ci: Use libLLVM from Rust CI tarball #1944

Workflow file for this run

	name: aya-ci

	on:
	push:
	branches:
	- main

	pull_request:
	branches:
	- main

	schedule:
	- cron: 00 4 * * *

	env:
	CARGO_TERM_COLOR: always

	jobs:
	lint:
	runs-on: ubuntu-22.04

	steps:
	- uses: actions/checkout@v4

	- uses: dtolnay/rust-toolchain@master
	with:
	toolchain: nightly
	components: rustfmt, clippy, miri, rust-src

	- uses: Swatinem/rust-cache@v2

	- uses: taiki-e/install-action@v2
	with:
	tool: cargo-hack,taplo-cli

	- name: Check C formatting
	run: git ls-files -- '.c' '.h' \| xargs clang-format --dry-run --Werror

	- name: Check Markdown
	uses: DavidAnson/markdownlint-cli2-action@v17

	- name: Check TOML formatting
	run: taplo fmt --check

	- name: Check formatting
	run: cargo fmt --all -- --check

	- name: Run clippy
	run: cargo hack clippy --all-targets --feature-powerset --workspace -- --deny warnings

	- name: Check public API
	run: cargo xtask public-api

	- name: Run miri
	run: \|
	set -euxo pipefail
	cargo hack miri test --all-targets --feature-powerset \
	--exclude aya-ebpf \
	--exclude aya-ebpf-bindings \
	--exclude aya-log-ebpf \
	--exclude integration-ebpf \
	--exclude integration-test \
	--workspace

	build-test-aya:
	strategy:
	fail-fast: false
	matrix:
	arch:
	- x86_64-unknown-linux-gnu
	- aarch64-unknown-linux-gnu
	- armv7-unknown-linux-gnueabi
	- riscv64gc-unknown-linux-gnu
	- powerpc64le-unknown-linux-gnu
	- s390x-unknown-linux-gnu
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@v4

	- uses: dtolnay/rust-toolchain@master
	with:
	toolchain: stable
	targets: ${{ matrix.arch }}

	- uses: Swatinem/rust-cache@v2

	- uses: taiki-e/install-action@cargo-hack

	- uses: taiki-e/setup-cross-toolchain-action@v1
	with:
	target: ${{ matrix.arch }}

	- name: Build
	run: \|
	set -euxo pipefail
	cargo hack build --all-targets --feature-powerset \
	--exclude aya-ebpf \
	--exclude aya-ebpf-bindings \
	--exclude aya-log-ebpf \
	--exclude integration-ebpf \
	--workspace

	- name: Test
	env:
	RUST_BACKTRACE: full
	run: \|
	set -euxo pipefail
	cargo hack test --all-targets --feature-powerset \
	--exclude aya-ebpf \
	--exclude aya-ebpf-bindings \
	--exclude aya-log-ebpf \
	--exclude integration-ebpf \
	--exclude integration-test \
	--workspace

	- name: Doctests
	env:
	RUST_BACKTRACE: full
	run: \|
	set -euxo pipefail
	cargo hack test --doc --feature-powerset \
	--exclude aya-ebpf \
	--exclude aya-ebpf-bindings \
	--exclude aya-log-ebpf \
	--exclude init \
	--exclude integration-ebpf \
	--exclude integration-test \
	--workspace

	build-test-aya-ebpf:
	strategy:
	fail-fast: false
	matrix:
	arch:
	- x86_64
	- aarch64
	- arm
	- riscv64
	- powerpc64
	- s390x
	target:
	- bpfel-unknown-none
	- bpfeb-unknown-none
	runs-on: ubuntu-22.04

	steps:
	- uses: actions/checkout@v4

	- uses: dtolnay/rust-toolchain@master
	with:
	toolchain: nightly
	components: rust-src

	- uses: Swatinem/rust-cache@v2

	- name: bpf-linker
	run: cargo install bpf-linker --git https://github.com/aya-rs/bpf-linker.git

