From 43de9ab64553439290cd57cc9c7be361b729b249 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Thu, 12 Oct 2023 08:29:46 +0200 Subject: [PATCH 1/4] new(ci): run update-kernels daily. Signed-off-by: Federico Di Pierro --- .github/workflows/update-kernels.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-kernels.yml b/.github/workflows/update-kernels.yml index 1158f4c..080471a 100644 --- a/.github/workflows/update-kernels.yml +++ b/.github/workflows/update-kernels.yml @@ -31,7 +31,7 @@ on: - Talos - Ubuntu schedule: - - cron: '30 6 * * 1' + - cron: '30 6 * * *' # Checks if any concurrent jobs is running for kernels CI and eventually cancel it. concurrency: From aa02b155725022d83cef2ae656900558d4dacf0a Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Thu, 19 Oct 2023 11:40:40 +0200 Subject: [PATCH 2/4] chore(ci): avoid the needs to push to `kernels` branch. Instead, directly deploy pages using `update-kernels` github action. Signed-off-by: Federico Di Pierro Co-authored-by: Massimiliano Giovagnoli --- .github/workflows/update-kernels.yml | 99 ++++-------------- index.html | 151 +++++++++++++++++++++++++++ 2 files changed, 169 insertions(+), 81 deletions(-) create mode 100644 index.html diff --git a/.github/workflows/update-kernels.yml b/.github/workflows/update-kernels.yml index 080471a..fa72f1d 100644 --- a/.github/workflows/update-kernels.yml +++ b/.github/workflows/update-kernels.yml @@ -3,33 +3,6 @@ name: Update Kernels on: workflow_dispatch: - inputs: - distro: - description: distro of which to perform the update - type: choice - required: true - options: - - '*' - - AliyunLinux - - AlmaLinux - - AmazonLinux - - AmazonLinux2 - - AmazonLinux2022 - - AmazonLinux2023 - - ArchLinux - - BottleRocket - - CentOS - - Debian - - Fedora - - Flatcar - - Minikube - - OpenSUSE - - OracleLinux - - PhotonOS - - Redhat - - RockyLinux - - Talos - - Ubuntu schedule: - cron: '30 6 * * *' @@ -45,71 +18,35 @@ jobs: image: falcosecurity/kernel-crawler:latest options: -u root permissions: - contents: write - pull-requests: write + contents: read + pages: write + id-token: write steps: - name: Checkout crawler uses: actions/checkout@v3 - with: - ref: kernels - - - name: Fetch distro - run: | - INPUT_DISTRO=${{ inputs.distro }} - DISTRO=${INPUT_DISTRO:-'*'} - echo "distro=$DISTRO" >> $GITHUB_ENV - - - name: Setup jq - run: apt-get update && apt-get install jq -y - - - name: Prepare commit body - id: prep_commit_msg - run: | - COMMIT_MSG="This PR updates the list of kernels from the latest crawling \ - $(if [ "${{ env.distro }}" != '*' ]; then echo " for distro ${{ env.distro }}"; fi). \ - Do not edit this PR." - echo "commit_msg=$COMMIT_MSG" >> $GITHUB_OUTPUT - name: Run crawler for x86_64 run: | mkdir $RUNNER_TEMP/x86_64 - kernel-crawler crawl --distro=${{ env.distro }} > $RUNNER_TEMP/x86_64/list.json + kernel-crawler crawl --distro="*" > $RUNNER_TEMP/x86_64/list.json - name: Run crawler for aarch64 run: | mkdir $RUNNER_TEMP/aarch64 - kernel-crawler crawl --distro=${{ env.distro }} --arch=aarch64 > $RUNNER_TEMP/aarch64/list.json + kernel-crawler crawl --distro="*" --arch=aarch64 > $RUNNER_TEMP/aarch64/list.json - - name: Single distro update - if: ${{ github.event_name == 'workflow_dispatch' && inputs.distro != '*' }} + - name: Move everything under site folder run: | - jq --arg distroKey "${{ inputs.distro }}" \ - --slurpfile newValues $RUNNER_TEMP/x86_64/list.json \ - 'if .[$distroKey] then .[$distroKey] = $newValues[][] else . end' \ - x86_64/list.json > $RUNNER_TEMP/x86_64/output.json - jq --arg distroKey "${{ inputs.distro }}" \ - --slurpfile newValues $RUNNER_TEMP/aarch64/list.json \ - 'if .[$distroKey] then .