Skip to content

Falco's workflow & testing infrastructure

Notifications You must be signed in to change notification settings

emcay/test-infra

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GitHub Workflow & Testing Infrastructure

DBG

DBG stands for Drivers Build Grid.

It's a tool that we created to prebuilt a set of Falco drivers (both kernel module and eBPF probe) for various target distro and kernel releases, by using driverkit.

You can find more about it here.

Prow

Prow is a CI/CD system running on Kubernetes.

This directory contains the resources composing the Falco's workflow & testing infrastructure.

Are you looking for Deck to check the merge queue and prow jobs?

Adding a Job on Prow

Falco is the first Public Prow instance running 100% on AWS infrastructure. This means there are slight differences when it comes to adding jobs to Falco's Prow.

Job Types

There are three types of prow jobs:

  • Presubmits run against code in PRs

  • Postsubmits run after merging code

  • Periodics run on a periodic basis

Create a Presubmits job that run's tests on PR's.

  1. We add a file at config/jobs/build-drivers/build-drivers.yaml

 presubmits:
  falcosecurity/test-infra: #Name of the org/repo
  - name: build-drivers-amazonlinux-presubmit
    decorate: true
    skip_report: false
    agent: kubernetes
    branches:
      - ^master$
    spec:
      containers:
      - command:
        - /workspace/build-drivers.sh
        - amazonlinux
        env:
        - name: AWS_REGION
          value: eu-west-1
        image: 292999226676.dkr.ecr.eu-west-1.amazonaws.com/test-infra/build-drivers:latest
        imagePullPolicy: Always
        securityContext:
          privileged: true

A few things to call out.

  • branches: ^master$ is telling prow to run this on any branch but Master
  • command: /workspace/build-drivers.sh this is telling the docker container to run as the test script. See the script
  • privileged: true This is required when using Docker in Docker, or Docker builds.
  • decorate: true is adding pod utilities to the prow jobs as an init container. This pulls in source code for the job, to leverage scripts and files in the pull request.
  1. Once we add this job, we're going to createe our PR, and test this via Github / commands.

About

Falco's workflow & testing infrastructure

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 48.5%
  • HCL 28.2%
  • Makefile 10.0%
  • Go 7.9%
  • Dockerfile 4.0%
  • HTML 1.4%