Skip to content
Create Sysdig draft/RC release

refactor(ci): integrate arm64 runners + zig build #68

Sign in to view logs

refactor(ci): integrate arm64 runners + zig build

refactor(ci): integrate arm64 runners + zig build #68

Workflow file for this run

.github/workflows/release-draft.yaml at b6f082c
name: Create Sysdig draft/RC release
on:
pull_request:
branches: [dev]
push:
branches: [dev]
workflow_dispatch:
#on:
# push:
# tags:
# - '[0-9]+.[0-9]+.[0-9]+'
# - '[0-9]+.[0-9]+.[0-9]+-[a-z]+'
# - '[0-9]+.[0-9]+.[0-9]+-[a-z]+[0-9]+'
jobs:
build-sysdig-linux:
runs-on: ubuntu-24.04${{ matrix.platform == 'arm64' && '-arm' || '' }}
container:
image: ubuntu:22.04
strategy:
matrix:
platform:
- amd64
- arm64
env:
ZIG_VERSION: 0.14.0-dev.2851+b074fb7dd
BUILD_VERSION: ${{ github.ref_name }}
steps:
- name: Checkout Sysdig
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install deps
run: |
cp -v scripts/zig-cc /usr/bin/
cp -v scripts/zig-c++ /usr/bin/
apt update && \
apt install -y --no-install-recommends \
autoconf \
automake \
build-essential \
ca-certificates \
clang \
cmake \
curl \
git \
libelf-dev \
libtool \
llvm \
ninja-build \
pkg-config \
rpm \
wget \
xz-utils && \
git clone https://github.com/libbpf/bpftool.git --branch v7.3.0 --single-branch && \
cd bpftool && \
git submodule update --init && \
cd src && \
make install && \
cd ../.. && \
rm -fr bpftool && \
curl -LO https://ziglang.org/builds/zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \
tar -xaf zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \
rm -v zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \
cd zig-linux-$(uname -m)-${ZIG_VERSION} && \
cp -v zig /usr/bin && \
find lib -exec cp --parents {} /usr/ \; && \
cd .. && \
rm -fr zig*
- name: Build Sysdig
env:
CC: zig-cc
CXX: zig-c++
AR: zig ar
RANLIB: zig ranlib
run: |
cmake \
-DUSE_BUNDLED_DEPS=ON \
-DBUILD_BPF=OFF \
-DBUILD_DRIVER=OFF \
-DCMAKE_BUILD_TYPE=Release \
-S . \
-B build \
-G Ninja
cmake --build build --target package --config Release
- name: Upload Artifacts
uses: actions/upload-artifact@v4
with:
name: sysdig-release-${{ env.BUILD_VERSION }}-linux-${{ matrix.platform }}
path: |
build/sysdig-${{ env.BUILD_VERSION }}*
build-release-others-amd64:
name: build-release-others-amd64
strategy:
matrix:
os: [windows-latest, macos-13]
include:
- os: windows-latest
artifact_name: win
artifact_ext: exe
- os: macos-13
artifact_name: osx
artifact_ext: dmg
env:
BUILD_VERSION: ${{ github.ref_name }}
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Sysdig
uses: actions/checkout@v4
- name: Build
run: |
mkdir -p build
cd build && cmake -Wno-dev -DBUILD_DRIVER=OFF -DSYSDIG_VERSION="${{ env.BUILD_VERSION }}" ..
cmake --build . --target package --config Release
- name: Upload Artifacts
uses: actions/upload-artifact@v4
with:
name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.artifact_name }}-x86_64
path: build/sysdig-${{ env.BUILD_VERSION }}*.${{ matrix.artifact_ext }}
build-release-others-arm64:
name: build-release-others-arm64
strategy:
matrix:
os: [macos-14]
include:
- os: macos-14
artifact_name: osx
artifact_ext: dmg
env:
BUILD_VERSION: ${{ github.ref_name }}
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Sysdig
uses: actions/checkout@v4
- name: Build
run: |
mkdir -p build
cd build && cmake -Wno-dev -DBUILD_DRIVER=OFF -DSYSDIG_VERSION="${{ env.BUILD_VERSION }}" ..
cmake --build . --target package --config Release
- name: Upload Artifacts
uses: actions/upload-artifact@v4
with:
name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.artifact_name }}-arm64
path: build/sysdig-${{ env.BUILD_VERSION }}*.${{ matrix.artifact_ext }}
push-container-image:
runs-on: ubuntu-latest
needs: [build-release-linux-amd64, build-release-linux-arm64, sign-rpms, sign-debs]

