Merge pull request #78 from netfoundry/v0.9.1-release-candidate #73
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: release | |
on: | |
push: | |
branches: | |
- main | |
env: | |
APP_NAME: 'zfw' | |
MAINTAINER: 'Robert Caamano' | |
DESC: 'An ebpf based statefull fw for openziti edge-routers and tunnelers' | |
jobs: | |
build_amd64_release: | |
runs-on: ubuntu-22.04 | |
outputs: | |
version: ${{ steps.version.outputs.version }} | |
strategy: | |
matrix: | |
goos: [linux] | |
ziti_type: [tunnel, router] | |
goarch: [amd64] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- name: Install EBPF Packages | |
run: | | |
sudo apt-get update -qq | |
sudo apt-get upgrade -yqq | |
sudo apt-get install -y jq gcc clang libc6-dev-i386 libbpfcc-dev libbpf-dev libjson-c-dev alien | |
- name: Compile Object file from Source | |
run: | | |
git clone https://github.com/libbpf/libbpf.git | |
cd libbpf/src | |
mkdir build root | |
BUILD_STATIC_ONLY=y OBJDIR=build DESTDIR=root make install | |
cd ../../ | |
clang -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_tc_ingress.o src/zfw_tc_ingress.c | |
clang -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_xdp_tun_ingress.o src/zfw_xdp_tun_ingress.c | |
clang -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_tc_outbound_track.o src/zfw_tc_outbound_track.c | |
clang -g -O2 -Wall -D BPF_MAX_ENTRIES=100000 -O1 src/zfw.c -L ../../libbpf/src/root/usr/lib64/ -lbpf -lelf -lz -o files/bin/zfw -static | |
clang -g -O2 -Wall -O1 src/zfw_monitor.c -L ../../libbpf/src/root/usr/lib64/ -lbpf -lelf -lz -o files/bin/zfw_monitor -static | |
gcc -o files/bin/zfw_tunnwrapper src/zfw_tunnel_wrapper.c -l json-c | |
- name: Get version | |
run: echo "version=`files/bin/zfw -V`" >> $GITHUB_OUTPUT | |
id: version | |
- name: Deb directory | |
run: echo "deb_dir=${{ env.APP_NAME }}-${{ matrix.ziti_type }}_${{ steps.version.outputs.version }}_${{ matrix.goarch }}" >> $GITHUB_OUTPUT | |
id: deb_dir | |
- name: Deb Object File | |
run: | | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN | |
touch ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Package: ${{ env.APP_NAME }}-${{ matrix.ziti_type }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Version: ${{ steps.version.outputs.version }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Architecture: ${{ matrix.goarch }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Maintainer: ${{ env.MAINTAINER }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Description: ${{ env.DESC }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/etc | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/logrotate.d | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/cron.d | |
cp -p CHANGELOG.md ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p README.md ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p LICENSE ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw_tc_ingress.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw_tc_outbound_track.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw_monitor ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/start_ebpf_${{ matrix.ziti_type }}.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/user_rules.sh.sample ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user/ | |
cp -p files/scripts/zfwlogs ${{ steps.deb_dir.outputs.deb_dir }}/etc/logrotate.d/ | |
cp -p files/scripts/zfw_refresh ${{ steps.deb_dir.outputs.deb_dir }}/etc/cron.d/ | |
cp -p files/json/ebpf_config.json.sample ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/etc/ | |
cp -p files/services/zfw-logging.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw_monitor | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/start_ebpf_${{ matrix.ziti_type }}.py | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user/user_rules.sh.sample | |
chmod 644 ${{ steps.deb_dir.outputs.deb_dir }}/etc/cron.d/zfw_refresh | |
ln -s /opt/openziti/bin/zfw ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin/zfw | |
ln -s /opt/openziti/bin/zfw_monitor ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin/zfw_monitor | |
- name: Set Deb Predepends | |
if: ${{ matrix.ziti_type == 'tunnel' }} | |
run: | | |
echo 'Pre-Depends: ziti-edge-tunnel (>= 0.22.5)' >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
cp -p files/services/ziti-fw-init.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
cp -p files/services/ziti-wrapper.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
