Skip to content
CI/CD

Enable ntosebpfext workflows (#21) #1

Sign in to view logs

Enable ntosebpfext workflows (#21)

Enable ntosebpfext workflows (#21) #1

Workflow file for this run

.github/workflows/cicd.yml at 337196d
# Copyright (c) Microsoft Corporation
# SPDX-License-Identifier: MIT
# This is the top-level workflow that runs on each pull request and push to main.
# It invokes other jobs to perform builds and run tests.
# All jobs run in parallel, using build artifacts to synchronize jobs.
#
# If you add or remove any tests that use reusable-test.yml on a pull request,
# you must update codecov.yml to match.
name: CI/CD
on:
# Run on a daily schedule to perform the full set of tests.
schedule:
- cron: '00 8 * * *'
# Run on pull request to validate code changes.
pull_request:
merge_group:
# Permit manual runs of the workflow.
workflow_dispatch:
# Run on push so we can capture the baseline code coverage.
push:
branches: [ main ]
concurrency:
# Cancel any in-progress instance of this workflow (CI/CD) for the same PR.
# Allow running concurrently with any commits on any other branch.
# Using GITHUB_REF instead of GITHUB_SHA allows parallel runs on
# different branches with the same HEAD commit.
group: cicd-${{ github.event.schedule || github.event.pull_request.number || github.event.after || github.ref }}
cancel-in-progress: true
permissions:
id-token: write # Required to log in to Azure.
contents: read
checks: read # Required by reusable-test.yml to check build status.
security-events: write # Required by codeql task.
issues: write # Required to create issues.
jobs:
# Jobs to run on pull, push, and schedule.
# ---------------------------------------------------------------------------
# Perform the regular build.
regular:
# Always run this job.
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-build.yml
with:
ref: ${{ github.ref }}
build_artifact: Build-x64
configurations: '["Debug", "Release"]'
# Run the ntosebpfext unit tests in GitHub.
netebpf_ext_unit_tests:
# Always run this job.
needs: regular
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-test.yml
with:
name: netebpf_ext_unit_tests
pre_test: appverif -enable Exceptions Handles Heaps Leak Locks Memory SRWLock Threadpool TLS DangerousAPIs DirtyStacks TimeRollOver -for unit_tests.exe
test_command: .\ntosebpfext_unit.exe -d yes
build_artifact: Build-x64
environment: windows-2022
code_coverage: true
gather_dumps: true
capture_etw: true
leak_detection: true
ossar:
# Always run this job.
needs: regular
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/ossar-scan.yml
with:
build_artifact: Build-x64
# Additional jobs to run on pull and schedule only (skip push).
# ---------------------------------------------------------------------------
# Build with C++ static analyzer.
analyze:
# Only run on schedule and pull request.
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-build.yml
with:
ref: ${{ github.ref }}
build_artifact: Build-x64-Analyze
# Analysis on external projects is conditional, as on small CI/CD VMs the compiler can run OOM
build_options: /p:Analysis='True' /p:AnalysisOnExternal='False'
# Build with C++ address sanitizer.
sanitize:
# Only run on schedule and pull request.
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-build.yml
with:
ref: ${{ github.ref }}
build_artifact: Build-x64-Sanitize
build_options: /p:AddressSanitizer='True'
# Run the low memory simulator for ntosebpfext_unit tests.
fault_injection_ntosebpfext_unit:
needs: regular
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-test.yml
with:
name: ntosebpfext_fault_injection
test_command: .\ntosebpfext_unit.exe
build_artifact: Build-x64
environment: windows-2022
code_coverage: true
gather_dumps: true
fault_injection: true
leak_detection: true
# Additional jobs to run on a schedule only (skip push and pull request).
# ---------------------------------------------------------------------------
codeql:
# Only run during daily scheduled run
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-build.yml
with:
ref: ${{ github.ref }}
build_artifact: Build-x64-CodeQl
build_codeql: true
# Run the complete fault injection simulator for ntosebpfext in GitHub.
# Runs on a schedule as this takes a long time to run.
ntosebpfext_fault_injection_full:
needs: regular
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-test.yml
with:
name: ntosebpfext_fault_injection_full
test_command: .\ntosebpfext_unit.exe
build_artifact: Build-x64
environment: windows-2022
code_coverage: false
gather_dumps: true
fault_injection: true