build(deps): bump golang.org/x/crypto from 0.40.0 to 0.45.0 in the go_modules group across 1 directory #8502
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # When a PR is opened or updated: Run Tracee Tests | |
| # | |
| name: PR | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tracee_ref: | |
| description: 'Tracee ref to checkout' | |
| required: true | |
| default: 'main' | |
| type: string | |
| pull_request: | |
| branches: | |
| - "main" | |
| - "release-v*.*" | |
| paths: | |
| - "!docs/**" | |
| - "!deploy/**" | |
| - "!packaging/**" | |
| - "!**.yaml" | |
| - "!**.md" | |
| - "!**.txt" | |
| - "!**.conf" | |
| # override previous rules: | |
| - "docs/docs/flags/**" | |
| - "docs/man/**" | |
| - "go.mod" | |
| - "go.sum" | |
| - "Makefile" | |
| - "**.c" | |
| - "**.h" | |
| - "**.go" | |
| - "**.sh" | |
| - "**/pr.yaml" | |
| - "**/action.yaml" | |
| concurrency: | |
| group: ${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| TRACEE_REF: ${{ github.event.inputs.tracee_ref || github.ref }} | |
| TESTS: > | |
| TRC-102 | |
| TRC-103 | |
| TRC-104 | |
| TRC-105 | |
| TRC-107 | |
| TRC-1010 | |
| TRC-1014 | |
| TRC-1016 | |
| TRC-1018 | |
| TRC-1022 | |
| ARM64_TESTS: > | |
| TRC-102 | |
| TRC-103 | |
| TRC-104 | |
| TRC-105 | |
| TRC-107 | |
| TRC-1010 | |
| TRC-1014 | |
| TRC-1016 | |
| TRC-1018 | |
| NETTESTS: > | |
| IPv4 | |
| IPv6 | |
| TCP | |
| UDP | |
| ICMP | |
| ICMPv6 | |
| DNS | |
| HTTP | |
| HTTPRequest | |
| HTTPResponse | |
| jobs: | |
| # | |
| # DOC VERIFICATION | |
| # | |
| verify-docs: | |
| name: Verify Documentation | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| ref: ${{ env.TRACEE_REF }} | |
| - name: Ensure updates of *.1.md and *.1 pairs | |
| run: | | |
| ./scripts/verify_man_md_sync.sh --base-ref origin/main --fetch-depth 1 | |
| # | |
| # CODE VERIFICATION | |
| # | |
| verify-analyze-code: | |
| name: Verify and Analyze Code | |
| runs-on: ubuntu-24.04 | |
| container: | |
| image: alpine/git:2.49.1@sha256:bd54f921f6d803dfa3a4fe14b7defe36df1b71349a3e416547e333aa960f86e3 | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| submodules: true | |
| ref: ${{ env.TRACEE_REF }} | |
| - name: Fix Git ownership | |
| run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
| shell: sh | |
| - name: Install Dependencies | |
| run: ./scripts/installation/install-deps-alpine.sh | |
| shell: sh | |
| - name: Lint | |
| run: | | |
| if test -z "$(gofmt -l .)"; then | |
| echo "Congrats! There is nothing to fix." | |
| else | |
| echo "The following lines should be fixed." | |
| gofmt -s -d . | |
| exit 1 | |
| fi | |
| - name: Lint (Revive) | |
| run: | | |
| make check-lint | |
| - name: Check Code Style | |
| run: | | |
| make check-fmt | |
| - name: Check Golang Vet | |
| run: | | |
| make check-vet | |
| - name: Check with StaticCheck | |
| run: | | |
| make check-staticcheck | |
| - name: Check with errcheck | |
| run: | | |
| make check-err | |
| # | |
| # TOOLS BUILD VERIFICATION | |
| # | |
| verify-tools: | |
| name: Verify Other Tools | |
| needs: | |
| - verify-analyze-code | |
| runs-on: ubuntu-24.04 | |
| container: | |
| image: alpine/git:2.49.1@sha256:bd54f921f6d803dfa3a4fe14b7defe36df1b71349a3e416547e333aa960f86e3 | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| submodules: true | |
| ref: ${{ env.TRACEE_REF }} | |
| - name: Fix Git ownership | |
| run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
| shell: sh | |
| - name: Install Dependencies | |
| run: ./scripts/installation/install-deps-alpine.sh | |
| shell: sh | |
| - name: Build Tracee Benchmark Tool | |
| run: | | |
| make clean | |
| make tracee-bench | |
| - name: Build E2E Network Signatures | |
| run: | | |
| make clean | |
| make e2e-net-signatures | |
| - name: Build E2E Instrumentation Signatures | |
| run: | | |
| make clean | |
| make e2e-inst-signatures | |
| # | |
| # CHANGE DETECTION (CENTRALIZED) | |
| # | |
| detect-changes: | |
| name: Detect Changes | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| main: ${{ steps.detect.outputs.main }} | |
| types: ${{ steps.detect.outputs.types }} | |
| common: ${{ steps.detect.outputs.common }} | |
| api: ${{ steps.detect.outputs.api }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| ref: ${{ env.TRACEE_REF }} | |
| fetch-depth: 0 | |
| - name: Fix Git ownership | |
| run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
| - name: Detect Changes | |
| id: detect | |
| run: | | |
| if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then | |
| echo "Running via workflow_dispatch - setting all modules to true" | |
| echo "main=true" >> ${GITHUB_OUTPUT} | |
| echo "types=true" >> ${GITHUB_OUTPUT} | |
| echo "common=true" >> ${GITHUB_OUTPUT} | |
| echo "api=true" >> ${GITHUB_OUTPUT} | |
| exit 0 | |
| fi | |
| # Get changed files using git (conventional approach) | |
| CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD) | |
| echo "Changed files:" | |
| echo "$CHANGED_FILES" | |
| # Check if main module changed (anything outside types/, common/, api/) | |
| if echo "$CHANGED_FILES" | grep -qvE '^(types|common|api)/'; then | |
| echo "main=true" >> $GITHUB_OUTPUT | |
| echo "Main module changed" | |
| else | |
| echo "main=false" >> $GITHUB_OUTPUT | |
| echo "No main module changes" | |
| fi | |
| # Check individual modules | |
| if echo "$CHANGED_FILES" | grep -q "^types/"; then | |
| echo "types=true" >> $GITHUB_OUTPUT | |
| echo "Types module changed" | |
| else | |
| echo "types=false" >> $GITHUB_OUTPUT | |
| fi | |
| if echo "$CHANGED_FILES" | grep -q "^common/"; then | |
| echo "common=true" >> $GITHUB_OUTPUT | |
| echo "Common module changed" | |
| else | |
| echo "common=false" >> $GITHUB_OUTPUT | |
| fi | |
| if echo "$CHANGED_FILES" | grep -q "^api/"; then | |
| echo "api=true" >> $GITHUB_OUTPUT | |
| echo "API module changed" | |
| else | |
| echo "api=false" >> $GITHUB_OUTPUT | |
| fi | |
| # | |
| # MODULE TESTS | |
| # | |
| test-modules: | |
| name: Go Modules Unit Tests (x86_64) | |
| needs: | |
| - detect-changes | |
| if: needs.detect-changes.outputs.main != 'true' | |
| runs-on: ubuntu-24.04 | |
| container: | |
| image: alpine/git:2.49.1@sha256:bd54f921f6d803dfa3a4fe14b7defe36df1b71349a3e416547e333aa960f86e3 | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| ref: ${{ env.TRACEE_REF }} | |
| fetch-depth: 0 | |
| - name: Fix Git ownership | |
| run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
| shell: sh | |
| - name: Install Dependencies | |
| run: ./scripts/installation/install-deps-alpine.sh | |
| shell: sh | |
| - name: Test Types Module | |
| if: needs.detect-changes.outputs.types == 'true' | |
| uses: ./.github/actions/test-go-module | |
| with: | |
| module-name: 'types' | |
| working-directory: './types' | |
| - name: Test Common Module | |
