mirror of https://github.com/aya-rs/aya
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
385 lines
13 KiB
YAML
385 lines
13 KiB
YAML
name: aya-ci
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
|
|
schedule:
|
|
- cron: 00 4 * * *
|
|
|
|
env:
|
|
CARGO_TERM_COLOR: always
|
|
|
|
jobs:
|
|
lint:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: dtolnay/rust-toolchain@master
|
|
with:
|
|
toolchain: nightly
|
|
components: rustfmt, clippy, miri, rust-src
|
|
|
|
- uses: Swatinem/rust-cache@v2
|
|
|
|
- uses: taiki-e/install-action@v2
|
|
with:
|
|
tool: cargo-hack,taplo-cli
|
|
|
|
- name: Check C formatting
|
|
run: git ls-files -- '*.c' '*.h' | xargs clang-format --dry-run --Werror
|
|
|
|
- name: Check Markdown
|
|
uses: DavidAnson/markdownlint-cli2-action@v18
|
|
|
|
- name: Check TOML formatting
|
|
run: taplo fmt --check
|
|
|
|
- name: Check formatting
|
|
run: cargo fmt --all -- --check
|
|
|
|
- name: Run clippy
|
|
run: cargo hack clippy --all-targets --feature-powerset --workspace -- --deny warnings
|
|
|
|
- run: cargo xtask public-api
|
|
if: github.event_name == 'pull_request'
|
|
|
|
- run: cargo xtask public-api --bless
|
|
if: github.event_name != 'pull_request' && github.repository_owner == 'aya-rs'
|
|
|
|
- uses: peter-evans/create-pull-request@v7
|
|
if: github.event_name != 'pull_request' && github.repository_owner == 'aya-rs'
|
|
with:
|
|
commit-message: "public-api: regenerate"
|
|
|
|
- name: Run miri
|
|
run: |
|
|
set -euxo pipefail
|
|
cargo hack miri test --all-targets --feature-powerset \
|
|
--exclude aya-ebpf \
|
|
--exclude aya-ebpf-bindings \
|
|
--exclude aya-log-ebpf \
|
|
--exclude integration-ebpf \
|
|
--exclude integration-test \
|
|
--workspace
|
|
|
|
build-test-aya:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
arch:
|
|
- x86_64-unknown-linux-gnu
|
|
- aarch64-unknown-linux-gnu
|
|
- armv7-unknown-linux-gnueabi
|
|
- riscv64gc-unknown-linux-gnu
|
|
- powerpc64le-unknown-linux-gnu
|
|
- s390x-unknown-linux-gnu
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: dtolnay/rust-toolchain@master
|
|
with:
|
|
toolchain: stable
|
|
targets: ${{ matrix.arch }}
|
|
|
|
- uses: Swatinem/rust-cache@v2
|
|
|
|
- uses: taiki-e/install-action@cargo-hack
|
|
|
|
- uses: taiki-e/setup-cross-toolchain-action@v1
|
|
with:
|
|
target: ${{ matrix.arch }}
|
|
|
|
- name: Build
|
|
run: |
|
|
set -euxo pipefail
|
|
cargo hack build --all-targets --feature-powerset \
|
|
--exclude aya-ebpf \
|
|
--exclude aya-ebpf-bindings \
|
|
--exclude aya-log-ebpf \
|
|
--exclude integration-ebpf \
|
|
--workspace
|
|
|
|
- name: Test
|
|
env:
|
|
RUST_BACKTRACE: full
|
|
run: |
|
|
set -euxo pipefail
|
|
cargo hack test --all-targets --feature-powerset \
|
|
--exclude aya-ebpf \
|
|
--exclude aya-ebpf-bindings \
|
|
--exclude aya-log-ebpf \
|
|
--exclude integration-ebpf \
|
|
--exclude integration-test \
|
|
--workspace
|
|
|
|
- name: Doctests
|
|
env:
|
|
RUST_BACKTRACE: full
|
|
run: |
|
|
set -euxo pipefail
|
|
cargo hack test --doc --feature-powerset \
|
|
--exclude aya-ebpf \
|
|
--exclude aya-ebpf-bindings \
|
|
--exclude aya-log-ebpf \
|
|
--exclude init \
|
|
--exclude integration-ebpf \
|
|
--exclude integration-test \
|
|
--workspace
|
|
|
|
build-test-aya-ebpf:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
arch:
|
|
- x86_64
|
|
- aarch64
|
|
- arm
|
|
- riscv64
|
|
- powerpc64
|
|
- s390x
|
|
target:
|
|
- bpfel-unknown-none
|
|
- bpfeb-unknown-none
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: dtolnay/rust-toolchain@master
|
|
with:
|
|
toolchain: nightly
|
|
components: rust-src
|
|
|
|
- uses: Swatinem/rust-cache@v2
|
|
|
|
- name: bpf-linker
|
|
run: cargo install bpf-linker --git https://github.com/aya-rs/bpf-linker.git
|
|
|
|
- uses: taiki-e/install-action@cargo-hack
|
|
- name: Build
|
|
env:
|
|
CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.arch }}
|
|
run: |
|
|
set -euxo pipefail
|
|
cargo hack build --package aya-ebpf --package aya-log-ebpf \
|
|
--feature-powerset \
|
|
--target ${{ matrix.target }} \
|
|
-Z build-std=core
|
|
|
|
- name: Test
|
|
env:
|
|
CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.arch }}
|
|
RUST_BACKTRACE: full
|
|
run: |
|
|
set -euxo pipefail
|
|
cargo hack test --doc \
|
|
--package aya-ebpf \
|
|
--package aya-log-ebpf \
|
|
--feature-powerset
|
|
|
|
run-integration-test:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- target: x86_64-apple-darwin
