From 54f5a4b44f84a864ac21156f61cbe9c0897f5002 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Wed, 24 Jan 2024 08:44:23 +0100 Subject: [PATCH] new(ci): added drivers_ci job to test external modern_bpf skeleton scap-open build (like kernel tests and Falco do). Signed-off-by: Federico Di Pierro --- .github/workflows/drivers_ci.yml | 126 +++++++++++++++++++++++++------ 1 file changed, 102 insertions(+), 24 deletions(-) diff --git a/.github/workflows/drivers_ci.yml b/.github/workflows/drivers_ci.yml index 5e91b29f6ba..0e663b237df 100644 --- a/.github/workflows/drivers_ci.yml +++ b/.github/workflows/drivers_ci.yml @@ -20,9 +20,7 @@ jobs: paths-filter: runs-on: ubuntu-latest outputs: - driver_changed: ${{ steps.filter.outputs.driver }} - libscap_changed: ${{ steps.filter.outputs.libscap }} - libsinsp_changed: ${{ steps.filter.outputs.libsinsp }} + driver_needs_rebuild: ${{ steps.filter.outputs.driver == 'true' }} || ${{ steps.filter.outputs.libscap == 'true' }} || ${{ steps.filter.outputs.libpman == 'true' }} steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 @@ -33,8 +31,8 @@ jobs: - 'driver/**' libscap: - 'userspace/libscap/**' - libsinsp: - - 'userspace/libsinsp/**' + libpman: + - 'userspace/libpman/**' # This job run all engine tests and scap-open test-scap: @@ -54,13 +52,13 @@ jobs: - name: Checkout Libs โคต๏ธ # We need to skip each step because of https://github.com/orgs/community/discussions/9141. # This avoids having a skipped job whose name is not the resolved matrix name, like "test-scap-${{ matrix.arch }} ๐Ÿ˜† (bundled_deps)" - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - name: Install deps โ›“๏ธ - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' run: | sudo apt update sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 llvm-14 git pkg-config autoconf automake libtool libelf-dev libcap-dev @@ -74,34 +72,34 @@ jobs: - name: Install kernel headers (actuated) uses: self-actuated/get-kernel-sources@master - if: (needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true') && matrix.arch == 'arm64' + if: (needs.paths-filter.outputs.driver_needs_rebuild == 'true' ) && matrix.arch == 'arm64' - name: Install kernel headers - if: (needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true') && matrix.arch == 'amd64' + if: (needs.paths-filter.outputs.driver_needs_rebuild == 'true' ) && matrix.arch == 'amd64' run: | sudo apt install -y --no-install-recommends linux-headers-$(uname -r) - name: Build scap-open and drivers ๐Ÿ—๏ธ - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' run: | mkdir -p build cd build && cmake -DUSE_BUNDLED_DEPS=On -DBUILD_DRIVER=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DBUILD_BPF=On -DBUILD_LIBSCAP_GVISOR=${{ matrix.enable_gvisor }} -DCREATE_TEST_TARGETS=On -DENABLE_LIBSCAP_TESTS=On ../ make scap-open driver bpf libscap_test -j6 - name: Run scap-open with modern bpf ๐ŸŽ๏ธ - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' run: | cd build sudo ./libscap/examples/01-open/scap-open --modern_bpf --num_events 10 - name: Run scap-open with bpf ๐ŸŽ๏ธ - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' run: | cd build sudo ./libscap/examples/01-open/scap-open --bpf ./driver/bpf/probe.o --num_events 10 - name: Run scap-open with kmod ๐ŸŽ๏ธ - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' run: | cd build sudo insmod ./driver/scap.ko @@ -109,7 +107,7 @@ jobs: sudo rmmod scap - name: Run libscap_test ๐ŸŽ๏ธ - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' run: | cd build sudo ./test/libscap/libscap_test @@ -124,13 +122,13 @@ jobs: fail-fast: false steps: - name: Checkout Libs โคต๏ธ - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - name: Install deps โ›“๏ธ - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' run: | sudo apt update sudo apt install -y --no-install-recommends ca-certificates cmake build-essential git pkg-config autoconf automake libelf-dev libcap-dev clang-14 llvm-14 libtool @@ -144,34 +142,34 @@ jobs: - name: Install kernel headers (actuated) uses: self-actuated/get-kernel-sources@master - if: (needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true') && matrix.arch == 'arm64' + if: (needs.paths-filter.outputs.driver_needs_rebuild == 'true') && matrix.arch == 'arm64' - name: Install kernel headers and gcc - if: (needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true') && matrix.arch == 'amd64' + if: (needs.paths-filter.outputs.driver_needs_rebuild == 'true') && matrix.arch == 'amd64' run: | sudo apt