| if: needs.detect-changes.outputs.common == 'true' | |
| uses: ./.github/actions/test-go-module | |
| with: | |
| module-name: 'common' | |
| working-directory: './common' | |
| - name: Test API Module | |
| if: needs.detect-changes.outputs.api == 'true' | |
| uses: ./.github/actions/test-go-module | |
| with: | |
| module-name: 'api' | |
| working-directory: './api' | |
| test-modules-arm64: | |
| name: Go Modules Unit Tests (ARM64) | |
| needs: | |
| - detect-changes | |
| if: needs.detect-changes.outputs.main != 'true' | |
| runs-on: ubuntu-24.04-arm | |
| container: | |
| image: alpine/git:2.49.1@sha256:bd54f921f6d803dfa3a4fe14b7defe36df1b71349a3e416547e333aa960f86e3 | |
| volumes: | |
| - /opt:/opt:rw,rshared | |
| # The following volume mount is a workaround for GitHub Actions runner limitations. | |
| # Some GitHub-hosted runners expect Node.js to be available at /__e/node20, which is not present in the base container. | |
| # This mapping provides Node.js from the host's /opt directory to the expected location in the container. | |
| # WARNING: This creates a fragile dependency on the runner's internal filesystem layout. | |
| # If the runner environment changes, this workflow may break. Consider updating this step if a more robust solution becomes available. | |
| - /opt:/__e/node20:ro,rshared | |
| steps: | |
| - name: Allow Linux musl containers on ARM64 runners | |
| run: | | |
| sed -i "/^ID=/s/alpine/NotpineForGHA/" /etc/os-release | |
| apk add nodejs --update-cache | |
| mkdir /opt/bin | |
| ln -s /usr/bin/node /opt/bin/node | |
| - name: Checkout Code | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| ref: ${{ env.TRACEE_REF }} | |
| fetch-depth: 0 | |
| - name: Fix Git ownership | |
| run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
| shell: sh | |
| - name: Install Dependencies | |
| run: ./scripts/installation/install-deps-alpine.sh | |
| shell: sh | |
| - name: Test Types Module | |
| if: needs.detect-changes.outputs.types == 'true' | |
| uses: ./.github/actions/test-go-module | |
| with: | |
| module-name: 'types (ARM64)' | |
| working-directory: './types' | |
| - name: Test Common Module | |
| if: needs.detect-changes.outputs.common == 'true' | |
| uses: ./.github/actions/test-go-module | |
| with: | |
| module-name: 'common (ARM64)' | |
| working-directory: './common' | |
| - name: Test API Module | |
| if: needs.detect-changes.outputs.api == 'true' | |
| uses: ./.github/actions/test-go-module | |
| with: | |
| module-name: 'api (ARM64)' | |
| working-directory: './api' | |
| # | |
| # CODE TESTS | |
| # | |
| unit-tests: | |
| name: Full Unit Tests (x86_64) | |
| needs: | |
| - verify-analyze-code | |
| - detect-changes | |
| if: needs.detect-changes.outputs.main == 'true' | |
| runs-on: ubuntu-24.04 | |
| container: | |
| image: alpine/git:2.49.1@sha256:bd54f921f6d803dfa3a4fe14b7defe36df1b71349a3e416547e333aa960f86e3 | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| submodules: true | |
| ref: ${{ env.TRACEE_REF }} | |
| fetch-depth: 0 # Fetch full history for codecov base comparison | |
| - name: Fix Git ownership | |
| run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
| shell: sh | |
| - name: Install Dependencies | |
| run: ./scripts/installation/install-deps-alpine.sh | |
| shell: sh | |
| - name: Run Full Unit Test Suite | |
| run: | | |
| # Run comprehensive test suite for all modules (main + types + common + api) | |
