Skip to content

draklib/draksh: refactored replacement for Drakvuf utilities and draksetup #143

draklib/draksh: refactored replacement for Drakvuf utilities and draksetup

draklib/draksh: refactored replacement for Drakvuf utilities and draksetup #143

Workflow file for this run

name: "Build and test Drakvuf Sandbox"
on:
push:
branches:
- master
pull_request:
branches:
- master
jobs:
build_docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python 3.8
uses: actions/setup-python@v4
with:
python-version: 3.8
- name: Install dependencies
working-directory: docs
run: pip install -r requirements.txt
- name: Build docs
working-directory: docs
run: make html
lint_drakcore:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python 3.8
uses: actions/setup-python@v4
with:
python-version: 3.8
- run: pip3 install black==22.6.0 isort==5.9.3 flake8
- name: Check with black
run: black --check --diff drakcore/
- name: Check with isort
run: isort --profile black --check drakcore/
- run: pip3 install -r drakcore/requirements.txt
- name: Check with flake8
run: flake8 --extend-ignore=E501,E203 --max-line-length=88 drakcore/
lint_drakcore_frontend:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install web dependencies
working-directory: drakcore/drakcore/frontend
run: npm ci
- name: Check with prettier
working-directory: drakcore/drakcore/frontend
run: npx prettier --check src/
lint_drakrun:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python 3.8
uses: actions/setup-python@v4
with:
python-version: 3.8
- run: pip3 install black==22.6.0 isort==5.9.3 flake8
- name: Check with black
run: black --check --diff drakrun/
- name: Check with isort
run: isort --profile black --check drakrun/
- run: pip3 install -r drakrun/requirements.txt
- name: Check with flake8
run: flake8 --extend-ignore=E501,E203 --max-line-length=88 drakrun/
package_drakvuf_bundle:
needs: [ lint_drakcore, lint_drakcore_frontend, lint_drakrun ]
strategy:
fail-fast: false
matrix:
include:
- distro: debian
version: buster
- distro: debian
version: bullseye
runs-on: ubuntu-latest
container: "${{ matrix.distro }}:${{matrix.version}}"
steps:
- name: Install git and wget
run: |
export DEBIAN_FRONTEND=noninteractive
apt-get update && apt-get install -y -q git wget
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Get Drakvuf commit id
run: |
# Workaround for fatal: detected dubious ownership
# https://git-scm.com/docs/git-config/2.35.2#Documentation/git-config.txt-safedirectory
git config --global --add safe.directory "$(pwd)"
export DRAKVUF_COMMIT=$(git ls-tree HEAD drakvuf | awk '{ print $3 }')
echo "Drakvuf commit is ${DRAKVUF_COMMIT}"
echo "DRAKVUF_COMMIT=$DRAKVUF_COMMIT" >> $GITHUB_ENV
- name: Cache Drakvuf bundle
id: cache-drakvuf-bundle
uses: actions/cache@v3
with:
path: |
/out/drakvuf-bundle*.deb
/out/xen-hypervisor*.deb
/opt/xtf/tests/example/test-hvm64-example
key: drakvuf-bundle-${{ env.DRAKVUF_COMMIT }}-${{ matrix.distro }}-${{ matrix.version }}
- if: ${{ steps.cache-drakvuf-bundle.outputs.cache-hit != 'true' }}
name: Build Drakvuf bundle
run: |
cp -ra . /build
cd /build
sh drakvuf/package/depends.sh
bash ci/build_bundle.sh "${{ matrix.distro }}:${{matrix.version}}"
- name: Install Drakvuf bundle
run: |
export DEBIAN_FRONTEND=noninteractive
apt install -y /out/drakvuf-bundle*.deb
- if: ${{ steps.cache-drakvuf-bundle.outputs.cache-hit != 'true' }}
name: Build Xen Test Framework
working-directory: /opt
run: |
git clone https://xenbits.xen.org/git-http/xtf.git
cd xtf
git checkout bf1c4eb6cb52785cf539eb83752dfcecfe66c5d1
make -j4
- name: Build draksetup tools
run: |
apt install -y make pkg-config gcc libglib2.0-dev
make -C ./drakrun/drakrun/tools
cp /opt/xtf/tests/example/test-hvm64-example ./drakrun/drakrun/tools/
- uses: actions/upload-artifact@v3
with:
