chore(ci): consolidate dependency installation steps in CI workflows #324
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and test container plugin | |
| on: | |
| pull_request: | |
| branches: [ main ] | |
| paths: | |
| - 'plugins/container/**' | |
| push: | |
| branches: [ main ] | |
| paths: | |
| - 'plugins/container/**' | |
| workflow_dispatch: | |
| permissions: | |
| packages: read | |
| jobs: | |
| build-others: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ windows-latest, macos-latest ] | |
| include: | |
| - os: windows-latest | |
| artifact-name: 'libcontainer-win' | |
| artifact-path: 'plugins/container/container.dll' | |
| - os: macos-latest | |
| artifact-name: 'libcontainer-osx' | |
| artifact-path: 'plugins/container/libcontainer.dylib' | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| submodules: 'recursive' | |
| - name: Setup Go | |
| uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: plugins/container/go-worker/go.mod | |
| cache-dependency-path: plugins/container/go-worker/go.sum | |
| - name: Build plugin library | |
| working-directory: plugins/container | |
| run: make | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: ${{ matrix.artifact-name }} | |
| path: ${{ matrix.artifact-path }} | |
| build-linux: | |
| name: build-linux-${{ matrix.arch }} | |
| runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-22.04-arm') || 'ubuntu-22.04' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: [ amd64, arm64 ] | |
| container: debian:bullseye | |
| steps: | |
| - name: Install deps | |
| run: apt-get update && apt-get install -y --no-install-recommends build-essential zip unzip ninja-build ca-certificates curl git | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| submodules: 'recursive' | |
| - name: Safe directory | |
| run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
| - name: Setup Go | |
| uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: plugins/container/go-worker/go.mod | |
| cache-dependency-path: plugins/container/go-worker/go.sum | |
| - name: Install cmake ⛓️ | |
| uses: ./.github/actions/install-cmake | |
| - name: Build plugin library | |
| working-directory: plugins/container | |
| run: make | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: libcontainer-${{ matrix.arch }} | |
| path: 'plugins/container/libcontainer.so' | |
| test: | |
| name: test-${{ matrix.arch }} | |
| needs: [build-linux] | |
| runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-24.04-arm') || 'ubuntu-24.04' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: [ amd64, arm64 ] | |
| steps: | |
| # libbtrfs: needed by podman package - build dep. | |
| - name: Install go test deps | |
| run: sudo apt-get install -y --no-install-recommends libbtrfs-dev | |
| - name: Checkout repo | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| submodules: 'recursive' | |
| - name: Setup Go | |
| uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: plugins/container/go-worker/go.mod | |
| cache-dependency-path: plugins/container/go-worker/go.sum | |
| - name: Build go-worker executable | |
| working-directory: plugins/container | |
| run: make -C go-worker exe | |
| - name: Run tests | |
| working-directory: plugins/container | |
| run: | | |
| systemctl --user start podman | |
| make test | |
| falco-tests: | |
| needs: [build-linux] | |
| name: falco-tests-${{ matrix.arch }} | |
| runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-22.04-arm') || 'ubuntu-22.04' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: [ amd64, arm64 ] | |
| container: | |
| image: falcosecurity/falco:master-debian | |
| steps: | |
| - name: Download library | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: libcontainer-${{ matrix.arch }} | |
| path: /usr/share/falco/plugins/ | |
| - name: Run falcosecurity/testing Falco tests | |
| env: | |
| # Authenticate to GitHub Container Registry to pull falcoctl image | |
| # This is a mitigation for the ghcr.io rate limiting issue | |
| # See https://github.com/falcosecurity/rules/issues/331 | |
| FALCOCTL_REGISTRY_AUTH_BASIC: ghcr.io,${{ github.actor }},${{ github.token }} | |
| uses: falcosecurity/testing@main | |
| with: | |
| test-falco: 'true' | |
| test-falcoctl: 'false' | |
| test-k8saudit: 'false' | |
| test-dummy: 'false' | |
| static: 'false' | |
| test-drivers: 'false' | |
| show-all: 'true' | |
| sudo: '' | |
| libs-tests: | |
| needs: [build-linux] | |
| uses: falcosecurity/libs/.github/workflows/reusable_e2e_tests.yaml@master | |
| with: | |
| container_plugin_artifact_name: 'libcontainer-amd64' | |
| secrets: inherit | |
| formatting-check: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Run clang-format style check | |
| uses: jidicula/clang-format-action@6cd220de46c89139a0365edae93eee8eb30ca8fe #v4.16.0 | |
| with: | |
| clang-format-version: '18' | |
| check-path: plugins/container | |
| exclude-regex: 'plugin_config_schema.h' |