Skip to content
Drivers CI Build

sync: cherry-pick for release/0.23.x #4499

Sign in to view logs

sync: cherry-pick for release/0.23.x

sync: cherry-pick for release/0.23.x #4499

Workflow file for this run

.github/workflows/drivers_ci.yml at c085048
name: Drivers CI Build
on:
pull_request:
push:
branches:
- master
- 'release/**'
- 'maintainers/**'
workflow_dispatch:
# we cannot use paths key here since otherwise required_status_checks jobs won't run.
# See https://github.com/orgs/community/discussions/26251.
# We need to use the paths-filter job.
# Checks if any concurrent jobs under the same pull request or branch are being executed
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
paths-filter:
runs-on: ubuntu-24.04
outputs:
driver: ${{ steps.filter.outputs.driver }}
libscap: ${{ steps.filter.outputs.libscap }}
libpman: ${{ steps.filter.outputs.libpman }}
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
filters: |
driver:
- 'driver/**'
libscap:
- 'userspace/libscap/**'
libpman:
- 'userspace/libpman/**'
# This job run all engine tests and scap-open
test-scap:
name: test-scap-${{ matrix.arch }} 😆 (bundled_deps)
runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-24.04-arm') || 'ubuntu-24.04' }}
needs: paths-filter
strategy:
matrix:
arch: [amd64, arm64]
include:
- arch: amd64
enable_gvisor: True
- arch: amd64
enable_gvisor: False
fail-fast: false
steps:
- name: Checkout Libs ⤵️
# We need to skip each step because of https://github.com/orgs/community/discussions/9141.
# This avoids having a skipped job whose name is not the resolved matrix name, like "test-scap-${{ matrix.arch }} 😆 (bundled_deps)"
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0
- name: Install deps ⛓️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
run: |
sudo apt update
sudo apt install -y --no-install-recommends ca-certificates build-essential clang llvm git pkg-config autoconf automake libtool libelf-dev libcap-dev linux-headers-$(uname -r)
- name: Install cmake 🌊
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
uses: ./.github/actions/install-cmake
- name: Install bpftool 🐝
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
uses: ./.github/actions/install-bpftool
with:
arch: ${{ matrix.arch }}
- name: Build scap-open and drivers 🏗️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
run: |
cmake -B build -S . \
-DBUILD_WARNINGS_AS_ERRORS=On \
-DUSE_BUNDLED_DEPS=On \
-DBUILD_DRIVER=ON \
-DBUILD_LIBSCAP_MODERN_BPF=ON \
-DBUILD_BPF=On \
-DBUILD_LIBSCAP_GVISOR=${{ matrix.enable_gvisor }} \
-DCREATE_TEST_TARGETS=On \
-DENABLE_LIBSCAP_TESTS=On \
-DUSE_ASAN=On \
-DUSE_UBSAN=On
cmake --build build --target scap-open driver bpf libscap_test --parallel $(nproc)
- name: Run scap-open with modern bpf 🏎️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
run: |
cd build
sudo ./libscap/examples/01-open/scap-open --modern_bpf --num_events 10
- name: Run scap-open with bpf 🏎️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
run: |
cd build
sudo ./libscap/examples/01-open/scap-open --bpf ./driver/bpf/probe.o --num_events 10
- name: Run scap-open with kmod 🏎️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
run: |
cd build
sudo insmod ./driver/scap.ko
sudo ./libscap/examples/01-open/scap-open --kmod --num_events 10
sudo rmmod scap
- name: Run libscap_test 🏎️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
run: |
cd build
sudo ./test/libscap/libscap_test
- name: Validate scap-open with modern bpf
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
uses: Andreagit97/[email protected]
with:
args: |
--config=$GITHUB_WORKSPACE/driver/modern_bpf/bpfvalidator_config.yaml --cmd="$GITHUB_WORKSPACE/build/libscap/examples/01-open/scap-open --modern_bpf --num_events 10"
test-drivers:
name: test-drivers-${{ matrix.arch }} 😇 (bundled_deps)
runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-24.04-arm') || 'ubuntu-24.04' }}
needs: paths-filter
strategy:
matrix:
arch: [amd64, arm64]
fail-fast: false
steps:
- name: Checkout Libs ⤵️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0
- name: Install deps ⛓️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
run: |
sudo apt update
