Skip to content

ARC migrate

ARC migrate #1200

Workflow file for this run

name: Parallel Tests
# For PRs to dev or pushes that modify the root Dockerfile, build from scratch
# then run CI tests using that container in parallel
# For forked repos that can't use our panda-arc test suite, just build and run make check
on:
pull_request:
branches:
- dev
- stable
- candidate_release_*
#push:
# paths: ['Dockerfile'] # If this file changed, we'd need to do a clean build (this action)
# otherwise we could speed this up by pulling the last container of 'dev', copying
# code into it, and then rebuilding
jobs:
test_installer: # test install_ubuntu.sh
runs-on: panda-arc # Note 22.04 would work, but it requires docker > 20.10.7 which is not on our CI box (yet)
container:
image: ubuntu:20.04
steps:
- name: Update
run: apt-get update -y
- name: Install ssl
run: apt-get install -y libssl-dev
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: 3.9
- name: Install Python dev headers
run: apt-get install -y libpython3.9-dev
- uses: actions/checkout@v2 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory
- name: Lint PyPANDA with flake8
run: |
pip install --upgrade pip
pip install flake8
flake8 $GITHUB_WORKSPACE/panda/python/core/pandare/ --count --select=E9,F63,F7,F82 --show-source --statistics
# python -m flake8 $GITHUB_WORKSPACE/panda/python/core/pandare/ --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Run install_ubuntu.sh
run: cd $GITHUB_WORKSPACE && ./panda/scripts/install_ubuntu.sh
build_container:
if: github.repository == 'panda-re/panda'
runs-on: panda-arc
steps:
- name: Install git
run: sudo apt-get update -y && sudo apt-get install git -y
- uses: actions/checkout@v2 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory
with:
fetch-depth: 0
#- name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v5
with:
context: ${{ github.workspace }}
tags: panda_local:${{ github.sha }}
target: developer
- name: Minimal test of built container # Just test to see if one of our binaries is built
run: docker run --rm "panda_local:${{ github.sha }}" /bin/bash -c 'exit $(/panda/build/arm-softmmu/panda-system-arm -help | grep -q "usage. panda-system-arm")'
- name: Save docker container for next job
run: docker save -o panda_local.tar panda_local:${{ github.sha }} && gzip panda_local.tar
- name: 'Upload Artifact'
uses: actions/upload-artifact@v3
with:
name: panda_local_image
path: panda_local.tar.gz
retention-days: 2
taint_tests:
if: github.repository == 'panda-re/panda'
runs-on: panda-arc
needs: [build_container]
strategy:
matrix:
target: [i386, x86_64]
steps:
- name: Download a panda artifact
uses: actions/download-artifact@v3
with:
name: panda_local_image
- name: Save docker container for next job
run: docker load -i panda_local.tar.gz
# Given a container with PANDA installed at /panda, run the taint tests
- name: Update
run: sudo apt-get update -y
- name: Install ssl
run: sudo apt-get install -y wget
- name: Run taint tests inside current container
run: >-
wget -q https://panda-re.mit.edu/qcows/linux/debian/7.3/x86/debian_7.3_x86.qcow -o wheezy_panda2.qcow2;
wget -q https://panda-re.mit.edu/qcows/linux/ubuntu/1804/x86_64/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2;
docker run --name panda_test_${{ matrix.target }}_${GITHUB_RUN_ID}
--mount type=bind,source=$(pwd)/wheezy_panda2.qcow2,target=/home/panda/regdir/qcows/wheezy_panda2.qcow2
--mount type=bind,source=$(pwd)/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2,target=/home/panda/regdir/qcows/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2
--rm -t "panda_local:${{ github.sha }}" bash -c
"cd /tmp; git clone https://github.com/panda-re/panda_test;
cd ./panda_test/tests/taint2;
python3 taint2_multi_arch_record_or_replay.py --arch ${{ matrix.target }} --mode record;
python3 taint2_multi_arch_record_or_replay.py --arch ${{ matrix.target }} --mode replay;
sed -i '/^\s*$/d' taint2_log;
