Merge pull request #1097 from astoycos/ocp-privs #72
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: # yamllint disable-line rule:truthy | |
| push: | |
| branches: [main] | |
| tags: | |
| - v* | |
| pull_request: | |
| branches: | |
| - main | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| check-license: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 3 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Check License Header | |
| uses: apache/skywalking-eyes@cd7b195c51fd3d6ad52afceb760719ddc6b3ee91 | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -qy \ | |
| git \ | |
| clang \ | |
| llvm \ | |
| protobuf-compiler \ | |
| cmake \ | |
| perl \ | |
| libssl-dev \ | |
| gcc-multilib \ | |
| libelf-dev \ | |
| - uses: actions/checkout@v4 | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: libbpf/libbpf | |
| path: libbpf | |
| fetch-depth: 0 | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: stable | |
| override: true | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: nightly | |
| components: rustfmt, clippy, rust-src | |
| override: false | |
| ## TODO(astoycos) Deactivate the rust-cache action until we can determine | |
| ## why it's freezing at the end of the install. | |
| ## - uses: Swatinem/rust-cache@v2 | |
| - name: Install cargo-llvm-cov | |
| uses: taiki-e/install-action@cargo-llvm-cov | |
| - uses: taiki-e/install-action@v2 | |
| with: | |
| tool: taplo-cli | |
| - run: taplo fmt --check | |
| - name: yaml-lint | |
| run: yamllint -c .yamllint.yaml --strict . | |
| - name: Check C formatting | |
| run: git ls-files -- '*.c' '*.h' | xargs clang-format --dry-run --Werror | |
| - name: Build eBPF | |
| run: | | |
| cargo xtask build-ebpf --libbpf-dir ./libbpf | |
| - name: Check formatting | |
| run: | | |
| cargo +nightly fmt --all -- --check | |
| - name: Run clippy | |
| run: | | |
| cargo +nightly clippy --all -- --deny warnings | |
| - name: Check public API | |
| run: cargo xtask public-api | |
| - name: Build | |
| run: cargo build --verbose | |
| - name: Build manpages | |
| run: cargo xtask build-man-page | |
| - name: Build CLI TAB Completion | |
| run: cargo xtask build-completion | |
| ## If the push is a tag....build and upload the release bpfman binaries to an archive | |
| - name: Build-Release | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| cargo build --release --target x86_64-unknown-linux-gnu | |
| - name: Package-Binaries | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| cd target/x86_64-unknown-linux-gnu/release | |
| tar -czvf bpfman-linux-x86_64.tar.gz bpfman bpfman-rpc bpfman-ns bpf-metrics-exporter bpf-log-exporter | |
| - name: Archive bpfman Release Binaries | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: bpfman-release | |
| path: | | |
| ./target/x86_64-unknown-linux-gnu/release/bpfman-linux-x86_64.tar.gz | |
| - name: Run tests | |
| run: cargo llvm-cov test --all-features -p bpfman -p bpfman-api --lcov --output-path lcov.info | |
| env: | |
| RUST_BACKTRACE: full | |
| - name: Archive Rust code coverage results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-rust | |
| path: lcov.info | |
| if-no-files-found: error | |
| ## Build go modules | |
| build-go: | |
| runs-on: ubuntu-latest | |
| # k8s codegen requires this to be set | |
| env: | |
| GOPATH: ${{ github.workspace }} | |
| defaults: | |
| run: | |
| ## For us to run the controller-gen generate commands from within | |
| ## github actions the package name MUST match the directory layout | |
| ## (i.e `GOPATH/src/github.com/bpfman/bpfman`). Otherwise when | |
| ## running `make generate` generated code is deposited at | |
| ## `home/runner/work/bpfman/bpfman/bpfman-operator/PKG_NAME` instead | |
| ## of in `home/runner/work/bpfman/bpfman/bpfman-operator/pkg/client/...`. | |
| ## This is annoying and gross but cannot be resolved until | |
| ## https://github.com/kubernetes/kubernetes/issues/86753 is properly | |
| ## addressed. | |
| working-directory: ${{ env.GOPATH }}/src/github.com/bpfman/bpfman/bpfman-operator | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| path: ${{ env.GOPATH }}/src/github.com/bpfman/bpfman | |
| - uses: actions/setup-go@v5 | |
| with: | |
| # prettier-ignore | |
| go-version: '1.21' # yamllint disable-line rule:quoted-strings | |
| - name: Go mod check | |
| run: | | |
| go mod tidy | |
| git diff --exit-code ../go.mod ../go.sum | |
| - name: Lint | |
| uses: golangci/golangci-lint-action@v4 | |
| with: | |
| ## https://github.com/golangci/golangci-lint-action/issues/369 | |
| working-directory: ${{ env.GOPATH }}/src/github.com/bpfman/bpfman | |
| version: v1.54.2 | |
| skip-cache: true | |
| skip-pkg-cache: true | |
| skip-build-cache: true | |
| args: -v --timeout 5m | |
| - name: Build Examples | |
| run: | | |
| go build ./... | |
| - name: Build Operator | |
| run: make build | |
| - name: Verify Operator | |
| run: make verify | |
| - name: Run Tests | |
| run: make test | |
| - name: Archive Go code coverage results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-go | |
| path: ${{ env.GOPATH }}/src/github.com/bpfman/bpfman/bpfman-operator/cover.out | |
| if-no-files-found: error | |
| build-docs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.x | |
| - name: Mkdocs Build | |
| run: | | |
| pip install mkdocs-material | |
