diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b990796b3e5..4ea2c5615be 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,76 +11,78 @@ concurrency: cancel-in-progress: true jobs: - build-minimal: - runs-on: ubuntu-20.04 + fetch-version: + uses: ./.github/workflows/reusable_fetch_version.yaml + + build-dev-packages: + needs: [fetch-version] + uses: ./.github/workflows/reusable_build_packages.yaml + with: + arch: x86_64 + version: ${{ needs.fetch-version.outputs.version }} + + test-dev-packages: + needs: [fetch-version, build-dev-packages] + runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 with: fetch-depth: 0 - ref: ${{ github.event.pull_request.head.sha }} - - - name: Update base image - run: sudo apt update -y - - - name: Install build dependencies - run: sudo DEBIAN_FRONTEND=noninteractive apt install libjq-dev libyaml-cpp-dev libelf-dev cmake build-essential git -y - - - name: Prepare project - run: | - mkdir build-minimal - pushd build-minimal - cmake -DMINIMAL_BUILD=On -DBUILD_BPF=Off -DBUILD_DRIVER=Off -DCMAKE_BUILD_TYPE=Release -DBUILD_FALCO_UNIT_TESTS=On .. - popd - - - name: Build - run: | - pushd build-minimal - make -j4 all - popd - - - name: Run unit tests - run: | - pushd build-minimal - sudo ./unit_tests/falco_unit_tests - popd - - build-ubuntu-focal: - runs-on: ubuntu-20.04 - steps: - - name: Checkout - uses: actions/checkout@v3 + submodules: 'true' + + - name: Setup Go + uses: actions/setup-go@v3 with: - fetch-depth: 0 - ref: ${{ github.event.pull_request.head.sha }} - - - name: Update base image - run: sudo apt update -y + go-version: '>=1.17.0' - - name: Install build dependencies - run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libyaml-dev libc-ares-dev libprotobuf-dev protobuf-compiler libjq-dev libyaml-cpp-dev libgrpc++-dev protobuf-compiler-grpc rpm libelf-dev cmake build-essential libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm git -y + - name: Download binary x86_64 + uses: actions/download-artifact@v3 + with: + name: falco-${{ needs.fetch-version.outputs.version }}-x86_64.tar.gz + + - name: Install Falco package + run: | + tar -xvf $(ls falco-*.tar.gz) + cd $(ls falco-*.tar.gz | sed -e 's/\.tar\.gz$//') + sudo cp -r * / - - name: Prepare project + - name: Install go-junit-report run: | - mkdir build - pushd build - cmake -DBUILD_BPF=On -DCMAKE_BUILD_TYPE=Release -DBUILD_FALCO_UNIT_TESTS=On .. + pushd submodules/falcosecurity-testing + go install github.com/jstemmer/go-junit-report/v2@latest popd - - - name: Build + + - name: Generate regression test files run: | - pushd build - KERNELDIR=/lib/modules/$(uname -r)/build make -j4 all + pushd submodules/falcosecurity-testing + go generate ./... popd - - name: Run unit tests + - name: Run regression tests run: | - pushd build - sudo ./unit_tests/falco_unit_tests + pushd submodules/falcosecurity-testing + ./build/falco.test -test.timeout=90s -test.v >> ./report.txt 2>&1 || true + ./build/falcoctl.test -test.timeout=90s -test.v >> ./report.txt 2>&1 || true + ./build/k8saudit.test -test.timeout=90s -test.v >> ./report.txt 2>&1 || true + cat ./report.txt | go-junit-report -set-exit-code > report.xml popd - build-ubuntu-focal-debug: - runs-on: ubuntu-20.04 + - name: Test Summary + if: always() # run this even if previous step fails + uses: test-summary/action@v2 + with: + paths: "submodules/falcosecurity-testing/report.xml" + show: "fail" + + build-dev: + strategy: + fail-fast: false + matrix: + machine: ['ubuntu-20.04'] + buildmode: ['Debug', 'Release'] + minimal: ['', 'minimal'] + runs-on: ${{ matrix.machine }} steps: - name: Checkout uses: actions/checkout@v3 @@ -90,15 +92,25 @@ jobs: - name: Update base image run: sudo apt update -y - + - name: Install build dependencies - run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libyaml-dev