Bump github/codeql-action from 3.25.7 to 3.25.8 (#3618) #40
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) eBPF for Windows contributors | |
# SPDX-License-Identifier: MIT | |
# This is the top-level workflow that runs on release branches. | |
# It invokes other jobs to perform builds and run tests. | |
# All jobs run in parallel, using build artifacts to synchronize jobs. | |
# | |
# If you add or remove any tests that use reusable-test.yml on a pull request, | |
# you must update codecov.yml to match. | |
name: CI/CD - Release validation | |
on: | |
# Trigger the workflow when a release-tag is created. | |
push: | |
tags: | |
- 'Release-v0.*' # To be updated on GA, and after that on every major release. | |
# Permit manual runs of the workflow. | |
workflow_dispatch: | |
inputs: | |
# Request a target release branch to run CI/CD on. | |
branch: | |
description: 'Target release branch to run CI/CD on.' | |
required: true | |
default: 'release/' | |
concurrency: | |
group: release-validation-${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
id-token: write # Required to log in to Azure. | |
contents: read | |
checks: read # Required by reusable-test.yml to check build status. | |
security-events: write # Required by codeql task. | |
issues: write # Required to create issues. | |
jobs: | |
# Perform the regular build. | |
regular: | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-build.yml | |
with: | |
ref: ${{ github.ref }} | |
repository: ${{ github.repository }} | |
build_artifact: Build-x64 | |
generate_release_package: true | |
build_msi: true | |
build_nuget: true | |
build_options: /p:ReleaseJIT='True' | |
configurations: '["Debug", "FuzzerDebug", "Release"]' | |
# Perform the native-only build. | |
regular_native-only: | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-build.yml | |
with: | |
ref: ${{ github.ref }} | |
repository: ${{ github.repository }} | |
build_artifact: Build-x64-native-only | |
build_msi: true | |
build_nuget: true | |
configurations: '["NativeOnlyDebug", "NativeOnlyRelease"]' | |
# Run the unit tests in GitHub. | |
unit_tests: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: unit_tests | |
pre_test: appverif -enable Exceptions Handles Heaps Leak Locks Memory SRWLock Threadpool TLS DangerousAPIs DirtyStacks TimeRollOver -for unit_tests.exe | |
# Exclude [processes] test that CodeCoverage can't work with. | |
test_command: .\unit_tests.exe -d yes ~[processes] | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
code_coverage: true | |
gather_dumps: true | |
capture_etw: true | |
leak_detection: true | |
# Run the netebpfext unit tests in GitHub. | |
netebpf_ext_unit_tests: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: netebpf_ext_unit_tests | |
pre_test: appverif -enable Exceptions Handles Heaps Leak Locks Memory SRWLock Threadpool TLS DangerousAPIs DirtyStacks TimeRollOver -for unit_tests.exe | |
test_command: .\netebpfext_unit.exe -d yes | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
code_coverage: true | |
gather_dumps: true | |
capture_etw: true | |
leak_detection: true | |
# Run the bpf2c tests in GitHub. | |
bpf2c: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
test_command: .\bpf2c_tests.exe -d yes | |
name: bpf2c | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
vs_dev: true | |
code_coverage: true | |
gather_dumps: true | |
capture_etw: true | |
# Run the bpf2c conformance tests in GitHub. | |
bpf2c_conformance: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
pre_test: Invoke-WebRequest https://github.com/Alan-Jowett/bpf_conformance/releases/download/v0.0.6/bpf_conformance_runner.exe -OutFile bpf_conformance_runner.exe | |
test_command: .\bpf_conformance_runner.exe --test_file_directory %SOURCE_ROOT%\external\ebpf-verifier\external\bpf_conformance\tests --cpu_version v4 --exclude_regex local --plugin_path bpf2c_plugin.exe --debug true --plugin_options "--include %SOURCE_ROOT%\include" | |
name: bpf2c_conformance | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
vs_dev: true | |
code_coverage: true | |
gather_dumps: true | |
capture_etw: true | |
# Run the driver tests on self-hosted runners. | |
driver_ws2019: | |
needs: regular | |
# Only run this on repos that have self-host runners. | |
if: github.repository == 'microsoft/ebpf-for-windows' && (github.event_name == 'workflow_dispatch') | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
