8 files changed, 332 insertions, 0 deletions

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..d9697ba
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,91 @@
+name: libbpf-build
+
+on:
+  pull_request:
+  push:
+  schedule:
+    - cron:  '0 18 * * *'
+
+concurrency:
+  group: ci-build-${{ github.head_ref }}
+  cancel-in-progress: true
+
+jobs:
+
+  debian:
+    runs-on: ubuntu-latest
+    name: Debian Build (${{ matrix.name }})
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: default
+            target: RUN
+          - name: ASan+UBSan
+            target: RUN_ASAN
+          - name: clang ASan+UBSan
+            target: RUN_CLANG_ASAN
+          - name: gcc-10 ASan+UBSan
+            target: RUN_GCC10_ASAN
+          - name: clang
+            target: RUN_CLANG
+          - name: clang-14
+            target: RUN_CLANG14
+          - name: clang-15
+            target: RUN_CLANG15
+          - name: clang-16
+            target: RUN_CLANG16
+          - name: gcc-10
+            target: RUN_GCC10
+          - name: gcc-11
+            target: RUN_GCC11
+          - name: gcc-12
+            target: RUN_GCC12
+    steps:
+      - uses: actions/checkout@v3
+        name: Checkout
+      - uses: ./.github/actions/setup
+        name: Setup
+      - uses: ./.github/actions/debian
+        name: Build
+        with:
+          target: ${{ matrix.target }}
+
+  ubuntu:
+    runs-on: ubuntu-latest
+    name: Ubuntu Focal Build (${{ matrix.arch }})
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arch: aarch64
+          - arch: ppc64le
+          - arch: s390x
+          - arch: x86
+    steps:
+      - uses: actions/checkout@v3
+        name: Checkout
+      - uses: ./.github/actions/setup
+        name: Pre-Setup
+      - run: source /tmp/ci_setup && sudo -E $CI_ROOT/managers/ubuntu.sh
+        if: matrix.arch == 'x86'
+        name: Setup
+      - uses: uraimo/run-on-arch-action@v2.0.5
+        name: Build in docker
+        if: matrix.arch != 'x86'
+        with:
+          distro:
+            ubuntu20.04
+          arch:
+            ${{ matrix.arch }}
+          setup:
+            cp /tmp/ci_setup $GITHUB_WORKSPACE
+          dockerRunArgs: |
+            --volume "${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}"
+          shell: /bin/bash
+          install: |
+            export DEBIAN_FRONTEND=noninteractive
+            export TZ="America/Los_Angeles"
+            apt-get update -y
+            apt-get install -y tzdata build-essential sudo
+          run: source ${GITHUB_WORKSPACE}/ci_setup && $CI_ROOT/managers/ubuntu.sh
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
new file mode 100644
index 0000000..bcada62
--- /dev/null
+++ b/.github/workflows/cifuzz.yml
@@ -0,0 +1,40 @@
+---
+# https://google.github.io/oss-fuzz/getting-started/continuous-integration/
+name: CIFuzz
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    if: github.repository == 'libbpf/libbpf'
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer: [address, undefined, memory]
+    steps:
+      - name: Build Fuzzers (${{ matrix.sanitizer }})
+        id: build
+        uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+        with:
+          oss-fuzz-project-name: 'libbpf'
+          dry-run: false
+          allowed-broken-targets-percentage: 0
+          sanitizer: ${{ matrix.sanitizer }}
+      - name: Run Fuzzers (${{ matrix.sanitizer }})
+        uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+        with:
+          oss-fuzz-project-name: 'libbpf'
+          fuzz-seconds: 300
+          dry-run: false
+          sanitizer: ${{ matrix.sanitizer }}
+      - name: Upload Crash
+        uses: actions/upload-artifact@v1
+        if: failure() && steps.build.outcome == 'success'
+        with:
+          name: ${{ matrix.sanitizer }}-artifacts
+          path: ./out/artifacts
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..5d3ecf3
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,52 @@
+---
+# vi: ts=2 sw=2 et:
+
+name: "CodeQL"
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-22.04
+    concurrency:
+      group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }}
+      cancel-in-progress: true
+    permissions:
+      actions: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['cpp', 'python']
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-extended,security-and-quality
+
+      - name: Setup
+        uses: ./.github/actions/setup
+
+      - name: Build
+        run: |
+          source /tmp/ci_setup
+          make -C ./src
