aya-ci #353
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: aya-ci | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
schedule: | |
- cron: 00 4 * * * | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: nightly | |
components: rustfmt, clippy, miri, rust-src | |
- uses: Swatinem/rust-cache@v2 | |
- uses: taiki-e/install-action@v2 | |
with: | |
tool: cargo-hack,taplo-cli | |
- name: Check C formatting | |
run: git ls-files -- '*.c' '*.h' | xargs clang-format --dry-run --Werror | |
- name: Check Markdown | |
uses: DavidAnson/markdownlint-cli2-action@v17 | |
- name: Check TOML formatting | |
run: taplo fmt --check | |
- name: Check formatting | |
run: cargo fmt --all -- --check | |
- name: Run clippy | |
run: cargo hack clippy --all-targets --feature-powerset --workspace -- --deny warnings | |
- name: Check public API | |
run: cargo xtask public-api | |
- name: Run miri | |
run: | | |
set -euxo pipefail | |
cargo hack miri test --all-targets --feature-powerset \ | |
--exclude aya-ebpf \ | |
--exclude aya-ebpf-bindings \ | |
--exclude aya-log-ebpf \ | |
--exclude integration-ebpf \ | |
--exclude integration-test \ | |
--workspace | |
build-test-aya: | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: | |
- x86_64-unknown-linux-gnu | |
- aarch64-unknown-linux-gnu | |
- armv7-unknown-linux-gnueabi | |
- riscv64gc-unknown-linux-gnu | |
- powerpc64le-unknown-linux-gnu | |
- s390x-unknown-linux-gnu | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: stable | |
targets: ${{ matrix.arch }} | |
- uses: Swatinem/rust-cache@v2 | |
- uses: taiki-e/install-action@cargo-hack | |
- uses: taiki-e/setup-cross-toolchain-action@v1 | |
with: | |
target: ${{ matrix.arch }} | |
- name: Build | |
run: | | |
set -euxo pipefail | |
cargo hack build --all-targets --feature-powerset \ | |
--exclude aya-ebpf \ | |
--exclude aya-ebpf-bindings \ | |
--exclude aya-log-ebpf \ | |
--exclude integration-ebpf \ | |
--workspace | |
- name: Test | |
env: | |
RUST_BACKTRACE: full | |
run: | | |
set -euxo pipefail | |
cargo hack test --all-targets --feature-powerset \ | |
--exclude aya-ebpf \ | |
--exclude aya-ebpf-bindings \ | |
--exclude aya-log-ebpf \ | |
--exclude integration-ebpf \ | |
--exclude integration-test \ | |
--workspace | |
- name: Doctests | |
env: | |
RUST_BACKTRACE: full | |
run: | | |
set -euxo pipefail | |
cargo hack test --doc --feature-powerset \ | |
--exclude aya-ebpf \ | |
--exclude aya-ebpf-bindings \ | |
--exclude aya-log-ebpf \ | |
--exclude init \ | |
--exclude integration-ebpf \ | |
--exclude integration-test \ | |
--workspace | |
build-test-aya-ebpf: | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: | |
- x86_64 | |
- aarch64 | |
- arm | |
- riscv64 | |
- powerpc64 | |
- s390x | |
target: | |
- bpfel-unknown-none | |
- bpfeb-unknown-none | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: nightly | |
components: rust-src | |
- uses: Swatinem/rust-cache@v2 | |
- name: bpf-linker | |
run: cargo install bpf-linker --git https://github.com/aya-rs/bpf-linker.git | |
- uses: taiki-e/install-action@cargo-hack | |
- name: Build | |
env: | |
CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.arch }} | |
run: | | |
set -euxo pipefail | |
cargo hack build --package aya-ebpf --package aya-log-ebpf \ | |
--feature-powerset \ | |
--target ${{ matrix.target }} \ | |
-Z build-std=core | |
- name: Test | |
env: | |
CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.arch }} | |
RUST_BACKTRACE: full | |
run: | | |
set -euxo pipefail | |
cargo hack test --doc \ | |
--package aya-ebpf \ | |
--package aya-log-ebpf \ | |
--feature-powerset | |
run-integration-test: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: x86_64-apple-darwin | |
# macos-14 is arm64[0] which doesn't support nested | |
# virtualization[1]. | |
# | |
# [0] https://github.com/actions/runner-images#available-images | |
# | |
# [1] https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#limitations-for-arm64-macos-runners | |
os: macos-13 | |
- target: x86_64-unknown-linux-gnu | |
# We don't use ubuntu-latest because we care about the apt packages available. | |
os: ubuntu-22.04 | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Install prerequisites | |
if: runner.os == 'Linux' | |
# ubuntu-22.04 comes with clang 13-15[0]; support for signed and 64bit | |
# enum values was added in clang 15[1] which isn't in `$PATH`. | |
# | |
# gcc-multilib provides at least <asm/types.h> which is referenced by libbpf. | |
# | |
# [0] https://github.com/actions/runner-images/blob/main/images/ubuntu/Ubuntu2204-Readme.md | |
# | |
# [1] https://github.com/llvm/llvm-project/commit/dc1c43d | |
run: | | |
set -euxo pipefail | |
sudo apt update | |
