From bc118067f6457fd91b0bed0f4dc51c6f7753fddf Mon Sep 17 00:00:00 2001 From: Anuraag Agrawal Date: Thu, 6 Oct 2022 17:54:35 +0900 Subject: [PATCH] Update to TinyGo 0.26 (#31) --- .github/workflows/buildtools-tinygo.yaml | 61 ------------------------ .github/workflows/ci.yaml | 10 ++-- README.md | 3 +- buildtools/tinygo/Dockerfile | 20 -------- buildtools/tinygo/wasi-libc.Dockerfile | 13 ----- go.mod | 1 + go.sum | 2 + magefile.go | 61 +++++++++++++----------- 8 files changed, 40 insertions(+), 131 deletions(-) delete mode 100644 .github/workflows/buildtools-tinygo.yaml delete mode 100644 buildtools/tinygo/Dockerfile delete mode 100644 buildtools/tinygo/wasi-libc.Dockerfile diff --git a/.github/workflows/buildtools-tinygo.yaml b/.github/workflows/buildtools-tinygo.yaml deleted file mode 100644 index 32ac1da..0000000 --- a/.github/workflows/buildtools-tinygo.yaml +++ /dev/null @@ -1,61 +0,0 @@ -name: Build TinyGo -on: - push: - branches: - - main - paths: - - buildtools/tinygo/** - - .github/workflows/buildtools-tinygo.yaml - pull_request: - branches: - - main - paths: - - buildtools/tinygo/** - - .github/workflows/buildtools-tinygo.yaml - -jobs: - build: - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - services: - registry: - image: registry:2 - ports: - - 5000:5000 - steps: - - uses: actions/checkout@v3 - - - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - uses: docker/setup-qemu-action@v2 - - uses: docker/setup-buildx-action@v2 - with: - driver-opts: network=host - - - uses: docker/metadata-action@v4 - id: meta - with: - images: ghcr.io/${{ github.repository }}/buildtools-tinygo - - - uses: docker/build-push-action@v3 - with: - context: buildtools/tinygo - file: buildtools/tinygo/wasi-libc.Dockerfile - push: true - platforms: linux/amd64 - tags: localhost:5000/buildtools-tinygo-wasi-libc:main - - - uses: docker/build-push-action@v3 - with: - context: buildtools/tinygo - push: ${{ github.event_name != 'pull_request' }} - platforms: linux/amd64,linux/arm64 - build-args: WASI_LIBC_IMAGE=localhost:5000/buildtools-tinygo-wasi-libc:main - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e3b5a4e..ae25158 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -10,8 +10,8 @@ on: workflow_dispatch: env: - GO_VERSION: 1.18 - TINYGO_VERSION: 0.25.0 + GO_VERSION: 1.19 + TINYGO_VERSION: 0.26.0 WABT_VERSION: 1.0.29 # The SHA of the envoy version comes from https://github.com/istio/proxy/blob/master/WORKSPACE#L42 # Here we aim to support: @@ -39,15 +39,11 @@ jobs: go-version: ${{ env.GO_VERSION }} cache: true - - name: Install TinyGo and wabt + - name: Install TinyGo run: | gh release download v${TINYGO_VERSION} -p '*.linux-amd64.tar.gz' -D ~ -R github.com/tinygo-org/tinygo tar -xf ~/tinygo${TINYGO_VERSION}.linux-amd64.tar.gz -C $HOME echo "$HOME/tinygo/bin" >> $GITHUB_PATH - - gh release download ${WABT_VERSION} -p '*-ubuntu.tar.gz' -D ~ -R github.com/WebAssembly/wabt - tar -xf ~/wabt-${WABT_VERSION}-ubuntu.tar.gz -C $HOME - echo "$HOME/wabt-${WABT_VERSION}/bin" >> $GITHUB_PATH env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/README.md b/README.md index 985c0eb..b960b26 100644 --- a/README.md +++ b/README.md @@ -24,9 +24,8 @@ Targets: ### Building the filter ->Note: The build of the Wasm filter currently relies on Go `1.18.