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0000000..8caa8ad
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,32 @@
+name: libbpf-ci-coverity
+
+on:
+  schedule:
+    - cron:  '0 18 * * *'
+
+
+jobs:
+  coverity:
+    runs-on: ubuntu-latest
+    if: github.repository == 'libbpf/libbpf'
+    name: Coverity
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./.github/actions/setup
+      - name: Run coverity
+        run: |
+          source "${GITHUB_WORKSPACE}"/ci/vmtest/helpers.sh
+          foldable start "Setup CI env"
+          source /tmp/ci_setup
+          export COVERITY_SCAN_NOTIFICATION_EMAIL="${AUTHOR_EMAIL}"
+          export COVERITY_SCAN_BRANCH_PATTERN=${GITHUB_REF##refs/*/}
+          export TRAVIS_BRANCH=${COVERITY_SCAN_BRANCH_PATTERN}
+          foldable end
+          scripts/coverity.sh
+        env:
+          COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+          COVERITY_SCAN_PROJECT_NAME: libbpf
+          COVERITY_SCAN_BUILD_COMMAND_PREPEND: 'cd src/'
+          COVERITY_SCAN_BUILD_COMMAND: 'make'
+      - name: SCM log
+        run: cat /home/runner/work/libbpf/libbpf/src/cov-int/scm_log.txt
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
new file mode 100644
index 0000000..35e7091
--- /dev/null
+++ b/.github/workflows/lint.yml
@@ -0,0 +1,19 @@
+name: "lint"
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+
+jobs:
+  shellcheck:
+    name: ShellCheck
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Run ShellCheck
+        uses: ludeeus/action-shellcheck@master
+        env:
+          SHELLCHECK_OPTS: --severity=error
diff --git a/.github/workflows/ondemand.yml b/.github/workflows/ondemand.yml
new file mode 100644
index 0000000..6cd46e5
--- /dev/null
+++ b/.github/workflows/ondemand.yml
@@ -0,0 +1,36 @@
+name: ondemand
+
+on:
+  workflow_dispatch:
+    inputs:
+      kernel-origin:
+        description: 'git repo for linux kernel'
+        default: 'https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git'
+        required: true
+      kernel-rev:
+        description: 'rev/tag/branch for linux kernel'
+        default: "master"
+        required: true
+      pahole-origin:
+        description: 'git repo for pahole'
+        default: 'https://git.kernel.org/pub/scm/devel/pahole/pahole.git'
+        required: true
+      pahole-rev:
+        description: 'ref/tag/branch for pahole'
+        default: "master"
+        required: true
+
+jobs:
+  vmtest:
+    runs-on: ubuntu-latest
+    name: vmtest with customized pahole/Kernel
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./.github/actions/setup
+      - uses: ./.github/actions/vmtest
+        with:
+          kernel: 'LATEST'
+          kernel-rev: ${{ github.event.inputs.kernel-rev }}
+          kernel-origin: ${{ github.event.inputs.kernel-origin }}
+          pahole: ${{ github.event.inputs.pahole-rev }}
+          pahole-origin: ${{ github.event.inputs.pahole-origin }}
diff --git a/.github/workflows/pahole.yml b/.github/workflows/pahole.yml
new file mode 100644
index 0000000..37840ff
--- /dev/null
+++ b/.github/workflows/pahole.yml
@@ -0,0 +1,20 @@
+name: pahole-staging
+
+on:
+  schedule:
+    - cron:  '0 18 * * *'
+
+
+jobs:
+  vmtest:
+    runs-on: ubuntu-20.04
+    name: Kernel LATEST + staging pahole
+    env:
+      STAGING: tmp.master
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./.github/actions/setup
+      - uses: ./.github/actions/vmtest
+        with:
+          kernel: LATEST
+          pahole: $STAGING
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..1e7224c
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,42 @@
+name: libbpf-ci
+
+on: 
+  pull_request:
+  push:
+  schedule:
+    - cron:  '0 18 * * *'
+
+concurrency: 
+  group: ci-test-${{ github.head_ref }}
+  cancel-in-progress: true
+
+jobs:
+  vmtest:
+    runs-on: ${{ matrix.runs_on }}
+    name: Kernel ${{ matrix.kernel }} on ${{ matrix.runs_on }} + selftests
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - kernel: 'LATEST'
+            runs_on: ubuntu-20.04
+            arch: 'x86_64'
+          - kernel: '5.5.0'
+            runs_on: ubuntu-20.04
+            arch: 'x86_64'
+          - kernel: '4.9.0'
+            runs_on: ubuntu-20.04
+            arch: 'x86_64'
+          - kernel: 'LATEST'
+            runs_on: s390x
+            arch: 's390x'
+    steps:
+      - uses: actions/checkout@v3
+        name: Checkout
+      - uses: ./.github/actions/setup
+        name: Setup
+      - uses: ./.github/actions/vmtest
+        name: vmtest
+        with:
+          kernel: ${{ matrix.kernel }}
+          arch: ${{ matrix.arch }}