aya-ci #879
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: aya-ci | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
schedule: | |
- cron: 00 4 * * * | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
lint: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: nightly | |
components: rustfmt, clippy, miri, rust-src | |
- uses: Swatinem/rust-cache@v2 | |
- uses: taiki-e/install-action@v2 | |
with: | |
tool: cargo-hack,taplo-cli | |
- name: Check C formatting | |
run: git ls-files -- '*.c' '*.h' | xargs clang-format --dry-run --Werror | |
- name: Check Markdown | |
uses: DavidAnson/markdownlint-cli2-action@v14 | |
- name: Check TOML formatting | |
run: taplo fmt --check | |
- name: Check formatting | |
run: cargo fmt --all -- --check | |
- name: Run clippy | |
run: cargo hack clippy --all-targets --feature-powerset --workspace -- --deny warnings | |
- name: Check public API | |
run: cargo xtask public-api | |
- name: Run miri | |
run: | | |
set -euxo pipefail | |
cargo hack miri test --all-targets --feature-powerset \ | |
--exclude aya-bpf \ | |
--exclude aya-bpf-bindings \ | |
--exclude aya-log-ebpf \ | |
--exclude integration-ebpf \ | |
--exclude integration-test \ | |
--workspace | |
build-test-aya: | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: | |
- x86_64-unknown-linux-gnu | |
- aarch64-unknown-linux-gnu | |
- armv7-unknown-linux-gnueabi | |
- riscv64gc-unknown-linux-gnu | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: stable | |
targets: ${{ matrix.arch }} | |
- uses: Swatinem/rust-cache@v2 | |
- uses: taiki-e/install-action@cargo-hack | |
- uses: taiki-e/setup-cross-toolchain-action@v1 | |
with: | |
target: ${{ matrix.arch }} | |
- name: Build | |
run: | | |
set -euxo pipefail | |
cargo hack build --all-targets --feature-powerset \ | |
--exclude aya-bpf \ | |
--exclude aya-bpf-bindings \ | |
--exclude aya-log-ebpf \ | |
--exclude integration-ebpf \ | |
--workspace | |
- name: Test | |
env: | |
RUST_BACKTRACE: full | |
run: | | |
set -euxo pipefail | |
cargo hack test --all-targets --feature-powerset \ | |
--exclude aya-bpf \ | |
--exclude aya-bpf-bindings \ | |
--exclude aya-log-ebpf \ | |
--exclude integration-ebpf \ | |
--exclude integration-test \ | |
--workspace | |
build-test-aya-bpf: | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: | |
- x86_64 | |
- aarch64 | |
- arm | |
- riscv64 | |
target: | |
- bpfel-unknown-none | |
- bpfeb-unknown-none | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: nightly | |
components: rust-src | |
- uses: Swatinem/rust-cache@v2 | |
- name: bpf-linker | |
run: cargo install bpf-linker --git https://github.com/aya-rs/bpf-linker.git | |
- uses: taiki-e/install-action@cargo-hack | |
- name: Build | |
env: | |
CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.arch }} | |
run: | | |
set -euxo pipefail | |
cargo hack build --package aya-bpf --package aya-log-ebpf \ | |
--feature-powerset \ | |
--target ${{ matrix.target }} \ | |
-Z build-std=core | |
run-integration-test: | |
strategy: | |
fail-fast: false | |
matrix: | |
runner: | |
- macos-12 | |
- ubuntu-22.04 | |
runs-on: ${{ matrix.runner }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: nightly | |
components: rust-src | |
targets: aarch64-unknown-linux-musl,x86_64-unknown-linux-musl | |
- uses: Swatinem/rust-cache@v2 | |
- name: Install prerequisites | |
if: runner.os == 'Linux' | |
# ubuntu-22.04 comes with clang 14[0] which doesn't include support for signed and 64bit | |
# enum values which was added in clang 15[1]. | |
# | |
# gcc-multilib provides at least <asm/types.h> which is referenced by libbpf. | |
# | |
# llvm provides llvm-objcopy which is used to build the BTF relocation tests. | |
# | |
# [0] https://github.com/actions/runner-images/blob/ubuntu22/20230724.1/images/linux/Ubuntu2204-Readme.md | |
# | |
# [1] https://github.com/llvm/llvm-project/commit/dc1c43d | |
run: | | |
