Skip to content

Merge pull request #78 from netfoundry/v0.9.1-release-candidate #73

Merge pull request #78 from netfoundry/v0.9.1-release-candidate

Merge pull request #78 from netfoundry/v0.9.1-release-candidate #73

Workflow file for this run

---
name: release
on:
push:
branches:
- main
env:
APP_NAME: 'zfw'
MAINTAINER: 'Robert Caamano'
DESC: 'An ebpf based statefull fw for openziti edge-routers and tunnelers'
jobs:
build_amd64_release:
runs-on: ubuntu-22.04
outputs:
version: ${{ steps.version.outputs.version }}
strategy:
matrix:
goos: [linux]
ziti_type: [tunnel, router]
goarch: [amd64]
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Install EBPF Packages
run: |
sudo apt-get update -qq
sudo apt-get upgrade -yqq
sudo apt-get install -y jq gcc clang libc6-dev-i386 libbpfcc-dev libbpf-dev libjson-c-dev alien
- name: Compile Object file from Source
run: |
git clone https://github.com/libbpf/libbpf.git
cd libbpf/src
mkdir build root
BUILD_STATIC_ONLY=y OBJDIR=build DESTDIR=root make install
cd ../../
clang -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_tc_ingress.o src/zfw_tc_ingress.c
clang -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_xdp_tun_ingress.o src/zfw_xdp_tun_ingress.c
clang -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -Wextra -target bpf -c -o files/bin/zfw_tc_outbound_track.o src/zfw_tc_outbound_track.c
clang -g -O2 -Wall -D BPF_MAX_ENTRIES=100000 -O1 src/zfw.c -L ../../libbpf/src/root/usr/lib64/ -lbpf -lelf -lz -o files/bin/zfw -static
clang -g -O2 -Wall -O1 src/zfw_monitor.c -L ../../libbpf/src/root/usr/lib64/ -lbpf -lelf -lz -o files/bin/zfw_monitor -static
gcc -o files/bin/zfw_tunnwrapper src/zfw_tunnel_wrapper.c -l json-c
- name: Get version
run: echo "version=`files/bin/zfw -V`" >> $GITHUB_OUTPUT
id: version
- name: Deb directory
run: echo "deb_dir=${{ env.APP_NAME }}-${{ matrix.ziti_type }}_${{ steps.version.outputs.version }}_${{ matrix.goarch }}" >> $GITHUB_OUTPUT
id: deb_dir
- name: Deb Object File
run: |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN
touch ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control
echo Package: ${{ env.APP_NAME }}-${{ matrix.ziti_type }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control
echo Version: ${{ steps.version.outputs.version }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control
echo Architecture: ${{ matrix.goarch }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control
echo Maintainer: ${{ env.MAINTAINER }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control
echo Description: ${{ env.DESC }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/etc
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/logrotate.d
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/cron.d
cp -p CHANGELOG.md ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p README.md ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p LICENSE ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/bin/zfw_tc_ingress.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/bin/zfw_tc_outbound_track.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/bin/zfw ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/bin/zfw_monitor ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/scripts/start_ebpf_${{ matrix.ziti_type }}.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/scripts/user_rules.sh.sample ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user/
cp -p files/scripts/zfwlogs ${{ steps.deb_dir.outputs.deb_dir }}/etc/logrotate.d/
cp -p files/scripts/zfw_refresh ${{ steps.deb_dir.outputs.deb_dir }}/etc/cron.d/
cp -p files/json/ebpf_config.json.sample ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/etc/
cp -p files/services/zfw-logging.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw_monitor
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/start_ebpf_${{ matrix.ziti_type }}.py
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user/user_rules.sh.sample
chmod 644 ${{ steps.deb_dir.outputs.deb_dir }}/etc/cron.d/zfw_refresh
ln -s /opt/openziti/bin/zfw ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin/zfw
ln -s /opt/openziti/bin/zfw_monitor ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin/zfw_monitor
- name: Set Deb Predepends
if: ${{ matrix.ziti_type == 'tunnel' }}
run: |
echo 'Pre-Depends: ziti-edge-tunnel (>= 0.22.5)' >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control
cp -p files/services/ziti-fw-init.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/
cp -p files/services/ziti-wrapper.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/
