Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sync: release 0.18.2 #2157

Merged
merged 45 commits into from
Nov 20, 2024
Merged

sync: release 0.18.2 #2157

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
9136650
fix(modern): check `cred` field is not NULL before the access
Andreagit97 Oct 16, 2024
e214eb3
cleanup: move `sched_p_exec` tail calls
Andreagit97 Nov 6, 2024
e9a8ced
cleanup: move `sched_p_fork` tail calls
Andreagit97 Nov 6, 2024
00a6a39
cleanup: move `hotplug` logic into sys_exit
Andreagit97 Nov 6, 2024
dabbaf7
cleanup: simplify droppping logic for tracepoint
Andreagit97 Nov 6, 2024
70033a4
update: set sched_switch as UF_ALWAYS_DROP
Andreagit97 Nov 6, 2024
cc7c36c
cleanup: rename some methods
Andreagit97 Nov 6, 2024
38cceec
cleanup: don't initialize enums if not needed
Andreagit97 Nov 6, 2024
27e12c9
cleanup: remove `ctx`
Andreagit97 Nov 6, 2024
070cee3
cleanup(tests): improve test stability
Andreagit97 Nov 7, 2024
8279c1c
chore(ci): bumped perf unit tests threshold to 5% (relative) slowdown.
FedeDP Sep 16, 2024
377d260
chore(test/libsinsp_e2e,ci): port libsinsp_e2e tests to use python3.
FedeDP Sep 17, 2024
e4eea8b
new(ci): add a zig build job plus a composite action to setup zig.
FedeDP Sep 20, 2024
8b369a2
chore(ci): check linked glibc version on zig.
FedeDP Sep 23, 2024
768d1b1
chore(ci): show diff on failed format
Molter73 Oct 1, 2024
c4c124a
clean up and update ci
cpanato Oct 9, 2024
cfe3dae
chore(deps): Bump the actions group with 5 updates
dependabot[bot] Oct 9, 2024
0ade1df
chore(deps): Bump codecov/codecov-action
dependabot[bot] Oct 9, 2024
8cdf9f0
chore(deps): Bump dorny/paths-filter from 2.11.1 to 3.0.2
dependabot[bot] Oct 9, 2024
adc1630
chore(deps): Bump actions/setup-python from 4.7.1 to 5.2.0
dependabot[bot] Oct 9, 2024
406c6ad
chore(deps): Bump actions/upload-pages-artifact from 2.0.0 to 3.0.1
dependabot[bot] Oct 9, 2024
45a63b0
chore(deps): Bump peter-evans/create-pull-request from 5.0.2 to 7.0.5
dependabot[bot] Oct 9, 2024
0d1ab87
chore(deps): Bump actions/deploy-pages from 2.0.4 to 4.0.5
dependabot[bot] Oct 9, 2024
a3b7545
chore(deps): Bump actions/upload-artifact from 3.1.3 to 4.4.2
dependabot[bot] Oct 9, 2024
697c0b2
chore(deps): Bump actions/checkout from 3.6.0 to 4.2.1
dependabot[bot] Oct 10, 2024
66d9dcb
fix(ci): fix kernel testing action by using proper tag name.
FedeDP Oct 10, 2024
eaa816d
fix(ci): fixed build-scap-open-w-extern-bpf-skeleton: we do not rely …
FedeDP Oct 10, 2024
d0c4f58
chore(ci): bump actions/download-artifact to latest release (v4.1.8).
FedeDP Oct 10, 2024
8d752c8
chore(deps): Bump the actions group with 2 updates
dependabot[bot] Oct 14, 2024
0fb3d13
new(ci): run latest-kernel CI against arm64 too.
FedeDP Oct 16, 2024
aa6951e
fix(ci): fixed latest-kernel CI usage of steps/jobs outputs.
FedeDP Oct 17, 2024
f101f1e
fix(ci): fixed create-comment-kernel-testing workflow when kernel-tes…
FedeDP Oct 17, 2024
12d3a8b
fix(ci): fixed create-comment-perf workflow when perf CI does not run.
FedeDP Oct 17, 2024
e9168ca
fix(ci): use `process.exit();` to leave node script in github/action-…
FedeDP Oct 21, 2024
9387467
fix(ci): create-comment workflows array length check.
FedeDP Oct 21, 2024
a152203
chore(deps): Bump uraimo/run-on-arch-action in the actions group
dependabot[bot] Oct 21, 2024
1a50aba
chore(ci): keep zig development version alive by using actions/cache.
FedeDP Sep 20, 2024
ef5a56d
chore(ci): bump the zig version to latest.
FedeDP Sep 23, 2024
8a2665b
chore(ci): bump zig version and improve install-zig action.
FedeDP Oct 22, 2024
3ff318d
fix(ci): fixed create-comment-kernel-testing typo.
FedeDP Oct 22, 2024
d0c5297
chore(ci): increase timeout to 5minutes for driverkit build in latest…
FedeDP Oct 22, 2024
2a67310
update(ci): use cncf provided self hosted runners for arm64.
FedeDP Sep 13, 2024
70f0538
chore(deps): Bump the actions group with 3 updates
dependabot[bot] Oct 29, 2024
8e0c741
chore(deps): Bump softprops/action-gh-release from 1 to 2
dependabot[bot] Oct 9, 2024
89cb0d3
chore(deps): Bump softprops/action-gh-release in the actions group
dependabot[bot] Nov 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 59 additions & 0 deletions .github/actions/install-zig/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
name: 'install-zig'
description: 'Install zig compiler and make it available in PATH.'

