ARC migrate #1200
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Parallel Tests | |
# For PRs to dev or pushes that modify the root Dockerfile, build from scratch | |
# then run CI tests using that container in parallel | |
# For forked repos that can't use our panda-arc test suite, just build and run make check | |
on: | |
pull_request: | |
branches: | |
- dev | |
- stable | |
- candidate_release_* | |
#push: | |
# paths: ['Dockerfile'] # If this file changed, we'd need to do a clean build (this action) | |
# otherwise we could speed this up by pulling the last container of 'dev', copying | |
# code into it, and then rebuilding | |
jobs: | |
test_installer: # test install_ubuntu.sh | |
runs-on: panda-arc # Note 22.04 would work, but it requires docker > 20.10.7 which is not on our CI box (yet) | |
container: | |
image: ubuntu:20.04 | |
steps: | |
- name: Update | |
run: apt-get update -y | |
- name: Install ssl | |
run: apt-get install -y libssl-dev | |
- name: Set up Python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: 3.9 | |
- name: Install Python dev headers | |
run: apt-get install -y libpython3.9-dev | |
- uses: actions/checkout@v2 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory | |
- name: Lint PyPANDA with flake8 | |
run: | | |
pip install --upgrade pip | |
pip install flake8 | |
flake8 $GITHUB_WORKSPACE/panda/python/core/pandare/ --count --select=E9,F63,F7,F82 --show-source --statistics | |
# python -m flake8 $GITHUB_WORKSPACE/panda/python/core/pandare/ --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | |
- name: Run install_ubuntu.sh | |
run: cd $GITHUB_WORKSPACE && ./panda/scripts/install_ubuntu.sh | |
build_container: | |
if: github.repository == 'panda-re/panda' | |
runs-on: panda-arc | |
steps: | |
- name: Install git | |
run: sudo apt-get update -y && sudo apt-get install git -y | |
- uses: actions/checkout@v2 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory | |
with: | |
fetch-depth: 0 | |
#- name: Set up Docker Buildx | |
# uses: docker/setup-buildx-action@v3 | |
- name: Build and push | |
uses: docker/build-push-action@v5 | |
with: | |
context: ${{ github.workspace }} | |
tags: panda_local:${{ github.sha }} | |
target: developer | |
- name: Minimal test of built container # Just test to see if one of our binaries is built | |
run: docker run --rm "panda_local:${{ github.sha }}" /bin/bash -c 'exit $(/panda/build/arm-softmmu/panda-system-arm -help | grep -q "usage. panda-system-arm")' | |
- name: Save docker container for next job | |
run: docker save -o panda_local.tar panda_local:${{ github.sha }} && gzip panda_local.tar | |
- name: 'Upload Artifact' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: panda_local_image | |
path: panda_local.tar.gz | |
retention-days: 2 | |
taint_tests: | |
if: github.repository == 'panda-re/panda' | |
runs-on: panda-arc | |
needs: [build_container] | |
strategy: | |
matrix: | |
target: [i386, x86_64] | |
steps: | |
- name: Download a panda artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: panda_local_image | |
- name: Save docker container for next job | |
run: docker load -i panda_local.tar.gz | |
# Given a container with PANDA installed at /panda, run the taint tests | |
- name: Update | |
run: sudo apt-get update -y | |
- name: Install ssl | |
run: sudo apt-get install -y wget | |
- name: Run taint tests inside current container | |
run: >- | |
wget -q https://panda-re.mit.edu/qcows/linux/debian/7.3/x86/debian_7.3_x86.qcow -o wheezy_panda2.qcow2; | |
wget -q https://panda-re.mit.edu/qcows/linux/ubuntu/1804/x86_64/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2; | |
docker run --name panda_test_${{ matrix.target }}_${GITHUB_RUN_ID} | |
--mount type=bind,source=$(pwd)/wheezy_panda2.qcow2,target=/home/panda/regdir/qcows/wheezy_panda2.qcow2 | |
--mount type=bind,source=$(pwd)/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2,target=/home/panda/regdir/qcows/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2 | |
--rm -t "panda_local:${{ github.sha }}" bash -c | |
"cd /tmp; git clone https://github.com/panda-re/panda_test; | |
cd ./panda_test/tests/taint2; | |
python3 taint2_multi_arch_record_or_replay.py --arch ${{ matrix.target }} --mode record; | |
python3 taint2_multi_arch_record_or_replay.py --arch ${{ matrix.target }} --mode replay; | |
