feat: docker release

.github/workflows/ci.yml

@@ -61,3 +61,61 @@ jobs:
           goreleaser release --clean --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run GoReleaser Docker Push
+        if: |
+          (github.event_name == 'push' && github.ref == 'refs/heads/main') ||
+          (github.event_name == 'pull_request' &&
+          github.event.action == 'closed' &&
+          github.event.pull_request.merged == true &&
+          github.event.pull_request.base.ref == 'main')
+        run: |
+          export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
+          goreleaser release --rm-dist --skip-publish --snapshot
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Download BPF object file
+        run: |
+          gh release download --repo SentinalFS/file-monitor --clobber --pattern "monitor.bpf.o"
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+      - name: Decide to push or not
+        id: decide
+        run: |
+          if [[ "${{ github.event_name }}" == "push" && "${{ github.ref }}" == "refs/heads/main" ]]; then
+            echo "PUSH=true" >> $GITHUB_ENV
+          else
+            echo "PUSH=false" >> $GITHUB_ENV
+          fi
+
+      - name: Build Image
+        if: env.PUSH == 'false'
+        run: |
+          docker buildx build \
+            --platform linux/amd64,linux/arm64 \
+            --build-arg TARGETARCH=amd64 \
+            --file Dockerfile \
+            -t siddh34/go-ebpf-logger:latest \
+            .
+
+      - name: Login to DockerHub
+        if: env.PUSH == 'true'
+        run: echo "${{ secrets.DOCKER_ACCESS_TOKEN }}" | docker login -u "siddh34" --password-stdin
+
+      - name: Build & Push Docker images
+        if: env.PUSH == 'true'      
+        run: |
+          docker buildx build \
+            --platform linux/amd64,linux/arm64 \
+            --file Dockerfile \
+            --push \
+            -t siddh34/go-ebpf-logger:latest \
+            .

.gitignore

@@ -28,4 +28,7 @@ go.work.sum
 dist
 
 # object files
-monitor.bpf.o
+monitor.bpf.o
+
+# log files
+*.log

Dockerfile

@@ -0,0 +1,11 @@
+FROM debian:stable-slim
+
+WORKDIR /app
+
+COPY dist/go-ebpf-logger_linux_amd64_v1/go-ebpf-logger /app/go-ebpf-logger
+
+COPY monitor.bpf.o /app/monitor.bpf.o
+
+RUN chmod +x /app/go-ebpf-logger
+
+ENTRYPOINT ["/app/go-ebpf-logger"]

VERSION.txt

@@ -1 +1 @@
-0.0.2
+0.0.3

bpf/setup.go

@@ -33,12 +33,6 @@ func SetupBPF(bpfObj string) (*ebpf.Map, *ebpf.Map, func()) {
         links = append(links, &kp)
     }
 
-	monitored_inode_map := coll.Maps["monitored_inodes"]
-	err = pinMaps(monitored_inode_map)
-	if err != nil {
-		panic(err)
-	}
-
     events := coll.Maps["events"]
     if events == nil {
         fmt.Printf("Map 'events' not found\n")

build-docker.sh

@@ -0,0 +1,67 @@
+echo "Enter version of file monitor to use with docker (e.g. 1.0.0):"
+
+if [ -z "$1" ]; then
+  read -r version
+else
+  version="$1"
+fi
+
+echo "Building Docker image with version: $version"
+
+if ! command -v gh &> /dev/null; then
+    echo "gh CLI is not installed. Please install it first and proceed with authentication."
+    exit 1
+fi
+
+if ! gh auth status &> /dev/null; then
+    echo "You are not authenticated with GitHub CLI. Please authenticate first."
+    exit 1
+fi
+
+gh release download v${version} --repo SentinalFS/file-monitor --clobber --pattern "monitor.bpf.o" 
+
+if [ $? -ne 0 ]; then
+    echo "Failed to download the file monitor binary. Please check the version and try again."
+    exit 1
+fi
+
+echo "Running go releaser"
+
+if ! command -v go &> /dev/null; then
+    echo "Go is not installed. Please install Go and try again."
+    exit 1
+fi
+
+if ! command -v goreleaser &> /dev/null; then
+    echo "Goreleaser is not installed. Please install Goreleaser and try again."
+    exit 1
+fi
+
+goreleaser release --snapshot --skip=publish --clean 
+
+
+if docker --version &> /dev/null; then
+    echo "Docker is installed. Proceeding with build."
+else
+    echo "Docker is not installed. Please install Docker and try again."
+    exit 1
+fi
+
+arch=$(uname -m)
+if [ "$arch" = "aarch64" ] || [ "$arch" = "arm64" ]; then
+    echo "Detected ARM architecture. Building Docker image for ARM."
+    docker build -t go-logger-arm:latest -f Dockerfile.amd64 --build-arg TARGETARCH=arm64 .
+    if [ $? -ne 0 ]; then
+        echo "Docker build for ARM failed."
+        exit 1
+    fi
+elif [ "$arch" = "x86_64" ]; then
+    echo "Detected x86_64 architecture. Building Docker image for x86_64."
+    docker build -t go-logger-amd64:latest -f Dockerfile.amd64 --build-arg TARGETARCH=amd64 .
+    if [ $? -ne 0 ]; then
+        echo "Docker build for x86_64 failed."
+        exit 1
+    fi
+else
+    echo "Non-ARM architecture detected. No additional ARM build required."
+fi

changelog.json

@@ -0,0 +1,20 @@
+[   
+    {
+        "version": "0.0.3",
+        "changes": [
+            "Removed map pinning"
+        ]
+    },
+    {
+        "version": "0.0.2",
+        "changes": [
+            "Updated maps"
+        ]
+    },
+    {
+        "version": "0.0.1",
+        "changes": [
+            "Initial release with basic functionality."
+        ]
+    }
+]

models/models.go

@@ -1,22 +1,28 @@
 package models
 
 type BaseEventData struct {
-    Pid       uint32
-    Uid       uint32
-    Filename  [144]byte
-    Comm      [32]byte
-    Timestamp uint64
-    CgroupId  uint64
-    Otype     [16]byte
+	Pid            uint32
+	Uid            uint32
+	Filename       [176]byte
+	ParentFilename [176]byte
+	Inode          uint64
+	Comm           [32]byte
+	Timestamp      uint64
+	CgroupId       uint64
+	Otype          [16]byte
 }
 
 type RenameData struct {
-    Pid         uint32
-    Uid         uint32
-    OldFileName [144]byte
-    NewFileName [144]byte
-    Comm        [32]byte
-    Timestamp   uint64
-    CgroupId    uint64
-    Otype       [16]byte
-}
+	Pid               uint32
+	Uid               uint32
+	OldFileName       [176]byte
+	OldParentFilename [176]byte
+	NewFileName       [176]byte
+	NewParentFilename [176]byte
+	InodeOld          uint64
+	InodeNew          uint64
+	Comm              [32]byte
+	Timestamp         uint64
+	CgroupId          uint64
+	Otype             [16]byte
+}