-
Notifications
You must be signed in to change notification settings - Fork 11
/
action.yml
133 lines (122 loc) · 4.81 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: 'testing'
description: 'All-purpose test suite for Falco and its ecosystem.'
inputs:
test-falco:
description: 'Whether to run Falco tests. Default enabled.'
required: false
default: 'true'
test-falcoctl:
description: 'Whether to run Falcoctl tests. Default disabled.'
required: false
default: 'false'
test-k8saudit:
description: 'Whether to run k8saudit tests. Default disabled.'
required: false
default: 'false'
test-dummy:
description: 'Whether to run dummy plugin tests. Default disabled.'
required: false
default: 'false'
test-drivers:
description: 'Whether to run drivers tests. Requires kernel headers to be installed. Default disabled.'
required: false
default: 'false'
static:
description: 'Whether to run Falco in static mode during tests. Default disabled.'
required: false
default: 'false'
show-all:
description: 'Whether to upload all tests summary, not just failed.'
required: false
default: 'false'
sudo:
description: 'Specify a sudo command. Put it empty when sudo is not available.'
required: false
default: 'sudo'
outputs:
report:
description: "Generated report xml"
value: ${{ steps.store-outputs.outputs.report }}
out_file:
description: "Full tests output file"
value: ${{ steps.store-outputs.outputs.report_txt }}
runs:
using: "composite"
steps:
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version-file: "${{ github.action_path }}/go.mod"
# note: this converts the output of go test into a junit-compatible,
# which can later be processed by test-summary/action to upload
# a Markdown report on the GitHub Actions workflow.
- name: Install go-junit-report
shell: bash
run: |
go install github.com/jstemmer/go-junit-report/v2@latest
- name: Generate test files
working-directory: ${{ github.action_path }}
shell: bash
run: |
go generate ./...
- name: Install needed artifacts using falcoctl
if: ${{ inputs.static == 'false' }}
shell: bash
run: |
${{ inputs.sudo }} mkdir -p /usr/share/falco/plugins
${{ inputs.sudo }} falcoctl artifact install k8saudit-rules
${{ inputs.sudo }} falcoctl artifact install cloudtrail-rules
${{ inputs.sudo }} falcoctl artifact install dummy
- name: Install dependencies for falco-driver-loader tests
if: ${{ inputs.test-drivers == 'true' }}
shell: bash
run: |
${{ inputs.sudo }} apt update -y
${{ inputs.sudo }} apt install -y --no-install-recommends build-essential clang make llvm gcc dkms
- name: Run tests
working-directory: ${{ github.action_path }}
env:
# fixme(leogr): this is a workaround for https://github.com/falcosecurity/falco/issues/2784
HOST_ROOT: ""
shell: bash
run: |
if ${{ inputs.test-falco == 'true' }}; then
./build/falco.test -falco-static=${{ inputs.static }} -test.timeout=180s -test.v >> ./report.txt 2>&1 || true
fi
if ${{ inputs.static == 'false' }}; then
if ${{ inputs.test-falcoctl == 'true' }}; then
./build/falcoctl.test -test.timeout=180s -test.v >> ./report.txt 2>&1 || true
fi
if ${{ inputs.test-k8saudit == 'true' }}; then
./build/k8saudit.test -test.timeout=180s -test.v >> ./report.txt 2>&1 || true
fi
if ${{ inputs.test-dummy == 'true' }}; then
./build/dummy.test -test.timeout=180s -test.v >> ./report.txt 2>&1 || true
fi
if ${{ inputs.test-drivers == 'true' }}; then
${{ inputs.sudo }} ./build/falco-driver-loader.test -test.timeout=180s -test.v >> ./report.txt 2>&1 || true
fi
fi
cat ./report.txt | go-junit-report -set-exit-code > report.xml
- name: Set outputs
id: store-outputs # note: store outputs even if tests fail
working-directory: ${{ github.action_path }}
shell: bash
if: always()
run: |
echo "report=$(realpath report.xml)" >> $GITHUB_OUTPUT
echo "report_txt=$(realpath report.txt)" >> $GITHUB_OUTPUT
- name: Test Summary
if: always() # note: upload the report even if tests fail
uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f
with:
paths: ${{ steps.store-outputs.outputs.report }}
show: ${{ inputs.show-all && 'all' || 'fail' }}
- name: Upload Test Summary
if: always() # note: upload the report even if tests fail
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: falcosecurity-testing-report-${{ runner.arch }}
path: |
${{ steps.store-outputs.outputs.report }}
${{ steps.store-outputs.outputs.report_txt }}