refactor(ci): integrate arm64 runner + clenaup #79

Workflow file for this run

.github/workflows/release-draft.yaml at ddafdb8

	name: Create Sysdig draft/RC release
	on:
	push:
	tags:
	- '[0-9]+.[0-9]+.[0-9]+'
	- '[0-9]+.[0-9]+.[0-9]+-[a-z]+'
	- '[0-9]+.[0-9]+.[0-9]+-[a-z]+[0-9]+'

	env:
	BUILD_VERSION: ${{ github.ref_name }}

	jobs:
	build-release-linux:
	runs-on: ubuntu-24.04${{ matrix.platform == 'arm64' && '-arm' \|\| '' }}
	container:
	image: ubuntu:22.04
	strategy:
	matrix:
	platform:
	- amd64
	- arm64
	include:
	- platform: amd64
	base_arch: x86_64
	release_arch: x86_64
	- platform: arm64
	base_arch: aarch64
	release_arch: aarch64

	env:
	ZIG_VERSION: 0.14.0-dev.2851+b074fb7dd

	steps:
	- name: Checkout Sysdig
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Install deps
	run: \|
	cp -v scripts/zig-cc /usr/bin/
	cp -v scripts/zig-c++ /usr/bin/
	apt update && \
	apt install -y --no-install-recommends \
	autoconf \
	automake \
	build-essential \
	ca-certificates \
	clang \
	cmake \
	curl \
	git \
	libelf-dev \
	libtool \
	llvm \
	ninja-build \
	pkg-config \
	rpm \
	wget \
	xz-utils && \
	git clone https://github.com/libbpf/bpftool.git --branch v7.3.0 --single-branch && \
	cd bpftool && \
	git submodule update --init && \
	cd src && \
	make install && \
	cd ../.. && \
	rm -fr bpftool && \
	curl -LO https://ziglang.org/builds/zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \
	tar -xaf zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \
	rm -v zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \
	cd zig-linux-$(uname -m)-${ZIG_VERSION} && \
	cp -v zig /usr/bin && \
	find lib -exec cp --parents {} /usr/ \; && \
	cd .. && \
	rm -fr zig*

	- name: Build Sysdig
	env:
	CC: zig-cc
	CXX: zig-c++
	AR: zig ar
	RANLIB: zig ranlib
	run: \|
	cmake \
	-DUSE_BUNDLED_DEPS=ON \
	-DBUILD_BPF=OFF \
	-DBUILD_DRIVER=OFF \
	-DCMAKE_BUILD_TYPE=Release \
	-DCMAKE_INSTALL_PREFIX="/usr" \
	-DSYSDIG_VERSION="${{ env.BUILD_VERSION }}" \
	-Wno-dev \
	-S . \
	-B build \
	-G Ninja
	cmake --build build --target package --config Release

	- name: Upload Artifacts
	uses: actions/upload-artifact@v4
	with:
	name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.release_arch }}
	path: \|
	build/sysdig-${{ env.BUILD_VERSION }}*

	build-release-others-amd64:
	name: build-release-others-amd64
	strategy:
	matrix:
	os: [windows-latest, macos-13, macos-14]
	include:
	- os: windows-latest
	artifact_name: win
	artifact_ext: exe
	arch: x86_64
	- os: macos-13
	artifact_name: osx
	artifact_ext: dmg
	arch: x86_64
	- os: macos-14
	artifact_name: osx
	artifact_ext: dmg
	arch: arm64
	runs-on: ${{ matrix.os }}
	steps:
	- name: Checkout Sysdig
	uses: actions/checkout@v4
	- name: Build
	run: \|
	cmake -Wno-dev -DBUILD_DRIVER=OFF -DSYSDIG_VERSION="${{ env.BUILD_VERSION }}" -S . -B build
	cmake --build build --target package --config Release
	- name: Upload Artifacts
	uses: actions/upload-artifact@v4
	with:
	name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.artifact_name }}-${{ matrix.arch }}
	path: build/sysdig-${{ env.BUILD_VERSION }}*.${{ matrix.artifact_ext }}

	push-container-image:
	runs-on: ubuntu-24.04${{ matrix.platform == 'arm64' && '-arm' \|\| '' }}
	container:
	image: ubuntu:22.04
	strategy:
	matrix:
	platform:
	- amd64
	- arm64
	include:
	- platform: amd64
	base_arch: x86_64
	release_arch: x86_64
	- platform: arm64
	base_arch: aarch64
	release_arch: aarch64
	needs: [build-release-linux, sign-rpms, sign-debs]
	env:
	REGISTRY: ghcr.io
	SYSDIG_IMAGE_BASE: ghcr.io/draios/sysdig
	steps:
	- name: Checkout Sysdig
	uses: actions/checkout@v4

