From 4523f678d2d511a99e6c51258598c0c4abc7d1f3 Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Wed, 1 Feb 2023 12:23:05 +0100 Subject: [PATCH] docker: Update Makefile/README to align with the Cirrus CI setup --- docker/Dockerfile | 63 ----------------------------------------------- docker/Makefile | 24 +++++++++++++++--- docker/README | 19 ++++++++++---- 3 files changed, 35 insertions(+), 71 deletions(-) delete mode 100644 docker/Dockerfile diff --git a/docker/Dockerfile b/docker/Dockerfile deleted file mode 100644 index 8d8673f097..0000000000 --- a/docker/Dockerfile +++ /dev/null @@ -1,63 +0,0 @@ -# See the file "COPYING" in the main distribution directory for copyright. - -# Layer to build Zeek. -FROM debian:bullseye-slim AS build - -# Configure system for build. -RUN apt-get -q update \ - && apt-get install -q -y --no-install-recommends \ - bind9 \ - bison \ - cmake \ - flex \ - g++ \ - gcc \ - libfl2 \ - libfl-dev \ - libmaxminddb-dev \ - libpcap-dev \ - libssl-dev \ - libz-dev \ - make \ - python3-minimal \ - python3.9-dev \ - swig \ - ninja-build \ - python3-pip \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# Copy over the Zeek source tree. -# NOTE: This assumes that we build in the context of the parent directory (the -# Git checkout root). We e.g., ensure that in the `Makefile` in this directory. -COPY . /src/zeek -RUN make -C /src/zeek distclean - -ARG CONFFLAGS="--generator=Ninja --build-type=Release" - -WORKDIR /src/zeek -RUN ./configure $CONFFLAGS && ninja -C build install - -# Final layer containing all artifacts. -FROM debian:bullseye-slim AS final - -RUN apt-get -q update \ - && apt-get install -q -y --no-install-recommends \ - ca-certificates \ - git \ - libmaxminddb0 \ - libpython3.9 \ - libpcap0.8 \ - libssl1.1 \ - libz1 \ - python3-minimal \ - python3-git \ - python3-semantic-version \ - python3-websocket \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# Copy over Zeek installation. -COPY --from=build /usr/local/zeek /usr/local/zeek -ENV PATH "/usr/local/zeek/bin:${PATH}" -ENV PYTHONPATH "/usr/local/zeek/lib/zeek/python:${PYTHONPATH}" diff --git a/docker/Makefile b/docker/Makefile index 696afc690d..9fdd002b5b 100644 --- a/docker/Makefile +++ b/docker/Makefile @@ -1,12 +1,30 @@ # See the file "COPYING" in the main distribution directory for copyright. -VERSION := $$(cat ../VERSION) +VERSION := $(shell cat ../VERSION) +DOCKER ?= docker +BUILD_IMAGE := zeek-builder:$(VERSION) +BUILD_CONTAINER := zeek-builder-container-$(VERSION) +ZEEK_IMAGE ?= zeek:$(VERSION)" +BUILD_DIR ?= build-docker +ZEEK_CONFIGURE_FLAGS ?= \ + --build-dir=$(BUILD_DIR) \ + --generator=Ninja \ + --build-type=Release \ + --disable-btest-pcaps \ + --disable-broker-tests \ + --disable-cpp-tests .PHONY: all all: - @docker build -t zeek:$(VERSION) -f Dockerfile .. - @docker tag zeek:$(VERSION) zeek:latest + -docker rm $(BUILD_CONTAINER) + docker build -t $(BUILD_IMAGE) -f builder.Dockerfile . + docker run --name $(BUILD_CONTAINER) \ + -v $(CURDIR)/../:/src/zeek -w /src/zeek \ + $(BUILD_IMAGE) bash -xeu -c "./configure $(ZEEK_CONFIGURE_FLAGS) && ninja -C $(BUILD_DIR) install" + docker commit $(BUILD_CONTAINER) zeek-build + docker build -t $(ZEEK_IMAGE) -f final.Dockerfile . + docker tag $(ZEEK_IMAGE) zeek:latest test: @TEST_TAG=zeek:$(VERSION) $(MAKE) -C btest diff --git a/docker/README b/docker/README index 8d3280f161..ae0011d747 100644 --- a/docker/README +++ b/docker/README @@ -1,19 +1,28 @@ Container image for Zeek ======================== -This directory contains a minimal container image for Zeek. This image is -published automatically to [DockerHub](https://hub.docker.com/u/zeekurity) for +This directory allows building a minimal container image for Zeek. This image is +published automatically to [DockerHub](https://hub.docker.com/u/zeek) for releases and for commits on the `master` branch. - Images for release are published as - [`zeekurity/zeek`](https://hub.docker.com/r/zeekurity/zeek) with the `latest` + [`zeek/zeek`](https://hub.docker.com/r/zeek/zeek) with the `latest` tag pointing to the latest release. - Development images for the `master` branch are published as - [`zeekurity/zeek-dev`](https://hub.docker.com/r/zeekurity/zeek-dev). + [`zeek/zeek-dev`](https://hub.docker.com/r/zeek/zeek-dev). +These images are also pushed to Amazon ECR Public Gallery under +the [Zeek Project](https://gallery.ecr.aws/zeek). To run the image execute e.g.,: - docker run -it zeekurity/zeek + docker run -it zeek/zeek To build the image execute `make` from this directory. + +CI +-- + +Note, the image build process on Cirrus CI is not using the Makefile, +but instead open-codes the invocation due to leveraging Cirrus CI caching +and ccache heavily.