forked from microsoft/ebpf-for-windows
-
Notifications
You must be signed in to change notification settings - Fork 1
306 lines (268 loc) · 14.7 KB
/
reusable-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
# Copyright (c) eBPF for Windows contributors
# SPDX-License-Identifier: MIT
# This workflow performs a build of the project and uploads the result as a build artifact.
name: Reusable MSBuild Workflow
on:
workflow_call:
inputs:
ref:
required: true
type: string
# repository to be used (needed for self-hosted runner setups)
repository:
required: true
type: string
# Name associated with the output of this build.
build_artifact:
required: true
type: string
# Additional options passed to msbuild.
build_options:
required: false
type: string
generate_release_package:
required: false
type: boolean
build_codeql:
required: false
type: boolean
build_msi:
required: false
type: boolean
build_nuget:
required: false
type: boolean
cxx_flags:
required: false
type: string
ld_flags:
required: false
type: string
configurations:
required: false
type: string
default: '["Debug", "Release"]'
perform_skip_check:
required: false
type: boolean
default: true
solution_file:
required: false
type: string
default: 'ebpf-for-windows.sln'
architecture:
required: false
type: string
default: 'x64'
download_demo_repository:
required: false
type: boolean
default: true
outputs:
should_skip:
description: 'Whether build was skipped due to duplicate action.'
value: ${{ jobs.build.outputs.should_skip }}
skipped_by:
description: 'The action that caused the skip.'
value: ${{ jobs.build.outputs.skipped_by }}
permissions:
contents: read
security-events: write # Required by codeql task
jobs:
build:
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
skipped_by: ${{ steps.skip_check.outputs.skipped_by }}
timeout-minutes: 90
strategy:
matrix:
configurations: ${{ fromJSON(inputs.configurations) }}
runs-on: windows-2022
env:
# Path to the solution file relative to the root of the project.
SOLUTION_FILE_PATH: ${{inputs.solution_file}}
BUILD_ARTIFACT_NAME: ${{inputs.build_artifact}}
BUILD_CONFIGURATION: ${{matrix.configurations}}
BUILD_PLATFORM: ${{inputs.architecture}}
BUILD_OPTIONS: ${{inputs.build_options}}
CXX_FLAGS: ${{inputs.cxx_flags}}
LD_FLAGS: ${{inputs.ld_flags}}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- id: skip_check
if: inputs.perform_skip_check == true
uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
with:
cancel_others: 'false'
paths_ignore: '["**.md", "**/docs/**"]'
- name: Set MSVC Environment Variables
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
powershell.exe "echo 'msvc_tools_path=%VCToolsInstallDir%' | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append"
powershell.exe "echo 'msvc_tools_version=%VCToolsVersion%' | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append"
powershell.exe "echo 'ASAN_WIN_CONTINUE_ON_INTERCEPTION_FAILURE=true' | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append"
powershell.exe "echo 'VCINSTALLDIR=%VCINSTALLDIR%' | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append"
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
if: steps.skip_check.outputs.should_skip != 'true'
with:
repository: ${{inputs.repository}}
submodules: 'recursive'
ref: ${{inputs.ref}}
- name: Configure Windows Error Reporting to make a local copy of any crashes that occur.
id: configure_windows_error_reporting
if: steps.skip_check.outputs.should_skip != 'true'
run: |
mkdir c:/dumps/${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}
New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -ErrorAction SilentlyContinue
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpType" -Value 2 -PropertyType DWord -ErrorAction SilentlyContinue
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" -Name "DumpFolder" -Value "c:\dumps\${{env.BUILD_PLATFORM}}\${{env.BUILD_CONFIGURATION}}" -PropertyType ExpandString -ErrorAction SilentlyContinue
- name: Initialize CodeQL
if: inputs.build_codeql == true && steps.skip_check.outputs.should_skip != 'true'
uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
with:
languages: 'cpp'
- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce
with:
msbuild-architecture: x64
- name: Add Visual Studio LLVM to path
if: steps.skip_check.outputs.should_skip != 'true'
run: |
echo "$env:VCINSTALLDIR\tools\llvm\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
- name: Check for Clang version
if: steps.skip_check.outputs.should_skip != 'true'
run:
clang.exe --version
- name: Cache nuget packages
if: steps.skip_check.outputs.should_skip != 'true'
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57
env:
cache-name: cache-nuget-modules
with:
path: packages
key: ${{ runner.os }}-${{env.BUILD_PLATFORM}}-${{env.BUILD_CONFIGURATION}}-${{env.BUILD_ARTIFACT_NAME}}-${{ hashFiles('**/packages.config') }}-${{env.msvc_tools_version}}
