-
Notifications
You must be signed in to change notification settings - Fork 498
212 lines (194 loc) · 9.58 KB
/
parallel_tests.yml
File metadata and controls
212 lines (194 loc) · 9.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
name: Parallel Tests
env:
PANDA_ARC_REGISTRY: ${{ secrets.PANDA_ARC_REGISTRY || 'harbor.harbor.svc.cluster.local' }}
PANDA_ARC_REGISTRY_USER: ${{ secrets.PANDA_ARC_REGISTRY_USER || 'external' }}
PANDA_CACHE: ${{ secrets.PANDA_ARC_REGISTRY && format('{0}/proxy', secrets.PANDA_ARC_REGISTRY) || 'docker.io' }}
PANDA_TARGET: ${{ secrets.PANDA_ARC_REGISTRY || 'harbor.harbor.svc.cluster.local/external' }}
EXTERNAL_REGISTRY_PASS: 'PctyVGasz15Pn9M0yA9yMNwOawFaXnk3Tl4N'
# For PRs to dev or pushes that modify the root Dockerfile, build from scratch
# then run CI tests using that container in parallel
# For forked repos that can't use our panda-arc test suite, just build and run make check
on:
# Allow to repo owner to manually run this workflow for external PRs once code is vetted
workflow_dispatch:
# Run automatically for internal PRs and pushes
pull_request:
branches:
- dev
- stable
- candidate_release_*
#push:
# paths: ['Dockerfile'] # If this file changed, we'd need to do a clean build (this action)
# otherwise we could speed this up by pulling the last container of 'dev', copying
# code into it, and then rebuilding
jobs:
lint:
runs-on: panda-arc
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: "3.10.12"
- name: Install dependencies
run: pip install flake8 lintly markupsafe==2.0.1
- name: Lint with flake8
if: github.event.pull_request.head.repo.full_name == github.repository
run: |
set -o pipefail
(flake8 $GITHUB_WORKSPACE/panda/python/core/pandare/ --count --select=E9,F63,F7,F82 --show-source --statistics | lintly) 2>lintly.err || {
if grep -q 'diff exceeded the maximum number of lines' lintly.err; then
echo "Bypassing lint failure due to large diff."
exit 0
else
cat lintly.err
exit 1
fi
}
env:
LINTLY_API_KEY: ${{ secrets.GITHUB_TOKEN }}
- name: External lint
if: github.event.pull_request.head.repo.full_name != github.repository
run: |
flake8 $GITHUB_WORKSPACE/panda/python/core/pandare/ --count --select=E9,F63,F7,F82 --show-source --statistics
# test_installer: # test install_ubuntu.sh
# runs-on: panda-arc # Note 22.04 would work, but it requires docker > 20.10.7 which is not on our CI box (yet)
# container:
# image: ubuntu:22.04
# steps:
# - name: Update
# run: apt-get -qq update -y
# - name: Run install_ubuntu.sh
# run: cd $GITHUB_WORKSPACE && ./panda/scripts/install_ubuntu.sh
build_container:
if: github.repository == 'panda-re/panda'
runs-on: panda-arc
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: |
image=moby/buildkit:master
network=host
buildkitd-config-inline: |
[registry."${{ env.PANDA_ARC_REGISTRY }}"]
insecure = true
http = true
- name: Trust Harbor's self-signed certificate
run: |
echo "Fetching certificate from registry"
openssl s_client -showcerts -connect ${{ env.PANDA_ARC_REGISTRY }}:443 < /dev/null 2>/dev/null | openssl x509 -outform PEM | sudo tee /usr/local/share/ca-certificates/harbor.crt > /dev/null
sudo update-ca-certificates
- name: Log in to Panda Arc Registry
uses: docker/login-action@v3
with:
registry: ${{ env.PANDA_ARC_REGISTRY }}
username: ${{ env.PANDA_ARC_REGISTRY_USER }}
password: ${{ secrets.PANDA_ARC_REGISTRY_PASSWORD || env.EXTERNAL_REGISTRY_PASS }}
- name: Build panda:latest
uses: docker/build-push-action@v6.18.0
with:
push: false # set this to true if you we start using the container
context: ${{ github.workspace }}
target: panda
tags: |
${{ env.PANDA_TARGET }}/pandare/panda:${{ github.sha }}
cache-from: |
type=registry,ref=${{ env.PANDA_TARGET }}/pandare/panda:cache,mode=max
type=registry,ref=${{ env.PANDA_TARGET }}/pandare/panda:cache-PR-${{github.event.number}},mode=max
cache-to: |
type=registry,ref=${{ env.PANDA_TARGET }}/pandare/panda:cache,mode=max
type=registry,ref=${{ env.PANDA_TARGET }}/pandare/panda:cache-PR-${{github.event.number}},mode=max
type=registry,ref=${{ env.PANDA_TARGET }}/pandare/panda:cache_last_published,mode=max
build-args: |
REGISTRY=${{ env.PANDA_CACHE }}