runs:
using: "composite"
steps:
- name: Store zig version as local output
shell: bash
id: store
env:
ZIG_VERSION: '0.14.0-dev.1952+9f84f7f92'
run: |
echo "zig_version=${ZIG_VERSION}" >> "$GITHUB_OUTPUT"

- name: Create zig install folder
shell: bash
run: mkdir /usr/local/zig

# TODO: this is only needed because we are using a development version of zig,
# since we need https://github.com/ziglang/zig/pull/21253 to be included.
# Development versions of zig are not kept alive forever, but get overridden.
# We cache it to keep it alive.
- name: Download zig (cached)
id: cache-zig
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: /usr/local/zig
key: zig-${{ runner.os }}-${{ runner.arch }}-${{ steps.store.outputs.zig_version }}

- name: Download zig
if: steps.cache-zig.outputs.cache-hit != 'true'
shell: bash
run: |
curl -L -o zig.tar.xz https://ziglang.org/builds/zig-linux-$(uname -m)-${{ steps.store.outputs.zig_version }}.tar.xz
tar -xvf zig.tar.xz

cat > zig-linux-$(uname -m)-${{ steps.store.outputs.zig_version }}/zig-cc <<EOF
#!/bin/bash
exec zig cc -target $(uname -m)-linux-gnu.2.17 -mcpu=baseline "\$@"
EOF
chmod +x zig-linux-$(uname -m)-${{ steps.store.outputs.zig_version }}/zig-cc

cat > zig-linux-$(uname -m)-${{ steps.store.outputs.zig_version }}/zig-c++ <<EOF
#!/bin/bash
exec zig c++ -target $(uname -m)-linux-gnu.2.17 -mcpu=baseline "\$@"
EOF
chmod +x zig-linux-$(uname -m)-${{ steps.store.outputs.zig_version }}/zig-c++

cp -R zig-linux-$(uname -m)-${{ steps.store.outputs.zig_version }}/* /usr/local/zig/

