Skip to content

Commit

Permalink
clean up and update ci
Browse files Browse the repository at this point in the history 
Signed-off-by: cpanato <[email protected]>
  • Loading branch information
@cpanato @poiana
cpanato authored and poiana committed Oct 9, 2024
1 parent 3712714 commit 62fc0fe
Show file tree
Hide file tree
Showing 16 changed files with 95 additions and 96 deletions.
20 changes: 10 additions & 10 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ jobs:
rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0

Expand Down Expand Up @@ -100,7 +100,7 @@ jobs:
apk add g++ gcc cmake make git bash perl linux-headers autoconf automake m4 libtool elfutils-dev libelf-static patch binutils bpftool clang
- name: Checkout Libs ⤵️
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0

Expand All @@ -119,7 +119,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0

Expand Down Expand Up @@ -169,7 +169,7 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0

Expand All @@ -184,7 +184,7 @@ jobs:
runs-on: macos-latest
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0

Expand Down Expand Up @@ -221,7 +221,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0

Expand Down Expand Up @@ -301,15 +301,15 @@ jobs:
sudo update-alternatives --install /usr/bin/llc llc /usr/bin/llc-14 90
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0

- name: Fix kernel mmap rnd bits
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
# high-entropy ASLR in much newer kernels that GitHub runners are
# using leading to random crashes: https://reviews.llvm.org/D148280
run: sudo sysctl vm.mmap_rnd_bits=28
run: sudo sysctl vm.mmap_rnd_bits=28

- name: Install deps ⛓️
run: |
Expand Down Expand Up @@ -354,7 +354,7 @@ jobs:
sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 llvm-14 git pkg-config autoconf automake libtool libelf-dev libcap-dev linux-headers-$(uname -r) emscripten
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/create-comment-kernel-testing.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,14 +47,14 @@ jobs:
var fs = require('fs');
var issue_number = Number(fs.readFileSync('./NR'));
var comment_body = fs.readFileSync('./COMMENT');
// Get the existing comments.
const {data: comments} = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issue_number,
});
// Find any comment already made by the bot.
const botComment = comments.find(comment => comment.user.id === 41898282 && comment.body.includes('# X64 kernel testing matrix'));
Expand Down
3 changes: 1 addition & 2 deletions .github/workflows/driver-api-version.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,14 @@ on:
- 'driver/ppm_events_public.h'
- 'driver/bpf/maps.h'
- 'driver/modern_bpf/maps/maps.h'


jobs:
paths-filter:
runs-on: ubuntu-latest
outputs:
driver_api_changed: ${{ steps.filter.outputs.driver_api }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter
with:
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/driver-schema-version.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
outputs:
driver_schema_changed: ${{ steps.filter.outputs.driver_schema }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter
with:
Expand All @@ -34,14 +34,14 @@ jobs:
needs: paths-filter
if: needs.paths-filter.outputs.driver_schema_changed == 'false'
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

- name: Check driver SCHEMA_VERSION
uses: mshick/add-pr-comment@7c0890544fb33b0bdd2e59467fbacb62e028a096 # v2.8.1
with:
message: |
Please double check **driver/SCHEMA_VERSION** file. See [versioning](https://github.com/falcosecurity/libs/blob/master/driver/README.VERSION.md#schema-version-number).
/hold
- name: Trigger failure
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/driverkit.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
- name: Test drivers build on ${{ matrix.name }}
run: |
driverkit docker --kernelrelease ${{ matrix.kernelrelease }} --target ${{ matrix.target }} --output-module /tmp/libs.ko --output-probe /tmp/libs.o --driverversion $GITHUB_SHA --loglevel debug --kernelurls ${{ matrix.kernelurls }}
build-drivers-arm64:
strategy:
matrix:
Expand Down
30 changes: 15 additions & 15 deletions .github/workflows/drivers_ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
libscap: ${{ steps.filter.outputs.libscap }}
libpman: ${{ steps.filter.outputs.libpman }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter
with:
Expand All @@ -48,14 +48,14 @@ jobs:
- arch: amd64
enable_gvisor: True
- arch: amd64
enable_gvisor: False
fail-fast: false
enable_gvisor: False
fail-fast: false
steps:
- name: Checkout Libs ⤵️
# We need to skip each step because of https://github.com/orgs/community/discussions/9141.
# This avoids having a skipped job whose name is not the resolved matrix name, like "test-scap-${{ matrix.arch }} 😆 (bundled_deps)"
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0

