-
Notifications
You must be signed in to change notification settings - Fork 164
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'falcosecurity:master' into issue_515_umount2
- Loading branch information
Showing
51 changed files
with
2,477 additions
and
481 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
name: Test drivers against a matrix of kernels/distros | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
libsversion: | ||
description: libs version to be tested | ||
type: string | ||
required: false | ||
default: master | ||
push: | ||
branches: | ||
- master | ||
tags: | ||
- '[0-9]+.[0-9]+.[0-9]+\+driver' | ||
|
||
concurrency: | ||
group: kernel-tests | ||
cancel-in-progress: true | ||
|
||
jobs: | ||
test-kernels: | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
architecture: [X64, ARM64] | ||
runs-on: [ "self-hosted", "linux", "${{matrix.architecture}}" ] | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
with: | ||
repository: falcosecurity/kernel-testing | ||
ref: v0.2.3 | ||
|
||
- name: Generate vars yaml | ||
working-directory: ./ansible-playbooks | ||
run: | | ||
LIBS_V=${{ github.event.inputs.libsversion }} | ||
LIBS_VERSION=${LIBS_V:-${{ github.ref_name }}} | ||
cat > vars.yml <<EOF | ||
run_id: "id-${{ github.run_id }}" | ||
output_dir: "~/ansible_output_${{ github.run_id }}" | ||
repos: | ||
libs: {name: "falcosecurity-libs", repo: "https://github.com/falcosecurity/libs.git", version: "$LIBS_VERSION"} | ||
EOF | ||
- name: Bootstrap VMs | ||
working-directory: ./ansible-playbooks | ||
run: | | ||
ansible-playbook bootstrap.yml --extra-vars "@vars.yml" | ||
- name: Common setup | ||
working-directory: ./ansible-playbooks | ||
run: | | ||
ansible-playbook common.yml --extra-vars "@vars.yml" | ||
- name: Prepare github repos | ||
working-directory: ./ansible-playbooks | ||
run: | | ||
ansible-playbook git-repos.yml --extra-vars "@vars.yml" | ||
- name: Run scap-open tests | ||
working-directory: ./ansible-playbooks | ||
run: | | ||
ansible-playbook scap-open.yml --extra-vars "@vars.yml" || : | ||
- name: Tar output files | ||
run: | | ||
tar -cvf ansible_output.tar ~/ansible_output_${{ github.run_id }} | ||
- uses: actions/upload-artifact@v3 | ||
with: | ||
name: ansible_output_${{matrix.architecture}} | ||
path: ansible_output.tar | ||
|
||
- name: Build matrix_gen | ||
working-directory: ./matrix_gen | ||
env: | ||
GOPATH: /root/go | ||
GOCACHE: /root/.cache/go-build | ||
run: | | ||
go build . | ||
- name: Generate new matrix | ||
working-directory: ./matrix_gen | ||
run: | | ||
./matrix_gen --root-folder ~/ansible_output_${{ github.run_id }} --output-file matrix_${{matrix.architecture}}.md | ||
- uses: actions/upload-artifact@v3 | ||
with: | ||
name: matrix_${{matrix.architecture}} | ||
path: ./matrix_gen/matrix_${{matrix.architecture}}.md | ||
|
||
- name: Cleanup | ||
if: always() | ||
working-directory: ./ansible-playbooks | ||
run: | | ||
ansible-playbook clean-up.yml --extra-vars "@vars.yml" || : |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
name: Deploy Github Pages | ||
on: | ||
workflow_run: | ||
workflows: ["Test drivers against a matrix of kernels/distros"] | ||
types: [completed] | ||
branches: [master] | ||
|
||
permissions: | ||
contents: read | ||
pages: write | ||
id-token: write | ||
|
||
concurrency: | ||
group: "pages" | ||
cancel-in-progress: true | ||
|
||
jobs: | ||
deploy-pages: | ||
environment: | ||
name: github-pages | ||
url: ${{ steps.deployment.outputs.page_url }} | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
|
||
- name: Download matrixes | ||
uses: dawidd6/action-download-artifact@v2 | ||
with: | ||
workflow: kernel_tests.yaml | ||
branch: master | ||
name: matrix_* | ||
name_is_regexp: true | ||
|
||
- name: Disable Table Of Content for matrixes pages | ||
run: | | ||
mv matrix_*/*.md docs/ | ||
