kernel-patches · chantra · Oct 26, 2023 · Oct 24, 2023 · Oct 25, 2023 · Oct 25, 2023
diff --git a/.github/scripts/matrix.py b/.github/scripts/matrix.py
@@ -1,5 +1,6 @@
 #!/usr/bin/env python3
 
+from copy import deepcopy
 from json import dumps
 from enum import Enum
 import os
@@ -109,18 +110,28 @@ def get_tests(config):
     os.environ["GITHUB_REPOSITORY_OWNER"] != "kernel-patches"
     or os.environ["GITHUB_REPOSITORY"] not in self_hosted_repos
 ):
-    # Outside of those repositories, we only run on x86_64 GH hosted runners (ubuntu-latest)
+    # Outside of those repositories, we only run on x86_64 GH hosted runners (ubuntu-20.04)
+    # We need to run on ubuntu 20.04 because our rootfs is based on debian buster and we
+    # otherwise get library versioning issue such as
+    # `./test_verifier: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./test_verifier)`
     for idx in range(len(matrix) - 1, -1, -1):
         if matrix[idx]["arch"] != Arch.X86_64.value:
             del matrix[idx]
         else:
-            matrix[idx]["runs_on"] = ["ubuntu-latest"]
+            matrix[idx]["runs_on"] = ["ubuntu-20.04"]
 else:
     # Otherwise, run on (self-hosted, arch) runners
     for idx in range(len(matrix) - 1, -1, -1):
         matrix[idx]["runs_on"].extend(["self-hosted", matrix[idx]["arch"]])
 
-build_matrix = {"include": matrix}
+build_matrix = {"include": deepcopy(matrix)}
+# include test configs directly with the build config
+for config in build_matrix["include"]:
+    config["tests"] = {"include": [
+        generate_test_config(test)
+        for test in get_tests(config)
+    ]}
+
 set_output("build_matrix", dumps(build_matrix))
 
 test_matrix = {

diff --git a/.github/workflows/kernel-build-test.yml b/.github/workflows/kernel-build-test.yml
@@ -0,0 +1,82 @@
+name: Reusable Build/Test/Veristat workflow
+
+on:
+  workflow_call:
+    inputs:
+      arch:
+        required: true
+        type: string
+        description: The architecture to build against, e.g x86_64, aarch64, s390x...
+      toolchain_full:
+        required: true
+        type: string
+        description: The toolchain and for llvm, its version, e.g gcc, llvm-15
+      toolchain:
+        required: true
+        type: string
+        description: The toolchain, e.g gcc, llvm
+      runs_on:
+        required: true
+        type: string
+        description: The runners to run the test on. This is a json string representing an array of labels.
+      llvm-version:
+        required: true
+        type: string
+        description: The version of LLVM used to build selftest.... for llvm toolchain, this should match the one from toolchain_full, for gcc it is an arbritrary version we decide to build selftests against.
+      kernel:
+        required: true
+        type: string
+        description: The kernel to run the test against. For KPD this is always LATEST, which runs against a newly built kernel.
+      tests:
+        required: true
+        type: string
+        description: A serialized json array with the tests to be running, it must follow the json-matrix format, https://www.jitsejan.com/use-github-actions-with-json-file-as-matrix
+      veristat_runs_on:
+        required: true
+        type: string
+        description: Runners to run veristat on.
+    secrets:
+      AWS_ROLE_ARN:
+        required: true
+
+jobs:
+  # Build kernel and selftest
+  build:
+    uses: ./.github/workflows/kernel-build.yml
+    with:
+      arch: ${{ inputs.arch }}
+      toolchain_full: ${{ inputs.toolchain_full }}
+      toolchain: ${{ inputs.toolchain }}
+      runs_on: ${{ inputs.runs_on }}
+      llvm-version: ${{ inputs.llvm-version }}
+      kernel: ${{ inputs.kernel }}
+
+  test:
+    uses: ./.github/workflows/kernel-test.yml
+    needs: [build]
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJSON(inputs.tests) }}
+    with:
+      arch: ${{ inputs.arch }}
+      toolchain_full: ${{ inputs.toolchain_full }}
+      runs_on: ${{ inputs.runs_on }}
+      kernel: ${{ inputs.kernel }}
+      test: ${{ matrix.test }}
+      continue_on_error: ${{ toJSON(matrix.continue_on_error) }}
+      timeout_minutes: ${{ matrix.timeout_minutes }}
+
+  veristat:
+    if: ${{ inputs.arch == 'x86_64' &&  inputs.toolchain  == 'gcc' }}
+    uses: ./.github/workflows/kernel-veristat.yml
+    needs: [build]
+    permissions:
+      id-token: write
+      contents: read
+    with:
+      arch: ${{ inputs.arch }}
+      toolchain: ${{ inputs.toolchain }}
+      aws_region: ${{ vars.AWS_REGION }}
+      runs_on: ${{ inputs.veristat_runs_on }}
+    secrets:
+      AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }}
diff --git a/.github/workflows/kernel-build.yml b/.github/workflows/kernel-build.yml
@@ -0,0 +1,124 @@
+
+name: Reusable build workflow
+
+on:
+  workflow_call:
+    inputs:
+      arch:
+        required: true
+        type: string
+        description: The architecture to build against, e.g x86_64, aarch64, s390x...
