubuntu-kernel:6.5-x86_64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:6.5-x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "amazonlinux2022-5.15", kernel: "{{ repo }}/amazonlinux2022-kernel:5.15-aarch64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2022-image:5.15-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] + - {name: "amazonlinux2-5.4", kernel: "{{ repo }}/amazonlinux2-kernel:5.4-aarch64-{{ tag }}", rootfs: "{{ repo }}/amazonlinux2-image:5.4-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] + - {name: "fedora-6.2", kernel: "{{ repo }}/fedora-kernel:6.2-aarch64-{{ tag }}", rootfs: "{{ repo }}/fedora-image:6.2-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] + - {name: "oraclelinux-4.14", kernel: "{{ repo }}/oraclelinux-kernel:4.14-aarch64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:4.14-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] + - {name: "oraclelinux-5.15", kernel: "{{ repo }}/oraclelinux-kernel:5.15-aarch64-{{ tag }}", rootfs: "{{ repo }}/oraclelinux-image:5.15-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] + - {name: "ubuntu-6.5", kernel: "{{ repo }}/ubuntu-kernel:6.5-aarch64-{{ tag }}", rootfs: "{{ repo }}/ubuntu-image:6.5-aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] builders: - - {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "ghcr.io/falcosecurity/kernel-testing/builder:x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "ghcr.io/falcosecurity/kernel-testing/modernprobe-builder:x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] - - {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "ghcr.io/falcosecurity/kernel-testing/builder:aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] - - {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "ghcr.io/falcosecurity/kernel-testing/modernprobe-builder:aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] + - {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "{{ repo }}/builder:x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "{{ repo }}/modernprobe-builder:x86_64-{{ tag }}", arch: "x86_64"} # noqa: yaml[line-length] + - {name: "centos-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "{{ repo }}/builder:aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] + - {name: "fedora-builder", kernel: "weaveworks/ignite-kernel:5.14.16", rootfs: "{{ repo }}/modernprobe-builder:aarch64-{{ tag }}", arch: "aarch64"} # noqa: yaml[line-length] output_dir: "~/ansible_output" # Number of cpus. diff --git a/images/Makefile b/images/Makefile index 0e0efa7..e5f56f7 100644 --- a/images/Makefile +++ b/images/Makefile @@ -1,10 +1,11 @@ -DRY_RUN := false -PUSH := false -LATEST := false +DRY_RUN ?= false +PUSH ?= false +LATEST ?= false TAG ?= main -REPOSITORY := ghcr.io/falcosecurity/kernel-testing +CLEANUP ?= false +REPOSITORY ?= ghcr.io/falcosecurity/kernel-testing ARCH ?= $(shell uname -m) -YAML_FILE := images.yaml +YAML_FILE ?= images.yaml .PHONY: build-rootfs build-kernel generate-yaml build-all initrd-builder modernprobe-builder builder @@ -12,7 +13,7 @@ builder: if [ "$(DRY_RUN)" = "true" ]; then \ echo "Dry run: Building builder image: docker build -t $(REPOSITORY)/builder:$(ARCH)-$(TAG)"; \ else \ - echo "Building modernprobe-builder image"; \ + echo "Building builder image"; \ image=$(REPOSITORY)/builder:$(ARCH); \ docker build -t $$image-$(TAG) builder || echo "FAIL: $$image-$(TAG)" >> failed.txt; \ if [ "$(PUSH)" = "true" ]; then \ @@ -72,9 +73,12 @@ build-rootfs: docker push $$image-latest; \ fi; \ fi; \ - docker image rm -f $$image-$(TAG); \ - docker image rm -f $$image-latest; \ - docker builder prune -f -a; \ + if [ "$(CLEANUP)" = "true" ]; then \ + echo "Cleaning image: $$image-$(TAG)"; \ + docker image rm -f $$image-$(TAG); \ + docker image rm -f $$image-latest; \ + docker system prune -f; \ + fi; \ fi; \ done @@ -97,9 +101,12 @@ build-kernel: initrd-builder docker push $$image-latest; \ fi; \ fi; \ - docker image rm -f $$image-$(TAG); \ - docker image rm -f $$image-latest; \ - docker builder prune -f -a; \ + if [ "$(CLEANUP)" = "true" ]; then \ + echo "Cleaning image: $$image-$(TAG)"; \ + docker image rm -f $$image-$(TAG); \ + docker image rm -f $$image-latest; \ + docker system prune -f; \ + fi; \ fi; \ done diff --git a/images/README.md b/images/README.md index 71fa1ac..7d04874 100644 --- a/images/README.md +++ b/images/README.md @@ -23,12 +23,22 @@ The Makefile provides several targets, each serving a specific purpose: - `build-rootfs` and `build-kernel`: These targets build root filesystem and kernel images, respectively. The `build-kernel` target depends on `initrd-builder`, which must be built first. -- `docker-push`: This target pushes the built images to a Docker Hub registry. You can use this step to make the images accessible to other systems. - - `generate-yaml`: This target generates a YAML file named `images.yaml`, which contains information about the built images. The YAML file includes details about the kernel and rootfs images for each version and distribution. This generated YAML file can be conveniently copied to the variables file of Ansible to keep the test environment up to date. - `build-all`: This target is a convenience target that sequentially builds both root filesystem and kernel images. +By default, no images will be pushed. You need to set the `PUSH` variable to `true` to enable images push to remote registry. +Also, the default images tag will be `main` and the images name will be built as: +``` +{{ repo }} /{{ distro }}-kernel:{{ kernelversion }}-{{ arch }}-{{ tag }} +``` +for kernel images, or +``` +{{ repo }} /{{ distro }}-image:{{ kernelversion }}-{{ arch }}-{{ tag }} +``` +for rootfs images. +Eg: `ghcr.io/falcosecurity/kernel-testing/amazonlinux2022-kernel:5.15-x86_64-main`. + ## Usage The typical workflow for using this Makefile is as follows: @@ -72,7 +82,13 @@ You can customize the Makefile to suit your specific requirements. The variables - `DRY_RUN`: Set this variable to `true` for a dry run, where the build commands will be printed but not executed. -- `PUSH`: Set this variable to `true` when executing build to also push built image to remote registry. +- `PUSH`: Set this variable to `true` to also push built images to remote registry. Disabled by default. + +- `LATEST`: Set this variable to `true` to also push built images as latest tag. Disabled by default. + +- `TAG`: Set this variable to the images tag name. Defaults to `main`. + +- `CLEANUP`: Set this variable to `true` to cleanup images right after they get built. This is useful to test images build in CI, where disk space might be limited. - `REPOSITORY`: The Docker repository where the built images will be tagged and pushed.