Skip to content

feat(libsinsp/container_engine): proper containerd support #7207

feat(libsinsp/container_engine): proper containerd support

feat(libsinsp/container_engine): proper containerd support #7207

Workflow file for this run

name: CI Build
on:
pull_request:
push:
branches:
- master
- 'release/**'
- 'maintainers/**'
workflow_dispatch:
# Checks if any concurrent jobs under the same pull request or branch are being executed
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
build-libs-linux:
name: build-libs-linux-${{ matrix.arch }} 😁 (${{ matrix.name }})
runs-on: ${{ (matrix.arch == 'arm64' && 'github-arm64-2c-8gb') || 'ubuntu-22.04' }}
strategy:
fail-fast: false
matrix:
arch: [amd64, arm64]
name: [system_deps, bundled_deps, system_deps_minimal, sanitizers, zig]
include:
- name: system_deps
cmake_opts: -DBUILD_WARNINGS_AS_ERRORS=On -DBUILD_BPF=On -DUSE_BUNDLED_DEPS=False
- name: bundled_deps
cmake_opts: -DBUILD_WARNINGS_AS_ERRORS=On -DBUILD_BPF=On -DUSE_BUNDLED_DEPS=True
- name: system_deps_minimal
cmake_opts: -DBUILD_WARNINGS_AS_ERRORS=On -DUSE_BUNDLED_DEPS=False -DMINIMAL_BUILD=True
- name: sanitizers
cmake_opts: -DUSE_ASAN=On -DUSE_UBSAN=On -DUSE_BUNDLED_DEPS=False
- name: zig
cmake_opts: -DUSE_BUNDLED_DEPS=True
container:
image: debian:buster
steps:
- name: Install deps ⛓️
run: |
apt update && apt install -y --no-install-recommends curl ca-certificates build-essential git clang llvm pkg-config autoconf automake libtool libelf-dev wget libc-ares-dev libcurl4-openssl-dev libssl-dev libtbb-dev libjq-dev libjsoncpp-dev libgrpc++-dev protobuf-compiler-grpc libgtest-dev libprotobuf-dev linux-headers-${{ matrix.arch }}
- name: Install a recent version of CMake ⛓️
run: |
curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz
gzip -d /tmp/cmake.tar.gz
tar -xpf /tmp/cmake.tar --directory=/tmp
cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr
rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/
- name: Checkout Libs ⤵️
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Install deps ⛓️
run: |
.github/install-deps.sh
- name: Git safe directory
run: |
git config --global --add safe.directory $GITHUB_WORKSPACE
- name: Install zig
if: matrix.name == 'zig'
uses: ./.github/actions/install-zig
- name: Build and test 🏗️🧪
env:
UBSAN_OPTIONS: print_stacktrace=1
run: |
mkdir -p build
cd build && cmake ${{ matrix.cmake_opts }} -DENABLE_THREAD_POOL=ON ../
KERNELDIR=/lib/modules/$(ls /lib/modules)/build make -j4
make run-unit-tests
# On zig, build also sinsp-example and check the glibc linked versions
# to make sure we are actually using the correct glibc version.
- name: Test zig build glibc version
if: matrix.name == 'zig'
run: |
cd build
objdump -T libsinsp/test/unit-test-libsinsp | grep -Eo 'GLIBC_\S+' | sort -u -t "." -k1,1n -k2,2n -k3,3n
linked_glibc=$(objdump -T libsinsp/test/unit-test-libsinsp | grep -Eo 'GLIBC_\S+' | sort -u -t "." -k1,1n -k2,2n -k3,3n | tail -n1 | tr -d ')')
if [ "$linked_glibc" != "GLIBC_2.17" ]; then
echo "Expected glibc 2.17; found $linked_glibc"
exit 1
fi
build-libs-linux-amd64-static:
name: build-libs-linux-amd64-static 🎃
runs-on: ubuntu-latest
container:
image: alpine:3.17
steps:
- name: Install deps ⛓️
run: |
apk add g++ gcc cmake make git bash perl linux-headers autoconf automake m4 libtool elfutils-dev libelf-static patch binutils clang llvm
git clone https://github.com/libbpf/bpftool.git --branch v7.3.0 --single-branch
cd bpftool
git submodule update --init
cd src && make install
- name: Checkout Libs ⤵️
