Skip to content

feat(ksyms): required ksym scanning #5878

feat(ksyms): required ksym scanning

feat(ksyms): required ksym scanning #5878

Workflow file for this run

#
# When a PR is opened or updated: Run Tracee Tests
#
name: PR
on:
workflow_dispatch: {}
pull_request:
branches:
- main
paths:
- "!docs/**"
- "!deploy/**"
- "!packaging/**"
- "!**.yaml"
- "!**.md"
- "!**.txt"
- "!**.conf"
# override previous rules:
- "docs/docs/flags/**"
- "docs/man/**"
- "go.mod"
- "go.sum"
- "**.c"
- "**.h"
- "**.go"
- "**.sh"
- "**/pr.yaml"
- "**/action.yaml"
concurrency:
group: ${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
TESTS: >
TRC-102
TRC-103
TRC-104
TRC-105
TRC-107
TRC-1010
TRC-1014
TRC-1016
TRC-1018
TRC-1022
ARM64_TESTS: >
TRC-102
TRC-103
TRC-104
TRC-105
TRC-107
TRC-1010
TRC-1014
TRC-1016
TRC-1018
NETTESTS: >
IPv4
IPv6
TCP
UDP
ICMP
ICMPv6
DNS
HTTP
INSTTESTS: >
PROCESS_EXECUTE_FAILED
VFS_WRITE
FILE_MODIFICATION
HOOKED_SYSCALL
SECURITY_INODE_RENAME
BPF_ATTACH
CONTAINERS_DATA_SOURCE
PROCTREE_DATA_SOURCE
DNS_DATA_SOURCE
WRITABLE_DATA_SOURCE
SET_FS_PWD
jobs:
#
# DOC VERIFICATION
#
verify-docs:
name: Verify Documentation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Check if flags flags man/markdown docs were changed
id: changed-files
uses: tj-actions/changed-files@2d756ea4c53f7f6b397767d8723b3a10a9f35bf2 # v44.0.0
with:
files_yaml: |
md_files:
- "docs/docs/flags/**/*.1.md"
man_files:
- "docs/man/**/*.1"
- name: Ensure updates of *.1.md and *.1 pairs
if: ${{ steps.changed-files.outputs.md_files_any_modified == 'true' || steps.changed-files.outputs.man_files_any_modified == 'true' }}
run: |
md_files=$(echo "${{ steps.changed-files.outputs.md_files_all_modified_files }}" | xargs -n 1 basename | sed 's/\.1.md$//')
man_files=$(echo "${{ steps.changed-files.outputs.man_files_all_modified_files }}" | xargs -n 1 basename | sed 's/\.1$//')
missing_updates=()
for base_name in $md_files; do
if ! grep -Fxq "$base_name" <<< "$man_files"; then
missing_updates+=("$base_name.1.md change requires corresponding $base_name.1 change")
fi
done
for base_name in $man_files; do
if ! grep -Fxq "$base_name" <<< "$md_files"; then
missing_updates+=("$base_name.1 change requires corresponding $base_name.1.md change")
fi
done
if [ ${#missing_updates[@]} -ne 0 ]; then
printf "%s\n" "${missing_updates[@]}"
echo "--- How to Fix it ---"
echo " 1. Modify only '.1.md' files, updating the date in '.1.md' files if needed."
echo " 2. Run 'make -f builder/Makefile.man man-run' to update '.1' files."
exit 1
fi
#
# CODE VERIFICATION
#
verify-analyze-code:
name: Verify and Analyze Code
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Dependencies
uses: ./.github/actions/build-dependencies
- name: Lint
run: |
if test -z "$(gofmt -l .)"; then
echo "Congrats! There is nothing to fix."
else
echo "The following lines should be fixed."
gofmt -s -d .
exit 1
fi
- name: Lint (Revive)
run: |
make check-lint
- name: Check Code Style
run: |
make check-fmt
- name: Check Golang Vet
run: |
make check-vet
- name: Check with StaticCheck
run: |
make check-staticcheck
- name: Check with errcheck
run: |
make check-err
#
# SIGNATURES CODE VERIFICATION
#
verify-signatures:
name: Verify Signatures
needs:
- verify-analyze-code
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Dependencies
uses: ./.github/actions/build-dependencies
- name: Build Signatures
run: |
make signatures
- name: Test Signatures
run: |
make test-signatures
#
# TOOLS BUILD VERIFICATION
#
verify-tools:
name: Verify Other Tools
needs:
- verify-analyze-code
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Dependencies
uses: ./.github/actions/build-dependencies
- name: Build Tracee Benchmark Tool
run: |
make clean
make tracee-bench