- name: Setup zig
shell: bash
id: zig
run: |
echo "/usr/local/zig" >> $GITHUB_PATH
echo "CC=zig-cc" >> $GITHUB_ENV
echo "CXX=zig-c++" >> $GITHUB_ENV
echo "AR=zig ar" >> $GITHUB_ENV
echo "RANLIB=zig ranlib" >> $GITHUB_ENV
45 changes: 32 additions & 13 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,12 @@ concurrency:
jobs:
build-libs-linux:
name: build-libs-linux-${{ matrix.arch }} 😁 (${{ matrix.name }})
runs-on: ${{ (matrix.arch == 'arm64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-22.04' }}
runs-on: ${{ (matrix.arch == 'arm64' && 'github-arm64-2c-8gb') || 'ubuntu-22.04' }}
strategy:
fail-fast: false
matrix:
arch: [amd64, arm64]
name: [system_deps, bundled_deps, system_deps_minimal, sanitizers]
name: [system_deps, bundled_deps, system_deps_minimal, sanitizers, zig]
include:
- name: system_deps
cmake_opts: -DBUILD_WARNINGS_AS_ERRORS=On -DBUILD_BPF=On -DUSE_BUNDLED_DEPS=False
Expand All @@ -31,6 +31,8 @@ jobs:
cmake_opts: -DBUILD_WARNINGS_AS_ERRORS=On -DUSE_BUNDLED_DEPS=False -DMINIMAL_BUILD=True
- name: sanitizers
cmake_opts: -DUSE_ASAN=On -DUSE_UBSAN=On -DUSE_BUNDLED_DEPS=False
- name: zig
cmake_opts: -DUSE_BUNDLED_DEPS=True
container:
image: debian:buster
steps:
Expand All @@ -47,7 +49,7 @@ jobs:
rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/

- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

Expand All @@ -59,6 +61,10 @@ jobs:
run: |
git config --global --add safe.directory $GITHUB_WORKSPACE

- name: Install zig
if: matrix.name == 'zig'
uses: ./.github/actions/install-zig

- name: Build and test 🏗️🧪
env:
UBSAN_OPTIONS: print_stacktrace=1
Expand All @@ -68,6 +74,19 @@ jobs:
KERNELDIR=/lib/modules/$(ls /lib/modules)/build make -j4
make run-unit-tests

# On zig, build also sinsp-example and check the glibc linked versions
# to make sure we are actually using the correct glibc version.
- name: Test zig build glibc version
if: matrix.name == 'zig'
run: |
cd build
objdump -T libsinsp/test/unit-test-libsinsp | grep -Eo 'GLIBC_\S+' | sort -u -t "." -k1,1n -k2,2n -k3,3n
linked_glibc=$(objdump -T libsinsp/test/unit-test-libsinsp | grep -Eo 'GLIBC_\S+' | sort -u -t "." -k1,1n -k2,2n -k3,3n | tail -n1 | tr -d ')')
if [ "$linked_glibc" != "GLIBC_2.17" ]; then
echo "Expected glibc 2.17; found $linked_glibc"
exit 1
fi

build-libs-linux-amd64-static:
name: build-libs-linux-amd64-static 🎃
runs-on: ubuntu-latest
Expand All @@ -79,7 +98,7 @@ jobs:
apk add g++ gcc cmake make git bash perl linux-headers autoconf automake m4 libtool elfutils-dev libelf-static patch binutils bpftool clang

- name: Checkout Libs ⤵️
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

Expand All @@ -98,7 +117,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

Expand Down Expand Up @@ -148,7 +167,7 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

Expand All @@ -163,7 +182,7 @@ jobs:
runs-on: macos-latest
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

Expand Down Expand Up @@ -200,7 +219,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

Expand Down Expand Up @@ -280,15 +299,15 @@ jobs:
sudo update-alternatives --install /usr/bin/llc llc /usr/bin/llc-14 90

- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

- name: Fix kernel mmap rnd bits
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
# high-entropy ASLR in much newer kernels that GitHub runners are
# using leading to random crashes: https://reviews.llvm.org/D148280
run: sudo sysctl vm.mmap_rnd_bits=28
run: sudo sysctl vm.mmap_rnd_bits=28

- name: Install deps ⛓️
run: |
Expand Down Expand Up @@ -316,7 +335,7 @@ jobs:
sudo -E ../test/e2e/scripts/run_tests.sh

- name: Archive test reports
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: failure()
with:
name: ${{ matrix.name }}_report
Expand All @@ -333,7 +352,7 @@ jobs:
sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 llvm-14 git pkg-config autoconf automake libtool libelf-dev libcap-dev linux-headers-$(uname -r) emscripten

- name: Checkout Libs ⤵️
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0

Expand Down
22 changes: 17 additions & 5 deletions .github/workflows/create-comment-kernel-testing.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,14 @@ jobs:
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
var matchArtifacts = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "pr-kernel-testing"
})[0];
});
if (!Array.isArray(matchArtifacts) || !matchArtifacts.length) {
var process = require('process');
process.exit();
}
var matchArtifact = matchArtifacts[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
Expand All @@ -36,7 +41,10 @@ jobs:
fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data));

