Skip to content

copy artifact outside #227

copy artifact outside

copy artifact outside #227

Workflow file for this run

name: tests
on: [push]
jobs:
unit-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
- name: Build coverage-instrumented binary
run: |
make build-cover && sudo make -B install
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # ratchet:actions/setup-go@v4
with:
go-version: '1.22'
- name: Run Unit-Test
run: |
mkdir /tmp/unit/
go test \
-v \
-cover ./... \
-skip TestFwdctl \
-args -test.gocoverdir=/tmp/unit/
- name: Upload cover profiles
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # ratchet:actions/upload-artifact@v3
with:
name: unit-test
path: /tmp/unit/
integration-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # ratchet:actions/setup-go@v4
with:
go-version: '1.22'
- name: Install iptables
run: |
sudo apt update
sudo apt install -y iptables
- name: Build coverage-instrumented binary
run: |
make build-cover && sudo make -B install
- name: Run integration test
run: |
mkdir /tmp/integration
# we have to run integration tests one-by-one
# otherwhise they will run in parallel.
# since fwdctl apply network forwards, these could
# interact with each other and make the test fail.
go test \
-exec sudo \
-cover \
-v ./... \
-run TestFwdctl/apply$ \
-args -test.gocoverdir=/tmp/integration/
go test \
-exec sudo \
-cover \
-v ./... \
-run TestFwdctl/create$ \
-args -test.gocoverdir=/tmp/integration/
go test \
-exec sudo \
-cover \
-v ./... \
-run TestFwdctl/delete$ \
-args -test.gocoverdir=/tmp/integration/
go test \
-exec sudo \
-cover \
-v ./... \
-run TestFwdctl/list$ \
-args -test.gocoverdir=/tmp/integration/
go test \
-exec sudo \
-cover \
-v ./... \
-run TestFwdctl/daemon$ \
-args -test.gocoverdir=/tmp/integration/
go test \
-exec sudo \
-cover \
-v ./... \
-run TestFwdctl/version$ \
-args -test.gocoverdir=/tmp/integration/
- name: Upload cover profiles
uses: actions/upload-artifact@v3
with:
name: integration-test
path: /tmp/integration/
code-coverage:
runs-on: ubuntu-latest
needs: [unit-test,integration-test]
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: unit-test
path: /tmp/unit-test
- uses: actions/download-artifact@v3
with:
name: integration-test
path: /tmp/integration-test
- name: list files
run: |
ls -lah /tmp/unit-test
ls -lah /tmp/integration-test
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.22'
- name: Calculate total coverage
run: |
go tool \
covdata \
textfmt \
-i=/tmp/unit-test,/tmp/integration-test \
-o code-coverage
go tool \
cover \
-func code-coverage
- name: Update coverage report
uses: ncruces/go-coverage-report@494b2847891f4dd3b10f6704ca533367dbb7493d # ratchet:ncruces/go-coverage-report@v0
with:
report: true
chart: true
amend: true
coverage-file: ./code-coverage
trace-unit-test:
runs-on: ubuntu-latest
needs: [unit-test]
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
- name: Build coverage-instrumented binary
run: |
make build-cover && sudo make -B install
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # ratchet:actions/setup-go@v4
with:
go-version: '1.22'
- name: Install harpoon
run: |
curl -s https://raw.githubusercontent.com/alegrey91/harpoon/main/install | sudo sh
- name: Analyze binaries
run: |
sudo harpoon analyze \
--exclude .git/ \
--save
- name: Trace system calls
run: |
sudo harpoon hunt \
--file harpoon-report.yml \
--directory unit-test-syscalls \
--save
- name: Upload metadata from unit-tests
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # ratchet:actions/upload-artifact@v3
with:
name: unit-test-syscalls
path: unit-test-syscalls
trace-integration-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # ratchet:actions/setup-go@v4
with:
go-version: '1.22'
- name: Install iptables
run: |
sudo apt update
sudo apt install -y iptables
- name: Build coverage-instrumented binary
run: |
make build && sudo make -B install
- name: Install harpoon
run: |
curl -s https://raw.githubusercontent.com/alegrey91/harpoon/main/install | sudo sh
- name: Run integration test
run: |
mkdir -p integration-test-syscalls
go test \
-exec sudo \
-v ./... \
-run TestFwdctl/apply_trace
go test \
-exec sudo \
-v ./... \
-run TestFwdctl/create_trace
go test \
-exec sudo \
-v ./... \
-run TestFwdctl/delete_trace
go test \
-exec sudo \
-v ./... \
-run TestFwdctl/generate_trace
go test \
-exec sudo \
-v ./... \
-run TestFwdctl/list_trace
go test \
-exec sudo \
-v ./... \
-run TestFwdctl/version_trace
shell: bash
- name: check directory
run: |
pwd
ls -laR
- name: Upload cover profiles
uses: actions/upload-artifact@v3
with:
name: integration-test-syscalls
path: integration-test-syscalls
build-seccomp-profile:
runs-on: ubuntu-latest
needs: [trace-unit-test]
steps:
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: unit-test-syscalls
path: unit-test-syscalls
- uses: actions/download-artifact@v3
with:
name: integration-test-syscalls
path: ./integration-test-syscalls
- name: list files
run: |
ls -lah ./unit-test-syscalls
ls -lah ./integration-test-syscalls
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.22'
- name: Install harpoon
run: |
curl -s https://raw.githubusercontent.com/alegrey91/harpoon/main/install | sudo sh
- name: Create unique directory
run: |
mkdir -p harpoon
mv unit-test-syscalls/* harpoon/
mv integration-test-syscalls/* harpoon/
- name: Build Seccomp Profile
run: |
sudo harpoon build \
--directory harpoon/ \
--save \
--name fwdctl-seccomp.json
- name: Upload seccomp profile
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # ratchet:actions/upload-artifact@v3
with:
name: fwdctl-seccomp.json
path: fwdctl-seccomp.json