- name: Cache verifier project
# The hash is based on the HEAD of the ebpf-verifier submodule, the Directory.Build.props file, and the build variant.
if: steps.skip_check.outputs.should_skip != 'true'
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57
env:
cache-name: cache-verifier-project
with:
path: external/ebpf-verifier/build
key: ${{ runner.os }}-${{env.BUILD_PLATFORM}}-${{env.BUILD_CONFIGURATION}}-${{env.BUILD_ARTIFACT_NAME}}-${{ hashFiles('.git/modules/external/ebpf-verifier/HEAD') }}-${{ hashFiles('external/Directory.Build.props')}}-${{env.msvc_tools_version}}-${{ hashFiles('scripts/initialize_ebpf_repo.ps1')}}
- name: Configuring repo for first build
if: steps.skip_check.outputs.should_skip != 'true'
working-directory: ${{env.GITHUB_WORKSPACE}}
env:
CXXFLAGS: /ZH:SHA_256 ${{env.CXX_FLAGS}}
LDFLAGS: ${{env.LD_FLAGS}}
run: |
.\scripts\initialize_ebpf_repo.ps1 ${{env.BUILD_PLATFORM}}
- name: Build
if: steps.skip_check.outputs.should_skip != 'true'
working-directory: ${{env.GITHUB_WORKSPACE}}
run: msbuild /m /p:Configuration=${{env.BUILD_CONFIGURATION}} /p:Platform=${{env.BUILD_PLATFORM}} ${{env.BUILD_OPTIONS}} ${{env.SOLUTION_FILE_PATH}} /bl:out.binlog
- name: Check DLL dependencies for distributed binaries
if: steps.skip_check.outputs.should_skip != 'true' && ((inputs.build_artifact == 'Build-x64' && matrix.configurations == 'Debug') || (inputs.build_artifact == 'Build-x64-native-only' && matrix.configurations == 'NativeOnlyRelease'))
working-directory: ./${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}
run: |
..\..\scripts\check_binary_dependencies.ps1 -BuildArtifact "${{inputs.build_artifact}}_${{env.BUILD_CONFIGURATION}}" -VsToolsPath "${{env.msvc_tools_path}}"
- name: Test the MSI
if: steps.skip_check.outputs.should_skip != 'true' && ((inputs.build_artifact == 'Build-x64' && matrix.configurations == 'Debug') || (inputs.build_artifact == 'Build-x64-native-only' && matrix.configurations == 'NativeOnlyRelease'))
working-directory: ./${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}
run: |
..\..\scripts\check_msi_installation.ps1 -BuildArtifact "${{inputs.build_artifact}}_${{env.BUILD_CONFIGURATION}}" -MsiPath "ebpf-for-windows.msi"
- name: Copy LLVM libs for Fuzzing & Address Sanitizing
if: steps.skip_check.outputs.should_skip != 'true'
working-directory: ./${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}
shell: cmd
run: |
copy "${{env.msvc_tools_path}}\bin\Hostx64\x64\clang*" .
- name: Download demo Debug repository
if: steps.skip_check.outputs.should_skip != 'true' && inputs.download_demo_repository == true && (matrix.configurations == 'Debug' || matrix.configurations == 'NativeOnlyDebug')
working-directory: ${{env.GITHUB_WORKSPACE}}
run: Invoke-WebRequest https://github.com/microsoft/ebpf-for-windows-demo/releases/download/v0.0.2/${{env.BUILD_PLATFORM}}-Debug-cilium-xdp.zip -OutFile x64-${{env.BUILD_CONFIGURATION}}-cilium-xdp.zip
- name: Download demo Release repository
if: steps.skip_check.outputs.should_skip != 'true' && inputs.download_demo_repository == true && (matrix.configurations == 'Release' || matrix.configurations == 'NativeOnlyRelease')
working-directory: ${{env.GITHUB_WORKSPACE}}
run: Invoke-WebRequest https://github.com/microsoft/ebpf-for-windows-demo/releases/download/v0.0.2/${{env.BUILD_PLATFORM}}-Release-cilium-xdp.zip -OutFile x64-${{env.BUILD_CONFIGURATION}}-cilium-xdp.zip