|
|
# macos-14 is arm64[0] which doesn't support nested
|
|
# virtualization[1].
|
|
#
|
|
# [0] https://github.com/actions/runner-images#available-images
|
|
#
|
|
# [1] https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#limitations-for-arm64-macos-runners
|
|
os: macos-13
|
|
- target: x86_64-unknown-linux-gnu
|
|
# We don't use ubuntu-latest because we care about the apt packages available.
|
|
os: ubuntu-22.04
|
|
- target: x86_64-unknown-linux-musl
|
|
os: ubuntu-22.04
|
|
container:
|
|
image: docker.io/alpine:3.20
|
|
options: --privileged -v /sys/fs/bpf:/sys/fs/bpf -v /sys/kernel:/sys/kernel
|
|
runs-on: ${{ matrix.os }}
|
|
container: ${{ matrix.container }}
|
|
steps:
|
|
- name: Install prerequisites
|
|
if: runner.os == 'Linux' && contains(matrix.container.image, 'alpine')
|
|
# bash is used in the `rust-toolchain` action.
|
|
#
|
|
# clang and make are needed for building the C eBPF programs, which are
|
|
# part of the integration tests.
|
|
#
|
|
# curl, file and jq are used in the steps below.
|
|
#
|
|
# dpkg is used to unpack the kernel images from .deb packages, which we
|
|
# use for virtualized tests. lynx is used to download them.
|
|
#
|
|
# gcc is needed as a linker, it also provides the runtime library, both
|
|
# needed by Rust.
|
|
#
|
|
# git is needed for the `checkout` action.
|
|
#
|
|
# libstdc++ is a dependency of llvm-sys, which is a dependency of
|
|
# bpf-linker.
|
|
#
|
|
# musl-dev provides CRT objects, which are linked by Rust.
|
|
#
|
|
# QEMU is used to run virtualized integration tests.
|
|
#
|
|
# sudo is needed by integration tests.
|
|
run: |
|
|
set -euxo pipefail
|
|
apk add \
|
|
bash \
|
|
clang \
|
|
curl \
|
|
dpkg \
|
|
file \
|
|
gcc \
|
|
git \
|
|
jq \
|
|
libstdc++-dev \
|
|
lynx \
|
|
make \
|
|
musl-dev \
|
|
qemu-system-arm \
|
|
qemu-system-x86_64 \
|
|
sudo
|
|
|
|
- name: Install prerequisites
|
|
if: runner.os == 'Linux' && matrix.container == ''
