diff --git a/.github/hosted-runner/amd64/main.tf b/.github/hosted-runner/amd64/main.tf deleted file mode 100644 index d12f1ee63..000000000 --- a/.github/hosted-runner/amd64/main.tf +++ /dev/null @@ -1,20 +0,0 @@ -resource "aws_instance" "orb-devops" { - ami = lookup(var.amis, var.aws_region) - instance_type = var.instance_type - security_groups = [aws_security_group.sg_SelfRunner_amd64.id] - key_name = var.key_name - user_data = file("user_data.sh") - associate_public_ip_address = true - subnet_id = "subnet-086909352c7cc4e61" - - ebs_block_device { - device_name = "/dev/sda1" - volume_size = 20 - } - - tags = { - Name = "orb-pktvisor-self-runner-${var.environment}" - Provider = "terraform" - Role = "test" - } -} diff --git a/.github/hosted-runner/amd64/output.tf b/.github/hosted-runner/amd64/output.tf deleted file mode 100644 index 2e0c4fdf7..000000000 --- a/.github/hosted-runner/amd64/output.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "ip" { - value = aws_instance.orb-devops.public_ip -} diff --git a/.github/hosted-runner/amd64/provider.tf b/.github/hosted-runner/amd64/provider.tf deleted file mode 100644 index b319d7938..000000000 --- a/.github/hosted-runner/amd64/provider.tf +++ /dev/null @@ -1,5 +0,0 @@ -provider "aws" { - access_key = var.aws_access_key - secret_key = var.aws_secret_key - region = var.aws_region -} \ No newline at end of file diff --git a/.github/hosted-runner/amd64/security-group.tf b/.github/hosted-runner/amd64/security-group.tf deleted file mode 100644 index 5415e5338..000000000 --- a/.github/hosted-runner/amd64/security-group.tf +++ /dev/null @@ -1,32 +0,0 @@ -resource "aws_security_group" "sg_SelfRunner_amd64" { - name = "sg_pktvisor_SelfRunner_amd64_${var.environment}" - description = "Allow all outbound traffic and inbound 22/80" - vpc_id = "vpc-0cd4a525c008d8d71" - - ingress { - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "SelfRunner_amd64_${var.environment}" - Provisioner = "terraform" - - } -} diff --git a/.github/hosted-runner/amd64/user_data.sh b/.github/hosted-runner/amd64/user_data.sh deleted file mode 100644 index ae7cf7786..000000000 --- a/.github/hosted-runner/amd64/user_data.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh - -#installing packages -apt-get update -y -apt-get install apt-transport-https qemu qemu-user-static ca-certificates gnupg2 curl tar software-properties-common build-essential zlib1g-dev \ -libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libsqlite3-dev libreadline-dev libffi-dev libbz2-dev python3 python3-pip python3-dev python xvfb \ -libfontconfig1 libfreetype6 xfonts-scalable fonts-liberation fonts-noto-cjk g++-10-arm-linux-gnueabihf g++-10-multilib-arm-linux-gnueabihf \ -gcc-10-arm-linux-gnueabihf gcc-10-arm-linux-gnueabihf-base gcc-10-multilib-arm-linux-gnueabihf python3-venv tcpreplay docker.io containerd cmake zip -y - -#set permission to use docker -usermod -aG docker ubuntu - -#creating directory git actions runner -mkdir actions-runner && cd actions-runner - -chown ubuntu.ubuntu /actions-runner -R - -#get git actions self-runner -/bin/su -c "cd /actions-runner && curl -o actions-runner-linux-x64-2.296.2.tar.gz -L https://github.com/actions/runner/releases/download/v2.296.2/actions-runner-linux-x64-2.296.2.tar.gz" - ubuntu >> /home/ubuntu/user-data.log - -#extract git actions runner installer -/bin/su -c "cd /actions-runner && tar xzf ./actions-runner-linux-x64-2.296.2.tar.gz" - ubuntu >> /home/ubuntu/user-data.log - -/bin/su -c "cd /actions-runner && ./config.sh --unattended --url https://github.com/orb-community/pktvisor --token RUNNER_TOKEN --name AMD64_RUNNER --labels RUNNER_LABEL --work _work --runasservice" - ubuntu >> /home/ubuntu/user-data.log - -/bin/su -c "cd /actions-runner && ./run.sh" - ubuntu >> /home/ubuntu/user-data.log diff --git a/.github/hosted-runner/amd64/vars.tf b/.github/hosted-runner/amd64/vars.tf deleted file mode 100644 index d338f3004..000000000 --- a/.github/hosted-runner/amd64/vars.tf +++ /dev/null @@ -1,29 +0,0 @@ -variable "aws_access_key" { - default = "AWSID" -} -variable "aws_secret_key" { - default = "AWSSECRET" -} - -variable "environment" { - default = "ENVIRONMENT" -} - -variable "aws_region" { - default = "us-east-1" -} - -variable "amis" { - type = map - default = { - us-east-1 = "ami-0c4f7023847b90238" //ubuntu 20.04 amd64 us-east-1 - } -} - -variable "key_name" { - default = "devops-key" -} - -variable "instance_type" { - default = "t3.xlarge" -} diff --git a/.github/hosted-runner/arm32/main.tf b/.github/hosted-runner/arm32/main.tf deleted file mode 100644 index 62150472d..000000000 --- a/.github/hosted-runner/arm32/main.tf +++ /dev/null @@ -1,20 +0,0 @@ -resource "aws_instance" "orb-devops" { - ami = lookup(var.amis, var.aws_region) - instance_type = var.instance_type - security_groups = [aws_security_group.sg_SelfRunner_arm32.id] - key_name = var.key_name - user_data = file("user_data.sh") - associate_public_ip_address = true - subnet_id = "subnet-0e4137bca8a8a81da" - - ebs_block_device { - device_name = "/dev/sda1" - volume_size = 20 - } - - tags = { - Name = "orb-pktvisor-self-runner-${var.environment}" - Provider = "terraform" - Role = "test" - } -} diff --git a/.github/hosted-runner/arm32/output.tf b/.github/hosted-runner/arm32/output.tf deleted file mode 100644 index 2e0c4fdf7..000000000 --- a/.github/hosted-runner/arm32/output.