New Project: Falco

[FedeDP]

Please describe the project

Falco is a CNCF-graduated runtime security project.

URL for the project

https://falco.org/

Describe current CI/CD setup

Currently, s390x support is marked as experimental for our drivers since we are not able to run a CI on it: https://github.com/falcosecurity/libs?tab=readme-ov-file#drivers-officially-supported-architectures

At the moment, our s390x CI consists of a single job that just builds our drivers for it through uraimo/run-on-arch-action: https://github.com/falcosecurity/libs/blob/master/.github/workflows/drivers_ci.yml#L196

Describe the primary use case for the Github Action Runner

We will be finally able to both test the build and actually run our drivers tests on s390x.

Also, we might later evaluate to introduce s390x as officially supported Falco architecture (with release artifacts and so on); see the Falco reusable_build_packages workflow, that right now only supports x86 and arm64: https://github.com/falcosecurity/falco/blob/master/.github/workflows/reusable_build_packages.yaml, and the same goes for the build of the official docker images: https://github.com/falcosecurity/falco/blob/master/.github/workflows/reusable_build_docker.yaml

Finally, please do notice that libs repo is not only used by Falco, but there are many more consumers in the wild; namely: IBM itself, Red Hat, and more.

Paste a link to the existing actions workflow file(s) or directory

https://github.com/falcosecurity/libs/tree/master/.github/workflows

We have many more projects, but for now, giving access to the libs repo would be enough for us to quickly improve our support for s390x architecture.

How often do you plan on executing the runner?

Every driver-related commit, that accounts for ~10% of our commits. Let's say an average of once per day.

What is the primary programming language for the project?

C/C++

Please select desired hardware

• Power 9 (ppc64le)
• IBM Z / LinuxONE (s390x)

Account names of the GitHub repo admins that will need access to setting up the runner

FedeDP

[pleia2]

Hi @FedeDP thanks for your interest, and apologies for the delay. We're really happy to onboard the Falco drivers for s390x.

Please install the GitHub App from the following link and select your repository:
🔗 Power Z GHA Runner App

For more details on the onboarding process, please refer to our documentation:
📄 Onboarding Guide

If the repo is part of an organization, you will need to have the org admin install the app. We are currently implementing a fix for this. If the repo is not part of the org, the repo owner or repo admin can follow the onboarding instructions linked above.

Please let me know in this issue once you have installed the github app on your repo. For security reasons, I will double check it is the correct repo and then approve the repo to use our images. You will not be able to use our images until I approve the repo.

After the repo has been approved, you will be able to use the ubuntu-24.04-s390x images in the workflow file and all good to go :) The onboarding doc linked above will be helpful.

Please note: forks will not be able to use this service since those repos will not be in our allow list.

If there is any questions or concerns, we can discuss those here.

[FedeDP]

Hi! Thanks for the answer, no problem for the delay :)
Since i recently changed job and haven't got much time for Falco now, let me tag another core maintainer to help with this: @leogr

Thank you very much!

[mtarsel]

@FedeDP are you interested in also using ppc64le images as well? its under the same github app and once the repo is onboarded you would just use the Power image: ubuntu-24.04-ppc64le

[FedeDP]

Cool, yes i think it will be useful!

[mtarsel]

@FedeDP just curious if you installed the app and have been using the images in your workflows? If so, I'd like to close out this issue :) if there is a new problem, please open a new issue

[FedeDP]

Hi! I don't think we are using them yet; as far as i can tell though, the Github App was installed for the required repositories, thus it is just a matter of updating the workflows to use the correct images. Let me cc @leogr :)

[leogr]

Hi

I installed the app a while ago, but then I was redirected to a login page. I guess we need an account. Can you provide some guidance?