new(libsinsp): add concatenated process lineage filter fields + sinsp_filter_check_thread helpers cleanup #658
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Drivers CI Build | |
on: | |
pull_request: | |
push: | |
branches: | |
- master | |
- 'release/**' | |
- 'maintainers/**' | |
workflow_dispatch: | |
# we cannot use paths key here since otherwise required_status_checks jobs won't run. | |
# See https://github.com/orgs/community/discussions/26251. | |
# We need to use the paths-filter job. | |
# Checks if any concurrent jobs under the same pull request or branch are being executed | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
paths-filter: | |
runs-on: ubuntu-latest | |
outputs: | |
driver_needs_rebuild: ${{ steps.filter.outputs.driver == 'true' }} || ${{ steps.filter.outputs.libscap == 'true' }} || ${{ steps.filter.outputs.libpman == 'true' }} | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 | |
id: filter | |
with: | |
filters: | | |
driver: | |
- 'driver/**' | |
libscap: | |
- 'userspace/libscap/**' | |
libpman: | |
- 'userspace/libpman/**' | |
# This job run all engine tests and scap-open | |
test-scap: | |
name: test-scap-${{ matrix.arch }} 😆 (bundled_deps) | |
runs-on: ${{ (matrix.arch == 'arm64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-22.04' }} | |
needs: paths-filter | |
strategy: | |
matrix: | |
arch: [amd64, arm64] | |
include: | |
- arch: amd64 | |
enable_gvisor: True | |
- arch: amd64 | |
enable_gvisor: False | |
fail-fast: false | |
steps: | |
- name: Checkout Libs ⤵️ | |
# We need to skip each step because of https://github.com/orgs/community/discussions/9141. | |
# This avoids having a skipped job whose name is not the resolved matrix name, like "test-scap-${{ matrix.arch }} 😆 (bundled_deps)" | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Install deps ⛓️ | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
run: | | |
sudo apt update | |
sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 llvm-14 git pkg-config autoconf automake libtool libelf-dev libcap-dev | |
sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90 | |
sudo update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90 | |
sudo update-alternatives --install /usr/bin/llc llc /usr/bin/llc-14 90 | |
git clone https://github.com/libbpf/bpftool.git --branch v7.3.0 --single-branch | |
cd bpftool | |
git submodule update --init | |
cd src && sudo make install | |
- name: Install kernel headers (actuated) | |
uses: self-actuated/get-kernel-sources@master | |
if: (needs.paths-filter.outputs.driver_needs_rebuild) && matrix.arch == 'arm64' | |
- name: Install kernel headers | |
if: (needs.paths-filter.outputs.driver_needs_rebuild) && matrix.arch == 'amd64' | |
run: | | |
sudo apt install -y --no-install-recommends linux-headers-$(uname -r) | |
- name: Build scap-open and drivers 🏗️ | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
run: | | |
mkdir -p build | |
cd build && cmake -DUSE_BUNDLED_DEPS=On -DBUILD_DRIVER=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DBUILD_BPF=On -DBUILD_LIBSCAP_GVISOR=${{ matrix.enable_gvisor }} -DCREATE_TEST_TARGETS=On -DENABLE_LIBSCAP_TESTS=On ../ | |
make scap-open driver bpf libscap_test -j6 | |
- name: Run scap-open with modern bpf 🏎️ | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
run: | | |
cd build | |
sudo ./libscap/examples/01-open/scap-open --modern_bpf --num_events 10 | |
- name: Run scap-open with bpf 🏎️ | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
run: | | |
cd build | |
sudo ./libscap/examples/01-open/scap-open --bpf ./driver/bpf/probe.o --num_events 10 | |
- name: Run scap-open with kmod 🏎️ | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