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "ip" { - value = aws_instance.orb-devops.public_ip -} diff --git a/.github/hosted-runner/arm32/provider.tf b/.github/hosted-runner/arm32/provider.tf deleted file mode 100644 index b319d7938..000000000 --- a/.github/hosted-runner/arm32/provider.tf +++ /dev/null @@ -1,5 +0,0 @@ -provider "aws" { - access_key = var.aws_access_key - secret_key = var.aws_secret_key - region = var.aws_region -} \ No newline at end of file diff --git a/.github/hosted-runner/arm32/security-group.tf b/.github/hosted-runner/arm32/security-group.tf deleted file mode 100644 index e9c153cb3..000000000 --- a/.github/hosted-runner/arm32/security-group.tf +++ /dev/null @@ -1,32 +0,0 @@ -resource "aws_security_group" "sg_SelfRunner_arm32" { - name = "sg_pktvisor_SelfRunner_arm32_${var.environment}" - description = "Allow all outbound traffic and inbound 22/80" - vpc_id = "vpc-0cd4a525c008d8d71" - - ingress { - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "SelfRunner_arm32_${var.environment}" - Provisioner = "terraform" - - } -} diff --git a/.github/hosted-runner/arm32/user_data.sh b/.github/hosted-runner/arm32/user_data.sh deleted file mode 100644 index ae7cf7786..000000000 --- a/.github/hosted-runner/arm32/user_data.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh - -#installing packages -apt-get update -y -apt-get install apt-transport-https qemu qemu-user-static ca-certificates gnupg2 curl tar software-properties-common build-essential zlib1g-dev \ -libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libsqlite3-dev libreadline-dev libffi-dev libbz2-dev python3 python3-pip python3-dev python xvfb \ -libfontconfig1 libfreetype6 xfonts-scalable fonts-liberation fonts-noto-cjk g++-10-arm-linux-gnueabihf g++-10-multilib-arm-linux-gnueabihf \ -gcc-10-arm-linux-gnueabihf gcc-10-arm-linux-gnueabihf-base gcc-10-multilib-arm-linux-gnueabihf python3-venv tcpreplay docker.io containerd cmake zip -y - -#set permission to use docker -usermod -aG docker ubuntu - -#creating directory git actions runner -mkdir actions-runner && cd actions-runner - -chown ubuntu.ubuntu /actions-runner -R - -#get git actions self-runner -/bin/su -c "cd /actions-runner && curl -o actions-runner-linux-x64-2.296.2.tar.gz -L https://github.com/actions/runner/releases/download/v2.296.2/actions-runner-linux-x64-2.296.2.tar.gz" - ubuntu >> /home/ubuntu/user-data.log - -#extract git actions runner installer -/bin/su -c "cd /actions-runner && tar xzf ./actions-runner-linux-x64-2.296.2.tar.gz" - ubuntu >> /home/ubuntu/user-data.log - -/bin/su -c "cd /actions-runner && ./config.sh --unattended --url https://github.com/orb-community/pktvisor --token RUNNER_TOKEN --name AMD64_RUNNER --labels RUNNER_LABEL --work _work --runasservice" - ubuntu >> /home/ubuntu/user-data.log - -/bin/su -c "cd /actions-runner && ./run.sh" - ubuntu >> /home/ubuntu/user-data.log diff --git a/.github/hosted-runner/arm32/vars.tf b/.github/hosted-runner/arm32/vars.tf deleted file mode 100644 index 2a2855af0..000000000 --- a/.github/hosted-runner/arm32/vars.tf +++ /dev/null @@ -1,29 +0,0 @@ -variable "aws_access_key" { - default = "AWSID" -} -variable "aws_secret_key" { - default = "AWSSECRET" -} - -variable "environment" { - default = "ENVIRONMENT" -} - -variable "aws_region" { - default = "us-east-1" -} - -variable "amis" { - type = map - default = { - us-east-1 = "ami-070650c005cce4203" //ubuntu 20.04 arm64 on us-east-1 - } -} - -variable "key_name" { - default = "devops-key" -} - -variable "instance_type" { - default = "t3.xlarge" -} diff --git a/.github/hosted-runner/arm64/main.tf b/.github/hosted-runner/arm64/main.tf deleted file mode 100644 index 376177b65..000000000 --- a/.github/hosted-runner/arm64/main.tf +++ /dev/null @@ -1,20 +0,0 @@ -resource "aws_instance" "orb-devops" { - ami = lookup(var.amis, var.aws_region) - instance_type = var.instance_type - security_groups = [aws_security_group.sg_SelfRunner_arm64.id] - key_name = var.key_name - user_data = file("user_data.sh") - associate_public_ip_address = true - subnet_id = "subnet-0e4137bca8a8a81da" - - ebs_block_device { - device_name = "/dev/sda1" - volume_size = 20 - } - - tags = { - Name = "orb-pktvisor-self-runner-${var.environment}" - Provider = "terraform" - Role = "test" - } -} diff --git a/.github/hosted-runner/arm64/output.tf b/.github/hosted-runner/arm64/output.tf deleted file mode 100644 index 2e0c4fdf7..000000000 --- a/.github/hosted-runner/arm64/output.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "ip" { - value = aws_instance.orb-devops.public_ip -} diff --git a/.github/hosted-runner/arm64/provider.tf b/.github/hosted-runner/arm64/provider.tf deleted file mode 100644 index b319d7938..000000000 --- a/.github/hosted-runner/arm64/provider.tf +++ /dev/null @@ -1,5 +0,0 @@ -provider "aws" { - access_key = var.aws_access_key - secret_key = var.aws_secret_key - region = var.aws_region -} \ No newline at end of file diff --git a/.github/hosted-runner/arm64/security-group.tf b/.github/hosted-runner/arm64/security-group.tf deleted file mode 100644 index e7a14792d..000000000 --- a/.github/hosted-runner/arm64/security-group.tf +++ /dev/null @@ -1,32 +0,0 @@ -resource "aws_security_group" "sg_SelfRunner_arm64" { - name = "sg_pktvisor_SelfRunner_arm64_${var.environment}" - description = "Allow all outbound traffic and inbound 22/80" - vpc_id = "vpc-0cd4a525c008d8d71" - - ingress { - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - ingress { - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "SelfRunner_arm64_${var.environment}" - Provisioner = "terraform" - - } -} diff --git a/.github/hosted-runner/arm64/user_data.sh b/.github/hosted-runner/arm64/user_data.sh deleted file mode 100644 index a2ab366a7..000000000 --- a/.github/hosted-runner/arm64/user_data.