| make test-unit | |
| - name: Upload Unit Test Coverage | |
| uses: codecov/codecov-action@af09b5e394c93991b95a5e7646aeb90c1917f78f # v5.5.1 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./coverage.txt | |
| flags: unit | |
| name: unit-tests | |
| fail_ci_if_error: false | |
| - name: Run Scripts Unit Tests | |
| run: | | |
| make run-scripts-test-unit | |
| unit-tests-arm64: | |
| name: Full Unit Tests (ARM64) | |
| needs: | |
| - verify-analyze-code | |
| - detect-changes | |
| if: needs.detect-changes.outputs.main == 'true' | |
| runs-on: ubuntu-24.04-arm | |
| container: | |
| image: alpine/git:2.49.1@sha256:bd54f921f6d803dfa3a4fe14b7defe36df1b71349a3e416547e333aa960f86e3 | |
| volumes: | |
| - /opt:/opt:rw,rshared | |
| # The following volume mount is a workaround for GitHub Actions runner limitations. | |
| # Some GitHub-hosted runners expect Node.js to be available at /__e/node20, which is not present in the base container. | |
| # This mapping provides Node.js from the host's /opt directory to the expected location in the container. | |
| # WARNING: This creates a fragile dependency on the runner's internal filesystem layout. | |
| # If the runner environment changes, this workflow may break. Consider updating this step if a more robust solution becomes available. | |
| - /opt:/__e/node20:ro,rshared | |
| steps: | |
| - name: Allow Linux musl containers on ARM64 runners | |
| run: | | |
| sed -i "/^ID=/s/alpine/NotpineForGHA/" /etc/os-release | |
| apk add nodejs --update-cache | |
| mkdir /opt/bin | |
| ln -s /usr/bin/node /opt/bin/node | |
| - name: Checkout Code | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| submodules: true | |
| ref: ${{ env.TRACEE_REF }} | |
| fetch-depth: 0 # Fetch full history for codecov base comparison | |
| - name: Fix Git ownership | |
| run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
| shell: sh | |
| - name: Install Dependencies | |
| run: ./scripts/installation/install-deps-alpine.sh | |
| shell: sh | |
| - name: Run Unit Tests | |
| run: | | |
| make test-unit | |
| - name: Upload Unit Test Coverage | |
| uses: codecov/codecov-action@af09b5e394c93991b95a5e7646aeb90c1917f78f # v5.5.1 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./coverage.txt | |
| flags: unit | |
| name: unit-tests | |
| fail_ci_if_error: false | |
| - name: Run Scripts Unit Tests | |
| run: | | |
| make run-scripts-test-unit | |
| # | |
| # INTEGRATION TESTS | |
| # | |
| integration-tests: | |
| name: Integration Tests (x86_64) | |
| needs: | |
| - verify-analyze-code | |
| - detect-changes | |
| if: needs.detect-changes.outputs.main == 'true' | |
| runs-on: ubuntu-24.04 | |
| container: | |
| image: ubuntu:24.04@sha256:353675e2a41babd526e2b837d7ec780c2a05bca0164f7ea5dbbd433d21d166fc | |
| options: --pid=host --cgroupns=host --privileged -v /etc/os-release:/etc/os-release-host:ro -v /var/run:/var/run:ro -v /sys/kernel/debug:/sys/kernel/debug:rw -v /boot:/boot:ro | |
| steps: | |
| - name: Install Git | |
| run: | | |
| export DEBIAN_FRONTEND=noninteractive | |
| apt-get update | |
| apt-get install -y --no-install-recommends git-core ca-certificates | |
| update-ca-certificates | |
| - name: Checkout Code | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| submodules: true | |
| ref: ${{ env.TRACEE_REF }} | |
| fetch-depth: 0 # Fetch full history for codecov base comparison | |
| - name: Fix Git ownership | |
