/test-infra

Falco workflow & testing infrastructure

Primary LanguageShellApache License 2.0Apache-2.0

test-infra

Falco Infra Repository Stable License

GitHub Workflow & Testing Infrastructure

DBG

DBG stands for Drivers Build Grid.

It's a tool that we created to prebuilt a set of Falco drivers (both kernel module and eBPF probe) for various target distro and kernel releases, by using driverkit.

You can find more about it here.

Contribute

You can contribute in order to distribute prebuilt Falco drivers for new Linux kernel releases by following this guide.

Prow

Prow is a CI/CD system running on Kubernetes.

This directory contains the resources composing the Falco's workflow & testing infrastructure.

Are you looking for Deck to check the merge queue and prow jobs?

Adding a Job on Prow

Falco is the first Public Prow instance running 100% on AWS infrastructure. This means there are slight differences when it comes to adding jobs to Falco's Prow.

Job Types

There are three types of prow jobs:

  • Presubmits run against code in PRs

  • Postsubmits run after merging code

  • Periodics run on a periodic basis

Create a Presubmits job that run's tests on PR's.

  1. We add a file at config/jobs/build-drivers/build-drivers.yaml

 presubmits:
  falcosecurity/test-infra: #Name of the org/repo
  - name: build-drivers-amazonlinux-presubmit
    decorate: true
    skip_report: false
    agent: kubernetes
    branches:
      - ^master$
    spec:
      containers:
      - command:
        - /workspace/build-drivers.sh
        - amazonlinux
        env:
        - name: AWS_REGION
          value: eu-west-1
        image: 292999226676.dkr.ecr.eu-west-1.amazonaws.com/test-infra/build-drivers:latest
        imagePullPolicy: Always
        securityContext:
          privileged: true

A few things to call out.

  • branches: ^master$ is telling prow to run this on any branch but Master
  • command: /workspace/build-drivers.sh this is telling the docker container to run as the test script. See the script
  • privileged: true This is required when using Docker in Docker, or Docker builds.
  • decorate: true is adding pod utilities to the prow jobs as an init container. This pulls in source code for the job, to leverage scripts and files in the pull request.
  1. Once we add this job, we're going to create our PR, and test this via Github / commands.