sudo apt -y install gcc-multilib locate qemu-system-{arm,x86} | |
echo /usr/lib/llvm-15/bin >> $GITHUB_PATH | |
- name: Install prerequisites | |
if: runner.os == 'macOS' | |
# The xargs shipped on macOS always exits 0 with -P0, so we need GNU findutils. | |
# | |
# The tar shipped on macOS doesn't support --wildcards, so we need GNU tar. | |
# | |
# The clang shipped on macOS doesn't support BPF, so we need LLVM from brew. | |
run: | | |
set -euxo pipefail | |
brew update | |
# https://github.com/actions/setup-python/issues/577 | |
find /usr/local/bin -type l -exec sh -c 'readlink -f "$1" \ | |
| grep -q ^/Library/Frameworks/Python.framework/Versions/' _ {} \; -exec rm -v {} \; | |
HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1 \ | |
brew install dpkg findutils gnu-tar llvm pkg-config qemu | |
echo $(brew --prefix)/opt/findutils/libexec/gnubin >> $GITHUB_PATH | |
echo $(brew --prefix)/opt/gnu-tar/libexec/gnubin >> $GITHUB_PATH | |
echo $(brew --prefix)/opt/llvm/bin >> $GITHUB_PATH | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: nightly | |
components: rust-src | |
targets: aarch64-unknown-linux-musl,x86_64-unknown-linux-musl | |
- uses: Swatinem/rust-cache@v2 | |
- name: Install libLLVM | |
# Download libLLVM from Rust CI to ensure that the libLLVM version | |
# matches exactly with the version used by the current Rust nightly. A | |
# mismatch between libLLVM (used by bpf-linker) and Rust's LLVM version | |
# can lead to linking issues. | |
run: | | |
set -euxo pipefail | |
# Get the partial SHA from Rust nightly. | |
rustc_sha=$(rustc +nightly --version | grep -oE '[a-f0-9]{7,40}') | |
# Get the full SHA from GitHub. | |
rustc_sha=$(curl -s https://api.github.com/repos/rust-lang/rust/commits/$rustc_sha \ | |
--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \ | |
--header 'content-type: application/json' \ | |
| jq -r '.sha') | |
mkdir -p /tmp/rustc-llvm | |
wget -q -O - https://ci-artifacts.rust-lang.org/rustc-builds/$rustc_sha/rust-dev-nightly-${{ matrix.target }}.tar.xz | \ | |
tar -xJ --strip-components 2 -C /tmp/rustc-llvm | |
echo /tmp/rustc-llvm/bin >> $GITHUB_PATH | |
- name: bpf-linker | |
# NB: rustc doesn't ship libLLVM.so on macOS, so disable proxying (default feature). We also | |
# --force so that bpf-linker gets always relinked against the latest LLVM downloaded above. | |
# | |
# Do this on all system (not just macOS) to avoid relying on rustc-provided libLLVM.so. | |
run: cargo install --force bpf-linker --git https://github.com/aya-rs/bpf-linker.git --no-default-features | |
- name: Download debian kernels | |
if: runner.arch == 'ARM64' | |
run: | | |
set -euxo pipefail | |
mkdir -p test/.tmp/debian-kernels/arm64 | |
# NB: a 4.19 kernel image for arm64 was not available. | |
# TODO: enable tests on kernels before 6.0. | |
# linux-image-5.10.0-23-cloud-arm64-unsigned_5.10.179-3_arm64.deb \ | |
printf '%s\0' \ | |
linux-image-6.1.0-22-cloud-arm64-unsigned_6.1.94-1_arm64.deb \ | |
linux-image-6.10.9-cloud-arm64-unsigned_6.10.9-1_arm64.deb \ | |
| xargs -0 -t -P0 -I {} wget -nd -nv -P test/.tmp/debian-kernels/arm64 ftp://ftp.us.debian.org/debian/pool/main/l/linux/{} | |
- name: Download debian kernels | |
if: runner.arch == 'X64' | |
run: | | |
set -euxo pipefail | |
mkdir -p test/.tmp/debian-kernels/amd64 | |
# TODO: enable tests on kernels before 6.0. | |
# linux-image-4.19.0-21-cloud-amd64-unsigned_4.19.249-2_amd64.deb \ | |
# linux-image-5.10.0-23-cloud-amd64-unsigned_5.10.179-3_amd64.deb \ | |
printf '%s\0' \ | |
linux-image-6.1.0-22-cloud-amd64-unsigned_6.1.94-1_amd64.deb \ | |
linux-image-6.10.9-cloud-amd64-unsigned_6.10.9-1_amd64.deb \ | |
| xargs -0 -t -P0 -I {} wget -nd -nv -P test/.tmp/debian-kernels/amd64 ftp://ftp.us.debian.org/debian/pool/main/l/linux/{} | |
- name: Extract debian kernels | |
run: | | |
set -euxo pipefail | |
find test/.tmp -name '*.deb' -print0 | xargs -t -0 -I {} \ | |
sh -c "dpkg --fsys-tarfile {} | tar -C test/.tmp --wildcards --extract '*vmlinuz*' --file -" | |
- name: Run local integration tests | |
if: runner.os == 'Linux' | |
run: cargo xtask integration-test local | |
- name: Run virtualized integration tests | |
run: find test/.tmp -name 'vmlinuz-*' | xargs -t cargo xtask integration-test vm | |
# Provides a single status check for the entire build workflow. | |
# This is used for merge automation, like Mergify, since GH actions | |
# has no concept of "when all status checks pass". | |
# https://docs.mergify.com/conditions/#validating-all-status-checks | |
build-workflow-complete: | |
needs: | |
- lint | |
- build-test-aya | |
- build-test-aya-ebpf | |
- run-integration-test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Build Complete | |
run: echo "Build Complete" |