github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-27 18:40:22 +00:00
Code Issues Projects Releases Wiki Activity

fix(ci): solve malformed worflow issues

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce 2023-08-04 12:03:15 +00:00 committed by poiana
parent f44df95304
commit 23a0005b25
3 changed files with 33 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
.github/workflows/ci.yml vendored
View File

@ -40,8 +40,8 @@ jobs:
with: with:
arch: x86_64 arch: x86_64
git_ref: ${{ github.event.pull_request.head.sha }} git_ref: ${{ github.event.pull_request.head.sha }}
minimal: 'true' minimal: true
build_type: 'Debug' build_type: Debug
# builds using system deps, checking out the PR's code # builds using system deps, checking out the PR's code
# note: this also runs a command that generates an output of form: "<engine_version> <some_hash>", # note: this also runs a command that generates an output of form: "<engine_version> <some_hash>",
@ -54,8 +54,8 @@ jobs:
with: with:
arch: x86_64 arch: x86_64
git_ref: ${{ github.event.pull_request.head.sha }} git_ref: ${{ github.event.pull_request.head.sha }}
minimal: 'false' minimal: false
build_type: 'Debug' build_type: Debug
cmd: "echo $(build/userspace/falco/falco -c ./falco.yaml --version | grep 'Engine:' | awk '{print $2}') $(echo $(build/userspace/falco/falco -c ./falco.yaml --version | grep 'Schema version:' | awk '{print $3}') $(build/userspace/falco/falco -c ./falco.yaml --list --markdown | grep '^`' | sort) $(build/userspace/falco/falco -c ./falco.yaml --list-syscall-events | sort) | sha256sum)" cmd: "echo $(build/userspace/falco/falco -c ./falco.yaml --version | grep 'Engine:' | awk '{print $2}') $(echo $(build/userspace/falco/falco -c ./falco.yaml --version | grep 'Schema version:' | awk '{print $3}') $(build/userspace/falco/falco -c ./falco.yaml --list --markdown | grep '^`' | sort) $(build/userspace/falco/falco -c ./falco.yaml --list-syscall-events | sort) | sha256sum)"
# checks the falco engine checksum for consistency # checks the falco engine checksum for consistency
@ -71,13 +71,16 @@ jobs:
- name: Check Engine checksum - name: Check Engine checksum
run: | run: |
prev_hash=$(grep FALCO_ENGINE_CHECKSUM "./userspace/engine/falco_engine_version.h" | awk '{print $3}' | sed -e 's/"//g') prev_hash=$(grep CHECKSUM "./userspace/engine/falco_engine_version.h" | awk '{print $3}' | sed -e 's/"//g')
cur_hash=$(echo "${{ needs.build-dev.outputs.cmdout }}" | cut -d ' ' -f 2) cur_hash=$(echo "${{ needs.build-dev.outputs.cmdout }}" | cut -d ' ' -f 2)
echo "encoded checksum: $prev_hash"
echo "current checksum: $cur_hash"
if [ $prev_hash != $cur_hash ]; then if [ $prev_hash != $cur_hash ]; then
echo "actual engine checksum differs from the one encoded in userspace/engine/falco_engine_version.h:" echo "current engine checksum differs from the one encoded in userspace/engine/falco_engine_version.h"
echo "encoded: $prev_hash" exit 1
echo "current: $cur_hash" else
echo "current and encoded engine checksum are matching"
fi fi
# checks the falco engine version and enforce bumping when necessary # checks the falco engine version and enforce bumping when necessary
@ -93,22 +96,22 @@ jobs:
- name: Check Engine version - name: Check Engine version
run: | run: |
base_hash=$(grep FALCO_ENGINE_CHECKSUM "./userspace/engine/falco_engine_version.h" | awk '{print $3}' | sed -e 's/"//g') base_hash=$(grep CHECKSUM "./userspace/engine/falco_engine_version.h" | awk '{print $3}' | sed -e 's/"//g')
base_engine_ver=$(grep FALCO_ENGINE_VERSION "./userspace/engine/falco_engine_version.h" | awk '{print $3}' | sed -e 's/(//g' -e 's/)//g') base_engine_ver=$(grep ENGINE_VERSION "./userspace/engine/falco_engine_version.h" | awk '{print $3}' | sed -e 's/(//g' -e 's/)//g')
cur_hash=$(echo "${{ needs.build-dev.outputs.cmdout }}" | cut -d ' ' -f 2) cur_hash=$(echo "${{ needs.build-dev.outputs.cmdout }}" | cut -d ' ' -f 2)
cur_engine_ver=$(echo "${{ needs.build-dev.outputs.cmdout }}" | cut -d ' ' -f 1) cur_engine_ver=$(echo "${{ needs.build-dev.outputs.cmdout }}" | cut -d ' ' -f 1)
if [ $base_hash != $cur_hash ]; then echo "baseref checksum: $base_hash"
echo "engine checksum for baseref and headref differ:" echo "baseref engine version: $base_engine_ver"
echo "baseref: $base_hash" echo "headref checksum: $cur_hash"
echo "headref: $cur_hash" echo "headref engine version: $cur_engine_ver"
if [ $base_engine_ver == $cur_engine_ver ]; then if [ "$base_hash" != "$cur_hash" ]; then
echo "engine version must be bumped:" echo "engine checksum for baseref and headref differ"
echo $cur_engine_ver if [ "$base_engine_ver" == "$cur_engine_ver" ]; then
echo "engine version must be bumped"
exit 1
else else
echo "engine version for baseref and headref differ too, so no bump is required:" echo "engine version for baseref and headref differ too, so no bump is required"
echo "baseref: $base_engine_ver"
echo "headref: $cur_engine_ver"
fi fi
fi fi

