aya-ci #2408
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: aya-ci | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
schedule: | |
- cron: 00 4 * * * | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@nightly | |
with: | |
components: clippy,miri,rustfmt,rust-src | |
# Installed *after* nightly so it is the default. | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: Swatinem/rust-cache@v2 | |
- uses: taiki-e/install-action@v2 | |
with: | |
tool: cargo-hack,taplo-cli | |
- name: Check C formatting | |
run: git ls-files -- '*.c' '*.h' | xargs clang-format --dry-run --Werror | |
- name: Check Markdown | |
uses: DavidAnson/markdownlint-cli2-action@v18 | |
- name: Check TOML formatting | |
run: taplo fmt --check | |
- name: Check formatting | |
run: cargo +nightly fmt --all -- --check | |
- name: Run clippy | |
run: ./clippy.sh | |
- run: cargo xtask public-api | |
if: github.event_name == 'pull_request' | |
- run: cargo xtask public-api --bless | |
if: github.event_name != 'pull_request' && github.repository_owner == 'aya-rs' | |
- uses: peter-evans/create-pull-request@v7 | |
if: github.event_name != 'pull_request' && github.repository_owner == 'aya-rs' | |
with: | |
commit-message: "public-api: regenerate" | |
- name: Run miri | |
run: | | |
set -euxo pipefail | |
cargo +nightly hack miri test --all-targets --feature-powerset \ | |
--exclude aya-ebpf \ | |
--exclude aya-ebpf-bindings \ | |
--exclude aya-log-ebpf \ | |
--exclude integration-ebpf \ | |
--exclude integration-test \ | |
--workspace | |
build-test-aya: | |
strategy: | |
fail-fast: false | |
matrix: | |
bpf_target_arch: | |
- x86_64-unknown-linux-gnu | |
- aarch64-unknown-linux-gnu | |
- armv7-unknown-linux-gnueabi | |
- riscv64gc-unknown-linux-gnu | |
- powerpc64le-unknown-linux-gnu | |
- s390x-unknown-linux-gnu | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: Swatinem/rust-cache@v2 | |
- uses: taiki-e/install-action@cargo-hack | |
- name: Build | |
run: | | |
set -euxo pipefail | |
cargo hack build --all-targets --feature-powerset \ | |
--exclude aya-ebpf \ | |
--exclude aya-ebpf-bindings \ | |
--exclude aya-log-ebpf \ | |
--exclude integration-ebpf \ | |
--workspace | |
- name: Test | |
env: | |
RUST_BACKTRACE: full | |
run: | | |
set -euxo pipefail | |
cargo hack test --all-targets --feature-powerset \ | |
--exclude aya-ebpf \ | |
--exclude aya-ebpf-bindings \ | |
--exclude aya-log-ebpf \ | |
--exclude integration-ebpf \ | |
--exclude integration-test \ | |
--workspace | |
- name: Doctests | |
env: | |
RUST_BACKTRACE: full | |
run: | | |
set -euxo pipefail | |
cargo hack test --doc --feature-powerset \ | |
--exclude aya-ebpf \ | |
--exclude aya-ebpf-bindings \ | |
--exclude aya-log-ebpf \ | |
--exclude init \ | |
--exclude integration-ebpf \ | |
--exclude integration-test \ | |
--workspace | |
build-test-aya-ebpf: | |
strategy: | |
fail-fast: false | |
matrix: | |
bpf_target_arch: | |
- x86_64 | |
- aarch64 | |
- arm | |
- riscv64 | |
- powerpc64 | |
- s390x | |
target: | |
- bpfel-unknown-none | |
- bpfeb-unknown-none | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@nightly | |
with: | |
components: rust-src | |
# Installed *after* nightly so it is the default. | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: Swatinem/rust-cache@v2 | |
- name: bpf-linker | |
run: cargo install bpf-linker --git https://github.com/aya-rs/bpf-linker.git | |
- uses: taiki-e/install-action@cargo-hack | |
- name: Build | |
env: | |
CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.bpf_target_arch }} | |
run: | | |
set -euxo pipefail | |
cargo +nightly hack build \ | |
--target ${{ matrix.target }} \ | |
-Z build-std=core \ | |
--package aya-ebpf \ | |
--package aya-log-ebpf \ | |
--feature-powerset | |
- name: Test | |
env: | |
CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.bpf_target_arch }} | |
RUST_BACKTRACE: full | |
run: | | |
set -euxo pipefail | |
cargo hack test \ | |
--doc \ | |
--package aya-ebpf \ | |
--package aya-log-ebpf \ | |
--feature-powerset | |
run-integration-test: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: x86_64-apple-darwin | |
# macos-14 is arm64[0] which doesn't support nested | |
# virtualization[1]. | |
# | |
# [0] https://github.com/actions/runner-images#available-images | |
# | |
# [1] https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#limitations-for-arm64-macos-runners | |
os: macos-13 | |
- target: x86_64-unknown-linux-gnu | |
# We don't use ubuntu-latest because we care about the apt packages available. | |
os: ubuntu-22.04 | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Install prerequisites | |