name: drakvuf-bundle-debs-${{ matrix.distro }}-${{ matrix.version }}
path: |
/out/drakvuf-bundle*.deb
/out/xen-hypervisor*.deb
- uses: actions/upload-artifact@v3
with:
name: draksetup-tools-${{ matrix.distro }}-${{ matrix.version }}
path: |
drakrun/drakrun/tools/*
package_drakcore:
needs: [lint_drakcore, lint_drakcore_frontend]
strategy:
fail-fast: false
matrix:
include:
- distro: debian
version: buster
- distro: debian
version: bullseye
runs-on: ubuntu-latest
container: "${{ matrix.distro }}:${{matrix.version}}"
steps:
- uses: actions/checkout@v3
- name: Build drakcore
run: |
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y wget curl python3 python3-venv python3-pip dh-virtualenv debhelper devscripts
curl -sL https://deb.nodesource.com/setup_14.x | bash -
apt-get install -y nodejs
cd drakcore
package/find-python.sh
dpkg-buildpackage -us -uc -b
- uses: actions/upload-artifact@v3
with:
name: drakcore-debs-${{ matrix.distro }}-${{ matrix.version }}
path: ./drakcore_*_amd64.deb
package_drakrun:
needs: [ package_drakvuf_bundle ]
strategy:
fail-fast: false
matrix:
include:
- distro: debian
version: buster
- distro: debian
version: bullseye
runs-on: ubuntu-latest
container: "${{ matrix.distro }}:${{matrix.version}}"
steps:
- uses: actions/checkout@v3
- name: Download draksetup compiled tools from artifacts
uses: actions/download-artifact@v3
with:
name: draksetup-tools-${{ matrix.distro }}-${{ matrix.version }}
path: drakrun/drakrun/tools
- name: Build drakrun
run: |
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y wget python3 python3-pip python3-venv dh-virtualenv debhelper devscripts
cd drakrun
package/find-python.sh
dpkg-buildpackage -us -uc -b
- uses: actions/upload-artifact@v3
with:
name: drakrun-debs-${{ matrix.distro }}-${{ matrix.version }}
path: ./drakrun_*_amd64.deb
test_e2e:
needs: [ package_drakcore, package_drakrun, package_drakvuf_bundle ]
strategy:
fail-fast: false
matrix:
include:
- distro: debian
version: buster
version_number: 10
- distro: debian
version: bullseye
version_number: 11
runs-on: self-hosted
container: python:3.8-buster
# Prevent concurrent jobs trying to reach the same VM
concurrency: ci-${{ github.ref }}-${{ matrix.distro }}-${{ matrix.version_number }}
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Download drakrun debs from artifacts
uses: actions/download-artifact@v3
with:
name: drakrun-debs-${{ matrix.distro }}-${{ matrix.version }}
path: /debs
- name: Download drakcore debs from artifacts
uses: actions/download-artifact@v3
with:
name: drakcore-debs-${{ matrix.distro }}-${{ matrix.version }}
path: /debs
- name: Download drakvuf-bundle debs from artifacts
uses: actions/download-artifact@v3
with:
name: drakvuf-bundle-debs-${{ matrix.distro }}-${{ matrix.version }}
path: /debs
- name: Install git
run: |
export DEBIAN_FRONTEND=noninteractive
apt-get update && apt-get install -y -q git
- name: Start tests
run: |
git config --global --add safe.directory "$(pwd)"
cd test
pip install -r requirements.txt
pytest -v --capture=no
python -m vm_runner_client destroy
env:
DRAKVUF_DEBS_PATH: "/debs"
BASE_IMAGE: "${{ matrix.distro }}-${{ matrix.version_number }}-generic-amd64"
SNAPSHOT_VERSION: "win7-20230213"
MINIO_HOST: "192.168.100.1:8181"
VM_RUNNER_API_URL: "http://127.0.0.1:8080"
VM_SUFFIX: "${{ matrix.distro }}-${{ matrix.version_number }}"
# It's local Minio readonly account accessible from local runner
# I don't really know how to make unauthenticated access so let's
# keep that dummy account
MINIO_ACCESS_KEY: "drakvuf-ci-user"
MINIO_SECRET_KEY: "Ectrj8GnJbfZu4J"
- name: Job failed - suspending VM (if possible)
if: ${{ failure() }}
run: |
python -m vm_runner_client suspend
env:
VM_RUNNER_API_KEY: "http://127.0.0.1:8080"
VM_SUFFIX: "${{ matrix.distro }}-${{ matrix.version_number }}"