From 4a2b1f47e58a1607f158a618f9668cf8a8b05310 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Fri, 22 Nov 2024 10:32:36 +0100 Subject: [PATCH 1/6] new(ci): add dependabot for github actons. Signed-off-by: Federico Di Pierro --- .github/dependabot.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..33dc6d2 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 10 + groups: + actions: + update-types: + - "minor" + - "patch" From 482725d6e136064c9951ef03d38679b84df73e77 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Fri, 22 Nov 2024 10:38:55 +0100 Subject: [PATCH 2/6] fix(ci): avoid usage of deprecated ansible-lint action. Signed-off-by: Federico Di Pierro --- .github/workflows/ansible-lint.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index a2d9cc6..d165a93 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -8,11 +8,12 @@ jobs: name: Ansible Lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Run ansible-lint - uses: ansible/ansible-lint-action@v6.3.0 # the latest version has a bug that does not run in online mode + uses: ansible/ansible-lint@44be233dbd6a8a6d8f3c5297c318ed4ed4644c32 # v24.10.0 with: - path: "ansible-playbooks/" + working_directory: "${{ github.workspace }}/ansible-playbooks" + requirements_file: "${{ github.workspace }}/requirements.yml" From 7754f7e9c6ceb24476e95c4769e05f10313c0e54 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Fri, 22 Nov 2024 10:57:44 +0100 Subject: [PATCH 3/6] new(ci): port away from actuated. Signed-off-by: Federico Di Pierro --- .github/workflows/reusable_build_images.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable_build_images.yml b/.github/workflows/reusable_build_images.yml index be27cd3..ae66ad1 100644 --- a/.github/workflows/reusable_build_images.yml +++ b/.github/workflows/reusable_build_images.yml @@ -25,14 +25,14 @@ jobs: fail-fast: false matrix: arch: [amd64, arm64] - runs-on: ${{ (matrix.arch == 'arm64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-22.04' }} + runs-on: ${{ (matrix.arch == 'arm64' && 'oracle-aarch64-4cpu-16gb') || 'ubuntu-22.04' }} steps: - name: Checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Login to Github Packages if: inputs.push - uses: docker/login-action@v1 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} From 8bf943c2ac155f709d62f652b943263a67f72c59 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Fri, 22 Nov 2024 11:02:24 +0100 Subject: [PATCH 4/6] chore: add ansible.posix to requirements. Signed-off-by: Federico Di Pierro --- requirements.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.yml b/requirements.yml index 559cece..e69af9e 100644 --- a/requirements.yml +++ b/requirements.yml @@ -2,3 +2,4 @@ collections: - name: community.docker - name: community.crypto + - name: ansible.posix From af10a4cb86079c96b7c57b7dda883f5055a4d5d8 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Fri, 22 Nov 2024 11:09:46 +0100 Subject: [PATCH 5/6] chore(ansible-playbooks): added ignore file. Signed-off-by: Federico Di Pierro --- ansible-playbooks/.ansible-lint-ignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 ansible-playbooks/.ansible-lint-ignore diff --git a/ansible-playbooks/.ansible-lint-ignore b/ansible-playbooks/.ansible-lint-ignore new file mode 100644 index 0000000..3f7c01e --- /dev/null +++ b/ansible-playbooks/.ansible-lint-ignore @@ -0,0 +1 @@ +roles/scap_open/vars/main.yml var-naming # disable var-naming for scap-open.yml playbook From cc8c0b07837047a95d87910e20e125c17fe788db Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Fri, 22 Nov 2024 11:22:20 +0100 Subject: [PATCH 6/6] fix(roles): add role prefix to scap-open vars. Signed-off-by: Federico Di Pierro --- ansible-playbooks/.ansible-lint-ignore | 1 - ansible-playbooks/roles/scap_open/tasks/main.yml | 14 +++++++------- ansible-playbooks/roles/scap_open/vars/main.yml | 6 +++--- 3 files changed, 10 insertions(+), 11 deletions(-) delete mode 100644 ansible-playbooks/.ansible-lint-ignore diff --git a/ansible-playbooks/.ansible-lint-ignore b/ansible-playbooks/.ansible-lint-ignore deleted file mode 100644 index 3f7c01e..0000000 --- a/ansible-playbooks/.ansible-lint-ignore +++ /dev/null @@ -1 +0,0 @@ -roles/scap_open/vars/main.yml var-naming # disable var-naming for scap-open.yml playbook diff --git a/ansible-playbooks/roles/scap_open/tasks/main.yml b/ansible-playbooks/roles/scap_open/tasks/main.yml index 17280e4..df9e9e5 100644 --- a/ansible-playbooks/roles/scap_open/tasks/main.yml +++ b/ansible-playbooks/roles/scap_open/tasks/main.yml @@ -24,15 +24,15 @@ rescue: - name: Disable Modern Bpf support ansible.builtin.set_fact: - modern_bpf_supported: false + scap_open_modern_bpf_supported: false when: result.rc == 95 - name: Check Old Bpf Support block: - name: Enable old Bpf support ansible.builtin.set_fact: - bpf_supported: true - when: ansible_kernel is version(bpf_minimum_kver[ansible_architecture],'>=') + scap_open_bpf_supported: true + when: ansible_kernel is version(scap_open_bpf_minimum_kver[ansible_architecture],'>=') - name: Prepare the build directory block: @@ -50,7 +50,7 @@ -DUSE_BUNDLED_DEPS=ON -DBUILD_LIBSCAP_MODERN_BPF=OFF -DBUILD_LIBSCAP_GVISOR=OFF - -DBUILD_BPF={{ bpf_supported }} + -DBUILD_BPF={{ scap_open_bpf_supported }} -DCREATE_TEST_TARGETS=OFF .. chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" @@ -139,7 +139,7 @@ cmd: make bpf -j {{ cpus }} chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" register: bpf_probe_result - when: bpf_supported + when: scap_open_bpf_supported changed_when: false rescue: - name: Print error message to stdout --- build bpf probe @@ -161,7 +161,7 @@ cmd: /tmp/scap-open --num_events 50 --bpf driver/bpf/probe.o chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" register: result - when: bpf_supported + when: scap_open_bpf_supported changed_when: false rescue: - name: Print error message to stdout --- scap-open + bpf probe @@ -183,7 +183,7 @@ cmd: /tmp/scap-open --num_events 50 --modern_bpf chdir: "{{ remote_repos_folder }}/repos/{{ repos['libs'].name }}/build" register: result - when: modern_bpf_supported + when: scap_open_modern_bpf_supported changed_when: false rescue: - name: Print error message to stdout --- scap-open + modern probe diff --git a/ansible-playbooks/roles/scap_open/vars/main.yml b/ansible-playbooks/roles/scap_open/vars/main.yml index c1d3acd..6ff5681 100644 --- a/ansible-playbooks/roles/scap_open/vars/main.yml +++ b/ansible-playbooks/roles/scap_open/vars/main.yml @@ -1,6 +1,6 @@ --- -modern_bpf_supported: true -bpf_supported: false -bpf_minimum_kver: +scap_open_modern_bpf_supported: true +scap_open_bpf_supported: false +scap_open_bpf_minimum_kver: aarch64: '4.17' x86_64: '4.14'