Merge pull request #168 from ns1labs/feature/clang-toolchain

clang toolchain builds, statically linked executables
netboxlabs · Jan 7, 2022 · 869f4bc · 869f4bc
2 parents 416010b + a68261c
commit 869f4bc
Show file tree

Hide file tree

Showing 18 changed files with 340 additions and 43 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -3,8 +3,8 @@ integration_tests/external*
 Dockerfile
 .dockerignore
 .gitignore
-.git
 appimage/Dockerfile.part
 appimage/export.sh
 appimage/Makefile
 localconfig/*
+docker/*
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -39,28 +39,11 @@ jobs:
         # uses: turtlebrowser/get-conan@4dc7e6dd45c8b1e02e909979d7cfc5ebba6ddbe2
         uses: turtlebrowser/[email protected]
 
-      - name: Conan profile and settings
-        run: |
-          conan profile new --detect default
-          conan config set general.revisions_enabled=1
-
-      - name: Conan profile (linux-workaround)
-        if: matrix.os == 'ubuntu-latest'
-        run:
-          conan profile update settings.compiler.libcxx=libstdc++11 default
-
-      - name: Conan install (osx-workaround)
-        if: matrix.os == 'macos-latest'
-        working-directory: ${{github.workspace}}/build
-        run: |
-          conan remote add ns1labs-conan https://ns1labs.jfrog.io/artifactory/api/conan/ns1labs-conan
-          conan install --build=missing ..
-
       - name: linux package install
         if: matrix.os == 'ubuntu-latest'
         run: |
           sudo apt-get update
-          sudo apt-get install --yes --no-install-recommends golang ca-certificates jq
+          sudo apt-get install --yes --no-install-recommends jq
 
       - name: Configure CMake
         # Use a bash shell so we can use the same syntax for environment variable
@@ -100,12 +83,6 @@ jobs:
       - name: Get Conan
         uses: turtlebrowser/[email protected]
 
-      - name: Conan profile and settings
-        run: |
-          conan profile new --detect default
-          conan config set general.revisions_enabled=1
-          conan profile update settings.compiler.libcxx=libstdc++11 default
-
       - name: Configure CMake to generate VERSION
         shell: bash
         working-directory: ${{github.workspace}}/build