+      toolchain_full:
+        required: true
+        type: string
+        description: The toolchain and for llvm, its version, e.g gcc, llvm-15
+      toolchain:
+        required: true
+        type: string
+        description: The toolchain, e.g gcc, llvm
+      runs_on:
+        required: true
+        type: string
+        description: The runners to run the test on. This is a json string representing an array of labels.
+      llvm-version:
+        required: true
+        type: string
+        description: The version of LLVM used to build selftest.... for llvm toolchain, this should match the one from toolchain_full, for gcc it is an arbritrary version we decide to build selftests against.
+      kernel:
+        required: true
+        type: string
+        description: The kernel to run the test against. For KPD this is always LATEST, which runs against a newly built kernel.
+
+
+jobs:
+  build:
+    name: build for ${{ inputs.arch }} with ${{ inputs.toolchain_full }}
+    runs-on: ${{ fromJSON(inputs.runs_on) }}
+    timeout-minutes: 100
+    env:
+        KERNEL: ${{ inputs.kernel }}
+        REPO_ROOT: ${{ github.workspace }}
+        REPO_PATH: ""
+        KBUILD_OUTPUT: kbuild-output/
+    steps:
+      - uses: actions/checkout@v3
+        # We fetch an actual bit of history here to facilitate incremental
+        # builds (which may check out some earlier upstream change).
+        with:
+          fetch-depth: 50
+      - if: ${{ github.repository == 'kernel-patches/vmtest' }}
+        name: Download bpf-next tree
+        uses: libbpf/ci/get-linux-source@main
+        with:
+          dest: '.kernel'
+      - if: ${{ github.repository == 'kernel-patches/vmtest' }}
+        name: Move linux source in place
+        shell: bash
+        run: |
+          rm -rf .kernel/.git
+          cp -rf .kernel/. .
+          rm -rf .kernel
+      - name: Get commit meta-data
+        id: get-commit-metadata
+        run: |
+          bash .github/scripts/get-commit-metadata.sh
+      - name: Pull recent KBUILD_OUTPUT contents
+        uses: actions/cache@v3
+        with:
+          path: ${{ env.KBUILD_OUTPUT }}
+          key: kbuild-output-${{ inputs.arch }}-${{ inputs.toolchain_full }}-${{ steps.get-commit-metadata.outputs.branch }}-${{ steps.get-commit-metadata.outputs.timestamp }}-${{ steps.get-commit-metadata.outputs.commit }}
+          restore-keys: |
+            kbuild-output-${{ inputs.arch }}-${{ inputs.toolchain_full }}-${{ steps.get-commit-metadata.outputs.branch }}-${{ steps.get-commit-metadata.outputs.timestamp }}-
+            kbuild-output-${{ inputs.arch }}-${{ inputs.toolchain_full }}-${{ steps.get-commit-metadata.outputs.branch }}-
+            kbuild-output-${{ inputs.arch }}-${{ inputs.toolchain_full }}-
+      - name: Prepare incremental build
+        shell: bash
+        run: |
+          bash .github/scripts/prepare-incremental-builds.sh ${{ steps.get-commit-metadata.outputs.commit }}
+      - uses: libbpf/ci/patch-kernel@main
+        with:
+          patches-root: '${{ github.workspace }}/ci/diffs'
+          repo-root: '${{ github.workspace }}'
+      - name: Setup build environment
+        uses: libbpf/ci/setup-build-env@main
+        with:
+          llvm-version: ${{ inputs.llvm-version }}
+      - name: Build kernel image
+        uses: libbpf/ci/build-linux@main
+        with:
+          arch: ${{ inputs.arch }}
+          toolchain: ${{ inputs.toolchain }}
+          kbuild-output: ${{ env.KBUILD_OUTPUT }}
+          max-make-jobs: 32
+          llvm-version: ${{ inputs.llvm-version }}
+      - name: Build selftests
+        uses: libbpf/ci/build-selftests@main
+        with:
+          toolchain: ${{ inputs.toolchain }}
+          kbuild-output: ${{ env.KBUILD_OUTPUT }}
+          max-make-jobs: 32
+          llvm-version: ${{ inputs.llvm-version }}
+      - if: ${{ github.event_name != 'push' }}
+        name: Build samples
+        uses: libbpf/ci/build-samples@main
+        with:
+          toolchain: ${{ inputs.toolchain }}
+          kbuild-output: ${{ env.KBUILD_OUTPUT }}
+          max-make-jobs: 32
+          llvm-version: ${{ inputs.llvm-version }}
+      - name: Tar artifacts
+        run: |
+          bash .github/scripts/tar-artifact.sh ${{ inputs.arch }} ${{ inputs.toolchain_full }}
+      - if: ${{ github.event_name != 'push' }}
+        name: Remove KBUILD_OUTPUT content
+        shell: bash
+        run: |
+          # Remove $KBUILD_OUTPUT to prevent cache creation for pull requests.
