mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 12:08:20 +00:00
Merge remote-tracking branch 'origin/topic/awelzel/arm64-container-follow-ups'
* origin/topic/awelzel/arm64-container-follow-ups: docker: Extend tests to run a very basic Zeek script cirrus: No broker-tests and no cpp-tests for images docker: Update Makefile/README to align with the Cirrus CI setup cirrus: Add back testing of container images
This commit is contained in:
Arne Welzel
commit
3ec602a441
8 changed files with 57 additions and 73 deletions
|
|
@ -404,7 +404,7 @@ docker_build_template: &DOCKER_BUILD_TEMPLATE
|
||||||
set_image_tag_script: echo "IMAGE_TAG=zeek/zeek-multiarch:${CIRRUS_ARCH}" >> $CIRRUS_ENV
|
set_image_tag_script: echo "IMAGE_TAG=zeek/zeek-multiarch:${CIRRUS_ARCH}" >> $CIRRUS_ENV
|
||||||
|
|
||||||
env:
|
env:
|
||||||
ZEEK_CONFIGURE_FLAGS: --ccache --generator=Ninja --build-type=Release --disable-btest-pcaps
|
ZEEK_CONFIGURE_FLAGS: --ccache --generator=Ninja --build-type=Release --disable-btest-pcaps --disable-cpp-tests --disable-broker-tests
|
||||||
CIRRUS_LOG_TIMESTAMP: true
|
CIRRUS_LOG_TIMESTAMP: true
|
||||||
BUILDER_IMAGE_CACHE_DIR: /tmp/builder-image-cache
|
BUILDER_IMAGE_CACHE_DIR: /tmp/builder-image-cache
|
||||||
ZEEK_IMAGE_CACHE_DIR: /tmp/zeek-image-cache-${CIRRUS_ARCH}
|
ZEEK_IMAGE_CACHE_DIR: /tmp/zeek-image-cache-${CIRRUS_ARCH}
|
||||||
|
|
@ -441,6 +441,9 @@ docker_build_template: &DOCKER_BUILD_TEMPLATE
|
||||||
build_final_script:
|
build_final_script:
|
||||||
- cd docker && docker build --cache-from ${IMAGE_TAG} -t ${IMAGE_TAG} -f final.Dockerfile .
|
- cd docker && docker build --cache-from ${IMAGE_TAG} -t ${IMAGE_TAG} -f final.Dockerfile .
|
||||||
- docker save ${IMAGE_TAG} | zstd > ${ZEEK_IMAGE_CACHE_DIR}/final.zst
|
- docker save ${IMAGE_TAG} | zstd > ${ZEEK_IMAGE_CACHE_DIR}/final.zst
|
||||||
|
test_script:
|
||||||
|
- docker tag ${IMAGE_TAG} zeek:latest
|
||||||
|
- make -C docker/btest
|
||||||
|
|
||||||
arm64_container_image_docker_builder:
|
arm64_container_image_docker_builder:
|
||||||
env:
|
env:
|
||||||
|
|
|
||||||
13
CHANGES
13
CHANGES
|
|
@ -1,3 +1,16 @@
|
||||||
|
5.2.0-dev.609 | 2023-02-01 20:55:45 +0100
|
||||||
|
|
||||||
|
* docker: Extend tests to run a very basic Zeek script (Arne Welzel, Corelight)
|
||||||
|
|
||||||
|
Mostly because a `-v` shortcuts quite, while a zeek -e 'print zeek_version()'
|
||||||
|
will also parse all base scripts, etc.
|
||||||
|
|
||||||
|
* cirrus: No broker-tests and no cpp-tests for images (Arne Welzel, Corelight)
|
||||||
|
|
||||||
|
* docker: Update Makefile/README to align with the Cirrus CI setup (Arne Welzel, Corelight)
|
||||||
|
|
||||||
|
* cirrus: Add back testing of container images (Arne Welzel, Corelight)
|
||||||
|
|
||||||
5.2.0-dev.604 | 2023-02-01 10:48:03 -0700
|
5.2.0-dev.604 | 2023-02-01 10:48:03 -0700
|
||||||
|
|
||||||
* Restore/rename field in SMB2::Fscontrol record type (Tim Wojtulewicz, Corelight)
|
* Restore/rename field in SMB2::Fscontrol record type (Tim Wojtulewicz, Corelight)