# - name: Minimal test of built container # Just test to see if one of our binaries is built
# run: docker run --rm "${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:${{ github.sha }}" /bin/bash -c 'exit $(/panda/build/arm-softmmu/panda-system-arm -help | grep -q "usage. panda-system-arm")'
# tests:
# runs-on: panda-arc
# needs: [build_container]
# strategy:
# matrix:
# include:
# - test_type: "taint"
# target: "i386"
# - test_type: "taint"
# target: "x86_64"
# - test_type: "pypanda"
# test_script: "all"
# - test_type: "make_check"
# test_script: "all"
# steps:
# - uses: actions/checkout@v5
# with:
# fetch-depth: 0
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v3
# with:
# driver-opts: |
# image=moby/buildkit:master
# network=host
# buildkitd-config-inline: |
# [registry."${{ env.PANDA_ARC_REGISTRY }}"]
# insecure = true
# http = true
# - name: Trust Harbor's self-signed certificate
# run: |
# echo "Fetching certificate from registry"
# openssl s_client -showcerts -connect ${{ env.PANDA_ARC_REGISTRY }}:443 < /dev/null 2>/dev/null | openssl x509 -outform PEM | sudo tee /usr/local/share/ca-certificates/harbor.crt > /dev/null
# sudo update-ca-certificates
# - name: Log in to Panda Arc Registry
# uses: docker/login-action@v3
# with:
# registry: ${{ env.PANDA_ARC_REGISTRY }}
# username: ${{ env.PANDA_ARC_REGISTRY_USER }}
# password: ${{ secrets.PANDA_ARC_REGISTRY_PASSWORD || env.EXTERNAL_REGISTRY_PASS }}
# # Given a container with PANDA installed at /panda, run the taint tests
# - name: Update
# run: sudo apt-get -qq update -y
# - name: Install ssl
# run: sudo apt-get -qq install -y wget
# - name: Run Taint Tests
# if: matrix.test_type == 'taint'
# run: >-
# wget -q -O wheezy_panda2.qcow2 https://panda-re.mit.edu/qcows/linux/debian/7.3/x86/debian_7.3_x86.qcow;
# wget -q https://panda-re.mit.edu/qcows/linux/ubuntu/1804/x86_64/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2;
# docker run --name panda_test_${{ matrix.target }}_${GITHUB_RUN_ID}
# --mount type=bind,source=$(pwd)/wheezy_panda2.qcow2,target=/home/panda/regdir/qcows/wheezy_panda2.qcow2
# --mount type=bind,source=$(pwd)/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2,target=/home/panda/regdir/qcows/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2
# --rm -t "${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:${{ github.sha }}" bash -c
# "cd /tmp; git clone https://github.com/panda-re/panda_test;
# cd ./panda_test/tests/taint2;
# echo 'Running Record:';
# python3 taint2_multi_arch_record_or_replay.py --arch ${{ matrix.target }} --mode record;
# echo 'Running Replay:';
# python3 taint2_multi_arch_record_or_replay.py --arch ${{ matrix.target }} --mode replay;
# sed -i '/^\s*$/d' taint2_log;
# if cat taint2_log; then echo 'Taint unit test log found!'; else echo 'Taint unit test log NOT found!' && exit 1; fi;
# echo -e '\nFailures:';
# if grep 'fail' taint2_log; then echo 'TEST FAILED!' && exit 1; else echo -e 'None.\nTEST PASSED!' && exit 0; fi"
# - name: Run PyPanda Tests
# if: matrix.test_type == 'pypanda'
# run: >-
# wget -q https://panda-re.mit.edu/qcows/linux/ubuntu/1604/x86/ubuntu_1604_x86.qcow;
# docker run --name panda_test_${{ matrix.test_script }}_${GITHUB_RUN_ID}
# --mount type=bind,source=$(pwd)/ubuntu_1604_x86.qcow,target=/root/.panda/ubuntu_1604_x86.qcow
# -e PANDA_TEST=yes --cap-add SYS_NICE
# --rm -t "${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:${{ github.sha }}" bash -c
# "cd /panda/panda/python/tests/ && make && pip3 install -r requirements.txt && chmod +x ./run_all_tests.sh && ./run_all_tests.sh";
# docker run --name panda_sym_test_${{ matrix.target }}_${GITHUB_RUN_ID}
# --rm -t "${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:${{ github.sha }}" bash -c
# "pip3 install capstone keystone-engine z3-solver; python3 /panda/panda/python/examples/unicorn/taint_sym_x86_64.py;
# if [ $? -eq 0 ]; then echo -e 'TEST PASSED!' && exit 0; else echo 'TEST FAILED!' && exit 1; fi"
# - name: Run make Tests
# if: matrix.test_type == 'make_check'
# run: >-
# docker run --name panda_test_${{ matrix.test_script }}_${GITHUB_RUN_ID}
# -e PANDA_TEST=yes --cap-add SYS_NICE
# --rm -t "${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:${{ github.sha }}" bash -c
# "cd /panda/build && make check"