|
|
# ubuntu-22.04 comes with clang 13-15[0]; support for signed and 64bit
|
|
# enum values was added in clang 15[1] which isn't in `$PATH`.
|
|
#
|
|
# gcc-multilib provides at least <asm/types.h> which is referenced by libbpf.
|
|
#
|
|
# lynx is used to download kernel images.
|
|
#
|
|
# QEMU is used to run virtualized integration tests.
|
|
#
|
|
# [0] https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md
|
|
#
|
|
# [1] https://github.com/llvm/llvm-project/commit/dc1c43d
|
|
run: |
|
|
set -euxo pipefail
|
|
sudo apt update
|
|
sudo apt -y install gcc-multilib lynx qemu-system-{arm,x86}
|
|
echo /usr/lib/llvm-15/bin >> $GITHUB_PATH
|
|
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
|
|
# When running in a container as root, git throws the following error:
|
|
#
|
|
# fatal: detected dubious ownership in repository at '/__w/aya/aya'
|
|
#
|
|
# Which makes a lot of sense, not running regular git commands as root is
|
|
# a good thing. However, using a container image with a regular user
|
|
# results in permission errors thrown by the runner binary.[0] It's most
|
|
# likely because of a host volume mount which is owned by root. It would
|
|
# be great to make it work, but it's not going to be trivial and might
|
|
# require changes in the runner code itself.
|
|
#
|
|
# [0] https://github.com/aya-rs/aya/actions/runs/12034434029/job/33550963904
|
|
- name: Mark the directory as safe for git
|
|
if: matrix.container != ''
|
|
run: git config --global --add safe.directory /__w/aya/aya
|
|
|
|
- name: Install prerequisites
|
|
if: runner.os == 'macOS'
|
|
# The xargs shipped on macOS always exits 0 with -P0, so we need GNU findutils.
|
|
#
|
|
# The tar shipped on macOS doesn't support --wildcards, so we need GNU tar.
|
|
#
|
|
# The clang shipped on macOS doesn't support BPF, so we need LLVM from brew.
|
|
run: |
|
|
set -euxo pipefail
|
|
brew update
|
|
# https://github.com/actions/setup-python/issues/577
|
|
find /usr/local/bin -type l -exec sh -c 'readlink -f "$1" \
|
|
| grep -q ^/Library/Frameworks/Python.framework/Versions/' _ {} \; -exec rm -v {} \;
|
|
brew install --formula dpkg gnu-tar llvm lynx pkg-config qemu
|
|
echo $(brew --prefix)/opt/gnu-tar/libexec/gnubin >> $GITHUB_PATH
|
|
echo $(brew --prefix)/opt/llvm/bin >> $GITHUB_PATH
|
|
|
|
- uses: dtolnay/rust-toolchain@master
|
|
with:
|
|
toolchain: nightly
|
|
components: rust-src
|
|
targets: aarch64-unknown-linux-musl,x86_64-unknown-linux-musl
|
|
|
|
- uses: Swatinem/rust-cache@v2
|
|
|
|
- name: Install libLLVM
|
|
# Download libLLVM from Rust CI to ensure that the libLLVM version
|
|
# matches exactly with the version used by the current Rust nightly. A
|
|
# mismatch between libLLVM (used by bpf-linker) and Rust's LLVM version
|
|
# can lead to linking issues.
|
|
run: |
|
|
set -euxo pipefail
|
|
# Get the partial SHA from Rust nightly.
|
|
rustc_sha=$(rustc +nightly --version | grep -oE '[a-f0-9]{7,40}')
|
|
# Get the full SHA from GitHub.
|
|
rustc_sha=$(curl -sfSL https://api.github.com/repos/rust-lang/rust/commits/$rustc_sha \
|
|
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
|
|
--header 'content-type: application/json' \
|
|
| jq -r '.sha')
|
|
mkdir -p /tmp/rustc-llvm
|
|
curl -sfSL https://ci-artifacts.rust-lang.org/rustc-builds/$rustc_sha/rust-dev-nightly-${{ matrix.target }}.tar.xz | \
|
|
tar -xJ --strip-components 2 -C /tmp/rustc-llvm
|
|
echo /tmp/rustc-llvm/bin >> $GITHUB_PATH
|
|
|
|
- name: bpf-linker
|
|
# NB: rustc doesn't ship libLLVM.so on macOS, so disable proxying (default feature). We also
|
|
# --force so that bpf-linker gets always relinked against the latest LLVM downloaded above.
|
|
#
|
|
# Do this on all system (not just macOS) to avoid relying on rustc-provided libLLVM.so.
|
|
run: cargo install --force bpf-linker --git https://github.com/aya-rs/bpf-linker.git --no-default-features
|
|
|
|
- name: Download debian kernels
|
|
if: runner.arch == 'ARM64'
|
|
# TODO: enable tests on kernels before 6.0.
|
|
run: .github/scripts/download_kernel_images.sh test/.tmp/debian-kernels/arm64 arm64 6.1 6.10
|
|
|
|
- name: Download debian kernels
|
|
if: runner.arch == 'X64'
|
|
# TODO: enable tests on kernels before 6.0.
|
|
run: .github/scripts/download_kernel_images.sh test/.tmp/debian-kernels/amd64 amd64 6.1 6.10
|
|
|
|
- name: Extract debian kernels
|
|
run: |
|
|
set -euxo pipefail
|
|
find test/.tmp -name '*.deb' -print0 | xargs -t -0 -I {} \
|
|
sh -c "dpkg --fsys-tarfile {} | tar -C test/.tmp --wildcards --extract '*vmlinuz*' --file -"
|
|
|
|
- name: Run local integration tests
|
|
if: runner.os == 'Linux'
|
|
run: cargo xtask integration-test local
|
|
|
|
- name: Run virtualized integration tests
|
|
run: find test/.tmp -name 'vmlinuz-*' | xargs -t cargo xtask integration-test vm
|
|
|
|
# Provides a single status check for the entire build workflow.
|
|
# This is used for merge automation, like Mergify, since GH actions
|
|
# has no concept of "when all status checks pass".
|
|
# https://docs.mergify.com/conditions/#validating-all-status-checks
|
|
build-workflow-complete:
|
|
needs:
|
|
- lint
|
|
- build-test-aya
|
|
- build-test-aya-ebpf
|
|
- run-integration-test
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Build Complete
|
|
run: echo "Build Complete"
|