From 88861183eea87c56d8e591f513b613de8e045798 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Fri, 17 Jan 2025 09:06:36 +0100 Subject: [PATCH 1/3] chore(ci): bumped actions/upload-download-artifact. Signed-off-by: Federico Di Pierro --- .github/workflows/format.yaml | 2 +- .github/workflows/release.yaml | 4 +-- .github/workflows/reusable_build_docker.yaml | 2 +- .../workflows/reusable_build_packages.yaml | 30 +++++++++---------- .../workflows/reusable_publish_docker.yaml | 2 +- .../workflows/reusable_publish_packages.yaml | 16 +++++----- .github/workflows/reusable_test_packages.yaml | 2 +- .github/workflows/scorecard.yaml | 2 +- .github/workflows/staticanalysis.yaml | 2 +- 9 files changed, 31 insertions(+), 31 deletions(-) diff --git a/.github/workflows/format.yaml b/.github/workflows/format.yaml index 8432c3abd9b..8e82dda86e3 100644 --- a/.github/workflows/format.yaml +++ b/.github/workflows/format.yaml @@ -32,7 +32,7 @@ jobs: - name: Upload the git diff artifact 📦 if: failure() - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: format_diff.patch path: ./format_diff.patch diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 045efd862aa..b94e562fe32 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -161,7 +161,7 @@ jobs: echo "#### Release Manager @${{ github.event.release.author.login }}" >> release-body.md - name: Download debug symbols for Falco x86_64 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: falco-${{ github.event.release.tag_name }}-x86_64.debug @@ -169,7 +169,7 @@ jobs: run: mv falco.debug falco-x86_64.debug - name: Download debug symbols for Falco aarch64 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: falco-${{ github.event.release.tag_name }}-aarch64.debug diff --git a/.github/workflows/reusable_build_docker.yaml b/.github/workflows/reusable_build_docker.yaml index 3de186f6703..85727889a28 100644 --- a/.github/workflows/reusable_build_docker.yaml +++ b/.github/workflows/reusable_build_docker.yaml @@ -81,7 +81,7 @@ jobs: docker save docker.io/falcosecurity/falco-driver-loader:${{ inputs.arch }}-${{ inputs.tag }}-buster --output /tmp/falco-driver-loader-${{ inputs.arch }}-buster.tar - name: Upload images tarballs - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: falco-images path: /tmp/falco-*.tar diff --git a/.github/workflows/reusable_build_packages.yaml b/.github/workflows/reusable_build_packages.yaml index 21669565523..8f10d5900a0 100644 --- a/.github/workflows/reusable_build_packages.yaml +++ b/.github/workflows/reusable_build_packages.yaml @@ -45,7 +45,7 @@ jobs: cmake --build skeleton-build --target ProbeSkeleton -j6 - name: Upload skeleton - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: bpf_probe_${{ inputs.arch }}.skel.h path: skeleton-build/skel_dir/bpf_probe.skel.h @@ -65,7 +65,7 @@ jobs: uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Download skeleton - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: bpf_probe_${{ inputs.arch }}.skel.h path: /tmp @@ -95,28 +95,28 @@ jobs: cmake --build build --target package - name: Upload Falco tar.gz package - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: falco-${{ inputs.version }}-${{ inputs.arch }}.tar.gz path: | ${{ github.workspace }}/build/falco-*.tar.gz - name: Upload Falco deb package - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: falco-${{ inputs.version }}-${{ inputs.arch }}.deb path: | ${{ github.workspace }}/build/falco-*.deb - name: Upload Falco rpm package - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: falco-${{ inputs.version }}-${{ inputs.arch }}.rpm path: | ${{ github.workspace }}/build/falco-*.rpm - name: Upload Falco debug symbols - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: falco-${{ inputs.version }}-${{ inputs.arch }}.debug path: | @@ -137,7 +137,7 @@ jobs: uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Download skeleton - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: bpf_probe_${{ inputs.arch }}.skel.h path: /tmp @@ -167,7 +167,7 @@ jobs: cmake --build build --target package - name: Upload Falco tar.gz package - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: falco-${{ inputs.version }}-${{ inputs.arch }}-debug.tar.gz path: | @@ -188,7 +188,7 @@ jobs: uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Download skeleton - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: bpf_probe_${{ inputs.arch }}.skel.h path: /tmp @@ -216,7 +216,7 @@ jobs: cmake --build build --target package - name: Upload Falco tar.gz package - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: falco-${{ inputs.version }}-${{ inputs.arch }}-sanitizers.tar.gz path: | @@ -268,7 +268,7 @@ jobs: mv falco-${{ inputs.version }}-x86_64.tar.gz falco-${{ inputs.version }}-static-x86_64.tar.gz - name: Upload