pre_test: .\setup_ebpf_cicd_tests.ps1 -KmTracing $true -KmTraceType "file" | |
test_command: .\execute_ebpf_cicd_tests.ps1 -TestMode "CI/CD" | |
post_test: .\cleanup_ebpf_cicd_tests.ps1 -KmTracing $true | |
name: driver_ws2019 | |
build_artifact: Build-x64 | |
environment: ebpf_cicd_tests_ws2019 | |
# driver test copies dumps to testlog folder. | |
gather_dumps: false | |
# driver tests manually gather code coverage | |
code_coverage: false | |
# Run the driver tests on self-hosted runners. | |
driver_ws2022: | |
needs: regular | |
# Only run this on repos that have self-host runners. | |
if: github.repository == 'microsoft/ebpf-for-windows' && (github.event_name == 'workflow_dispatch') | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
pre_test: .\setup_ebpf_cicd_tests.ps1 -KmTracing $true -KmTraceType "file" | |
test_command: .\execute_ebpf_cicd_tests.ps1 -TestMode "CI/CD" | |
post_test: .\cleanup_ebpf_cicd_tests.ps1 -KmTracing $true | |
name: driver_ws2022 | |
build_artifact: Build-x64 | |
environment: ebpf_cicd_tests_ws2022 | |
# driver test copies dumps to testlog folder. | |
gather_dumps: false | |
# driver tests manually gather code coverage | |
code_coverage: false | |
# Run the native-only driver tests on self-hosted runners. | |
driver_native_only_ws2019: | |
needs: regular_native-only | |
# Only run this on repos that have self-host runners. | |
if: github.repository == 'microsoft/ebpf-for-windows' && (github.event_name == 'workflow_dispatch') | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
pre_test: .\setup_ebpf_cicd_tests.ps1 -KmTracing $true -KmTraceType "file" | |
test_command: .\execute_ebpf_cicd_tests.ps1 -TestMode "CI/CD" | |
post_test: .\cleanup_ebpf_cicd_tests.ps1 -KmTracing $true | |
name: driver_native_only_ws2019 | |
build_artifact: Build-x64-native-only | |
environment: ebpf_cicd_tests_ws2019 | |
# driver test copies dumps to testlog folder. | |
gather_dumps: false | |
# driver tests manually gather code coverage | |
code_coverage: false | |
configurations: '["NativeOnlyDebug", "NativeOnlyRelease"]' | |
driver_native_only_ws2022: | |
needs: regular_native-only | |
# Only run this on repos that have self-host runners. | |
if: github.repository == 'microsoft/ebpf-for-windows' && (github.event_name == 'workflow_dispatch') | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
pre_test: .\setup_ebpf_cicd_tests.ps1 -KmTracing $true -KmTraceType "file" | |
test_command: .\execute_ebpf_cicd_tests.ps1 -TestMode "CI/CD" | |
post_test: .\cleanup_ebpf_cicd_tests.ps1 -KmTracing $true | |
name: driver_native_only_ws2022 | |
build_artifact: Build-x64-native-only | |
environment: ebpf_cicd_tests_ws2022 | |
# driver test copies dumps to testlog folder. | |
gather_dumps: false | |
# driver tests manually gather code coverage | |
code_coverage: false | |
configurations: '["NativeOnlyDebug", "NativeOnlyRelease"]' | |
ossar: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/ossar-scan.yml | |
with: | |
build_artifact: Build-x64 | |
# Build with C++ static analyzer. | |
analyze: | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-build.yml | |
with: | |
ref: ${{ github.ref }} | |
repository: ${{ github.repository }} | |
build_artifact: Build-x64-Analyze | |
# Analysis on external projects is conditional, as on small CI/CD VMs the compiler can run OOM | |
build_options: /p:Analysis='True' /p:AnalysisOnExternal='False' | |
# Build with C++ address sanitizer. | |
sanitize: | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-build.yml | |
with: | |
ref: ${{ github.ref }} | |
repository: ${{ github.repository }} | |
build_artifact: Build-x64-Sanitize | |
build_options: /p:AddressSanitizer='True' | |
# Run Cilium regression tests in GitHub. | |
cilium_tests: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: cilium_tests | |
test_command: .\cilium_tests.exe -d yes | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
code_coverage: false | |
gather_dumps: true | |
# Run the quick stress tests in GitHub. | |
stress: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: stress | |
# Until there is a dedicated stress test, re-use the perf test. | |
test_command: .\ebpf_performance.exe -d yes | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
# No code coverage on stress. | |
code_coverage: false | |