	- uses: taiki-e/install-action@cargo-hack
	- name: Build
	env:
	CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.arch }}
	run: \|
	set -euxo pipefail
	cargo hack build --package aya-ebpf --package aya-log-ebpf \
	--feature-powerset \
	--target ${{ matrix.target }} \
	-Z build-std=core

	- name: Test
	env:
	CARGO_CFG_BPF_TARGET_ARCH: ${{ matrix.arch }}
	RUST_BACKTRACE: full
	run: \|
	set -euxo pipefail
	cargo hack test --doc \
	--package aya-ebpf \
	--package aya-log-ebpf \
	--feature-powerset

	run-integration-test:
	strategy:
	fail-fast: false
	matrix:
	include:
	# macos-14 is arm64 per
	# https://github.com/actions/runner-images#available-images which
	# doesn't support nested virtualization per
	# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#limitations-for-arm64-macos-runners
	- target: x86_64-apple-darwin
	os: macos-13
	os-name: macOS
	- target: x86_64-unknown-linux-gnu
	os: ubuntu-22.04
	os-name: Linux
	runs-on: ${{ matrix.os }}
	steps:
	- uses: actions/checkout@v4
	with:
	submodules: recursive

	- name: Install prerequisites
	if: runner.os == 'Linux'
	# gcc-multilib provides at least <asm/types.h> which is referenced by libbpf.
	run: \|
	set -euxo pipefail
	sudo apt update
	sudo apt -y install gcc-multilib locate qemu-system-{arm,x86}

	- name: Install prerequisites
	if: runner.os == 'macOS'
	# The xargs shipped on macOS always exits 0 with -P0, so we need GNU findutils.
	#
	# The tar shipped on macOS doesn't support --wildcards, so we need GNU tar.
	run: \|
	set -euxo pipefail
	brew update
	# https://github.com/actions/setup-python/issues/577
	find /usr/local/bin -type l -exec sh -c 'readlink -f "$1" \
	\| grep -q ^/Library/Frameworks/Python.framework/Versions/' _ {} \; -exec rm -v {} \;
	HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1 \
	brew install dpkg findutils gnu-tar pkg-config qemu
	echo $(brew --prefix)/opt/findutils/libexec/gnubin >> $GITHUB_PATH
	echo $(brew --prefix)/opt/gnu-tar/libexec/gnubin >> $GITHUB_PATH

	- uses: dtolnay/rust-toolchain@master
	with:
	toolchain: nightly
	components: rust-src
	targets: aarch64-unknown-linux-musl,x86_64-unknown-linux-musl

	- uses: Swatinem/rust-cache@v2

	- name: Install LLVM
	# Download the upstream LLVM release tarball to get the latest version
	# of clang. Version parity with LLVM shipped with Rust nightly is not
	# required for clang, as it is only used for compiling eBPF programs
	# written in C for integration tests. But we still prefer using a
	# recent version, instead of relying on Homebrew or Ubuntu.
	run: \|
	set -euxo pipefail
	llvm_tarball_url=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
	https://api.github.com/repos/llvm/llvm-project/releases \| jq -r \
	'first \| .assets \| map(select(.name \|
	endswith("${{ matrix.os-name }}-X64.tar.xz"))) \| first \|
	.browser_download_url')
	mkdir -p /tmp/llvm-upstream
	wget -q -O - $llvm_tarball_url \| tar -xJ --strip-components 1 \
	-C /tmp/llvm-upstream
	echo /tmp/llvm-upstream/bin >> $GITHUB_PATH

