Skip to content

BPF Recorder: Exclude Container Initialization from Recorded Profile #7633

BPF Recorder: Exclude Container Initialization from Recorded Profile

BPF Recorder: Exclude Container Initialization from Recorded Profile #7633

Workflow file for this run

name: test
on:
push:
branches:
- main
pull_request:
env:
GO_VERSION: '1.23'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
analyze:
permissions:
# write security-events is required by all codeql-action workflows
security-events: write
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: github/codeql-action/init@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # v2.17.1
with:
languages: go
- uses: github/codeql-action/autobuild@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # v2.17.1
- uses: github/codeql-action/analyze@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # v2.17.1
coverage:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: ${{ env.GO_VERSION }}
- name: Install dependencies
run: sudo hack/install-packages
- run: make test-unit
- uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
with:
files: build/coverage.out
flags: unittests
verbose: true
image:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- run: hack/install-crun
- run: make image
env:
XDG_RUNTIME_DIR: ''
- run: podman save -o image.tar security-profiles-operator
- uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: image
path: image.tar
e2e-fedora:
needs: image
# TODO: move back to 22.04 when https://github.com/actions/runner-images/issues/10678 got resolved
runs-on: ubuntu-20.04
timeout-minutes: 90
env:
RUN: ./hack/ci/run-fedora.sh
steps:
- name: Set up vagrant
run: |
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt-get update
sudo apt-get install -y vagrant virtualbox
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: image
path: .
- name: Boot Virtual Machine
run: make vagrant-up-fedora
- name: Show environment information
run: |
$RUN kubectl wait --for=condition=ready --timeout=60s nodes --all
$RUN kubectl get nodes -o wide
- name: Set up git config
run: |
$RUN git config --global --add safe.directory /vagrant
- name: Run E2E tests
run: $RUN hack/ci/e2e-fedora.sh
- name: Run Flaky E2E tests
continue-on-error: true
run: |
$RUN "echo \"export E2E_TEST_FLAKY_TESTS_ONLY=true\" >> /vagrant/hack/ci/env.sh"
$RUN hack/ci/e2e-fedora.sh
e2e-ubuntu:
needs: image
# TODO: move back to 22.04 when https://github.com/actions/runner-images/issues/10678 got resolved
runs-on: ubuntu-20.04
timeout-minutes: 90
env:
RUN: ./hack/ci/run-ubuntu.sh
steps:
- name: Set up vagrant
run: |
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt-get update
sudo apt-get install -y vagrant virtualbox
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: image
path: .
- name: Boot Virtual Machine
run: make vagrant-up-ubuntu
- name: Show environment information
run: |
$RUN kubectl wait --for=condition=ready --timeout=60s nodes --all
$RUN kubectl get nodes -o wide
- name: Set up git config
run: |
$RUN git config --global --add safe.directory /vagrant
- name: Run E2E tests
run: $RUN hack/ci/e2e-ubuntu.sh
- name: Run Flaky E2E tests
continue-on-error: true
run: |
$RUN "echo \"export E2E_TEST_FLAKY_TESTS_ONLY=true\" >> /vagrant/hack/ci/env.sh"
$RUN hack/ci/e2e-ubuntu.sh
e2e-flatcar:
needs: image
# TODO: move back to 22.04 when https://github.com/actions/runner-images/issues/10678 got resolved
runs-on: ubuntu-20.04
timeout-minutes: 90
env:
RUN: ./hack/ci/run-flatcar.sh
steps:
- name: Set up vagrant
run: |
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt-get update
sudo apt-get install -y vagrant virtualbox
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Vagrant box version
id: vagrant-box
run: |
echo "version=$(curl -s https://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_vagrant.json | jq '.versions[0].version' | tr -d '".')" >> $GITHUB_OUTPUT
shell: bash
- name: Upgrade vagrant box
run: |
ln -sf hack/ci/Vagrantfile-flatcar Vagrantfile
vagrant box update
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: image
path: .
- name: Boot Virtual Machine
run: make vagrant-up-flatcar
- name: Show environment information
run: |
$RUN kubectl wait --for=condition=ready --timeout=600s node localhost
$RUN kubectl get nodes -o wide
- name: Run E2E tests
run: $RUN hack/ci/e2e-flatcar-dev-container.sh
- name: Run Flaky E2E tests
continue-on-error: true
run: |
$RUN "echo \"export E2E_TEST_FLAKY_TESTS_ONLY=true\" >> /vagrant/hack/ci/env-flatcar.sh"
$RUN hack/ci/e2e-flatcar-dev-container.sh
e2e-spoc:
needs: image
# TODO: move back to 22.04 when https://github.com/actions/runner-images/issues/10678 got resolved
runs-on: ubuntu-20.04
timeout-minutes: 90
env:
RUN: ./hack/ci/run-debian.sh
steps:
- name: Set up vagrant
run: |
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt-get update
sudo apt-get install -y vagrant virtualbox
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: image
path: .
- name: Boot Virtual Machine
run: make vagrant-up-debian
- name: Show environment information
run: |
$RUN kubectl wait --for=condition=ready --timeout=60s nodes --all
$RUN kubectl get nodes -o wide
- name: Set up git config
run: |
$RUN git config --global --add safe.directory /vagrant
- name: Run spoc E2E tests
run: $RUN hack/ci/e2e-spoc.sh
e2e-seccomp-profile:
needs: image
# TODO: move back to 22.04 when https://github.com/actions/runner-images/issues/10678 got resolved
runs-on: ubuntu-20.04
timeout-minutes: 90
env:
RUN: ./hack/ci/run-debian.sh
steps:
- name: Set up vagrant
run: |
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt-get update
sudo apt-get install -y vagrant virtualbox
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: image
path: .
- name: Boot Virtual Machine
run: make vagrant-up-debian
- name: Show environment information
run: |
$RUN kubectl wait --for=condition=ready --timeout=60s nodes --all
$RUN kubectl get nodes -o wide
- name: Set up git config
run: |
$RUN git config --global --add safe.directory /vagrant
- name: Run E2E test to record seccomp profile
run: $RUN hack/ci/e2e-seccomp.sh
e2e-apparmor-profile:
needs: image
# TODO: move back to 22.04 when https://github.com/actions/runner-images/issues/10678 got resolved
runs-on: ubuntu-20.04
timeout-minutes: 90
env:
RUN: ./hack/ci/run-debian.sh
steps:
- name: Set up vagrant
run: |
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt-get update
sudo apt-get install -y vagrant virtualbox
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: image
path: .
- name: Boot Virtual Machine
run: make vagrant-up-debian
- name: Show environment information
run: |
$RUN kubectl wait --for=condition=ready --timeout=60s nodes --all
$RUN kubectl get nodes -o wide
- name: Set up git config
run: |
$RUN git config --global --add safe.directory /vagrant
- name: Run E2E test to record apparmor profile
run: $RUN hack/ci/e2e-apparmor.sh
typos:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: crate-ci/typos@9d890159570d5018df91fedfa40b4730cd4a81b1 # v1.28.4
with:
config: .typos.toml