Skip to content

Commit

Permalink
update CI workflow
Browse files Browse the repository at this point in the history 
Signed-off-by: Jaehyun Nam <jn@accuknox.com>
  • Loading branch information
@nam-jaehyun
nam-jaehyun committed Jul 31, 2022
1 parent 6ac29f5 commit 0cf0235
Show file tree
Hide file tree
Showing 15 changed files with 321 additions and 244 deletions.
31 changes: 17 additions & 14 deletions .github/workflows/ci-go.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,9 @@ jobs:
go-fmt:
runs-on: ubuntu-latest
steps:
- name: Checkout Source
uses: actions/checkout@v2
- uses: actions/checkout@v2

- uses: actions/setup-go@v2
- uses: actions/setup-go@v3
with:
go-version: v1.18

Expand All @@ -24,32 +23,37 @@ jobs:
go-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout Source
uses: actions/checkout@v2
- uses: actions/checkout@v2

- name: Run Revive Action on KubeArmor code
- uses: actions/setup-go@v3
with:
go-version: v1.18

- name: Run Revive Action on KubeArmor
uses: morphy2k/revive-action@v2
with:
path: "./KubeArmor/..."

go-lint-tests:
runs-on: ubuntu-latest
steps:
- name: Checkout Source
uses: actions/checkout@v2
- uses: actions/checkout@v2

- uses: actions/setup-go@v3
with:
go-version: v1.18

- name: Run Revive Action on KubeArmor tests code
- name: Run Revive Action on KubeArmor tests
uses: morphy2k/revive-action@v2
with:
path: "./tests/..."

go-sec:
runs-on: ubuntu-latest
steps:
- name: Checkout Source
uses: actions/checkout@v2
- uses: actions/checkout@v2

- uses: actions/setup-go@v2
- uses: actions/setup-go@v3
with:
go-version: v1.18

Expand All @@ -60,8 +64,7 @@ jobs:
license:
runs-on: ubuntu-latest
steps:
- name: Checkout Source
uses: actions/checkout@v2
- uses: actions/checkout@v2

- name: Check License Header
uses: apache/skywalking-eyes@9bd5feb86b5817aa6072b008f9866a2c3bbc8587
Expand Down
65 changes: 36 additions & 29 deletions .github/workflows/ci-new-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,49 +26,57 @@ jobs:
fail-fast: false
matrix:
os: [ubuntu-latest, ubuntu-18.04]
runtime: ["containerd", "crio"]
runtime: ["docker", "containerd", "crio"]
steps:
- uses: actions/checkout@v2
with:
submodules: true

- name: Set up Go
uses: actions/setup-go@v2
- uses: actions/setup-go@v3
with:
go-version: 1.18
go-version: v1.18

- name: Install Latest Stable LLVM toolchain
- name: Install the latest LLVM toolchain
run: |
sudo bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)"
for tool in "clang" "llc" "llvm-strip"
do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-14 /usr/bin/$tool
done
sudo apt install libelf-dev
- name: Setup Enviroment
. /etc/os-release
sudo apt-get -y install build-essential libelf-dev pkg-config
wget https://apt.llvm.org/llvm.sh -O /tmp/llvm.sh
if [ "$VERSION_CODENAME" == "focal" ] || [ "$VERSION_CODENAME" == "bionic" ]; then
sudo bash /tmp/llvm.sh 12
for tool in "clang" "llc" "llvm-strip"; do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-12 /usr/bin/$tool
done
else # VERSION_CODENAME == jammy
sudo bash /tmp/llvm.sh 14
for tool in "clang" "llc" "llvm-strip"; do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-14 /usr/bin/$tool
done
fi
- name: Compile libbpf
run: |
cd KubeArmor/BPF
make -C libbpf/src
- name: Setup a Kubernetes environment
run: |
echo "RUNTIME="$RUNTIME
if [ "$RUNTIME" == "docker" ]; then
./contribution/self-managed-k8s/docker/install_docker.sh
docker --version
elif [ "$RUNTIME" == "crio" ]; then
if [ "$RUNTIME" == "crio" ]; then
./contribution/self-managed-k8s/crio/install_crio.sh
crio --version
fi
./contribution/k3s/install_k3s.sh
cd KubeArmor/BPF/
make -C libbpf/src
- name: Install cmctl
run: |
OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o cmctl.tar.gz https://github.com/cert-manager/cert-manager/releases/download/v1.7.2/cmctl-$OS-$ARCH.tar.gz
tar xzf cmctl.tar.gz
sudo mv cmctl /usr/local/bin
- name: Install annotation controller
- name: Install an annotation controller
run: |
kubectl apply -f deployments/annotations/cert-manager.yaml
kubectl wait pods --for=condition=ready -n cert-manager -l app.kubernetes.io/instance=cert-manager
Expand All @@ -79,17 +87,17 @@ jobs:
- name: Run kubectl proxy
run: kubectl proxy &

