Panda supports 64-bit LAVA #1834
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Parallel Tests | |
| env: | |
| PANDA_ARC_REGISTRY: ${{ secrets.PANDA_ARC_REGISTRY || 'harbor.harbor.svc.cluster.local' }} | |
| PANDA_ARC_REGISTRY_USER: ${{ secrets.PANDA_ARC_REGISTRY_USER || 'external' }} | |
| PANDA_CACHE: ${{ secrets.PANDA_ARC_REGISTRY && format('{0}/proxy', secrets.PANDA_ARC_REGISTRY) || 'docker.io' }} | |
| PANDA_TARGET: ${{ secrets.PANDA_ARC_REGISTRY || 'harbor.harbor.svc.cluster.local/external' }} | |
| EXTERNAL_REGISTRY_PASS: 'PctyVGasz15Pn9M0yA9yMNwOawFaXnk3Tl4N' | |
| # For PRs to dev or pushes that modify the root Dockerfile, build from scratch | |
| # then run CI tests using that container in parallel | |
| # For forked repos that can't use our panda-arc test suite, just build and run make check | |
| on: | |
| # Allow to repo owner to manually run this workflow for external PRs once code is vetted | |
| workflow_dispatch: | |
| # Run automatically for internal PRs and pushes | |
| pull_request: | |
| branches: | |
| - dev | |
| - stable | |
| - candidate_release_* | |
| #push: | |
| # paths: ['Dockerfile'] # If this file changed, we'd need to do a clean build (this action) | |
| # otherwise we could speed this up by pulling the last container of 'dev', copying | |
| # code into it, and then rebuilding | |
| jobs: | |
| lint: | |
| runs-on: panda-arc | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.10.12" | |
| - name: Install dependencies | |
| run: pip install flake8 lintly markupsafe==2.0.1 | |
| - name: Lint with flake8 | |
| if: github.event.pull_request.head.repo.full_name == github.repository | |
| run: | | |
| set -o pipefail | |
| (flake8 $GITHUB_WORKSPACE/panda/python/core/pandare/ --count --select=E9,F63,F7,F82 --show-source --statistics | lintly) 2>lintly.err || { | |
| if grep -q 'diff exceeded the maximum number of lines' lintly.err; then | |
| echo "Bypassing lint failure due to large diff." | |
| exit 0 | |
| else | |
| cat lintly.err | |
| exit 1 | |
| fi | |
| } | |
| env: | |
| LINTLY_API_KEY: ${{ secrets.GITHUB_TOKEN }} | |
| - name: External lint | |
| if: github.event.pull_request.head.repo.full_name != github.repository | |
| run: | | |
| flake8 $GITHUB_WORKSPACE/panda/python/core/pandare/ | |
| # test_installer: # test install_ubuntu.sh | |
| # runs-on: panda-arc # Note 22.04 would work, but it requires docker > 20.10.7 which is not on our CI box (yet) | |
| # container: | |
| # image: ubuntu:22.04 | |
| # steps: | |
| # - name: Update | |
| # run: apt-get -qq update -y | |
| # - name: Run install_ubuntu.sh | |
| # run: cd $GITHUB_WORKSPACE && ./panda/scripts/install_ubuntu.sh | |
| build_container: | |
| if: github.repository == 'panda-re/panda' | |
| runs-on: panda-arc | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: | | |
| image=moby/buildkit:master | |
| network=host | |
| buildkitd-config-inline: | | |
| [registry."${{ env.PANDA_ARC_REGISTRY }}"] | |
| insecure = true | |
| http = true | |
| - name: Trust Harbor's self-signed certificate | |
| run: | | |
| echo "Fetching certificate from registry" | |
| openssl s_client -showcerts -connect ${{ env.PANDA_ARC_REGISTRY }}:443 < /dev/null 2>/dev/null | openssl x509 -outform PEM | sudo tee /usr/local/share/ca-certificates/harbor.crt > /dev/null | |
| sudo update-ca-certificates | |
| - name: Log in to Panda Arc Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.PANDA_ARC_REGISTRY }} | |
| username: ${{ env.PANDA_ARC_REGISTRY_USER }} | |
| password: ${{ secrets.PANDA_ARC_REGISTRY_PASSWORD || env.EXTERNAL_REGISTRY_PASS }} | |
| - name: Build panda:latest | |
| uses: docker/build-push-action@v6.18.0 | |
| with: | |
| push: true | |
| context: ${{ github.workspace }} | |
| target: developer | |
| tags: | | |
| ${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:${{ github.sha }} | |
| cache-from: | | |
| type=registry,ref=${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:cache,mode=max | |
| type=registry,ref=${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:cache-PR-${{github.event.number}},mode=max | |
| cache-to: | | |
| type=registry,ref=${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:cache,mode=max | |
| type=registry,ref=${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:cache-PR-${{github.event.number}},mode=max | |
| type=registry,ref=${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:cache_last_published,mode=max | |
| build-args: | | |
| REGISTRY=${{ env.PANDA_CACHE }} | |
| # - name: Minimal test of built container # Just test to see if one of our binaries is built | |