+          # Only on pushed changes are build artifacts actually cached, because
+          # of github.com/actions/cache's cache isolation logic.
+          rm -rf "${KBUILD_OUTPUT}"
+      - uses: actions/upload-artifact@v3
+        with:
+          name: vmlinux-${{ inputs.arch }}-${{ inputs.toolchain_full }}
+          if-no-files-found: error
+          path: vmlinux-${{ inputs.arch }}-${{ inputs.toolchain_full }}.tar.zst
diff --git a/.github/workflows/kernel-test.yml b/.github/workflows/kernel-test.yml
@@ -0,0 +1,80 @@
+name: Reusable test workflow
+
+on:
+  workflow_call:
+    inputs:
+      arch:
+        required: true
+        type: string
+        description: The architecture to build against, e.g x86_64, aarch64, s390x...
+      toolchain_full:
+        required: true
+        type: string
+        description: The toolchain and for llvm, its version, e.g gcc, llvm-15
+      runs_on:
+        required: true
+        type: string
+        description: The runners to run the test on. This is a json string representing an array of labels.
+      kernel:
+        required: true
+        type: string
+        description: The kernel to run the test against. For KPD this is always LATEST, which runs against a newly built kernel.
+      test:
+        required: true
+        type: string
+        description: The test to run in the vm, e.g test_progs, test_maps, test_progs_no_alu32...
+      continue_on_error:
+        required: true
+        type: string
+        description: Whether to continue on error. This is typically set to true for parallel tests which are currently known to fail, but we don't want to fail the whole CI because of that.
+      timeout_minutes:
+        required: true
+        type: number
+        description: In case a test runs for too long, after how many seconds shall we timeout and error.
+
+jobs:
+  test:
+    if: ${{ github.event_name != 'push' }}
+    name: ${{ inputs.test }} on ${{ inputs.arch }} with ${{ inputs.toolchain_full }}
+    runs-on: ${{ fromJSON(inputs.runs_on) }}
+    timeout-minutes: 100
+    env:
+      KERNEL: ${{ inputs.kernel }}
+      REPO_ROOT: ${{ github.workspace }}
+      REPO_PATH: ""
+      KBUILD_OUTPUT: kbuild-output/
+      # https://github.com/actions/runner/issues/1483#issuecomment-1031671517
+      # booleans are weird in GH.
+      CONTINUE_ON_ERROR: ${{ inputs.continue_on_error }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/download-artifact@v3
+        with:
+          name: vmlinux-${{ inputs.arch }}-${{ inputs.toolchain_full }}
+          path: .
+      - name: Untar artifacts
+        # zstd is installed by default in the runner images.
+        run: zstd -d -T0  vmlinux-${{ inputs.arch }}-${{ inputs.toolchain_full }}.tar.zst --stdout | tar -xf -
+      - name: Prepare rootfs
+        uses: libbpf/ci/prepare-rootfs@main
+        with:
+          project-name: 'libbpf'
+          arch: ${{ inputs.arch }}
+          kernel: ${{ inputs.kernel }}
+          kernel-root: '.'
+          kbuild-output: ${{ env.KBUILD_OUTPUT }}
+          image-output: '/tmp/root.img'
+          test: ${{ inputs.test }}
+      - name: Run selftests
+        uses: libbpf/ci/run-qemu@main
+        # https://github.com/actions/runner/issues/1483#issuecomment-1031671517
+        # booleans are weird in GH.
+        continue-on-error: ${{ fromJSON(env.CONTINUE_ON_ERROR) }}
+        timeout-minutes: ${{ inputs.timeout_minutes }}
+        with:
+          arch: ${{ inputs.arch}}
+          img: '/tmp/root.img'
+          vmlinuz: '${{ github.workspace }}/vmlinuz'
+          kernel-root: '.'
+          max-cpu: 8
+          kernel-test: ${{ inputs.test }}