[tracking] Falco v0.35 release

[FedeDP]

Scheduled to happen: ~2023-06-07

During the community call of 2023-05-17 I proposed myself as a release manager, and together with the other maintainers we plan to release v0.35 as soon as possible.

I Will keep this issue updated with the current status and progress.

Current Status

• falcosecurity/libs tracking release issue: [TRACKING] Libs Release (0.11.1+5.0.1+driver) libs#1092
• Code freeze in falcosecurity/libs
• Code thaw in falcosecurity/libs
• Release libs 0.11.2
  • https://github.com/falcosecurity/libs/releases/tag/0.11.2
• Release drivers 5.0.1
  • https://github.com/falcosecurity/libs/releases/tag/5.0.1%2Bdriver
• Code freeze in falcosecurity/falco
• Open release branch in Falco
  • Branch-protect the branch
• Code thaw in falcosecurity/falco
• Release Falco v0.35.0

Release Steps

Process is described in this document.

Release Blocking PRs

Manual Testing Action Items

• Running Falco on Kubernetes with the official Helm Charts
• Running Falco from RPM and DEB artifacts
• Running Falco in a container with the official images
• Running/fuzzing Falco with multiple event sources active in parallel
• Running/fuzzing Falco with variable syscall buffer dimension
• Running Falco in all officially-supported architectures (x86_64, ARM64)
• Running Falco with the supported drivers (kmod, eBPF, gVisor, trace files)
• Test Falco with event generator
• Test that plugins are correctly loaded
• Test memory and CPU usage (with Valgrind and other tools)
• Test latest version of driver loader
• Test that k8s metadata enrichment client works as expected
• Test that all Falco CLI options work as expected
• Check that Falco log messages are correct and consistent
• Test that Falco ruleset loading and validation works as expected

Action Items

• Pre-Release
  • Milestone: https://github.com/falcosecurity/falco/milestone/29
  • Sync with new falcosecurity/libs release 0.11.1:
    • sync(0.35.x): bump libs to 0.11.1 #2615
  • Sync with new falcosecurity/libs driver release 5.0.1:
  • update(cmake): bumped libs to 0.11.0-rc5 and driver to 5.0.1. #2600
  • Release plugin-sdk-go
    • https://github.com/falcosecurity/plugin-sdk-go/releases/tag/v0.7.1
  • Release falcoctl
    • https://github.com/falcosecurity/falcoctl/releases/tag/v0.5.0
  • Release plugins
  • Release rules
    • https://github.com/falcosecurity/rules/releases/tag/falco-rules-1.0.0
  • Prebuilt drivers publish
    • new(driverkit): add new driver version 5.0.1+driver and remove the old 5.0.0+driver test-infra#1170
  • Changelog
    • Sync/release 0.35.0 #2619
• Release
  • Tag
  • Github Release
• Website
  • docs: added documentation about -A option falco-website#840
  • update(docs): update modern bpf documentation falco-website#958
  • update(docs): sync docs with plugin API 3.0.0 falco-website#983
  • new(content): Falco 0.35.0 blog post falco-website#986
  • new(docs): add container signature documentation falco-website#987
  • Create 0.34 snapshot: https://github.com/falcosecurity/falco-website/tree/v0.34
    • Protect snapshot branch: update(config.yaml): protect website v0.34 snapshot branch test-infra#1176
  • 0.35 as latest: update(params.yaml): bump website to falco v0.35.0 falco-website#992
• Announcements
  • mailing list
  • slack channel
• Post-Release
  • Update helm charts: charts for falco 0.35.0 charts#498
  • Archive community call meeting notes: new(meeting-notes): archived meeting notes for 0.35.0. community#193
  • publish plugins OCI artifacts

Miscs

/milestone 0.35.0

/assign @FedeDP

/kind documentation

[poiana]

@FedeDP: The provided milestone is not valid for this repository. Milestones in this repository: [0.35.0, 0.36.0, 0.37.0]

Use /milestone clear to clear the milestone.

In response to this:

Scheduled to happen: ~2023-05-3

During the community call of 2023-05-17 I proposed myself as a release manager, and together with the other maintainers we plan to release v0.35 as soon as possible.

I Will keep this issue updated with the current status and progress.

Current Status

• Code freeze in falcosecurity/libs
• Code taw in falcosecurity/libs
• Release libs 0.11.0
• Release drivers 5.0.0: https://github.com/falcosecurity/libs/releases/tag/5.0.0%2Bdriver
• Code freeze in falcosecurity/falco
• Open release branch in Falco
• Branch-protect the branch
• Code thaw in falcosecurity/falco
• Release Falco v0.35.0

Release Steps

Process is described in this document.