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Git safe directory
run: |
git config --global --add safe.directory $GITHUB_WORKSPACE
- name: Build and test 🏗️🧪
run: |
mkdir -p build
cd build && cmake -DBUILD_BPF=On -DBUILD_DRIVER=Off -DUSE_BUNDLED_DEPS=On -DUSE_BUNDLED_LIBELF=Off -DUSE_SHARED_LIBELF=Off -DBUILD_LIBSCAP_MODERN_BPF=ON -DMUSL_OPTIMIZED_BUILD=On -DENABLE_THREAD_POOL=ON ../
make run-unit-tests -j4
build-shared-libs-linux-amd64:
name: build-shared-libs-linux-amd64 🧐
runs-on: ubuntu-22.04
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Install deps ⛓️
run: |
sudo apt update
sudo apt install -y --no-install-recommends ca-certificates cmake build-essential git clang llvm pkg-config autoconf automake libtool libelf-dev wget libc-ares-dev libcurl4-openssl-dev libssl-dev libre2-dev libtbb-dev libjq-dev libjsoncpp-dev libgrpc++-dev protobuf-compiler-grpc libgtest-dev libprotobuf-dev linux-headers-$(uname -r)
sudo .github/install-deps.sh
- name: Build and test 🏗️🧪
run: |
mkdir -p build
cd build && cmake -DBUILD_SHARED_LIBS=True -DUSE_BUNDLED_DEPS=False -DMINIMAL_BUILD=True -DCMAKE_INSTALL_PREFIX=/tmp/libs-test -DENABLE_THREAD_POOL=ON ../
make -j4
make run-unit-tests
- name: Install
run: |
cd build
make install
- name: Test sinsp-example build with pkg-config
run: |
cd userspace/libsinsp/examples
export PKG_CONFIG_PATH=/tmp/libs-test/lib/pkgconfig
g++ -o sinsp-example test.cpp util.cpp $(pkg-config --cflags --libs libsinsp)
- name: Test sinsp-example runtime linker
run: |
cd userspace/libsinsp/examples
export LD_LIBRARY_PATH=/tmp/libs-test/lib
./sinsp-example -h
build-libs-others-amd64:
name: build-libs-others-amd64 😨
strategy:
fail-fast: false
matrix:
os: [windows-latest]
crt: [MultiThreaded, MultiThreadedDLL]
include:
- os: macos-latest
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Build and test 🏗️🧪
run: |
mkdir -p build
cd build && cmake -DUSE_BUNDLED_DEPS=ON -DCMAKE_BUILD_TYPE=Release -DCMAKE_MSVC_RUNTIME_LIBRARY=${{ matrix.crt }} -DCREATE_TEST_TARGETS=ON -DMINIMAL_BUILD=ON -DENABLE_THREAD_POOL=ON ..
cmake --build . --config Release --parallel 4 && make run-unit-tests || libsinsp\test\Release\unit-test-libsinsp.exe
build-shared-libs-macos-amd64:
name: build-shared-libs-macos-amd64 😨
runs-on: macos-latest
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Install deps ⛓️
run: |
HOMEBREW_NO_AUTO_UPDATE=1 brew install c-ares re2 tbb jq jsoncpp openssl uthash
- name: Build 🏗️
run: |
mkdir -p build
cd build && cmake -DBUILD_SHARED_LIBS=True -DUSE_BUNDLED_DEPS=False -DUSE_BUNDLED_VALIJSON=ON -DUSE_BUNDLED_BS_THREADPOOL=ON -DENABLE_THREAD_POOL=ON -DCMAKE_BUILD_TYPE=Release -DCREATE_TEST_TARGETS=OFF -DMINIMAL_BUILD=ON -DCMAKE_INSTALL_PREFIX=/tmp/libs-test ..
cmake --build . --config Release --parallel $(getconf _NPROCESSORS_ONLN)
- name: Install
run: |
cd build
make install
- name: Test sinsp-example build with pkg-config 🧪
run: |
cd userspace/libsinsp/examples
export PKG_CONFIG_PATH=/tmp/libs-test/lib/pkgconfig
c++ --std=c++17 -o sinsp-example test.cpp util.cpp $(pkg-config --cflags --libs libsinsp)
- name: Test sinsp-example runtime linker 🧪
run: |
cd userspace/libsinsp/examples
export DYLD_LIBRARY_PATH=/tmp/libs-test/lib
./sinsp-example -h
# This job checks that a bundled deps of libs is as static as possible
test-libs-static:
name: test-libs-static (bundled_deps)
runs-on: ubuntu-22.04
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Install deps ⛓️
run: |
sudo apt update
sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 llvm-14 git pkg-config autoconf automake libtool libelf-dev libcap-dev linux-headers-$(uname -r)
sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90
sudo update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90
sudo update-alternatives --install /usr/bin/llc llc /usr/bin/llc-14 90
- name: Build sinsp-example
run: |
mkdir -p build
cd build && cmake -DUSE_BUNDLED_DEPS=On -DBUILD_DRIVER=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DBUILD_BPF=On -DBUILD_LIBSCAP_GVISOR=On -DCREATE_TEST_TARGETS=Off -DENABLE_LIBSCAP_TESTS=Off ../
make -j$(nproc) sinsp-example
- name: Ensure that sinsp-example with bundled deps is as static as possible
run: |
ldd "build/libsinsp/examples/sinsp-example" | cut --fields=2 | cut --delimiter=' ' --fields=1 | rev | cut --delimiter='/' --fields=1 | rev | sort --unique --version-sort > ldd_out.txt
cat > expected_ldd_out.txt <<EOF
ld-linux-x86-64.so.2
libc.so.6
libgcc_s.so.1
libm.so.6
libstdc++.so.6
linux-vdso.so.1
EOF
diff -u expected_ldd_out.txt ldd_out.txt
run-e2e-tests-amd64:
name: run-e2e-tests-amd64
strategy:
fail-fast: false
matrix:
name: [system_deps, bundled_deps, asan]
include:
- name: system_deps
cmake_opts: -DUSE_BUNDLED_DEPS=False
- name: bundled_deps
cmake_opts: -DUSE_BUNDLED_DEPS=True
- name: asan
cmake_opts: -DUSE_BUNDLED_DEPS=True -DCMAKE_C_FLAGS=-fsanitize=address -DCMAKE_CXX_FLAGS=-fsanitize=address
runs-on: ubuntu-22.04
steps:
- name: Install deps ⛓️
run: |
sudo apt-get update && sudo apt-get install -y --no-install-recommends \
ca-certificates \
cmake \
build-essential \
clang-14 llvm-14 \
git \
clang \
llvm \
pkg-config \
autoconf \
automake \
libtool \
libelf-dev \
wget \
libc-ares-dev \
libbpf-dev \
libcap-dev \
libcurl4-openssl-dev \
libssl-dev \
libtbb-dev \
libjq-dev \
libjsoncpp-dev \
libgrpc++-dev \
protobuf-compiler-grpc \
libgtest-dev \
libprotobuf-dev \
"linux-headers-$(uname -r)"
sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90
sudo update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90
sudo update-alternatives --install /usr/bin/llc llc /usr/bin/llc-14 90
- name: Checkout Libs ⤵️
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Fix kernel mmap rnd bits
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
# high-entropy ASLR in much newer kernels that GitHub runners are
# using leading to random crashes: https://reviews.llvm.org/D148280
run: sudo sysctl vm.mmap_rnd_bits=28
- name: Install deps ⛓️
run: |
sudo .github/install-deps.sh
- name: Build and test 🏗️🧪
env:
# This avoids random failures on CI.
# (https://github.com/google/sanitizers/issues/1322#issuecomment-699946942)
ASAN_OPTIONS: intercept_tls_get_addr=0
run: |
mkdir -p build && cd build
cmake -DBUILD_BPF=ON \
-DBUILD_LIBSCAP_MODERN_BPF=ON \
-DBUILD_LIBSCAP_GVISOR=OFF \
${{ matrix.cmake_opts }} \
-DUSE_BUNDLED_LIBBPF=ON \
..
make -j$(nproc) sinsp-example driver bpf
sudo -E make e2e-install-deps
sudo -E ../test/e2e/scripts/run_tests.sh
- name: Archive test reports
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: failure()
with:
name: ${{ matrix.name }}_report
path: |
/tmp/report/
build-libs-emscripten:
name: build-libs-emscripten 🧐
runs-on: ubuntu-22.04
steps:
- name: Install deps ⛓️
run: |
sudo apt update
sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 llvm-14 git pkg-config autoconf automake libtool libelf-dev libcap-dev linux-headers-$(uname -r) emscripten
- name: Checkout Libs ⤵️
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Build and test 🏗️🧪
run: |
mkdir -p build
cd build && emcmake cmake -DUSE_BUNDLED_DEPS=True ../
emmake make -j4
emmake make run-unit-tests -j4