Refactor CI workflow

corazawaf · Aug 17, 2022 · 0434b60 · 0434b60
1 parent 4fd59e6
commit 0434b60
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 108 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -7,112 +7,57 @@ on:
       - "**/*.md"
       - "LICENSE"
   pull_request:
+  workflow_dispatch:
 
 env:
   GO_VERSION: 1.18
-  TINYGO_VERSION: 0.23.0
+  TINYGO_VERSION: 0.25.0
+  WABT_VERSION: 1.0.29
 
 jobs:
-  test:
-    runs-on: ubuntu-20.04
-    steps:
-      # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
-      - name: Check out code
-        uses: actions/[email protected]
-        with:
-          fetch-depth: 0
-          submodules: true
-
-      - name: Install Go
-        uses: actions/setup-go@v1
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: Run tests
-        shell: bash
-        run: make test
-
   build:
-    runs-on: ubuntu-20.04
-    needs: test
+    runs-on: ubuntu-22.04
     steps:
-      # submodule needs .git folder, which is missing without installing a newer git command
-      # https://github.com/actions/checkout/issues/335
-      - name: "Install latest `git`"
-        run: |
-          sudo apt purge git -y
-          sudo apt-get update && sudo apt-get install -y software-properties-common make
-          sudo add-apt-repository ppa:git-core/ppa -y
-          # apt update fails to fetch some repo due to cert failure. Skip them.
-          sudo apt update || true; sudo apt install -y --no-install-recommends git
-
       - name: Check out code
-        uses: actions/[email protected]
-        with:
-          fetch-depth: 0
-          submodules: true
+        uses: actions/checkout@v3
 
       - name: Install Go
         uses: actions/setup-go@v3
         with:
           go-version: ${{ env.GO_VERSION }}
+          cache: true
 
-      - name: Install TinyGo
+      - name: Install TinyGo and wabt
         run: |
-          wget https://github.com/tinygo-org/tinygo/releases/download/v${TINYGO_VERSION}/tinygo_${TINYGO_VERSION}_amd64.deb
-          sudo dpkg -i tinygo_${TINYGO_VERSION}_amd64.deb
-          export PATH=$PATH:/usr/local/bin
-
-      - name: "Cache generated .wasm file"
-        uses: actions/cache@v2
+          gh release download v${TINYGO_VERSION} -p '*.linux-amd64.tar.gz' -D ~ -R github.com/tinygo-org/tinygo
+          tar -xf ~/tinygo${TINYGO_VERSION}.linux-amd64.tar.gz  -C $HOME
+          echo "$HOME/tinygo/bin" >> $GITHUB_PATH
+
+          gh release download ${WABT_VERSION} -p '*-ubuntu.tar.gz' -D ~ -R github.com/WebAssembly/wabt
+          tar -xf ~/wabt-${WABT_VERSION}-ubuntu.tar.gz  -C $HOME
+          echo "$HOME/wabt-${WABT_VERSION}/bin" >> $GITHUB_PATH
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Cache TinyGo build
+        uses: actions/cache@v3
         with:
           path: |
-            build/main.wasm
-          key: ${{ runner.os }}-cache-build-${{ github.sha }}
+            ~/.cache/tinygo
+          key: ${{ runner.os }}-tinygo-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-tinygo-
+
+      - name: Run tests
+        run: make test
 
       - name: Build WASM filter
-        shell: bash
         run: make build
 
-      - name: Install WASM
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-
-      - name: Install Cargo
-        uses: actions-rs/cargo@v1
-        with:
-          command: install
-          args: wasm-tools
-
-      - name: Validate WASM output
-        shell: bash
-        run: wasm-tools validate build/main.wasm
-
-  e2e-test:
-    runs-on: ubuntu-20.04
-    needs: build
-    steps:
-      - name: "Checkout"
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-
       - name: "Install func-e"
         shell: bash
         run: curl https://func-e.io/install.sh | bash -s -- -b /usr/local/bin
 
-      - name: "Restore the wasm files cache"
-        uses: actions/cache@v2
-        with:
-          path: |
-            build/main.wasm
-          key: ${{ runner.os }}-cache-build-${{ github.sha }}
-
-      - name: "Verify build"
-        shell: bash
-        run: test -f build/main.wasm
-
       - name: "Spin up server and envoy"
         shell: bash
         run: |
@@ -123,37 +68,34 @@ jobs:
         run: |
           ./e2e/tests.sh
 
-  package:
-    runs-on: ubuntu-20.04
-    needs: e2e-test
-    steps:
-      - name: "Checkout"
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-
-      - name: "Restore the wasm files cache"
-        uses: actions/cache@v2
-        with:
-          path: |
-            build/main.wasm
-          key: ${{ runner.os }}-cache-build-${{ github.sha }}
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
-      - name: Login to DockerHub
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/${{ github.repository }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}
+
+      - name: Login to GHCR
         uses: docker/login-action@v2
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
         uses: docker/build-push-action@v3
         with:
           context: .
           push: ${{ github.event_name == 'push' }}
-          tags: jcchavezs/coraza-wasm-filter:latest
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,3 @@
 FROM scratch
 
-LABEL org.opencontainers.image.source=https://github.com/jcchavezs/coraza-wasm-filter
-
 COPY build/main.wasm /plugin.wasm
diff --git a/Makefile b/Makefile
@@ -5,10 +5,17 @@ CONTAINER_NAME=$(ARTIFACT_NAME)-build
 .PHONY: build
 build:
 	mkdir -p ./build
-	tinygo build -o build/main.wasm -scheduler=none -target=wasi ./main.go
+	tinygo build -o build/mainraw.wasm -scheduler=none -target=wasi ./main.go
+# Removes unused code, which is important since compiled unused code may import unavailable host functions
+	wasm-opt -Os -c build/mainraw.wasm -o build/mainopt.wasm
+# Unfortuantely the imports themselves are left due to potential use with call_indirect. Hack away missing functions
+# until they are stubbed in Envoy because we know we don't need them.
+	wasm2wat build/mainopt.wasm -o build/mainopt.wat
+	sed 's/fd_filestat_get/fd_fdstat_get/g' build/mainopt.wat | sed 's/"wasi_snapshot_preview1" "path_filestat_get"/"env" "proxy_get_header_map_value"/g' > build/main.wat
+	wat2wasm build/main.wat -o build/main.wasm
 
 test:
-	go test -tags="proxytest tinygo" ./...
+	go test -tags="proxytest" ./...
 
 server-test-build:
 	docker build --progress=plain -t $(IMAGE_NAME) -f Dockerfile.server-test .