|
||||||
|
|
|
||||||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
||||||
5.2.0-dev.604
|
5.2.0-dev.609
|
||||||
|
|
|
||||||
|
|
@ -1,63 +0,0 @@
|
||||||
# See the file "COPYING" in the main distribution directory for copyright.
|
|
||||||
|
|
||||||
# Layer to build Zeek.
|
|
||||||
FROM debian:bullseye-slim AS build
|
|
||||||
|
|
||||||
# Configure system for build.
|
|
||||||
RUN apt-get -q update \
|
|
||||||
&& apt-get install -q -y --no-install-recommends \
|
|
||||||
bind9 \
|
|
||||||
bison \
|
|
||||||
cmake \
|
|
||||||
flex \
|
|
||||||
g++ \
|
|
||||||
gcc \
|
|
||||||
libfl2 \
|
|
||||||
libfl-dev \
|
|
||||||
libmaxminddb-dev \
|
|
||||||
libpcap-dev \
|
|
||||||
libssl-dev \
|
|
||||||
libz-dev \
|
|
||||||
make \
|
|
||||||
python3-minimal \
|
|
||||||
python3.9-dev \
|
|
||||||
swig \
|
|
||||||
ninja-build \
|
|
||||||
python3-pip \
|
|
||||||
&& apt-get clean \
|
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
|
||||||
|
|
||||||
# Copy over the Zeek source tree.
|
|
||||||
# NOTE: This assumes that we build in the context of the parent directory (the
|
|
||||||
# Git checkout root). We e.g., ensure that in the `Makefile` in this directory.
|
|
||||||
COPY . /src/zeek
|
|
||||||
RUN make -C /src/zeek distclean
|
|
||||||
|
|
||||||
ARG CONFFLAGS="--generator=Ninja --build-type=Release"
|
|
||||||
|
|
||||||
WORKDIR /src/zeek
|
|
||||||
RUN ./configure $CONFFLAGS && ninja -C build install
|
|
||||||
|
|
||||||
# Final layer containing all artifacts.
|
|
||||||
FROM debian:bullseye-slim AS final
|
|
||||||
|
|
||||||
RUN apt-get -q update \
|
|
||||||
&& apt-get install -q -y --no-install-recommends \
|
|
||||||
ca-certificates \
|
|
||||||
git \
|
|
||||||
libmaxminddb0 \
|
|
||||||
libpython3.9 \
|
|
||||||
libpcap0.8 \
|
|
||||||
libssl1.1 \
|
|
||||||
libz1 \
|
|
||||||
python3-minimal \
|
|
||||||
python3-git \
|
|
||||||
python3-semantic-version \
|
|
||||||
python3-websocket \
|
|
||||||
&& apt-get clean \
|
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
|
||||||
|
|
||||||
# Copy over Zeek installation.
|
|
||||||
COPY --from=build /usr/local/zeek /usr/local/zeek
|
|
||||||
ENV PATH "/usr/local/zeek/bin:${PATH}"
|
|
||||||
ENV PYTHONPATH "/usr/local/zeek/lib/zeek/python:${PYTHONPATH}"
|
|
||||||
|
|
@ -1,12 +1,30 @@
|
||||||
# See the file "COPYING" in the main distribution directory for copyright.
|
# See the file "COPYING" in the main distribution directory for copyright.
|
||||||
|
|
||||||
VERSION := $$(cat ../VERSION)
|
VERSION := $(shell cat ../VERSION)
|
||||||
|
DOCKER ?= docker
|
||||||
|
BUILD_IMAGE := zeek-builder:$(VERSION)
|
||||||
|
BUILD_CONTAINER := zeek-builder-container-$(VERSION)
|
||||||
|
ZEEK_IMAGE ?= zeek:$(VERSION)"
|
||||||
|
BUILD_DIR ?= build-docker
|
||||||
|
ZEEK_CONFIGURE_FLAGS ?= \
|
||||||
|
--build-dir=$(BUILD_DIR) \
|
||||||
|
--generator=Ninja \
|
||||||
|
--build-type=Release \
|
||||||
|
--disable-btest-pcaps \
|
||||||
|
--disable-broker-tests \
|
||||||
|
--disable-cpp-tests
|
||||||
|
|
||||||
.PHONY: all
|
.PHONY: all
|
||||||
|
|
||||||
all:
|
all:
|
||||||
@docker build -t zeek:$(VERSION) -f Dockerfile ..
