remove unused commands #237
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: tests | |
on: [push] | |
jobs: | |
unit-test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 | |
- name: Build coverage-instrumented binary | |
run: | | |
make build-cover && sudo make -B install | |
- name: Set up Go | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # ratchet:actions/setup-go@v4 | |
with: | |
go-version: '1.22' | |
- name: Run Unit-Test | |
run: | | |
mkdir /tmp/unit/ | |
go test \ | |
-v \ | |
-cover ./... \ | |
-skip TestFwdctl \ | |
-args -test.gocoverdir=/tmp/unit/ | |
- name: Upload cover profiles | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # ratchet:actions/upload-artifact@v3 | |
with: | |
name: unit-test | |
path: /tmp/unit/ | |
integration-test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 | |
- name: Set up Go | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # ratchet:actions/setup-go@v4 | |
with: | |
go-version: '1.22' | |
- name: Install iptables | |
run: | | |
sudo apt update | |
sudo apt install -y iptables | |
- name: Build coverage-instrumented binary | |
run: | | |
make build-cover && sudo make -B install | |
- name: Run integration test | |
run: | | |
mkdir /tmp/integration | |
# we have to run integration tests one-by-one | |
# otherwhise they will run in parallel. | |
# since fwdctl apply network forwards, these could | |
# interact with each other and make the test fail. | |
go test \ | |
-exec sudo \ | |
-cover \ | |
-v ./... \ | |
-run TestFwdctl/apply$ \ | |
-args -test.gocoverdir=/tmp/integration/ | |
go test \ | |
-exec sudo \ | |
-cover \ | |
-v ./... \ | |
-run TestFwdctl/create$ \ | |
-args -test.gocoverdir=/tmp/integration/ | |
go test \ | |
-exec sudo \ | |
-cover \ | |
-v ./... \ | |
-run TestFwdctl/delete$ \ | |
-args -test.gocoverdir=/tmp/integration/ | |
go test \ | |
-exec sudo \ | |
-cover \ | |
-v ./... \ | |
-run TestFwdctl/list$ \ | |
-args -test.gocoverdir=/tmp/integration/ | |
go test \ | |
-exec sudo \ | |
-cover \ | |
-v ./... \ | |
-run TestFwdctl/daemon$ \ | |
-args -test.gocoverdir=/tmp/integration/ | |
go test \ | |
-exec sudo \ | |
-cover \ | |
-v ./... \ | |
-run TestFwdctl/version$ \ | |
-args -test.gocoverdir=/tmp/integration/ | |
- name: Upload cover profiles | |
uses: actions/upload-artifact@v3 | |
with: | |
name: integration-test | |
path: /tmp/integration/ | |
code-coverage: | |
runs-on: ubuntu-latest | |
needs: [unit-test,integration-test] | |
steps: | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: unit-test | |
path: /tmp/unit-test | |
- uses: actions/download-artifact@v3 | |
with: | |
name: integration-test | |
path: /tmp/integration-test | |
- name: list files | |
run: | | |
ls -lah /tmp/unit-test | |
ls -lah /tmp/integration-test | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: '1.22' | |
- name: Calculate total coverage | |
run: | | |
go tool \ | |
covdata \ | |
textfmt \ | |
-i=/tmp/unit-test,/tmp/integration-test \ | |
-o code-coverage | |
go tool \ | |
cover \ | |
-func code-coverage | |
- name: Update coverage report | |
uses: ncruces/go-coverage-report@494b2847891f4dd3b10f6704ca533367dbb7493d # ratchet:ncruces/go-coverage-report@v0 | |
with: | |
report: true | |
chart: true | |
amend: true | |
coverage-file: ./code-coverage | |
trace-unit-test: | |
runs-on: ubuntu-latest | |
needs: [unit-test] | |
steps: | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 | |
- name: Build coverage-instrumented binary | |
run: | | |
make build-cover && sudo make -B install | |
- name: Set up Go | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # ratchet:actions/setup-go@v4 | |
with: | |
go-version: '1.22' | |
- name: Install harpoon | |
run: | | |
curl -s https://raw.githubusercontent.com/alegrey91/harpoon/main/install | sudo sh | |
- name: Analyze binaries | |
run: | | |
sudo harpoon analyze \ | |
--exclude .git/ \ | |
--save | |
- name: Trace system calls | |
run: | | |
sudo harpoon hunt \ | |
--file harpoon-report.yml \ | |
--directory unit-test-syscalls \ | |
--save | |
- name: Upload metadata from unit-tests | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # ratchet:actions/upload-artifact@v3 | |
with: | |
name: unit-test-syscalls | |
path: unit-test-syscalls | |
trace-integration-test: | |
runs-on: ubuntu-latest | |
needs: [integration-test] | |
steps: | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 | |
- name: Set up Go | |
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # ratchet:actions/setup-go@v4 | |
with: | |
go-version: '1.22' | |
- name: Install iptables | |
run: | | |
sudo apt update | |
sudo apt install -y iptables | |
- name: Build coverage-instrumented binary | |
run: | | |
make build && sudo make -B install | |
- name: Install harpoon | |
run: | | |
curl -s https://raw.githubusercontent.com/alegrey91/harpoon/main/install | sudo sh | |
- name: Run integration test | |
run: | | |
mkdir -p integration-test-syscalls | |
go test \ | |
-exec sudo \ | |
-v ./... \ | |
-run TestFwdctl/apply_trace | |
go test \ | |
-exec sudo \ | |
-v ./... \ | |
-run TestFwdctl/create_trace | |
go test \ | |
-exec sudo \ | |
-v ./... \ | |
-run TestFwdctl/delete_trace | |
go test \ | |
-exec sudo \ | |
-v ./... \ | |
-run TestFwdctl/generate_trace | |
go test \ | |
-exec sudo \ | |
-v ./... \ | |
-run TestFwdctl/list_trace | |
go test \ | |
-exec sudo \ | |
-v ./... \ | |
-run TestFwdctl/version_trace | |
shell: bash | |
- name: Upload cover profiles | |
uses: actions/upload-artifact@v3 | |
with: | |
name: integration-test-syscalls | |
path: integration-test-syscalls | |
build-seccomp-profile: | |
runs-on: ubuntu-latest | |
needs: [trace-unit-test, trace-integration-test] | |
steps: | |
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # ratchet:actions/checkout@v3 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: unit-test-syscalls | |
path: unit-test-syscalls | |
- uses: actions/download-artifact@v3 | |
with: | |
name: integration-test-syscalls | |
path: ./integration-test-syscalls | |
- name: list files | |
run: | | |
ls -lah ./unit-test-syscalls | |
ls -lah ./integration-test-syscalls | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: '1.22' | |
- name: Install harpoon | |
run: | | |
curl -s https://raw.githubusercontent.com/alegrey91/harpoon/main/install | sudo sh | |
- name: Create unique directory | |
run: | | |
mkdir -p harpoon | |
mv unit-test-syscalls/* harpoon/ | |
mv integration-test-syscalls/* harpoon/ | |
- name: Build Seccomp Profile | |
run: | | |
sudo harpoon build \ | |
--directory harpoon/ \ | |
--save \ | |
--name fwdctl-seccomp.json | |
- name: Upload seccomp profile | |
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # ratchet:actions/upload-artifact@v3 | |
with: | |
name: fwdctl-seccomp.json | |
path: fwdctl-seccomp.json |