name: aya-ci
on:
push:
branches:
- main
pull_request:
branches:
- main
schedule:
- cron: 00 4 * * *
env:
CARGO_TERM_COLOR: always
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: nightly
components: rustfmt, clippy, miri, rust-src
- uses: Swatinem/rust-cache@v2
- uses: taiki-e/install-action@v2
with:
tool: cargo-hack,taplo-cli
- name: Check C formatting
run: git ls-files -- '*.c' '*.h' | xargs clang-format --dry-run --Werror
- name: Check Markdown
uses: DavidAnson/markdownlint-cli2-action@v17
- name: Check TOML formatting
run: taplo fmt --check
- name: Check formatting
run: cargo fmt --all -- --check
- name: Run clippy
run: cargo hack clippy --all-targets --feature-powerset --workspace -- --deny warnings
- name: Check public API
run: cargo xtask public-api
- name: Run miri
run: |
set -euxo pipefail
cargo hack miri test --all-targets --feature-powerset \
--exclude aya-ebpf \
--exclude aya-ebpf-bindings \
--exclude aya-log-ebpf \
--exclude integration-ebpf \
--exclude integration-test \
--workspace
build-test-aya:
strategy:
fail-fast: false
matrix:
arch:
- x86_64-unknown-linux-gnu
- aarch64-unknown-linux-gnu
- armv7-unknown-linux-gnueabi
- riscv64gc-unknown-linux-gnu
- powerpc64le-unknown-linux-gnu
- s390x-unknown-linux-gnu
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: stable
targets: ${{ matrix.arch }}
- uses: Swatinem/rust-cache@v2
- uses: taiki-e/install-action@cargo-hack
- uses: taiki-e/setup-cross-toolchain-action@v1
with:
target: ${{ matrix.arch }}
- name: Build
run: |
set -euxo pipefail
cargo hack build --all-targets --feature-powerset \
--exclude aya-ebpf \
--exclude aya-ebpf-bindings \
--exclude aya-log-ebpf \
--exclude integration-ebpf \
--workspace
- name: Test
env:
RUST_BACKTRACE: full
run: |
set -euxo pipefail
cargo hack test --all-targets --feature-powerset \
--exclude aya-ebpf \
--exclude aya-ebpf-bindings \
--exclude aya-log-ebpf \
--exclude integration-ebpf \
--exclude integration-test \
--workspace
- name: Doctests
env:
RUST_BACKTRACE: full
run: |
set -euxo pipefail
cargo hack test --doc --feature-powerset \
--exclude aya-ebpf \
--exclude aya-ebpf-bindings \
--exclude aya-log-ebpf \
--exclude init \
--exclude integration-ebpf \
--exclude integration-test \
--workspace
build-test-aya-ebpf:
strategy:
fail-fast: false
matrix:
arch:
- x86_64
- aarch64
- arm
- riscv64
- powerpc64
- s390x
target:
- bpfel-unknown-none
- bpfeb-unknown-none
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: nightly
components: rust-src
- uses: Swatinem/rust-cache@v2
- name: bpf-linker
run: cargo install bpf-linker --git https://github.com/aya-rs/bpf-linker.git
- uses: taiki-e/install-action@cargo-hack
- name: Build
env:
CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.arch }}
run: |
set -euxo pipefail
cargo hack build --package aya-ebpf --package aya-log-ebpf \
--feature-powerset \
--target ${{ matrix.target }} \
-Z build-std=core
- name: Test
env:
CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.arch }}
RUST_BACKTRACE: full
run: |
set -euxo pipefail
cargo hack test --doc \
--package aya-ebpf \
--package aya-log-ebpf \
--feature-powerset
run-integration-test:
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-apple-darwin
# macos-14 is arm64[0] which doesn't support nested
# virtualization[1].
#
# [0] https://github.com/actions/runner-images#available-images
#
# [1] https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#limitations-for-arm64-macos-runners
os: macos-13
- target: x86_64-unknown-linux-gnu
# We don't use ubuntu-latest because we care about the apt packages available.
os: ubuntu-22.04
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Install prerequisites
if: runner.os == 'Linux'
# ubuntu-22.04 comes with clang 13-15[0]; support for signed and 64bit
# enum values was added in clang 15[1] which isn't in `$PATH`.
#
# gcc-multilib provides at least <asm/types.h> which is referenced by libbpf.
#
# [0] https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md
#
# [1] https://github.com/llvm/llvm-project/commit/dc1c43d
run: |
set -euxo pipefail
sudo apt update
sudo apt -y install gcc-multilib qemu-system-{arm,x86}
echo /usr/lib/llvm-15/bin >> $GITHUB_PATH
- name: Install prerequisites
if: runner.os == 'macOS'