|
-docker rm $(BUILD_CONTAINER)
|
||||||
@docker tag zeek:$(VERSION) zeek:latest
|
docker build -t $(BUILD_IMAGE) -f builder.Dockerfile .
|
||||||
|
docker run --name $(BUILD_CONTAINER) \
|
||||||
|
-v $(CURDIR)/../:/src/zeek -w /src/zeek \
|
||||||
|
$(BUILD_IMAGE) bash -xeu -c "./configure $(ZEEK_CONFIGURE_FLAGS) && ninja -C $(BUILD_DIR) install"
|
||||||
|
docker commit $(BUILD_CONTAINER) zeek-build
|
||||||
|
docker build -t $(ZEEK_IMAGE) -f final.Dockerfile .
|
||||||
|
docker tag $(ZEEK_IMAGE) zeek:latest
|
||||||
|
|
||||||
test:
|
test:
|
||||||
@TEST_TAG=zeek:$(VERSION) $(MAKE) -C btest
|
@TEST_TAG=zeek:$(VERSION) $(MAKE) -C btest
|
||||||
|
|
|
||||||
|
|
@ -1,19 +1,28 @@
|
||||||
Container image for Zeek
|
Container image for Zeek
|
||||||
========================
|
========================
|
||||||
|
|
||||||
This directory contains a minimal container image for Zeek. This image is
|
This directory allows building a minimal container image for Zeek. This image is
|
||||||
published automatically to [DockerHub](https://hub.docker.com/u/zeekurity) for
|
published automatically to [DockerHub](https://hub.docker.com/u/zeek) for
|
||||||
releases and for commits on the `master` branch.
|
releases and for commits on the `master` branch.
|
||||||
|
|
||||||
- Images for release are published as
|
- Images for release are published as
|
||||||
[`zeekurity/zeek`](https://hub.docker.com/r/zeekurity/zeek) with the `latest`
|
[`zeek/zeek`](https://hub.docker.com/r/zeek/zeek) with the `latest`
|
||||||
tag pointing to the latest release.
|
tag pointing to the latest release.
|
||||||
- Development images for the `master` branch are published as
|
- Development images for the `master` branch are published as
|
||||||
[`zeekurity/zeek-dev`](https://hub.docker.com/r/zeekurity/zeek-dev).
|
[`zeek/zeek-dev`](https://hub.docker.com/r/zeek/zeek-dev).
|
||||||
|
|
||||||
|
These images are also pushed to Amazon ECR Public Gallery under
|
||||||
|
the [Zeek Project](https://gallery.ecr.aws/zeek).
|
||||||
|
|
||||||
To run the image execute e.g.,:
|
To run the image execute e.g.,:
|
||||||
|
|
||||||
docker run -it zeekurity/zeek
|
docker run -it zeek/zeek
|
||||||
|
|
||||||
To build the image execute `make` from this directory.
|
To build the image execute `make` from this directory.
|
||||||
|
|
||||||
|
CI
|
||||||
|
--
|
||||||
|
|
||||||
|
Note, the image build process on Cirrus CI is not using the Makefile,
|
||||||
|
but instead open-codes the invocation due to leveraging Cirrus CI caching
|
||||||
|
and ccache heavily.
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
zeek version xxx
|
zeek version xxx
|
||||||
|
zeek version xxx
|
||||||
XXX
|
XXX
|
||||||
[sources]
|
[sources]
|
||||||
zeek = https://github.com/zeek/packages
|
zeek = https://github.com/zeek/packages
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,9 @@ TEST_TAG=${TEST_TAG:-zeek:latest}
|
||||||
# Check that `zeek` can be run.
|
# Check that `zeek` can be run.
|
||||||
docker run --rm "${TEST_TAG}" zeek -v | sed 's/\(zeek version\) .*/\1 xxx/'
|
docker run --rm "${TEST_TAG}" zeek -v | sed 's/\(zeek version\) .*/\1 xxx/'
|
||||||
|
|
||||||
|
# ...and load and execute some basic scripts, too.
|
||||||
|
docker run --rm "${TEST_TAG}" zeek -e 'print fmt("zeek version %s", zeek_version())' | sed 's/\(zeek version\) .*/\1 xxx/'
|
||||||
|
|
||||||
# Check that this is a release build.
|
# Check that this is a release build.
|
||||||
docker run --rm "${TEST_TAG}" zeek-config --build_type | grep -q 'release'
|
docker run --rm "${TEST_TAG}" zeek-config --build_type | grep -q 'release'
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue