Skip to content

Add check_syscall_source event #6483

Add check_syscall_source event

Add check_syscall_source event #6483

Workflow file for this run

#
# When a PR is opened or updated: Run Tracee Tests
#
name: PR
on:
workflow_dispatch: {}
pull_request:
branches:
- main
paths:
- "!docs/**"
- "!deploy/**"
- "!packaging/**"
- "!**.yaml"
- "!**.md"
- "!**.txt"
- "!**.conf"
# override previous rules:
- "docs/docs/flags/**"
- "docs/man/**"
- "go.mod"
- "go.sum"
- "Makefile"
- "**.c"
- "**.h"
- "**.go"
- "**.sh"
- "**/pr.yaml"
- "**/action.yaml"
concurrency:
group: ${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
TESTS: >
TRC-102
TRC-103
TRC-104
TRC-105
TRC-107
TRC-1010
TRC-1014
TRC-1016
TRC-1018
TRC-1022
ARM64_TESTS: >
TRC-102
TRC-103
TRC-104
TRC-105
TRC-107
TRC-1010
TRC-1014
TRC-1016
TRC-1018
NETTESTS: >
IPv4
IPv6
TCP
UDP
ICMP
ICMPv6
DNS
HTTP
INSTTESTS: >
PROCESS_EXECUTE_FAILED
VFS_WRITE
FILE_MODIFICATION
HOOKED_SYSCALL
FTRACE_HOOK
SECURITY_INODE_RENAME
BPF_ATTACH
CONTAINERS_DATA_SOURCE
PROCTREE_DATA_SOURCE
DNS_DATA_SOURCE
WRITABLE_DATA_SOURCE
SET_FS_PWD
CHECK_SYSCALL_SOURCE
jobs:
#
# DOC VERIFICATION
#
verify-docs:
name: Verify Documentation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Check if flags flags man/markdown docs were changed
id: changed-files
uses: tj-actions/changed-files@2d756ea4c53f7f6b397767d8723b3a10a9f35bf2 # v44.0.0
with:
files_yaml: |
md_files:
- "docs/docs/flags/**/*.1.md"
man_files:
- "docs/man/**/*.1"
- name: Ensure updates of *.1.md and *.1 pairs
if: ${{ steps.changed-files.outputs.md_files_any_modified == 'true' || steps.changed-files.outputs.man_files_any_modified == 'true' }}
run: |
md_files=$(echo "${{ steps.changed-files.outputs.md_files_all_modified_files }}" | xargs -n 1 basename | sed 's/\.1.md$//')
man_files=$(echo "${{ steps.changed-files.outputs.man_files_all_modified_files }}" | xargs -n 1 basename | sed 's/\.1$//')
missing_updates=()
for base_name in $md_files; do
if ! grep -Fxq "$base_name" <<< "$man_files"; then
missing_updates+=("$base_name.1.md change requires corresponding $base_name.1 change")
fi
done
for base_name in $man_files; do
if ! grep -Fxq "$base_name" <<< "$md_files"; then
missing_updates+=("$base_name.1 change requires corresponding $base_name.1.md change")
fi
done
if [ ${#missing_updates[@]} -ne 0 ]; then
printf "%s\n" "${missing_updates[@]}"
echo "--- How to Fix it ---"
echo " 1. Modify only '.1.md' files, updating the date in '.1.md' files if needed."
echo " 2. Run 'make -f builder/Makefile.man man-run' to update '.1' files."
exit 1
fi
#
# CODE VERIFICATION
#
verify-analyze-code:
name: Verify and Analyze Code
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Dependencies
uses: ./.github/actions/build-dependencies
- name: Lint
run: |
if test -z "$(gofmt -l .)"; then
echo "Congrats! There is nothing to fix."
else
echo "The following lines should be fixed."
gofmt -s -d .
exit 1
fi
- name: Lint (Revive)
run: |
make check-lint
- name: Check Code Style
run: |
make check-fmt
- name: Check Golang Vet
run: |
make check-vet
- name: Check with StaticCheck
run: |
make check-staticcheck
- name: Check with errcheck
run: |
make check-err
#
# SIGNATURES CODE VERIFICATION
#
verify-signatures:
name: Verify Signatures
needs:
- verify-analyze-code
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Dependencies
uses: ./.github/actions/build-dependencies
- name: Build Signatures
run: |
make signatures
- name: Test Signatures
run: |
make test-signatures
#
# TOOLS BUILD VERIFICATION
#
verify-tools:
name: Verify Other Tools
needs:
- verify-analyze-code
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Dependencies
uses: ./.github/actions/build-dependencies
- name: Build Tracee Benchmark Tool
