-
Notifications
You must be signed in to change notification settings - Fork 11
154 lines (139 loc) · 6.37 KB
/
cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
# Copyright (c) Microsoft Corporation
# SPDX-License-Identifier: MIT
# This is the top-level workflow that runs on each pull request and push to main.
# It invokes other jobs to perform builds and run tests.
# All jobs run in parallel, using build artifacts to synchronize jobs.
#
# If you add or remove any tests that use reusable-test.yml on a pull request,
# you must update codecov.yml to match.
name: CI/CD
on:
# Run on a daily schedule to perform the full set of tests.
schedule:
- cron: '00 8 * * *'
# Run on pull request to validate code changes.
pull_request:
merge_group:
# Permit manual runs of the workflow.
workflow_dispatch:
# Run on push so we can capture the baseline code coverage.
push:
branches: [ main ]
concurrency:
# Cancel any in-progress instance of this workflow (CI/CD) for the same PR.
# Allow running concurrently with any commits on any other branch.
# Using GITHUB_REF instead of GITHUB_SHA allows parallel runs on
# different branches with the same HEAD commit.
group: cicd-${{ github.event.schedule || github.event.pull_request.number || github.event.after || github.ref }}
cancel-in-progress: true
permissions:
id-token: write # Required to log in to Azure.
contents: read
checks: read # Required by reusable-test.yml to check build status.
security-events: write # Required by codeql task.
issues: write # Required to create issues.
jobs:
# Jobs to run on pull, push, and schedule.
# ---------------------------------------------------------------------------
# Perform the regular build.
regular:
# Always run this job.
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-build.yml
with:
ref: ${{ github.ref }}
build_artifact: Build-x64
build_nuget: true
configurations: '["Debug", "Release"]'
# Perform the onebranch build.
onebranch:
# Always run this job.
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-build.yml
with:
ref: ${{ github.ref }}
build_artifact: Build-x64-onebranch
build_options: /p:BuildOneBranch='True' /t:tools\onebranch
configurations: '["Debug", "Release"]'
# Run the ntosebpfext unit tests in GitHub.
ntosebpfext_units:
# Always run this job.
needs: regular
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-test.yml
with:
name: ntosebpfext_units
test_command: .\ntosebpfext_unit.exe -d yes
build_artifact: Build-x64
environment: windows-2022
code_coverage: true
gather_dumps: true
capture_etw: true
leak_detection: true
# Process_Monitor test
process_monitor:
# Always run this job.
needs: regular
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-test.yml
with:
name: process_monitor
pre_test: powershell -file .\bin\process_monitor.Tests\win-x64\Install-eBpfForWindows.ps1 0.18.0 && powershell -file .\bin\process_monitor.Tests\win-x64\Setup-ProcessMonitorTests.ps1 -ArtifactsRoot .
test_command: dotnet test .\bin\process_monitor.Tests\win-x64\process_monitor.Tests.dll
build_artifact: Build-x64
environment: windows-2022
capture_etw: true
# Run the neteventebpfext unit tests in GitHub.
neteventebpfext_units:
# Always run this job.
needs: regular
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-test.yml
with:
name: neteventebpfext unit tests
pre_test: powershell -file .\bin\process_monitor.Tests\win-x64\Install-eBpfForWindows.ps1 0.18.0
test_command: .\neteventebpfext_unit.exe -d yes
build_artifact: Build-x64
environment: windows-2022
code_coverage: true
gather_dumps: true
capture_etw: true
leak_detection: true
ossar:
# Always run this job.
needs: regular
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/ossar-scan.yml
with:
build_artifact: Build-x64
# Additional jobs to run on pull and schedule only (skip push).
# ---------------------------------------------------------------------------
# Build with C++ static analyzer.
analyze:
# Only run on schedule and pull request.
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-build.yml
with:
ref: ${{ github.ref }}
build_artifact: Build-x64-Analyze
# Analysis on external projects is conditional, as on small CI/CD VMs the compiler can run OOM
build_options: /p:Analysis='True' /p:AnalysisOnExternal='False'
# Build with C++ address sanitizer.
sanitize:
# Only run on schedule and pull request.
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-build.yml
with:
ref: ${{ github.ref }}
build_artifact: Build-x64-Sanitize
build_options: /p:AddressSanitizer='True'
# Additional jobs to run on a schedule only (skip push and pull request).
# ---------------------------------------------------------------------------
codeql:
# Only run during daily scheduled run
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-build.yml
with:
ref: ${{ github.ref }}
build_artifact: Build-x64-CodeQl
build_codeql: true