forked from aya-rs/aya
-
Notifications
You must be signed in to change notification settings - Fork 0
324 lines (280 loc) · 10.8 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
name: aya-ci
on:
push:
branches:
- main
pull_request:
branches:
- main
schedule:
- cron: 00 4 * * *
env:
CARGO_TERM_COLOR: always
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: nightly
components: rustfmt, clippy, miri, rust-src
- uses: Swatinem/rust-cache@v2
- uses: taiki-e/install-action@v2
with:
tool: cargo-hack,taplo-cli
- name: Check C formatting
run: git ls-files -- '*.c' '*.h' | xargs clang-format --dry-run --Werror
- name: Check Markdown
uses: DavidAnson/markdownlint-cli2-action@v17
- name: Check TOML formatting
run: taplo fmt --check
- name: Check formatting
run: cargo fmt --all -- --check
- name: Run clippy
run: cargo hack clippy --all-targets --feature-powerset --workspace -- --deny warnings
- name: Check public API
run: cargo xtask public-api
- name: Run miri
run: |
set -euxo pipefail
cargo hack miri test --all-targets --feature-powerset \
--exclude aya-ebpf \
--exclude aya-ebpf-bindings \
--exclude aya-log-ebpf \
--exclude integration-ebpf \
--exclude integration-test \
--workspace
build-test-aya:
strategy:
fail-fast: false
matrix:
arch:
- x86_64-unknown-linux-gnu
- aarch64-unknown-linux-gnu
- armv7-unknown-linux-gnueabi
- riscv64gc-unknown-linux-gnu
- powerpc64le-unknown-linux-gnu
- s390x-unknown-linux-gnu
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: stable
targets: ${{ matrix.arch }}
- uses: Swatinem/rust-cache@v2
- uses: taiki-e/install-action@cargo-hack
- uses: taiki-e/setup-cross-toolchain-action@v1
with:
target: ${{ matrix.arch }}
- name: Build
run: |
set -euxo pipefail
cargo hack build --all-targets --feature-powerset \
--exclude aya-ebpf \
--exclude aya-ebpf-bindings \
--exclude aya-log-ebpf \
--exclude integration-ebpf \
--workspace
- name: Test
env:
RUST_BACKTRACE: full
run: |
set -euxo pipefail
cargo hack test --all-targets --feature-powerset \
--exclude aya-ebpf \
--exclude aya-ebpf-bindings \
--exclude aya-log-ebpf \
--exclude integration-ebpf \
--exclude integration-test \
--workspace
- name: Doctests
env:
RUST_BACKTRACE: full
run: |
set -euxo pipefail
cargo hack test --doc --feature-powerset \
--exclude aya-ebpf \
--exclude aya-ebpf-bindings \
--exclude aya-log-ebpf \
--exclude init \
--exclude integration-ebpf \
--exclude integration-test \
--workspace
build-test-aya-ebpf:
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
- arm
- riscv64
- powerpc64
- s390x
target:
- bpfel-unknown-none
- bpfeb-unknown-none
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: nightly
components: rust-src
- uses: Swatinem/rust-cache@v2
- name: bpf-linker
run: cargo install bpf-linker --git https://github.com/aya-rs/bpf-linker.git
- uses: taiki-e/install-action@cargo-hack
- name: Build
env:
CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.arch }}
run: |
set -euxo pipefail
cargo hack build --package aya-ebpf --package aya-log-ebpf \
--feature-powerset \
--target ${{ matrix.target }} \
-Z build-std=core
- name: Test
env:
CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.arch }}
RUST_BACKTRACE: full
run: |
set -euxo pipefail
cargo hack test --doc \
--package aya-ebpf \
--package aya-log-ebpf \
--feature-powerset
run-integration-test:
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-apple-darwin
# macos-14 is arm64[0] which doesn't support nested
# virtualization[1].
#
# [0] https://github.com/actions/runner-images#available-images
#
# [1] https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#limitations-for-arm64-macos-runners
os: macos-13
- target: x86_64-unknown-linux-gnu
# We don't use ubuntu-latest because we care about the apt packages available.
os: ubuntu-22.04
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Install prerequisites
if: runner.os == 'Linux'
# ubuntu-22.04 comes with clang 13-15[0]; support for signed and 64bit
# enum values was added in clang 15[1] which isn't in `$PATH`.
#
# gcc-multilib provides at least <asm/types.h> which is referenced by libbpf.
#
# [0] https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md
#
# [1] https://github.com/llvm/llvm-project/commit/dc1c43d
run: |
set -euxo pipefail
sudo apt update
sudo apt -y install gcc-multilib locate qemu-system-{arm,x86}
echo /usr/lib/llvm-15/bin >> $GITHUB_PATH
- name: Install prerequisites
if: runner.os == 'macOS'
