diff --git a/.github/workflows/parallel_tests.yml b/.github/workflows/parallel_tests.yml index 8f18f18e84f..2e517936053 100644 --- a/.github/workflows/parallel_tests.yml +++ b/.github/workflows/parallel_tests.yml @@ -1,16 +1,162 @@ -name: Manual trigger +name: Parallel Tests on: - workflow_dispatch: - inputs: - name: - description: "Who to greet" - default: "World" + pull_request: + branches: + - dev + - stable + - candidate_release_* + workflow_dispatch: # Enable manual trigger for the workflow jobs: - hello: - runs-on: ubuntu-latest - steps: - - name: Hello Step - run: echo "Hello ${{ github.event.inputs.name }}" + test_installer: # test install_ubuntu.sh + runs-on: panda-arc # Note 22.04 would work, but it requires docker > 20.10.7 which is not on our CI box (yet) + container: + image: ubuntu:20.04 + steps: + - name: Update + run: apt-get -qq update -y + - name: Install ssl + run: apt-get -qq install -y libssl-dev + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: 3.9 + - name: Install Python dev headers + run: apt-get -qq install -y libpython3.9-dev + - uses: actions/checkout@v4 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory + - name: Lint PyPANDA with flake8 + run: | + pip install --upgrade pip + pip install flake8 + flake8 $GITHUB_WORKSPACE/panda/python/core/pandare/ --count --select=E9,F63,F7,F82 --show-source --statistics + # python -m flake8 $GITHUB_WORKSPACE/panda/python/core/pandare/ --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics + - name: Run install_ubuntu.sh + run: cd $GITHUB_WORKSPACE && ./panda/scripts/install_ubuntu.sh + + + build_container: + if: github.event_name == 'workflow_dispatch' || (github.repository == 'panda-re/panda' && github.event_name == 'pull_request') + runs-on: panda-arc + steps: + - name: Install git + run: sudo apt-get -qq update -y && sudo apt-get -qq install git -y + - uses: actions/checkout@v4 # Clones to $GITHUB_WORKSPACE. NOTE: this requires git > 2.18 (not on ubuntu 18.04 by default) to get .git directory + with: + fetch-depth: 0 + - name: 'Login to Github Container Registry' + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: ${{ github.workspace }} + tags: ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }} + target: developer + push: true + - name: Minimal test of built container # Just test to see if one of our binaries is built + run: docker run --rm "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" /bin/bash -c 'exit $(/panda/build/arm-softmmu/panda-system-arm -help | grep -q "usage. panda-system-arm")' + + tests: + if: github.event_name == 'workflow_dispatch' || (github.repository == 'panda-re/panda' && github.event_name == 'pull_request') + runs-on: panda-arc + needs: [build_container] + + strategy: + matrix: + include: + - test_type: "taint" + target: "i386" + - test_type: "taint" + target: "x86_64" + - test_type: "pypanda" + test_script: "all" + - test_type: "make_check" + test_script: "all" + + steps: + # Given a container with PANDA installed at /panda, run the taint tests + - name: Update + run: sudo apt-get -qq update -y + - name: Install ssl + run: sudo apt-get -qq install -y wget + - name: Run Taint Tests + if: matrix.test_type == 'taint' + run: >- + wget -q -O wheezy_panda2.qcow2 https://panda-re.mit.edu/qcows/linux/debian/7.3/x86/debian_7.3_x86.qcow; + wget -q https://panda-re.mit.edu/qcows/linux/ubuntu/1804/x86_64/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2; + docker run --name panda_test_${{ matrix.target }}_${GITHUB_RUN_ID} + --mount type=bind,source=$(pwd)/wheezy_panda2.qcow2,target=/home/panda/regdir/qcows/wheezy_panda2.qcow2 + --mount type=bind,source=$(pwd)/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2,target=/home/panda/regdir/qcows/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2 + --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c + "cd /tmp; git clone https://github.com/panda-re/panda_test; + cd ./panda_test/tests/taint2; + echo 'Running Record:'; + python3 taint2_multi_arch_record_or_replay.py --arch ${{ matrix.target }} --mode record; + echo 'Running Replay:'; + python3 taint2_multi_arch_record_or_replay.py --arch ${{ matrix.target }} --mode replay; + sed -i '/^\s*$/d' taint2_log; + if cat taint2_log; then echo 'Taint unit test log found!'; else echo 'Taint unit test log NOT found!' && exit 1; fi; + echo -e '\nFailures:'; + if grep 'fail' taint2_log; then echo 'TEST FAILED!' && exit 1; else echo -e 'None.\nTEST PASSED!' && exit 0; fi" + + - name: Run PyPanda Tests + if: matrix.test_type == 'pypanda' + run: >- + wget -q https://panda-re.mit.edu/qcows/linux/ubuntu/1604/x86/ubuntu_1604_x86.qcow; + docker run --name panda_test_${{ matrix.test_script }}_${GITHUB_RUN_ID} + --mount type=bind,source=$(pwd)/ubuntu_1604_x86.qcow,target=/root/.panda/ubuntu_1604_x86.qcow + -e PANDA_TEST=yes --cap-add SYS_NICE + --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c + "cd /panda/panda/python/tests/ && make && pip3 install -r requirements.txt && chmod +x ./run_all_tests.sh && ./run_all_tests.sh"; + + docker run --name panda_sym_test_${{ matrix.target }}_${GITHUB_RUN_ID} + --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c + "pip3 install capstone keystone-engine z3-solver; python3 /panda/panda/python/examples/unicorn/taint_sym_x86_64.py; + if [ $? -eq 0 ]; then echo -e 'TEST PASSED!' && exit 0; else echo 'TEST FAILED!' && exit 1; fi" + + - name: Run make Tests + if: matrix.test_type == 'make_check' + run: >- + docker run --name panda_test_${{ matrix.test_script }}_${GITHUB_RUN_ID} + -e PANDA_TEST=yes --cap-add SYS_NICE + --rm -t "ghcr.io/${{ github.repository_owner }}/panda_local:${{ github.sha }}" bash -c + "cd /panda/build && make check" + + cleanup: + # Cleanup after prior jobs finish - even if they fail + if: always() && (github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request') + needs: [tests] + runs-on: panda-arc + + steps: + # Note we leave the last 72hrs because caching is nice (first few panda image layers won't change often) + # docker system prune -> Remove all unused containers, networks, images (both dangling and unreferenced) + # docker builder prune -> Remove build cache + - name: Cleanup images + run: | + docker system prune -af --filter "until=72h" + docker image prune --all -f --filter "until=72h" + docker builder prune -af --filter "until=72h" + + build_and_check_fork: # Forked repos can't use panda-arc test suite - just checkout and run make check + if: github.event_name == 'workflow_dispatch' || (github.repository != 'panda-re/panda' && github.event_name == 'pull_request') + runs-on: panda-arc + + steps: + - uses: actions/checkout@v1 # Clones code into to /home/runner/work/panda + + - name: Build docker container from project root + run: cd $GITHUB_WORKSPACE && docker build -t panda_local . + + - name: Minimal test of built container # Just test to see if one of our binaries is installed + run: docker run --rm panda_local /bin/bash -c 'exit $(panda-system-arm -help | grep -q "usage. panda-system-arm")' + + - name: Minimal test of built container # Run make check to check all architectures (in serial) + run: docker run --rm panda_local /bin/bash -c 'cd /panda/build && make check' \ No newline at end of file