if: runner.os == 'Linux' | |
# ubuntu-22.04 comes with clang 13-15[0]; support for signed and 64bit | |
# enum values was added in clang 15[1] which isn't in `$PATH`. | |
# | |
# gcc-multilib provides at least <asm/types.h> which is referenced by libbpf. | |
# | |
# [0] https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md | |
# | |
# [1] https://github.com/llvm/llvm-project/commit/dc1c43d | |
run: | | |
set -euxo pipefail | |
sudo apt update | |
sudo apt -y install gcc-multilib lynx qemu-system-{arm,x86} | |
echo /usr/lib/llvm-15/bin >> $GITHUB_PATH | |
- name: Install prerequisites | |
if: runner.os == 'macOS' | |
# The xargs shipped on macOS always exits 0 with -P0, so we need GNU findutils. | |
# | |
# The tar shipped on macOS doesn't support --wildcards, so we need GNU tar. | |
# | |
# The clang shipped on macOS doesn't support BPF, so we need LLVM from brew. | |
run: | | |
set -euxo pipefail | |
brew update | |
# https://github.com/actions/setup-python/issues/577 | |
find /usr/local/bin -type l -exec sh -c 'readlink -f "$1" \ | |
| grep -q ^/Library/Frameworks/Python.framework/Versions/' _ {} \; -exec rm -v {} \; | |
brew install --formula dpkg gnu-tar llvm lynx pkg-config qemu | |
echo $(brew --prefix)/opt/gnu-tar/libexec/gnubin >> $GITHUB_PATH | |
echo $(brew --prefix)/opt/llvm/bin >> $GITHUB_PATH | |
- uses: dtolnay/rust-toolchain@nightly | |
with: | |
components: rust-src | |
# Installed *after* nightly so it is the default. | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
targets: aarch64-unknown-linux-musl,x86_64-unknown-linux-musl | |
- uses: Swatinem/rust-cache@v2 | |
- name: Install libLLVM | |
# Download libLLVM from Rust CI to ensure that the libLLVM version | |
# matches exactly with the version used by the current Rust nightly. A | |
# mismatch between libLLVM (used by bpf-linker) and Rust's LLVM version | |
# can lead to linking issues. | |
run: | | |
set -euxo pipefail | |
# Get the partial SHA from Rust nightly. | |
rustc_sha=$(rustc +nightly --version | grep -oE '[a-f0-9]{7,40}') | |
# Get the full SHA from GitHub. | |
rustc_sha=$(curl -sfSL https://api.github.com/repos/rust-lang/rust/commits/$rustc_sha \ | |
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ | |
--header 'content-type: application/json' \ | |
| jq -r '.sha') | |
mkdir -p /tmp/rustc-llvm | |
curl -sfSL https://ci-artifacts.rust-lang.org/rustc-builds/$rustc_sha/rust-dev-nightly-${{ matrix.target }}.tar.xz | \ | |
tar -xJ --strip-components 2 -C /tmp/rustc-llvm | |
echo /tmp/rustc-llvm/bin >> $GITHUB_PATH | |
- name: bpf-linker | |
# NB: rustc doesn't ship libLLVM.so on macOS, so disable proxying (default feature). We also | |
# --force so that bpf-linker gets always relinked against the latest LLVM downloaded above. | |
# | |
# Do this on all system (not just macOS) to avoid relying on rustc-provided libLLVM.so. | |
run: cargo install --force bpf-linker --git https://github.com/aya-rs/bpf-linker.git --no-default-features | |
- name: Download debian kernels | |
if: runner.arch == 'ARM64' | |
# TODO: enable tests on kernels before 6.0. | |
run: .github/scripts/download_kernel_images.sh test/.tmp/debian-kernels/arm64 arm64 6.1 6.10 | |
- name: Download debian kernels | |
if: runner.arch == 'X64' | |
# TODO: enable tests on kernels before 6.0. | |
run: .github/scripts/download_kernel_images.sh test/.tmp/debian-kernels/amd64 amd64 6.1 6.10 | |
- name: Extract debian kernels | |
run: | | |
set -euxo pipefail | |
find test/.tmp -name '*.deb' -print0 | xargs -t -0 -I {} \ | |
sh -c "dpkg --fsys-tarfile {} | tar -C test/.tmp --wildcards --extract '*vmlinuz*' --file -" | |
- name: Run local integration tests | |
if: runner.os == 'Linux' | |
run: cargo xtask integration-test local | |
- name: Run virtualized integration tests | |
run: | | |
set -euxo pipefail | |
find test/.tmp -name 'vmlinuz-*' -print0 | xargs -t -0 \ | |
cargo xtask integration-test vm --github-api-token ${{ secrets.GITHUB_TOKEN }} | |
# Provides a single status check for the entire build workflow. | |
# This is used for merge automation, like Mergify, since GH actions | |
# has no concept of "when all status checks pass". | |
# https://docs.mergify.com/conditions/#validating-all-status-checks | |
build-workflow-complete: | |
needs: | |
- lint | |
- build-test-aya | |
- build-test-aya-ebpf | |
- run-integration-test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Build Complete | |
run: echo "Build Complete" |