Skip to content

tetragon: Limit max entries of cgroup_rate_map when it's not used #7182

tetragon: Limit max entries of cgroup_rate_map when it's not used

tetragon: Limit max entries of cgroup_rate_map when it's not used #7182

Workflow file for this run

name: vmtests
on:
pull_request:
paths-ignore:
- 'docs/**'
push:
branches:
- main
paths-ignore:
- 'docs/**'
jobs:
build:
name: Build tetragon
runs-on: ubuntu-latest
timeout-minutes: 30
concurrency:
group: ${{ github.ref }}-vmtest-build
cancel-in-progress: true
steps:
- name: Checkout code
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
path: go/src/github.com/cilium/tetragon/
- name: Install Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
# renovate: datasource=golang-version depName=go
go-version: '1.22.4'
- name: Install build dependencies
run: |
sudo apt-get update
sudo apt-get install -y libelf-dev netcat-traditional libcap-dev gcc libc6-dev-i386
echo `which clang`
echo `which llc`
echo `clang --version`
- name: Build
env:
GOPATH: /home/runner/work/tetragon/tetragon/go
run: |
cd go/src/github.com/cilium/tetragon/
make -j3 tetragon-bpf tester-progs test-compile
make -C tests/vmtests
- name: Split tests
run: |
# see testfile below
cd go/src/github.com/cilium/tetragon/
go run ./tools/split-tetragon-gotests -ci-run 1
- name: tar build
run: |
cd go/src/github.com/cilium/
tar cz --exclude='tetragon/.git' -f /tmp/tetragon.tar ./tetragon
- name: upload build
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: tetragon-build
path: /tmp/tetragon.tar
retention-days: 5
test:
strategy:
fail-fast: false
matrix:
kernel:
# renovate: datasource=docker depName=quay.io/lvh-images/kernel-images
- 'rhel8-20240610.075410'
# renovate: datasource=docker depName=quay.io/lvh-images/kernel-images
- 'bpf-next-20240610.092500'
# renovate: datasource=docker depName=quay.io/lvh-images/kernel-images
- '6.6-20240610.075410'
# renovate: datasource=docker depName=quay.io/lvh-images/kernel-images
- '6.1-20240610.075410'
# renovate: datasource=docker depName=quay.io/lvh-images/kernel-images
- '5.15-20240610.075410'
# renovate: datasource=docker depName=quay.io/lvh-images/kernel-images
- '5.10-20240610.075410'
# renovate: datasource=docker depName=quay.io/lvh-images/kernel-images
- '5.4-20240610.075410'
# renovate: datasource=docker depName=quay.io/lvh-images/kernel-images
- '4.19-20240610.075410'
group:
- 0
concurrency:
group: ${{ github.ref }}-vmtest-${{ matrix.kernel }}-${{ matrix.group }}
cancel-in-progress: true
needs: build
name: Test kernel ${{ matrix.kernel }} / test group ${{ matrix.group }}
runs-on: ubuntu-latest-4cores-16gb
timeout-minutes: 60
steps:
- name: Install VM test dependencies
run: |
sudo apt-get update
sudo apt-cache search qemu
sudo apt-get install -y mmdebstrap libguestfs-tools qemu-utils qemu-system-x86 cpu-checker qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virtinst virt-manager
- name: Make kernel accessible
run: |
sudo chmod go+rX -R /boot/
- name: download build data
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: tetragon-build
- name: extract build data
# NB: currently, due to how tests work, we need to extract to the same path.
run: |
mkdir -p go/src/github.com/cilium/
tar xf tetragon.tar -C go/src/github.com/cilium
- name: test kernel ${{ matrix.kernel }}
if: ${{ !startsWith(matrix.kernel, '4.19') }}
run: |
cd go/src/github.com/cilium/tetragon
./tests/vmtests/fetch-data.sh ${{ matrix.kernel }}
kimage=$(find tests/vmtests/test-data/kernels -path "*vmlinuz*" -type f)
echo "Using: kernel:$kimage"
sudo ./tests/vmtests/tetragon-vmtests-run \
--kernel ${kimage} \
--kernel-ver ${{ matrix.kernel }} \
--base tests/vmtests/test-data/images/base.qcow2 \
--enable-detailed-results \
--testsfile ./tests/vmtests/test-group-${{ matrix.group }}
- name: test kernel ${{ matrix.kernel }} with btf file
if: ${{ startsWith(matrix.kernel, '4.19') }}
run: |
cd go/src/github.com/cilium/tetragon
./tests/vmtests/fetch-data.sh ${{ matrix.kernel }}
kimage=$(find tests/vmtests/test-data/kernels -path "*vmlinuz*" -type f)
btf=$(find tests/vmtests/test-data/kernels -path "*btf*" -type f)
echo "Using: kernel:$kimage bptf:$btf"
sudo ./tests/vmtests/tetragon-vmtests-run \
--kernel ${kimage} \
--kernel-ver ${{ matrix.kernel }} \
--btf-file ${btf} \
--base tests/vmtests/test-data/images/base.qcow2 \
--enable-detailed-results \
--testsfile ./tests/vmtests/test-group-${{ matrix.group }}
- name: Chmod test results on failure or cancelation
if: failure() || cancelled()
run: |
sudo chmod -R go+rX go/src/github.com/cilium/tetragon/tests/vmtests/vmtests-results-*
- name: Upload test results on failure or cancelation
if: failure() || cancelled()
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: tetragon-vmtests-${{ matrix.kernel }}-${{ matrix.group }}-results
path: go/src/github.com/cilium/tetragon/tests/vmtests/vmtests-results-*
retention-days: 5
post-test:
runs-on: ubuntu-latest
needs: [test]
if: success()
steps:
# delete the built binaries from the artifacts in case of overall success
- uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
name: tetragon-build