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh - -#installing packages -apt-get update -y -apt-get install apt-transport-https qemu qemu-user-static ca-certificates gnupg2 curl tar software-properties-common build-essential zlib1g-dev \ -libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libsqlite3-dev libreadline-dev libffi-dev libbz2-dev python3 python3-pip python3-dev python2 xvfb \ -libfontconfig1 libfreetype6 xfonts-scalable fonts-liberation fonts-noto-cjk g++-10-arm-linux-gnueabihf cmake \ -gcc-10-arm-linux-gnueabihf gcc-10-arm-linux-gnueabihf-base python3-venv tcpreplay docker.io containerd zip -y - -#set permission to use docker -usermod -aG docker ubuntu - -#creating directory git actions runner -mkdir actions-runner && cd actions-runner - -chown ubuntu.ubuntu /actions-runner -R - -#get git actions self-runner -/bin/su -c "cd /actions-runner && curl -o actions-runner-linux-arm64-2.294.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.294.0/actions-runner-linux-arm64-2.294.0.tar.gz" - ubuntu >> /home/ubuntu/user-data.log - -#extract git actions runner installer -/bin/su -c "cd /actions-runner && tar xzf ./actions-runner-linux-arm64-2.294.0.tar.gz" - ubuntu >> /home/ubuntu/user-data.log - -/bin/su -c "cd /actions-runner && ./config.sh --unattended --url https://github.com/orb-community/pktvisor --token RUNNER_TOKEN --name ARM64_RUNNER --labels RUNNER_LABEL --work _work --runasservice" - ubuntu >> /home/ubuntu/user-data.log - -/bin/su -c "cd /actions-runner && ./run.sh" - ubuntu >> /home/ubuntu/user-data.log diff --git a/.github/hosted-runner/arm64/vars.tf b/.github/hosted-runner/arm64/vars.tf deleted file mode 100644 index 6430a67ba..000000000 --- a/.github/hosted-runner/arm64/vars.tf +++ /dev/null @@ -1,29 +0,0 @@ -variable "aws_access_key" { - default = "AWSID" -} -variable "aws_secret_key" { - default = "AWSSECRET" -} - -variable "environment" { - default = "ENVIRONMENT" -} - -variable "aws_region" { - default = "us-east-1" -} - -variable "amis" { - type = map - default = { - us-east-1 = "ami-070650c005cce4203" //ubuntu 22.04 arm64 on us-east-1 - } -} - -variable "key_name" { - default = "devops-key" -} - -variable "instance_type" { - default = "a1.xlarge" -} diff --git a/.github/workflows/build-develop.yml b/.github/workflows/build-develop.yml index dbcab7980..8b6aaf3c2 100644 --- a/.github/workflows/build-develop.yml +++ b/.github/workflows/build-develop.yml @@ -40,7 +40,7 @@ jobs: - name: Get Conan id: conan - uses: turtlebrowser/get-conan@main + uses: turtlebrowser/get-conan@c171f295f3f507360ee018736a6608731aa2109d #v1.2 - name: Setup OSX Environment run: echo "SDKROOT=$(xcrun --sdk macosx --show-sdk-path)" >> $GITHUB_ENV @@ -94,10 +94,8 @@ jobs: run: cmake -E make_directory ${{github.workspace}}/build - name: Get Conan - # You may pin to the exact commit or the version. - # uses: turtlebrowser/get-conan@4dc7e6dd45c8b1e02e909979d7cfc5ebba6ddbe2 id: conan - uses: turtlebrowser/get-conan@main + uses: turtlebrowser/get-conan@c171f295f3f507360ee018736a6608731aa2109d #v1.2 - name: linux package install run: | @@ -139,7 +137,7 @@ jobs: shell: bash # Execute tests defined by the CMake configuration. # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ctest -C $BUILD_TYPE + run: sudo ctest -C $BUILD_TYPE build-win64: # The CMake configure and build commands are platform agnostic and should work equally @@ -159,10 +157,8 @@ jobs: run: cmake -E make_directory ${{github.workspace}}\build - name: Get Conan - # You may pin to the exact commit or the version. - # uses: turtlebrowser/get-conan@4dc7e6dd45c8b1e02e909979d7cfc5ebba6ddbe2 id: conan - uses: turtlebrowser/get-conan@main + uses: turtlebrowser/get-conan@c171f295f3f507360ee018736a6608731aa2109d #v1.2 - name: Setup Conan Cache uses: actions/cache@v4 @@ -320,14 +316,14 @@ jobs: run: echo ${{ env.REF_TAG }} - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: username: ${{ secrets.ORB_DOCKERHUB_USERNAME }} password: ${{ secrets.ORB_DOCKERHUB_TOKEN }} @@ -343,17 +339,17 @@ jobs: sed -i -e "s/CP_URL/$ESCAPED_REPLACE/g" docker/run.sh - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf #v3.2.0 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 #v3.8.0 - name: Build + push - pktvisor (multi-arch) env: IMAGE_NAME1: orbcommunity/pktvisor IMAGE_NAME2: ghcr.io/orb-community/pktvisor - uses: docker/build-push-action@v3 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 #v6.10.0 with: builder: ${{ steps.buildx.outputs.name }} context: . @@ -385,7 +381,7 @@ jobs: - name: Get Conan id: conan - uses: turtlebrowser/get-conan@main + uses: turtlebrowser/get-conan@c171f295f3f507360ee018736a6608731aa2109d #v1.2 - name: Configure CMake to generate VERSION shell: bash @@ -433,7 +429,7 @@ jobs: path: ${{github.workspace}}/${{ env.BINARY_NAME }} - name: Login to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: username: ${{ secrets.ORB_DOCKERHUB_USERNAME }} password: ${{ secrets.ORB_DOCKERHUB_TOKEN }} @@ -459,350 +455,10 @@ jobs: with: name: pktvisor-x86_64-${{ env.VERSION }}.AppImage path: ${{github.workspace}}/appimage/pktvisor-x86_64-${{ env.VERSION }}.AppImage - - build-orb-agent: - needs: [ package-amd64, unit-tests-mac ] - runs-on: ubuntu-latest - steps: - - name: Repository Dispatch - uses: peter-evans/repository-dispatch@v2 - with: - token: ${{ secrets.BOT_TOKEN }} - repository: orb-community/orb - event-type: build-agent - client-payload: '{"branch_name": "develop"}' - - spinup-amd64-runner: - needs: [ package-amd64, unit-tests-mac ] - runs-on: ubuntu-latest - outputs: - runner_token: ${{ steps.token.outputs.runner }} - # if: github.event_name != 'pull_request' - if: false # This job will never run - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Generate runner token - id: token - run: | - sleep 3 - curl -X POST -H "authorization: Bearer ${{ secrets.BOT_TOKEN }}" -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/orb-community/pktvisor/actions/runners/registration-token -o token.json - echo "::set-output name=runner::$(cat token.json | jq .token --raw-output )" - cat token.json - - - name: Get short commit hash to a variable - id: commit_hash - run: | - echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" - - - name: Inject runner token in user_data.sh - run: | - cd .github/hosted-runner/amd64/ - ESCAPED_REPLACE_RUNNER_TOKEN=$(printf '%s\n' "${{ steps.token.outputs.runner }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/RUNNER_TOKEN/$ESCAPED_REPLACE_RUNNER_TOKEN/g" user_data.sh - ESCAPED_REPLACE_RUNNER_NAME=$(printf '%s\n' "AMD64-${{ steps.commit_hash.outputs.sha_short }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/AMD64_RUNNER/$ESCAPED_REPLACE_RUNNER_NAME/g" user_data.sh - - - name: Inject AWS key - run: | - cd .github/hosted-runner/amd64/ - ESCAPED_REPLACE_KEY_ID=$(printf '%s\n' "${{ secrets.AWS_ACCESS_KEY_ID }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/AWSID/$ESCAPED_REPLACE_KEY_ID/g" vars.tf - ESCAPED_REPLACE_ACCESS_KEY=$(printf '%s\n' "${{ secrets.AWS_SECRET_ACCESS_KEY }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/AWSSECRET/$ESCAPED_REPLACE_ACCESS_KEY/g" vars.tf - ESCAPED_REPLACE_ENVIRONMENT=$(printf '%s\n' "${{ needs.package-amd64.outputs.branch_name }}-${{ steps.commit_hash.outputs.sha_short }}-tests" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/ENVIRONMENT/$ESCAPED_REPLACE_ENVIRONMENT/g" vars.tf - - - name: setup terraform - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.1.7 - terraform_wrapper: false - - - name: Terraform Init - run: | - cd .github/hosted-runner/amd64/ - terraform init -input=false - - - name: Terraform plan - run: | - cd .github/hosted-runner/amd64/ - terraform plan -out=tfplan - - - name: Terraform apply - run: | - cd .github/hosted-runner/amd64/ - terraform apply -auto-approve tfplan - - name: Terraform output - run: | - cd .github/hosted-runner/amd64/ - terraform output -raw ip > ip.txt - - - name: Persist IP to workspace - uses: actions/upload-artifact@v4 - with: - name: ip - path: | - .github/hosted-runner/amd64/ip.txt - retention-days: 1 - - - name: Persist to workspace - uses: actions/upload-artifact@v4 - with: - name: terraform - path: | - .github/hosted-runner/amd64/terraform.tfstate - retention-days: 1 - - integration-tests: - needs: [ spinup-amd64-runner, package-amd64 ] - runs-on: [self-hosted, linux, x64] - outputs: - commit_hash: ${{ steps.commit_hash.outputs.sha_short }} - # if this is a push into one of our main branches (rather than just a pull request), we will also package - if: github.event_name != 'pull_request' - steps: - - uses: AutoModality/action-clean@v1 - - uses: actions/checkout@v4 - - - name: Locking pktvisor integration test state - run: | - curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -u "${{ secrets.QA_AUTH_CREDENTIALS }}" -d "change=pktvisor-dev&state=active" https://qa.ops.orb.live/api.php - - - name: Debug version - run: | - echo ${{ env.VERSION }} - echo ${{ needs.package-amd64.outputs.version_number }} - - - name: Prepare test config - run: | - cd ./automated_tests/ - mv test_config.ini.tpl test_config.ini - - - name: commit hash - id: commit_hash - run: | - echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" - - - uses: actions/setup-python@v4 - with: - python-version: '3.8' - - - name: Test - continue-on-error: true - run: | - cd ./automated_tests/ - python3.8 -m venv behave_pktvisor - source behave_pktvisor/bin/activate - sudo pip3 install -r requirements.txt - sudo pip3 install -r requirements.txt - sudo behavex -t=@smoke --parallel-processes=20 --parallel-scheme=scenario - - - name: Copy VERSION file - run: | - sudo chmod 777 ./automated_tests/ -R - echo ${{ needs.package-amd64.outputs.version_number }} > ./automated_tests/output/VERSION - - - name: Persist to workspace - uses: actions/upload-artifact@v4 - with: - name: workspace - path: | - ./automated_tests/ - !./automated_tests/behave_pktvisor - retention-days: 1 - - - name: Unlocking pktvisor integration test state - run: | - curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -u "${{ secrets.QA_AUTH_CREDENTIALS }}" -d "change=pktvisor-dev&state=inactive" https://qa.ops.orb.live/api.php - - upload-qa-artifact: - needs: [ integration-tests ] - runs-on: ubuntu-latest - if: github.event_name != 'pull_request' - steps: - - name: Attach to workspace - uses: actions/download-artifact@v4 - with: - name: workspace - - - name: debug files - run: | - ls -lha - - - name: Upload pktvisor report to qa host - uses: appleboy/scp-action@master - with: - host: qa.ops.orb.live - username: root - key: ${{ secrets.RUNNER_SSH_KEY }} - port: 2022 - source: "./output/*" - target: "/usr/share/nginx/html/test_data/pktvisor/develop/${{ needs.integration-tests.outputs.commit_hash }}/pktvisor/python-test" - - remove-github-runner-amd64: - continue-on-error: true - needs: [ spinup-amd64-runner , upload-qa-artifact ] - runs-on: ubuntu-latest - if: github.event_name != 'pull_request' - steps: - - name: Attach to workspace - uses: actions/download-artifact@v4 - with: - name: ip - - - name: Get runner ip - id: address - run: | - ls -lha - echo "::set-output name=ip::$(cat ip.txt)" - - - name: Executing remote ssh commands on runner - uses: appleboy/ssh-action@master - with: - host: ${{ steps.address.outputs.ip }} - username: ubuntu - key: ${{ secrets.RUNNER_SSH_KEY }} - port: 22 - script: | - cd /actions-runner - sudo chmod 777 . -R - ./config.sh remove --token ${{ needs.spinup-amd64-runner.outputs.runner_token }} - - remove-amd64-runner: - needs: [ remove-github-runner-amd64 ] - runs-on: ubuntu-latest - if: github.event_name != 