| run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
| - name: Install Dependencies | |
| run: ./scripts/installation/install-deps-ubuntu.sh | |
| - name: Run Integration Tests | |
| run: | | |
| env "PATH=$PATH" make test-integration | |
| - name: Upload Integration Test Coverage | |
| uses: codecov/codecov-action@af09b5e394c93991b95a5e7646aeb90c1917f78f # v5.5.1 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./integration-coverage.txt | |
| flags: integration | |
| name: integration-tests | |
| fail_ci_if_error: false | |
| integration-tests-arm64: | |
| name: Integration Tests (ARM64) | |
| needs: | |
| - verify-analyze-code | |
| - detect-changes | |
| if: needs.detect-changes.outputs.main == 'true' | |
| runs-on: ubuntu-24.04-arm | |
| container: | |
| image: ubuntu:24.04@sha256:353675e2a41babd526e2b837d7ec780c2a05bca0164f7ea5dbbd433d21d166fc | |
| options: --pid=host --cgroupns=host --privileged -v /etc/os-release:/etc/os-release-host:ro -v /var/run:/var/run:ro -v /sys/kernel/debug:/sys/kernel/debug:rw -v /boot:/boot:ro | |
| steps: | |
| - name: Install Git | |
| run: | | |
| export DEBIAN_FRONTEND=noninteractive | |
| apt-get update | |
| apt-get install -y --no-install-recommends git-core ca-certificates | |
| update-ca-certificates | |
| - name: Checkout Code | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| submodules: true | |
| ref: ${{ env.TRACEE_REF }} | |
| fetch-depth: 0 # Fetch full history for codecov base comparison | |
| - name: Fix Git ownership | |
| run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
| - name: Install Dependencies | |
| run: ./scripts/installation/install-deps-ubuntu.sh | |
| - name: Run Integration Tests | |
| run: | | |
| env "PATH=$PATH" make test-integration | |
| - name: Upload Integration Test Coverage | |
| uses: codecov/codecov-action@af09b5e394c93991b95a5e7646aeb90c1917f78f # v5.5.1 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./integration-coverage.txt | |
| flags: integration | |
| name: integration-tests | |
| fail_ci_if_error: false | |
| # | |
| # PERFORMANCE TESTS | |
| # | |
| performance-tests: | |
| name: Performance Tests | |
| needs: | |
| - verify-analyze-code | |
| - detect-changes | |
| if: needs.detect-changes.outputs.main == 'true' | |
| runs-on: ubuntu-24.04 | |
| container: | |
| image: alpine/git:2.49.1@sha256:bd54f921f6d803dfa3a4fe14b7defe36df1b71349a3e416547e333aa960f86e3 | |
| options: --pid=host --cgroupns=host --privileged -v /etc/os-release:/etc/os-release-host:ro -v /var/run:/var/run:ro | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| submodules: true | |
| ref: ${{ env.TRACEE_REF }} | |
| - name: Fix Git ownership | |
| run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
| shell: sh | |
| - name: Install Dependencies | |
| run: ./scripts/installation/install-deps-alpine.sh | |
| shell: sh | |
| - name: Run Performance Tests | |
| run: | | |
| make test-performance | |
| # | |
| # FUNCTIONAL TESTS AGAINST DIFFERENT KERNELS | |
| # | |
| generate-matrix: | |
| name: Generate Test Matrix | |
| needs: | |
| - detect-changes | |
| runs-on: ubuntu-24.04 | |
| if: needs.detect-changes.outputs.main == 'true' | |
| outputs: | |
| matrix01: ${{ steps.set-matrix.outputs.matrix01 }} | |
| steps: | |
| - name: Set Matrix | |
| id: set-matrix | |
| run: | | |
| declare -A job_names=( | |
| ["GKE 5.4"]="0013845506cbdf2ca x86_64" | |
| ["GKE 5.10"]="049b1b3a4a5fdf9fd x86_64" | |
