diff --git a/.cirrus.yml b/.cirrus.yml index e3b4ce3fea..d9133d8f11 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -399,12 +399,42 @@ windows_task: # us build natively and much faster at the expense of the docker manifest # wrangling (and not being able to use the nice GitHub actions). docker_build_template: &DOCKER_BUILD_TEMPLATE + cpu: *CPUS + memory: *MEMORY set_image_tag_script: echo "IMAGE_TAG=zeek/zeek-multiarch:${CIRRUS_ARCH}" >> $CIRRUS_ENV - build_script: - - git submodule update --init --recursive - - set -x; cd docker && docker build -f Dockerfile --tag ${IMAGE_TAG} .. - - set -x; docker save $IMAGE_TAG | zstd > image.zst - - curl -v -X POST --data-binary @image.zst http://$CIRRUS_HTTP_CACHE_HOST/${CIRRUS_BUILD_ID}-image-${CIRRUS_ARCH} + + env: + ZEEK_CONFIGURE_FLAGS: --ccache --generator=Ninja --build-type=Release + CIRRUS_LOG_TIMESTAMP: true + IMAGE_CACHE_DIR: /tmp/image-cache + + always: + ccache_cache: + folder: /tmp/ccache + fingerprint_script: echo ccache-$CIRRUS_TASK_NAME-$CIRRUS_OS + reupload_on_changes: true + image_cache: + folder: /tmp/image-cache + fingerprint_script: echo image-cache-$CIRRUS_TASK_NAME-$CIRRUS_OS + reupload_on_changes: true + + sync_submodules_script: git submodule update --recursive --init --recommend-shallow -j $(nproc) + + prepare_builder_script: + - set -x + - mkdir -p ${IMAGE_CACHE_DIR} + - if [ -f ${IMAGE_CACHE_DIR}/builder.zst ]; then zstd -d < ${IMAGE_CACHE_DIR}/builder.zst | docker load; fi + - if [ -f ${IMAGE_CACHE_DIR}/final.zst ]; then zstd -d < ${IMAGE_CACHE_DIR}/final.zst | docker load; fi + - (cd docker && docker build --cache-from zeek-builder:latest -t zeek-builder:latest -f builder.Dockerfile .) + - docker save zeek-builder:latest | zstd > ${IMAGE_CACHE_DIR}/builder.zst + build_zeek_script: + - docker run --name zeek-builder-container -e CCACHE_DIR=/tmp/ccache -v $(pwd):/src/zeek -v/tmp/ccache:/tmp/ccache -w /src/zeek zeek-builder:latest bash -c "./configure $ZEEK_CONFIGURE_FLAGS && ninja -C build install" + # The "zeek-build" tag is used within final.Dockerfile using COPY --from=... + - docker commit zeek-builder-container zeek-build + build_final_script: + - (cd docker && docker build --cache-from ${IMAGE_TAG} -t ${IMAGE_TAG} -f final.Dockerfile .) + - docker save ${IMAGE_TAG} | zstd > ${IMAGE_CACHE_DIR}/final.zst + - curl -sSf -X POST --data-binary @${IMAGE_CACHE_DIR}/final.zst http://$CIRRUS_HTTP_CACHE_HOST/${CIRRUS_BUILD_ID}-image-${CIRRUS_ARCH} arm64_container_image_docker_builder: env: diff --git a/docker/builder.Dockerfile b/docker/builder.Dockerfile new file mode 100644 index 0000000000..aa1becec83 --- /dev/null +++ b/docker/builder.Dockerfile @@ -0,0 +1,29 @@ +# See the file "COPYING" in the main distribution directory for copyright. + +# Layer to build Zeek. +FROM debian:bullseye-slim + +# Configure system for build. +RUN apt-get -q update \ + && apt-get install -q -y --no-install-recommends \ + bind9 \ + bison \ + ccache \ + cmake \ + flex \ + g++ \ + gcc \ + libfl2 \ + libfl-dev \ + libmaxminddb-dev \ + libpcap-dev \ + libssl-dev \ + libz-dev \ + make \ + python3-minimal \ + python3.9-dev \ + swig \ + ninja-build \ + python3-pip \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* diff --git a/docker/final.Dockerfile b/docker/final.Dockerfile new file mode 100644 index 0000000000..775b1b32b0 --- /dev/null +++ b/docker/final.Dockerfile @@ -0,0 +1,25 @@ +# See the file "COPYING" in the main distribution directory for copyright. + +# Final layer containing all artifacts. +FROM debian:bullseye-slim + +RUN apt-get -q update \ + && apt-get install -q -y --no-install-recommends \ + ca-certificates \ + git \ + libmaxminddb0 \ + libpython3.9 \ + libpcap0.8 \ + libssl1.1 \ + libz1 \ + python3-minimal \ + python3-git \ + python3-semantic-version \ + python3-websocket \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Copy over Zeek installation from build +COPY --from=zeek-build /usr/local/zeek /usr/local/zeek +ENV PATH "/usr/local/zeek/bin:${PATH}" +ENV PYTHONPATH "/usr/local/zeek/lib/zeek/python:${PYTHONPATH}"