Build the collector binary directly in the docker image build

.dockerignore

@@ -0,0 +1,5 @@
+*
+**
+!collector/
+!falcosecurity-libs/
+!CMakeLists.txt

Makefile

@@ -6,6 +6,9 @@ NPROCS ?= $(shell nproc)
 DEV_SSH_SERVER_KEY ?= $(CURDIR)/.collector_dev_ssh_host_ed25519_key
 BUILD_BUILDER_IMAGE ?= false
 
+DOCKERFILE = collector/container/Dockerfile
+BUILD_TYPE = rhel
+
 export COLLECTOR_VERSION := $(COLLECTOR_TAG)
 
 .PHONY: tag
@@ -18,7 +21,7 @@ builder-tag:
 
 .PHONY: container-dockerfile-dev
 container-dockerfile-dev:
-	sed '1s/ubi-minimal/ubi/' $(CURDIR)/collector/container/Dockerfile > \
+	sed 's/ubi-minimal/ubi/' $(CURDIR)/collector/container/Dockerfile > \
 		$(CURDIR)/collector/container/Dockerfile.dev
 
 .PHONY: builder
@@ -41,22 +44,24 @@ connscrape:
 unittest:
 	make -C collector unittest
 
-image: collector unittest
+image:
 	make -C collector txt-files
 	docker buildx build --load --platform ${PLATFORM} \
+		--build-arg BUILD_TYPE="$(BUILD_TYPE)" \
+		--build-arg CMAKE_BUILD_TYPE="$(CMAKE_BUILD_TYPE)" \
+		--build-arg USE_VALGRIND="$(USE_VALGRIND)" \
+		--build-arg ADDRESS_SANITIZER="$(ADDRESS_SANITIZER)" \
+		--build-arg TRACE_SINSP_EVENTS="$(TRACE_SINSP_EVENTS)" \
+		--build-arg BPF_DEBUG_MODE="$(BPF_DEBUG_MODE)" \
 		--build-arg COLLECTOR_VERSION="$(COLLECTOR_TAG)" \
-		-f collector/container/Dockerfile \
+		--build-arg BUILDER_TAG="$(COLLECTOR_BUILDER_TAG)" \
+		-f "$(DOCKERFILE)" \
 		-t quay.io/stackrox-io/collector:$(COLLECTOR_TAG) \
 		$(COLLECTOR_BUILD_CONTEXT)
 
-image-dev: collector unittest container-dockerfile-dev
-	make -C collector txt-files
-	docker buildx build --load --platform ${PLATFORM} \
-		--build-arg COLLECTOR_VERSION="$(COLLECTOR_TAG)" \
-		--build-arg BUILD_TYPE=devel \
-		-f collector/container/Dockerfile.dev \
-		-t quay.io/stackrox-io/collector:$(COLLECTOR_TAG) \
-		$(COLLECTOR_BUILD_CONTEXT)
+image-dev: DOCKERFILE = collector/container/Dockerfile.dev
+image-dev: BUILD_TYPE = devel
+image-dev: container-dockerfile-dev image
 
 .PHONY: integration-tests-report
 integration-tests-report:

Makefile-constants.mk

@@ -17,5 +17,5 @@ TRACE_SINSP_EVENTS ?= false
 DISABLE_PROFILING ?= false
 BPF_DEBUG_MODE ?= false
 
-COLLECTOR_BUILD_CONTEXT = collector/
+COLLECTOR_BUILD_CONTEXT = $(CURDIR)
 COLLECTOR_BUILDER_NAME ?= collector_builder_$(HOST_ARCH)

ansible/ci-build-builder.yml

@@ -1,5 +1,5 @@
 ---
-- name: Build and push collector image
+- name: Build and push collector-builder image
   hosts: "{{ build_hosts | default('all') }}"
 
   environment:

ansible/ci-build-collector.yml

@@ -27,11 +27,6 @@
         recursive: true
       when: arch == "s390x"
 
-    - name: Run the builder image
-      community.general.make:
-        chdir: "{{ ansible_env.GITHUB_WORKSPACE | default(collector_root) }}"
-        target: start-builder
-
     - name: Build the collector image
       community.general.make:
         chdir: "{{ ansible_env.GITHUB_WORKSPACE | default(collector_root) }}"

collector/Makefile

@@ -5,45 +5,10 @@ NPROCS ?= $(shell nproc)
 
 CMAKE_BASE_DIR = cmake-build
 CMAKE_DIR= $(BASE_PATH)/$(CMAKE_BASE_DIR)
-COLLECTOR_BIN_DIR = $(CMAKE_DIR)/collector
-LIBSINSP_BIN_DIR = $(CMAKE_DIR)/collector/EXCLUDE_FROM_DEFAULT_BUILD/libsinsp
 SRC_MOUNT_DIR = /tmp/collector
 
-HDRS := $(wildcard lib/*.h) $(shell find $(BASE_PATH)/falcosecurity-libs/userspace -name '*.h')
-
-SRCS := $(wildcard lib/*.cpp) collector.cpp
-
-COLLECTOR_BUILD_DEPS := $(HDRS) $(SRCS) $(shell find $(BASE_PATH)/falcosecurity-libs -name '*.h' -o -name '*.cpp' -o -name '*.c')
-
 .SUFFIXES:
 
