Skip to content

Commit

Permalink
other updates
Browse files Browse the repository at this point in the history
  • Loading branch information
@Smjert
Smjert committed Jul 5, 2024
1 parent 2d7ef83 commit c71e26a
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 100 deletions.
32 changes: 17 additions & 15 deletions .github/workflows/hosted_runners.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,21 +55,10 @@ jobs:
runs-on: ubuntu-20.04

container:
image: smjert/builder20.04:2fec33276
image: osquery/builder20.04:2fec33276
options: --user 1001:1001

steps:
- name: Clone the osquery repository
uses: actions/checkout@v4
with:
fetch-depth: 0

# This script makes sure that the copyright headers have been correctly
# placed on all the source code files
- name: Check the copyright headers
run: |
./tools/ci/scripts/check_copyright_headers.py
- name: Setup the build paths
shell: bash
id: build_paths
Expand All @@ -78,11 +67,24 @@ jobs:
rel_source_path="workspace/src"
mkdir -p "${rel_build_path}"
ln -sf "$(pwd)" "${rel_source_path}"
mkdir -p "${rel_source_path}"
echo "SOURCE=$(realpath ${rel_source_path})" >> $GITHUB_OUTPUT
echo "BINARY=$(realpath ${rel_build_path})" >> $GITHUB_OUTPUT
- name: Clone the osquery repository
uses: actions/checkout@v4
with:
path: ${{ steps.build_paths.outputs.SOURCE }}
fetch-depth: 0

# This script makes sure that the copyright headers have been correctly
# placed on all the source code files
- name: Check the copyright headers
working-directory: ${{ steps.build_paths.outputs.SOURCE }}
run: |
./tools/ci/scripts/check_copyright_headers.py
- name: Configure the project
working-directory: ${{ steps.build_paths.outputs.BINARY }}
run: |
Expand Down Expand Up @@ -140,7 +142,7 @@ jobs:
runs-on: ${{ matrix.os }}

container:
image: smjert/builder20.04:2fec33276
image: osquery/builder20.04:2fec33276
options: --user 1001:1001

strategy:
Expand Down Expand Up @@ -255,7 +257,7 @@ jobs:
runs-on: ${{ matrix.os }}

container:
image: smjert/builder20.04:2fec33276
image: osquery/builder20.04:2fec33276
options: --privileged --init -v /var/run/docker.sock:/var/run/docker.sock --pid=host --user 1001:1001

strategy:
Expand Down
144 changes: 59 additions & 85 deletions .github/workflows/self_hosted_runners.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ on:
# Please remember to update values for both x86 and aarch64 workflows.
env:
PACKAGING_REPO: https://github.com/osquery/osquery-packaging
PACKAGING_COMMIT: 4caa2c54f0d893c1efa47932571046bbce156c52
SUBMODULE_CACHE_VERSION: 2
PACKAGING_COMMIT: 16bf5387af89f4b19488a195e7d60e11275dae27
SUBMODULE_CACHE_VERSION: 3

# If the initial code sanity checks are passing, then one job
# per [`platform` * `build_type`] will start, building osquery
Expand All @@ -43,24 +43,10 @@ jobs:
runs-on: ubuntu-20.04

container:
image: osquery/builder20.04:5b6916940
options: --privileged --init -v /var/run/docker.sock:/var/run/docker.sock
image: osquery/builder20.04:2fec33276
options: --user 1001:1001

steps:

# We are using checkout@v1 because the checkout@v2 action downloads
# the source code without cloning if the installed git is < v2.18.
# Once we update the image we will also be able to select the clone
# destination; right now we are moving the .git folder manually.
- name: Clone the osquery repository
uses: actions/checkout@v1

# This script makes sure that the copyright headers have been correctly
# placed on all the source code files
- name: Check the copyright headers
run: |
./tools/ci/scripts/check_copyright_headers.py
- name: Setup the build paths
shell: bash
id: build_paths
Expand All @@ -69,11 +55,24 @@ jobs:
rel_source_path="workspace/src"
mkdir -p "${rel_build_path}"
ln -sf "$(pwd)" "${rel_source_path}"
mkdir -p "${rel_source_path}"
echo "SOURCE=$(realpath ${rel_source_path})" >> $GITHUB_OUTPUT
echo "BINARY=$(realpath ${rel_build_path})" >> $GITHUB_OUTPUT
- name: Clone the osquery repository
uses: actions/checkout@v4
with:
path: ${{ steps.build_paths.outputs.SOURCE }}
fetch-depth: 0

# This script makes sure that the copyright headers have been correctly
# placed on all the source code files
- name: Check the copyright headers
working-directory: ${{ steps.build_paths.outputs.SOURCE }}
run: |
./tools/ci/scripts/check_copyright_headers.py
- name: Configure the project
working-directory: ${{ steps.build_paths.outputs.BINARY }}
run: |
Expand Down Expand Up @@ -186,8 +185,8 @@ jobs:
runs-on: ${{ matrix.os }}

container:
image: osquery/builder20.04:5b6916940
options: --privileged --init -v /var/run/docker.sock:/var/run/docker.sock
image: osquery/builder20.04:2fec33276
options: --privileged --init -v /var/run/docker.sock:/var/run/docker.sock --pid=host --user 1001:1001

strategy:
matrix:
Expand All @@ -201,8 +200,40 @@ jobs:
cache_key: ubuntu-20.04_aarch64

