Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move datapath verifier tests into GH actions workflow #22754

Merged
merged 3 commits into from
Jan 24, 2023
Merged

Move datapath verifier tests into GH actions workflow #22754

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
24a549b
test/verifier: make data path verifier complexity tests standalone
tklauser Jan 24, 2023
9389cac
workflows: add datapath verifier test workflow
tklauser Jan 24, 2023
393e100
test/k8s: skip verifier test on all but 4.19
tklauser Jan 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
239 changes: 239 additions & 0 deletions .github/workflows/tests-datapath-verifier.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,239 @@
name: Datapath BPF Complexity

# Any change in triggers needs to be reflected in the concurrency group.
on:
issue_comment:
types:
- created
# Run every 6 hours
schedule:
- cron: '0 5/6 * * *'
### FOR TESTING PURPOSES
# This workflow runs in the context of `master`, and ignores changes to
# workflow files in PRs. For testing changes to this workflow from a PR:
# - Make sure the PR uses a branch from the base repository (requires write
# privileges). It will not work with a branch from a fork (missing secrets).
# - Uncomment the `pull_request` event below, commit separately with a `DO
# NOT MERGE` message, and push to the PR. As long as the commit is present,
# any push to the PR will trigger this workflow.
# - Don't forget to remove the `DO NOT MERGE` commit once satisfied. The run
# will disappear from the PR checks: please provide a direct link to the
# successful workflow run (can be found from Actions tab) in a comment.
#
# pull_request: {}
###

# By specifying the access of one of the scopes, all of those that are not
# specified are set to 'none'.
permissions:
# To be able to access the repository with actions/checkout
contents: read
# To allow retrieving information from the PR API
pull-requests: read
# So that Sibz/github-status-action can write into the status API
statuses: write

concurrency:
# Structure:
# - Workflow name
# - Event type
# - A unique identifier depending on event type:
# - schedule: SHA
# - issue_comment: PR number
# - pull_request: PR number
#
# This structure ensures a unique concurrency group name is generated for each
# type of testing:
# - schedule: {name} schedule {SHA}
# - issue_comment: {name} issue_comment {PR number}
# - pull_request: {name} pull_request {PR number}
#
# Note: for `issue_comment` triggers, we additionally need to filter out based
# on comment content, otherwise any comment will interrupt workflow runs.
group: |
${{ github.workflow }}
${{ github.event_name }}
${{
(github.event_name == 'schedule' && github.sha) ||
(github.event_name == 'issue_comment' && (
github.event.comment.body == '/ci-verifier' ||
github.event.comment.body == '/test'
) && github.event.issue.number) ||
(github.event_name == 'pull_request' && github.event.pull_request.number)
}}
cancel-in-progress: true

env:
check_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}

jobs:
check_changes:
name: Deduce required tests from code changes
if: |
(github.event_name == 'issue_comment' && (
github.event.comment.body == '/ci-verifier' ||
github.event.comment.body == '/test'
)) ||
github.event_name == 'schedule' ||
github.event_name == 'pull_request'
runs-on: ubuntu-latest
outputs:
tested: ${{ steps.tested-tree.outputs.src }}
steps:
# Because we run on issue comments, we need to checkout the code for
# paths-filter to work.
- name: Checkout code
if: ${{ github.event.issue.pull_request }}
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
with:
persist-credentials: false
- name: Retrieve pull request's base and head
if: ${{ github.event.issue.pull_request }}
id: pr
run: |
curl ${{ github.event.issue.pull_request.url }} > pr.json
echo "base=$(jq -r '.base.sha' pr.json)" >> $GITHUB_OUTPUT
echo "head=$(jq -r '.head.sha' pr.json)" >> $GITHUB_OUTPUT
- name: Check code changes
if: ${{ github.event.issue.pull_request }}
uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50
id: tested-tree
with:
base: ${{ steps.pr.outputs.base }}
ref: ${{ steps.pr.outputs.head }}
filters: |
src:
- 'bpf/**'
- 'test/verifier/**'

setup-and-test:
runs-on: ubuntu-latest-4cores-16gb
needs: check_changes
name: Setup & Test
if: |
(github.event_name == 'issue_comment' && (
github.event.comment.body == '/ci-verifier' ||
(github.event.comment.body == '/test' && needs.check_changes.outputs.tested == 'true')
)) ||
github.event_name == 'schedule' ||
github.event_name == 'pull_request'
strategy:
fail-fast: false
matrix:
# TODO: add '4.19-main' once verifier issues are resolved on that version.
include:
- kernel: '5.4-main'
ci-kernel: '54'
- kernel: '5.15-main'
ci-kernel: '54'
- kernel: 'bpf-next-main'
ci-kernel: 'netnext'
timeout-minutes: 60
steps:
- name: Set up job variables
id: vars
run: |
if [ ${{ github.event.issue.pull_request || github.event.pull_request }} ]; then
PR_API_JSON=$(curl \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
${{ github.event.issue.pull_request.url || github.event.pull_request.url }})
SHA=$(echo "$PR_API_JSON" | jq -r ".head.sha")
else
SHA=${{ github.sha }}
fi
echo "sha=${SHA}" >> $GITHUB_OUTPUT