# Download the bpf_performance repository artifacts.
- name: Download bpf_performance repository artifacts
if: steps.skip_check.outputs.should_skip != 'true'
working-directory: ${{env.GITHUB_WORKSPACE}}
run: |
cd ${{github.workspace}}/${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}
Invoke-WebRequest https://github.com/microsoft/bpf_performance/releases/download/v0.11.0/build-Release-windows-2022.zip -OutFile bpf_performance.zip
- name: Extract artifacts to build path
if: steps.skip_check.outputs.should_skip != 'true' && inputs.download_demo_repository == true && matrix.configurations != 'FuzzerDebug'
working-directory: ${{env.GITHUB_WORKSPACE}}
run: |
cd ${{github.workspace}}/${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}
tar -xf ..\..\x64-${{ matrix.configurations }}-cilium-xdp.zip
- name: Zip Build Output
if: always() && (steps.skip_check.outputs.should_skip != 'true')
working-directory: ${{github.workspace}}
run: |
Compress-Archive -Path ${{env.BUILD_PLATFORM}}\${{env.BUILD_CONFIGURATION}} -DestinationPath .\build-${{ matrix.configurations }}.zip
- name: Upload Build Output
if: always() && (steps.skip_check.outputs.should_skip != 'true') && (inputs.build_artifact != 'none')
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
with:
name: ${{inputs.build_artifact}}-${{matrix.configurations}}
path: ${{github.workspace}}/build-${{ matrix.configurations }}.zip
retention-days: 10
- name: Upload the MSI package
if: inputs.build_msi == true
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
with:
name: ebpf-for-windows - MSI installer (${{inputs.build_artifact}}_${{env.BUILD_CONFIGURATION}})
path: ${{github.workspace}}/${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}/ebpf-for-windows.msi
- name: Build the NuGet package
if: inputs.build_nuget == true && (matrix.configurations == 'Release' || matrix.configurations == 'NativeOnlyRelease') && steps.skip_check.outputs.should_skip != 'true'
working-directory: ${{env.GITHUB_WORKSPACE}}
run: msbuild /m /p:Configuration=${{env.BUILD_CONFIGURATION}} /p:Platform=${{env.BUILD_PLATFORM}} ${{env.SOLUTION_FILE_PATH}} ${{env.BUILD_OPTIONS}} /t:tools\nuget /bl:out.binlog
- name: Upload the NuGet package
if: inputs.build_nuget == true && (matrix.configurations == 'Release' || matrix.configurations == 'NativeOnlyRelease') && steps.skip_check.outputs.should_skip != 'true'
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
with:
name: ebpf-for-windows - NuGet package (${{inputs.build_artifact}}_${{env.BUILD_CONFIGURATION}})
path: ${{github.workspace}}/${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}/eBPF-for-Windows.*.nupkg
- name: Build the NuGet Redist package
if: inputs.build_nuget == true && (matrix.configurations == 'Release' || matrix.configurations == 'NativeOnlyRelease') && steps.skip_check.outputs.should_skip != 'true'
working-directory: ${{env.GITHUB_WORKSPACE}}
run: msbuild /m /p:Configuration=${{env.BUILD_CONFIGURATION}} /p:Platform=${{env.BUILD_PLATFORM}} ${{env.SOLUTION_FILE_PATH}} ${{env.BUILD_OPTIONS}} /t:tools\redist-package /bl:out.binlog
- name: Upload the NuGet Redist package
if: inputs.build_nuget == true && (matrix.configurations == 'Release' || matrix.configurations == 'NativeOnlyRelease') && steps.skip_check.outputs.should_skip != 'true'
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
with:
name: ebpf-for-windows - NuGet Redist package (${{inputs.build_artifact}}_${{env.BUILD_CONFIGURATION}})
path: ${{github.workspace}}/${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}/eBPF-for-Windows-Redist.*.nupkg
- name: Upload binlog
if: (success() || failure()) && steps.skip_check.outputs.should_skip != 'true'
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
with:
name: build-binlog-${{env.BUILD_ARTIFACT_NAME}}-${{env.BUILD_PLATFORM}}-${{env.BUILD_CONFIGURATION}}
path: out.binlog
- name: Check for crash dumps
# Check for crash dumps even if the workflow failed.
if: (success() || failure()) && (steps.skip_check.outputs.should_skip != 'true')
uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6
id: check_dumps
with:
files: c:/dumps/${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}/*.dmp
- name: Upload any crash dumps
# Upload crash dumps even if the workflow failed.
if: (success() || failure()) && (steps.skip_check.outputs.should_skip != 'true') && (steps.check_dumps.outputs.files_exists == 'true')
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
id: upload_crash_dumps
with:
name: Crash-Dumps-${{env.NAME}}-${{env.BUILD_PLATFORM}}-${{env.BUILD_CONFIGURATION}}
path: c:/dumps/${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}
retention-days: 10
- name: Perform CodeQL Analysis
if: inputs.build_codeql == true && steps.skip_check.outputs.should_skip != 'true'
uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169