steps:
# Due to how the RPM packaging tools work, we have to adhere to some
# character count requirements in the build path vs source path.
#
# Failing to do so, will break the debuginfo RPM package.
- name: Setup the build paths
id: build_paths
run: |
rel_build_path="workspace/usr/src/debug/osquery/build"
rel_src_path="workspace/padding-required-by-rpm-packages/src"
rel_ccache_path="workspace/ccache"
rel_package_data_path="workspace/package_data"
rel_packaging_path="workspace/osquery-packaging"
rel_package_build_path="workspace/package-build"
mkdir -p ${rel_build_path} \
${rel_src_path} \
${rel_ccache_path} \
${rel_src_path} \
${rel_package_data_path} \
${rel_package_build_path}
echo "SOURCE=$(realpath ${rel_src_path})" >> $GITHUB_OUTPUT
echo "BINARY=$(realpath ${rel_build_path})" >> $GITHUB_OUTPUT
echo "CCACHE=$(realpath ${rel_ccache_path})" >> $GITHUB_OUTPUT
echo "PACKAGING=$(realpath ${rel_packaging_path})" >> $GITHUB_OUTPUT
echo "PACKAGE_DATA=$(realpath ${rel_package_data_path})" >> $GITHUB_OUTPUT
echo "REL_PACKAGE_BUILD=${rel_package_build_path}" >> $GITHUB_OUTPUT
echo "PACKAGE_BUILD=$(realpath ${rel_package_build_path})" >> $GITHUB_OUTPUT
- name: Clone the osquery repository
uses: actions/checkout@v1
uses: actions/checkout@v4
with:
path: ${{ steps.build_paths.outputs.SOURCE }}
fetch-depth: 0

- name: Select the build job count
shell: bash
Expand Down Expand Up @@ -240,61 +271,12 @@ jobs:
echo "VALUE=OFF" >> $GITHUB_OUTPUT
fi
# When we spawn in the container, we are root; create an unprivileged
# user now so that we can later use it to launch the normal user tests
- name: Create a non-root user
id: unprivileged_user
run: |
useradd -m -s /bin/bash unprivileged_user
echo "NAME=unprivileged_user" >> $GITHUB_OUTPUT
# Due to how the RPM packaging tools work, we have to adhere to some
# character count requirements in the build path vs source path.
#
# Failing to do so, will break the debuginfo RPM package.
- name: Setup the build paths
id: build_paths
run: |
rel_build_path="workspace/usr/src/debug/osquery/build"
rel_src_path="workspace/padding-required-by-rpm-packages/src"
rel_ccache_path="workspace/ccache"
rel_package_data_path="workspace/package_data"
rel_packaging_path="workspace/osquery-packaging"
rel_package_build_path="workspace/package-build"
mkdir -p ${rel_build_path} \
${rel_src_path} \
${rel_ccache_path} \
${rel_src_path} \
${rel_package_data_path} \
${rel_package_build_path}
chown -R ${{ steps.unprivileged_user.outputs.NAME }}:${{ steps.unprivileged_user.outputs.NAME }} .
mv .git "${rel_src_path}"
( cd "${rel_src_path}" && git reset --hard )
echo "SOURCE=$(realpath ${rel_src_path})" >> $GITHUB_OUTPUT
echo "BINARY=$(realpath ${rel_build_path})" >> $GITHUB_OUTPUT
echo "CCACHE=$(realpath ${rel_ccache_path})" >> $GITHUB_OUTPUT
echo "PACKAGING=$(realpath ${rel_packaging_path})" >> $GITHUB_OUTPUT
echo "PACKAGE_DATA=$(realpath ${rel_package_data_path})" >> $GITHUB_OUTPUT
echo "REL_PACKAGE_BUILD=${rel_package_build_path}" >> $GITHUB_OUTPUT
echo "PACKAGE_BUILD=$(realpath ${rel_package_build_path})" >> $GITHUB_OUTPUT
- name: Clone the osquery-packaging repository
run: |
git clone ${{ env.PACKAGING_REPO }} \
${{ steps.build_paths.outputs.PACKAGING }}
cd ${{ steps.build_paths.outputs.PACKAGING }}
git checkout ${{ env.PACKAGING_COMMIT }}
# One of the tests in the test suit will spawn a Docker container
# using this socket. Allow the unprivileged user we created
# to access it.
- name: Update the Docker socket permissions
run: |
chmod 666 /var/run/docker.sock
uses: actions/checkout@v4
with:
path: ${{ steps.build_paths.outputs.PACKAGING }}
repository: ${{ env.PACKAGING_REPO }}
ref: ${{ env.PACKAGING_COMMIT }}

- name: Update the cache (ccache)
uses: actions/cache@v3
Expand Down Expand Up @@ -357,7 +339,7 @@ jobs:
- name: Run the tests as normal user
working-directory: ${{ steps.build_paths.outputs.BINARY }}
run: |
sudo -u ${{ steps.unprivileged_user.outputs.NAME }} ctest --build-nocmake -LE "root-required" -V
ctest --build-nocmake -LE "root-required" -V
- name: Run the tests as root user
working-directory: ${{ steps.build_paths.outputs.BINARY }}
Expand All @@ -383,14 +365,6 @@ jobs:
find . -name "*.a" -exec rm {} \;
find . -name "*.o" -exec rm {} \;
# Since we need to run CMake to create the packages with osquery-packaging, the
# configuration will fail unless the C and C++ compilers are found
- name: Install packaging dependencies
if: matrix.build_type == 'RelWithDebInfo'
run: |
sudo apt update
sudo apt install build-essential gcc g++ -y
- name: Create the packages
if: matrix.build_type == 'RelWithDebInfo'
working-directory: ${{ steps.build_paths.outputs.PACKAGE_BUILD }}
Expand Down

0 comments on commit c71e26a

Please sign in to comment.