cp -p files/bin/zfw_tunnwrapper ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/scripts/set_xdp_redirect.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/bin/zfw_xdp_tun_ingress.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw_tunnwrapper
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/set_xdp_redirect.py
- name: Standalone FW service, controller and router revert
if: ${{ matrix.ziti_type == 'router' }}
run: |
cp -p files/services/fw-init.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/
cp -p files/scripts/revert_ebpf_router.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/scripts/start_ebpf_controller.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/scripts/revert_ebpf_controller.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/revert_ebpf_router.py
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/start_ebpf_controller.py
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/revert_ebpf_controller.py
- name: Build Deb package
run: |
dpkg-deb --build -Z gzip --root-owner-group ${{ steps.deb_dir.outputs.deb_dir }}
- name: Build rpm package
run: |
sudo alien -r ${{ steps.deb_dir.outputs.deb_dir }}.deb
mv ${{ env.APP_NAME }}-${{ matrix.ziti_type }}-${{ steps.version.outputs.version }}-2.x86_64.rpm ${{ env.APP_NAME }}-${{ matrix.ziti_type }}-${{ steps.version.outputs.version }}.x86_64.rpm
- uses: actions/upload-artifact@v4
with:
name: artifact-${{ matrix.ziti_type }}-${{ matrix.goarch }}-deb
path: |
./*.deb
- uses: actions/upload-artifact@v4
with:
name: artifact-${{ matrix.ziti_type }}-${{ matrix.goarch }}-rpm
path: |
./*.rpm
build_arm64_release:
runs-on: [self-hosted, linux, ARM64]
outputs:
version: ${{ steps.version.outputs.version }}
strategy:
matrix:
goos: [linux]
ziti_type: [tunnel, router]
goarch: [arm64]
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Install EBPF Packages
run: |
sudo apt-get update -qq
sudo apt-get upgrade -yqq
sudo apt-get install -y jq gcc clang libbpfcc-dev libbpf-dev libjson-c-dev
sudo apt-get install -y linux-headers-$(uname -r)
- name: Compile Object file from Source
run: |
git clone https://github.com/libbpf/libbpf.git
cd libbpf/src
mkdir build root
BUILD_STATIC_ONLY=y OBJDIR=build DESTDIR=root make install
cd ../../
clang -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o files/bin/zfw_tc_ingress.o src/zfw_tc_ingress.c
clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o files/bin/zfw_xdp_tun_ingress.o src/zfw_xdp_tun_ingress.c
clang -D BPF_MAX_ENTRIES=100000 -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -Wextra -target bpf -c -o files/bin/zfw_tc_outbound_track.o src/zfw_tc_outbound_track.c
clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -D BPF_MAX_ENTRIES=100000 -O1 src/zfw.c -L ../../libbpf/src/root/usr/lib64/ -lbpf -lelf -lz -o files/bin/zfw -static
clang -g -O2 -Wall -I /usr/include/aarch64-linux-gnu/ -O1 src/zfw_monitor.c -L ../../libbpf/src/root/usr/lib64/ -lbpf -lelf -lz -o files/bin/zfw_monitor -static
gcc -o files/bin/zfw_tunnwrapper src/zfw_tunnel_wrapper.c -l json-c
- name: Get version
run: echo "version=`files/bin/zfw -V`" >> $GITHUB_OUTPUT
id: version
- name: Deb directory
run: echo "deb_dir=${{ env.APP_NAME }}-${{ matrix.ziti_type }}_${{ steps.version.outputs.version }}_${{ matrix.goarch }}" >> $GITHUB_OUTPUT
id: deb_dir
- name: Deb artifact directory setup
run: |
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN
touch ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control
echo Package: ${{ env.APP_NAME }}-${{ matrix.ziti_type }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control
echo Version: ${{ steps.version.outputs.version }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control
echo Architecture: ${{ matrix.goarch }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control
echo Maintainer: ${{ env.MAINTAINER }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control
echo Description: ${{ env.DESC }} >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/etc
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/logrotate.d
mkdir -p ${{ steps.deb_dir.outputs.deb_dir }}/etc/cron.d
cp -p CHANGELOG.md ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p README.md ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p LICENSE ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/bin/zfw_tc_ingress.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/bin/zfw_tc_outbound_track.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/bin/zfw ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/bin/zfw_monitor ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/scripts/start_ebpf_${{ matrix.ziti_type }}.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/scripts/user_rules.sh.sample ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user/
