github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-22 20:29:39 +00:00
Code Issues Projects Releases Wiki Activity

wip: include regression tests in master's CI

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce
2023-06-08 15:54:42 +00:00
committed by poiana
parent 47f9f0d878
commit 598f34ca01
4 changed files with 162 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
.github/workflows/ci.yml vendored
View File

@@ -11,8 +11,31 @@ concurrency:
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
build-minimal: fetch-version:
runs-on: ubuntu-20.04 uses: ./.github/workflows/reusable_fetch_version.yaml
build-dev-packages:
needs: [fetch-version]
uses: ./.github/workflows/reusable_build_packages.yaml
with:
arch: x86_64
version: ${{ needs.fetch-version.outputs.version }}
test-dev-packages:
needs: [fetch-version, build-dev-packages]
uses: ./.github/workflows/reusable_test_packages.yaml
with:
arch: x86_64
version: ${{ needs.fetch-version.outputs.version }}
build-dev:
strategy:
fail-fast: false
matrix:
machine: ['ubuntu-20.04']
buildmode: ['Debug', 'Release']
minimal: ['', 'minimal']
runs-on: ${{ matrix.machine }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
@@ -24,81 +47,23 @@ jobs:
run: sudo apt update -y run: sudo apt update -y
- name: Install build dependencies - name: Install build dependencies
run: sudo DEBIAN_FRONTEND=noninteractive apt install libjq-dev libyaml-cpp-dev libelf-dev cmake build-essential git -y run: sudo DEBIAN_FRONTEND=noninteractive apt install libjq-dev libelf-dev libyaml-cpp-dev cmake build-essential git -y
- name: Prepare project - name: Install build dependencies (non-minimal)
run: | if: matrix.minimal != 'minimal'
mkdir build-minimal run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libyaml-dev libc-ares-dev libprotobuf-dev protobuf-compiler libgrpc++-dev protobuf-compiler-grpc rpm libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm -y
pushd build-minimal
cmake -DMINIMAL_BUILD=On -DBUILD_BPF=Off -DBUILD_DRIVER=Off -DCMAKE_BUILD_TYPE=Release -DBUILD_FALCO_UNIT_TESTS=On ..
popd
- name: Build
run: |
pushd build-minimal
make -j4 all
popd
- name: Run unit tests
run: |
pushd build-minimal
sudo ./unit_tests/falco_unit_tests
popd
build-ubuntu-focal:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Update base image
run: sudo apt update -y
- name: Install build dependencies
run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libyaml-dev libc-ares-dev libprotobuf-dev protobuf-compiler libjq-dev libyaml-cpp-dev libgrpc++-dev protobuf-compiler-grpc rpm libelf-dev cmake build-essential libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm git -y
- name: Prepare project - name: Prepare project
run: | run: |
mkdir build mkdir build
pushd build pushd build
cmake -DBUILD_BPF=On -DCMAKE_BUILD_TYPE=Release -DBUILD_FALCO_UNIT_TESTS=On .. cmake \
popd -DBUILD_FALCO_UNIT_TESTS=On \
-DCMAKE_BUILD_TYPE=${{ matrix.buildmode }} \
- name: Build -DBUILD_BPF=${{ matrix.minimal == 'minimal' && 'OFF' || 'ON' }} \
run: | -DBUILD_DRIVER=${{ matrix.minimal == 'minimal' && 'OFF' || 'ON' }} \
pushd build -DMINIMAL_BUILD=${{ matrix.minimal == 'minimal' && 'ON' || 'OFF' }} \
KERNELDIR=/lib/modules/$(uname -r)/build make -j4 all ..
popd
- name: Run unit tests
run: |
pushd build
sudo ./unit_tests/falco_unit_tests
popd
build-ubuntu-focal-debug:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
- name: Update base image
run: sudo apt update -y
- name: Install build dependencies
run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libyaml-dev libc-ares-dev libprotobuf-dev protobuf-compiler libjq-dev libyaml-cpp-dev libgrpc++-dev protobuf-compiler-grpc rpm libelf-dev cmake build-essential libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm git -y
- name: Prepare project
run: |
mkdir build
pushd build
cmake -DCMAKE_BUILD_TYPE=Debug -DBUILD_BPF=On -DBUILD_FALCO_UNIT_TESTS=On ..
popd popd
- name: Build - name: Build