diff --git a/.github/workflows/static_build.yml b/.github/workflows/static_build.yml
@@ -0,0 +1,158 @@
+name: Static Build
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - develop
+      - release
+  push:
+    branches:
+      - develop
+      - release
+
+env:
+  # Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
+  BUILD_TYPE: Release
+
+jobs:
+  build:
+    # The CMake configure and build commands are platform agnostic and should work equally
+    # well on Windows or Mac.  You can convert this to a matrix build if you need
+    # cross-platform coverage.
+    # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+    strategy:
+      matrix:
+        os: [ ubuntu-latest ]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Build and test static base
+        run: |
+          docker build -f docker/Dockerfile.static-base -t ns1labs/static-base .
+
+      - name: Get branch name
+        shell: bash
+        run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | tr / -)" >> $GITHUB_ENV
+
+      - name: Debug branch name
+        run: echo ${{ env.BRANCH_NAME }}
+
+      - name: Get VERSION
+        run: |
+          echo "VERSION=`docker run --rm -a stdout --entrypoint cat ns1labs/static-base VERSION`" >> $GITHUB_ENV
+
+      - name: Debug version
+        run: echo ${{ env.VERSION }}
+
+      - name: Generate ref tag (master)
+        if: github.event_name != 'pull_request' && ${{ env.BRANCH_NAME == 'master' }}
+        run: |
+          echo "REF_TAG=latest" >> $GITHUB_ENV
+
+      - name: Generate ref tag (develop)
+        if: github.event_name != 'pull_request' && ${{ env.BRANCH_NAME == 'develop' }}
+        run: |
+          echo "REF_TAG=latest-develop" >> $GITHUB_ENV
+
+      - name: Generate ref tag (release candidate)
+        if: github.event_name != 'pull_request' && ${{ env.BRANCH_NAME == 'release' }}
+        run: |
+          echo "REF_TAG=latest-rc" >> $GITHUB_ENV
+
+      - name: Debug ref tag
+        if: github.event_name != 'pull_request'
+        run: echo ${{ env.REF_TAG }}
+
+      - name: Login to Docker Hub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push static pktvisord container
+        if: github.event_name != 'pull_request'
+        env:
+          BASE_BINARY: pktvisord
+          IMAGE_NAME: ns1labs/pktvisord-slim
+        run: |
+          docker build -f docker/Dockerfile.${{ env.BASE_BINARY }}-static -t ${{ env.IMAGE_NAME }}:${{ env.REF_TAG }} -t ${{ env.IMAGE_NAME }}:${{ env.VERSION }} .
+          docker push -a ${{ env.IMAGE_NAME }}
+          echo "CONT_ID=$(docker create --name ${{ env.BASE_BINARY }}-slim-tmp ${{ env.IMAGE_NAME }}:${{ env.REF_TAG }})" >> $GITHUB_ENV
+
+      - name: Extract static pktvisord asset
+        if: github.event_name != 'pull_request'
+        env:
+          BASE_BINARY: pktvisord
+          IMAGE_NAME: ns1labs/pktvisord-slim
+        run: |
+          docker cp ${{ env.CONT_ID }}:/${{ env.BASE_BINARY }} ${{github.workspace}}/${{ env.BASE_BINARY }}-linux-x86_64-${{ env.VERSION }}
+
+      - name: Upload pktvisord artifact
+        if: github.event_name != 'pull_request'
+        env:
+          BINARY_NAME: pktvisord-linux-x86_64-${{ env.VERSION }}
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ env.BINARY_NAME }}
+          path: ${{github.workspace}}/${{ env.BINARY_NAME }}
+
+      - name: Build and push static pktvisor-pcap container
+        if: github.event_name != 'pull_request'
+        env:
+          BASE_BINARY: pktvisor-pcap
+          IMAGE_NAME: ns1labs/pktvisor-pcap-slim
+        run: |
+          docker build -f docker/Dockerfile.${{ env.BASE_BINARY }}-static -t ${{ env.IMAGE_NAME }}:${{ env.REF_TAG }} -t ${{ env.IMAGE_NAME }}:${{ env.VERSION }} .
+          docker push -a ${{ env.IMAGE_NAME }}
+          echo "CONT_ID=$(docker create --name ${{ env.BASE_BINARY }}-slim-tmp ${{ env.IMAGE_NAME }}:${{ env.REF_TAG }})" >> $GITHUB_ENV
+
+      - name: Extract static pktvisor-pcap asset
+        if: github.event_name != 'pull_request'
+        env:
+          BASE_BINARY: pktvisor-pcap
+          IMAGE_NAME: ns1labs/pktvisor-pcap-slim
+        run: |
+          docker cp ${{ env.CONT_ID }}:/${{ env.BASE_BINARY }} ${{github.workspace}}/${{ env.BASE_BINARY }}-linux-x86_64-${{ env.VERSION }}
+
+      - name: Upload pktvisor-pcap artifact
+        if: github.event_name != 'pull_request'
+        env:
+          BINARY_NAME: pktvisor-pcap-linux-x86_64-${{ env.VERSION }}
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ env.BINARY_NAME }}
+          path: ${{github.workspace}}/${{ env.BINARY_NAME }}
+
+
+      - name: Build and push static pktvisor-dnstap container
+        if: github.event_name != 'pull_request'
+        env:
+          BASE_BINARY: pktvisor-dnstap
+          IMAGE_NAME: ns1labs/pktvisor-dnstap-slim
+        run: |
+          docker build -f docker/Dockerfile.${{ env.BASE_BINARY }}-static -t ${{ env.IMAGE_NAME }}:${{ env.REF_TAG }} -t ${{ env.IMAGE_NAME }}:${{ env.VERSION }} .
+          docker push -a ${{ env.IMAGE_NAME }}
+          echo "CONT_ID=$(docker create --name ${{ env.BASE_BINARY }}-slim-tmp ${{ env.IMAGE_NAME }}:${{ env.REF_TAG }})" >> $GITHUB_ENV
+
+      - name: Extract static pktvisor-dnstap asset
+        if: github.event_name != 'pull_request'
+        env:
+          BASE_BINARY: pktvisor-dnstap
+          IMAGE_NAME: ns1labs/pktvisor-dnstap-slim
+        run: |
+          docker cp ${{ env.CONT_ID }}:/${{ env.BASE_BINARY }} ${{github.workspace}}/${{ env.BASE_BINARY }}-linux-x86_64-${{ env.VERSION }}
+
+      - name: Upload pktvisor-dnstap artifact
+        if: github.event_name != 'pull_request'
+        env:
+          BINARY_NAME: pktvisor-dnstap-linux-x86_64-${{ env.VERSION }}
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ env.BINARY_NAME }}
+          path: ${{github.workspace}}/${{ env.BINARY_NAME }}
+
+
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -1,8 +1,9 @@
 cmake_minimum_required(VERSION 3.13)
 