libc-ares-dev libprotobuf-dev protobuf-compiler libjq-dev libyaml-cpp-dev libgrpc++-dev protobuf-compiler-grpc rpm libelf-dev cmake build-essential libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm git -y + run: sudo DEBIAN_FRONTEND=noninteractive apt install libjq-dev libelf-dev libyaml-cpp-dev cmake build-essential git -y + - name: Install build dependencies (non-minimal) + if: matrix.minimal != 'minimal' + run: sudo DEBIAN_FRONTEND=noninteractive apt install libssl-dev libyaml-dev libc-ares-dev libprotobuf-dev protobuf-compiler libgrpc++-dev protobuf-compiler-grpc rpm libcurl4-openssl-dev linux-headers-$(uname -r) clang llvm -y + - name: Prepare project run: | mkdir build pushd build - cmake -DCMAKE_BUILD_TYPE=Debug -DBUILD_BPF=On -DBUILD_FALCO_UNIT_TESTS=On .. + cmake \ + -DBUILD_FALCO_UNIT_TESTS=On \ + -DCMAKE_BUILD_TYPE=${{ matrix.buildmode }} \ + -DBUILD_BPF=${{ matrix.minimal == 'minimal' && 'OFF' || 'ON' }} \ + -DBUILD_DRIVER=${{ matrix.minimal == 'minimal' && 'OFF' || 'ON' }} \ + -DMINIMAL_BUILD=${{ matrix.minimal == 'minimal' && 'ON' || 'OFF' }} \ + .. popd - name: Build diff --git a/.github/workflows/master.yaml b/.github/workflows/master.yaml index a7107d4ef39..3bcb8c9969d 100644 --- a/.github/workflows/master.yaml +++ b/.github/workflows/master.yaml @@ -9,37 +9,8 @@ concurrency: cancel-in-progress: true jobs: - # We need to use an ubuntu-latest to fetch Falco version because - # Falco version is computed by some cmake scripts that do git sorceries - # to get the current version. - # But centos7 jobs have a git version too old and actions/checkout does not - # fully clone the repo, but uses http rest api instead. fetch-version: - runs-on: ubuntu-latest - # Map the job outputs to step outputs - outputs: - version: ${{ steps.store_version.outputs.version }} - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Install build dependencies - run: | - sudo apt update - sudo apt install -y cmake build-essential - - - name: Configure project - run: | - mkdir build && cd build - cmake -DUSE_BUNDLED_DEPS=On .. - - - name: Load and store Falco version output - id: store_version - run: | - FALCO_VERSION=$(cat build/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') - echo "version=${FALCO_VERSION}" >> $GITHUB_OUTPUT + uses: ./.github/workflows/reusable_fetch_version.yaml build-dev-packages: needs: [fetch-version] diff --git a/.github/workflows/reusable_fetch_version.yaml b/.github/workflows/reusable_fetch_version.yaml new file mode 100644 index 00000000000..0d9b82cf42b --- /dev/null +++ b/.github/workflows/reusable_fetch_version.yaml @@ -0,0 +1,40 @@ +# This is a reusable workflow used by master and release CI +on: + workflow_call: + outputs: + version: + description: "Falco version" + value: ${{ jobs.fetch-version.outputs.version }} + +jobs: + # We need to use an ubuntu-latest to fetch Falco version because + # Falco version is computed by some cmake scripts that do git sorceries + # to get the current version. + # But centos7 jobs have a git version too old and actions/checkout does not + # fully clone the repo, but uses http rest api instead. + fetch-version: + runs-on: ubuntu-latest + # Map the job outputs to step outputs + outputs: + version: ${{ steps.store_version.outputs.version }} + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Install build dependencies + run: | + sudo apt update + sudo apt install -y cmake build-essential + + - name: Configure project + run: | + mkdir build && cd build + cmake -DUSE_BUNDLED_DEPS=On .. + + - name: Load and store Falco version output + id: store_version + run: | + FALCO_VERSION=$(cat build/userspace/falco/config_falco.h | grep 'FALCO_VERSION ' | cut -d' ' -f3 | sed -e 's/^"//' -e 's/"$//') + echo "version=${FALCO_VERSION}" >> $GITHUB_OUTPUT