if cat taint2_log; then echo 'Taint unit test log found!'; else echo 'Taint unit test log NOT found!' && exit 1; fi;
echo -e '\nFailures:';
if grep 'fail' taint2_log; then echo 'TEST FAILED!' && exit 1; else echo -e 'None.\nTEST PASSED!' && exit 0; fi"
sym_trace_tests:
if: github.repository == 'panda-re/panda'
runs-on: panda-arc
needs: [build_container]
strategy:
matrix:
target: [x86_64]
steps:
# Given a container with PANDA installed at /panda, run the taint tests
- name: Run symbolic tracing tests inside current container
run: >-
docker run --name panda_sym_test_${{ matrix.target }}_${GITHUB_RUN_ID}
--rm -t "panda_local:${{ github.sha }}" bash -c
"pip3 install capstone keystone-engine z3-solver; python3 /panda/panda/python/examples/unicorn/taint_sym_x86_64.py;
if [ $? -eq 0 ]; then echo -e 'TEST PASSED!' && exit 0; else echo 'TEST FAILED!' && exit 1; fi"
make_check:
if: github.repository == 'panda-re/panda'
runs-on: panda-arc
needs: [build_container]
strategy:
matrix:
# See output from `make check-help`: we're just splitting `make check` into all the things it does
# so we can run them in parallel: arch-specific qtests, plus a few others
target: [check-qtest-x86_64, check-qtest-i386, check-qtest-arm, check-qtest-mips, check-qtest-mipsel, check-qtest-ppc, check-block, check-unit, check-qapi-schema]
steps:
- name: Run Individual QEMU tests
run: >-
docker run --name panda_test_${{ matrix.target }}_${GITHUB_RUN_ID}
-e PANDA_TEST=yes --cap-add SYS_NICE
--rm -t "panda_local:${{ github.sha }}" bash -c
"cd /panda/build && make ${{ matrix.target }}"
pypanda_tests:
if: github.repository == 'panda-re/panda'
runs-on: panda-arc
needs: [build_container]
strategy:
matrix:
# See output from `make check-help`: we're just splitting `make check` into all the things it does
# so we can run them in parallel: arch-specific qtests, plus a few others
test_script: [dyn_hooks, copy_test, file_fake, file_hook, generic_tests, monitor_cmds, multi_proc_cbs, sleep_in_cb, syscalls, record_no_snap, sig_suppress]
steps:
- name: Run individual pypanda tests
# TODO: pip requirements install here should be moved to Docker image build to save test time
run: >-
wget https://panda-re.mit.edu/qcows/linux/ubuntu/1604/x86/ubuntu_1604_x86.qcow;
docker run --name panda_test_${{ matrix.test_script }}_${GITHUB_RUN_ID}
--mount type=bind,source=$(pwd)/ubuntu_1604_x86.qcow,target=/root/.panda/ubuntu_1604_x86.qcow
-e PANDA_TEST=yes --cap-add SYS_NICE
--rm -t "panda_local:${{ github.sha }}" bash -c
"cd /panda/panda/python/tests/ && make && pip3 install -r requirements.txt && python3 ${{ matrix.test_script }}.py"
cleanup:
# Cleanup after prior jobs finish - even if they fail
needs: [taint_tests, sym_trace_tests, make_check, pypanda_tests]
runs-on: panda-arc
if: always()
steps:
# Note we leave the last 72hrs because caching is nice (first few panda image layers won't change often)
# docker system prune -> Remove all unused containers, networks, images (both dangling and unreferenced)
# docker builder prune -> Remove build cache
- name: Cleanup images
run: |
docker system prune -af --filter "until=72h"
docker image prune --all -f --filter "until=72h"
docker builder prune -af --filter "until=72h"
build_and_check_fork: # Forked repos can't use panda-arc test suite - just checkout and run make check
if: github.repository != 'panda-re/panda'
runs-on: panda-arc
steps:
- uses: actions/checkout@v1 # Clones code into to /home/runner/work/panda
- name: Build docker container from project root
run: cd $GITHUB_WORKSPACE && docker build -t panda_local .
- name: Minimal test of built container # Just test to see if one of our binaries is installed
run: docker run --rm panda_local /bin/bash -c 'exit $(panda-system-arm -help | grep -q "usage. panda-system-arm")'
- name: Minimal test of built container # Run make check to check all architectures (in serial)
run: docker run --rm panda_local /bin/bash -c 'cd /panda/build && make check'