Datapath BPF Complexity (ci-verifier) #716
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Datapath BPF Complexity (ci-verifier) | |
# Any change in triggers needs to be reflected in the concurrency group. | |
on: | |
workflow_dispatch: | |
inputs: | |
PR-number: | |
description: "Pull request number." | |
required: true | |
context-ref: | |
description: "Context in which the workflow runs. If PR is from a fork, will be the PR target branch (general case). If PR is NOT from a fork, will be the PR branch itself (this allows committers to test changes to workflows directly from PRs)." | |
required: true | |
SHA: | |
description: "SHA under test (head of the PR branch)." | |
required: true | |
extra-args: | |
description: "[JSON object] Arbitrary arguments passed from the trigger comment via regex capture group. Parse with 'fromJson(inputs.extra-args).argName' in workflow." | |
required: false | |
default: '{}' | |
push: | |
branches: | |
- 'renovate/main-**' | |
# Run every 8 hours | |
schedule: | |
- cron: '0 5/8 * * *' | |
# By specifying the access of one of the scopes, all of those that are not | |
# specified are set to 'none'. | |
permissions: | |
# To read actions state with catchpoint/workflow-telemetry-action | |
actions: read | |
# To be able to access the repository with actions/checkout | |
contents: read | |
# To allow retrieving information from the PR API | |
pull-requests: read | |
# To be able to set commit status | |
statuses: write | |
concurrency: | |
# Structure: | |
# - Workflow name | |
# - Event type | |
# - A unique identifier depending on event type: | |
# - schedule: SHA | |
# - workflow_dispatch: PR number | |
# | |
# This structure ensures a unique concurrency group name is generated for each | |
# type of testing, such that re-runs will cancel the previous run. | |
group: | | |
${{ github.workflow }} | |
${{ github.event_name }} | |
${{ | |
(github.event_name == 'push' && github.sha) || | |
(github.event_name == 'schedule' && github.sha) || | |
(github.event_name == 'workflow_dispatch' && github.event.inputs.PR-number) | |
}} | |
cancel-in-progress: true | |
env: | |
# renovate: datasource=golang-version depName=go | |
go-version: 1.23.2 | |
jobs: | |
echo-inputs: | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
name: Echo Workflow Dispatch Inputs | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Echo Workflow Dispatch Inputs | |
run: | | |
echo '${{ tojson(inputs) }}' | |
commit-status-start: | |
name: Commit Status Start | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set initial commit status | |
uses: myrotvorets/set-commit-status-action@3730c0a348a2ace3c110851bed53331bc6406e9f # v2.0.1 | |
with: | |
sha: ${{ inputs.SHA || github.sha }} | |
setup-and-test: | |
runs-on: ${{ vars.GH_RUNNER_EXTRA_POWER_UBUNTU_LATEST || 'ubuntu-latest' }} | |
name: Setup & Test | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
# renovate: datasource=docker depName=quay.io/lvh-images/complexity-test | |
- kernel: '5.4-20241010.074256' | |
ci-kernel: '54' | |
# renovate: datasource=docker depName=quay.io/lvh-images/complexity-test | |
- kernel: 'rhel8-20240730.211420' | |
ci-kernel: '54' | |
# renovate: datasource=docker depName=quay.io/lvh-images/complexity-test | |
- kernel: '5.10-20241010.074256' | |
ci-kernel: '510' | |
# renovate: datasource=docker depName=quay.io/lvh-images/complexity-test | |
- kernel: '5.15-20241010.074256' | |
ci-kernel: '510' | |
# renovate: datasource=docker depName=quay.io/lvh-images/complexity-test | |
- kernel: '6.1-20241010.074256' | |
ci-kernel: '61' | |
# renovate: datasource=docker depName=quay.io/lvh-images/complexity-test | |
- kernel: '6.6-20241010.074256' | |
ci-kernel: '61' | |
# renovate: datasource=docker depName=quay.io/lvh-images/complexity-test | |
- kernel: 'bpf-next-20241018.013308' | |
ci-kernel: 'netnext' | |
timeout-minutes: 60 | |
steps: | |
- name: Collect Workflow Telemetry | |
uses: catchpoint/workflow-telemetry-action@94c3c3d9567a0205de6da68a76c428ce4e769af1 # v2.0.0 | |
with: | |
comment_on_pr: false | |
# Warning: since this is a privileged workflow, subsequent workflow job | |
# steps must take care not to execute untrusted code. | |
- name: Checkout pull request branch (NOT TRUSTED) | |
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
with: | |
ref: ${{ inputs.SHA || github.sha }} | |
persist-credentials: false | |
- name: Provision LVH VMs | |
uses: cilium/little-vm-helper@97c89f004bd0ab4caeacfe92ebc956e13e362e6b # v0.0.19 | |
with: | |
test-name: datapath-bpf-complexity | |
image: 'complexity-test' | |
image-version: ${{ matrix.kernel }} | |
host-mount: ./ | |
images-folder-parent: "/tmp" | |
cpu: 4 | |
# renovate: datasource=github-tags depName=cilium/little-vm-helper | |
lvh-version: "v0.0.19" | |
install-dependencies: 'true' | |
cmd: | | |
for i in {1..5}; do curl "https://golang.org" > /dev/null 2>&1 && break || sleep 5; echo "Waiting for systemd-resolved to be ready..."; done | |
git config --global --add safe.directory /host | |
uname -a | |
# The LVH image might ship with an arbitrary Go toolchain version, | |
# install the same Go toolchain version as current HEAD. | |
CGO_ENABLED=0 GOPROXY=direct GOSUMDB= go install golang.org/dl/go${{ env.go-version }}@latest | |
go${{ env.go-version }} download | |
# The LVH image ships with LLVM taken from a release Cilium version. | |
# Replace it with the one extracted from the cilium-builder image. | |
/host/contrib/scripts/extract-llvm.sh /tmp/llvm | |
mv /tmp/llvm/usr/local/bin/{clang,llc} /bin/ | |
rm -r /tmp/llvm | |
- name: Run verifier tests | |
uses: cilium/little-vm-helper@97c89f004bd0ab4caeacfe92ebc956e13e362e6b # v0.0.19 | |
with: | |
provision: 'false' | |
cmd: | | |
cd /host/ | |
# Run with cgo disabled, LVH images don't ship with gcc. | |
CGO_ENABLED=0 go${{ env.go-version }} test -v -parallel=1 -timeout=20m ./test/verifier -cilium-base-path /host -ci-kernel-version ${{ matrix.ci-kernel }} | |
- name: Fetch artifacts | |
if: ${{ !success() }} | |
uses: cilium/little-vm-helper@97c89f004bd0ab4caeacfe92ebc956e13e362e6b # v0.0.19 | |
with: | |
provision: 'false' | |
cmd: | | |
cd /host | |
mkdir datapath-verifier | |
find test/verifier \( -name "*.log" -o -name "*.o" \) -exec cp -v {} datapath-verifier/ \; | |
- name: Upload artifacts | |
if: ${{ !success() }} | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: datapath-verifier_${{ matrix.kernel }} | |
path: datapath-verifier | |
retention-days: 5 | |
commit-status-final: | |
if: ${{ always() }} | |
name: Commit Status Final | |
needs: setup-and-test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set final commit status | |
uses: myrotvorets/set-commit-status-action@3730c0a348a2ace3c110851bed53331bc6406e9f # v2.0.1 | |
with: | |
sha: ${{ inputs.SHA || github.sha }} | |
status: ${{ needs.setup-and-test.result }} |