gather_dumps: true | |
# Run the unit tests in GitHub with address sanitizer. | |
sanitize_unit_tests: | |
needs: sanitize | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: unit_tests | |
# Exclude [processes] test that ASAN can't work with. | |
test_command: .\unit_tests.exe -d yes ~[processes] | |
build_artifact: Build-x64-Sanitize | |
environment: windows-2022 | |
code_coverage: false | |
gather_dumps: true | |
capture_etw: true | |
# Run the fault injection simulator in GitHub. | |
fault_injection: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: fault_injection | |
test_command: .\unit_tests.exe | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
code_coverage: true | |
gather_dumps: true | |
fault_injection: true | |
leak_detection: true | |
# Run the low memory simulator for netebpfext_unit tests. | |
fault_injection_netebpfext_unit: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: netebpfext_fault_injection | |
test_command: .\netebpfext_unit.exe | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
code_coverage: true | |
gather_dumps: true | |
fault_injection: true | |
leak_detection: true | |
# Run a fast multi-threaded stress test pass against the usersim user-mode 'mock' framework. | |
# Added as a 'per-PR' test to catch usersim regressions and/or run-time usage issues. | |
quick_user_mode_multi_threaded_stress_test: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: quick_user_mode_multi_threaded_stress | |
test_command: .\ebpf_stress_tests_um -tt=8 -td=2 | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
code_coverage: false | |
leak_detection: false | |
gather_dumps: true | |
capture_etw: true | |
codeql: | |
uses: ./.github/workflows/reusable-build.yml | |
with: | |
ref: ${{ github.ref }} | |
repository: ${{ github.repository }} | |
build_artifact: Build-x64-CodeQl | |
build_codeql: true | |
# Run the complete fault injection simulator in GitHub (this takes a long time to run). | |
fault_injection_full: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: fault_injection_full | |
test_command: .\unit_tests.exe | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
code_coverage: false | |
gather_dumps: true | |
fault_injection: true | |
leak_detection: true | |
# Run the complete fault injection simulator for netebpfext in GitHub (this takes a long time to run). | |
netebpfext_fault_injection_full: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: netebpfext_fault_injection_full | |
test_command: .\netebpfext_unit.exe | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
code_coverage: false | |
gather_dumps: true | |
fault_injection: true | |
# Run multi-threaded stress tests against the user mode 'mock' framework. | |
user_mode_multi_threaded_stress_test: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: user_mode_multi_threaded_stress | |
test_command: .\ebpf_stress_tests_um -tt=8 -td=10 | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
code_coverage: false | |
leak_detection: false | |
gather_dumps: true | |
capture_etw: true | |
# Run multi-threaded stress tests with 'restart extension' disabled (default behavior) | |
# against the kernel mode eBPF sub-system. | |
km_mt_stress_tests: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: km_mt_stress_tests | |
pre_test: .\setup_ebpf_cicd_tests.ps1 -KmTracing $true -KmTraceType "memory" | |
test_command: .\execute_ebpf_cicd_tests.ps1 -TestMode "Stress" | |
post_test: .\cleanup_ebpf_cicd_tests.ps1 -KmTracing $true | |
build_artifact: Build-x64 | |
environment: ebpf_cicd_tests_ws2019 | |
code_coverage: false | |
# For this test, we only want kernel mode dumps and not user mode dumps. | |
gather_dumps: false | |
# Run multi-threaded stress tests with 'restart extension' enabled | |
# against the kernel mode eBPF sub-system. | |
km_mt_stress_tests_restart_extension: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: km_mt_stress_tests_restart_extension | |
pre_test: .\setup_ebpf_cicd_tests.ps1 -KmTracing $true -KmTraceType "memory" | |
test_command: .\execute_ebpf_cicd_tests.ps1 -TestMode "Stress" -Options @("RestartExtension") | |
post_test: .\cleanup_ebpf_cicd_tests.ps1 -KmTracing $true | |
build_artifact: Build-x64 | |
environment: ebpf_cicd_tests_ws2019 | |
code_coverage: false | |
# For this test, we only want kernel mode dumps and not user mode dumps. | |
gather_dumps: false | |
