drop both IPv4 and IPv6 traffic in networkpolicy drop acl (#3940) #7057
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Windows | |
on: | |
workflow_dispatch: | |
release: | |
pull_request: | |
branches: | |
- master | |
paths-ignore: | |
- 'docs/**' | |
- '**.md' | |
push: | |
branches: | |
- master | |
- release-* | |
paths-ignore: | |
- 'docs/**' | |
- '**.md' | |
concurrency: | |
group: "${{ github.workflow }}-${{ github.ref }}" | |
cancel-in-progress: true | |
env: | |
GO_VERSION: '' | |
GOSEC_VERSION: '2.18.2' | |
jobs: | |
filter: | |
name: Path Filter | |
runs-on: ubuntu-22.04 | |
outputs: | |
build-ovs-ovn: ${{ steps.filter.outputs.windows-ovs-ovn }} | |
build-kube-ovn: ${{ steps.filter.outputs.windows-kube-ovn }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION || '' }} | |
go-version-file: go.mod | |
check-latest: true | |
cache: false | |
- name: Generate path filter | |
env: | |
GOOS: windows | |
run: | | |
filter=".github/path-filters.yaml" | |
workflow=$(echo ${{ github.workflow_ref }} | awk -F@ '{print $1}' | sed 's@^${{ github.repository }}/@@') | |
cat > $filter <<EOF | |
windows-ovs-ovn: | |
- $workflow | |
windows-kube-ovn: | |
- $workflow | |
- go.mod | |
- go.sum | |
EOF | |
sh hack/go-list.sh cmd/cni | while read f; do | |
echo "- $f" | tee -a $filter | |
done | |
sh hack/go-list.sh cmd/windows | while read f; do | |
echo "- $f" | tee -a $filter | |
done | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
base: ${{ github.base_ref || github.ref_name }} | |
filters: .github/path-filters.yaml | |
list-files: csv | |
build-ovs-and-ovn: | |
name: Build OVS and OVN | |
needs: filter | |
runs-on: windows-2019 | |
if: github.event_name == 'release' || github.event_name == 'workflow_dispatch' || needs.filter.outputs.build-ovs-ovn == 'true' | |
steps: | |
- name: Check out PTHREADS4W | |
run: | | |
New-Item -ItemType directory -Path pthreads4w | |
git clone https://git.code.sf.net/p/pthreads4w/code pthreads4w\code | |
- name: Check out OVS | |
uses: actions/checkout@v4 | |
with: | |
repository: openvswitch/ovs | |
ref: branch-3.1 | |
path: ovs | |
- name: Check out OVN | |
uses: actions/checkout@v4 | |
with: | |
repository: ovn-org/ovn | |
ref: branch-22.12 | |
path: ovn | |
- name: Apply OVS patches | |
working-directory: ovs | |
run: | | |
# fix kernel crash | |
Invoke-WebRequest -Uri "https://github.com/kubeovn/ovs/commit/64383c14a9c25e9e0ca53c6758d9499c60132536.patch" -OutFile ..\ovs-01.patch | |
# support for building in github actions | |
Invoke-WebRequest -Uri "https://github.com/kubeovn/ovs/commit/d170c6237cb6a7bbe16f916ab2286c3c942a852c.patch" -OutFile ..\ovs-02.patch | |
# listen on tcp 127.0.0.1:6643 by default | |
Invoke-WebRequest -Uri "https://github.com/kubeovn/ovs/commit/680e77a190ae7df3086bc35bb6150238e97f9020.patch" -OutFile ..\ovs-03.patch | |
git apply ..\ovs-01.patch | |
git apply ..\ovs-02.patch | |
git apply ..\ovs-03.patch | |
- name: Apply OVN patches | |
working-directory: ovn | |
run: | | |