sed -i '1s/^/---\nhide:\n- toc\n---\n\n/' docs/matrix_X64.md | ||
sed -i '1s/^/---\nhide:\n- toc\n---\n\n/' docs/matrix_ARM64.md | ||
- uses: actions/setup-python@v2 | ||
with: | ||
python-version: 3.x | ||
|
||
- run: pip install -r requirements.txt | ||
|
||
- run: mkdocs build | ||
|
||
- uses: actions/upload-pages-artifact@v1 | ||
with: | ||
path: 'site' | ||
|
||
- id: deployment | ||
uses: actions/deploy-pages@v1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
name: Generate release body | ||
on: | ||
workflow_run: | ||
workflows: ["Test drivers against a matrix of kernels/distros"] | ||
types: [completed] | ||
branches: ['release/[0-9]+.[0-9]+.x'] # only match real release branches | ||
|
||
permissions: | ||
contents: write | ||
|
||
concurrency: | ||
group: "release-body" | ||
cancel-in-progress: true | ||
|
||
jobs: | ||
release-body: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Download matrixes | ||
uses: dawidd6/action-download-artifact@v2 | ||
with: | ||
workflow: kernel_tests.yaml | ||
name: matrix_* | ||
name_is_regexp: true | ||
run_id: ${{ github.event.workflow_run.id }} | ||
|
||
# Steps: | ||
# Remove everything after the table (ie: since the first line that starts with "# ", | ||
# ie: a markdown section start. | ||
# Remove links to the markdown sections in the table too. | ||
# Then, add a small title to each matrix | ||
# Finally, merge them together | ||
- name: Append matrixes to create release body | ||
run: | | ||
mv matrix_*/*.md . | ||
sed -i -n '/# /q;p' matrix_X64.md | ||
sed -i -n '/# /q;p' matrix_ARM64.md | ||
sed -i 's/\[\(.\)\]([^)]*)/\1/g' matrix_X64.md | ||
sed -i 's/\[\(.\)\]([^)]*)/\1/g' matrix_ARM64.md | ||
sed -i '1s/^/# Driver Testing Matrix amd64\n\n/' matrix_X64.md | ||
sed -i '1s/^/# Driver Testing Matrix arm64\n\n/' matrix_ARM64.md | ||
cat matrix_X64.md matrix_ARM64.md > release-body.md | ||
- name: Release | ||
uses: softprops/action-gh-release@v1 | ||
with: | ||
body_path: ./release-body.md | ||
append_body: true | ||
tag_name: ${{ github.event.workflow_run.head_branch }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# Falcosecurity drivers | ||
|
||
## Falco drivers kernel testing matrixes | ||
|
||
Here you can find kernel testing support matrixes for [Falco](https://falco.org/) drivers. | ||
For more info, make sure to read the [driver kernel testing framework proposal](https://github.com/falcosecurity/libs/blob/master/proposals/20230530-driver-kernel-testing-framework.md). | ||
|
||
## Syscalls Report | ||
|
||
You can also find the list of supported syscalls by our drivers, be it through specific filler or generic. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# Home of Falco drivers kernel testing matrixes | ||
|
||
Basically, we use Ansible playbooks to spawn Firecracker microvms where we can test: | ||
|
||
* kmod and ebpf drivers build | ||
* scap-open run with {kmod,ebpf,modern-bpf} | ||
|
||
The modern-bpf driver-enabled scap-open is built using the exactly same process used by [Falco release pipeline](https://github.com/falcosecurity/falco/blob/master/.github/workflows/reusable_build_packages.yaml#L15): | ||
|
||
* the modern bpf skeleton is built on a Fedora machine | ||
* scap-open with embedded modern-bpf skeleton is built on a centos7 machine to allow largest possible support (old glibc version) | ||
* scap-open binary is copied to each spawned vm | ||
|
||
## Supported Archs | ||
|
||
For now, supported architectures are: | ||
|
||
* AMD64 | ||
* ARM64 | ||
|
||
## Glossary | ||
|
||
* 🟢 -> means that the test was successful | ||
* 🟡 -> means that the test was skipped; you can click the symbol to reach the test section and checkout why the test was skipped. | ||
* ❌ -> means that the test failed; you can click the symbol to reach the test section and checkout why the test failed. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.