	- name: Download artifacts aarch64
	uses: actions/download-artifact@v4
	with:
	name: sysdig-release-${{ env.BUILD_VERSION }}-aarch64

	- name: Download artifacts x86_64
	uses: actions/download-artifact@v4
	with:
	name: sysdig-release-${{ env.BUILD_VERSION }}-x86_64

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to Github Packages
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push container images
	uses: docker/build-push-action@v6
	with:
	file: docker/sysdig/Dockerfile
	context: .
	tags: ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.BUILD_VERSION }}-draft
	push: true
	build-args:
	BUILD_VERSION=${{ env.BUILD_VERSION }}

	sign-rpms:
	strategy:
	matrix:
	name: [amd64, arm64]
	include:
	- name: amd64
	arch: x86_64
	- name: arm64
	arch: aarch64
	needs: build-release-linux
	runs-on: ubuntu-latest
	env:
	KEY_ID: EC51E8C4
	container:
	image: fedora:39
	steps:
	- name: Install deps
	run: dnf install -y rpm-sign pinentry
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }}
	- name: Import private key
	env:
	PRIVATE_KEY: ${{ secrets.SYSDIG_REPO_SIGNING_KEY }}
	run: printenv PRIVATE_KEY \| gpg --import -
	- name: Sign RPMs
	run: rpm --define "_gpg_name ${{ env.KEY_ID }}" --define "_binary_filedigest_algorithm 8" --addsign *.rpm
	- name: Check signature
	run: test "$(rpm -qpi *.rpm \| awk '/Signature/' \| grep -i none \| wc -l)" -eq 0
	- name: Upload Signed RPMs
	uses: actions/upload-artifact@v4
	with:
	name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }}
	path: "*.rpm"

	sign-debs:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	name: [amd64, arm64]
	include:
	- name: amd64
	arch: x86_64
	- name: arm64
	arch: aarch64
	needs: build-release-linux
	env:
	KEY_ID: EC51E8C4
	container:
	image: debian:bullseye-slim
	steps:
	- name: Install deps
	run: apt-get update && apt-get -y install dpkg-sig

	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }}

	- name: Import private key
	env:
	PRIVATE_KEY: ${{ secrets.SYSDIG_REPO_SIGNING_KEY }}
	run: printenv PRIVATE_KEY \| gpg --import -

	- name: Sign DEBs
	run: dpkg-sig -k ${{ env.KEY_ID }} -s builder *.deb

	- name: Check signature
	run: dpkg-sig --verify *.deb

	- name: Upload Signed DEBs
	uses: actions/upload-artifact@v4
	with:
	name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }}
	path: "*.deb"

	create-draft-release:
	runs-on: ubuntu-latest
	needs: [push-container-image, build-release-linux, sign-rpms, sign-debs]
	steps:
	- name: Download artifacts (linux-amd64)
	uses: actions/download-artifact@v4
	with:
	name: sysdig-release-${{ env.BUILD_VERSION }}-x86_64
	- name: Download artifacts (linux-arm64)
	uses: actions/download-artifact@v4
	with:
	name: sysdig-release-${{ env.BUILD_VERSION }}-aarch64
	- name: Download artifacts (win-amd64)
	uses: actions/download-artifact@v4
	with:
	name: sysdig-release-${{ env.BUILD_VERSION }}-win-x86_64
	- name: Download artifacts (osx-amd64)
	uses: actions/download-artifact@v4
	with:
	name: sysdig-release-${{ env.BUILD_VERSION }}-osx-x86_64
	- name: Download artifacts (osx-arm64)
	uses: actions/download-artifact@v4
	with:
	name: sysdig-release-${{ env.BUILD_VERSION }}-osx-arm64
	- name: Create draft release
	uses: softprops/action-gh-release@v2
	with:
	files: \|
	sysdig-${{ env.BUILD_VERSION }}*
	draft: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor(ci): integrate arm64 runner + clenaup #79

Workflow file

refactor(ci): integrate arm64 runner + clenaup #79

Jobs

Run details

Workflow file for this run