Expand All @@ -73,14 +73,14 @@ jobs:
cd src && sudo make install
- name: Install kernel headers (actuated)
uses: self-actuated/get-kernel-sources@201eed7d915ac0a6021fb402cde5be7a6b945b59
uses: self-actuated/get-kernel-sources@201eed7d915ac0a6021fb402cde5be7a6b945b59 # v2
if: (needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true') && matrix.arch == 'arm64'

- name: Install kernel headers
if: (needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true') && matrix.arch == 'amd64'
run: |
sudo apt install -y --no-install-recommends linux-headers-$(uname -r)
- name: Build scap-open and drivers 🏗️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
run: |
Expand Down Expand Up @@ -125,7 +125,7 @@ jobs:
steps:
- name: Checkout Libs ⤵️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0

Expand All @@ -143,7 +143,7 @@ jobs:
cd src && sudo make install
- name: Install kernel headers (actuated)
uses: self-actuated/get-kernel-sources@201eed7d915ac0a6021fb402cde5be7a6b945b59
uses: self-actuated/get-kernel-sources@201eed7d915ac0a6021fb402cde5be7a6b945b59 # v2
if: (needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true') && matrix.arch == 'arm64'

- name: Install kernel headers and gcc
Expand Down Expand Up @@ -175,7 +175,7 @@ jobs:
run: |
cd build
sudo ./test/drivers/drivers_test -k
test-drivers-ppc64le:
name: test-drivers-ppc64le 😁 (system_deps,custom node)
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -211,15 +211,15 @@ jobs:
sudo ./test/drivers/drivers_test -k
rc_kmod=$?
exit $(($rc_modern + $rc_bpf +$rc_kmod))
build-drivers-s390x:
name: build-drivers-s390x 😁 (system_deps)
runs-on: ubuntu-22.04
needs: paths-filter
steps:
- name: Checkout Libs ⤵️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0

Expand All @@ -232,7 +232,7 @@ jobs:
githubToken: ${{ github.token }}

install: |
apt update && apt install -y --no-install-recommends ca-certificates cmake build-essential clang llvm git pkg-config autoconf automake libtool libelf-dev wget libc-ares-dev libcurl4-openssl-dev libssl-dev libtbb-dev libjq-dev libjsoncpp-dev libgrpc++-dev protobuf-compiler-grpc libcap-dev libgtest-dev libprotobuf-dev linux-headers-generic
apt update && apt install -y --no-install-recommends ca-certificates cmake build-essential clang llvm git pkg-config autoconf automake libtool libelf-dev wget libc-ares-dev libcurl4-openssl-dev libssl-dev libtbb-dev libjq-dev libjsoncpp-dev libgrpc++-dev protobuf-compiler-grpc libcap-dev libgtest-dev libprotobuf-dev linux-headers-generic
git clone https://github.com/libbpf/bpftool.git --branch v7.3.0 --single-branch
cd bpftool
git submodule update --init
Expand All @@ -248,7 +248,7 @@ jobs:
mkdir -p build
cd build && cmake -DBUILD_WARNINGS_AS_ERRORS=On -DBUILD_BPF=On -DUSE_BUNDLED_DEPS=OFF -DMODERN_PROBE_INCLUDE="-I/usr/include/s390x-linux-gnu" -DBUILD_LIBSCAP_MODERN_BPF=ON -DMODERN_BPF_DEBUG_MODE=ON -DENABLE_DRIVERS_TESTS=On -DCREATE_TEST_TARGETS=On -DBUILD_LIBSCAP_GVISOR=OFF ../
KERNELDIR=/lib/modules/$(ls /lib/modules)/build make driver bpf drivers_test -j6
build-modern-bpf-skeleton:
needs: paths-filter
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
Expand Down Expand Up @@ -280,7 +280,7 @@ jobs:
build-scap-open-w-extern-bpf-skeleton:
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
needs: [paths-filter,build-modern-bpf-skeleton]
needs: [paths-filter,build-modern-bpf-skeleton]
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
runs-on: 'ubuntu-latest'
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
Expand Down Expand Up @@ -344,7 +344,7 @@ jobs:
run: |
cd build
source /opt/rh/devtoolset-9/enable
make scap-open -j6
make scap-open -j6
# Only runs on pull request since on master branch it is already triggered by pages CI.
kernel-tests-dev:
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/e2e_ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
fail-fast: false
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0