	- name: Install libLLVM
	# Download libLLVM from Rust CI to ensure that the libLLVM version
	# matches exactly with the version used by the current Rust nightly. A
	# mismatch between libLLVM (used by bpf-linker) and Rust's LLVM version
	# can lead to linking issues.
	run: \|
	set -euxo pipefail
	# Get the partial SHA from Rust nightly.
	rustc_sha=$(rustc +nightly --version \| grep -oE '[a-f0-9]{7,40}')
	# Get the full SHA from GitHub.
	rustc_sha=$(curl -s https://api.github.com/repos/rust-lang/rust/commits/$rustc_sha \
	--header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
	--header 'content-type: application/json' \
	\| jq -r '.sha')
	mkdir -p /tmp/rustc-llvm
	wget -q -O - https://ci-artifacts.rust-lang.org/rustc-builds/$rustc_sha/rust-dev-nightly-${{ matrix.target }}.tar.xz \| \
	tar -xJ --strip-components 2 -C /tmp/rustc-llvm
	echo /tmp/rustc-llvm/bin >> $GITHUB_PATH

	- name: bpf-linker
	if: runner.os == 'Linux'
	run: cargo install bpf-linker --git https://github.com/aya-rs/bpf-linker.git

	- name: bpf-linker
	if: runner.os == 'macOS'
	# NB: rustc doesn't ship libLLVM.so on macOS, so disable proxying (default feature). We also
	# --force so that bpf-linker gets always relinked against the latest LLVM downloaded above.
	run: cargo install --force bpf-linker --git https://github.com/aya-rs/bpf-linker.git --no-default-features

	- name: Download debian kernels
	if: runner.arch == 'ARM64'
	run: \|
	set -euxo pipefail
	mkdir -p test/.tmp/debian-kernels/arm64
	# NB: a 4.19 kernel image for arm64 was not available.
	# TODO: enable tests on kernels before 6.0.
	# linux-image-5.10.0-23-cloud-arm64-unsigned_5.10.179-3_arm64.deb \
	printf '%s\0' \
	linux-image-6.1.0-22-cloud-arm64-unsigned_6.1.94-1_arm64.deb \
	linux-image-6.10.9-cloud-arm64-unsigned_6.10.9-1_arm64.deb \
	\| xargs -0 -t -P0 -I {} wget -nd -nv -P test/.tmp/debian-kernels/arm64 ftp://ftp.us.debian.org/debian/pool/main/l/linux/{}

	- name: Download debian kernels
	if: runner.arch == 'X64'
	run: \|
	set -euxo pipefail
	mkdir -p test/.tmp/debian-kernels/amd64
	# TODO: enable tests on kernels before 6.0.
	# linux-image-4.19.0-21-cloud-amd64-unsigned_4.19.249-2_amd64.deb \
	# linux-image-5.10.0-23-cloud-amd64-unsigned_5.10.179-3_amd64.deb \
	printf '%s\0' \
	linux-image-6.1.0-22-cloud-amd64-unsigned_6.1.94-1_amd64.deb \
	linux-image-6.10.9-cloud-amd64-unsigned_6.10.9-1_amd64.deb \
	\| xargs -0 -t -P0 -I {} wget -nd -nv -P test/.tmp/debian-kernels/amd64 ftp://ftp.us.debian.org/debian/pool/main/l/linux/{}

	- name: Extract debian kernels
	run: \|
	set -euxo pipefail
	find test/.tmp -name '*.deb' -print0 \| xargs -t -0 -I {} \
	sh -c "dpkg --fsys-tarfile {} \| tar -C test/.tmp --wildcards --extract 'vmlinuz' --file -"

	- name: Run local integration tests
	if: runner.os == 'Linux'
	run: cargo xtask integration-test local

	- name: Run virtualized integration tests
	run: find test/.tmp -name 'vmlinuz-*' \| xargs -t cargo xtask integration-test vm

	# Provides a single status check for the entire build workflow.
	# This is used for merge automation, like Mergify, since GH actions
	# has no concept of "when all status checks pass".
	# https://docs.mergify.com/conditions/#validating-all-status-checks
	build-workflow-complete:
	needs:
	- lint
	- build-test-aya
	- build-test-aya-ebpf
	- run-integration-test
	runs-on: ubuntu-latest
	steps:
	- name: Build Complete
	run: echo "Build Complete"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: Use libLLVM from Rust CI tarball #1944

Workflow file

ci: Use libLLVM from Rust CI tarball #1944

Jobs

Run details

Workflow file for this run