- name: Run kubearmor in local process mode
- name: Run KubeArmor in background
run: |
make -C KubeArmor/ run &
bash -c 'for((i=0;i<300;i++)); do cnt=$(ps -e | grep kubearmor | wc -l); [[ $cnt -gt 0 ]] && echo "Kubearmor is running" && break; sleep 1; done'
timeout-minutes: 5

- name: ginkgo kubearmor tests
- name: Test KubeArmor using Ginkgo
run: |
go install -mod=mod github.com/onsi/ginkgo/v2/ginkgo
make -C tests/
timeout-minutes: 10
timeout-minutes: 15

- name: Get karmor sysdump
if: ${{ failure() }}
Expand All @@ -106,12 +114,11 @@ jobs:
/tmp/kubearmor/
/tmp/kubearmor.*
- name: Measure Code Coverage
- name: Measure code coverage
if: ${{ always() }}
run: |
go get github.com/modocache/gover
go install github.com/modocache/gover@latest
gover
gover
go tool cover -func=gover.coverprofile
working-directory: KubeArmor
env:
Expand Down
78 changes: 43 additions & 35 deletions .github/workflows/ci-test-runtime.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,52 +18,62 @@ on:

jobs:
build:
name: Auto-testing Framework Runtime
runs-on: ubuntu-latest
env:
RUNTIME: "containerd"
name: Test KubeArmor in Runtime
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, ubuntu-18.04]
steps:
- name: Kernel version
run: uname -r

- name: Check Docker Version
run: docker --version

- uses: actions/checkout@v2
with:
submodules: true

- name: Install Compilers
run: |
sudo apt-get update
sudo apt-get install --yes build-essential pkgconf clang-9 libllvm9 llvm-9-dev libclang-9-dev zlib1g-dev libelf-dev libedit-dev libfl-dev
for tool in "clang" "llc" "llvm-strip"
do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-9 /usr/bin/$tool
done
- uses: actions/setup-go@v3
with:
go-version: v1.18

- name: Setup Enviroment
id: vars
- name: Install the latest LLVM toolchain
run: |
echo ::set-output name=tag::latest
. /etc/os-release
echo "RUNTIME="$RUNTIME
./contribution/k3s/install_k3s.sh
sudo apt-get -y install build-essential libelf-dev pkg-config
wget https://apt.llvm.org/llvm.sh -O /tmp/llvm.sh
cd KubeArmor/BPF/
if [ "$VERSION_CODENAME" == "focal" ] || [ "$VERSION_CODENAME" == "bionic" ]; then
sudo bash /tmp/llvm.sh 12
for tool in "clang" "llc" "llvm-strip"; do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-12 /usr/bin/$tool
done
else # VERSION_CODENAME == jammy
sudo bash /tmp/llvm.sh 14
for tool in "clang" "llc" "llvm-strip"; do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-14 /usr/bin/$tool
done
fi
- name: Compile libbpf
run: |
cd KubeArmor/BPF
make -C libbpf/src
- name: Setup a Kubernetes environment
id: vars
run: |
echo ::set-output name=tag::latest
RUNTIME=docker ./contribution/k3s/install_k3s.sh
- name: Generate KubeArmor artifacts
run: |
echo "TAG="${{ steps.vars.outputs.tag }}
GITHUB_SHA=$GITHUB_SHA ./KubeArmor/build/build_kubearmor.sh ${{ steps.vars.outputs.tag }}
docker save kubearmor/kubearmor:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
docker save kubearmor/kubearmor-init:${{ steps.vars.outputs.tag }} | sudo k3s ctr images import -
- name: Run KubeArmor
run: |
kubectl apply -f KubeArmor/build/kubearmor-test-k3s.yaml
sed -i 's/kubearmor\/kubearmor:latest/kubearmor\/kubearmor:${{ steps.vars.outputs.tag }}/g' ./KubeArmor/build/kubearmor-test-docker.yaml
sed -i 's/kubearmor\/kubearmor-init:latest/kubearmor\/kubearmor-init:${{ steps.vars.outputs.tag }}/g' ./KubeArmor/build/kubearmor-test-docker.yaml
kubectl apply -f ./KubeArmor/build/kubearmor-test-docker.yaml
kubectl wait --for=condition=ready --timeout=5m -n kube-system pod -l kubearmor-app=kubearmor
kubectl get pods -A
Expand All @@ -73,11 +83,9 @@ jobs:
- name: Capture KubeArmor logs
if: ${{ failure() }}
run: kubectl exec -n kube-system daemonset/kubearmor -- cat /tmp/kubearmor.log > /tmp/kubearmor.log

