forked from aquasecurity/btfhub
-
Notifications
You must be signed in to change notification settings - Fork 0
111 lines (98 loc) · 4.06 KB
/
amzn2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: Update BTFHub Archive for Amazon Linux 2
on:
schedule:
- cron: "0 1 * * *"
workflow_dispatch: {}
env:
CONTAINER: amazonlinux:2
CONTAINER_NAME: build-container
jobs:
amazon-update:
name: update amazon linux 2 btfhub-archive
runs-on: ubuntu-24.04
steps:
- name: github authenticate
run: |
gh auth login --with-token <<<'${{ secrets.DD_BTFHUB_BOT_GITHUB_TOKEN }}'
- name: checkout btfhub
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
token: ${{ secrets.DD_BTFHUB_BOT_GITHUB_TOKEN }}
submodules: 'recursive'
- name: checkout btfhub-archive
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
repository: DataDog/btfhub-archive
ref: main
token: ${{ secrets.DD_BTFHUB_BOT_GITHUB_TOKEN }}
path: archive
sparse-checkout: |
amzn/2
# We manually start a container and execute scripts in it instead of using `jobs.build.container`,
# otherwise we couldn't use GitHub-provided actions (checkout, cache, etc.) as they rely on Node20
# which would not necessarily be available on some containers (e.g., Ubuntu 18.04).
#
# See: https://github.com/actions/checkout/issues/1590
- name: start docker container
run: |
docker pull $CONTAINER
docker run --name $CONTAINER_NAME -d -v ${{ github.workspace }}:/workspace $CONTAINER tail -f /dev/null
- name: install packages
env:
SCRIPT: |
set -ex
yum install -y yum-utils wget tar gzip xz clang make cmake git libdwarf-devel elfutils-libelf-devel elfutils-devel golang
yum-config-manager -y --enable amzn2-core-debuginfo
echo "[amzn2-core-debuginfo-alt]" >> /etc/yum.repos.d/amzn2-core.repo
awk '/^\[/{found=""} /^\[amzn2-core-debuginfo]$/{found=1;next} found && NF' /etc/yum.repos.d/amzn2-core.repo | sed 's/\$basearch/aarch64/g' >> /etc/yum.repos.d/amzn2-core.repo
run: docker exec $CONTAINER_NAME bash -c "$SCRIPT"
- name: setup safe git directories
env:
SCRIPT: |
set -ex
git config --system --add safe.directory /workspace
git config --system --add safe.directory /workspace/3rdparty/dwarves
git config --system --add safe.directory /workspace/3rdparty/bpftool
run: docker exec -w /workspace $CONTAINER_NAME bash -c "$SCRIPT"
- name: install go
uses: ./.github/actions/install-go
with:
container-name: $CONTAINER_NAME
- name: build tar
uses: ./.github/actions/build-tar
with:
container-name: $CONTAINER_NAME
- name: install newer clang
env:
SCRIPT: |
set -ex
yum remove -y clang
wget -nv https://github.com/llvm/llvm-project/releases/download/llvmorg-12.0.1/clang+llvm-12.0.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
tar xf clang+llvm-12.0.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
mv clang+llvm-12.0.1-x86_64-linux-gnu-ubuntu- clang
echo 'export PATH=/workspace/clang/bin:${{ '$PATH' }}' >> /etc/profile
run: docker exec -w /workspace $CONTAINER_NAME bash -c "$SCRIPT"
- name: build pahole
uses: ./.github/actions/build-pahole
with:
container-name: $CONTAINER_NAME
- name: build bpftool
uses: ./.github/actions/build-bpftool
with:
container-name: $CONTAINER_NAME
- name: build btfhub
uses: ./.github/actions/build-btfhub
with:
container-name: $CONTAINER_NAME
go-path: /workspace/go/bin/go
- name: generate BTFs
env:
SCRIPT: |
set -ex
./btfhub -workers 6 -d amzn -r 2 -a x86_64
./btfhub -workers 6 -d amzn -r 2 -a arm64
run: docker exec -w /workspace $CONTAINER_NAME bash -c "$SCRIPT"
- name: commit and push to btfhub-archive
uses: ./.github/actions/commit-btfs
with:
platform: "amzn 2"