run: |
make clean
make tracee-bench
- name: Build Tracee GPT Docs Tool
run: |
make clean
make tracee-gptdocs
- name: Build E2E Network Signatures
run: |
make clean
make e2e-net-signatures
- name: Build E2E Instrumentation Signatures
run: |
make clean
make e2e-inst-signatures
#
# CODE TESTS
#
unit-tests:
name: Unit Tests
needs:
- verify-analyze-code
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Dependencies
uses: ./.github/actions/build-dependencies
- name: Run Unit Tests
run: |
make test-unit
#
# INTEGRATION TESTS
#
integration-tests:
name: Integration Tests
needs:
- verify-analyze-code
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Dependencies
uses: ./.github/actions/build-dependencies
- name: Run Integration Tests
run: |
sudo env "PATH=$PATH" make test-integration
#
# PERFORMANCE TESTS
#
performance-tests:
name: Performance Tests
needs:
- verify-analyze-code
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Dependencies
uses: ./.github/actions/build-dependencies
- name: Run Performance Tests
run: |
sudo env "PATH=$PATH" make test-performance
#
# FUNCTIONAL TESTS AGAINST DIFFERENT KERNELS
#
generate-matrix:
name: Generate Test Matrix
#needs:
# - verify-signatures
# - verify-tools
runs-on: ubuntu-latest
outputs:
matrix01: ${{ steps.set-matrix.outputs.matrix01 }}
steps:
- name: Set Matrix
id: set-matrix
run: |
declare -A job_names=(
["GKE 5.4"]="0013845506cbdf2ca x86_64"
["GKE 5.10"]="049b1b3a4a5fdf9fd x86_64"
["GKE 5.15 x86_64"]="01f6d4f80f256ffe4 x86_64"
["GKE 5.15 aarch64"]="079f308677600eebf aarch64"
["AMZN2 5.10 x86_64"]="05d03d50b6008ede7 x86_64"
["AMZN2 5.10 aarch64"]="05e46d0a87c96bf69 aarch64"
["RHEL8 4.18 x86_64"]="08c6b52c312ffee85 x86_64"
["Focal 5.4 x86_64"]="0c75089aa342ffa26 x86_64"
["Focal 5.13 x86_64"]="094d5310a281c8679 x86_64"
["Focal 5.13 aarch64"]="08f88e2a2bd1b72a7 aarch64"
["Jammy 5.15 x86_64"]="0d01de8f7b26afe02 x86_64"
["Jammy 5.15 aarch64"]="08e91aa07134e6a36 aarch64"
["Jammy 5.19 x86_64"]="02691308713b4cec2 x86_64"
["Jammy 5.19 aarch64"]="046579f8e52acb104 aarch64"
["Lunar 6.2 x86_64"]="034e03e1bdb7c205f x86_64"
["Lunar 6.2 aarch64"]="04b03463ee4e32182 aarch64"
["Mantic 6.5 x86_64"]="0a44ad46e5c42e499 x86_64"
["Mantic 6.5 aarch64"]="0387f77c4820c98db aarch64"
["Mantic 6.6 x86_64"]="05b5ac8f6c43b3ca5 x86_64"
["Mantic 6.6 aarch64"]="05c9d6cd9343f0a43 aarch64"
# expand as needed
)
for num in 01; do
output="["
first=1
for job in "${!job_names[@]}"; do
ami="${job_names[$job]%% *}"
arch="${job_names[$job]##* }"
if (( first )); then
first=0
else
output+=","
fi
output+="{\"job_name\": \"$job\", \"arch\": \"$arch\", \"ami\": \"$ami\", \"sufix\": \"$num\"}"
done
output+="]"
echo "matrix$num=$output" >> $GITHUB_OUTPUT
echo "matrix$num=$output"
done
shell: bash
- name: Show Matrix
id: show-matrix
run: |
echo ${{ steps.set-matrix.outputs.matrix01 }}
shell: bash
kernel-tests:
name: ${{ matrix.job_name }}
needs:
- generate-matrix
runs-on:
- graas_ami-${{ matrix.ami }}_${{ github.event.number }}${{ github.run_attempt }}-${{ github.run_id }}_${{ matrix.sufix }}
- EXECUTION_TYPE=LONG
strategy:
matrix:
include: ${{fromJson(needs.generate-matrix.outputs.matrix01)}}
env:
HOME: "/tmp/root"
GOPATH: "/tmp/go"
GOCACHE: "/tmp/go-cache"
GOROOT: "/usr/local/go"
steps:
- name: "Checkout"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
# - name: "Prepare Image (Fix AMIs)"
# run: ./tests/e2e-install-deps.sh
- name: "Environment Variables"
run: |
if [[ "${{ matrix.arch }}" == "aarch64" ]]; then
echo "TESTS=${{ env.ARM64_TESTS }}" >> $GITHUB_ENV
fi
- name: "Instrumentation Test"
run: ./tests/e2e-inst-test.sh
- name: "Network Test"
run: ./tests/e2e-net-test.sh
- name: "Kernel Test"
run: ./tests/e2e-kernel-test.sh