sudo apt install -y --no-install-recommends ca-certificates build-essential git pkg-config autoconf automake libelf-dev libcap-dev clang llvm libtool linux-headers-$(uname -r)
- name: Install cmake 🌊
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
uses: ./.github/actions/install-cmake
- name: Install bpftool 🐝
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
uses: ./.github/actions/install-bpftool
with:
arch: ${{ matrix.arch }}
- name: Install multilib compilers for ia32 tests
if: (needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true') && matrix.arch == 'amd64'
run: |
sudo apt install -y --no-install-recommends gcc-multilib g++-multilib
- name: Build drivers tests 🏗️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
run: |
cmake -B build -S . \
-DBUILD_WARNINGS_AS_ERRORS=On \
-DUSE_BUNDLED_DEPS=ON \
-DENABLE_DRIVERS_TESTS=ON \
-DBUILD_LIBSCAP_MODERN_BPF=ON \
-DMODERN_BPF_DEBUG_MODE=ON \
-DBUILD_BPF=True \
-DBUILD_LIBSCAP_GVISOR=OFF
cmake --build build --target drivers_test driver bpf --parallel $(nproc)
- name: Run drivers_test with modern bpf 🏎️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
run: |
cd build
sudo ./test/drivers/drivers_test -m
- name: Run drivers_test with bpf 🏎️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
run: |
cd build
sudo ./test/drivers/drivers_test -b
- name: Run drivers_test with kmod 🏎️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
run: |
cd build
sudo ./test/drivers/drivers_test -k
test-drivers-ppc64le:
name: test-drivers-ppc64le 😁 (system_deps,custom node)
runs-on: ubuntu-24.04
# Avoid running on forks since this job uses a private secret
# not available on forks, leading to failures.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == 'falcosecurity/libs'
needs: paths-filter
steps:
- name: Extract branch name
run: echo "GIT_BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_ENV
- name: Build and test drivers on ppc64le node via ssh
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
uses: appleboy/ssh-action@823bd89e131d8d508129f9443cad5855e9ba96f0 # v1.2.4
with:
host: ${{ secrets.PPC64LE_HOST }}
username: ${{ secrets.PPC64LE_USERNAME }}
key: ${{ secrets.PPC64LE_KEY }}
port: ${{ secrets.PPC64LE_PORT }}
envs: GIT_BRANCH,GITHUB_REPOSITORY,GITHUB_SERVER_URL
command_timeout: 60m
script: |
sudo dnf install -y bpftool ca-certificates cmake make automake gcc gcc-c++ kernel-devel clang git pkg-config autoconf libbpf-devel
# Remove, if present, any libs clone created by a previous job run.
rm -rf libs
git clone -b $GIT_BRANCH $GITHUB_SERVER_URL/$GITHUB_REPOSITORY.git libs
cd libs
mkdir -p build && cd build
cmake -B . -S .. \
-DBUILD_WARNINGS_AS_ERRORS=On \
-DUSE_BUNDLED_DEPS=ON \
-DENABLE_DRIVERS_TESTS=ON \
-DBUILD_LIBSCAP_MODERN_BPF=ON \
-DMODERN_BPF_DEBUG_MODE=ON \
-DBUILD_BPF=True \
-DBUILD_LIBSCAP_GVISOR=OFF \
-DUSE_BUNDLED_LIBELF=OFF
cmake --build . --target drivers_test driver bpf --parallel $(nproc)
sudo ./test/drivers/drivers_test -m
rc_modern=$?
sudo ./test/drivers/drivers_test -b
rc_bpf=$?
sudo ./test/drivers/drivers_test -k
rc_kmod=$?
exit $(($rc_modern + $rc_bpf +$rc_kmod))
build-drivers-s390x:
name: build-drivers-s390x 😁 (bundle_deps)
runs-on: ubuntu-24.04-s390x
# Avoid running on forks since the s390x runner doesn't support unauthenticated usage.
# See: https://github.com/IBM/actionspz/blob/main/docs/FAQ.md#what-about-forked-repos.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == 'falcosecurity/libs'
needs: paths-filter
steps:
- name: Checkout Libs ⤵️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0
- name: Install deps ⛓️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
run: |
sudo apt update
sudo apt install -y --no-install-recommends ca-certificates cmake build-essential git pkg-config autoconf automake libelf-dev libcap-dev clang llvm libtool linux-headers-$(uname -r)
- name: Install bpftool 🐝
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
uses: ./.github/actions/install-bpftool
with:
arch: 's390x'
- name: Build drivers tests 🏗️
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
run: |
cmake -B build -S . \
-DBUILD_WARNINGS_AS_ERRORS=On \
-DUSE_BUNDLED_DEPS=ON \
-DENABLE_DRIVERS_TESTS=ON \
-DBUILD_LIBSCAP_MODERN_BPF=ON \