run: | | |
cd build | |
sudo insmod ./driver/scap.ko | |
sudo ./libscap/examples/01-open/scap-open --kmod --num_events 10 | |
sudo rmmod scap | |
- name: Run libscap_test 🏎️ | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
run: | | |
cd build | |
sudo ./test/libscap/libscap_test | |
test-drivers: | |
name: test-drivers-${{ matrix.arch }} 😇 (bundled_deps) | |
runs-on: ${{ (matrix.arch == 'arm64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-22.04' }} | |
needs: paths-filter | |
strategy: | |
matrix: | |
arch: [amd64, arm64] | |
fail-fast: false | |
steps: | |
- name: Checkout Libs ⤵️ | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Install deps ⛓️ | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
run: | | |
sudo apt update | |
sudo apt install -y --no-install-recommends ca-certificates cmake build-essential git pkg-config autoconf automake libelf-dev libcap-dev clang-14 llvm-14 libtool | |
sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90 | |
sudo update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90 | |
sudo update-alternatives --install /usr/bin/llc llc /usr/bin/llc-14 90 | |
git clone https://github.com/libbpf/bpftool.git --branch v7.3.0 --single-branch | |
cd bpftool | |
git submodule update --init | |
cd src && sudo make install | |
- name: Install kernel headers (actuated) | |
uses: self-actuated/get-kernel-sources@master | |
if: (needs.paths-filter.outputs.driver_needs_rebuild) && matrix.arch == 'arm64' | |
- name: Install kernel headers and gcc | |
if: (needs.paths-filter.outputs.driver_needs_rebuild) && matrix.arch == 'amd64' | |
run: | | |
sudo apt install -y --no-install-recommends linux-headers-$(uname -r) gcc-multilib g++-multilib | |
- name: Build drivers tests 🏗️ | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
run: | | |
mkdir -p build | |
cd build && cmake -DUSE_BUNDLED_DEPS=ON -DENABLE_DRIVERS_TESTS=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DMODERN_BPF_DEBUG_MODE=ON -DBUILD_BPF=True -DBUILD_LIBSCAP_GVISOR=OFF ../ | |
make drivers_test driver bpf -j6 | |
- name: Run drivers_test with modern bpf 🏎️ | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
run: | | |
cd build | |
sudo ./test/drivers/drivers_test -m | |
- name: Run drivers_test with bpf 🏎️ | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
run: | | |
cd build | |
sudo ./test/drivers/drivers_test -b | |
- name: Run drivers_test with kmod 🏎️ | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
run: | | |
cd build | |
sudo ./test/drivers/drivers_test -k | |
build-drivers-s390x-ppc64le: | |
name: build-drivers-${{ matrix.arch }} 😁 (system_deps) | |
runs-on: ubuntu-22.04 | |
needs: paths-filter | |
strategy: | |
matrix: | |
arch: [s390x, ppc64le] | |
fail-fast: false | |
env: | |
PLATFORM: ${{ matrix.arch == 'ppc64le' && 'powerpc64le' || 's390x' }} | |
steps: | |
- name: Checkout Libs ⤵️ | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- uses: uraimo/run-on-arch-action@4ed76f16f09d12e83abd8a49e1ac1e5bf08784d4 # v2.5.1 | |
name: Run ${{ matrix.arch }} build 🏗️ | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
with: | |
arch: ${{ matrix.arch }} | |
distro: ubuntu22.04 | |
githubToken: ${{ github.token }} | |
install: | | |
apt update && apt install -y --no-install-recommends ca-certificates cmake build-essential clang llvm git pkg-config autoconf automake libtool libelf-dev wget libc-ares-dev libcurl4-openssl-dev libssl-dev libtbb-dev libjq-dev libjsoncpp-dev libgrpc++-dev protobuf-compiler-grpc libcap-dev libgtest-dev libprotobuf-dev linux-headers-generic | |
git clone https://github.com/libbpf/bpftool.git --branch v7.3.0 --single-branch | |
cd bpftool | |