# change hash type from dp_hash to hash with field src_ip | |
Invoke-WebRequest -Uri "https://github.com/kubeovn/ovn/commit/75876f75203bbf06a8f5ffb5628eca98bef03407.patch" -OutFile ..\ovn-01.patch | |
# add support for windows | |
Invoke-WebRequest -Uri "https://github.com/kubeovn/ovn/commit/e27cd770e5f5bffb884483546564ce6f286545c2.patch" -OutFile ..\ovn-02.patch | |
# set br-int controller to TCP 127.0.0.1:6653 | |
Invoke-WebRequest -Uri "https://github.com/kubeovn/ovn/commit/24dcd9485ebb0f6c962250684fae512850cd9210.patch" -OutFile ..\ovn-03.patch | |
# ovn-controller: do not send GARP on localnet for Kube-OVN ports | |
Invoke-WebRequest -Uri "https://github.com/kubeovn/ovn/commit/30ff0ba51745f5ea1b38ed63e8cd8e0479d0f916.patch" -OutFile ..\ovn-04.patch | |
git apply ..\ovn-01.patch | |
git apply ..\ovn-02.patch | |
git apply ..\ovn-03.patch | |
git apply ..\ovn-04.patch | |
- name: Build PTHREADS4W | |
working-directory: pthreads4w\code | |
shell: cmd | |
run: | | |
call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvars64.bat" | |
nmake all install | |
- name: Build OVS and OVN | |
shell: cmd | |
env: | |
MSYS2_PATH_TYPE: inherit | |
run: | | |
SETLOCAL ENABLEDELAYEDEXPANSION | |
SET _p4w_dir=%CD:\=/%/pthreads4w/PTHREADS-BUILT | |
FOR /F "tokens=* USEBACKQ" %%F IN (`C:\msys64\usr\bin\cygpath.exe -u "%CD%\ovs"`) DO ( | |
SET _ovs_dir=%%F | |
) | |
FOR /F "tokens=* USEBACKQ" %%F IN (`C:\msys64\usr\bin\cygpath.exe -u "%CD%\ovn"`) DO ( | |
SET _ovn_dir=%%F | |
) | |
CALL "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvars64.bat" | |
SET _vs_path= | |
FOR %%d IN ("%PATH:;=";"%") DO ( | |
echo %%~d | findstr /C:"C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise" > nul && set _vs_path=!_vs_path!;%%~d | |
) | |
SET PATH="%_vs_path%;%PATH%" | |
C:\msys64\usr\bin\bash.exe -lc "pacman -S --noconfirm python-pip libtool autoconf automake-wrapper" | |
C:\msys64\usr\bin\bash.exe -lc "python3 -m pip install pypiwin32" | |
C:\msys64\usr\bin\bash.exe -lc "rm -f `which link`" | |
C:\msys64\usr\bin\bash.exe -lc "cd '%_ovs_dir%' && ./boot.sh" | |
C:\msys64\usr\bin\bash.exe -lc "cd '%_ovs_dir%' && ./configure CC=./build-aux/cccl LD='`which link`' LIBS='-lws2_32 -lShlwapi -liphlpapi -lwbemuuid -lole32 -loleaut32' --prefix='C:/openvswitch/usr' --localstatedir='C:/openvswitch/var' --sysconfdir='C:/openvswitch/etc' --with-pthread='%_p4w_dir%' --disable-ssl" | |
C:\msys64\usr\bin\bash.exe -lc "cd '%_ovs_dir%' && make -j" | |
C:\msys64\usr\bin\bash.exe -lc "cd '%_ovs_dir%' && make windows_installer" | |
C:\msys64\usr\bin\bash.exe -lc "cd '%_ovn_dir%' && ./boot.sh" | |
C:\msys64\usr\bin\bash.exe -lc "cd '%_ovn_dir%' && ./configure CC=./build-aux/cccl LD='`which link`' LIBS='-lws2_32 -lShlwapi -liphlpapi -lwbemuuid -lole32 -loleaut32' --prefix='C:/ovn/usr' --localstatedir='C:/ovn/var' --sysconfdir='C:/ovn/etc' --with-pthread='%_p4w_dir%' --disable-ssl --with-ovs-source='../ovs'" | |
C:\msys64\usr\bin\bash.exe -lc "cd '%_ovn_dir%' && make -j" | |
C:\msys64\usr\bin\bash.exe -lc "cd '%_ovn_dir%' && make install" | |