- name: Set commit status to pending
uses: Sibz/github-status-action@650dd1a882a76dbbbc4576fb5974b8d22f29847f
with:
authToken: ${{ secrets.GITHUB_TOKEN }}
sha: ${{ steps.vars.outputs.sha }}
context: ${{ github.workflow }}
description: Datapath BPF Complexity test in progress...
state: pending
target_url: ${{ env.check_url }}

- name: Checkout pull request
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
with:
ref: ${{ steps.vars.outputs.sha }}
persist-credentials: false

- name: Provision LVH VMs
uses: cilium/little-vm-helper@c3dbeb9d505b31aa5e960ebb258f4dd5f96f0202
with:
test-name: datapath-bpf-complexity
image-version: ${{ matrix.kernel }}
host-mount: ./
cpu: 4
dns-resolver: '1.1.1.1'
install-dependencies: 'true'
cmd: |
git config --global --add safe.directory /host

- name: Run verifier tests
uses: cilium/little-vm-helper@2a076423707ff588c2b0ed676d835e779b4c4af4
with:
provision: 'false'
cmd: |
cd /host/
make -C bpf/ clean V=0
make -C tools/maptool/
go test -c ./test/verifier
docker run -t --privileged \
-v /sys/fs/bpf:/sys/fs/bpf \
-v "\$PWD:/cilium" \
quay.io/cilium/test-verifier:2ecf56b4ea57576e9d92d34407898e5d14e80aa3@sha256:62396cedb4f15477f0084d7dfc92de55ac9ab8531021b7ac5f56220c35f2cb64 \
/cilium/verifier.test -test.v -test.parallel=1 -cilium-base-path /cilium -ci-kernel-version ${{ matrix.ci-kernel }}

- name: Fetch artifacts
if: ${{ !success() }}
uses: cilium/little-vm-helper@c3dbeb9d505b31aa5e960ebb258f4dd5f96f0202
with:
provision: 'false'
cmd: |
cd /host
mkdir datapath-verifier
cp bpf/*.o datapath-verifier

- name: Upload artifacts
if: ${{ !success() }}
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
with:
name: datapath-verifier
path: datapath-verifier
retention-days: 5

- name: Set commit status to success
if: ${{ success() }}
uses: Sibz/github-status-action@650dd1a882a76dbbbc4576fb5974b8d22f29847f
with:
authToken: ${{ secrets.GITHUB_TOKEN }}
sha: ${{ steps.vars.outputs.sha }}
context: ${{ github.workflow }}
description: Datapath BPF Complexity tests successful
state: success
target_url: ${{ env.check_url }}

- name: Set commit status to failure
if: ${{ failure() }}
uses: Sibz/github-status-action@650dd1a882a76dbbbc4576fb5974b8d22f29847f
with:
authToken: ${{ secrets.GITHUB_TOKEN }}
sha: ${{ steps.vars.outputs.sha }}
context: ${{ github.workflow }}
description: Datapath BPF Complexity tests failed
state: failure
target_url: ${{ env.check_url }}

- name: Set commit status to cancelled
if: ${{ cancelled() }}
uses: Sibz/github-status-action@650dd1a882a76dbbbc4576fb5974b8d22f29847f
with:
authToken: ${{ secrets.GITHUB_TOKEN }}
sha: ${{ steps.vars.outputs.sha }}
context: ${{ github.workflow }}
description: Datapath BPF Complexity tests cancelled
state: error
target_url: ${{ env.check_url }}
1 change: 1 addition & 0 deletions CODEOWNERS
View file
Open in desktop
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -468,6 +468,7 @@ jenkinsfiles @cilium/ci-structure
/test/k8s/datapath_configuration.go @cilium/sig-datapath @cilium/ci-structure
/test/k8s/verifier.go @cilium/loader @cilium/ci-structure
/test/runtime/connectivity.go @cilium/sig-datapath @cilium/ci-structure
/test/verifier @cilium/loader @cilium/ci-structure
# Policy tests
/test/k8s/net_policies.go @cilium/sig-policy @cilium/ci-structure
/test/runtime/net_policies.go @cilium/sig-policy @cilium/ci-structure
Expand Down
5 changes: 4 additions & 1 deletion test/k8s/verifier.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,10 @@ var (
// privileged Pod (test-verifier) which mounts the bpffs and the Cilium source
// directory. All test commands are executed in this privileged Pod after
// uninstalling Cilium from the cluster.
var _ = Describe("K8sDatapathVerifier", func() {
//
// The test is skipped on all but 4.19 kernels. These are already covered in the GHA datapath
// verifier workflow, see .github/workflows/tests-datapath-verifier.yaml.
var _ = SkipDescribeIf(helpers.DoesNotRunOn419Kernel, "K8sDatapathVerifier", func() {
var kubectl *helpers.Kubectl

collectObjectFiles := func() {
Expand Down