Skip to content

Datapath BPF Complexity (ci-verifier) #716

Datapath BPF Complexity (ci-verifier)

Datapath BPF Complexity (ci-verifier) #716

name: Datapath BPF Complexity (ci-verifier)
# Any change in triggers needs to be reflected in the concurrency group.
on:
workflow_dispatch:
inputs:
PR-number:
description: "Pull request number."
required: true
context-ref:
description: "Context in which the workflow runs. If PR is from a fork, will be the PR target branch (general case). If PR is NOT from a fork, will be the PR branch itself (this allows committers to test changes to workflows directly from PRs)."
required: true
SHA:
description: "SHA under test (head of the PR branch)."
required: true
extra-args:
description: "[JSON object] Arbitrary arguments passed from the trigger comment via regex capture group. Parse with 'fromJson(inputs.extra-args).argName' in workflow."
required: false
default: '{}'
push:
branches:
- 'renovate/main-**'
# Run every 8 hours
schedule:
- cron: '0 5/8 * * *'
# By specifying the access of one of the scopes, all of those that are not
# specified are set to 'none'.
permissions:
# To read actions state with catchpoint/workflow-telemetry-action
actions: read
# To be able to access the repository with actions/checkout
contents: read
# To allow retrieving information from the PR API
pull-requests: read
# To be able to set commit status
statuses: write
concurrency:
# Structure:
# - Workflow name
# - Event type
# - A unique identifier depending on event type:
# - schedule: SHA
# - workflow_dispatch: PR number
#
# This structure ensures a unique concurrency group name is generated for each
# type of testing, such that re-runs will cancel the previous run.
group: |
${{ github.workflow }}
${{ github.event_name }}
${{
(github.event_name == 'push' && github.sha) ||
(github.event_name == 'schedule' && github.sha) ||
(github.event_name == 'workflow_dispatch' && github.event.inputs.PR-number)
}}
cancel-in-progress: true
env:
# renovate: datasource=golang-version depName=go
go-version: 1.23.2
jobs:
echo-inputs:
if: ${{ github.event_name == 'workflow_dispatch' }}
name: Echo Workflow Dispatch Inputs
runs-on: ubuntu-24.04
steps:
- name: Echo Workflow Dispatch Inputs
run: |
echo '${{ tojson(inputs) }}'
commit-status-start:
name: Commit Status Start
runs-on: ubuntu-latest
steps:
- name: Set initial commit status
uses: myrotvorets/set-commit-status-action@3730c0a348a2ace3c110851bed53331bc6406e9f # v2.0.1
with:
sha: ${{ inputs.SHA || github.sha }}
setup-and-test:
runs-on: ${{ vars.GH_RUNNER_EXTRA_POWER_UBUNTU_LATEST || 'ubuntu-latest' }}
name: Setup & Test
strategy:
fail-fast: false
matrix:
include:
# renovate: datasource=docker depName=quay.io/lvh-images/complexity-test
- kernel: '5.4-20241010.074256'
ci-kernel: '54'
# renovate: datasource=docker depName=quay.io/lvh-images/complexity-test
- kernel: 'rhel8-20240730.211420'
ci-kernel: '54'
# renovate: datasource=docker depName=quay.io/lvh-images/complexity-test
- kernel: '5.10-20241010.074256'
ci-kernel: '510'
# renovate: datasource=docker depName=quay.io/lvh-images/complexity-test
- kernel: '5.15-20241010.074256'
ci-kernel: '510'
# renovate: datasource=docker depName=quay.io/lvh-images/complexity-test
- kernel: '6.1-20241010.074256'
ci-kernel: '61'
# renovate: datasource=docker depName=quay.io/lvh-images/complexity-test
- kernel: '6.6-20241010.074256'
ci-kernel: '61'
# renovate: datasource=docker depName=quay.io/lvh-images/complexity-test
- kernel: 'bpf-next-20241018.013308'
ci-kernel: 'netnext'
timeout-minutes: 60
steps:
- name: Collect Workflow Telemetry
uses: catchpoint/workflow-telemetry-action@94c3c3d9567a0205de6da68a76c428ce4e769af1 # v2.0.0
with:
comment_on_pr: false
# Warning: since this is a privileged workflow, subsequent workflow job
# steps must take care not to execute untrusted code.
- name: Checkout pull request branch (NOT TRUSTED)
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
ref: ${{ inputs.SHA || github.sha }}
persist-credentials: false
- name: Provision LVH VMs
uses: cilium/little-vm-helper@97c89f004bd0ab4caeacfe92ebc956e13e362e6b # v0.0.19
with:
test-name: datapath-bpf-complexity
image: 'complexity-test'
image-version: ${{ matrix.kernel }}
host-mount: ./
images-folder-parent: "/tmp"
cpu: 4
# renovate: datasource=github-tags depName=cilium/little-vm-helper
lvh-version: "v0.0.19"
install-dependencies: 'true'
cmd: |
for i in {1..5}; do curl "https://golang.org" > /dev/null 2>&1 && break || sleep 5; echo "Waiting for systemd-resolved to be ready..."; done
git config --global --add safe.directory /host
uname -a
# The LVH image might ship with an arbitrary Go toolchain version,
# install the same Go toolchain version as current HEAD.
CGO_ENABLED=0 GOPROXY=direct GOSUMDB= go install golang.org/dl/go${{ env.go-version }}@latest
go${{ env.go-version }} download
# The LVH image ships with LLVM taken from a release Cilium version.
# Replace it with the one extracted from the cilium-builder image.
/host/contrib/scripts/extract-llvm.sh /tmp/llvm
mv /tmp/llvm/usr/local/bin/{clang,llc} /bin/
rm -r /tmp/llvm
- name: Run verifier tests
uses: cilium/little-vm-helper@97c89f004bd0ab4caeacfe92ebc956e13e362e6b # v0.0.19
with:
provision: 'false'
cmd: |
cd /host/
# Run with cgo disabled, LVH images don't ship with gcc.
CGO_ENABLED=0 go${{ env.go-version }} test -v -parallel=1 -timeout=20m ./test/verifier -cilium-base-path /host -ci-kernel-version ${{ matrix.ci-kernel }}
- name: Fetch artifacts
if: ${{ !success() }}
uses: cilium/little-vm-helper@97c89f004bd0ab4caeacfe92ebc956e13e362e6b # v0.0.19
with:
provision: 'false'
cmd: |
cd /host
mkdir datapath-verifier
find test/verifier \( -name "*.log" -o -name "*.o" \) -exec cp -v {} datapath-verifier/ \;
- name: Upload artifacts
if: ${{ !success() }}
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: datapath-verifier_${{ matrix.kernel }}
path: datapath-verifier
retention-days: 5
commit-status-final:
if: ${{ always() }}
name: Commit Status Final
needs: setup-and-test
runs-on: ubuntu-latest
steps:
- name: Set final commit status
uses: myrotvorets/set-commit-status-action@3730c0a348a2ace3c110851bed53331bc6406e9f # v2.0.1
with:
sha: ${{ inputs.SHA || github.sha }}
status: ${{ needs.setup-and-test.result }}