Kcl/extract plugin requirements

.github/workflows/integration.yaml

@@ -21,6 +21,12 @@ jobs:
         exclude:
           - goarch: arm64
             goos: windows
+        include:
+          - goarch: arm64
+            goos: linux
+            cc: aarch64-linux-gnu-gcc
+            cgo: 1
+      fail-fast: false
     steps:
       - name: Checkout commit
         uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
@@ -33,13 +39,17 @@ jobs:
           go-version: '1.21'
           check-latest: true
 
+      - name: Install gcc for cross-compiling
+        run: sudo apt update && sudo apt install gcc-aarch64-linux-gnu
+
       - name: Build Falcoctl
         run: >
           go build -ldflags="-s -w" -o falcoctl-${{ matrix.goos }}-${{ matrix.goarch }} .
         env:
-          CGO_ENABLED: 0
+          CGO_ENABLED: ${{ matrix.cgo }}
           GOOS: ${{ matrix.goos }}
           GOARCH: ${{ matrix.goarch }}
+          CC: ${{ matrix.cc }}
 
       - name: Create Archives
         run: |

cmd/registry/push/pluginLinux.go

@@ -0,0 +1,75 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (C) 2024 The Falco Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+//go:build linux
+
+package push
+
+import (
+	"fmt"
+	"runtime"
+
+	"github.com/falcosecurity/plugin-sdk-go/pkg/loader"
+	"github.com/pterm/pterm"
+
+	"github.com/falcosecurity/falcoctl/pkg/oci"
+	"github.com/falcosecurity/falcoctl/pkg/options"
+)
+
+func pluginConfigLayer(logger *pterm.Logger, filePath, platform string, artifactOptions *options.Artifact) (*oci.ArtifactConfig, error) {
+	config := &oci.ArtifactConfig{
+		Name:    artifactOptions.Name,
+		Version: artifactOptions.Version,
+	}
+
+	// Parse the requirements.
+	// Check if the user has provided any.
+	if len(artifactOptions.Requirements) != 0 {
+		logger.Info("Requirements provided by user", logger.Args("plugin", filePath))
+		if err := config.ParseRequirements(artifactOptions.Requirements...); err != nil {
+			return nil, err
+		}
+	} else {
+		logger.Info("Parsing requirements from: ", logger.Args("plugin", filePath))
+		sysPlatform := fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)
+		// If no user provided requirements then try to parse them from the plugin.
+		if platform != sysPlatform {
+			logger.Info("Skipping, incompatible platform", logger.Args("plugin", platform, "current system", sysPlatform))
+			return nil, nil
+		}
+		req, err := pluginRequirement(filePath)
+		if err != nil {
+			return nil, err
+		}
+		config.SetRequirement(req.Name, req.Version)
+	}
+
+	return config, nil
+}
+
+// pluginRequirement given a plugin as a shared library it loads it and gets the api version
+// required by the plugin.
+func pluginRequirement(filePath string) (*oci.ArtifactRequirement, error) {
+	plugin, err := loader.NewPlugin(filePath)
+	if err != nil {
+		return nil, fmt.Errorf("unable to open plugin %q: %w", filePath, err)
+	}
+
+	return &oci.ArtifactRequirement{
+		Name:    pluginRequirementKey,
+		Version: plugin.Info().RequiredAPIVersion,
+	}, nil
+}

cmd/registry/push/pluginOthers.go

@@ -0,0 +1,46 @@
+// Copyright (C) 2024 The Falco Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+//go:build !linux
+
+package push
+
+import (
+	"github.com/pterm/pterm"
+
+	"github.com/falcosecurity/falcoctl/pkg/oci"
+	"github.com/falcosecurity/falcoctl/pkg/options"
+)
+
+func pluginConfigLayer(logger *pterm.Logger, filePath, platform string, artifactOptions *options.Artifact) (*oci.ArtifactConfig, error) {
+	config := &oci.ArtifactConfig{
+		Name:    artifactOptions.Name,
+		Version: artifactOptions.Version,
+	}
+
+	// Parse the requirements.
+	// Check if the user has provided any.
+	if len(artifactOptions.Requirements) != 0 {
+		logger.Info("Requirements provided by user", logger.Args("plugin", filePath))
+		if err := config.ParseRequirements(artifactOptions.Requirements...); err != nil {
+			return nil, err
+		}
+	} else {
+		logger.Warn("Not going to parse requirements from plugin since the falcoctl build is not for linux")
+	}
+
+	return config, nil
+}

cmd/registry/push/push.go

@@ -169,8 +169,18 @@ func (o *pushOptions) runPush(ctx context.Context, args []string) error {
 				if config, err = rulesConfigLayer(o.Printer.Logger, p, o.Artifact); err != nil {
 					return err
 				}
+			} else if o.ArtifactType == oci.Plugin {
+				var cfg *oci.ArtifactConfig
+				if cfg, err = pluginConfigLayer(o.Printer.Logger, p, o.Platforms[i], o.Artifact); err != nil {
+					return err
+				}
+				// This check is to prevent to overwrite the configuration with nil value when multiple platform plugin
+				// is processed.
+				if cfg != nil {
+					config = cfg
+				}
 			}
-			path, err := utils.CreateTarGzArchive(p)
+			path, err := utils.CreateTarGzArchive("", p)
 			if err != nil {
 				return err
 			}
@@ -218,11 +228,14 @@ func (o *pushOptions) runPush(ctx context.Context, args []string) error {
 }
 
 const (
+	// depsKey is the key for deps in the rulesfiles.
 	depsKey = "required_plugin_versions"
 	// engineKey is the key in the rulesfiles.
 	engineKey = "required_engine_version"
 	// engineRequirementKey is used as name for the engine requirement in the config layer for the rulesfile artifacts.
 	engineRequirementKey = "engine_version_semver"
+	// pluginRequirementKey is used as name for the plugin api version requirement in the config layer for the plugin artifacts.
+	pluginRequirementKey = "plugin_api_version"
 )
 
 func rulesConfigLayer(logger *pterm.Logger, filePath string, artifactOptions *options.Artifact) (*oci.ArtifactConfig, error) {
@@ -243,10 +256,10 @@ func rulesConfigLayer(logger *pterm.Logger, filePath string, artifactOptions *op
 		return nil, fmt.Errorf("unable to unmarshal rulesfile %s: %w", filePath, err)
 	}
 
-	// Parse the plugin dependency.
+	// Parse the artifact dependencies.
 	// Check if the user has provided any.
 	if len(artifactOptions.Dependencies) != 0 {
-		logger.Info("Dependencies provided by user")
+		logger.Info("Dependencies provided by user", logger.Args("rulesfile", filePath))
 		if err = config.ParseDependencies(artifactOptions.Dependencies...); err != nil {
 			return nil, err
 		}