publish packages to S3 (download.falco.org) #1577

leogr · 2021-03-11T14:10:07Z

What type of PR is this?

/kind feature

Any specific area of the project related to this PR?

/area build

What this PR does / why we need it:

This PR introduces scripts to deal with updates of Debian and RPM repositories and modify CI jobs to publish packages (ie. bin-dev, deb-dev, rpm-dev, bin, deb, rpm) to our S3 bucket which serves those files at https://download.falco.org/

Which issue(s) this PR fixes:

Fixes #1567

Special notes for your reviewer:

~~If this works as expected, a follow-up PR will update the configuration to publish stable packages too (ie. bin, deb, rpm) in the same way.~~
I'm confident that scripts work as expected, so I decided to include the stable packages too in this PR. A follow-up PR might come in case of unexpected issues.

The artifact cleanup job has been disabled since it is intended to work with Bintray only. If needed, we can refactor or clean up it in a follow-up PR.

Does this PR introduce a user-facing change?:

build: now Falco packages are published at https://download.falco.org
BREAKING CHANGE:  Bintray is deprecated, no new packages will be published at https://dl.bintray.com/falcosecurity/

leogr · 2021-03-11T17:00:17Z

Update:

I did some tests in a simulated environment:

publish-bin worked as expected, results here 👉 https://download.falco.org/?prefix=packages/bin/x86_64/
publish-rpm worked as expected too, results here 👉 https://download.falco.org/?prefix=packages/rpm-dev/

publish-deb is still not tested, wip.
cicleci config is untested too, ofc.

Early feedback is welcome.

/cc @leodido
/cc @fntlnz

fntlnz

Good job leo! Just a quick note while this is still wip

.circleci/config.yml

leogr · 2021-03-12T12:29:43Z

Update:
I have added AWS_CLOUDFRONT_DIST_ID to the test-infra context on CircleCI.
It's required for the CloudFront cache invalidation.

leogr · 2021-03-12T16:05:21Z

publish-deb worked, results 👉 https://download.falco.org/?prefix=packages/deb-dev/

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

poiana · 2021-03-25T17:15:13Z

LGTM label has been added.

Git tree hash: d6034ccca6f5247e0178feb667e58dd36c18a896

leodido · 2021-03-26T11:28:45Z

.circleci/config.yml

-            jfrog bt u /build/release/falco-${FALCO_VERSION}-x86_64.deb falcosecurity/deb-dev/falco/${FALCO_VERSION} stable/ --deb stable/main/amd64 --user poiana --key ${BINTRAY_SECRET} --publish --override
+            yum update -y
+            yum install createrepo gpg -y
+            echo $GPG_KEY | base64 -d | gpg --import


Let's remember in the future (when we'll move these jobs to ProwJobs) that echo -e $GPG_KEY works ok (no need to base64 encode/decode).

.circleci/config.yml

README.md

leodido · 2021-03-26T11:34:06Z

README.md

-| rpm    | [![rpm-dev](https://img.shields.io/bintray/v/falcosecurity/rpm-dev/falco?label=Falco&color=%2300aec7&style=flat-square)][1] | [![rpm](https://img.shields.io/bintray/v/falcosecurity/rpm/falco?label=Falco&color=%23005763&style=flat-square)][2] |
-| deb    | [![deb-dev](https://img.shields.io/bintray/v/falcosecurity/deb-dev/falco?label=Falco&color=%2300aec7&style=flat-square)][3] | [![deb](https://img.shields.io/bintray/v/falcosecurity/deb/falco?label=Falco&color=%23005763&style=flat-square)][4] |
-| binary | [![bin-dev](https://img.shields.io/bintray/v/falcosecurity/bin-dev/falco?label=Falco&color=%2300aec7&style=flat-square)][5] | [![bin](https://img.shields.io/bintray/v/falcosecurity/bin/falco?label=Falco&color=%23005763&style=flat-square)][6] |
+| rpm    | [![rpm-dev](https://img.shields.io/badge/dynamic/xml?color=%2300aec7&style=flat-square&label=Falco&query=substring-before%28substring-after%28%28%2F%2A%5Bname%28%29%3D%27ListBucketResult%27%5D%2F%2A%5Bname%28%29%3D%27Contents%27%5D%29%5Blast%28%29%5D%2F%2A%5Bname%28%29%3D%27Key%27%5D%2C%22falco-%22%29%2C%22.asc%22%29&url=https%3A%2F%2Ffalco-distribution.s3-eu-west-1.amazonaws.com%2F%3Fprefix%3Dpackages%2Frpm-dev%2Ffalco-)][1] | [![rpm](https://img.shields.io/badge/dynamic/xml?color=%2300aec7&style=flat-square&label=Falco&query=substring-before%28substring-after%28%28%2F%2A%5Bname%28%29%3D%27ListBucketResult%27%5D%2F%2A%5Bname%28%29%3D%27Contents%27%5D%29%5Blast%28%29%5D%2F%2A%5Bname%28%29%3D%27Key%27%5D%2C%22falco-%22%29%2C%22.asc%22%29&url=https%3A%2F%2Ffalco-distribution.s3-eu-west-1.amazonaws.com%2F%3Fprefix%3Dpackages%2Frpm%2Ffalco-)][2] |


Great job :D

scripts/publish-deb

README.md

leodido

LGTM

There are some cleanup things but we'll fix them in a follow-up PR, nothing top priority.

poiana · 2021-03-26T11:55:03Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fntlnz, leodido

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [fntlnz,leodido]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Applying suggestions from #1577 Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com> Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

poiana added release-note-none kind/feature do-not-merge/work-in-progress dco-signoff: yes area/build labels Mar 11, 2021

poiana requested review from jonahjon and krisnova March 11, 2021 14:10

poiana added the size/XL label Mar 11, 2021

leogr force-pushed the build/publish-pkg-on-s3 branch from 3be8ab6 to fcbc120 Compare March 11, 2021 14:12

poiana requested review from fntlnz and leodido March 11, 2021 17:00

fntlnz reviewed Mar 12, 2021

View reviewed changes

.circleci/config.yml Outdated Show resolved Hide resolved

leogr force-pushed the build/publish-pkg-on-s3 branch from 04d8ae3 to 3d462d1 Compare March 12, 2021 12:28

leogr added 7 commits March 12, 2021 17:39

build(scripts): publishing script for bin packages

e97b4be

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

build(scripts): publishing script for RPMs

05c9d64

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

build(scripts): publishing script for DEBs

cf33e99

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

build(scripts): add cloudfront invalidation for publishing scripts

ebedb05

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

build(docker): fetch packages from download.falco.org

cefc4cf

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

build(.circleci): publish dev packages to S3

bf23b34

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

build(.circleci): publish packages to S3

b47a256

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

leogr force-pushed the build/publish-pkg-on-s3 branch from 3d462d1 to b47a256 Compare March 12, 2021 17:02

leogr added this to the 0.28.0 milestone Mar 15, 2021

poiana added release-note and removed release-note-none labels Mar 15, 2021

docs: update links and badges for download.falco.org

3034b57

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

leogr changed the title ~~wip: publish dev packages pkg to S3 (download.falco.org)~~ publish dev packages pkg to S3 (download.falco.org) Mar 16, 2021

poiana removed the do-not-merge/work-in-progress label Mar 16, 2021

leogr added the priority/high label Mar 23, 2021

fntlnz approved these changes Mar 25, 2021

View reviewed changes

poiana assigned fntlnz Mar 25, 2021

poiana added the lgtm label Mar 25, 2021

poiana added the approved label Mar 25, 2021