git submodule update --init | |
cd src && make install | |
cd ../../ | |
git clone https://github.com/libbpf/libbpf.git --branch v1.3.0 --single-branch | |
cd libbpf/src && BUILD_STATIC_ONLY=y DESTDIR=/ make install | |
ln -s /usr/lib64/libbpf.a /usr/lib/${{env.PLATFORM}}-linux-gnu/ | |
# Please note: we cannot inject the BPF probe inside QEMU, so right now, we only build it | |
run: | | |
git config --global --add safe.directory $GITHUB_WORKSPACE | |
.github/install-deps.sh | |
mkdir -p build | |
cd build && cmake -DBUILD_BPF=On -DUSE_BUNDLED_DEPS=OFF -DMODERN_PROBE_INCLUDE="-I/usr/include/${{env.PLATFORM}}-linux-gnu" -DBUILD_LIBSCAP_MODERN_BPF=ON -DMODERN_BPF_DEBUG_MODE=ON -DENABLE_DRIVERS_TESTS=On -DCREATE_TEST_TARGETS=On -DBUILD_LIBSCAP_GVISOR=OFF ../ | |
KERNELDIR=/lib/modules/$(ls /lib/modules)/build make driver bpf drivers_test -j6 | |
build-modern-bpf-skeleton: | |
needs: paths-filter | |
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936 | |
runs-on: ${{ (inputs.arch == 'aarch64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-latest' }} | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
container: fedora:latest | |
steps: | |
# Always install deps before invoking checkout action, to properly perform a full clone. | |
- name: Install build dependencies | |
run: | | |
dnf install -y bpftool ca-certificates cmake make automake gcc gcc-c++ kernel-devel clang git pkg-config autoconf automake libbpf-devel | |
- name: Checkout | |
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | |
- name: Build modern BPF skeleton | |
run: | | |
mkdir skeleton-build && cd skeleton-build | |
cmake -DUSE_BUNDLED_DEPS=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DCREATE_TEST_TARGETS=Off .. | |
make ProbeSkeleton -j6 | |
- name: Upload skeleton | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
with: | |
name: bpf_probe_${{ inputs.arch }}.skel.h | |
path: skeleton-build/skel_dir/bpf_probe.skel.h | |
retention-days: 1 | |
build-scap-open-w-extern-bpf-skeleton: | |
needs: [paths-filter,build-modern-bpf-skeleton] | |
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936 | |
runs-on: ${{ (inputs.arch == 'aarch64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-latest' }} | |
if: needs.paths-filter.outputs.driver_needs_rebuild | |
container: centos:7 | |
steps: | |
# Always install deps before invoking checkout action, to properly perform a full clone. | |
- name: Install build dependencies | |
run: | | |
yum -y install centos-release-scl | |
yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ | |
source /opt/rh/devtoolset-9/enable | |
yum install -y wget git make m4 rpm-build perl-IPC-Cmd | |
- name: Checkout | |
# It is not possible to upgrade the checkout action to versions >= v4.0.0 because of incompatibilities with centos 7's libc. | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: Download skeleton | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: bpf_probe_${{ inputs.arch }}.skel.h | |
path: /tmp | |
- name: Install updated cmake | |
run: | | |
curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz | |
gzip -d /tmp/cmake.tar.gz | |
tar -xpf /tmp/cmake.tar --directory=/tmp | |
cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr | |
rm -rf /tmp/cmake-3.22.5-linux-$(uname -m) | |
- name: Prepare project | |
run: | | |
mkdir build && cd build | |
source /opt/rh/devtoolset-9/enable | |
cmake \ | |
-DCMAKE_BUILD_TYPE=Release \ | |
-DUSE_BUNDLED_DEPS=On \ | |
-DBUILD_LIBSCAP_MODERN_BPF=ON \ | |
-DMODERN_BPF_SKEL_DIR=/tmp \ | |
-DBUILD_DRIVER=Off \ | |
-DBUILD_BPF=Off \ | |
.. | |
- name: Build project | |
run: | | |
cd build | |
source /opt/rh/devtoolset-9/enable | |
make scap-open -j6 |