-
Notifications
You must be signed in to change notification settings - Fork 75
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Jason Dellaluce <[email protected]>
- Loading branch information
1 parent
9a0ec0d
commit 3d0b534
Showing
8 changed files
with
200 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
master | ||
0.35.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
# This is a reusable workflow used by master and release CI | ||
on: | ||
workflow_call: | ||
inputs: | ||
output: | ||
description: Name of the output binary | ||
required: false | ||
default: rules-check | ||
type: string | ||
repository: | ||
description: Falco rules repository | ||
required: false | ||
default: falcosecurity/rules | ||
type: string | ||
|
||
jobs: | ||
build-rules-checker: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Setup Golang | ||
uses: actions/setup-go@v3 | ||
with: | ||
go-version: '^1.19' | ||
|
||
- name: Checkout rules | ||
uses: actions/checkout@v3 | ||
with: | ||
repository: ${{ inputs.repository }} | ||
# TODO(jasondellaluce): remove this and merge changes in falcosecurity/rules | ||
ref: 'update/check-plugin-rules' | ||
|
||
- name: Build checker tool | ||
working-directory: build/checker | ||
run: go build -o ${{ inputs.output }} | ||
|
||
- name: Test checker tool | ||
working-directory: build/checker | ||
run: go test ./... -cover | ||
|
||
- name: Upload artifacts | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: rules-tool.tar.gz | ||
path: build/checker/${{ inputs.output }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
# This is a reusable workflow used by master CCI | ||
on: | ||
workflow_call: | ||
outputs: | ||
changed-plugins: | ||
description: "A json-encoded array with the names of plugins to be used by the CI" | ||
value: ${{ jobs.get-values.outputs.changed-plugins }} | ||
falco-versions: | ||
description: "A json-encoded array with the versions of Falco to be used by the CI" | ||
value: ${{ jobs.get-values.outputs.falco-versions }} | ||
|
||
jobs: | ||
get-values: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
changed-plugins: ${{ steps.set-changed-plugins.outputs.changed-plugins }} | ||
falco-versions: ${{ steps.set-falco-versions.outputs.versions }} | ||
steps: | ||
- name: Checkout rules | ||
uses: actions/checkout@v3 | ||
|
||
- name: Get changed files | ||
id: changed-plugins | ||
if: github.event_name == 'pull_request' | ||
uses: jitterbit/get-changed-files@v1 | ||
with: | ||
format: space-delimited | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Get Falco versions | ||
id: set-falco-versions | ||
run: | | ||
values="" | ||
while read -r line | ||
do | ||
values="${values}${line}"$'\n' | ||
done < "./.github/FALCO_VERSIONS" | ||
echo "versions=$(echo "${values}" | jq -R -s -c 'split("\n")' | jq -c 'map(select(length > 0))')" >> $GITHUB_OUTPUT | ||
- name: Get changed plugins | ||
id: set-changed-plugins | ||
run: | | ||
# if we skip changed-plugins because we're not in a pull-request, | ||
# then we consider all the rules contained in the repo | ||
all_files="${{ steps.changed-plugins.outputs.all }}" | ||
values="" | ||
if [ -z $all_files ]; then | ||
values=$(ls plugins) | ||
else | ||
for changed_file in $all_files; do | ||
if [[ ${changed_file} =~ ^plugins/.* ]]; then | ||
plugindir=$(echo ${changed_file} | sed -e 's/^plugins//' | sed -E 's_(/[^/]+).*_\1_') | ||
values="${values}${plugindir:1}"$'\n' | ||
fi | ||
done | ||
fi | ||
echo "changed-files=$(echo "${values}" | jq -R -s -c 'split("\n")' | jq -c 'map(select(length > 0))')" >> $GITHUB_OUTPUT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
plugins: | ||
- name: cloudtrail | ||
library_path: libcloudtrail.so | ||
- name: json | ||
library_path: libjson.so |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters