feat(ebpf): add stdin_info to sched_process_exec #6223
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# When a PR is opened or updated: Run Tracee Tests | |
# | |
name: PR | |
on: | |
workflow_dispatch: {} | |
pull_request: | |
branches: | |
- main | |
paths: | |
- "!docs/**" | |
- "!deploy/**" | |
- "!packaging/**" | |
- "!**.yaml" | |
- "!**.md" | |
- "!**.txt" | |
- "!**.conf" | |
# override previous rules: | |
- "docs/docs/flags/**" | |
- "docs/man/**" | |
- "go.mod" | |
- "go.sum" | |
- "Makefile" | |
- "**.c" | |
- "**.h" | |
- "**.go" | |
- "**.sh" | |
- "**/pr.yaml" | |
- "**/action.yaml" | |
concurrency: | |
group: ${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
TESTS: > | |
TRC-102 | |
TRC-103 | |
TRC-104 | |
TRC-105 | |
TRC-107 | |
TRC-1010 | |
TRC-1014 | |
TRC-1016 | |
TRC-1018 | |
TRC-1022 | |
ARM64_TESTS: > | |
TRC-102 | |
TRC-103 | |
TRC-104 | |
TRC-105 | |
TRC-107 | |
TRC-1010 | |
TRC-1014 | |
TRC-1016 | |
TRC-1018 | |
NETTESTS: > | |
IPv4 | |
IPv6 | |
TCP | |
UDP | |
ICMP | |
ICMPv6 | |
DNS | |
HTTP | |
INSTTESTS: > | |
PROCESS_EXECUTE_FAILED | |
VFS_WRITE | |
FILE_MODIFICATION | |
HOOKED_SYSCALL | |
FTRACE_HOOK | |
SECURITY_INODE_RENAME | |
BPF_ATTACH | |
CONTAINERS_DATA_SOURCE | |
PROCTREE_DATA_SOURCE | |
DNS_DATA_SOURCE | |
WRITABLE_DATA_SOURCE | |
SET_FS_PWD | |
jobs: | |
# | |
# DOC VERIFICATION | |
# | |
verify-docs: | |
name: Verify Documentation | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Check if flags flags man/markdown docs were changed | |
id: changed-files | |
uses: tj-actions/changed-files@2d756ea4c53f7f6b397767d8723b3a10a9f35bf2 # v44.0.0 | |
with: | |
files_yaml: | | |
md_files: | |
- "docs/docs/flags/**/*.1.md" | |
man_files: | |
- "docs/man/**/*.1" | |
- name: Ensure updates of *.1.md and *.1 pairs | |
if: ${{ steps.changed-files.outputs.md_files_any_modified == 'true' || steps.changed-files.outputs.man_files_any_modified == 'true' }} | |
run: | | |
md_files=$(echo "${{ steps.changed-files.outputs.md_files_all_modified_files }}" | xargs -n 1 basename | sed 's/\.1.md$//') | |
man_files=$(echo "${{ steps.changed-files.outputs.man_files_all_modified_files }}" | xargs -n 1 basename | sed 's/\.1$//') | |
missing_updates=() | |
for base_name in $md_files; do | |
if ! grep -Fxq "$base_name" <<< "$man_files"; then | |
missing_updates+=("$base_name.1.md change requires corresponding $base_name.1 change") | |
fi | |
done | |
for base_name in $man_files; do | |
if ! grep -Fxq "$base_name" <<< "$md_files"; then | |
missing_updates+=("$base_name.1 change requires corresponding $base_name.1.md change") | |
fi | |
done | |
if [ ${#missing_updates[@]} -ne 0 ]; then | |
printf "%s\n" "${missing_updates[@]}" | |
echo "--- How to Fix it ---" | |
echo " 1. Modify only '.1.md' files, updating the date in '.1.md' files if needed." | |
echo " 2. Run 'make -f builder/Makefile.man man-run' to update '.1' files." | |
exit 1 | |
fi | |
# | |
# CODE VERIFICATION | |
# | |
verify-analyze-code: | |
name: Verify and Analyze Code | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: true | |
- name: Install Dependencies | |
uses: ./.github/actions/build-dependencies | |
- name: Lint | |
run: | | |
if test -z "$(gofmt -l .)"; then | |
echo "Congrats! There is nothing to fix." | |
else | |
echo "The following lines should be fixed." | |
gofmt -s -d . | |
exit 1 | |
fi | |
- name: Lint (Revive) | |
run: | | |
make check-lint | |
- name: Check Code Style | |
run: | | |
make check-fmt | |
- name: Check Golang Vet | |
run: | | |
make check-vet | |
- name: Check with StaticCheck | |
run: | | |
make check-staticcheck | |
- name: Check with errcheck | |
run: | | |
make check-err | |
# | |
# SIGNATURES CODE VERIFICATION | |
# | |
verify-signatures: | |
name: Verify Signatures | |
needs: | |
- verify-analyze-code | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: true | |
- name: Install Dependencies | |
uses: ./.github/actions/build-dependencies | |
- name: Build Signatures | |
run: | | |
make signatures | |
- name: Test Signatures | |
run: | | |
make test-signatures | |
# | |
# TOOLS BUILD VERIFICATION | |
# | |
verify-tools: | |
name: Verify Other Tools | |
needs: | |
- verify-analyze-code | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: true | |
- name: Install Dependencies | |
uses: ./.github/actions/build-dependencies | |