*`. On MacOS, you can install it with `brew install go@1.18` and then use ``` -PATH=/opt/homebrew/Cellar/go@1.18/1.18.6/bin:$PATH GOROOT=/opt/homebrew/Cellar/go@1.18/1.18.6/libexec go run mage.go build +go run mage.go build ``` You will find the WASM plugin under `./build/main.wasm`. diff --git a/buildtools/tinygo/Dockerfile b/buildtools/tinygo/Dockerfile deleted file mode 100644 index 7d79302..0000000 --- a/buildtools/tinygo/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright 2022 The OWASP Coraza contributors -# SPDX-License-Identifier: Apache-2.0 - -ARG WASI_LIBC_IMAGE -FROM --platform=linux/amd64 ${WASI_LIBC_IMAGE:-ghcr.io/corazawaf/coraza-proxy-wasm/buildtools-tinygo-wasi-libc:main} AS wasi-libc - -FROM ghcr.io/corazawaf/coraza-proxy-wasm/buildtools-wasi-sdk:main - -ARG TARGETARCH - -RUN curl -L https://go.dev/dl/go1.19.1.linux-${TARGETARCH:-amd64}.tar.gz | tar -xz - -ENV PATH /go/bin:/root/go/bin:$PATH -ENV GOROOT /go - -RUN apt-get install -y libclang-14-dev wabt binaryen - -COPY --from=wasi-libc /tinygo /tinygo -WORKDIR /tinygo -RUN go install diff --git a/buildtools/tinygo/wasi-libc.Dockerfile b/buildtools/tinygo/wasi-libc.Dockerfile deleted file mode 100644 index 0d9690d..0000000 --- a/buildtools/tinygo/wasi-libc.Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright 2022 The OWASP Coraza contributors -# SPDX-License-Identifier: Apache-2.0 - -FROM ghcr.io/corazawaf/coraza-proxy-wasm/buildtools-wasi-sdk:main - -RUN apt-get install -y git - -# https://github.com/tinygo-org/tinygo/commit/9e4e182615cd80303c564f95020e0c3bd10af64a -RUN git clone https://github.com/tinygo-org/tinygo --branch dev -WORKDIR /tinygo -RUN git reset --hard 9e4e182615cd80303c564f95020e0c3bd10af64a -RUN git submodule update --init lib/wasi-libc -RUN make wasi-libc diff --git a/go.mod b/go.mod index 2332b59..3640e7d 100644 --- a/go.mod +++ b/go.mod @@ -7,6 +7,7 @@ require ( github.com/magefile/mage v1.14.0 github.com/stretchr/testify v1.8.0 github.com/tetratelabs/proxy-wasm-go-sdk v0.19.1-0.20220922045757-132ee0a06ac2 + github.com/tetratelabs/wabin v0.0.0-20220927005300-3b0fbf39a46a github.com/tidwall/gjson v1.14.3 ) diff --git a/go.sum b/go.sum index 0d994a7..76cba5c 100644 --- a/go.sum +++ b/go.sum @@ -25,6 +25,8 @@ github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PK github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/tetratelabs/proxy-wasm-go-sdk v0.19.1-0.20220922045757-132ee0a06ac2 h1:Dd0c7ZCOStoWSnBtfcoF7mXC0MPA9YfbrCHkE4qexZs= github.com/tetratelabs/proxy-wasm-go-sdk v0.19.1-0.20220922045757-132ee0a06ac2/go.mod h1:YVEdbjpYmWRaTXSHuIK6O1kibi313mcQpTbcuBTd4Mg= +github.com/tetratelabs/wabin v0.0.0-20220927005300-3b0fbf39a46a h1:P0R3+CTAT7daT8ig5gh9GEd/eDQ5md1xl4pkYMcwOqg= +github.com/tetratelabs/wabin v0.0.0-20220927005300-3b0fbf39a46a/go.mod h1:m9ymHTgNSEjuxvw8E7WWe4Pl4hZQHXONY8wE6dMLaRk= github.com/tetratelabs/wazero v1.0.0-beta.2 