diff --git a/cilium-1.19.yaml b/cilium-1.19.yaml new file mode 100644 index 000000000000..4d2690a26277 --- /dev/null +++ b/cilium-1.19.yaml @@ -0,0 +1,267 @@ +package: + name: cilium-1.19 + version: "1.19.0" + epoch: 0 + description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane + copyright: + - license: Apache-2.0 + resources: + cpu: 20 + memory: 64Gi + dependencies: + runtime: + - bpftool + # cilium does compilations at runtime on the node. + - clang-17 + - cni-plugins-loopback + - iproute2 + - ipset + - iptables-nft + - kmod + - llvm-17 + - merged-sbin + - wolfi-baselayout + provides: + - cilium=${{package.full-version}} + +environment: + contents: + packages: + - bash + - bazel-6 + - binutils + - build-base + - busybox + - ca-certificates-bundle + - clang-17 + - cmake + - coreutils # for GNU install + - git + - go + - grep + - isl-dev + - libcxx1-17-dev + - libtool + - lld-17 + - lld-17-dev + - llvm-17-dev + - mpc-dev + - openjdk-11 + - patch + - python3-dev + - samurai + - wolfi-baselayout + +pipeline: + - uses: git-checkout + with: + repository: https://github.com/cilium/cilium + tag: v${{package.version}} + expected-commit: 1403e61a78a013333992105bf58f9eea26d360ed + + - uses: patch + with: + patches: loopback-location.patch + + - runs: | + # Bazel errors out on toolchain stanza + sed -i '/$toolchain /d' go.mod + # Bazel errors out on go point release + sed -i 's|^\(go 1\.[0-9]*\)\.[0-9]*|\1|' go.mod + + - runs: | + # Remove groupadd from Makefile: it's not doing anything useful in + # a package build anyway, and it's not available in busybox. + find . -name Makefile -exec sed -i '/groupadd/d' {} \; + + DESTDIR=${{targets.destdir}} DISABLE_ENVOY_INSTALLATION=1 make build-container + DESTDIR=${{targets.destdir}} DISABLE_ENVOY_INSTALLATION=1 make install-container + + - uses: strip + +subpackages: + - name: ${{package.name}}-container-init + description: init scripts for cilium + dependencies: + provides: + - cilium-container-init=${{package.full-version}} + runtime: + - merged-sbin + - wolfi-baselayout + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/usr/bin + cp images/cilium/init-container.sh \ + plugins/cilium-cni/install-plugin.sh \ + plugins/cilium-cni/cni-uninstall.sh \ + ${{targets.subpkgdir}}/usr/bin + test: + pipeline: + - runs: | + test -x /usr/bin/init-container.sh + test -x /usr/bin/install-plugin.sh + test -x /usr/bin/cni-uninstall.sh + + - name: ${{package.name}}-container-init-compat + description: init scripts for cilium + dependencies: + runtime: + - ${{package.name}}-container-init + - merged-sbin + - wolfi-baselayout + provides: + - cilium-container-init-compat=${{package.full-version}} + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}} + ln -sf /usr/bin/init-container.sh ${{targets.subpkgdir}}/init-container.sh + ln -sf /usr/bin/install-plugin.sh ${{targets.subpkgdir}}/install-plugin.sh + ln -sf /usr/bin/cni-uninstall.sh ${{targets.subpkgdir}}/cni-uninstall.sh + test: + pipeline: + - runs: | + test -x $(readlink -f /init-container.sh) + test -x $(readlink -f /install-plugin.sh) + test -x $(readlink -f /cni-uninstall.sh) + + - name: ${{package.name}}-compat + description: Compat to make our image compatible with upstream + dependencies: + runtime: + - wolfi-baselayout + provides: + - cilium-compat=${{package.full-version}} + pipeline: + - runs: | + mkdir -p ${{targets.subpkgdir}}/run + mkdir -p ${{targets.subpkgdir}}/var + ln -sf /run ${{targets.subpkgdir}}/var/run + test: + pipeline: + - uses: test/virtualpackage + with: + virtual-pkg-name: cilium-compat + real-pkg-name: ${{subpkg.name}} + + - name: ${{package.name}}-iptables + description: iptables compatibility package for cilium + dependencies: + runtime: + - iptables-nft + - merged-sbin + - wolfi-baselayout + provides: + - cilium-iptables=${{package.full-version}} + test: + pipeline: + - uses: test/emptypackage + + - name: ${{package.name}}-operator-generic + description: Generic operator for cilium + dependencies: + runtime: + - gops + - merged-sbin + - wolfi-baselayout + provides: + - cilium-operator-generic=${{package.full-version}} + pipeline: + - runs: | + cd /home/build/operator + make cilium-operator-generic + DESTDIR=${{targets.subpkgdir}} make install-generic + - uses: strip + test: + pipeline: + - runs: | + # Test version output + cilium-operator-generic --version | grep -q "${{package.version}}" + + - name: ${{package.name}}-operator-aws + description: AWS operator for cilium + dependencies: + runtime: + - gops + - merged-sbin + - wolfi-baselayout + provides: + - cilium-operator-aws=${{package.full-version}} + pipeline: + - runs: | + cd /home/build/operator + make cilium-operator-aws + DESTDIR=${{targets.subpkgdir}} make install-aws + - uses: strip + test: + pipeline: + - runs: | + # Test version output + cilium-operator-aws --version | grep -q "${{package.version}}" + + - name: ${{package.name}}-hubble-relay + description: Hubble relay + dependencies: + provides: + - cilium-hubble-relay=${{package.full-version}} + runtime: + - merged-sbin + - wolfi-baselayout + pipeline: + - runs: | + cd /home/build/hubble-relay + make hubble-relay + DESTDIR=${{targets.subpkgdir}} make install + - uses: strip + test: + pipeline: + - runs: | + # Test version output + hubble-relay --version | grep -q "${{package.version}}" + + - name: ${{package.name}}-clustermesh-apiserver + description: Clustermesh apiserver + dependencies: + runtime: + - etcd + - gops + provides: + - cilium-clustermesh-apiserver=${{package.full-version}} + pipeline: + - working-directory: /home/build/clustermesh-apiserver + pipeline: + - runs: make clustermesh-apiserver + - uses: autoconf/make-install + - runs: install -Dm755 etcd-config.yaml ${{targets.contextdir}}/var/lib/cilium/etcd-config.yaml + - uses: strip + test: + pipeline: + - runs: | + # check these files exist + stat /usr/bin/clustermesh-apiserver + stat /var/lib/cilium/etcd-config.yaml + clustermesh-apiserver version | grep "${{package.version}}" + clustermesh-apiserver --help 2>&1 | grep "Run the ClusterMesh apiserver" + +test: + pipeline: + - uses: test/tw/ver-check + with: + bins: cilium cilium-dbg cilium-agent + # Ensure that structured version info is available + - runs: cilium version -ojsonpath={.Client.Version} | grep ${{package.version}} + - name: Test help commands + runs: | + cilium --help + cilium-agent --help + cilium-bugtool --help + cilium-dbg --help + cilium-health --help + cilium-mount --help + cilium-sysctlfix --help + +update: + enabled: true + github: + identifier: cilium/cilium + strip-prefix: v + tag-filter-prefix: v1.19. diff --git a/cilium-1.19/loopback-location.patch b/cilium-1.19/loopback-location.patch new file mode 100644 index 000000000000..43100bb074ee --- /dev/null +++ b/cilium-1.19/loopback-location.patch @@ -0,0 +1,15 @@ +Update the loopback binary location to be /usr/bin + +diff --git a/plugins/cilium-cni/install-plugin.sh b/plugins/cilium-cni/install-plugin.sh +index f3d589acc8..9cd4673fbf 100755 +--- a/plugins/cilium-cni/install-plugin.sh ++++ b/plugins/cilium-cni/install-plugin.sh +@@ -30,7 +30,7 @@ install_cni() { + # Install the CNI loopback driver if not installed already + if [ ! -f "${CNI_DIR}/bin/loopback" ]; then + # Don't fail hard if this fails as it is usually not required +- install_cni /cni/loopback || true ++ install_cni /usr/bin/loopback || true + fi + + install_cni "/opt/cni/bin/${BIN_NAME}"