'pull_request' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Attach to workspace - uses: actions/download-artifact@v4 - with: - name: terraform - path: .github/hosted-runner/amd64/ - - - name: Inject AWS key - run: | - cd .github/hosted-runner/amd64/ - ESCAPED_REPLACE_KEY_ID=$(printf '%s\n' "${{ secrets.AWS_ACCESS_KEY_ID }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/AWSID/$ESCAPED_REPLACE_KEY_ID/g" vars.tf - ESCAPED_REPLACE_ACCESS_KEY=$(printf '%s\n' "${{ secrets.AWS_SECRET_ACCESS_KEY }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/AWSSECRET/$ESCAPED_REPLACE_ACCESS_KEY/g" vars.tf - - - name: setup terraform - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.1.7 - - - name: Terraform Init - run: | - cd .github/hosted-runner/amd64/ - terraform init -input=false - - - name: Terraform plan destroy - run: | - cd .github/hosted-runner/amd64/ - terraform plan -destroy - continue-on-error: true - - - name: Terraform destroy - run: | - cd .github/hosted-runner/amd64/ - terraform destroy -auto-approve - - spinup-arm64-runner: + package-arm64: needs: [ unit-tests-linux ] runs-on: ubuntu-latest - outputs: - runner_token: ${{ steps.token.outputs.runner }} - if: github.event_name != 'pull_request' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Get branch name - shell: bash - run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | tr / -)" >> $GITHUB_ENV - - - name: Generate runner token - id: token - run: | - curl -X POST -H "authorization: Bearer ${{ secrets.BOT_TOKEN }}" -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/orb-community/pktvisor/actions/runners/registration-token -o token.json - echo "::set-output name=runner::$(cat token.json | jq .token --raw-output )" - cat token.json - - - name: commit hash - id: commit_hash - run: | - echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" - - - name: Inject runner token in user_data.sh - run: | - cd .github/hosted-runner/arm64/ - ESCAPED_REPLACE_RUNNER_TOKEN=$(printf '%s\n' "${{ steps.token.outputs.runner }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/RUNNER_TOKEN/$ESCAPED_REPLACE_RUNNER_TOKEN/g" user_data.sh - ESCAPED_REPLACE_RUNNER_NAME=$(printf '%s\n' "ARM64-${{ steps.commit_hash.outputs.sha_short }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/ARM64_RUNNER/$ESCAPED_REPLACE_RUNNER_NAME/g" user_data.sh - - - name: Inject AWS key - run: | - cd .github/hosted-runner/arm64/ - ESCAPED_REPLACE_KEY_ID=$(printf '%s\n' "${{ secrets.AWS_ACCESS_KEY_ID }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/AWSID/$ESCAPED_REPLACE_KEY_ID/g" vars.tf - ESCAPED_REPLACE_ACCESS_KEY=$(printf '%s\n' "${{ secrets.AWS_SECRET_ACCESS_KEY }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/AWSSECRET/$ESCAPED_REPLACE_ACCESS_KEY/g" vars.tf - ESCAPED_REPLACE_ENVIRONMENT=$(printf '%s\n' "${{ env.BRANCH_NAME }}-${{ steps.commit_hash.outputs.sha_short }}-package" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/ENVIRONMENT/$ESCAPED_REPLACE_ENVIRONMENT/g" vars.tf - - - name: setup terraform - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.1.7 - terraform_wrapper: false - - - name: Terraform Init - run: | - cd .github/hosted-runner/arm64/ - terraform init -input=false - - - name: Terraform plan - run: | - cd .github/hosted-runner/arm64/ - terraform plan -out=tfplan - - - name: Terraform apply - run: | - cd .github/hosted-runner/arm64/ - terraform apply -auto-approve tfplan - - - name: Terraform output - run: | - cd .github/hosted-runner/arm64/ - terraform output -raw ip > ip.txt - - - name: Persist IP to workspace - uses: actions/upload-artifact@v4 - with: - name: ip-arm - path: | - .github/hosted-runner/arm64/ip.txt - retention-days: 1 - - - name: Persist to workspace - uses: actions/upload-artifact@v4 - with: - name: terraform2 - path: | - .github/hosted-runner/arm64/terraform.tfstate - retention-days: 1 - - package-arm64: - needs: [ unit-tests-linux, spinup-arm64-runner ] - runs-on: [self-hosted, linux, ARM64] if: github.event_name != 'pull_request' steps: - name: cleanup #https://github.com/actions/checkout/issues/211 @@ -851,18 +507,18 @@ jobs: echo "DRAFT=true" >> $GITHUB_ENV - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf #v3.2.0 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 #v3.8.0 - name: Replace token run: | @@ -878,7 +534,7 @@ jobs: id: docker_build env: IMAGE_NAME: ghcr.io/orb-community/pktvisor - uses: docker/build-push-action@v3 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 #v6.10.0 with: builder: ${{ steps.buildx.outputs.name }} context: . @@ -893,87 +549,15 @@ jobs: run: | docker load --input /tmp/arm64.tar docker image ls -a - docker push ${{ env.IMAGE_NAME }}:arm64-${{needs.unit-tests-linux.outputs.commit_hash}} - - remove-github-runner-arm64: - continue-on-error: true - needs: [ spinup-arm64-runner, package-arm64 ] - runs-on: ubuntu-latest - if: github.event_name != 'pull_request' - steps: - - name: Attach to workspace - uses: actions/download-artifact@v4 - with: - name: ip-arm - - - name: Get runner ip - id: address - run: | - ls -lha - echo "::set-output name=ip::$(cat ip.txt)" - - - name: Executing remote ssh commands on runner - uses: appleboy/ssh-action@master - with: - host: ${{ steps.address.outputs.ip }} - username: ubuntu - key: ${{ secrets.RUNNER_SSH_KEY }} - port: 22 - script: | - cd /actions-runner - sudo chmod 777 . -R - ./config.sh remove --token ${{ needs.spinup-arm64-runner.outputs.runner_token }} + docker push ${{ env.IMAGE_NAME }}:arm64-${{needs.unit-tests-linux.outputs.commit_hash}} - remove-arm64-runner: - needs: [ remove-github-runner-arm64 ] - runs-on: ubuntu-latest - if: github.event_name != 'pull_request' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Attach