- name: Build Tracee Benchmark Tool | |
run: | | |
make clean | |
make tracee-bench | |
- name: Build Tracee GPT Docs Tool | |
run: | | |
make clean | |
make tracee-gptdocs | |
- name: Build E2E Network Signatures | |
run: | | |
make clean | |
make e2e-net-signatures | |
- name: Build E2E Instrumentation Signatures | |
run: | | |
make clean | |
make e2e-inst-signatures | |
# | |
# CODE TESTS | |
# | |
unit-tests: | |
name: Unit Tests | |
needs: | |
- verify-analyze-code | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: true | |
- name: Install Dependencies | |
uses: ./.github/actions/build-dependencies | |
- name: Run Unit Tests | |
run: | | |
make test-unit | |
# | |
# INTEGRATION TESTS | |
# | |
integration-tests: | |
name: Integration Tests | |
needs: | |
- verify-analyze-code | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: true | |
- name: Install Dependencies | |
uses: ./.github/actions/build-dependencies | |
- name: Run Integration Tests | |
run: | | |
sudo env "PATH=$PATH" make test-integration | |
# | |
# PERFORMANCE TESTS | |
# | |
performance-tests: | |
name: Performance Tests | |
needs: | |
- verify-analyze-code | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: true | |
- name: Install Dependencies | |
uses: ./.github/actions/build-dependencies | |
- name: Run Performance Tests | |
run: | | |
sudo env "PATH=$PATH" make test-performance | |
# | |
# FUNCTIONAL TESTS AGAINST DIFFERENT KERNELS | |
# | |
generate-matrix: | |
name: Generate Test Matrix | |
#needs: | |
# - verify-signatures | |
# - verify-tools | |
runs-on: ubuntu-latest | |
outputs: | |
matrix01: ${{ steps.set-matrix.outputs.matrix01 }} | |
steps: | |
- name: Set Matrix | |
id: set-matrix | |
run: | | |
declare -A job_names=( | |
["GKE 5.4"]="07803dec079f9dab8 x86_64" | |
["GKE 5.10"]="03ca8e4a64be4e6e2 x86_64" | |
["GKE 5.15 x86_64"]="0e71c360809862bd7 x86_64" | |
["GKE 5.15 aarch64"]="0b66222a60f8f97be aarch64" | |
["AMZN2 5.10 x86_64"]="0b9c1568cd5551408 x86_64" | |
["AMZN2 5.10 aarch64"]="071a53e3ad06e6a7e aarch64" | |
["RHEL8 4.18 x86_64"]="0763bdb83bba5e638 x86_64" | |
["Focal 5.4 x86_64"]="0d9d35323406a6cad x86_64" | |
["Focal 5.13 x86_64"]="0c86a42b0f61bd86e x86_64" | |
["Focal 5.13 aarch64"]="07de8512322c4a33a aarch64" | |
["Jammy 5.15 x86_64"]="02f0ed24d636fa1a7 x86_64" | |
["Jammy 5.15 aarch64"]="0b6d16ce9f5576b40 aarch64" | |
["Jammy 5.19 x86_64"]="02ce72d6cd652cbbd x86_64" | |
["Jammy 5.19 aarch64"]="07271263d87a0e883 aarch64" | |
["Lunar 6.2 x86_64"]="0344a20747442e3c7 x86_64" | |
["Lunar 6.2 aarch64"]="0c0d64eea6367efd8 aarch64" | |
["Mantic 6.5 x86_64"]="0564e75d9605addaf x86_64" | |
["Mantic 6.5 aarch64"]="028acebc5083c4840 aarch64" | |
["Mantic 6.6 x86_64"]="040d4dc2758203717 x86_64" | |
["Mantic 6.6 aarch64"]="03f75150a60f7edf7 aarch64" | |
# expand as needed | |
) | |
for num in 01; do | |
output="[" | |
first=1 | |
for job in "${!job_names[@]}"; do | |
ami="${job_names[$job]%% *}" | |
arch="${job_names[$job]##* }" | |
if (( first )); then | |
first=0 | |
else | |
output+="," | |
fi | |
output+="{\"job_name\": \"$job\", \"arch\": \"$arch\", \"ami\": \"$ami\", \"sufix\": \"$num\"}" | |
done | |
output+="]" | |
echo "matrix$num=$output" >> $GITHUB_OUTPUT | |
echo "matrix$num=$output" | |
done | |
shell: bash | |
- name: Show Matrix | |
id: show-matrix | |
run: | | |
echo ${{ steps.set-matrix.outputs.matrix01 }} | |
shell: bash | |
kernel-tests: | |
name: ${{ matrix.job_name }} | |
needs: | |
- generate-matrix | |
runs-on: | |
- graas_ami-${{ matrix.ami }}_${{ github.event.number }}${{ github.run_attempt }}-${{ github.run_id }}_${{ matrix.sufix }} | |
- EXECUTION_TYPE=LONG | |
strategy: | |
matrix: | |
include: ${{fromJson(needs.generate-matrix.outputs.matrix01)}} | |
env: | |
HOME: "/tmp/root" | |
GOPATH: "/tmp/go" | |
GOCACHE: "/tmp/go-cache" | |
GOROOT: "/usr/local/go" | |
steps: | |
- name: "Checkout" | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: true | |
- name: "Prepare Image (Fix AMIs)" | |
run: ./tests/e2e-install-deps.sh | |
- name: "Environment Variables" | |
run: | | |
if [[ "${{ matrix.arch }}" == "aarch64" ]]; then | |
echo "TESTS=${{ env.ARM64_TESTS }}" >> $GITHUB_ENV | |
fi | |
- name: "Instrumentation Test" | |
run: ./tests/e2e-inst-test.sh | |
- name: "Network Test" | |
run: ./tests/e2e-net-test.sh | |
- name: "Kernel Test" | |
run: ./tests/e2e-kernel-test.sh |