47
.github/workflows/master.yaml vendored
View File

@@ -9,37 +9,8 @@ concurrency:
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
# We need to use an ubuntu-latest to fetch Falco version because
# Falco version is computed by some cmake scripts that do git sorceries
# to get the current version.
# But centos7 jobs have a git version too old and actions/checkout does not
# fully clone the repo, but uses http rest api instead.
fetch-version: fetch-version:
runs-on: ubuntu-latest uses: ./.github/workflows/reusable_fetch_version.yaml
# Map the job outputs to step outputs
outputs:
version: ${{ steps.store_version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install build dependencies
run: |
sudo apt update
sudo apt install -y cmake build-essential
- name: Configure project
run: |
mkdir build && cd build
cmake -DUSE_BUNDLED_DEPS=On ..
- name: Load and store Falco version output
id: store_version
run: |
FALCO_VERSION=$(cat build/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
echo "version=${FALCO_VERSION}" >> $GITHUB_OUTPUT
build-dev-packages: build-dev-packages:
needs: [fetch-version] needs: [fetch-version]
@@ -57,8 +28,22 @@ jobs:
version: ${{ needs.fetch-version.outputs.version }} version: ${{ needs.fetch-version.outputs.version }}
secrets: inherit secrets: inherit
test-dev-packages:
needs: [fetch-version, build-dev-packages]
uses: ./.github/workflows/reusable_test_packages.yaml
with:
arch: x86_64
version: ${{ needs.fetch-version.outputs.version }}
test-dev-packages-arm64:
needs: [fetch-version, build-dev-packages-arm64]
uses: ./.github/workflows/reusable_test_packages.yaml
with:
arch: aarch64
version: ${{ needs.fetch-version.outputs.version }}
publish-dev-packages: publish-dev-packages:
needs: [fetch-version, build-dev-packages, build-dev-packages-arm64] needs: [fetch-version, test-dev-packages, test-dev-packages-arm64]
uses: ./.github/workflows/reusable_publish_packages.yaml uses: ./.github/workflows/reusable_publish_packages.yaml
with: with:
bucket_suffix: '-dev' bucket_suffix: '-dev'

40
.github/workflows/reusable_fetch_version.yaml vendored Normal file
View File

@@ -0,0 +1,40 @@
# This is a reusable workflow used by master and release CI
on:
workflow_call:
outputs:
version:
description: "Falco version"
value: ${{ jobs.fetch-version.outputs.version }}
jobs:
# We need to use an ubuntu-latest to fetch Falco version because
# Falco version is computed by some cmake scripts that do git sorceries
# to get the current version.
# But centos7 jobs have a git version too old and actions/checkout does not
# fully clone the repo, but uses http rest api instead.
fetch-version:
runs-on: ubuntu-latest
# Map the job outputs to step outputs
outputs:
version: ${{ steps.store_version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install build dependencies
run: |
sudo apt update
sudo apt install -y cmake build-essential
- name: Configure project
run: |
mkdir build && cd build
cmake -DUSE_BUNDLED_DEPS=On ..
- name: Load and store Falco version output
id: store_version
run: |
FALCO_VERSION=$(cat build/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//')
echo "version=${FALCO_VERSION}" >> $GITHUB_OUTPUT

67
.github/workflows/reusable_test_packages.yaml vendored Normal file
View File

@@ -0,0 +1,67 @@
# This is a reusable workflow used by master and release CI
on:
workflow_call:
inputs:
arch:
description: x86_64 or aarch64
required: true
type: string
version:
description: The Falco version to use when testing packages
required: true
type: string
jobs:
test-packages:
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
runs-on: ${{ (inputs.arch == 'aarch64' && fromJSON('[ "self-hosted", "linux", "ARM64" ]')) || 'ubuntu-latest' }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
submodules: 'true'
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: '>=1.17.0'
- name: Download binary
uses: actions/download-artifact@v3
with:
name: falco-${{ inputs.version }}-${{ inputs.arch }}.tar.gz
- name: Install Falco package
run: |
tar -xvf $(ls falco-*.tar.gz)
cd $(ls falco-*.tar.gz | sed -e 's/\.tar\.gz$//')
sudo cp -r * /
- name: Install go-junit-report
run: |
pushd submodules/falcosecurity-testing
go install github.com/jstemmer/go-junit-report/v2@latest
popd
- name: Generate regression test files
run: |
pushd submodules/falcosecurity-testing
go generate ./...
popd
- name: Run regression tests
run: |
pushd submodules/falcosecurity-testing
./build/falco.test -test.timeout=90s -test.v >> ./report.txt 2>&1 || true
./build/falcoctl.test -test.timeout=90s -test.v >> ./report.txt 2>&1 || true
./build/k8saudit.test -test.timeout=90s -test.v >> ./report.txt 2>&1 || true
cat ./report.txt | go-junit-report -set-exit-code > report.xml
popd
- name: Test Summary
if: always() # run this even if previous step fails
uses: test-summary/action@v2
with:
paths: "submodules/falcosecurity-testing/report.xml"
show: "fail"