# The xargs shipped on macOS always exits 0 with -P0, so we need GNU findutils.
#
# The tar shipped on macOS doesn't support --wildcards, so we need GNU tar.
#
# The clang shipped on macOS doesn't support BPF, so we need LLVM from brew.
run: |
set -euxo pipefail
brew update
# https://github.com/actions/setup-python/issues/577
find /usr/local/bin -type l -exec sh -c 'readlink -f "$1" \
| grep -q ^/Library/Frameworks/Python.framework/Versions/' _ {} \; -exec rm -v {} \;
HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1 \
brew install dpkg findutils gnu-tar llvm pkg-config qemu
echo $(brew --prefix)/opt/findutils/libexec/gnubin >> $GITHUB_PATH
echo $(brew --prefix)/opt/gnu-tar/libexec/gnubin >> $GITHUB_PATH
echo $(brew --prefix)/opt/llvm/bin >> $GITHUB_PATH
- uses: dtolnay/rust-toolchain@master
with:
toolchain: nightly
components: rust-src
targets: aarch64-unknown-linux-musl,x86_64-unknown-linux-musl
- uses: Swatinem/rust-cache@v2
- name: Install libLLVM
# Download libLLVM from Rust CI to ensure that the libLLVM version
# matches exactly with the version used by the current Rust nightly. A
# mismatch between libLLVM (used by bpf-linker) and Rust's LLVM version
# can lead to linking issues.
run: |
set -euxo pipefail
# Get the partial SHA from Rust nightly.
rustc_sha=$(rustc +nightly --version | grep -oE '[a-f0-9]{7,40}')
# Get the full SHA from GitHub.
rustc_sha=$(curl -s https://api.github.com/repos/rust-lang/rust/commits/$rustc_sha \
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
--header 'content-type: application/json' \
| jq -r '.sha')
mkdir -p /tmp/rustc-llvm
wget -q -O - https://ci-artifacts.rust-lang.org/rustc-builds/$rustc_sha/rust-dev-nightly-${{ matrix.target }}.tar.xz | \
tar -xJ --strip-components 2 -C /tmp/rustc-llvm
echo /tmp/rustc-llvm/bin >> $GITHUB_PATH
- name: bpf-linker
# NB: rustc doesn't ship libLLVM.so on macOS, so disable proxying (default feature). We also
# --force so that bpf-linker gets always relinked against the latest LLVM downloaded above.
#
# Do this on all system (not just macOS) to avoid relying on rustc-provided libLLVM.so.
run: cargo install --force bpf-linker --git https://github.com/aya-rs/bpf-linker.git --no-default-features
- name: Download debian kernels
if: runner.arch == 'ARM64'
run: |
set -euxo pipefail
mkdir -p test/.tmp/debian-kernels/arm64
# NB: a 4.19 kernel image for arm64 was not available.
# TODO: enable tests on kernels before 6.0.
# linux-image-5.10.0-23-cloud-arm64-unsigned_5.10.179-3_arm64.deb \
printf '%s\0' \
linux-image-6.1.0-22-cloud-arm64-unsigned_6.1.94-1_arm64.deb \
linux-image-6.10.9-cloud-arm64-unsigned_6.10.9-1_arm64.deb \
| xargs -0 -t -P0 -I {} wget -nd -nv -P test/.tmp/debian-kernels/arm64 ftp://ftp.us.debian.org/debian/pool/main/l/linux/{}
- name: Download debian kernels
if: runner.arch == 'X64'
run: |
set -euxo pipefail
mkdir -p test/.tmp/debian-kernels/amd64
# TODO: enable tests on kernels before 6.0.
# linux-image-4.19.0-21-cloud-amd64-unsigned_4.19.249-2_amd64.deb \
# linux-image-5.10.0-23-cloud-amd64-unsigned_5.10.179-3_amd64.deb \
printf '%s\0' \
linux-image-6.1.0-22-cloud-amd64-unsigned_6.1.94-1_amd64.deb \
linux-image-6.10.9-cloud-amd64-unsigned_6.10.9-1_amd64.deb \
| xargs -0 -t -P0 -I {} wget -nd -nv -P test/.tmp/debian-kernels/amd64 ftp://ftp.us.debian.org/debian/pool/main/l/linux/{}
- name: Extract debian kernels
run: |
set -euxo pipefail
find test/.tmp -name '*.deb' -print0 | xargs -t -0 -I {} \
sh -c "dpkg --fsys-tarfile {} | tar -C test/.tmp --wildcards --extract '*vmlinuz*' --file -"
- name: Run local integration tests
if: runner.os == 'Linux'
run: cargo xtask integration-test local
- name: Run virtualized integration tests
run: find test/.tmp -name 'vmlinuz-*' | xargs -t cargo xtask integration-test vm
# Provides a single status check for the entire build workflow.
# This is used for merge automation, like Mergify, since GH actions
# has no concept of "when all status checks pass".
# https://docs.mergify.com/conditions/#validating-all-status-checks
build-workflow-complete:
needs:
- lint
- build-test-aya
- build-test-aya-ebpf
- run-integration-test
runs-on: ubuntu-latest
steps:
- name: Build Complete
run: echo "Build Complete"