CI/CD #26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) Microsoft Corporation | |
| # SPDX-License-Identifier: MIT | |
| # This is the top-level workflow that runs on each pull request and push to main. | |
| # It invokes other jobs to perform builds and run tests. | |
| # All jobs run in parallel, using build artifacts to synchronize jobs. | |
| # | |
| # If you add or remove any tests that use reusable-test.yml on a pull request, | |
| # you must update codecov.yml to match. | |
| name: CI/CD | |
| on: | |
| # Run on a daily schedule to perform the full set of tests. | |
| schedule: | |
| - cron: '00 8 * * *' | |
| # Run on pull request to validate code changes. | |
| pull_request: | |
| merge_group: | |
| # Permit manual runs of the workflow. | |
| workflow_dispatch: | |
| # Run on push so we can capture the baseline code coverage. | |
| push: | |
| branches: [ main ] | |
| concurrency: | |
| # Cancel any in-progress instance of this workflow (CI/CD) for the same PR. | |
| # Allow running concurrently with any commits on any other branch. | |
| # Using GITHUB_REF instead of GITHUB_SHA allows parallel runs on | |
| # different branches with the same HEAD commit. | |
| group: cicd-${{ github.event.schedule || github.event.pull_request.number || github.event.after || github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| id-token: write # Required to log in to Azure. | |
| contents: read | |
| checks: read # Required by reusable-test.yml to check build status. | |
| security-events: write # Required by codeql task. | |
| issues: write # Required to create issues. | |
| jobs: | |
| # Jobs to run on pull, push, and schedule. | |
| # --------------------------------------------------------------------------- | |
| # Perform the regular build. | |
| regular: | |
| # Always run this job. | |
| if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' | |
| uses: ./.github/workflows/reusable-build.yml | |
| with: | |
| ref: ${{ github.ref }} | |
| build_artifact: Build-x64 | |
| configurations: '["Debug", "Release"]' | |
| # Run the ntosebpfext unit tests in GitHub. | |
| ntosebpfext_units: | |
| # Always run this job. | |
| needs: regular | |
| if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' | |
| uses: ./.github/workflows/reusable-test.yml | |
| with: | |
| name: ntosebpfext_units | |
| test_command: .\ntosebpfext_unit.exe -d yes | |
| build_artifact: Build-x64 | |
| environment: windows-2022 | |
| code_coverage: true | |
| gather_dumps: true | |
| capture_etw: true | |
| leak_detection: true | |
| # Process_Monitor test | |
| # Disabled until https://github.com/microsoft/ebpf-for-windows/issues/3484 is fixed and a new release is available. | |
| # process_monitor: | |
| # # Always run this job. | |
| # needs: regular | |
| # if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' | |
| # uses: ./.github/workflows/reusable-test.yml | |
| # with: | |
| # name: process_monitor | |
| # pre_test: powershell .\Install-eBpfForWindows.ps1 0.15.1 | |
| # test_command: powershell .\Test-ProcessMonitor.ps1 | |
| # build_artifact: Build-x64 | |
| # environment: windows-2022 | |
| # capture_etw: true | |
| ossar: | |
| # Always run this job. | |
| needs: regular | |
| if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' | |
| uses: ./.github/workflows/ossar-scan.yml | |
| with: | |
| build_artifact: Build-x64 | |
| # Additional jobs to run on pull and schedule only (skip push). | |
| # --------------------------------------------------------------------------- | |
| # Build with C++ static analyzer. | |
| analyze: | |
| # Only run on schedule and pull request. | |
| if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' | |
| uses: ./.github/workflows/reusable-build.yml | |
| with: | |
| ref: ${{ github.ref }} | |
| build_artifact: Build-x64-Analyze | |
| # Analysis on external projects is conditional, as on small CI/CD VMs the compiler can run OOM | |
| build_options: /p:Analysis='True' /p:AnalysisOnExternal='False' | |
| # Build with C++ address sanitizer. | |
| sanitize: | |
| # Only run on schedule and pull request. | |
| if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' | |
| uses: ./.github/workflows/reusable-build.yml | |
| with: | |
| ref: ${{ github.ref }} | |
| build_artifact: Build-x64-Sanitize | |
| build_options: /p:AddressSanitizer='True' | |
| # Additional jobs to run on a schedule only (skip push and pull request). | |
| # --------------------------------------------------------------------------- | |
| codeql: | |
| # Only run during daily scheduled run | |
| if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' | |
| uses: ./.github/workflows/reusable-build.yml | |
| with: | |
| ref: ${{ github.ref }} | |
| build_artifact: Build-x64-CodeQl | |
| build_codeql: true |