set -euxo pipefail | |
wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | sudo tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc | |
echo deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy main | sudo tee /etc/apt/sources.list.d/llvm.list | |
sudo apt update | |
sudo apt -y install clang gcc-multilib llvm locate qemu-system-{arm,x86} | |
- name: bpf-linker | |
if: runner.os == 'Linux' | |
run: cargo install bpf-linker --git https://github.com/aya-rs/bpf-linker.git | |
- name: Install prerequisites | |
if: runner.os == 'macOS' | |
# The xargs shipped on macOS always exits 0 with -P0, so we need GNU findutils. | |
# | |
# The tar shipped on macOS doesn't support --wildcards, so we need GNU tar. | |
# | |
# The clang shipped on macOS doesn't support BPF, so we need LLVM from brew. | |
# | |
# We also need LLVM for bpf-linker, see comment below. | |
run: | | |
set -euxo pipefail | |
brew update | |
# https://github.com/actions/setup-python/issues/577 | |
find /usr/local/bin -type l -exec sh -c 'readlink -f "$1" \ | |
| grep -q ^/Library/Frameworks/Python.framework/Versions/' _ {} \; -exec rm -v {} \; | |
brew install dpkg findutils gnu-tar llvm pkg-config qemu | |
echo /usr/local/opt/findutils/libexec/gnubin >> $GITHUB_PATH | |
echo /usr/local/opt/gnu-tar/libexec/gnubin >> $GITHUB_PATH | |
echo /usr/local/opt/llvm/bin >> $GITHUB_PATH | |
# https://github.com/Homebrew/homebrew-core/issues/140244 | |
codesign --verify $(which qemu-system-x86_64) || brew reinstall qemu --build-from-source | |
- name: bpf-linker | |
if: runner.os == 'macOS' | |
# NB: rustc doesn't ship libLLVM.so on macOS, so disable proxying (default feature). | |
run: cargo install bpf-linker --git https://github.com/aya-rs/bpf-linker.git --no-default-features | |
- name: Download debian kernels | |
if: runner.arch == 'ARM64' | |
run: | | |
set -euxo pipefail | |
mkdir -p test/.tmp/debian-kernels/arm64 | |
# NB: a 4.19 kernel image for arm64 was not available. | |
# TODO: enable tests on kernels before 6.0. | |
# linux-image-5.10.0-23-cloud-arm64-unsigned_5.10.179-3_arm64.deb \ | |
printf '%s\0' \ | |
linux-image-6.1.0-10-cloud-arm64-unsigned_6.1.38-2_arm64.deb \ | |
| xargs -0 -t -P0 -I {} wget -nd -nv -P test/.tmp/debian-kernels/arm64 ftp://ftp.us.debian.org/debian/pool/main/l/linux/{} | |
- name: Download debian kernels | |
if: runner.arch == 'X64' | |
run: | | |
set -euxo pipefail | |
mkdir -p test/.tmp/debian-kernels/amd64 | |
# TODO: enable tests on kernels before 6.0. | |
# linux-image-4.19.0-21-cloud-amd64-unsigned_4.19.249-2_amd64.deb \ | |
# linux-image-5.10.0-23-cloud-amd64-unsigned_5.10.179-3_amd64.deb \ | |
printf '%s\0' \ | |
linux-image-6.1.0-10-cloud-amd64-unsigned_6.1.38-2_amd64.deb \ | |
| xargs -0 -t -P0 -I {} wget -nd -nv -P test/.tmp/debian-kernels/amd64 ftp://ftp.us.debian.org/debian/pool/main/l/linux/{} | |
- name: Extract debian kernels | |
run: | | |
set -euxo pipefail | |
find test/.tmp -name '*.deb' -print0 | xargs -t -0 -I {} \ | |
sh -c "dpkg --fsys-tarfile {} | tar -C test/.tmp --wildcards --extract '*vmlinuz*' --file -" | |
- name: Run local integration tests | |
if: runner.os == 'Linux' | |
run: cargo xtask integration-test local | |
- name: Run virtualized integration tests | |
run: find test/.tmp -name 'vmlinuz-*' | xargs -t cargo xtask integration-test vm | |
# Provides a single status check for the entire build workflow. | |
# This is used for merge automation, like Mergify, since GH actions | |
# has no concept of "when all status checks pass". | |
# https://docs.mergify.com/conditions/#validating-all-status-checks | |
build-workflow-complete: | |
needs: | |
- lint | |
- build-test-aya | |
- build-test-aya-bpf | |
- run-integration-test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Build Complete | |
run: echo "Build Complete" |