-list(APPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/cmake")
-
+#######################################################
 # VERSION
+#######################################################
+
 # this is the source of truth for semver version
 project(visor VERSION 3.4.0)
 
@@ -11,6 +12,30 @@ project(visor VERSION 3.4.0)
 # for release candidate, this is "-rc"
 set(VISOR_PRERELEASE "-develop")
 
+#######################################################
+
+# if develop or rc build, add git hash
+# note this only updates on cmake reconfigure, not every git commit
+# so it's mainly useful for GitHub CI, not developers
+if(VISOR_PRERELEASE STREQUAL "-develop" OR VISOR_PRERELEASE STREQUAL "-rc")
+    execute_process(
+            COMMAND
+            git rev-parse --short HEAD
+            WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+            RESULT_VARIABLE
+            SHORT_HASH_RESULT
+            OUTPUT_VARIABLE
+            SHORT_HASH
+            OUTPUT_STRIP_TRAILING_WHITESPACE
+    )
+    if (${SHORT_HASH} STREQUAL "")
+        message(FATAL "Unable to get current git hash for develop/rc version")
+    endif ()
+    string(APPEND VISOR_PRERELEASE "-${SHORT_HASH}")
+endif()
+
+list(APPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/cmake")
+
 # these are computed
 set(VISOR_VERSION_NUM "${PROJECT_VERSION}${VISOR_PRERELEASE}")
 set(VISOR_VERSION "pktvisor ${PROJECT_VERSION}${VISOR_PRERELEASE}")
@@ -26,18 +51,64 @@ set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 #set(CMAKE_VERBOSE_MAKEFILE ON)
 add_compile_options(-Wall -pedantic -W -Wextra -Wno-unknown-pragmas)
 
+# use a custom conan home directory in our build directory
+# this allows us to use the clang-toolchain docker image in CLion docker toolchain
+set(ENV{CONAN_USER_HOME} ${CMAKE_BINARY_DIR}/conan_home)
 include(conan)
 
-conan_add_remote(NAME ns1labs INDEX 1
+conan_add_remote(NAME ns1labs INDEX 0
         URL https://ns1labs.jfrog.io/artifactory/api/conan/ns1labs-conan
         VERIFY_SSL True)
 
-conan_cmake_autodetect(settings)
+conan_cmake_autodetect(CONAN_SETTINGS)
+message(STATUS "Detected conan settings: ${CONAN_SETTINGS}")
+
+# is this destructive for developer environment?
+message(STATUS "Setting conan general.revisions_enabled=1")
+execute_process(COMMAND ${CONAN_CMD} config set general.revisions_enabled=1)
+
+# by default, build all conan dependencies that don't have a binary for this env
+set(CONAN_BUILD_SETTING missing)
+set(CONAN_ENV_SETTING "")
+set(DYNAMIC_LIB_SUPPORT TRUE)
+
+if(UNIX AND NOT APPLE)
+    set(LINUX TRUE)
+endif()
+if(LINUX)
+    execute_process(
+            COMMAND ldd /bin/ls
+            OUTPUT_VARIABLE MUSL_CHECK
+    )
+    if(MUSL_CHECK MATCHES "musl")
+        set(MUSL TRUE)
+        message(STATUS "Musl libc detected")
+    endif()
+    if(NOT MUSL)
+        # on gcc, use latest standard
+        set(CONAN_SETTINGS ${CONAN_SETTINGS} compiler.libcxx=libstdc++11)
+    endif()
+endif()
+
+if(MUSL)
+    # m4 inappropriately tries to use a GCC binary version, must force build
+    set(CONAN_BUILD_SETTING ${CONAN_BUILD_SETTING} m4)
+    # pcapplusplus uses a gcc extension for backtrace, musl needs an extra lib to emulate
+    set(CONAN_ENV_SETTING ${CONAN_ENV_SETTING} pcapplusplus:LDFLAGS=-lexecinfo)
+    set(STATIC_BINARIES TRUE)
+    set(DYNAMIC_LIB_SUPPORT FALSE)
+endif()
+
+if(STATIC_BINARIES)
+    message(STATUS "Enabling statically linked binaries")
+    set(STATIC_FLAGS -static -lc++ -lc++abi)
+endif()
 
