Resolve buffer overflow #119
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Build kbox and run full test suite. | |
| # Zero root required -- everything runs as an unprivileged user. | |
| # | |
| # Parallelism (4 independent jobs, 1 sequential): | |
| # commit-hygiene -- Change-Id + subject format (needs full history) | |
| # lint -- clang-format, newline, security, cppcheck (one apt install) | |
| # unit-tests -- no LKL dependency, ASAN/UBSAN | |
| # build-kbox -- fetches LKL, compiles kbox + guest/stress bins, builds rootfs | |
| # integration -- needs build-kbox artifacts, runs integration + stress tests | |
| # | |
| # commit-hygiene, lint, unit-tests, and build-kbox run in parallel. | |
| # integration-tests waits for build-kbox only. | |
| name: Build and Test | |
| on: | |
| push: | |
| branches: [main, infrastructure] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| # ---- Commit hygiene: Change-Id + subject format ---- | |
| commit-hygiene: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout (full history for commit validation) | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Validate commit log | |
| env: | |
| EVENT_NAME: ${{ github.event_name }} | |
| PR_BASE_SHA: ${{ github.event.pull_request.base.sha }} | |
| PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }} | |
| PUSH_BEFORE_SHA: ${{ github.event.before }} | |
| PUSH_HEAD_SHA: ${{ github.sha }} | |
| run: | | |
| range= | |
| if [ "$EVENT_NAME" = "pull_request" ]; then | |
| range="${PR_BASE_SHA}..${PR_HEAD_SHA}" | |
| elif [ -n "$PUSH_BEFORE_SHA" ] && [ "$PUSH_BEFORE_SHA" != "0000000000000000000000000000000000000000" ]; then | |
| range="${PUSH_BEFORE_SHA}..${PUSH_HEAD_SHA}" | |
| fi | |
| if [ -n "$range" ]; then | |
| scripts/check-commitlog.sh --range "$range" | |
| else | |
| scripts/check-commitlog.sh | |
| fi | |
| # ---- Lint: formatting + static analysis (consolidated, one apt install) ---- | |
| lint: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Cache apt packages | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/apt-cache | |
| key: apt-lint-${{ runner.os }}-${{ hashFiles('.github/workflows/build-kbox.yml') }} | |
| - name: Install tools | |
| run: | | |
| mkdir -p ~/apt-cache | |
| sudo apt-get update | |
| sudo apt-get install -y -o Dir::Cache::Archives=$HOME/apt-cache \ | |
| clang-format-20 cppcheck | |
| - name: Check trailing newline | |
| run: .ci/check-newline.sh | |
| - name: Check clang-format | |
| run: .ci/check-format.sh | |
| - name: Security checks | |
| run: .ci/check-security.sh | |
| - name: Static analysis (cppcheck) | |
| run: .ci/check-cppcheck.sh | |
| # ---- Unit tests: no LKL dependency, fast ---- | |
| unit-tests: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Run unit tests (ASAN/UBSAN) | |
| run: make check-unit | |
| # ---- Build kbox + prepare rootfs ---- | |
| build-kbox: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Cache apt packages | |
| uses: actions/cache@v5 | |
| with: | |
| path: ~/apt-cache | |
| key: apt-build-${{ runner.os }}-${{ hashFiles('.github/workflows/build-kbox.yml') }} | |
| - name: Install dependencies | |
| run: | | |
| mkdir -p ~/apt-cache | |
| sudo apt-get update | |
| sudo apt-get install -y -o Dir::Cache::Archives=$HOME/apt-cache \ | |
| e2fsprogs | |
| - name: Fetch prebuilt LKL | |
| run: ./scripts/fetch-lkl.sh | |
| - name: Cache rootfs | |
| id: cache-rootfs | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| alpine.ext4 | |
| deps/ | |
| key: rootfs-${{ hashFiles('scripts/alpine-sha256.txt', 'scripts/common.sh', 'scripts/mkrootfs.sh', 'tests/guest/*.c', 'tests/stress/*.c', 'Makefile') }} | |
| - name: Configure (defconfig) | |
| run: make defconfig | |
| - name: Build kbox (release) | |
| run: make BUILD=release -j$(nproc) | |
| - name: Build guest and stress binaries | |
| run: make guest-bins stress-bins | |
| - name: Build rootfs image | |
| if: steps.cache-rootfs.outputs.cache-hit != 'true' | |
| run: make rootfs | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: kbox-build | |
| retention-days: 1 | |
| path: | | |
| kbox | |
| alpine.ext4 | |
| tests/guest/*-test | |
| tests/stress/* | |
| !tests/stress/*.c | |
| # ---- Integration + stress tests: needs kbox binary + rootfs ---- | |
| integration-tests: | |
| needs: build-kbox | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: kbox-build | |
| - name: Restore permissions | |
| run: | | |
| chmod +x kbox | |
| chmod +x tests/guest/*-test 2>/dev/null || true | |
| chmod +x tests/stress/* 2>/dev/null || true | |
| - name: Integration tests | |
| run: ./scripts/run-tests.sh ./kbox alpine.ext4 | |
| - name: Stress tests | |
| run: ./scripts/run-stress.sh ./kbox alpine.ext4 | |
| continue-on-error: true |