-cmake-configure/collector:
-	docker exec $(COLLECTOR_BUILDER_NAME) \
-		cmake -S $(BASE_PATH) -B $(CMAKE_DIR) \
-			-DCMAKE_BUILD_TYPE=$(CMAKE_BUILD_TYPE) \
-			-DDISABLE_PROFILING=$(DISABLE_PROFILING) \
-			-DUSE_VALGRIND=$(USE_VALGRIND) \
-			-DADDRESS_SANITIZER=$(ADDRESS_SANITIZER) \
-			-DTRACE_SINSP_EVENTS=$(TRACE_SINSP_EVENTS) \
-			-DBPF_DEBUG_MODE=$(BPF_DEBUG_MODE) \
-			-DCOLLECTOR_VERSION=$(COLLECTOR_VERSION)
-
-cmake-build/collector: cmake-configure/collector $(COLLECTOR_BUILD_DEPS)
-	docker exec $(COLLECTOR_BUILDER_NAME) \
-		cmake --build $(CMAKE_DIR) -- -j $(NPROCS)
-	docker exec $(COLLECTOR_BUILDER_NAME) \
-		bash -c "[ $(CMAKE_BUILD_TYPE) == Release ] && strip --strip-unneeded $(COLLECTOR_BIN_DIR)/collector || exit 0"
-
-container/bin/collector: cmake-build/collector
-	mkdir -p container/bin
-	cp "$(COLLECTOR_BIN_DIR)/collector" container/bin/collector
-	cp "$(COLLECTOR_BIN_DIR)/self-checks" container/bin/self-checks
-
-.PHONY: collector
-collector: container/bin/collector txt-files
-	mkdir -p container/libs
-	docker cp $(COLLECTOR_BUILDER_NAME):/THIRD_PARTY_NOTICES/ container/
-
 .PHONY: build-connscrape-test
 build-connscrape-test:
 	docker build -f $(CURDIR)/connscrape-test/Dockerfile -t connscrape-test $(CURDIR)/connscrape-test
@@ -54,7 +19,7 @@ connscrape: build-connscrape-test
 		-v "$(BASE_PATH):$(SRC_MOUNT_DIR)" \
 		connscrape-test "$(SRC_MOUNT_DIR)/collector/connscrape-test/connscrape-test.sh"
 
-unittest: collector
+unittest:
 	docker exec $(COLLECTOR_BUILDER_NAME) \
 		ctest -V --test-dir $(CMAKE_DIR)
 

collector/container/Dockerfile

@@ -1,3 +1,39 @@
+ARG BUILDER_TAG=master
+FROM quay.io/stackrox-io/collector-builder:${BUILDER_TAG} AS builder
+
+ARG CMAKE_BUILD_TYPE=Release
+ARG USE_VALGRIND=false
+ARG ADDRESS_SANITIZER=false
+ARG TRACE_SINSP_EVENTS=false
+ARG COLLECTOR_VERSION=0.0.0
+ARG BPF_DEBUG_MODE=false
+
+COPY . /collector-src
+WORKDIR /collector-src
+
+RUN --mount=type=cache,target=/collector-src/build \
+    if [[ "$(uname -m)" == "x86_64" ]];   \
+        then DISABLE_PROFILING="OFF";   \
+        else DISABLE_PROFILING="ON";    \
+    fi ; \
+    cmake -S . -B build/ \
+        -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} \
+        -DDISABLE_PROFILING=${DISABLE_PROFILING} \
+        -DUSE_VALGRIND=${USE_VALGRIND} \
+        -DADDRESS_SANITIZER=${ADDRESS_SANITIZER} \
+        -DCOLLECTOR_VERSION=${COLLECTOR_VERSION} \
+        -DBPF_DEBUG_MODE=${BPF_DEBUG_MODE} \
+        -DTRACE_SINSP_EVENTS=${TRACE_SINSP_EVENTS} && \
+    cmake --build build/ -- -j$(nproc) && \
+    ctest -V --test-dir build && \
+    # podman does not bake cache mounts into the final image, so
+    # we need to move the required binaries out of it.
+    if [[ "${CMAKE_BUILD_TYPE}" == "Release" ]]; \
+        then strip -v --strip-unneeded -o /tmp/collector build/collector/collector; \
+        else cp build/collector/collector /tmp/; \
+    fi ; \
+    cp build/collector/self-checks /tmp/
+
 FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3
 
 ARG BUILD_TYPE=rhel
@@ -16,17 +52,17 @@ LABEL name="collector" \
 
 WORKDIR /
 
-COPY container/${BUILD_TYPE}/install.sh /
+COPY collector/container/${BUILD_TYPE}/install.sh /
 RUN ./install.sh && rm -f install.sh
 
 # Uncomment this line to enable generation of core for collector
 # RUN echo '/core/core.%e.%p.%t' > /proc/sys/kernel/core_pattern
 
-COPY container/THIRD_PARTY_NOTICES/ /THIRD_PARTY_NOTICES/
-COPY kernel-modules /kernel-modules
-COPY container/bin/collector /usr/local/bin/
-COPY container/bin/self-checks /usr/local/bin/self-checks
-COPY container/status-check.sh /usr/local/bin/status-check.sh
+COPY --from=builder /THIRD_PARTY_NOTICES/ /THIRD_PARTY_NOTICES/
+COPY collector/kernel-modules /kernel-modules
+COPY --from=builder /tmp/collector /usr/local/bin/
+COPY --from=builder /tmp/self-checks /usr/local/bin/self-checks
+COPY collector/container/status-check.sh /usr/local/bin/status-check.sh
 
 EXPOSE 8080 9090