to workspace - uses: actions/download-artifact@v4 - with: - name: terraform2 - path: .github/hosted-runner/arm64/ - - - name: Inject AWS key - run: | - cd .github/hosted-runner/arm64/ - ESCAPED_REPLACE_KEY_ID=$(printf '%s\n' "${{ secrets.AWS_ACCESS_KEY_ID }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/AWSID/$ESCAPED_REPLACE_KEY_ID/g" vars.tf - ESCAPED_REPLACE_ACCESS_KEY=$(printf '%s\n' "${{ secrets.AWS_SECRET_ACCESS_KEY }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/AWSSECRET/$ESCAPED_REPLACE_ACCESS_KEY/g" vars.tf - - - name: setup terraform - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.1.7 - - - name: Terraform Init - run: | - cd .github/hosted-runner/arm64/ - terraform init -input=false - - - name: Terraform plan destroy - run: | - cd .github/hosted-runner/arm64/ - terraform plan -destroy - continue-on-error: true - - - name: Terraform destroy - run: | - cd .github/hosted-runner/arm64/ - terraform destroy -auto-approve - pushing-manifests: - needs: [ unit-tests-linux, remove-github-runner-arm64 ] + needs: [ unit-tests-linux, package-amd64, package-arm64 ] runs-on: ubuntu-latest if: github.event_name != 'pull_request' steps: - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -1019,7 +603,7 @@ jobs: - name: Delete arm64 images from ghcr.io - uses: bots-house/ghcr-delete-image-action@v1.0.0 + uses: bots-house/ghcr-delete-image-action@3827559c68cb4dcdf54d813ea9853be6d468d3a4 #v1.1.0 with: owner: orb-community name: pktvisor @@ -1027,7 +611,7 @@ jobs: tag: arm64-${{needs.unit-tests-linux.outputs.commit_hash}} - name: Delete amd64 images from ghcr.io - uses: bots-house/ghcr-delete-image-action@v1.0.0 + uses: bots-house/ghcr-delete-image-action@3827559c68cb4dcdf54d813ea9853be6d468d3a4 #v1.1.0 with: owner: orb-community name: pktvisor @@ -1035,7 +619,7 @@ jobs: tag: amd64-${{needs.unit-tests-linux.outputs.commit_hash}} - name: Delete latest-develop images from ghcr.io - uses: bots-house/ghcr-delete-image-action@v1.0.0 + uses: bots-house/ghcr-delete-image-action@3827559c68cb4dcdf54d813ea9853be6d468d3a4 #v1.1.0 with: owner: orb-community name: pktvisor diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml index ba50a7854..3e41770f8 100644 --- a/.github/workflows/build-release.yml +++ b/.github/workflows/build-release.yml @@ -30,7 +30,7 @@ jobs: - name: Get Conan id: conan - uses: turtlebrowser/get-conan@main + uses: turtlebrowser/get-conan@c171f295f3f507360ee018736a6608731aa2109d #v1.2 - name: Setup Conan Cache uses: actions/cache@v4 @@ -58,7 +58,7 @@ jobs: - name: Test working-directory: ${{github.workspace}}/build shell: bash - run: ctest -C $BUILD_TYPE + run: sudo ctest -C $BUILD_TYPE prebuild-package: needs: [ unit-tests ] @@ -80,7 +80,7 @@ jobs: - name: Get Conan id: conan - uses: turtlebrowser/get-conan@main + uses: turtlebrowser/get-conan@c171f295f3f507360ee018736a6608731aa2109d #v1.2 - name: Configure CMake to generate VERSION shell: bash @@ -128,7 +128,7 @@ jobs: - name: Get Conan id: conan - uses: turtlebrowser/get-conan@main + uses: turtlebrowser/get-conan@c171f295f3f507360ee018736a6608731aa2109d #v1.2 - name: Configure CMake to generate VERSION shell: bash @@ -163,93 +163,6 @@ jobs: body_path: ${{github.workspace}}/changelog.md draft: false prerelease: false - - spinup-arm64-runner: - needs: [ prebuild-package ] - runs-on: ubuntu-latest - outputs: - runner_token: ${{ steps.token.outputs.runner }} - runner_label: ${{ env.RUNNER_LABEL }} - # if: github.event_name != 'pull_request' - if: false # This job will never run - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Generate runner token - id: token - run: | - curl -X POST -H "authorization: Bearer ${{ secrets.BOT_TOKEN }}" -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/orb-community/pktvisor/actions/runners/registration-token -o token.json - echo "::set-output name=runner::$(cat token.json | jq .token --raw-output )" - cat token.json - - - name: Get short commit hash to a variable - id: commit_hash - run: | - echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" - - - name: Inject runner token in user_data.sh - run: | - cd .github/hosted-runner/arm64/ - ESCAPED_REPLACE_RUNNER_TOKEN=$(printf '%s\n' "${{ steps.token.outputs.runner }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/RUNNER_TOKEN/$ESCAPED_REPLACE_RUNNER_TOKEN/g" user_data.sh - ESCAPED_REPLACE_RUNNER_NAME=$(printf '%s\n' "${{ steps.commit_hash.outputs.sha_short }}-arm64" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/ARM64_RUNNER/$ESCAPED_REPLACE_RUNNER_NAME/g" user_data.sh - ESCAPED_REPLACE_RUNNER_LABEL=$(printf '%s\n' "${{ steps.commit_hash.outputs.sha_short }}-arm64" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/RUNNER_LABEL/$ESCAPED_REPLACE_RUNNER_LABEL/g" user_data.sh - echo "RUNNER_LABEL=${{ steps.commit_hash.outputs.sha_short }}-arm64" >> $GITHUB_ENV - - - name: Inject AWS key - run: | - cd .github/hosted-runner/arm64/ - ESCAPED_REPLACE_KEY_ID=$(printf '%s\n' "${{ secrets.AWS_ACCESS_KEY_ID }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/AWSID/$ESCAPED_REPLACE_KEY_ID/g" vars.tf - ESCAPED_REPLACE_ACCESS_KEY=$(printf '%s\n' "${{ secrets.AWS_SECRET_ACCESS_KEY }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/AWSSECRET/$ESCAPED_REPLACE_ACCESS_KEY/g" vars.tf - ESCAPED_REPLACE_ENVIRONMENT=$(printf '%s\n' "${{ needs.prebuild-package.outputs.branch_name }}-${{ steps.commit_hash.outputs.sha_short }}-release" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/ENVIRONMENT/$ESCAPED_REPLACE_ENVIRONMENT/g" vars.tf - - - name: setup terraform - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.1.7 - terraform_wrapper: false - - - name: Terraform Init - run: | - cd .github/hosted-runner/arm64/ - terraform init -input=false - - - name: Terraform plan - run: | - cd .github/hosted-runner/arm64/ - terraform plan -out=tfplan - - - name: Terraform apply - run: | - cd .github/hosted-runner/arm64/ - terraform apply -auto-approve tfplan - - - name: Terraform output - run: | - cd .github/hosted-runner/arm64/ - terraform output -raw ip > ip.txt - - - name: Persist IP to workspace - uses: actions/upload-artifact@v4 - with: - name: ip-arm - path: | - .github/hosted-runner/arm64/ip.txt - retention-days: 1 - - - name: Persist to workspace - uses: actions/upload-artifact@v4 - with: - name: terraform - path: | - .github/hosted-runner/arm64/terraform.tfstate - retention-days: 1 build-win64: # The CMake configure and build commands are platform agnostic and should work equally @@ -269,10 +182,8 @@ jobs: run: cmake -E make_directory ${{github.workspace}}\build - name: Get Conan - # You may pin to the exact commit or the version. - # uses: turtlebrowser/get-conan@4dc7e6dd45c8b1e02e909979d7cfc5ebba6ddbe2 id: conan - uses: turtlebrowser/get-conan@main + uses: turtlebrowser/get-conan@c171f295f3f507360ee018736a6608731aa2109d #v1.2 - name: Setup Conan Cache uses: actions/cache@v4 @@ -377,8 +288,8 @@ jobs: ./docker/upload-gh-asset.sh github_api_token=${{ secrets.BOT_TOKEN }} owner=orb-community repo=pktvisor tag=LATEST filename=./pktvisor-win64.zip package-arm64: - needs: [ spinup-arm64-runner ] - runs-on: ${{ needs.spinup-arm64-runner.outputs.runner_label }} + needs: [ prebuild-package ] + runs-on: ubuntu-latest if: github.event_name != 'pull_request' steps: - name: Attach to workspace @@ -451,18 +362,18 @@ jobs: run: echo ${{ env.REF_TAG }} - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf #v3.2.0 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 #v3.8.0 - name: Replace token run: | @@ -478,7 +389,7 @@ jobs: id: docker_build env: IMAGE_NAME: ghcr.io/orb-community/pktvisor - uses: docker/build-push-action@v3 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 #v6.10.0 with: builder: ${{ steps.buildx.outputs.name }} context: . @@ -572,7 +483,7 @@ jobs: run: echo ${{ env.REF_TAG }} - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -580,10 +491,10 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 #v3.8.0 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf #v3.2.0 - name: Replace token run: | @@ -598,7 +509,7 @@ jobs: - name: Build + push - pktvisor (multi-arch) env: IMAGE_NAME: ghcr.io/orb-community/pktvisor - uses: docker/build-push-action@v3 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 #v6.10.0 with: builder: ${{ steps.buildx.outputs.name }} context: . @@ -615,85 +526,6 @@ jobs: docker image ls -a docker push ${{ env.IMAGE_NAME }}:release-amd64 - remove-github-runner-arm64: - continue-on-error: true - needs: [ package-arm64 ] - runs-on: ubuntu-latest - if: github.event_name != 'pull_request' - steps: - - name: Attach to workspace - uses: actions/download-artifact@v4 - with: - name: ip-arm - - - name: Get runner ip - id: address - run: | - ls -lha - echo "::set-output name=ip::$(cat ip.txt)" - - - name: Generate remove runner token - id: remove-token-arm64 - run: | - curl -X POST -H "authorization: Bearer ${{ secrets.BOT_TOKEN }}" -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/orb-community/pktvisor/actions/runners/remove-token -o token.json - echo "::set-output name=remove-runner::$(cat token.json | jq .token --raw-output )" - cat token.json - echo "TOKEN_RUNNER_ARM64=$(cat token.json | jq .token --raw-output )" >> $GITHUB_ENV - - - name: Executing remote ssh commands on runner - uses: appleboy/ssh-action@master - with: - host: ${{ steps.address.outputs.ip }} - username: ubuntu - key: ${{ secrets.RUNNER_SSH_KEY }} - port: 22 - script: | - cd /actions-runner - sudo chmod 777 . -R - ./config.sh remove --token ${{ env.TOKEN_RUNNER_ARM64 }} - - remove-arm64-runner: - needs: [ remove-github-runner-arm64 ] - runs-on: ubuntu-latest - if: github.event_name != 'pull_request' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Attach to workspace - uses: actions/download-artifact@v4 - with: - name: terraform - path: .github/hosted-runner/arm64/ - - - name: Inject AWS key - run: | - cd .github/hosted-runner/arm64/ - ESCAPED_REPLACE_KEY_ID=$(printf '%s\n' "${{ secrets.AWS_ACCESS_KEY_ID }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/AWSID/$ESCAPED_REPLACE_KEY_ID/g" vars.tf - ESCAPED_REPLACE_ACCESS_KEY=$(printf '%s\n' "${{ secrets.AWS_SECRET_ACCESS_KEY }}" | sed -e 's/[\/&]/\\&/g') - sed -i -e "s/AWSSECRET/$ESCAPED_REPLACE_ACCESS_KEY/g" vars.tf - - - name: setup terraform - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.1.7 - - - name: Terraform Init - run: | - cd .github/hosted-runner/arm64/ - terraform init -input=false - - - name: Terraform plan destroy - run: | - cd .github/hosted-runner/arm64/ - terraform plan -destroy - continue-on-error: true - - - name: Terraform destroy - run: | - cd .github/hosted-runner/arm64/ - terraform destroy -auto-approve pushing-manifests: needs: [ package-amd64 , package-arm64 ] @@ -701,7 +533,7 @@ jobs: if: github.event_name != 'pull_request' steps: - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: registry: ghcr.io username: ${{ github.repository_owner }} diff --git a/.github/workflows/build_cross.yml b/.github/workflows/build_cross.yml index ee3dbe38f..55636b1bb 100644 --- a/.github/workflows/build_cross.yml +++ b/.github/workflows/build_cross.yml @@ -36,8 +36,9 @@ jobs: cc: aarch64-linux-musl-gcc cxx: aarch64-linux-musl-g++ env: - CC: gcc-10 - CXX: g++-10 + CC: gcc + CXX: g++ + steps: - name: Install sccache from cache id: cache-sccache diff --git a/.github/workflows/build_debug.yml b/.github/workflows/build_debug.yml index