diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f3e57c9..54b5156 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,6 +31,30 @@ jobs: - name: test run: sudo --preserve-env make test + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + with: + install: true + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: "1.22" + + - name: build ebpf image + run: make build-ebpf + + - name: generate ebpf + run: make generate + + - name: check for diff + run: git diff --exit-code + e2e: runs-on: ubuntu-latest steps: diff --git a/Makefile b/Makefile index 82b2c58..06a1981 100644 --- a/Makefile +++ b/Makefile @@ -62,15 +62,15 @@ test: # of the host into the container. For now this is the only way to run the e2e # tests on Mac OS with apple silicon as the shim requires GOOS=linux. docker-test-e2e: build-test - docker run --rm -ti --privileged --network=host --rm -v $(DOCKER_SOCK):$(DOCKER_SOCK) -v $(PWD):/app $(TEST_IMAGE) make test-e2e + docker run --rm --privileged --network=host --rm -v $(DOCKER_SOCK):$(DOCKER_SOCK) -v $(PWD):/app $(TEST_IMAGE) make test-e2e docker-bench: build-test - docker run --rm -ti --privileged --network=host --rm -v $(DOCKER_SOCK):$(DOCKER_SOCK) -v $(PWD):/app $(TEST_IMAGE) make bench + docker run --rm --privileged --network=host --rm -v $(DOCKER_SOCK):$(DOCKER_SOCK) -v $(PWD):/app $(TEST_IMAGE) make bench # has to have SYS_ADMIN because the test tries to set netns and mount bpffs # we use --pid=host to make the ebpf tracker work without a pid resolver docker-test: - docker run --rm -ti --cap-add=SYS_ADMIN --cap-add=NET_ADMIN --pid=host -v $(PWD):/app $(TEST_IMAGE) make test + docker run --rm --cap-add=SYS_ADMIN --cap-add=NET_ADMIN --pid=host -v $(PWD):/app $(TEST_IMAGE) make test CLANG ?= clang CFLAGS := -O2 -g -Wall -Werror @@ -81,4 +81,10 @@ CFLAGS := -O2 -g -Wall -Werror generate: export BPF_CLANG := $(CLANG) generate: export BPF_CFLAGS := $(CFLAGS) generate: - docker run --rm -ti -v $(PWD):/app --env=BPF_CLANG="$(CLANG)" --env=BPF_CFLAGS="$(CFLAGS)" $(EBPF_IMAGE) go generate ./... + docker run --rm -v $(PWD):/app:Z --user $(shell id -u):$(shell id -g) --env=BPF_CLANG="$(CLANG)" --env=BPF_CFLAGS="$(CFLAGS)" $(EBPF_IMAGE) + +# to improve reproducibility of the bpf builds, we dump the vmlinux.h and +# store it compressed in git instead of dumping it during the build. +update-vmlinux: + docker run --rm -v $(PWD):/app:Z --entrypoint /bin/sh --user $(shell id -u):$(shell id -g) $(EBPF_IMAGE) \ + -c "bpftool btf dump file /sys/kernel/btf/vmlinux format c" | gzip > socket/vmlinux.h.gz diff --git a/activator/bpf_bpfel.o b/activator/bpf_bpfel.o index ebb30c7..0895e1a 100644 Binary files a/activator/bpf_bpfel.o and b/activator/bpf_bpfel.o differ diff --git a/socket/Dockerfile b/socket/Dockerfile index cc8d7ac..b79ac72 100644 --- a/socket/Dockerfile +++ b/socket/Dockerfile @@ -12,9 +12,14 @@ RUN dnf install -y llvm clang bpftool libbpf-devel golang RUN mkdir /headers RUN cp /usr/include/bpf/bpf_* /headers -RUN bpftool btf dump file /sys/kernel/btf/vmlinux format c > /headers/vmlinux.h +COPY socket/vmlinux.h.gz /headers +RUN gunzip /headers/vmlinux.h.gz -COPY --from=gomod /go /root/go +COPY --from=gomod /go /tmp +ENV GOCACHE=/tmp +ENV GOMODCACHE=/tmp/pkg/mod + +RUN mkdir -m 777 /app WORKDIR /app ENTRYPOINT ["go", "generate", "./..."] diff --git a/socket/bpf_bpfeb.o b/socket/bpf_bpfeb.o index a837b40..6b76b6a 100644 Binary files a/socket/bpf_bpfeb.o and b/socket/bpf_bpfeb.o differ diff --git a/socket/bpf_bpfel.o b/socket/bpf_bpfel.o index 93d487c..6b400f0 100644 Binary files a/socket/bpf_bpfel.o and b/socket/bpf_bpfel.o differ diff --git a/socket/vmlinux.h.gz b/socket/vmlinux.h.gz new file mode 100644 index 0000000..2ecf2fa Binary files /dev/null and b/socket/vmlinux.h.gz differ