Expand Down Expand Up @@ -65,7 +65,7 @@ jobs:
cd src && sudo make install
- name: Install kernel headers (actuated)
uses: self-actuated/get-kernel-sources@201eed7d915ac0a6021fb402cde5be7a6b945b59
uses: self-actuated/get-kernel-sources@201eed7d915ac0a6021fb402cde5be7a6b945b59 # v2
if: matrix.arch == 'arm64'

- name: Install kernel headers and gcc
Expand Down Expand Up @@ -118,7 +118,7 @@ jobs:
fail-fast: false
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0

Expand All @@ -129,7 +129,7 @@ jobs:
path: build
key: build-e2e-${{ matrix.arch }}-${{ github.run_id }}
restore-keys: build-e2e-

- name: Fix kernel mmap rnd bits
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
# high-entropy ASLR in much newer kernels that GitHub runners are
Expand All @@ -150,7 +150,7 @@ jobs:
sudo apt install -y --no-install-recommends clang gcc llvm build-essential cmake python3 quota
- name: Install kernel headers (actuated)
uses: self-actuated/get-kernel-sources@201eed7d915ac0a6021fb402cde5be7a6b945b59
uses: self-actuated/get-kernel-sources@201eed7d915ac0a6021fb402cde5be7a6b945b59 # v2
if: matrix.arch == 'arm64'

- name: Install kernel headers and gcc
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/format.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository 🎉
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
fetch-depth: 0

Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/latest-kernel.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,13 @@ jobs:
run: |
apk update && apk add git
git clone https://aur.archlinux.org/linux-mainline.git linux/
- name: Generate driverkit config
id: latest-version
# Note: in case we are building latest mainline,
# we grep the linux-mainline aur PKGBUILD "_tag" line, that is made like: "_tag=v6.4-rc1"
# We then need to extract the part after the "=" and finally remove the starting "v".
run: |
run: |
cd linux/
echo "kernelversion: 1" > dk.yaml
echo "architecture: amd64" >> dk.yaml
Expand All @@ -45,19 +45,19 @@ jobs:
echo "target: arch" >> dk.yaml
fi
echo "latest_vers=$(grep kernelrelease dk.yaml | awk -F": " '{print $2}')" >> $GITHUB_OUTPUT
- name: Upload driverkit config
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: driverkit_config.yaml
path: linux/dk.yaml

- name: Test drivers build
id: build
run: |
echo "Testing build of drivers against: ${{ steps.latest-version.outputs.latest_vers }}"
driverkit docker -c linux/dk.yaml -l debug
- name: Update README badge
uses: schneegans/dynamic-badges-action@e9a478b16159b4d31420099ba146cdc50f134483 # v1.7.0
if: always() && github.event_name == 'schedule'
Expand Down
Loading

0 comments on commit 62fc0fe

Please sign in to comment.