sed -i '/^\s*$/d' taint2_log; | |
if cat taint2_log; then echo 'Taint unit test log found!'; else echo 'Taint unit test log NOT found!' && exit 1; fi; | |
echo -e '\nFailures:'; | |
if grep 'fail' taint2_log; then echo 'TEST FAILED!' && exit 1; else echo -e 'None.\nTEST PASSED!' && exit 0; fi" | |
sym_trace_tests: | |
if: github.repository == 'panda-re/panda' | |
runs-on: panda-arc | |
needs: [build_container] | |
strategy: | |
matrix: | |
target: [x86_64] | |
steps: | |
# Given a container with PANDA installed at /panda, run the taint tests | |
- name: Run symbolic tracing tests inside current container | |
run: >- | |
docker run --name panda_sym_test_${{ matrix.target }}_${GITHUB_RUN_ID} | |
--rm -t "panda_local:${{ github.sha }}" bash -c | |
"pip3 install capstone keystone-engine z3-solver; python3 /panda/panda/python/examples/unicorn/taint_sym_x86_64.py; | |
if [ $? -eq 0 ]; then echo -e 'TEST PASSED!' && exit 0; else echo 'TEST FAILED!' && exit 1; fi" | |
make_check: | |
if: github.repository == 'panda-re/panda' | |
runs-on: panda-arc | |
needs: [build_container] | |
strategy: | |
matrix: | |
# See output from `make check-help`: we're just splitting `make check` into all the things it does | |
# so we can run them in parallel: arch-specific qtests, plus a few others | |
target: [check-qtest-x86_64, check-qtest-i386, check-qtest-arm, check-qtest-mips, check-qtest-mipsel, check-qtest-ppc, check-block, check-unit, check-qapi-schema] | |
steps: | |
- name: Run Individual QEMU tests | |
run: >- | |
docker run --name panda_test_${{ matrix.target }}_${GITHUB_RUN_ID} | |
-e PANDA_TEST=yes --cap-add SYS_NICE | |
--rm -t "panda_local:${{ github.sha }}" bash -c | |
"cd /panda/build && make ${{ matrix.target }}" | |
pypanda_tests: | |
if: github.repository == 'panda-re/panda' | |
runs-on: panda-arc | |
needs: [build_container] | |
strategy: | |
matrix: | |
# See output from `make check-help`: we're just splitting `make check` into all the things it does | |
# so we can run them in parallel: arch-specific qtests, plus a few others | |
test_script: [dyn_hooks, copy_test, file_fake, file_hook, generic_tests, monitor_cmds, multi_proc_cbs, sleep_in_cb, syscalls, record_no_snap, sig_suppress] | |
steps: | |
- name: Run individual pypanda tests | |
# TODO: pip requirements install here should be moved to Docker image build to save test time | |
run: >- | |
wget https://panda-re.mit.edu/qcows/linux/ubuntu/1604/x86/ubuntu_1604_x86.qcow; | |
docker run --name panda_test_${{ matrix.test_script }}_${GITHUB_RUN_ID} | |
--mount type=bind,source=$(pwd)/ubuntu_1604_x86.qcow,target=/root/.panda/ubuntu_1604_x86.qcow | |
-e PANDA_TEST=yes --cap-add SYS_NICE | |
--rm -t "panda_local:${{ github.sha }}" bash -c | |
"cd /panda/panda/python/tests/ && make && pip3 install -r requirements.txt && python3 ${{ matrix.test_script }}.py" | |
cleanup: | |
# Cleanup after prior jobs finish - even if they fail | |
needs: [taint_tests, sym_trace_tests, make_check, pypanda_tests] | |
runs-on: panda-arc | |
if: always() | |
steps: | |
# Note we leave the last 72hrs because caching is nice (first few panda image layers won't change often) | |
# docker system prune -> Remove all unused containers, networks, images (both dangling and unreferenced) | |
# docker builder prune -> Remove build cache | |
- name: Cleanup images | |
run: | | |
docker system prune -af --filter "until=72h" | |
docker image prune --all -f --filter "until=72h" | |
docker builder prune -af --filter "until=72h" | |
build_and_check_fork: # Forked repos can't use panda-arc test suite - just checkout and run make check | |
if: github.repository != 'panda-re/panda' | |
runs-on: panda-arc | |
steps: | |
- uses: actions/checkout@v1 # Clones code into to /home/runner/work/panda | |
- name: Build docker container from project root | |
run: cd $GITHUB_WORKSPACE && docker build -t panda_local . | |
- name: Minimal test of built container # Just test to see if one of our binaries is installed | |
run: docker run --rm panda_local /bin/bash -c 'exit $(panda-system-arm -help | grep -q "usage. panda-system-arm")' | |
- name: Minimal test of built container # Run make check to check all architectures (in serial) | |
run: docker run --rm panda_local /bin/bash -c 'cd /panda/build && make check' |