| # run: docker run --rm "${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:${{ github.sha }}" /bin/bash -c 'exit $(/panda/build/arm-softmmu/panda-system-arm -help | grep -q "usage. panda-system-arm")' | |
| # tests: | |
| # runs-on: panda-arc | |
| # needs: [build_container] | |
| # strategy: | |
| # matrix: | |
| # include: | |
| # - test_type: "taint" | |
| # target: "i386" | |
| # - test_type: "taint" | |
| # target: "x86_64" | |
| # - test_type: "pypanda" | |
| # test_script: "all" | |
| # - test_type: "make_check" | |
| # test_script: "all" | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # with: | |
| # fetch-depth: 0 | |
| # - name: Set up Docker Buildx | |
| # uses: docker/setup-buildx-action@v3 | |
| # with: | |
| # driver-opts: | | |
| # image=moby/buildkit:master | |
| # network=host | |
| # buildkitd-config-inline: | | |
| # [registry."${{ env.PANDA_ARC_REGISTRY }}"] | |
| # insecure = true | |
| # http = true | |
| # - name: Trust Harbor's self-signed certificate | |
| # run: | | |
| # echo "Fetching certificate from registry" | |
| # openssl s_client -showcerts -connect ${{ env.PANDA_ARC_REGISTRY }}:443 < /dev/null 2>/dev/null | openssl x509 -outform PEM | sudo tee /usr/local/share/ca-certificates/harbor.crt > /dev/null | |
| # sudo update-ca-certificates | |
| # - name: Log in to Panda Arc Registry | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: ${{ env.PANDA_ARC_REGISTRY }} | |
| # username: ${{ env.PANDA_ARC_REGISTRY_USER }} | |
| # password: ${{ secrets.PANDA_ARC_REGISTRY_PASSWORD || env.EXTERNAL_REGISTRY_PASS }} | |
| # # Given a container with PANDA installed at /panda, run the taint tests | |
| # - name: Update | |
| # run: sudo apt-get -qq update -y | |
| # - name: Install ssl | |
| # run: sudo apt-get -qq install -y wget | |
| # - name: Run Taint Tests | |
| # if: matrix.test_type == 'taint' | |
| # run: >- | |
| # wget -q -O wheezy_panda2.qcow2 https://panda-re.mit.edu/qcows/linux/debian/7.3/x86/debian_7.3_x86.qcow; | |
| # wget -q https://panda-re.mit.edu/qcows/linux/ubuntu/1804/x86_64/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2; | |
| # docker run --name panda_test_${{ matrix.target }}_${GITHUB_RUN_ID} | |
| # --mount type=bind,source=$(pwd)/wheezy_panda2.qcow2,target=/home/panda/regdir/qcows/wheezy_panda2.qcow2 | |
| # --mount type=bind,source=$(pwd)/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2,target=/home/panda/regdir/qcows/bionic-server-cloudimg-amd64-noaslr-nokaslr.qcow2 | |
| # --rm -t "${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:${{ github.sha }}" bash -c | |
| # "cd /tmp; git clone https://github.com/panda-re/panda_test; | |
| # cd ./panda_test/tests/taint2; | |
| # echo 'Running Record:'; | |
| # python3 taint2_multi_arch_record_or_replay.py --arch ${{ matrix.target }} --mode record; | |
| # echo 'Running Replay:'; | |
| # python3 taint2_multi_arch_record_or_replay.py --arch ${{ matrix.target }} --mode replay; | |
| # sed -i '/^\s*$/d' taint2_log; | |
| # if cat taint2_log; then echo 'Taint unit test log found!'; else echo 'Taint unit test log NOT found!' && exit 1; fi; | |
| # echo -e '\nFailures:'; | |
| # if grep 'fail' taint2_log; then echo 'TEST FAILED!' && exit 1; else echo -e 'None.\nTEST PASSED!' && exit 0; fi" | |
| # - name: Run PyPanda Tests | |
| # if: matrix.test_type == 'pypanda' | |
| # run: >- | |
| # wget -q https://panda-re.mit.edu/qcows/linux/ubuntu/1604/x86/ubuntu_1604_x86.qcow; | |
| # docker run --name panda_test_${{ matrix.test_script }}_${GITHUB_RUN_ID} | |
| # --mount type=bind,source=$(pwd)/ubuntu_1604_x86.qcow,target=/root/.panda/ubuntu_1604_x86.qcow | |
| # -e PANDA_TEST=yes --cap-add SYS_NICE | |
| # --rm -t "${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:${{ github.sha }}" bash -c | |
| # "cd /panda/panda/python/tests/ && make && pip3 install -r requirements.txt && chmod +x ./run_all_tests.sh && ./run_all_tests.sh"; | |
| # docker run --name panda_sym_test_${{ matrix.target }}_${GITHUB_RUN_ID} | |
| # --rm -t "${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:${{ github.sha }}" bash -c | |
| # "pip3 install capstone keystone-engine z3-solver; python3 /panda/panda/python/examples/unicorn/taint_sym_x86_64.py; | |
| # if [ $? -eq 0 ]; then echo -e 'TEST PASSED!' && exit 0; else echo 'TEST FAILED!' && exit 1; fi" | |
| # - name: Run make Tests | |
| # if: matrix.test_type == 'make_check' | |
| # run: >- | |
| # docker run --name panda_test_${{ matrix.test_script }}_${GITHUB_RUN_ID} | |
| # -e PANDA_TEST=yes --cap-add SYS_NICE | |
| # --rm -t "${{ env.PANDA_ARC_REGISTRY }}/pandare/panda:${{ github.sha }}" bash -c | |
| # "cd /panda/build && make check" | |