build: add minimal and statically linked builds

[leogr]

What type of PR is this?

/kind feature

Any specific area of the project related to this PR?

/area build

/area engine

What this PR does / why we need it:

This PR follows draios/sysdig#1682 up and introduces two building options:

• MINIMAL_BUILD allows making a stripped-down version of the Falco binary containing only the engine and basic input/output
• MUSL_OPTIMIZED_BUILD allows making a statically linked binary (using musl)

The two options can be used separately.

Finally, this PR adds a new step in the CI pipeline to build and publish a new kind of artifact: a TGZ package containing the statically linked binary of Falco.

Special notes for your reviewer:

TODOs:

• enable publishing the new TGZ for git tag (currently enabled on the master branch only - dev release) done by a19e759

• list the new TGZ in the README.md not needed, since the binary link points to both static and non-static tgzs

• mark the minimal build as experimental (we will not publish it)

• with -DMINIMAL_BUILD=True, the sysdig dependency produces a reduced set of fields thus this check will fail 👉 disable the checksum for minimal build (as discussed with @leodido and @fntlnz)

• add CI step for minimal build

• use the static build (musl) as default binary for the TGZ

• use the static build (musl) as default for the falcosecurity/no-driver container image

• Stripped and musl build options draios/sysdig#1682 needs to be merged

• sysdig version must be updated here, once ☝️ that gets merged (see the comment in the code)

• push the modified falco-tester to the latest tag, and update the reference here (see the comment in the code)

• document the new building options in https://github.com/falcosecurity/falco-website

/hold
/milestone 0.26.0

Does this PR introduce a user-facing change?:

new: tgz (tarball) containing the statically-linked (musl) binary of Falco is now automatically built and published on bintray
update: falcosecurity/falco-no-driver image now uses the statically-linked Falco

[krisnova]

Should we expect any changes with the signal handler with this? I ran @fntlnz's static binary from some time ago and I noticed that Falco was no longer respecting ^C signals from my keyboard. I had to kill -9 the PID in order to exit the program.

[fntlnz]

@kris-nova that might be a problem in the binary I generated back then. I just tested this with the latest commit and the signal handlers are having the right behavior.

[leogr]

Should we expect any changes with the signal handler with this? I ran @fntlnz's static binary from some time ago and I noticed that Falco was no longer respecting ^C signals from my keyboard. I had to kill -9 the PID in order to exit the program.

Hey Kris,

I did not notice this problem in the statically linked build.

BTW, the one in your screenshot should not be a build from this branch since from version 0.25.0 Falco prints out the version number (can you see that in the @fntlnz screenshot).

[leodido]

🧨

[poiana]

LGTM label has been added.

Git tree hash: 0aa37d86837597517396167d5ea0d15741a1a5eb

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fntlnz, leodido

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [fntlnz,leodido]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[fntlnz]

/hold cancel