- name: Upload OVS | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ovs-win64 | |
path: ovs\windows\ovs-windows-installer\bin\x64\Release\OpenvSwitch.msi | |
- name: Upload OVN | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ovn-win64 | |
path: C:\ovn | |
build-kube-ovn: | |
name: Build Kube-OVN | |
needs: filter | |
runs-on: windows-2019 | |
if: github.event_name == 'release' || github.event_name == 'workflow_dispatch' || needs.filter.outputs.build-kube-ovn == 'true' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION || '' }} | |
go-version-file: go.mod | |
check-latest: true | |
cache: false | |
- name: Export Go full version | |
run: | | |
$goVersion = (go version).Split()[2] | |
$entry = [string]::Format("GO_FULL_VER={0}", $goVersion) | |
Add-Content -Path $env:GITHUB_ENV -Value $entry | |
- name: Go Cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~\AppData\Local\go-build | |
~\go\pkg\mod | |
key: ${{ runner.os }}-${{ env.GO_FULL_VER }}-${{ hashFiles('**/go.sum') }} | |
restore-keys: ${{ runner.os }}-${{ env.GO_FULL_VER }}- | |
- name: Install gosec | |
run: | | |
Invoke-WebRequest https://github.com/securego/gosec/releases/download/v${{ env.GOSEC_VERSION }}/gosec_${{ env.GOSEC_VERSION }}_windows_amd64.tar.gz -OutFile gosec.tar.gz | |
mkdir gosec | |
tar -xzvf gosec.tar.gz -C gosec | |
Copy-Item gosec/gosec.exe -Destination C:\Windows\system32 | |
- name: Build | |
run: | | |
go mod tidy | |
make lint-windows | |
make build-go-windows | |
- name: Upload Binaries | |
uses: actions/upload-artifact@v4 | |
with: | |
name: kube-ovn-bin | |
path: | | |
dist/windows/kube-ovn.exe | |
dist/windows/kube-ovn-daemon.exe | |
package: | |
name: Pack Windows Files | |
needs: | |
- build-ovs-and-ovn | |
- build-kube-ovn | |
runs-on: windows-2019 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download Kube-OVN binaries | |
uses: actions/download-artifact@v4 | |
with: | |
name: kube-ovn-bin | |
path: dist/windows | |
- name: Download OVS | |
uses: actions/download-artifact@v4 | |
with: | |
name: ovs-win64 | |
path: dist/windows | |
- name: Download OVN | |
uses: actions/download-artifact@v4 | |
with: | |
name: ovn-win64 | |
path: dist/windows/ovn | |
- name: Pack files | |
working-directory: dist/windows | |
run: | | |
# ovn | |
New-Item -ItemType directory -Path ovn/etc | |
Copy-Item ovn-controller.conf -Destination ovn/etc | |
Copy-Item start-ovn-controller.ps1 -Destination ovn | |
# kube-ovn | |
New-Item -ItemType directory -Path "kube-ovn/etc", "kube-ovn/bin" | |
Copy-Item 01-kube-ovn.conflist -Destination kube-ovn | |
Copy-Item kube-ovn.conf -Destination kube-ovn/etc | |
Copy-Item start-kube-ovn.ps1 -Destination kube-ovn/bin | |
Copy-Item kube-ovn.exe -Destination kube-ovn/bin | |
Copy-Item kube-ovn-daemon.exe -Destination kube-ovn/bin | |
- name: Upload package | |
uses: actions/upload-artifact@v4 | |
with: | |
name: kube-ovn-win64 | |
path: | | |
dist/windows/OpenvSwitch.msi | |
dist/windows/ovn | |
dist/windows/kube-ovn | |
dist/windows/install.ps1 |