| pip install -r requirements.txt | |
| mkdocs build --strict | |
| basic-integration-tests: | |
| runs-on: ubuntu-latest | |
| needs: [build, build-go, build-docs] | |
| env: | |
| CARGO_TERM_COLOR: always | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -qy \ | |
| git \ | |
| clang \ | |
| llvm \ | |
| protobuf-compiler \ | |
| cmake \ | |
| perl \ | |
| libssl-dev \ | |
| gcc-multilib \ | |
| libelf-dev | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: libbpf/libbpf | |
| path: libbpf | |
| fetch-depth: 0 | |
| - uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: nightly | |
| components: rust-src | |
| override: true | |
| - name: Build eBPF | |
| run: cargo xtask build-ebpf --libbpf-dir ./libbpf | |
| - name: Build bpfman | |
| run: cargo build --verbose | |
| - name: Build manpages | |
| run: cargo xtask build-man-page | |
| - name: Build CLI TAB Completion | |
| run: cargo xtask build-completion | |
| - name: Run the bpfman installer | |
| run: sudo ./scripts/setup.sh install | |
| - name: Give certs time to be created | |
| run: sleep 5 | |
| - name: Verify the bpfman systemd service is active | |
| run: systemctl is-active bpfman.socket | |
| - name: Verify the CLI can reach bpfman | |
| run: sudo bpfman list | |
| - name: Verify the manpages are installed | |
| run: man bpfman list | |
| - name: Stop the bpfman systemd service | |
| run: | | |
| sudo systemctl stop bpfman | |
| sudo ./scripts/setup.sh uninstall | |
| - name: Run integration tests | |
| run: cargo xtask integration-test | |
| kubernetes-integration-tests: | |
| needs: [build, build-go, build-docs] | |
| runs-on: ubuntu-latest | |
| env: | |
| BPFMAN_IMG: quay.io/bpfman/bpfman:int-test | |
| BPFMAN_AGENT_IMG: quay.io/bpfman/bpfman-agent:int-test | |
| BPFMAN_OPERATOR_IMG: quay.io/bpfman/bpfman-operator:int-test | |
| XDP_PASS_PRIVATE_IMAGE_CREDS: ${{ secrets.XDP_PASS_PRIVATE_IMAGE_CREDS }} | |
| steps: | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -qy \ | |
| git \ | |
| clang \ | |
| llvm \ | |
| gcc-multilib \ | |
| libbpf-dev | |
| - name: setup golang | |
| uses: actions/setup-go@v5 | |
| with: | |
| # prettier-ignore | |
| go-version: '1.21' # yamllint disable-line rule:quoted-strings | |
| - name: cache go modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-build-codegen-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-build-codegen- | |
| - name: checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ## TODO(astoycos) Currently this is just done to ensure we have coverage | |
| ## on all image builds. Ultimately we should be running the integration | |
| ## tests with these locally built bytecode images. | |
| - name: build example bytecode images | |
| run: | | |
| go install github.com/cilium/ebpf/cmd/[email protected] | |
| cd examples | |
| make build-bc-images | |
| - name: build example userspace images | |
| run: cd examples && make build-us-images | |
| - name: build images | |
| run: cd bpfman-operator && make build-images | |
| - name: run integration tests | |
| run: cd bpfman-operator && make test-integration | |
| ## Upload diagnostics if integration test step failed. | |
| - name: upload diagnostics | |
| if: ${{ failure() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: kubernetes-integration-test-diag | |
| path: /tmp/ktf-diag* | |
| if-no-files-found: ignore | |
| coverage: | |
| needs: [build, build-go, build-docs] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download golang coverage artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: coverage-go | |
| - name: Download rust coverage artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: coverage-rust | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| files: ./cover.out,./lcov.info | |
| verbose: true | |
| # Creates Release | |
| # Copies built bpfman binaries to release artifacts | |
| # Publish's bpfman and bpfman-api crates to crates.io | |
| release: | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| needs: [build] | |
| environment: crates.io | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set env | |
| run: | | |
| echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: bpfman-release | |
| - name: release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| body_path: ./changelogs/CHANGELOG-${{ env.RELEASE_VERSION }}.md | |
| files: | | |
| bpfman-linux-x86_64.tar.gz | |
| - name: publish bpfman-csi crate | |
| run: cargo publish -p bpfman-csi --token ${{ secrets.BPFMAN_DEV_TOKEN }} | |
| - name: publish bpfman crate | |
| run: cargo publish -p bpfman --token ${{ secrets.BPFMAN_DEV_TOKEN }} | |
| - name: publish bpfman-api crate | |
| run: cargo publish -p bpfman-api --token ${{ secrets.BPFMAN_DEV_TOKEN }} | |
| - name: publish bpf-log-exporter crate | |
| run: cargo publish -p bpfman-log-exporter --token ${{ secrets.BPFMAN_DEV_TOKEN }} | |
| - name: publish bpf-metrics-exporter crate | |
| run: cargo publish -p bpfman-metrics-exporter --token ${{ secrets.BPFMAN_DEV_TOKEN }} | |
| build-workflow-complete: | |
| needs: | |
| [ | |
| check-license, | |
| build, | |
| build-go, | |
| build-docs, | |
| coverage, | |
| basic-integration-tests, | |
| kubernetes-integration-tests, | |
| ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Build Complete | |
| run: echo "Build Complete" |