cp -p files/bin/zfw_tunnwrapper ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/set_xdp_redirect.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw_xdp_tun_ingress.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw_tunnwrapper | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/set_xdp_redirect.py | |
- name: Standalone FW service, controller and router revert | |
if: ${{ matrix.ziti_type == 'router' }} | |
run: | | |
cp -p files/services/fw-init.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
cp -p files/scripts/revert_ebpf_router.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/start_ebpf_controller.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/revert_ebpf_controller.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/revert_ebpf_router.py | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/start_ebpf_controller.py | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/revert_ebpf_controller.py | |
- name: Build Deb package | |
run: | | |
dpkg-deb --build -Z gzip --root-owner-group ${{ steps.deb_dir.outputs.deb_dir }} | |
- name: Build rpm package | |
run: | | |
sudo alien -r ${{ steps.deb_dir.outputs.deb_dir }}.deb | |
mv ${{ env.APP_NAME }}-${{ matrix.ziti_type }}-${{ steps.version.outputs.version }}-2.x86_64.rpm ${{ env.APP_NAME }}-${{ matrix.ziti_type }}-${{ steps.version.outputs.version }}.x86_64.rpm | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: artifact-${{ matrix.ziti_type }}-${{ matrix.goarch }}-deb | |
path: | | |
./*.deb | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: artifact-${{ matrix.ziti_type }}-${{ matrix.goarch }}-rpm | |
path: | | |
./*.rpm | |
build_arm64_release: | |
runs-on: [self-hosted, linux, ARM64] | |
outputs: | |
version: ${{ steps.version.outputs.version }} | |
strategy: | |
matrix: | |
goos: [linux] | |
ziti_type: [tunnel, router] | |
goarch: [arm64] | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
- name: Install EBPF Packages | |
run: | | |
sudo apt-get update -qq | |
sudo apt-get upgrade -yqq | |
sudo apt-get install -y jq gcc clang libbpfcc-dev libbpf-dev libjson-c-dev | |
sudo apt-get install -y linux-headers-$(uname -r) | |
- name: Compile Object file from Source | |
run: | | |
git clone https://github.com/libbpf/libbpf.git | |
cd libbpf/src | |
mkdir build root | |
BUILD_STATIC_ONLY=y OBJDIR=build DESTDIR=root make install | |
cd ../../ | |
clang -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o files/bin/zfw_tc_ingress.o src/zfw_tc_ingress.c | |
clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o files/bin/zfw_xdp_tun_ingress.o src/zfw_xdp_tun_ingress.c | |
clang -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o files/bin/zfw_tc_outbound_track.o src/zfw_tc_outbound_track.c | |
clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -D BPF_MAX_ENTRIES=100000 -O1 src/zfw.c -L ../../libbpf/src/root/usr/lib64/ -lbpf -lelf -lz -o files/bin/zfw -static | |
clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -O1 src/zfw_monitor.c -L ../../libbpf/src/root/usr/lib64/ -lbpf -lelf -lz -o files/bin/zfw_monitor -static | |
gcc -o files/bin/zfw_tunnwrapper src/zfw_tunnel_wrapper.c -l json-c | |
- name: Get version | |
run: echo "version=`files/bin/zfw -V`" >> $GITHUB_OUTPUT | |
id: version | |
- name: Deb directory | |
run: echo "deb_dir=${{ env.APP_NAME }}-${{ matrix.ziti_type }}_${{ steps.version.outputs.version }}_${{ matrix.goarch }}" >> $GITHUB_OUTPUT | |
id: deb_dir | |
- name: Deb artifact directory setup | |
run: | | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN | |
touch ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Package: ${{ env.APP_NAME }}-${{ matrix.ziti_type }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Version: ${{ steps.version.outputs.version }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Architecture: ${{ matrix.goarch }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Maintainer: ${{ env.MAINTAINER }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
echo Description: ${{ env.DESC }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/etc | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/logrotate.d | |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/cron.d | |
cp -p CHANGELOG.md ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p README.md ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p LICENSE ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw_tc_ingress.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw_tc_outbound_track.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw_monitor ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/start_ebpf_${{ matrix.ziti_type }}.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/user_rules.sh.sample ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user/ | |