- name: Build Tracee GPT Docs Tool
run: |
make clean
make tracee-gptdocs
- name: Build E2E Network Signatures
run: |
make clean
make e2e-net-signatures
- name: Build E2E Instrumentation Signatures
run: |
make clean
make e2e-inst-signatures
#
# CODE TESTS
#
unit-tests:
name: Unit Tests
needs:
- verify-analyze-code
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Dependencies
uses: ./.github/actions/build-dependencies
- name: Run Unit Tests
run: |
make test-unit
#
# INTEGRATION TESTS
#
integration-tests:
name: Integration Tests
needs:
- verify-analyze-code
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Dependencies
uses: ./.github/actions/build-dependencies
- name: Run Integration Tests
run: |
sudo env "PATH=$PATH" make test-integration
#
# PERFORMANCE TESTS
#
performance-tests:
name: Performance Tests
needs:
- verify-analyze-code
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Dependencies
uses: ./.github/actions/build-dependencies
- name: Run Performance Tests
run: |
sudo env "PATH=$PATH" make test-performance
#
# FUNCTIONAL TESTS AGAINST DIFFERENT KERNELS
#
generate-matrix:
name: Generate Test Matrix
#needs:
# - verify-signatures
# - verify-tools
runs-on: ubuntu-latest
outputs:
matrix01: ${{ steps.set-matrix.outputs.matrix01 }}
steps:
- name: Set Matrix
id: set-matrix
run: |
declare -A job_names=(
["GKE 5.4"]="07803dec079f9dab8 x86_64"
["GKE 5.10"]="03ca8e4a64be4e6e2 x86_64"
["GKE 5.15 x86_64"]="0e71c360809862bd7 x86_64"
["GKE 5.15 aarch64"]="0b66222a60f8f97be aarch64"
["AMZN2 5.10 x86_64"]="0b9c1568cd5551408 x86_64"
["AMZN2 5.10 aarch64"]="071a53e3ad06e6a7e aarch64"
["RHEL8 4.18 x86_64"]="0763bdb83bba5e638 x86_64"
["RHEL8 4.18 aarch64"]="06152079b6b8d1f26 aarch64"
["Focal 5.4 x86_64"]="0d9d35323406a6cad x86_64"
["Focal 5.4 aarch64"]="0a241eeae02842052 aarch64"
["Focal 5.13 x86_64"]="0c86a42b0f61bd86e x86_64"
["Focal 5.13 aarch64"]="07de8512322c4a33a aarch64"
["Jammy 5.15 x86_64"]="02f0ed24d636fa1a7 x86_64"
["Jammy 5.15 aarch64"]="0b6d16ce9f5576b40 aarch64"
["Jammy 5.19 x86_64"]="02ce72d6cd652cbbd x86_64"
["Jammy 5.19 aarch64"]="07271263d87a0e883 aarch64"
["Lunar 6.2 x86_64"]="0344a20747442e3c7 x86_64"
["Lunar 6.2 aarch64"]="0c0d64eea6367efd8 aarch64"
["Mantic 6.5 x86_64"]="0564e75d9605addaf x86_64"
["Mantic 6.5 aarch64"]="028acebc5083c4840 aarch64"
["Mantic 6.6 x86_64"]="040d4dc2758203717 x86_64"
["Mantic 6.6 aarch64"]="03f75150a60f7edf7 aarch64"
# expand as needed
)
for num in 01; do
output="["
first=1
for job in "${!job_names[@]}"; do
ami="${job_names[$job]%% *}"
arch="${job_names[$job]##* }"
if (( first )); then
first=0
else
output+=","
fi
output+="{\"job_name\": \"$job\", \"arch\": \"$arch\", \"ami\": \"$ami\", \"sufix\": \"$num\"}"
done
output+="]"
echo "matrix$num=$output" >> $GITHUB_OUTPUT
echo "matrix$num=$output"
done
shell: bash
- name: Show Matrix
id: show-matrix
run: |
echo ${{ steps.set-matrix.outputs.matrix01 }}
shell: bash
kernel-tests:
name: ${{ matrix.job_name }}
needs:
- generate-matrix
runs-on:
- graas_ami-${{ matrix.ami }}_${{ github.event.number }}${{ github.run_attempt }}-${{ github.run_id }}_${{ matrix.sufix }}
- EXECUTION_TYPE=LONG
strategy:
matrix:
include: ${{fromJson(needs.generate-matrix.outputs.matrix01)}}
env:
HOME: "/tmp/root"
GOPATH: "/tmp/go"
GOCACHE: "/tmp/go-cache"
GOROOT: "/usr/local/go"
steps:
- name: "Checkout"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: "Prepare Image (Fix AMIs)"
run: ./tests/e2e-install-deps.sh
- name: "Environment Variables"
run: |
if [[ "${{ matrix.arch }}" == "aarch64" ]]; then
echo "TESTS=${{ env.ARM64_TESTS }}" >> $GITHUB_ENV
fi
- name: "Instrumentation Test"
run: ./tests/e2e-inst-test.sh
- name: "Network Test"
run: ./tests/e2e-net-test.sh
- name: "Kernel Test"
run: ./tests/e2e-kernel-test.sh