f334816c4..d7367d380 100644 --- a/.github/workflows/build_debug.yml +++ b/.github/workflows/build_debug.yml @@ -28,10 +28,8 @@ jobs: run: cmake -E make_directory ${{github.workspace}}/build - name: Get Conan - # You may pin to the exact commit or the version. - # uses: turtlebrowser/get-conan@4dc7e6dd45c8b1e02e909979d7cfc5ebba6ddbe2 id: conan - uses: turtlebrowser/get-conan@main + uses: turtlebrowser/get-conan@c171f295f3f507360ee018736a6608731aa2109d #v1.2 - name: Setup Conan Cache uses: actions/cache@v4 @@ -72,12 +70,12 @@ jobs: shell: bash # Execute tests defined by the CMake configuration. # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail - run: ctest + run: sudo ctest - name: Build Coverage working-directory: ${{github.workspace}}/build shell: bash - run: cmake --build . --target coverage -- -j 2 + run: sudo cmake --build . --target coverage -- -j 2 - name: Codecov uses: codecov/codecov-action@v3 @@ -181,7 +179,7 @@ jobs: sed -i -e "s/CP_URL/$ESCAPED_REPLACE/g" docker/run.sh - name: Login to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/clean-runners.yml b/.github/workflows/clean-runners.yml deleted file mode 100644 index 0fff3a5c4..000000000 --- a/.github/workflows/clean-runners.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: 'nightly orphaned runners cleanup' - -on: - workflow_dispatch: - - schedule: - - cron: '0 1 * * *' # every night at 1 am UTC - -jobs: - remove-runners: - runs-on: ubuntu-latest - steps: - - name: removing orphaned self-runners - env: - GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }} - run: | - gh api -H "Accept: application/vnd.github.v3+json" /repos/orb-community/pktvisor/actions/runners -q '.runners[] | {id,status,busy} | select((.busy == false) and (.status == "offline")) | {id} | .[]' --paginate | xargs -I {} gh api --method DELETE -H "Accept: application/vnd.github.v3+json" /repos/orb-community/pktvisor/actions/runners/{} - -# - name: Clear cache -# uses: actions/github-script@v6 -# with: -# script: | -# console.log("About to clear") -# const caches = await github.rest.actions.getActionsCacheList({ -# owner: context.repo.owner, -# repo: context.repo.repo, -# }) -# for (const cache of caches.data.actions_caches) { -# console.log(cache) -# github.rest.actions.deleteActionsCacheById({ -# owner: context.repo.owner, -# repo: context.repo.repo, -# cache_id: cache.id, -# }) -# } -# console.log("Clear completed") diff --git a/.github/workflows/code-ql.yml b/.github/workflows/code-ql.yml index 684d63a3f..951dd63b5 100644 --- a/.github/workflows/code-ql.yml +++ b/.github/workflows/code-ql.yml @@ -23,8 +23,8 @@ jobs: # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support env: - CC: gcc-10 - CXX: g++-10 + CC: gcc + CXX: g++ CONAN_USER_HOME: "${{github.workspace}}" steps: @@ -39,7 +39,6 @@ jobs: sudo rm -rf /usr/local/lib/android sudo rm -rf /opt/ghc sudo apt clean - docker rmi $(docker image ls -aq) df -h # Initializes the CodeQL tools for scanning. @@ -103,9 +102,33 @@ jobs: # configure and handle dependencies cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_PROJECT_TOP_LEVEL_INCLUDES=./cmake/conan_provider.cmake .. # build and run tests - make all test + sudo make all test #remove conan files rm -rf conan_home/ - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 + with: + category: "/language:cpp" + output: sarif-results + upload: failure-only + + - name: filter-sarif + uses: advanced-security/filter-sarif@v1 + with: + patterns: | + -pktvisor/build/conan_home/**/* + input: sarif-results/cpp.sarif + output: sarif-results/cpp.sarif + + - name: Upload SARIF + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: sarif-results/cpp.sarif + + - name: Upload loc as a Build Artifact + uses: actions/upload-artifact@v4 + with: + name: sarif-results + path: sarif-results + retention-days: 1 diff --git a/cmd/pktvisord/CMakeLists.txt b/cmd/pktvisord/CMakeLists.txt index 87a2f6228..001809612 100644 --- a/cmd/pktvisord/CMakeLists.txt +++ b/cmd/pktvisord/CMakeLists.txt @@ -24,8 +24,8 @@ target_link_libraries(pktvisord if(NOT CRASHPAD_NOT_SUPPORTED) set(CONAN_BIN_DIRS_CRASHPAD ${crashpad_INCLUDE_DIR}/../bin) if(WIN32) - configure_file("${CONAN_BIN_DIRS_CRASHPAD}/crashpad_handler.exe" "${PROJECT_BINARY_DIR}/bin/crashpad_handler.exe" COPYONLY) + configure_file("${CONAN_BIN_DIRS_SENTRY-CRASHPAD}/crashpad_handler.exe" "${PROJECT_BINARY_DIR}/bin/crashpad_handler.exe" COPYONLY) else() - configure_file("${CONAN_BIN_DIRS_CRASHPAD}/crashpad_handler" "${PROJECT_BINARY_DIR}/bin/crashpad_handler" COPYONLY) + configure_file("${CONAN_BIN_DIRS_SENTRY-CRASHPAD}/crashpad_handler" "${PROJECT_BINARY_DIR}/bin/crashpad_handler" COPYONLY) endif() endif() \ No newline at end of file diff --git a/cmd/pktvisord/CrashpadHandler.h b/cmd/pktvisord/CrashpadHandler.h index b27cb4308..3d561c9af 100644 --- a/cmd/pktvisord/CrashpadHandler.h +++ b/cmd/pktvisord/CrashpadHandler.h @@ -50,7 +50,7 @@ static bool start_crashpad_handler(std::string token, std::string url, std::stri /* Enable automated uploads. */ database->GetSettings()->SetUploadsEnabled(true); - rc = client.StartHandler(handler, db, db, url, annotations, arguments, true, false); + rc = client.StartHandler(handler, db, db, url, "", annotations, arguments, true, false); if (rc == false) { return false; } diff --git a/conanfile.py b/conanfile.py index 96207e889..e91d4c799 100644 --- a/conanfile.py +++ b/conanfile.py @@ -27,7 +27,7 @@ def requirements(self): self.requires("yaml-cpp/0.8.0") self.requires("robin-hood-hashing/3.11.5") self.requires("libcurl/8.10.1") - self.requires("crashpad/cci.20220219") + self.requires("sentry-crashpad/0.6.5") def build_requirements(self): self.tool_requires("corrade/2020.06")