-DMODERN_BPF_DEBUG_MODE=ON \
-DBUILD_BPF=ON \
-DBUILD_LIBSCAP_GVISOR=OFF
cmake --build build --target drivers_test driver bpf --parallel $(nproc)
build-modern-bpf-skeleton:
needs: paths-filter
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
runs-on: 'ubuntu-24.04'
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
container: fedora:41
steps:
# Always install deps before invoking checkout action, to properly perform a full clone.
- name: Install build dependencies
run: |
dnf install -y ca-certificates make automake gcc gcc-c++ kernel-devel clang git pkg-config autoconf libbpf-devel curl
- name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Install cmake 🌊
uses: ./.github/actions/install-cmake
- name: Install bpftool 🐝
uses: ./.github/actions/install-bpftool
with:
arch: 'amd64'
- name: Build modern BPF skeleton
run: |
cmake -B skeleton-build -S . -DUSE_BUNDLED_DEPS=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off
cmake --build skeleton-build --target ProbeSkeleton --parallel $(nproc)
- name: Upload skeleton
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: bpf_probe_x86_64.skel.h
path: skeleton-build/skel_dir/bpf_probe.skel.h
retention-days: 1
build-scap-open-w-extern-bpf-skeleton:
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
needs: [paths-filter,build-modern-bpf-skeleton]
runs-on: 'ubuntu-24.04'
if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true'
steps:
- name: Install build dependencies
run: |
sudo apt update
sudo apt install -y --no-install-recommends ca-certificates build-essential clang-14 llvm-14 git pkg-config autoconf automake libtool libelf-dev libcap-dev
sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90
sudo update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90
sudo update-alternatives --install /usr/bin/llc llc /usr/bin/llc-14 90
- name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Install cmake 🌊
uses: ./.github/actions/install-cmake
- name: Download skeleton
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
name: bpf_probe_x86_64.skel.h
path: /tmp
- name: Prepare project
run: |
cmake -B build -S . \
-DCMAKE_BUILD_TYPE=Release \
-DUSE_BUNDLED_DEPS=On \
-DBUILD_LIBSCAP_MODERN_BPF=ON \
-DMODERN_BPF_SKEL_DIR=/tmp \
-DBUILD_DRIVER=Off \
-DBUILD_BPF=Off
- name: Build project
run: |
cmake --build build --target scap-open --parallel $(nproc)
# Only runs on pull request since on master branch it is already triggered by pages CI.
kernel-tests-dev:
needs: paths-filter
# Avoid running on forks since this job uses a private secret
# not available on forks, leading to failures.
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'falcosecurity/libs' && (needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true')
uses: ./.github/workflows/reusable_kernel_tests.yaml
with:
# Use real branch's HEAD sha, not the merge commit
libsversion: ${{ github.event.pull_request.head.sha }}
secrets: inherit
kernel-tests-pr-info-upload:
needs: kernel-tests-dev
# Avoid running on forks since this job uses a private secret
# not available on forks, leading to failures.
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'falcosecurity/libs' && (needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true')
runs-on: ubuntu-24.04
steps:
- name: Download X64 matrix
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
name: matrix_X64
path: matrix_X64
- name: Download ARM64 matrix
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
with:
name: matrix_ARM64
path: matrix_ARM64
- name: Save PR info
run: |
mkdir -p ./pr
echo ${{ github.event.number }} > ./pr/NR
touch ./pr/COMMENT
echo "# X64 kernel testing matrix" >> ./pr/COMMENT
echo "$(head -n $(grep -n -v -m1 '^|' matrix_X64/matrix.md | awk -F':' '{ print $1 }') matrix_X64/matrix.md)" >> ./pr/COMMENT
echo "" >> ./pr/COMMENT
echo "# ARM64 kernel testing matrix" >> ./pr/COMMENT
echo "$(head -n $(grep -n -v -m1 '^|' matrix_ARM64/matrix.md | awk -F':' '{ print $1 }') matrix_ARM64/matrix.md)" >> ./pr/COMMENT
echo Uploading PR info...
cat ./pr/COMMENT
echo ""
- name: Upload PR info as artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v4
with:
name: pr-kernel-testing
path: pr/
retention-days: 1
if-no-files-found: warn