Check failure on line 154 in .github/workflows/release-draft.yaml

View workflow run for this annotation

GitHub Actions / Create Sysdig draft/RC release

Invalid workflow file 

The workflow is not valid. .github/workflows/release-draft.yaml (Line: 154, Col: 13): Job 'push-container-image' depends on unknown job 'build-release-linux-amd64'. .github/workflows/release-draft.yaml (Line: 154, Col: 40): Job 'push-container-image' depends on unknown job 'build-release-linux-arm64'.
env:
BUILD_VERSION: ${{ github.ref_name }}
REGISTRY: ghcr.io
SYSDIG_IMAGE_BASE: ghcr.io/draios/sysdig
steps:
- name: Checkout Sysdig
uses: actions/checkout@v4
- name: Download artifacts aarch64
uses: actions/download-artifact@v3
with:
name: sysdig-release-${{ env.BUILD_VERSION }}-aarch64
- name: Download artifacts x86_64
uses: actions/download-artifact@v3
with:
name: sysdig-release-${{ env.BUILD_VERSION }}-x86_64
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: 'amd64,arm64'
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Github Packages
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push container images
uses: docker/build-push-action@v6
with:
platforms: linux/amd64,linux/arm64
file: docker/sysdig/Dockerfile
context: .
tags: ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.BUILD_VERSION }}-draft
push: true
build-args:
BUILD_VERSION=${{ env.BUILD_VERSION }}
sign-rpms:
strategy:
matrix:
name: [amd64, arm64]
include:
- name: amd64
arch: x86_64
- name: arm64
arch: aarch64
needs: [build-release-linux-amd64, build-release-linux-arm64]
runs-on: ubuntu-latest
env:
BUILD_VERSION: ${{ github.ref_name }}
KEY_ID: EC51E8C4
container:
image: fedora:39
steps:
- name: Install deps
run: dnf install -y rpm-sign pinentry
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }}
- name: Import private key
env:
PRIVATE_KEY: ${{ secrets.SYSDIG_REPO_SIGNING_KEY }}
run: printenv PRIVATE_KEY | gpg --import -
- name: Sign RPMs
run: rpm --define "_gpg_name ${{ env.KEY_ID }}" --define "_binary_filedigest_algorithm 8" --addsign *.rpm
- name: Check signature
run: test "$(rpm -qpi *.rpm | awk '/Signature/' | grep -i none | wc -l)" -eq 0
- name: Upload Signed RPMs
uses: actions/upload-artifact@v4
with:
name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }}
path: "*.rpm"
sign-debs:
runs-on: ubuntu-latest
strategy:
matrix:
name: [amd64, arm64]
include:
- name: amd64
arch: x86_64
- name: arm64
arch: aarch64
needs: [build-release-linux-amd64, build-release-linux-arm64]
env:
BUILD_VERSION: ${{ github.ref_name }}
KEY_ID: EC51E8C4
container:
image: debian:bullseye-slim
steps:
- name: Install deps
run: apt-get update && apt-get -y install dpkg-sig
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }}
- name: Import private key
env:
PRIVATE_KEY: ${{ secrets.SYSDIG_REPO_SIGNING_KEY }}
run: printenv PRIVATE_KEY | gpg --import -
- name: Sign DEBs
run: dpkg-sig -k ${{ env.KEY_ID }} -s builder *.deb
- name: Check signature
run: dpkg-sig --verify *.deb
- name: Upload Signed DEBs
uses: actions/upload-artifact@v4
with:
name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }}
path: "*.deb"
create-draft-release:
runs-on: ubuntu-latest
needs: [push-container-image, build-release-linux-amd64, build-release-linux-arm64, sign-rpms, sign-debs]
env:
BUILD_VERSION: ${{ github.ref_name }}
steps:
- name: Download artifacts (linux-amd64)
uses: actions/download-artifact@v3
with:
name: sysdig-release-${{ env.BUILD_VERSION }}-x86_64
- name: Download artifacts (linux-arm64)
uses: actions/download-artifact@v3
with:
name: sysdig-release-${{ env.BUILD_VERSION }}-aarch64
- name: Download artifacts (win-amd64)
uses: actions/download-artifact@v3
with:
name: sysdig-release-${{ env.BUILD_VERSION }}-win-x86_64
- name: Download artifacts (osx-amd64)
uses: actions/download-artifact@v3
with:
name: sysdig-release-${{ env.BUILD_VERSION }}-osx-x86_64
- name: Create draft release
uses: softprops/action-gh-release@v1
with:
files: |
sysdig-${{ env.BUILD_VERSION }}*
draft: true