 conan_cmake_install(PATH_OR_REFERENCE ${CMAKE_SOURCE_DIR}
-        BUILD missing
+        BUILD ${CONAN_BUILD_SETTING}
         GENERATOR cmake
-        SETTINGS ${settings}
+        SETTINGS ${CONAN_SETTINGS}
+        ENV ${CONAN_ENV_SETTING}
         INSTALL_FOLDER ${CMAKE_BINARY_DIR})
 
 include(${CMAKE_BINARY_DIR}/conanbuildinfo.cmake)
@@ -49,6 +120,8 @@ include(sanitizer)
 set(VISOR_STATIC_PLUGINS)
 
 enable_testing()
+
+message(STATUS "Building pktvisor version ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH}${VISOR_PRERELEASE}")
 add_subdirectory(3rd)
 add_subdirectory(src)
 add_subdirectory(cmd)

diff --git a/cmd/pktvisor-dnstap/CMakeLists.txt b/cmd/pktvisor-dnstap/CMakeLists.txt
@@ -9,4 +9,5 @@ target_link_libraries(pktvisor-dnstap
         PRIVATE
         ${CONAN_LIBS_DOCOPT.CPP}
         ${VISOR_STATIC_PLUGINS}
+        ${STATIC_FLAGS}
         )
diff --git a/cmd/pktvisor-pcap/CMakeLists.txt b/cmd/pktvisor-pcap/CMakeLists.txt
@@ -9,4 +9,5 @@ target_link_libraries(pktvisor-pcap
         PRIVATE
         ${CONAN_LIBS_DOCOPT.CPP}
         ${VISOR_STATIC_PLUGINS}
+        ${STATIC_FLAGS}
         )
diff --git a/cmd/pktvisord/CMakeLists.txt b/cmd/pktvisord/CMakeLists.txt
@@ -12,4 +12,5 @@ target_link_libraries(pktvisord
         ${CONAN_LIBS_DOCOPT.CPP}
         Visor::Core
         ${VISOR_STATIC_PLUGINS}
+        ${STATIC_FLAGS}
         )
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -8,7 +8,16 @@ RUN \
     apt-get install --yes --force-yes --no-install-recommends ${BUILD_DEPS} && \
     pip3 install conan
 
-COPY . /pktvisor-src/
+# need git for current hash for VERSION
+COPY ./.git/ /pktvisor-src/.git/
+COPY ./src/ /pktvisor-src/src/
+COPY ./cmd/ /pktvisor-src/cmd/
+COPY ./3rd/ /pktvisor-src/3rd/
+COPY ./golang/ /pktvisor-src/golang/
+COPY ./integration_tests/ /pktvisor-src/integration_tests/
+COPY ./cmake/ /pktvisor-src/cmake/
+COPY ./CMakeLists.txt /pktvisor-src/
+COPY ./conanfile.txt /pktvisor-src/
 
 WORKDIR /tmp/build
 RUN \

diff --git a/docker/Dockerfile.clang-toolchain b/docker/Dockerfile.clang-toolchain
@@ -0,0 +1,16 @@
+FROM ns1labs/clang-toolchain:latest
+ARG REQUIRE="make cmake python3 py3-pip perl git bash libexecinfo-static libexecinfo-dev"
+ARG UID=1000
+
+RUN adduser -u ${UID} -D builder
+
+RUN apk add --no-cache ${REQUIRE}
+
+RUN ln -s /usr/local/bin/clang /usr/local/bin/cc \
+    && ln -s /usr/local/bin/clang /usr/local/bin/gcc \
+    && ln -s /usr/local/bin/clang++ /usr/local/bin/c++ \
+    && ln -s /usr/local/bin/clang++ /usr/local/bin/g++ \
+    && ln -s /usr/local/bin/clang-cpp /usr/local/bin/cpp \
+    && pip install conan
+
+USER builder
diff --git a/docker/Dockerfile.pktvisor-dnstap-static b/docker/Dockerfile.pktvisor-dnstap-static
@@ -0,0 +1,7 @@
+FROM ns1labs/static-base AS cppbuild
+
+FROM scratch AS runtime
+
+COPY --from=cppbuild /tmp/build/bin/pktvisor-dnstap /pktvisor-dnstap
+
+ENTRYPOINT [ "/pktvisor-dnstap" ]