h1:Qa1R1oizAYHcmy8PljgINdXUZ/nRQkxUBbYfGSb4IBE= github.com/tetratelabs/wazero v1.0.0-beta.2/go.mod h1:CD5smBN5rGZo7UNe8aUiWyYE3bDWED/CQSonog9NSEg= github.com/tidwall/gjson v1.14.3 h1:9jvXn7olKEHU1S9vwoMGliaT8jq1vJ7IH/n9zD9Dnlw= diff --git a/magefile.go b/magefile.go index fc7387a..03b6713 100644 --- a/magefile.go +++ b/magefile.go @@ -12,10 +12,11 @@ import ( "io" "os" "path/filepath" - "strings" "github.com/magefile/mage/mg" "github.com/magefile/mage/sh" + "github.com/tetratelabs/wabin/binary" + "github.com/tetratelabs/wabin/wasm" ) var addLicenseVersion = "04bfe4ee9ca5764577b029acc6a1957fd1997153" // https://github.com/google/addlicense @@ -95,41 +96,17 @@ func Build() error { if err := os.MkdirAll("build", 0755); err != nil { return err } - wd, err := os.Getwd() - if err != nil { - return err - } timingBuildTag := "" if os.Getenv("TIMING") == "true" { - timingBuildTag = "-tags 'timing proxywasm_timing'" + timingBuildTag = "-tags='timing proxywasm_timing'" } - script := fmt.Sprintf(` -cd /src && \ -tinygo build -opt 2 -o build/mainraw.wasm -scheduler=none -target=wasi %s . && \ -wasm-opt -Os -c build/mainraw.wasm -o build/mainopt.wasm && \ -wasm2wat --enable-all build/mainopt.wasm -o build/mainopt.wat -`, timingBuildTag) - - if err := sh.RunV("docker", "run", "--pull", "always", "--rm", "-v", fmt.Sprintf("%s:/src", wd), "ghcr.io/corazawaf/coraza-proxy-wasm/buildtools-tinygo:main", "bash", "-c", - strings.TrimSpace(script)); err != nil { + if err := sh.RunV("tinygo", "build", "-opt=2", "-o", filepath.Join("build", "mainraw.wasm"), "-scheduler=none", "-target=wasi", timingBuildTag); err != nil { return err } - watBytes, err := os.ReadFile(filepath.Join("build", "mainopt.wat")) - if err != nil { - return err - } - wat := string(watBytes) - wat = strings.ReplaceAll(wat, "fd_filestat_get", "fd_fdstat_get") - wat = strings.ReplaceAll(wat, `"wasi_snapshot_preview1" "path_filestat_get"`, `"env" "proxy_get_header_map_value"`) - err = os.WriteFile(filepath.Join("build", "main.wat"), []byte(wat), 0644) - if err != nil { - return err - } - return sh.RunV("docker", "run", "--rm", "-v", fmt.Sprintf("%s:/build", filepath.Join(wd, "build")), "ghcr.io/corazawaf/coraza-proxy-wasm/buildtools-tinygo:main", "bash", "-c", - "wat2wasm --enable-all /build/main.wat -o /build/main.wasm") + return stubUnusedWasmImports(filepath.Join("build", "mainraw.wasm"), filepath.Join("build", "main.wasm")) } // UpdateLibs updates the C++ filter dependencies. @@ -183,3 +160,31 @@ func TeardownExample() error { } var Default = Build + +func stubUnusedWasmImports(inPath, outPath string) error { + raw, err := os.ReadFile(inPath) + if err != nil { + return err + } + mod, err := binary.DecodeModule(raw, wasm.CoreFeaturesV2) + if err != nil { + return err + } + + for _, imp := range mod.ImportSection { + switch { + case imp.Name == "fd_filestat_get": + imp.Name = "fd_fdstat_get" + case imp.Name == "path_filestat_get": + imp.Module = "env" + imp.Name = "proxy_get_header_map_value" + } + } + + out := binary.EncodeModule(mod) + if err = os.WriteFile(outPath, out, 0644); err != nil { + return err + } + + return nil +}