name: aya-ci on: push: branches: - main pull_request: branches: - main schedule: - cron: 00 4 * * * env: CARGO_TERM_COLOR: always LLVM_VERSION: 18 jobs: lint: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@master with: toolchain: nightly components: rustfmt, clippy, miri, rust-src - uses: Swatinem/rust-cache@v2 - uses: taiki-e/install-action@v2 with: tool: cargo-hack,taplo-cli - name: Check C formatting run: git ls-files -- '*.c' '*.h' | xargs clang-format --dry-run --Werror - name: Check Markdown uses: DavidAnson/markdownlint-cli2-action@v16 - name: Check TOML formatting run: taplo fmt --check - name: Check formatting run: cargo fmt --all -- --check - name: Run clippy run: cargo hack clippy --all-targets --feature-powerset --workspace -- --deny warnings - name: Check public API run: cargo xtask public-api - name: Run miri run: | set -euxo pipefail cargo hack miri test --all-targets --feature-powerset \ --exclude aya-ebpf \ --exclude aya-ebpf-bindings \ --exclude aya-log-ebpf \ --exclude integration-ebpf \ --exclude integration-test \ --workspace build-test-aya: strategy: fail-fast: false matrix: arch: - x86_64-unknown-linux-gnu - aarch64-unknown-linux-gnu - armv7-unknown-linux-gnueabi - riscv64gc-unknown-linux-gnu - powerpc64le-unknown-linux-gnu - s390x-unknown-linux-gnu runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@master with: toolchain: stable targets: ${{ matrix.arch }} - uses: Swatinem/rust-cache@v2 - uses: taiki-e/install-action@cargo-hack - uses: taiki-e/setup-cross-toolchain-action@v1 with: target: ${{ matrix.arch }} - name: Build run: | set -euxo pipefail cargo hack build --all-targets --feature-powerset \ --exclude aya-ebpf \ --exclude aya-ebpf-bindings \ --exclude aya-log-ebpf \ --exclude integration-ebpf \ --workspace - name: Test env: RUST_BACKTRACE: full run: | set -euxo pipefail cargo hack test --all-targets --feature-powerset \ --exclude aya-ebpf \ --exclude aya-ebpf-bindings \ --exclude aya-log-ebpf \ --exclude integration-ebpf \ --exclude integration-test \ --workspace - name: Doctests env: RUST_BACKTRACE: full run: | set -euxo pipefail cargo hack test --doc --feature-powerset \ --exclude aya-ebpf \ --exclude aya-ebpf-bindings \ --exclude aya-log-ebpf \ --exclude init \ --exclude integration-ebpf \ --exclude integration-test \ --workspace build-test-aya-ebpf: strategy: fail-fast: false matrix: arch: - x86_64 - aarch64 - arm - riscv64 - powerpc64 - s390x target: - bpfel-unknown-none - bpfeb-unknown-none runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@master with: toolchain: nightly components: rust-src - uses: Swatinem/rust-cache@v2 - name: bpf-linker run: cargo install bpf-linker --git https://github.com/aya-rs/bpf-linker.git - uses: taiki-e/install-action@cargo-hack - name: Build env: CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.arch }} run: | set -euxo pipefail cargo hack build --package aya-ebpf --package aya-log-ebpf \ --feature-powerset \ --target ${{ matrix.target }} \ -Z build-std=core - name: Test env: CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.arch }} RUST_BACKTRACE: full run: | set -euxo pipefail cargo hack test --doc \ --package aya-ebpf \ --package aya-log-ebpf \ --feature-powerset run-integration-test: strategy: fail-fast: false matrix: runner: # macos-14 is arm64 per # https://github.com/actions/runner-images#available-images which # doesn't support nested virtualization per # https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#limitations-for-arm64-macos-runners - macos-13 - ubuntu-22.04 runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 with: submodules: recursive - name: Install prerequisites if: runner.os == 'Linux' # ubuntu-22.04 comes with clang 14[0] which doesn't include support for signed and 64bit # enum values which was added in clang 15[1]. # # gcc-multilib provides at least which is referenced by libbpf. # # llvm provides llvm-objcopy which is used to build the BTF relocation tests. # # [0] https://github.com/actions/runner-images/blob/ubuntu22/20230724.1/images/linux/Ubuntu2204-Readme.md # # [1] https://github.com/llvm/llvm-project/commit/dc1c43d run: | set -euxo pipefail wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | sudo tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc echo deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-${{ env.LLVM_VERSION }} main | sudo tee /etc/apt/sources.list.d/llvm.list sudo apt update sudo apt -y install clang-${{ env.LLVM_VERSION }} gcc-multilib llvm-${{ env.LLVM_VERSION }} locate qemu-system-{arm,x86} echo /usr/lib/llvm-${{ env.LLVM_VERSION }}/bin >> $GITHUB_PATH - name: bpf-linker if: runner.os == 'Linux' run: cargo install bpf-linker --git https://github.com/aya-rs/bpf-linker.git - name: Install prerequisites if: runner.os == 'macOS' # The xargs shipped on macOS always exits 0 with -P0, so we need GNU findutils. # # The tar shipped on macOS doesn't support --wildcards, so we need GNU tar. # # The clang shipped on macOS doesn't support BPF, so we need LLVM from brew. # # We also need LLVM for bpf-linker, see comment below. run: | set -euxo pipefail brew update # https://github.com/actions/setup-python/issues/577 find /usr/local/bin -type l -exec sh -c 'readlink -f "$1" \ | grep -q ^/Library/Frameworks/Python.framework/Versions/' _ {} \; -exec rm -v {} \; HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1 \ brew install dpkg findutils gnu-tar llvm pkg-config qemu echo $(brew --prefix)/opt/findutils/libexec/gnubin >> $GITHUB_PATH echo $(brew --prefix)/opt/gnu-tar/libexec/gnubin >> $GITHUB_PATH echo $(brew --prefix)/opt/llvm/bin >> $GITHUB_PATH - uses: dtolnay/rust-toolchain@master with: toolchain: nightly components: rust-src targets: aarch64-unknown-linux-musl,x86_64-unknown-linux-musl - uses: Swatinem/rust-cache@v2 - name: bpf-linker if: runner.os == 'macOS' # NB: rustc doesn't ship libLLVM.so on macOS, so disable proxying (default feature). We also # --force so that bpf-linker gets always relinked against the latest LLVM installed by brew. run: cargo install --force bpf-linker --git https://github.com/aya-rs/bpf-linker.git --no-default-features - name: Download debian kernels if: runner.arch == 'ARM64' run: | set -euxo pipefail mkdir -p test/.tmp/debian-kernels/arm64 # NB: a 4.19 kernel image for arm64 was not available. # TODO: enable tests on kernels before 6.0. # linux-image-5.10.0-23-cloud-arm64-unsigned_5.10.179-3_arm64.deb \ printf '%s\0' \ linux-image-6.1.0-16-cloud-arm64-unsigned_6.1.67-1_arm64.deb \ linux-image-6.10.4-cloud-arm64-unsigned_6.10.4-1_arm64.deb \ | xargs -0 -t -P0 -I {} wget -nd -nv -P test/.tmp/debian-kernels/arm64 ftp://ftp.us.debian.org/debian/pool/main/l/linux/{} - name: Download debian kernels if: runner.arch == 'X64' run: | set -euxo pipefail mkdir -p test/.tmp/debian-kernels/amd64 # TODO: enable tests on kernels before 6.0. # linux-image-4.19.0-21-cloud-amd64-unsigned_4.19.249-2_amd64.deb \ # linux-image-5.10.0-23-cloud-amd64-unsigned_5.10.179-3_amd64.deb \ printf '%s\0' \ linux-image-6.1.0-16-cloud-amd64-unsigned_6.1.67-1_amd64.deb \ linux-image-6.10.4-cloud-amd64-unsigned_6.10.4-1_amd64.deb \ | xargs -0 -t -P0 -I {} wget -nd -nv -P test/.tmp/debian-kernels/amd64 ftp://ftp.us.debian.org/debian/pool/main/l/linux/{} - name: Extract debian kernels run: | set -euxo pipefail find test/.tmp -name '*.deb' -print0 | xargs -t -0 -I {} \ sh -c "dpkg --fsys-tarfile {} | tar -C test/.tmp --wildcards --extract '*vmlinuz*' --file -" - name: Run local integration tests if: runner.os == 'Linux' run: cargo xtask integration-test local - name: Run virtualized integration tests run: find test/.tmp -name 'vmlinuz-*' | xargs -t cargo xtask integration-test vm # Provides a single status check for the entire build workflow. # This is used for merge automation, like Mergify, since GH actions # has no concept of "when all status checks pass". # https://docs.mergify.com/conditions/#validating-all-status-checks build-workflow-complete: needs: - lint - build-test-aya - build-test-aya-ebpf - run-integration-test runs-on: ubuntu-latest steps: - name: Build Complete run: echo "Build Complete"