10
.github/workflows/reusable_build_dev.yaml vendored
View File

@ -17,7 +17,7 @@ on:
build_type: build_type:
description: One of 'Debug' or 'Release' description: One of 'Debug' or 'Release'
required: true required: true
type: boolean type: string
git_ref: git_ref:
description: Git ref used for checking out the code description: Git ref used for checking out the code
required: true required: true
@ -49,7 +49,7 @@ jobs:
run: sudo DEBIAN_FRONTEND=noninteractive apt install libjq-dev libelf-dev libyaml-cpp-dev cmake build-essential git -y run: sudo DEBIAN_FRONTEND=noninteractive apt install libjq-dev libelf-dev libyaml-cpp-dev cmake build-essential git -y
- name: Install build dependencies (non-minimal) - name: Install build dependencies (non-minimal)
if: inputs.minimal == 'true' if: inputs.minimal != true
run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libyaml-dev libc-ares-dev libprotobuf-dev protobuf-compiler libgrpc++-dev protobuf-compiler-grpc rpm libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm -y run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libyaml-dev libc-ares-dev libprotobuf-dev protobuf-compiler libgrpc++-dev protobuf-compiler-grpc rpm libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm -y
- name: Prepare project - name: Prepare project
@ -59,9 +59,9 @@ jobs:
cmake \ cmake \
-DBUILD_FALCO_UNIT_TESTS=On \ -DBUILD_FALCO_UNIT_TESTS=On \
-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} \ -DCMAKE_BUILD_TYPE=${{ inputs.build_type }} \
-DBUILD_BPF=${{ inputs.minimal == 'true' && 'OFF' || 'ON' }} \ -DBUILD_BPF=${{ inputs.minimal == true && 'OFF' || 'ON' }} \
-DBUILD_DRIVER=${{ inputs.minimal == 'true' && 'OFF' || 'ON' }} \ -DBUILD_DRIVER=${{ inputs.minimal == true && 'OFF' || 'ON' }} \
-DMINIMAL_BUILD=${{ inputs.minimal == 'true' && 'ON' || 'OFF' }} \ -DMINIMAL_BUILD=${{ inputs.minimal == true && 'ON' || 'OFF' }} \
.. ..
popd popd

5
userspace/engine/falco_engine_version.h
View File

@ -22,8 +22,9 @@ limitations under the License.
// at build time to detect a changed set of fields. // at build time to detect a changed set of fields.
// This is the result of running the following command: // This is the result of running the following command:
// echo $(falco -c ./falco.yaml --version | grep 'Engine:' | awk '{print $2}') $(echo $(falco -c ./falco.yaml --version | grep 'Schema version:' | awk '{print $3}') $(falco -c ./falco.yaml --list --markdown | grep '^`' | sort) $(falco -c ./falco.yaml --list-syscall-events | sort) | sha256sum) // FALCO="falco -c ./falco.yaml"
// echo $($FALCO --version | grep 'Engine:' | awk '{print $2}') $(echo $($FALCO --version | grep 'Schema version:' | awk '{print $3}') $($FALCO --list --markdown | grep '^`' | sort) $($FALCO --list-syscall-events | sort) | sha256sum)
// It represents the fields supported by this version of Falco, // It represents the fields supported by this version of Falco,
// the event types, and the underlying driverevent schema. It's used to // the event types, and the underlying driverevent schema. It's used to
// detetect changes in engine version in our CI jobs. // detetect changes in engine version in our CI jobs.
#define FALCO_ENGINE_CHECKSUM "1d7f91f22d40074c56c705f5e494b7fae51aee1b7ababc8c70cfa63c6d6671c2" #define FALCO_ENGINE_CHECKSUM "96d8d3fc828e5c8c16184d66d0e7d5970864249e9b20cd736acaf70dc6431e0f"