name: aya-ci on: push: pull_request: schedule: - cron: 00 4 * * * env: CARGO_TERM_COLOR: always jobs: lint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@nightly with: components: clippy,miri,rustfmt,rust-src # Installed *after* nightly so it is the default. - uses: dtolnay/rust-toolchain@stable - uses: Swatinem/rust-cache@v2 - uses: taiki-e/install-action@v2 with: tool: cargo-hack,taplo-cli - run: git ls-files -- '*.c' '*.h' | xargs clang-format --dry-run --Werror - uses: DavidAnson/markdownlint-cli2-action@v19 - run: taplo fmt --check - run: cargo +nightly fmt --all -- --check - run: ./ - run: cargo xtask public-api if: github.event_name == 'pull_request' - run: cargo xtask public-api --bless if: github.event_name != 'pull_request' && github.repository_owner == 'aya-rs' - uses: peter-evans/create-pull-request@v7 if: github.event_name != 'pull_request' && github.repository_owner == 'aya-rs' with: branch: create-pull-request/public-api commit-message: 'public-api: regenerate' title: 'public-api: regenerate' body: | **Automated changes** - name: Run miri run: | set -euxo pipefail cargo +nightly hack miri test --all-targets --feature-powerset \ --exclude aya-ebpf \ --exclude aya-ebpf-bindings \ --exclude aya-log-ebpf \ --exclude integration-ebpf \ --exclude integration-test \ --workspace build-test-aya: strategy: fail-fast: false matrix: bpf_target_arch: - x86_64-unknown-linux-gnu - aarch64-unknown-linux-gnu - armv7-unknown-linux-gnueabi - riscv64gc-unknown-linux-gnu - powerpc64le-unknown-linux-gnu - s390x-unknown-linux-gnu - mips-unknown-linux-gnu runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@stable - uses: Swatinem/rust-cache@v2 - uses: taiki-e/install-action@cargo-hack - name: Build run: | set -euxo pipefail cargo hack build --all-targets --feature-powerset \ --exclude aya-ebpf \ --exclude aya-ebpf-bindings \ --exclude aya-log-ebpf \ --exclude integration-ebpf \ --workspace - name: Test env: RUST_BACKTRACE: full run: | set -euxo pipefail cargo hack test --all-targets --feature-powerset \ --exclude aya-ebpf \ --exclude aya-ebpf-bindings \ --exclude aya-log-ebpf \ --exclude integration-ebpf \ --exclude integration-test \ --workspace - name: Doctests env: RUST_BACKTRACE: full run: | set -euxo pipefail cargo hack test --doc --feature-powerset \ --exclude aya-ebpf \ --exclude aya-ebpf-bindings \ --exclude aya-log-ebpf \ --exclude init \ --exclude integration-ebpf \ --exclude integration-test \ --workspace build-test-aya-ebpf: strategy: fail-fast: false matrix: bpf_target_arch: - x86_64 - aarch64 - arm - riscv64 - powerpc64 - s390x - mips target: - bpfel-unknown-none - bpfeb-unknown-none runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@nightly with: components: rust-src # Installed *after* nightly so it is the default. - uses: dtolnay/rust-toolchain@stable - uses: Swatinem/rust-cache@v2 - run: cargo install --git - uses: taiki-e/install-action@cargo-hack - name: Build env: CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.bpf_target_arch }} run: | set -euxo pipefail cargo +nightly hack build \ --target ${{ }} \ -Z build-std=core \ --package aya-ebpf \ --package aya-log-ebpf \ --feature-powerset - name: Test env: CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.bpf_target_arch }} RUST_BACKTRACE: full run: | set -euxo pipefail cargo hack test \ --doc \ --package aya-ebpf \ --package aya-log-ebpf \ --feature-powerset run-integration-test: strategy: fail-fast: false matrix: include: - target: x86_64-apple-darwin # macos-14 is arm64[0] which doesn't support nested # virtualization[1]. # # [0] # # [1] os: macos-13 # We don't use ubuntu-latest because we care about the apt packages available. - target: x86_64-unknown-linux-gnu os: ubuntu-22.04 - target: aarch64-unknown-linux-gnu os: ubuntu-22.04-arm runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 with: submodules: recursive - name: Install prerequisites if: runner.os == 'Linux' # ubuntu-22.04 comes with clang 13-15[0]; support for signed and 64bit # enum values was added in clang 15[1] which isn't in `$PATH`. # # [0] # # [1] run: | set -euxo pipefail sudo apt update sudo apt -y install lynx qemu-system-{arm,x86} echo /usr/lib/llvm-15/bin >> $GITHUB_PATH - name: Install prerequisites if: runner.os == 'macOS' # The curl shipped on macOS doesn't contain # which is # needed for proper handling of `--etag-{compare,save}`. # # The tar shipped on macOS doesn't support --wildcards, so we need GNU tar. # # The clang shipped on macOS doesn't support BPF, so we need LLVM from brew. run: | set -euxo pipefail brew update # find /usr/local/bin -type l -exec sh -c 'readlink -f "$1" \ | grep -q ^/Library/Frameworks/Python.framework/Versions/' _ {} \; -exec rm -v {} \; brew install --formula curl dpkg gnu-tar llvm lynx pkg-config qemu echo $(brew --prefix curl)/bin >> $GITHUB_PATH echo $(brew --prefix gnu-tar)/libexec/gnubin >> $GITHUB_PATH echo $(brew --prefix llvm)/bin >> $GITHUB_PATH - uses: dtolnay/rust-toolchain@nightly with: components: rust-src # Installed *after* nightly so it is the default. - uses: dtolnay/rust-toolchain@stable with: targets: aarch64-unknown-linux-musl,x86_64-unknown-linux-musl - uses: Swatinem/rust-cache@v2 - name: Install libLLVM # Download libLLVM from Rust CI to ensure that the libLLVM version # matches exactly with the version used by the current Rust nightly. A # mismatch between libLLVM (used by bpf-linker) and Rust's LLVM version # can lead to linking issues. run: | set -euxo pipefail # Get the partial SHA from Rust nightly. rustc_sha=$(rustc +nightly --version | grep -oE '[a-f0-9]{7,40}') # Get the full SHA from GitHub. rustc_sha=$(curl -sfSL$rustc_sha \ --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ --header 'content-type: application/json' \ | jq -r '.sha') mkdir -p /tmp/rustc-llvm curl -sfSL$rustc_sha/rust-dev-nightly-${{ }}.tar.xz | \ tar -xJ --strip-components 2 -C /tmp/rustc-llvm echo /tmp/rustc-llvm/bin >> $GITHUB_PATH # NB: rustc doesn't ship on macOS, so disable proxying (default feature). We also # --force so that bpf-linker gets always relinked against the latest LLVM downloaded above. # # Do this on all system (not just macOS) to avoid relying on rustc-provided - run: cargo install --git --no-default-features --force - uses: actions/cache@v4 with: path: test/.tmp key: ${{ runner.arch }}-${{ runner.os }}-test-cache - name: Download debian kernels if: runner.arch == 'ARM64' # TODO: enable tests on kernels before 6.0. run: .github/scripts/ test/.tmp/debian-kernels/arm64 arm64 6.1 6.10 - name: Download debian kernels if: runner.arch == 'X64' # TODO: enable tests on kernels before 6.0. run: .github/scripts/ test/.tmp/debian-kernels/amd64 amd64 6.1 6.10 - name: Extract debian kernels run: | set -euxo pipefail find test/.tmp -name '*.deb' -print0 | xargs -t -0 -I {} \ sh -c "dpkg --fsys-tarfile {} | tar -C test/.tmp --wildcards --extract '*vmlinuz*' --file -" - name: Run local integration tests if: runner.os == 'Linux' run: cargo xtask integration-test local - name: Run virtualized integration tests run: | set -euxo pipefail find test/.tmp -name 'vmlinuz-*' -print0 | xargs -t -0 \ cargo xtask integration-test vm --cache-dir test/.tmp --github-api-token ${{ secrets.GITHUB_TOKEN }} # Provides a single status check for the entire build workflow. # This is used for merge automation, like Mergify, since GH actions # has no concept of "when all status checks pass". # build-workflow-complete: needs: - lint - build-test-aya - build-test-aya-ebpf - run-integration-test runs-on: ubuntu-latest steps: - run: echo 'Build Complete'