# The xargs shipped on macOS always exits 0 with -P0, so we need GNU findutils.
#
# The tar shipped on macOS doesn't support --wildcards, so we need GNU tar.
#
# The clang shipped on macOS doesn't support BPF, so we need LLVM from brew.
run: |
set -euxo pipefail
brew update
# https://github.com/actions/setup-python/issues/577
find /usr/local/bin -type l -exec sh -c 'readlink -f "$1" \
| grep -q ^/Library/Frameworks/Python.framework/Versions/' _ {} \; -exec rm -v {} \;
HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1 \
brew install dpkg gnu-tar llvm pkg-config qemu
echo $(brew --prefix)/opt/gnu-tar/libexec/gnubin >> $GITHUB_PATH
echo $(brew --prefix)/opt/llvm/bin >> $GITHUB_PATH
- uses: dtolnay/rust-toolchain@master
with:
toolchain: nightly
components: rust-src
targets: aarch64-unknown-linux-musl,x86_64-unknown-linux-musl
- uses: Swatinem/rust-cache@v2
- name: Install libLLVM
# Download libLLVM from Rust CI to ensure that the libLLVM version
# matches exactly with the version used by the current Rust nightly. A
# mismatch between libLLVM (used by bpf-linker) and Rust's LLVM version
# can lead to linking issues.
run: |
set -euxo pipefail
# Get the partial SHA from Rust nightly.
rustc_sha=$(rustc +nightly --version | grep -oE '[a-f0-9]{7,40}')
# Get the full SHA from GitHub.
rustc_sha=$(curl -s https://api.github.com/repos/rust-lang/rust/commits/$rustc_sha \
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
--header 'content-type: application/json' \
| jq -r '.sha')
mkdir -p /tmp/rustc-llvm
wget -q -O - https://ci-artifacts.rust-lang.org/rustc-builds/$rustc_sha/rust-dev-nightly-${{ matrix.target }}.tar.xz | \
tar -xJ --strip-components 2 -C /tmp/rustc-llvm
echo /tmp/rustc-llvm/bin >> $GITHUB_PATH
- name: bpf-linker
# NB: rustc doesn't ship libLLVM.so on macOS, so disable proxying (default feature). We also
# --force so that bpf-linker gets always relinked against the latest LLVM downloaded above.
#
# Do this on all system (not just macOS) to avoid relying on rustc-provided libLLVM.so.
run: cargo install --force bpf-linker --git https://github.com/aya-rs/bpf-linker.git --no-default-features
- name: Download debian kernels
if: runner.arch == 'ARM64'
run: |
set -euxo pipefail
mkdir -p test/.tmp/debian-kernels/arm64
# NB: a 4.19 kernel image for arm64 was not available.
# TODO: enable tests on kernels before 6.0.
# linux-image-5.10.0-23-cloud-arm64-unsigned_5.10.179-3_arm64.deb \
printf '%s\0' \
linux-image-6.1.0-22-cloud-arm64-unsigned_6.1.94-1_arm64.deb \
linux-image-6.10.9-cloud-arm64-unsigned_6.10.9-1_arm64.deb \
| xargs -0 -t -P0 -I {} wget -nd -nv -P test/.tmp/debian-kernels/arm64 ftp://ftp.us.debian.org/debian/pool/main/l/linux/{}
- name: Download debian kernels
if: runner.arch == 'X64'
run: |
set -euxo pipefail
mkdir -p test/.tmp/debian-kernels/amd64
# TODO: enable tests on kernels before 6.0.
# linux-image-4.19.0-21-cloud-amd64-unsigned_4.19.249-2_amd64.deb \
# linux-image-5.10.0-23-cloud-amd64-unsigned_5.10.179-3_amd64.deb \
printf '%s\0' \
linux-image-6.1.0-22-cloud-amd64-unsigned_6.1.94-1_amd64.deb \
linux-image-6.10.9-cloud-amd64-unsigned_6.10.9-1_amd64.deb \
| xargs -0 -t -P0 -I {} wget -nd -nv -P test/.tmp/debian-kernels/amd64 ftp://ftp.us.debian.org/debian/pool/main/l/linux/{}
- name: Extract debian kernels
run: |
set -euxo pipefail
find test/.tmp -name '*.deb' -print0 | xargs -t -0 -I {} \
sh -c "dpkg --fsys-tarfile {} | tar -C test/.tmp --wildcards --extract '*vmlinuz*' --file -"
- name: Run local integration tests
if: runner.os == 'Linux'
run: cargo xtask integration-test local
- name: Run virtualized integration tests
run: find test/.tmp -name 'vmlinuz-*' | xargs -t cargo xtask integration-test vm
# Provides a single status check for the entire build workflow.
# This is used for merge automation, like Mergify, since GH actions
# has no concept of "when all status checks pass".
# https://docs.mergify.com/conditions/#validating-all-status-checks
build-workflow-complete:
needs:
- lint
- build-test-aya
- build-test-aya-ebpf
- run-integration-test
runs-on: ubuntu-latest
steps:
- name: Build Complete
run: echo "Build Complete"