| ["GKE 5.15 x86_64"]="01f6d4f80f256ffe4 x86_64" | |
| ["GKE 5.15 aarch64"]="079f308677600eebf aarch64" | |
| ["AMZN2 5.10 x86_64"]="05d03d50b6008ede7 x86_64" | |
| ["AMZN2 5.10 aarch64"]="05e46d0a87c96bf69 aarch64" | |
| ["RHEL8 4.18 x86_64"]="0e6e8bf2181db9d65 x86_64" | |
| ["Focal 5.4 x86_64"]="0c75089aa342ffa26 x86_64" | |
| ["Focal 5.13 x86_64"]="094d5310a281c8679 x86_64" | |
| ["Focal 5.13 aarch64"]="08f88e2a2bd1b72a7 aarch64" | |
| ["Jammy 5.15 x86_64"]="0d01de8f7b26afe02 x86_64" | |
| ["Jammy 5.15 aarch64"]="08e91aa07134e6a36 aarch64" | |
| ["Jammy 5.19 x86_64"]="02691308713b4cec2 x86_64" | |
| ["Jammy 5.19 aarch64"]="046579f8e52acb104 aarch64" | |
| ["Lunar 6.2 x86_64"]="034e03e1bdb7c205f x86_64" | |
| ["Lunar 6.2 aarch64"]="04b03463ee4e32182 aarch64" | |
| ["Mantic 6.5 x86_64"]="0a44ad46e5c42e499 x86_64" | |
| ["Mantic 6.5 aarch64"]="0387f77c4820c98db aarch64" | |
| ["Mantic 6.6 x86_64"]="05b5ac8f6c43b3ca5 x86_64" | |
| ["Mantic 6.6 aarch64"]="05c9d6cd9343f0a43 aarch64" | |
| ["Noble 6.8 x86_64"]="0cc63426ae75d47c8 x86_64" | |
| ["Noble 6.8 aarch64"]="0f5260685b3ec2293 aarch64" | |
| ["Noble 6.10 x86_64"]="0ae23eabda70efc60 x86_64" | |
| ["Noble 6.10 aarch64"]="01ce0f71400b5ff38 aarch64" | |
| ["Noble 6.11 x86_64"]="0ce1f88aa63091921 x86_64" | |
| ["Noble 6.11 aarch64"]="0123508488affb578 aarch64" | |
| ["Noble 6.12 x86_64"]="0e38f3caba1b4234d x86_64" | |
| ["Noble 6.12 aarch64"]="0547f429681dc1f2a aarch64" | |
| # expand as needed | |
| ) | |
| for num in 01; do | |
| output="[" | |
| first=1 | |
| for job in "${!job_names[@]}"; do | |
| timestamp=$(date +%s) | |
| ami="${job_names[$job]%% *}" | |
| arch="${job_names[$job]##* }" | |
| if (( first )); then | |
| first=0 | |
| else | |
| output+="," | |
| fi | |
| output+="{\"job_name\": \"$job\", \"arch\": \"$arch\", \"ami\": \"$ami\", \"sufix\": \"$timestamp\"}" | |
| done | |
| output+="]" | |
| echo "matrix$num=$output" >> $GITHUB_OUTPUT | |
| echo "matrix$num=$output" | |
| done | |
| shell: bash | |
| - name: Show Matrix | |
| id: show-matrix | |
| run: | | |
| echo ${{ steps.set-matrix.outputs.matrix01 }} | |
| shell: bash | |
| kernel-tests: | |
| name: ${{ matrix.job_name }} | |
| needs: | |
| - generate-matrix | |
| runs-on: | |
| - graas_ami-${{ matrix.ami }}_${{ github.event.number }}${{ github.run_attempt }}-${{ github.run_id }}_${{ matrix.sufix }} | |
| - EXECUTION_TYPE=LONG | |
| - INSTANCE_TYPE=XLARGE | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: ${{fromJson(needs.generate-matrix.outputs.matrix01)}} | |
| env: | |
| HOME: "/tmp/root" | |
| GOPATH: "/tmp/go" | |
| GOCACHE: "/tmp/go-cache" | |
| GOROOT: "/usr/local/go" | |
| steps: | |
| - name: "Checkout" | |
| uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | |
| with: | |
| submodules: true | |
| ref: ${{ env.TRACEE_REF }} | |
| - name: "Environment Variables" | |
| run: | | |
| if [[ "${{ matrix.arch }}" == "aarch64" ]]; then | |
| echo "TESTS=${{ env.ARM64_TESTS }}" >> $GITHUB_ENV | |
| fi | |
| LINUX_ID=$(grep -Pom1 '^ID=\K.*' /etc/os-release) | |
| echo "LINUX_ID=${LINUX_ID}" >> ${GITHUB_ENV} | |
| - name: "Disable Unattended Upgrades (Ubuntu only)" | |
| if: ${{ env.LINUX_ID == 'ubuntu' }} | |
| run: ./scripts/disable-unattended-upgrades.sh --timeout 5 | |
| continue-on-error: true | |
| # - name: "Prepare Image (Fix AMIs)" | |
| # run: ./tests/e2e-install-deps.sh | |
| - name: "Sync System Time" | |