###################################################### | |
# Run indeterministic tests multiple times (3 times). | |
###################################################### | |
# FUZZERS ############################################ | |
bpf2c_fuzzer: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: bpf2c_fuzzer | |
test_command: .\bpf2c_fuzzer.exe bpf2c_fuzzer_corpus -use_value_profile=1 -max_total_time=900 -artifact_prefix=Artifacts\ | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
code_coverage: false | |
gather_dumps: true | |
configurations: '["FuzzerDebug"]' | |
verifier_fuzzer: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: verifier_fuzzer | |
test_command: .\verifier_fuzzer.exe verifier_corpus -use_value_profile=1 -max_total_time=900 -artifact_prefix=Artifacts\ | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
code_coverage: false | |
gather_dumps: true | |
configurations: '["FuzzerDebug"]' | |
execution_context_fuzzer: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: execution_context_fuzzer | |
test_command: .\execution_context_fuzzer.exe execution_context_fuzzer_corpus -use_value_profile=1 -runs=3000 -artifact_prefix=Artifacts\ | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
code_coverage: false | |
gather_dumps: true | |
configurations: '["FuzzerDebug"]' | |
core_helper_fuzzer: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: core_helper_fuzzer | |
test_command: .\core_helper_fuzzer core_helper_corpus -max_len=139 -runs=3000 -use_value_profile=1 -artifact_prefix=Artifacts\ | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
code_coverage: false | |
gather_dumps: true | |
configurations: '["FuzzerDebug"]' | |
netebpfext_fuzzer: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: netebpfext_fuzzer | |
test_command: .\netebpfext_fuzzer netebpfext_corpus -max_len=12 -runs=3000 -use_value_profile=1 -artifact_prefix=Artifacts\ | |
build_artifact: Build-x64 | |
environment: windows-2022 | |
code_coverage: false | |
gather_dumps: true | |
configurations: '["FuzzerDebug"]' | |
# PREFORMANCE ############################################ | |
# Iteration 1 | |
performance-1: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: km_performance_1 | |
pre_test: .\setup_ebpf_cicd_tests.ps1 -KmTracing $true -KmTraceType "file" | |
test_command: .\execute_ebpf_cicd_tests.ps1 -TestMode "Performance" | |
post_test: .\cleanup_ebpf_cicd_tests.ps1 -KmTracing $true | |
build_artifact: Build-x64 | |
environment: ebpf_cicd_perf_ws2022 | |
configurations: '["Release"]' | |
upload_perf_results-1: | |
needs: performance-1 | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/upload-perf-results.yml | |
with: | |
name: upload_perf_results | |
result_artifact: km_performance_1-x64-Release | |
secrets: | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
# Iteration 2 | |
performance-2: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: km_performance_2 | |
pre_test: .\setup_ebpf_cicd_tests.ps1 -KmTracing $true -KmTraceType "file" | |
test_command: .\execute_ebpf_cicd_tests.ps1 -TestMode "Performance" | |
post_test: .\cleanup_ebpf_cicd_tests.ps1 -KmTracing $true | |
build_artifact: Build-x64 | |
environment: ebpf_cicd_perf_ws2022 | |
configurations: '["Release"]' | |
upload_perf_results-2: | |
needs: performance-2 | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/upload-perf-results.yml | |
with: | |
name: upload_perf_results | |
result_artifact: km_performance_2-x64-Release | |
secrets: | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
# Iteration 3 | |
performance-3: | |
needs: regular | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/reusable-test.yml | |
with: | |
name: km_performance_3 | |
pre_test: .\setup_ebpf_cicd_tests.ps1 -KmTracing $true -KmTraceType "file" | |
test_command: .\execute_ebpf_cicd_tests.ps1 -TestMode "Performance" | |
post_test: .\cleanup_ebpf_cicd_tests.ps1 -KmTracing $true | |
build_artifact: Build-x64 | |
environment: ebpf_cicd_perf_ws2022 | |
configurations: '["Release"]' | |
upload_perf_results-3: | |
needs: performance-3 | |
if: github.event_name == 'workflow_dispatch' | |
uses: ./.github/workflows/upload-perf-results.yml | |
with: | |
name: upload_perf_results | |
result_artifact: km_performance_3-x64-Release | |
secrets: | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} |