- name: Capture KubeArmor Pod Events
if: ${{ failure() }}
run: kubectl describe pod -n kube-system kubearmor
run: |
kubectl -n kube-system describe pod $(kubectl get pods -n kube-system -l kubearmor-app=kubearmor --no-headers -o custom-columns=:metadata.name)
kubectl exec -n kube-system daemonset/kubearmor -- cat /tmp/kubearmor.log > /tmp/kubearmor.log
- name: Archive log artifacts
if: ${{ failure() }}
Expand All @@ -89,6 +97,6 @@ jobs:
/tmp/kubearmor.log
/tmp/kubearmor.msg
- name: Check Results
- name: Check the testing results
if: ${{ always() }}
run: cat /tmp/kubearmor.test
53 changes: 33 additions & 20 deletions .github/workflows/ci-test-systemd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,46 +18,59 @@ on:

jobs:
build:
name: Systemd Test
name: Test KubeArmor in Systemd Mode
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, ubuntu-18.04]
steps:
- name: Kernel version
run: uname -a

- uses: actions/checkout@v2
with:
submodules: true

- name: Set up Go
uses: actions/setup-go@v2
- uses: actions/setup-go@v3
with:
go-version: 1.17
go-version: v1.18

- name: Install the latest LLVM toolchain
run: |
. /etc/os-release
sudo apt-get -y install build-essential libelf-dev pkg-config
wget https://apt.llvm.org/llvm.sh -O /tmp/llvm.sh
if [ "$VERSION_CODENAME" == "focal" ] || [ "$VERSION_CODENAME" == "bionic" ]; then
sudo bash /tmp/llvm.sh 12
for tool in "clang" "llc" "llvm-strip"; do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-12 /usr/bin/$tool
done
else # VERSION_CODENAME == jammy
sudo bash /tmp/llvm.sh 14
for tool in "clang" "llc" "llvm-strip"; do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-14 /usr/bin/$tool
done
fi
- name: Compile libbpf
run: |
cd KubeArmor/BPF
make -C libbpf/src
- name: Install GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
install-only: true

- name: Install Latest Stable LLVM toolchain
run: |
sudo bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)"
for tool in "clang" "llc" "llvm-strip"
do
sudo rm -f /usr/bin/$tool
sudo ln -s /usr/bin/$tool-14 /usr/bin/$tool
done
- name: Build Release
- name: Build Systemd Release
run: make local-release
working-directory: KubeArmor

- name: Install KubeArmor Systemd
run: sudo apt install --yes ./dist/kubearmor*.deb
- name: Install KubeArmor
run: sudo apt install -y ./dist/kubearmor*.deb
working-directory: KubeArmor

- name: Check journalctl
run: sudo journalctl -u kubearmor --no-pager
run: sudo journalctl -u kubearmor --no-pager
Loading

0 comments on commit 0cf0235

Please sign in to comment.