Skip to content

CI/CD

CI/CD #655

Workflow file for this run

# Copyright (c) Microsoft Corporation
# SPDX-License-Identifier: MIT
# This is the top-level workflow that runs on each pull request and push to main.
# It invokes other jobs to perform builds and run tests.
# All jobs run in parallel, using build artifacts to synchronize jobs.
#
# If you add or remove any tests that use reusable-test.yml on a pull request,
# you must update codecov.yml to match.
name: CI/CD
on:
# Run on a daily schedule to perform the full set of tests.
schedule:
- cron: '00 8 * * *'
# Run on pull request to validate code changes.
pull_request:
merge_group:
# Permit manual runs of the workflow.
workflow_dispatch:
# Run on push so we can capture the baseline code coverage.
push:
branches: [ main ]
concurrency:
# Cancel any in-progress instance of this workflow (CI/CD) for the same PR.
# Allow running concurrently with any commits on any other branch.
# Using GITHUB_REF instead of GITHUB_SHA allows parallel runs on
# different branches with the same HEAD commit.
group: cicd-${{ github.event.schedule || github.event.pull_request.number || github.event.after || github.ref }}
cancel-in-progress: true
permissions:
id-token: write # Required to log in to Azure.
contents: read
checks: read # Required by reusable-test.yml to check build status.
security-events: write # Required by codeql task.
issues: write # Required to create issues.
jobs:
# Jobs to run on pull, push, and schedule.
# ---------------------------------------------------------------------------
# Perform the regular build.
regular:
# Always run this job.
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-build.yml
with:
ref: ${{ github.ref }}
build_artifact: Build-x64
build_nuget: true
configurations: '["Debug", "Release"]'
# Perform the onebranch build.
onebranch:
# Always run this job.
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-build.yml
with:
ref: ${{ github.ref }}
build_artifact: Build-x64-onebranch
build_options: /p:BuildOneBranch='True' /t:tools\onebranch
configurations: '["Debug", "Release"]'
# Run the ntosebpfext unit tests in GitHub.
ntosebpfext_units:
# Always run this job.
needs: regular
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-test.yml
with:
name: ntosebpfext_units
test_command: .\ntosebpfext_unit.exe -d yes
build_artifact: Build-x64
environment: windows-2022
code_coverage: true
gather_dumps: true
capture_etw: true
leak_detection: true
# Process_Monitor test
process_monitor:
# Always run this job.
needs: regular
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-test.yml
with:
name: process_monitor
pre_test: powershell -file .\bin\process_monitor.Tests\win-x64\Install-eBpfForWindows.ps1 0.18.0 && powershell -file .\bin\process_monitor.Tests\win-x64\Setup-ProcessMonitorTests.ps1 -ArtifactsRoot .
test_command: dotnet test .\bin\process_monitor.Tests\win-x64\process_monitor.Tests.dll
build_artifact: Build-x64
environment: windows-2022
capture_etw: true
# Run the neteventebpfext unit tests in GitHub.
neteventebpfext_units:
# Always run this job.
needs: regular
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-test.yml
with:
name: neteventebpfext unit tests
pre_test: powershell -file .\bin\process_monitor.Tests\win-x64\Install-eBpfForWindows.ps1 0.18.0
test_command: .\neteventebpfext_unit.exe -d yes
build_artifact: Build-x64
environment: windows-2022
code_coverage: true
gather_dumps: true
capture_etw: true
leak_detection: true
ossar:
# Always run this job.
needs: regular
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'push' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/ossar-scan.yml
with:
build_artifact: Build-x64
# Additional jobs to run on pull and schedule only (skip push).
# ---------------------------------------------------------------------------
# Build with C++ static analyzer.
analyze:
# Only run on schedule and pull request.
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-build.yml
with:
ref: ${{ github.ref }}
build_artifact: Build-x64-Analyze
# Analysis on external projects is conditional, as on small CI/CD VMs the compiler can run OOM
build_options: /p:Analysis='True' /p:AnalysisOnExternal='False'
# Build with C++ address sanitizer.
sanitize:
# Only run on schedule and pull request.
if: github.event_name == 'schedule' || github.event_name == 'pull_request' || github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-build.yml
with:
ref: ${{ github.ref }}
build_artifact: Build-x64-Sanitize
build_options: /p:AddressSanitizer='True'
# Additional jobs to run on a schedule only (skip push and pull request).
# ---------------------------------------------------------------------------
codeql:
# Only run during daily scheduled run
if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/reusable-build.yml
with:
ref: ${{ github.ref }}
build_artifact: Build-x64-CodeQl
build_codeql: true