[$distroKey] = $newValues[][] else . end' \ - aarch64/list.json > $RUNNER_TEMP/aarch64/output.json - mv $RUNNER_TEMP/x86_64/output.json $RUNNER_TEMP/x86_64/list.json - mv $RUNNER_TEMP/aarch64/output.json $RUNNER_TEMP/aarch64/list.json - - - name: Update json lists - run: | - mv $RUNNER_TEMP/x86_64/list.json x86_64/list.json - mv $RUNNER_TEMP/aarch64/list.json aarch64/list.json - - - name: Update last run distro - run: | - echo "${{ env.distro }}" > last_run_distro.txt - - - name: Create Pull Request - uses: peter-evans/create-pull-request@v5-rc + mkdir site/ + mv index.html site/ + mkdir site/aarch64/ + $RUNNER_TEMP/aarch64/list.json site/aarch64 + mkdir site/x86_64/ + mv $RUNNER_TEMP/x86_64/list.json site/x86_64/ + + - uses: actions/upload-pages-artifact@v1 with: - signoff: true - branch: update/kernels - base: kernels - title: 'update(kernels): update kernel json lists.' - body: ${{ steps.prep_commit_msg.outputs.commit_msg }} - commit-message: 'update(kernels): update kernel json lists.' - token: ${{ secrets.GITHUB_TOKEN }} + path: 'site' + + - id: deployment + uses: actions/deploy-pages@v1g diff --git a/index.html b/index.html new file mode 100644 index 0000000..64a6c58 --- /dev/null +++ b/index.html @@ -0,0 +1,151 @@ + + + + + Kernel Crawler + + + + + + + + + + + + +
+ falco logo +
+
+ Architecture: +
+
+ Target: +
+ + + + + + + + + + + +
TargetKernel ReleaseKernel VersionHeadersConfigLink
+ + + From 704eef3907fee3e7101dd593aa28a321d524cb56 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Thu, 19 Oct 2023 12:02:26 +0200 Subject: [PATCH 3/4] chore(ci): properly validate produced jsons. Signed-off-by: Federico Di Pierro --- .github/workflows/update-kernels.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/update-kernels.yml b/.github/workflows/update-kernels.yml index fa72f1d..c01431a 100644 --- a/.github/workflows/update-kernels.yml +++ b/.github/workflows/update-kernels.yml @@ -35,6 +35,16 @@ jobs: mkdir $RUNNER_TEMP/aarch64 kernel-crawler crawl --distro="*" --arch=aarch64 > $RUNNER_TEMP/aarch64/list.json + - name: Install deps + run: | + apt update + apt install -y jq + + - name: Validate jsons + run: | + cat $RUNNER_TEMP/x86_64/list.json | jq empty + cat $RUNNER_TEMP/aarch64/list.json | jq empty + - name: Move everything under site folder run: | mkdir site/ From 53a223900ab2c78a9a3cd9be7b8d48895c023eae Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Thu, 19 Oct 2023 12:21:07 +0200 Subject: [PATCH 4/4] chore: updated readme. Signed-off-by: Federico Di Pierro --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0689890..57fe653 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,9 @@ ![Architectures](https://img.shields.io/badge/ARCHS-x86__64%7Caarch64-blueviolet?style=for-the-badge) It is a tool used to crawl supported kernels by multiple distros, and generate a [driverkit](https://github.com/falcosecurity/driverkit)-like config json. -Output json can be found, for each supported architecture, under [kernels](https://github.com/falcosecurity/kernel-crawler/tree/kernels) branch and on gh pages: https://falcosecurity.github.io/kernel-crawler/. +Output json can be found, for each supported architecture, on gh pages: https://falcosecurity.github.io/kernel-crawler/: +* [aarch64](https://falcosecurity.github.io/kernel-crawler/aarch64/list.json) +* [x86_64](https://falcosecurity.github.io/kernel-crawler/x86_64/list.json) A weekly [github action workflow](https://github.com/falcosecurity/kernel-crawler/actions/workflows/update-kernels.yml) will open a PR on this repo to update the json. As soon as the PR is merged and the json updated, a [prow job](https://github.com/falcosecurity/test-infra/blob/master/config/jobs/update-dbg/update-dbg.yaml) will create a PR on [test-infra](https://github.com/falcosecurity/test-infra) to generate the new Driverkit configs from the updated json.