Falco static package - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: falco-${{ inputs.version }}-static-x86_64.tar.gz path: | @@ -319,7 +319,7 @@ jobs: emmake make -j6 package - name: Upload Falco WASM package - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: falco-${{ inputs.version }}-wasm.tar.gz path: | @@ -348,13 +348,13 @@ jobs: build/unit_tests/Release/falco_unit_tests.exe - name: Upload Falco win32 installer - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: falco-installer-Release-win32.exe path: build/falco-*.exe - name: Upload Falco win32 package - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: falco-Release-win32.exe path: | @@ -383,7 +383,7 @@ jobs: sudo build/unit_tests/falco_unit_tests - name: Upload Falco macos package - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: falco-${{ inputs.version }}-macos path: | diff --git a/.github/workflows/reusable_publish_docker.yaml b/.github/workflows/reusable_publish_docker.yaml index 82e632ecce8..c8a609a1671 100644 --- a/.github/workflows/reusable_publish_docker.yaml +++ b/.github/workflows/reusable_publish_docker.yaml @@ -34,7 +34,7 @@ jobs: uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - name: Download images tarballs - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: falco-images path: /tmp/falco-images diff --git a/.github/workflows/reusable_publish_packages.yaml b/.github/workflows/reusable_publish_packages.yaml index b408edd5025..9c749a160fc 100644 --- a/.github/workflows/reusable_publish_packages.yaml +++ b/.github/workflows/reusable_publish_packages.yaml @@ -42,37 +42,37 @@ jobs: aws-region: ${{ env.AWS_S3_REGION }} - name: Download RPM x86_64 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: falco-${{ inputs.version }}-x86_64.rpm path: /tmp/falco-build-rpm - name: Download RPM aarch64 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: falco-${{ inputs.version }}-aarch64.rpm path: /tmp/falco-build-rpm - name: Download binary x86_64 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: falco-${{ inputs.version }}-x86_64.tar.gz path: /tmp/falco-build-bin - name: Download binary aarch64 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: falco-${{ inputs.version }}-aarch64.tar.gz path: /tmp/falco-build-bin - name: Download static binary x86_64 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: falco-${{ inputs.version }}-static-x86_64.tar.gz path: /tmp/falco-build-bin-static - name: Download WASM package - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: falco-${{ inputs.version }}-wasm.tar.gz path: /tmp/falco-wasm @@ -125,13 +125,13 @@ jobs: aws-region: ${{ env.AWS_S3_REGION }} - name: Download deb x86_64 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: falco-${{ inputs.version }}-x86_64.deb path: /tmp/falco-build-deb - name: Download deb aarch64 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: falco-${{ inputs.version }}-aarch64.deb path: /tmp/falco-build-deb diff --git a/.github/workflows/reusable_test_packages.yaml b/.github/workflows/reusable_test_packages.yaml index 93fdbbea5a8..605bc0b9709 100644 --- a/.github/workflows/reusable_test_packages.yaml +++ b/.github/workflows/reusable_test_packages.yaml @@ -30,7 +30,7 @@ jobs: runs-on: ${{ (inputs.arch == 'aarch64' && 'github-aarch64-4cpu-16gb') || 'ubuntu-latest' }} steps: - name: Download binary - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: falco-${{ inputs.version }}${{ inputs.static && '-static' || '' }}-${{ inputs.arch }}${{ inputs.sanitizers == true && '-sanitizers' || '' }}.tar.gz diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 60b9703cc08..eea56fa64c0 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -65,7 +65,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/staticanalysis.yaml b/.github/workflows/staticanalysis.yaml index a66c285a4d5..3b85a911511 100644 --- a/.github/workflows/staticanalysis.yaml +++ b/.github/workflows/staticanalysis.yaml @@ -29,7 +29,7 @@ jobs: cmake --build build -j4 --target cppcheck_htmlreport - name: Upload reports ⬆️ - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: static-analysis-reports path: ./build/static-analysis-reports From 9e861a6253c1f52311cc72dc212d9449bfc1f98b Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Fri, 17 Jan 2025 09:11:55 +0100 Subject: [PATCH 2/3] chore(ci:) switch to github provided arm runners. Signed-off-by: Federico Di Pierro --- .github/workflows/reusable_build_dev.yaml | 2 +- .github/workflows/reusable_build_docker.yaml | 2 +- .github/workflows/reusable_build_packages.yaml | 8 ++++---- .github/workflows/reusable_test_packages.yaml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/reusable_build_dev.yaml b/.github/workflows/reusable_build_dev.yaml index a5707fc40ad..8f6540ddbef 100644 --- a/.github/workflows/reusable_build_dev.yaml +++ b/.github/workflows/reusable_build_dev.yaml @@ -39,7 +39,7 @@ permissions: jobs: build-and-test: # See https://github.com/actions/runner/issues/409#issuecomment-1158849936 - runs-on: ${{ (inputs.arch == 'aarch64' && 'github-aarch64-4cpu-16gb') || 'ubuntu-22.04' }} + runs-on: ${{ (inputs.arch == 'aarch64' && 'ubuntu-22.04-arm') || 'ubuntu-22.04' }} outputs: cmdout: ${{ steps.run_cmd.outputs.out }} steps: diff --git a/.github/workflows/reusable_build_docker.yaml b/.github/workflows/reusable_build_docker.yaml index 85727889a28..6e1d5566b66 100644 --- a/.github/workflows/reusable_build_docker.yaml +++ b/.github/workflows/reusable_build_docker.yaml @@ -31,7 +31,7 @@ permissions: jobs: build-docker: # See https://github.com/actions/runner/issues/409#issuecomment-1158849936 - runs-on: ${{ (inputs.arch == 'aarch64' && 'github-aarch64-4cpu-16gb') || 'ubuntu-latest' }} + runs-on: ${{ (inputs.arch == 'aarch64' && 'ubuntu-22.04-arm') || 'ubuntu-latest' }} env: TARGETARCH: ${{ (inputs.arch == 'aarch64' && 'arm64') || 'amd64' }} steps: diff --git a/.github/workflows/reusable_build_packages.yaml b/.github/workflows/reusable_build_packages.yaml index 8f10d5900a0..9cd91a2f1af 100644 --- a/.github/workflows/reusable_build_packages.yaml +++ b/.github/workflows/reusable_build_packages.yaml @@ -27,7 +27,7 @@ permissions: jobs: build-modern-bpf-skeleton: # See https://github.com/actions/runner/issues/409#issuecomment-1158849936 - runs-on: ${{ (inputs.arch == 'aarch64' && 'github-aarch64-4cpu-16gb') || 'ubuntu-latest' }} + runs-on: ${{ (inputs.arch == 'aarch64' && 'ubuntu-22.04-arm') || 'ubuntu-latest' }} container: fedora:latest steps: # Always install deps before invoking checkout action, to properly perform a full clone. @@ -53,7 +53,7 @@ jobs: build-packages-release: # See https://github.com/actions/runner/issues/409#issuecomment-1158849936 - runs-on: ${{ (inputs.arch == 'aarch64' && 'github-aarch64-4cpu-16gb') || 'ubuntu-latest' }} + runs-on: ${{ (inputs.arch == 'aarch64' && 'ubuntu-22.04-arm') || 'ubuntu-latest' }} needs: [build-modern-bpf-skeleton] steps: # Always install deps before invoking checkout action, to properly perform a full clone. @@ -124,7 +124,7 @@ jobs: build-packages-debug: # See https://github.com/actions/runner/issues/409#issuecomment-1158849936 - runs-on: ${{ (inputs.arch == 'aarch64' && 'github-aarch64-4cpu-16gb') || 'ubuntu-22.04' }} + runs-on: ${{ (inputs.arch == 'aarch64' && 'ubuntu-22.04-arm') || 'ubuntu-22.04' }} if: ${{ inputs.enable_debug == true }} needs: [build-modern-bpf-skeleton] steps: @@ -175,7 +175,7 @@ jobs: build-packages-sanitizers: # See https://github.com/actions/runner/issues/409#issuecomment-1158849936 - runs-on: ${{ (inputs.arch == 'aarch64' && 'github-aarch64-4cpu-16gb') || 'ubuntu-latest' }} + runs-on: ${{ (inputs.arch == 'aarch64' && 'ubuntu-22.04-arm') || 'ubuntu-latest' }} if: ${{ inputs.enable_sanitizers == true }} needs: [build-modern-bpf-skeleton] steps: diff --git a/.github/workflows/reusable_test_packages.yaml b/.github/workflows/reusable_test_packages.yaml index 605bc0b9709..0e0c52e1ac9 100644 --- a/.github/workflows/reusable_test_packages.yaml +++ b/.github/workflows/reusable_test_packages.yaml @@ -27,7 +27,7 @@ permissions: jobs: test-packages: # See https://github.com/actions/runner/issues/409#issuecomment-1158849936 - runs-on: ${{ (inputs.arch == 'aarch64' && 'github-aarch64-4cpu-16gb') || 'ubuntu-latest' }} + runs-on: ${{ (inputs.arch == 'aarch64' && 'ubuntu-22.04-arm') || 'ubuntu-latest' }} steps: - name: Download binary uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 From 002ace1240782172529f43f4ec1c39c822fa5160 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Fri, 17 Jan 2025 09:12:44 +0100 Subject: [PATCH 3/3] chore(ci): enable test-drivers for arm64 too. Signed-off-by: Federico Di Pierro --- .github/workflows/reusable_test_packages.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/reusable_test_packages.yaml b/.github/workflows/reusable_test_packages.yaml index 0e0c52e1ac9..5585e97b11e 100644 --- a/.github/workflows/reusable_test_packages.yaml +++ b/.github/workflows/reusable_test_packages.yaml @@ -43,7 +43,6 @@ jobs: # We only run driver loader tests on x86_64 - name: Install kernel headers for falco-driver-loader tests - if: ${{ inputs.arch == 'x86_64' }} run: | sudo apt update -y sudo apt install -y --no-install-recommends linux-headers-$(uname -r) @@ -64,6 +63,6 @@ jobs: test-k8saudit: 'true' test-dummy: 'true' static: ${{ inputs.static && 'true' || 'false' }} - test-drivers: ${{ inputs.arch == 'x86_64' && 'true' || 'false' }} + test-drivers: 'true' show-all: 'true' report-name-suffix: ${{ inputs.static && '-static' || '' }}${{ inputs.sanitizers && '-sanitizers' || '' }}