From dabdfe11dc7761ec1fb7eba7da3db448bb0a670c Mon Sep 17 00:00:00 2001
From: Navin Chandra <navinchandra772@gmail.com>
Date: Thu, 29 Aug 2024 18:31:47 +0000
Subject: [PATCH] Calculate coverage for systemd

Signed-off-by: Navin Chandra <navinchandra772@gmail.com>
---
 .github/workflows/ci-merge-coverage.yaml | 22 +++++---
 .github/workflows/ci-test-systemd.yml    | 68 ++++++++++++++++++++++--
 2 files changed, 81 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/ci-merge-coverage.yaml b/.github/workflows/ci-merge-coverage.yaml
index d26d37bd4e..a9bba2181f 100644
--- a/.github/workflows/ci-merge-coverage.yaml
+++ b/.github/workflows/ci-merge-coverage.yaml
@@ -2,7 +2,7 @@ name: ci-merge-coverage
 
 on:
   workflow_run:
-    workflows: [ci-test-ginkgo]
+    workflows: [ci-test-ginkgo, ci-test-systemd]
     types:
       - completed
 
@@ -12,10 +12,14 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 60
     steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: true
+
       - name: Check if all required workflows completed successfully
         id: check-workflows
         run: |
-          workflows=("ci-test-ginkgo")
+          workflows=("ci-test-ginkgo" "ci-test-systemd")
           all_completed=true
 
           commit_sha=$(git rev-parse HEAD)
@@ -43,10 +47,6 @@ jobs:
           fi
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - uses: actions/checkout@v3
-        with:
-          submodules: true
           
       - uses: actions/setup-go@v5
         with:
@@ -62,6 +62,16 @@ jobs:
           name_is_regexp: true
           search_artifacts: true
 
+      - name: Download systemd coverage files from ci-test-systemd
+        if: ${{ env.ci-test-systemd_status == 'success' }}
+        uses: dawidd6/action-download-artifact@v6
+        with:
+          workflow: ci-test-systemd.yml
+          name: coverage.*
+          path: KubeArmor/
+          name_is_regexp: true
+          search_artifacts: true
+
       - uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/ci-test-systemd.yml b/.github/workflows/ci-test-systemd.yml
index f9a9595b3b..059c3d7ee8 100644
--- a/.github/workflows/ci-test-systemd.yml
+++ b/.github/workflows/ci-test-systemd.yml
@@ -22,7 +22,11 @@ permissions: read-all
 jobs:
   build:
     name: Test KubeArmor in Systemd Mode
-    runs-on: ubuntu-20.04
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, bpflsm]
+    timeout-minutes: 60
     steps:
       - uses: actions/checkout@v3
         with:
@@ -44,6 +48,14 @@ jobs:
           install-only: true
           version: v1.25.0
 
+      - name: Install protoc-gen-go
+        if: ${{ matrix.os == 'bpflsm' }}
+        run: |
+          go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
+          go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
+        env:
+          GOPATH: /home/vagrant/go
+
       - name: Build Systemd Release
         run: make local-release
         working-directory: KubeArmor
@@ -52,6 +64,21 @@ jobs:
         run: sudo apt install -y ./dist/kubearmor*amd64.deb
         working-directory: KubeArmor
 
+      - name: Compile test binary
+        run: go test -covermode=atomic -coverpkg=./... -c . -o kubearmor-test
+        working-directory: KubeArmor
+
+      - name: Replace with test binary
+        run: |
+          sudo mkdir -p /coverage
+          sudo rm /opt/kubearmor/kubearmor
+          sudo cp kubearmor-test /opt/kubearmor/
+          ls -l /opt/kubearmor/
+          sudo sed -i 's|ExecStart=/opt/kubearmor/kubearmor|ExecStart=/opt/kubearmor/kubearmor-test -test.coverprofile=/coverage/coverage_systemd.out|' /lib/systemd/system/kubearmor.service
+          sudo systemctl daemon-reload
+          sudo systemctl restart kubearmor.service
+        working-directory: KubeArmor
+
       - name: Check journalctl
         run: sudo journalctl -u kubearmor --no-pager
       
@@ -61,5 +88,40 @@ jobs:
           make
         working-directory: ./tests/nonk8s_env
         timeout-minutes: 30
-        
-      
+
+      - name: Kill kubearmor process and copy coverage file
+        run: |
+          sudo systemctl stop kubearmor
+          sleep 15
+          for i in {1..24}; do
+            if [ -f /coverage/coverage_systemd.out ]; then
+              sudo cp /coverage/coverage_systemd.out coverage_systemd_${{ matrix.os }}.out
+              break
+            fi
+            sleep 5
+          done
+        working-directory: KubeArmor
+
+      - name: Measure code coverage
+        if: ${{ always() }}
+        run: |
+          ls -l
+          go tool cover -func coverage_systemd_${{ matrix.os }}.out
+        working-directory: KubeArmor
+        env:
+          GOPATH: ${{ matrix.os == 'bpflsm' && '/home/vagrant/go' || '/home/runner/go' }}
+
+      - name: Save coverage file
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-systemd-${{ matrix.os }}
+          path: KubeArmor/coverage_systemd_${{ matrix.os }}.out
+
+      - name: Run cleanup
+        if: ${{ always() && matrix.os == 'bpflsm' }}
+        run: |
+          sudo systemctl disable kubearmor.service
+          sudo rm -rf /opt/kubearmor/
+          sudo apt-get --purge remove -y kubearmor
+          sudo systemctl daemon-reload