cp -p files/scripts/zfwlogs ${{ steps.deb_dir.outputs.deb_dir }}/etc/logrotate.d/
cp -p files/scripts/zfw_refresh ${{ steps.deb_dir.outputs.deb_dir }}/etc/cron.d/
cp -p files/json/ebpf_config.json.sample ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/etc/
cp -p files/services/zfw-logging.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw_monitor
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/start_ebpf_${{ matrix.ziti_type }}.py
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/user/user_rules.sh.sample
chmod 644 ${{ steps.deb_dir.outputs.deb_dir }}/etc/cron.d/zfw_refresh
ln -s /opt/openziti/bin/zfw ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin/zfw
ln -s /opt/openziti/bin/zfw_monitor ${{ steps.deb_dir.outputs.deb_dir }}/usr/sbin/zfw_monitor
- name: Set Deb Predepends
if: ${{ matrix.ziti_type == 'tunnel' }}
run: |
echo 'Pre-Depends: ziti-edge-tunnel (>= 0.22.5)' >> ${{ steps.deb_dir.outputs.deb_dir }}/DEBIAN/control
cp -p files/services/ziti-fw-init.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/
cp -p files/services/ziti-wrapper.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/
cp -p files/bin/zfw_tunnwrapper ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/scripts/set_xdp_redirect.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/bin/zfw_xdp_tun_ingress.o ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/zfw_tunnwrapper
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/set_xdp_redirect.py
- name: Standalone FW service, controller and router revert
if: ${{ matrix.ziti_type == 'router' }}
run: |
cp -p files/services/fw-init.service ${{ steps.deb_dir.outputs.deb_dir }}/etc/systemd/system/
cp -p files/scripts/revert_ebpf_router.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/scripts/start_ebpf_controller.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
cp -p files/scripts/revert_ebpf_controller.py ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/revert_ebpf_router.py
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/start_ebpf_controller.py
chmod 744 ${{ steps.deb_dir.outputs.deb_dir }}/opt/openziti/bin/revert_ebpf_controller.py
- name: Build deb package
run: |
dpkg-deb --build -Z gzip --root-owner-group ${{ steps.deb_dir.outputs.deb_dir }}
- uses: actions/upload-artifact@v4
with:
name: artifact-${{ matrix.ziti_type }}-${{ matrix.goarch }}-deb
path: |
./*.deb
deploy_release:
runs-on: ubuntu-22.04
needs:
- build_amd64_release
- build_arm64_release
strategy:
matrix:
goos: [linux]
steps:
- name: Create release
uses: ncipollo/[email protected]
id: release
with:
draft: false
prerelease: false
tag: v${{ needs.build_amd64_release.outputs.version }}
env:
GITHUB_TOKEN: ${{ github.token }}
deploy_packages:
runs-on: ubuntu-22.04
needs:
- build_amd64_release
- build_arm64_release
- deploy_release
strategy:
matrix:
goos: [linux]
ziti_type: [tunnel, router]
goarch: [amd64, arm64]
pkg_type: [deb, rpm]
steps:
- name: download x86 artifacts
if: ${{ (matrix.goarch == 'amd64') && ((matrix.pkg_type != 'deb') || (matrix.pkg_type != 'rpm')) }}
uses: actions/download-artifact@v4
with:
name: artifact-${{ matrix.ziti_type }}-${{ matrix.goarch }}-${{ matrix.pkg_type }}
- name: download arm64 artifacts
if: ${{ (matrix.goarch == 'arm64') && (matrix.pkg_type == 'deb') }}
uses: actions/download-artifact@v4
with:
name: artifact-${{ matrix.ziti_type }}-${{ matrix.goarch }}-${{ matrix.pkg_type }}
- name: Upload built deb artifacts
if: ${{ matrix.pkg_type == 'deb'}}
uses: svenstaro/[email protected]
env:
GITHUB_TOKEN: ${{ github.token }}
with:
file: ./${{ env.APP_NAME }}-${{ matrix.ziti_type }}_${{ needs.build_amd64_release.outputs.version }}_${{ matrix.goarch }}.${{ matrix.pkg_type }}
release_name: ${{ needs.build_amd64_release.outputs.version }}
tag: v${{ needs.build_amd64_release.outputs.version }}
- name: Upload built x86_64 rpm artifacts
if: ${{ (matrix.pkg_type == 'rpm') && (matrix.goarch == 'amd64') }}
uses: svenstaro/[email protected]
env:
GITHUB_TOKEN: ${{ github.token }}
with:
file: ./${{ env.APP_NAME }}-${{ matrix.ziti_type }}-${{ needs.build_amd64_release.outputs.version }}.x86_64.${{ matrix.pkg_type }}
release_name: ${{ needs.build_amd64_release.outputs.version }}
tag: v${{ needs.build_amd64_release.outputs.version }}