| run: ./scripts/sync_system_time.sh | |
| continue-on-error: true | |
| - name: "Build Tracee" | |
| run: make tracee | |
| - name: "Compatibility Test" | |
| run: env "PATH=$PATH" make test-compatibility | |
| - name: "Instrumentation Test" | |
| id: e2e-inst-test | |
| run: | | |
| ./tests/e2e-inst-test.sh --keep-artifacts 2>&1 | tee /tmp/e2e-inst-test.log | |
| exit ${PIPESTATUS[0]} | |
| - name: "Network Test" | |
| id: e2e-net-test | |
| run: | | |
| ./tests/e2e-net-test.sh 2>&1 | tee /tmp/e2e-net-test.log | |
| exit ${PIPESTATUS[0]} | |
| - name: "Kernel Test" | |
| id: e2e-kernel-test | |
| run: | | |
| ./tests/e2e-kernel-test.sh 2>&1 | tee /tmp/e2e-kernel-test.log | |
| exit ${PIPESTATUS[0]} | |
| - name: "Determine Failed Test" | |
| id: failed-test | |
| if: failure() && ( | |
| steps.e2e-inst-test.conclusion == 'failure' || | |
| steps.e2e-net-test.conclusion == 'failure' || | |
| steps.e2e-kernel-test.conclusion == 'failure' | |
| ) | |
| run: | | |
| if [[ "${{ steps.e2e-inst-test.conclusion }}" == "failure" ]]; then | |
| echo "name=inst" >> $GITHUB_OUTPUT | |
| elif [[ "${{ steps.e2e-net-test.conclusion }}" == "failure" ]]; then | |
| echo "name=net" >> $GITHUB_OUTPUT | |
| elif [[ "${{ steps.e2e-kernel-test.conclusion }}" == "failure" ]]; then | |
| echo "name=kernel" >> $GITHUB_OUTPUT | |
| else | |
| echo "No failed tests. Should not reach this point." | |
| exit 1 | |
| fi | |
| - name: "Upload E2E Test Artifacts" | |
| if: always() && steps.failed-test.outputs.name != '' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: e2e-${{ steps.failed-test.outputs.name }}-artifacts-${{ matrix.job_name }}-${{ github.run_id }}-${{ github.run_attempt }} | |
| path: | | |
| /tmp/tracee-log-* | |
| /tmp/tracee-output-* | |
| /tmp/e2e-*.log | |
| retention-days: 7 | |
| if-no-files-found: warn | |
| - name: "Notify About Available E2E Test Artifacts" | |
| if: always() && steps.failed-test.outputs.name != '' | |
| run: | | |
| echo "::notice title=Debug Artifacts Available::E2E tests failed. Debug artifacts have been uploaded and can be downloaded from the Summary tab. Look for: e2e-${{ steps.failed-test.outputs.name }}-artifacts-${{ matrix.job_name }}-${{ github.run_id }}-${{ github.run_attempt }}" | |
| echo "" | |
| echo "📋 **E2E Test Failed - Debug Information Available**" | |
| echo "" | |
| echo "🔍 **How to access debug artifacts:**" | |
| echo "1. Click on the 'Summary' tab above the jobs list" | |
| echo "2. Scroll to the bottom of the Summary page" | |
| echo "3. Look for the 'Artifacts' section" | |
| echo "4. Download: \`e2e-${{ steps.failed-test.outputs.name }}-artifacts-${{ matrix.job_name }}-${{ github.run_id }}-${{ github.run_attempt }}\`" | |
| echo "" | |
| echo "📁 **What's included in the artifacts:**" | |
| echo "- **Log file**: Full debug-level logs from all E2E tests (tracee-log-*)" | |
| echo "- **Output file**: JSON events captured during all E2E tests (tracee-output-*)" | |
| echo "- **Pipeline log**: Complete stdout/stderr from the failed test (e2e-*.log)" | |
| echo "" | |
| echo "⚠️ **Note**: Artifacts are available for 7 days from upload" | |
| - name: "Cleanup E2E Test Artifacts" | |
| if: always() | |
| run: | | |
| # Clean up artifact files from runner filesystem | |
| rm -f /tmp/tracee-log-* /tmp/tracee-output-* /tmp/e2e-*.log 2>/dev/null || true | |
| echo "Cleaned up local artifact files from all E2E tests" |