- name: 'Unpack artifact'
run: unzip pr.zip
run: |
if [ -f pr.zip ]; then
unzip pr.zip
fi

- name: 'Comment on PR'
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
Expand All @@ -45,16 +53,20 @@ jobs:
# Taken from https://github.com/actions/github-script/blob/main/.github/workflows/pull-request-test.yml
script: |
var fs = require('fs');
if (!fs.existsSync('./NR')) {
var process = require('process');
process.exit();
}
var issue_number = Number(fs.readFileSync('./NR'));
var comment_body = fs.readFileSync('./COMMENT');

// Get the existing comments.
const {data: comments} = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: issue_number,
});

// Find any comment already made by the bot.
const botComment = comments.find(comment => comment.user.id === 41898282 && comment.body.includes('# X64 kernel testing matrix'));

Expand Down
18 changes: 15 additions & 3 deletions .github/workflows/create-comment-perf.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,14 @@ jobs:
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
var matchArtifacts = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "pr-perf"
})[0];
});
if (!Array.isArray(matchArtifacts) || !matchArtifacts.length) {
var process = require('process');
process.exit();
}
var matchArtifact = matchArtifacts[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
Expand All @@ -36,7 +41,10 @@ jobs:
fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data));

- name: 'Unpack artifact'
run: unzip pr.zip
run: |
if [ -f pr.zip ]; then
unzip pr.zip
fi

- name: 'Comment on PR'
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
Expand All @@ -45,6 +53,10 @@ jobs:
# Taken from https://github.com/actions/github-script/blob/main/.github/workflows/pull-request-test.yml
script: |
var fs = require('fs');
if (!fs.existsSync('./NR')) {
var process = require('process');
process.exit();
}
var issue_number = Number(fs.readFileSync('./NR'));
var comment_body = fs.readFileSync('./COMMENT');

Expand Down
7 changes: 3 additions & 4 deletions .github/workflows/driver-api-version.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,15 @@ on:
- 'driver/ppm_events_public.h'
- 'driver/bpf/maps.h'
- 'driver/modern_bpf/maps/maps.h'


jobs:
paths-filter:
runs-on: ubuntu-latest
outputs:
driver_api_changed: ${{ steps.filter.outputs.driver_api }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
filters: |
Expand All @@ -36,7 +35,7 @@ jobs:
if: needs.paths-filter.outputs.driver_api_changed == 'false'
steps:
- name: Check driver API_VERSION
uses: mshick/add-pr-comment@7c0890544fb33b0bdd2e59467fbacb62e028a096 # v2.8.1
uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
with:
message: |
Please double check **driver/API_VERSION** file. See [versioning](https://github.com/falcosecurity/libs/blob/master/driver/README.VERSION.md#api-version-number).
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/driver-schema-version.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ jobs:
outputs:
driver_schema_changed: ${{ steps.filter.outputs.driver_schema }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
filters: |
Expand All @@ -34,14 +34,14 @@ jobs:
needs: paths-filter
if: needs.paths-filter.outputs.driver_schema_changed == 'false'
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Check driver SCHEMA_VERSION
uses: mshick/add-pr-comment@7c0890544fb33b0bdd2e59467fbacb62e028a096 # v2.8.1
uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
with:
message: |
Please double check **driver/SCHEMA_VERSION** file. See [versioning](https://github.com/falcosecurity/libs/blob/master/driver/README.VERSION.md#schema-version-number).

/hold

- name: Trigger failure
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/driverkit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
- name: Test drivers build on ${{ matrix.name }}
run: |
driverkit docker --kernelrelease ${{ matrix.kernelrelease }} --target ${{ matrix.target }} --output-module /tmp/libs.ko --output-probe /tmp/libs.o --driverversion $GITHUB_SHA --loglevel debug --kernelurls ${{ matrix.kernelurls }}

build-drivers-arm64:
strategy:
matrix:
Expand Down
Loading
Loading