cp -p files/scripts/zfwlogs ${{ steps.deb_dir.outputs.deb_dir }}/etc/logrotate.d/ | |
cp -p files/scripts/zfw_refresh ${{ steps.deb_dir.outputs.deb_dir }}/etc/cron.d/ | |
cp -p files/json/ebpf_config.json.sample ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/etc/ | |
cp -p files/services/zfw-logging.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw_monitor | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/start_ebpf_${{ matrix.ziti_type }}.py | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user/user_rules.sh.sample | |
chmod 644 ${{ steps.deb_dir.outputs.deb_dir }}/etc/cron.d/zfw_refresh | |
ln -s /opt/openziti/bin/zfw ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin/zfw | |
ln -s /opt/openziti/bin/zfw_monitor ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin/zfw_monitor | |
- name: Set Deb Predepends | |
if: ${{ matrix.ziti_type == 'tunnel' }} | |
run: | | |
echo 'Pre-Depends: ziti-edge-tunnel (>= 0.22.5)' >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control | |
cp -p files/services/ziti-fw-init.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
cp -p files/services/ziti-wrapper.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
cp -p files/bin/zfw_tunnwrapper ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/set_xdp_redirect.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/bin/zfw_xdp_tun_ingress.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw_tunnwrapper | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/set_xdp_redirect.py | |
- name: Standalone FW service, controller and router revert | |
if: ${{ matrix.ziti_type == 'router' }} | |
run: | | |
cp -p files/services/fw-init.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/ | |
cp -p files/scripts/revert_ebpf_router.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/start_ebpf_controller.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
cp -p files/scripts/revert_ebpf_controller.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/ | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/revert_ebpf_router.py | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/start_ebpf_controller.py | |
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/revert_ebpf_controller.py | |
- name: Build deb package | |
run: | | |
dpkg-deb --build -Z gzip --root-owner-group ${{ steps.deb_dir.outputs.deb_dir }} | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: artifact-${{ matrix.ziti_type }}-${{ matrix.goarch }}-deb | |
path: | | |
./*.deb | |
deploy_release: | |
runs-on: ubuntu-22.04 | |
needs: | |
- build_amd64_release | |
- build_arm64_release | |
strategy: | |
matrix: | |
goos: [linux] | |
steps: | |
- name: Create release | |
uses: ncipollo/[email protected] | |
id: release | |
with: | |
draft: false | |
prerelease: false | |
tag: v${{ needs.build_amd64_release.outputs.version }} | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
deploy_packages: | |
runs-on: ubuntu-22.04 | |
needs: | |
- build_amd64_release | |
- build_arm64_release | |
- deploy_release | |
strategy: | |
matrix: | |
goos: [linux] | |
ziti_type: [tunnel, router] | |
goarch: [amd64, arm64] | |
pkg_type: [deb, rpm] | |
steps: | |
- name: download x86 artifacts | |
if: ${{ (matrix.goarch == 'amd64') && ((matrix.pkg_type != 'deb') || (matrix.pkg_type != 'rpm')) }} | |
uses: actions/download-artifact@v4 | |
with: | |
name: artifact-${{ matrix.ziti_type }}-${{ matrix.goarch }}-${{ matrix.pkg_type }} | |
- name: download arm64 artifacts | |
if: ${{ (matrix.goarch == 'arm64') && (matrix.pkg_type == 'deb') }} | |
uses: actions/download-artifact@v4 | |
with: | |
name: artifact-${{ matrix.ziti_type }}-${{ matrix.goarch }}-${{ matrix.pkg_type }} | |
- name: Upload built deb artifacts | |
if: ${{ matrix.pkg_type == 'deb'}} | |
uses: svenstaro/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
file: ./${{ env.APP_NAME }}-${{ matrix.ziti_type }}_${{ needs.build_amd64_release.outputs.version }}_${{ matrix.goarch }}.${{ matrix.pkg_type }} | |
release_name: ${{ needs.build_amd64_release.outputs.version }} | |
tag: v${{ needs.build_amd64_release.outputs.version }} | |
- name: Upload built x86_64 rpm artifacts | |
if: ${{ (matrix.pkg_type == 'rpm') && (matrix.goarch == 'amd64') }} | |
uses: svenstaro/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
file: ./${{ env.APP_NAME }}-${{ matrix.ziti_type }}-${{ needs.build_amd64_release.outputs.version }}.x86_64.${{ matrix.pkg_type }} | |
release_name: ${{ needs.build_amd64_release.outputs.version }} | |
tag: v${{ needs.build_amd64_release.outputs.version }} |