Added support for the NT Kernel Logger ETW session #3965
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Windows Test | |
on: [pull_request] | |
jobs: | |
build: | |
name: Windows Test | |
runs-on: windows-2019 | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
- name: Set up Go 1.23 | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.23 | |
# Caching seems to really slow down the build due to the time | |
# taken to save the cache. | |
cache: false | |
id: go | |
- name: Configure test environment | |
shell: cmd | |
if: always() | |
run: | | |
echo %PATH% | |
echo %GOPATH% | |
subst X: %CD% | |
mklink c:\Users\link c:\Windows | |
mkdir "C:\Program Files\Velociraptor" | |
mkdir c:\tmp | |
mkdir c:\adstest\test | |
echo "This is a test of a folder ADS! Its resident too!" > c:\adstest\test:test.txt | |
echo Hello > C:\hello.txt | |
echo HelloADS > C:\hello.txt:myads | |
fsutil file setshortname C:\hello.txt hi.txt | |
wevtutil.exe cl System | |
sc.exe create TestingDetection1 binPath="%COMSPEC% /Q /c echo 'COMSPEC testing 1" | |
echo "VSStest" > c:\Users\test.txt | |
echo "VSStest2" > c:\Users\test2.txt | |
regedit /S artifacts/testdata/windows/init.reg | |
- name: Build | |
if: always() | |
env: | |
CC: x86_64-w64-mingw32-gcc | |
shell: bash | |
run: | | |
go run make.go -v WindowsTest | |
- name: Prepare second stage | |
if: success() | |
shell: cmd | |
# We have to wait a short time between the service creation | |
# event to be flushed to disk. Hopefully building the test | |
# binary takes long enough. | |
# Creating a second service - in the end we have | |
# TestingDetection2 in current logs, TestingDetection1 in | |
# previously cleared logs (but in VSS). | |
run: | | |
vssadmin create shadow /for=c: | |
echo "VSStest2 with more data" > c:\Users\test2.txt | |
echo Clearing the event logs | |
wevtutil.exe cl System | |
wevtutil.exe cl security | |
echo Create second service. | |
sc.exe create TestingDetection2 binPath="%COMSPEC% /Q /c echo 'COMSPEC testing 2" | |
- name: Test | |
shell: bash | |
if: always() | |
env: | |
# Disable CGO for building tests - it takes too long and it is | |
# not needed (mainly disables Yara building again). | |
CGO_ENABLED: "0" | |
run: | | |
# Only run short tests on CI because the CI machines are slow | |
go test -short -v ./... --tags server_vql -p 2 | |
- name: Test Golden Generic | |
shell: cmd | |
if: success() | |
# We depend on the second service logs to be flushed to disk - | |
# hopefulling the unit tests take long enough for this to | |
# happen. | |
# Create a second VSS right before testing - in most cases the | |
# second VSS is identical to C: and VSS artifacts should | |
# **always** prefer to emit C: based locations over VSS paths. | |
run: | | |
vssadmin create shadow /for=c: | |
echo Running OS generic tests. | |
output\velociraptor.exe -v golden X:\artifacts\testdata\server\testcases\ --env srcDir=X:\ --config X:\artifacts\testdata\windows\github_actions.config.yaml | |
- name: Test Golden Windows | |
shell: cmd | |
if: success() | |
run: | | |
echo Running windows specific tests. | |
output\velociraptor.exe -v golden X:\artifacts\testdata\windows\ --env srcDir=X:\ --config X:\artifacts\testdata\windows\github_actions.config.yaml | |
- name: Upload Build Artifacts | |
if: always() | |
shell: bash | |
run: | | |
mkdir -p artifact_output/windows/ | |
cp artifacts/testdata/windows/*.out* artifact_output/windows/ | |
mkdir -p artifact_output/server/ | |
cp artifacts/testdata/server/testcases/*.out* artifact_output/server/ | |
- uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: artifact | |
path: artifact_output |