Release Blocking PRs

Manual Testing Action Items

• Running Falco on Kubernetes with the official Helm Charts
• Running Falco from RPM and DEB artifacts
• Running Falco in a container with the official images
• Running/fuzzing Falco with multiple event sources active in parallel
• Running/fuzzing Falco with variable syscall buffer dimension
• Running Falco in all officially-supported architectures (x86_64, ARM64)
• Running Falco with the supported drivers (kmod, eBPF, gVisor, trace files)
• Test Falco with event generator
• Test that plugins are correctly loaded
• Test memory and CPU usage (with Valgrind and other tools)
• Test latest version of driver loader
• Test that k8s metadata enrichment client works as expected
• Test that all Falco CLI options work as expected
• Check that Falco log messages are correct and consistent
• Test that Falco ruleset loading and validation works as expected

Action Items

• Pre-Release
• Milestone: https://github.com/falcosecurity/falco/milestone/29
• Sync with new falcosecurity/libs release 0.11.0:
• Sync with new falcosecurity/libs driver release 5.0.0:
  • update!: bump libs version, and support latest plugin features, add --nodriver option #2552
• Release plugin-sdk-go
• Release plugins:
• Prebuilt drivers publish
  • new(driverkit): add new driver version 5.0.0+driver and remove the old 2.0.0+driver test-infra#1151
• Changelog
• Release
• Tag
• Github Release
• Website
• Create 0.34 snapshot
  • Protect snapshot branch
• Announcements
• mailing list
• slack channel
• Post-Release
• Update helm charts
• Archive community call meeting notes:

Miscs

/milestone 0.53.0

/assign @FedeDP

/kind documentation

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[FedeDP]

/milestone 0.35.0

[FedeDP]

Current plan:

• We found a couple of regressions in drivers 5.0.0; we will release an updated 5.0.1 patch release (https://github.com/falcosecurity/libs/milestone/17)
• We aim to tag 0.11 and 5.0.1 asap, tomorrow hopefully
• Drivers 5.0.1 will replace 5.0.0 on both Falco and test-infra (download.falco.org prebuilt artifacts)
• Falco 0.35.0 milestone should be completed during this week
• On wednesday 7th june we will tag Falco 0.35

I will update the issue body with the new informations.

[incertum]

@FedeDP unclear how we track updates to https://github.com/falcosecurity/falco/blob/master/userspace/engine/falco_engine_version.h#L19, I believe we added a few new fields after the last change?

[FedeDP]

Mmmh i think it is bumped just once per-release cycle.
@jasondellaluce perhaps has more insights!

[jasondellaluce]

The engine version has been bumped already since the last released Falco version (0.34.1), so we should be good to go with version 17.

It is a simple progressive version number that represents backwards-incompatible changes. It versions things like:

• The YAML schema of the rules files
• The rules's condition parser grammar
• The rule loader internal resolution logic
• The fields supported by the libsinsp version that Falco depends on, which regulates the rules fields and operators available by default
• The plugin API on which Falco depends on, which for instance inderectly regulates legitimate values for required_plugin_versions

[FedeDP]

We now have a release candidate! https://github.com/falcosecurity/falco/releases/tag/0.35.0-rc1

[FedeDP]

BREAKING NEWS: we will need a libs 0.11.1 tag: https://github.com/falcosecurity/libs/milestone/18

[FedeDP]

Update: libs 0.11.1 is going to be tagged soon.
Milestone 0.35.0 on Falco is completed (we only have this issue opened in it).
Rules have seen an RC tag: https://github.com/falcosecurity/rules/releases/tag/falco-rules-1.0.0-rc1
Plugins have been tagged.

[FedeDP]

Libs 0.11.1 tagged: https://github.com/falcosecurity/libs/releases/tag/0.11.1

[FedeDP]

A new rc is out with newest libs: https://github.com/falcosecurity/falco/releases/tag/0.35.0-rc2

[FedeDP]

The release workflow is currently running...https://github.com/falcosecurity/falco/actions/runs/5198352898

[FedeDP]

We found a small bug in the new release workflow; a PR is opened: #2621
The release was removed and we will re-publish it in a couple of hours.

[FedeDP]

We will also bump libs to 0.11.2: falcosecurity/libs#1144

[FedeDP]

The PR with the fix and the libs bump is opened against the release branch: #2622

[FedeDP]

The new tag is live: https://github.com/falcosecurity/falco/releases/tag/0.35.0
Follow release workflow: https://github.com/falcosecurity/falco/actions/runs/5199822395

[FedeDP]

/close

Completed!

[poiana]

@FedeDP: Closing this issue.

In response to this:

/close

Completed!

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.