Skip to content

Commit

Permalink
new(ci): added drivers_ci job to test external modern_bpf skeleton sc…
Browse files Browse the repository at this point in the history
…ap-open build (like kernel tests and Falco do).

Signed-off-by: Federico Di Pierro <[email protected]>
  • Loading branch information
FedeDP committed Jan 24, 2024
1 parent 8b05ac9 commit 54f5a4b
Showing 1 changed file with 102 additions and 24 deletions.
126 changes: 102 additions & 24 deletions .github/workflows/drivers_ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,7 @@ jobs:
paths-filter:
runs-on: ubuntu-latest
outputs:
driver_changed: ${{ steps.filter.outputs.driver }}
libscap_changed: ${{ steps.filter.outputs.libscap }}
libsinsp_changed: ${{ steps.filter.outputs.libsinsp }}
driver_needs_rebuild: ${{ steps.filter.outputs.driver == 'true' }} || ${{ steps.filter.outputs.libscap == 'true' }} || ${{ steps.filter.outputs.libpman == 'true' }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
Expand All @@ -33,8 +31,8 @@ jobs:
- 'driver/**'
libscap:
- 'userspace/libscap/**'
libsinsp:
- 'userspace/libsinsp/**'
libpman:
- 'userspace/libpman/**'
# This job run all engine tests and scap-open
test-scap:
Expand All @@ -54,13 +52,13 @@ jobs:
- name: Checkout Libs ⤵️
# We need to skip each step because of https://github.com/orgs/community/discussions/9141.
# This avoids having a skipped job whose name is not the resolved matrix name, like "test-scap-${{ matrix.arch }} 😆 (bundled_deps)"
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0

- name: Install deps ⛓️
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
run: |
sudo apt update
sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 llvm-14 git pkg-config autoconf automake libtool libelf-dev libcap-dev
Expand All @@ -74,42 +72,42 @@ jobs:
- name: Install kernel headers (actuated)
uses: self-actuated/get-kernel-sources@master
if: (needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true') && matrix.arch == 'arm64'
if: (needs.paths-filter.outputs.driver_needs_rebuild == 'true' ) && matrix.arch == 'arm64'

- name: Install kernel headers
if: (needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true') && matrix.arch == 'amd64'
if: (needs.paths-filter.outputs.driver_needs_rebuild == 'true' ) && matrix.arch == 'amd64'
run: |
sudo apt install -y --no-install-recommends linux-headers-$(uname -r)
- name: Build scap-open and drivers 🏗️
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
run: |
mkdir -p build
cd build && cmake -DUSE_BUNDLED_DEPS=On -DBUILD_DRIVER=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DBUILD_BPF=On -DBUILD_LIBSCAP_GVISOR=${{ matrix.enable_gvisor }} -DCREATE_TEST_TARGETS=On -DENABLE_LIBSCAP_TESTS=On ../
make scap-open driver bpf libscap_test -j6
- name: Run scap-open with modern bpf 🏎️
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
run: |
cd build
sudo ./libscap/examples/01-open/scap-open --modern_bpf --num_events 10
- name: Run scap-open with bpf 🏎️
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
run: |
cd build
sudo ./libscap/examples/01-open/scap-open --bpf ./driver/bpf/probe.o --num_events 10
- name: Run scap-open with kmod 🏎️
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
run: |
cd build
sudo insmod ./driver/scap.ko
sudo ./libscap/examples/01-open/scap-open --kmod --num_events 10
sudo rmmod scap
- name: Run libscap_test 🏎️
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
run: |
cd build
sudo ./test/libscap/libscap_test
Expand All @@ -124,13 +122,13 @@ jobs:
fail-fast: false
steps:
- name: Checkout Libs ⤵️
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0

- name: Install deps ⛓️
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
run: |
sudo apt update
sudo apt install -y --no-install-recommends ca-certificates cmake build-essential git pkg-config autoconf automake libelf-dev libcap-dev clang-14 llvm-14 libtool
Expand All @@ -144,34 +142,34 @@ jobs:
- name: Install kernel headers (actuated)
uses: self-actuated/get-kernel-sources@master
if: (needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true') && matrix.arch == 'arm64'
if: (needs.paths-filter.outputs.driver_needs_rebuild == 'true') && matrix.arch == 'arm64'

