Skip to content

feat: add minimum set of syscalls in seccomp profile #167

feat: add minimum set of syscalls in seccomp profile

feat: add minimum set of syscalls in seccomp profile #167

Workflow file for this run

name: tests
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
jobs:
unit-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # ratchet:actions/setup-go@v5
with:
go-version: '1.21'
- name: Install Dependencies
run: |
sudo apt update
sudo apt install -y clang
sudo apt install -y libbpf-dev
sudo apt install -y libseccomp-dev
- name: Build coverage-instrumented binary
run: |
make build-static-libbpfgo
make build-bpf
- name: Run Unit-Test
run: |
mkdir /tmp/unit/
# test packages excluding the ones with libbpfgo
go test \
-cover \
-v \
$(go list ./... | grep -v "github.com/alegrey91/harpoon$" | grep -v ebpf | grep -v cmd) \
-skip TestHarpoon \
-args -test.gocoverdir=/tmp/unit/
- name: Upload cover profiles
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # ratchet:actions/upload-artifact@v4
with:
name: unit-test
path: /tmp/unit/
integration-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # ratchet:actions/setup-go@v5
with:
go-version: '1.21'
- name: Install Dependencies
run: |
sudo apt update
sudo apt install -y clang
sudo apt install -y libbpf-dev
sudo apt install -y libseccomp-dev
- name: Build coverage-instrumented binary
run: |
make build-static-libbpfgo
make build-bpf
make build-go-cover && sudo make -B install
- name: Build test application
run: |
make build -C tests/testcases/example-app/
- name: Run integration test
run: |
mkdir -p /tmp/integration
# we have to run integration tests one-by-one
# otherwhise they will run in parallel.
# since harpoon apply network forwards, these could
# interact with each other and make the test fail.
go test \
-exec sudo \
-cover \
-v main_test.go \
-args -test.gocoverdir=/tmp/integration/
- name: Upload cover profiles
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # ratchet:actions/upload-artifact@v4
with:
name: integration-test
path: /tmp/integration/
code-coverage:
runs-on: ubuntu-latest
needs: [unit-test, integration-test]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4
with:
name: unit-test
path: /tmp/unit-test
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # ratchet:actions/download-artifact@v4
with:
name: integration-test
path: /tmp/integration-test
- name: list files
run: |2
ls -lah /tmp/unit-test
ls -lah /tmp/integration-test
- name: Set up Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # ratchet:actions/setup-go@v5
with:
go-version: '1.21'
- name: Calculate total coverage
run: |2
go tool \
covdata \
textfmt \
-i=/tmp/unit-test,/tmp/integration-test \
-o=code-coverage
go tool \
cover \
-func code-coverage