install -y --no-install-recommends linux-headers-$(uname -r) gcc-multilib g++-multilib - name: Build drivers tests ๐Ÿ—๏ธ - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' run: | mkdir -p build cd build && cmake -DUSE_BUNDLED_DEPS=ON -DENABLE_DRIVERS_TESTS=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_BPF=True -DBUILD_LIBSCAP_GVISOR=OFF ../ make drivers_test driver bpf -j6 - name: Run drivers_test with modern bpf ๐ŸŽ๏ธ - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' run: | cd build sudo ./test/drivers/drivers_test -m - name: Run drivers_test with bpf ๐ŸŽ๏ธ - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' run: | cd build sudo ./test/drivers/drivers_test -b - name: Run drivers_test with kmod ๐ŸŽ๏ธ - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' run: | cd build sudo ./test/drivers/drivers_test -k @@ -188,14 +186,14 @@ jobs: PLATFORM: ${{ matrix.arch == 'ppc64le' && 'powerpc64le' || 's390x' }} steps: - name: Checkout Libs โคต๏ธ - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - uses: uraimo/run-on-arch-action@4ed76f16f09d12e83abd8a49e1ac1e5bf08784d4 # v2.5.1 name: Run ${{ matrix.arch }} build ๐Ÿ—๏ธ - if: needs.paths-filter.outputs.driver_changed == 'true' || needs.paths-filter.outputs.libscap_changed == 'true' + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' with: arch: ${{ matrix.arch }} distro: ubuntu22.04 @@ -218,3 +216,83 @@ jobs: mkdir -p build cd build && cmake -DBUILD_BPF=On -DUSE_BUNDLED_DEPS=OFF -DMODERN_PROBE_INCLUDE="-I/usr/include/${{env.PLATFORM}}-linux-gnu" -DBUILD_LIBSCAP_MODERN_BPF=ON -DMODERN_BPF_DEBUG_MODE=ON -DENABLE_DRIVERS_TESTS=On -DCREATE_TEST_TARGETS=On -DBUILD_LIBSCAP_GVISOR=OFF ../ KERNELDIR=/lib/modules/$(ls /lib/modules)/build make driver bpf drivers_test -j6 + + build-modern-bpf-skeleton: + needs: paths-filter + # See https://github.com/actions/runner/issues/409#issuecomment-1158849936 + runs-on: ${{ (inputs.arch == 'aarch64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-latest' }} + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' + container: fedora:latest + steps: + # Always install deps before invoking checkout action, to properly perform a full clone. + - name: Install build dependencies + run: | + dnf install -y bpftool ca-certificates cmake make automake gcc gcc-c++ kernel-devel clang git pkg-config autoconf automake libbpf-devel + + - name: Checkout + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + + - name: Build modern BPF skeleton + run: | + mkdir skeleton-build && cd skeleton-build + cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off .. + make ProbeSkeleton -j6 + + - name: Upload skeleton + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: bpf_probe_${{ inputs.arch }}.skel.h + path: skeleton-build/skel_dir/bpf_probe.skel.h + retention-days: 1 + + build-scap-open-w-extern-bpf-skeleton: + needs: [paths-filter,build-modern-bpf-skeleton] + # See https://github.com/actions/runner/issues/409#issuecomment-1158849936 + runs-on: ${{ (inputs.arch == 'aarch64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-latest' }} + if: needs.paths-filter.outputs.driver_needs_rebuild == 'true' + container: centos:7 + steps: + # Always install deps before invoking checkout action, to properly perform a full clone. + - name: Install build dependencies + run: | + yum -y install centos-release-scl + yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ + source /opt/rh/devtoolset-9/enable + yum install -y wget git make m4 rpm-build perl-IPC-Cmd + + - name: Checkout + # It is not possible to upgrade the checkout action to versions >= v4.0.0 because of incompatibilities with centos 7's libc. + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + + - name: Download skeleton + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: bpf_probe_${{ inputs.arch }}.skel.h + path: /tmp + + - name: Install updated cmake + run: | + curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz + gzip -d /tmp/cmake.tar.gz + tar -xpf /tmp/cmake.tar --directory=/tmp + cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr + rm -rf /tmp/cmake-3.22.5-linux-$(uname -m) + + - name: Prepare project + run: | + mkdir build && cd build + source /opt/rh/devtoolset-9/enable + cmake \ + -DCMAKE_BUILD_TYPE=Release \ + -DUSE_BUNDLED_DEPS=On \ + -DBUILD_LIBSCAP_MODERN_BPF=ON \ + -DMODERN_BPF_SKEL_DIR=/tmp \ + -DBUILD_DRIVER=Off \ + -DBUILD_BPF=Off \ + .. + + - name: Build project + run: | + cd build + source /opt/rh/devtoolset-9/enable + make scap-open -j6