- name: Install kernel headers and gcc
if: (needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true') && matrix.arch == 'amd64'
if: (needs.paths-filter.outputs.driver_needs_rebuild == 'true') && matrix.arch == 'amd64'
run: |
sudo apt install -y --no-install-recommends linux-headers-$(uname -r) gcc-multilib g++-multilib
- name: Build drivers tests 🏗️
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
run: |
mkdir -p build
cd build && cmake -DUSE_BUNDLED_DEPS=ON -DENABLE_DRIVERS_TESTS=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_BPF=True -DBUILD_LIBSCAP_GVISOR=OFF ../
make drivers_test driver bpf -j6
- name: Run drivers_test with modern bpf 🏎️
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
run: |
cd build
sudo ./test/drivers/drivers_test -m
- name: Run drivers_test with bpf 🏎️
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
run: |
cd build
sudo ./test/drivers/drivers_test -b
- name: Run drivers_test with kmod 🏎️
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
run: |
cd build
sudo ./test/drivers/drivers_test -k
Expand All @@ -188,14 +186,14 @@ jobs:
PLATFORM: ${{ matrix.arch == 'ppc64le' && 'powerpc64le' || 's390x' }}
steps:
- name: Checkout Libs ⤵️
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0

- uses: uraimo/run-on-arch-action@4ed76f16f09d12e83abd8a49e1ac1e5bf08784d4 # v2.5.1
name: Run ${{ matrix.arch }} build 🏗️
if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true'
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
with:
arch: ${{ matrix.arch }}
distro: ubuntu22.04
Expand All @@ -218,3 +216,83 @@ jobs:
mkdir -p build
cd build && cmake -DBUILD_BPF=On -DUSE_BUNDLED_DEPS=OFF -DMODERN_PROBE_INCLUDE="-I/usr/include/${{env.PLATFORM}}-linux-gnu" -DBUILD_LIBSCAP_MODERN_BPF=ON -DMODERN_BPF_DEBUG_MODE=ON -DENABLE_DRIVERS_TESTS=On -DCREATE_TEST_TARGETS=On -DBUILD_LIBSCAP_GVISOR=OFF ../
KERNELDIR=/lib/modules/$(ls /lib/modules)/build make driver bpf drivers_test -j6
build-modern-bpf-skeleton:
needs: paths-filter
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
runs-on: ${{ (inputs.arch == 'aarch64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-latest' }}
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
container: fedora:latest
steps:
# Always install deps before invoking checkout action, to properly perform a full clone.
- name: Install build dependencies
run: |
dnf install -y bpftool ca-certificates cmake make automake gcc gcc-c++ kernel-devel clang git pkg-config autoconf automake libbpf-devel
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Build modern BPF skeleton
run: |
mkdir skeleton-build && cd skeleton-build
cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off ..
make ProbeSkeleton -j6
- name: Upload skeleton
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: bpf_probe_${{ inputs.arch }}.skel.h
path: skeleton-build/skel_dir/bpf_probe.skel.h
retention-days: 1

build-scap-open-w-extern-bpf-skeleton:
needs: [paths-filter,build-modern-bpf-skeleton]
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
runs-on: ${{ (inputs.arch == 'aarch64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-latest' }}
if: needs.paths-filter.outputs.driver_needs_rebuild == 'true'
container: centos:7
steps:
# Always install deps before invoking checkout action, to properly perform a full clone.
- name: Install build dependencies
run: |
yum -y install centos-release-scl
yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++
source /opt/rh/devtoolset-9/enable
yum install -y wget git make m4 rpm-build perl-IPC-Cmd
- name: Checkout
# It is not possible to upgrade the checkout action to versions >= v4.0.0 because of incompatibilities with centos 7's libc.
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

- name: Download skeleton
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: bpf_probe_${{ inputs.arch }}.skel.h
path: /tmp

- name: Install updated cmake
run: |
curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz
gzip -d /tmp/cmake.tar.gz
tar -xpf /tmp/cmake.tar --directory=/tmp
cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr
rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)
- name: Prepare project
run: |
mkdir build && cd build
source /opt/rh/devtoolset-9/enable
cmake \
-DCMAKE_BUILD_TYPE=Release \
-DUSE_BUNDLED_DEPS=On \
-DBUILD_LIBSCAP_MODERN_BPF=ON \
-DMODERN_BPF_SKEL_DIR=/tmp \
-DBUILD_DRIVER=Off \
-DBUILD_BPF=Off \
..
- name: Build project
run: |
cd build
source /opt/rh/devtoolset-9/enable
make scap-open -j6

0 comments on commit 54f5a4b

Please sign in to comment.