Initial public release of retina

Signed-off-by: Vamsi Kalapala <[email protected]>
Co-authored-by: Qingchuan Hao <[email protected]>
Co-authored-by: Camryn Lee <[email protected]>
Co-authored-by: Steven Nguyen <[email protected]>
Co-authored-by: Jacques I Massa <[email protected]>
Co-authored-by: Anubhab Majumdar <[email protected]>
Co-authored-by: Mathew Merrick <[email protected]>
Co-authored-by: Tamilmana Manoharan <[email protected]>
Co-authored-by: Quang Nguyen <[email protected]>
Co-authored-by: Hunter Gregory <[email protected]>
Co-authored-by: Anson Qian <[email protected]>
Co-authored-by: Evan Baker <[email protected]>
Co-authored-by: Isaiah Raya <[email protected]>
Co-authored-by: Tatsinnit <[email protected]>
Co-authored-by: Pengfei Ni <[email protected]>
Co-authored-by: David Schott <[email protected]>
Co-authored-by: Jaeryn <[email protected]>
Co-authored-by: Spencer McKee <[email protected]>
Co-authored-by: Khushbu-Parekh <[email protected]>
Co-authored-by: Prabhakaran S <[email protected]>
Co-authored-by: Will Daly <[email protected]>
Co-authored-by: Tim Raymond <[email protected]>
Co-authored-by: Neha Aggarwal <[email protected]>

.github/.markdownlint.json

@@ -0,0 +1,7 @@
+{
+    "MD013": false,
+    "MD010": false,
+    "MD024": {
+        "siblings_only": true
+    }
+}

.github/CODEOWNERS

@@ -0,0 +1 @@
+*   @microsoft/retina

.github/dependabot.yaml

@@ -0,0 +1,33 @@
+version: 2
+updates:
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    reviewers:
+      - "microsoft/retina"
+    commit-message:
+      prefix: "ci"
+    labels: [ "ci", "dependencies" ]
+    open-pull-requests-limit: 10
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    reviewers:
+      - "microsoft/retina"
+    commit-message:
+      prefix: "ci"
+    labels: [ "ci", "dependencies" ]
+    open-pull-requests-limit: 10
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    reviewers:
+      - "microsoft/retina"
+    commit-message:
+      prefix: "deps"
+    ignore:
+      - dependency-name: "github.com/inspektor-gadget/inspektor-gadget"
+    open-pull-requests-limit: 10

.github/workflows/codeql.yaml

@@ -0,0 +1,39 @@
+name: "CodeQL"
+on:
+  workflow_dispatch:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+jobs:
+  analyze:
+    name: Analyze
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+        language: [go]
+        go-version: ["1.21"]
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+    - name: Setup go
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ matrix.go-version }}
+    - name: Checkout repository
+      uses: actions/checkout@v4
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/commit-message.yaml

@@ -0,0 +1,45 @@
+name: commit-message
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+    types:
+      - opened
+      - synchronize
+      - edited
+      - reopened
+jobs:
+  commit-message:
+    runs-on: ubuntu-20.04
+    steps:
+    - name: verify_commit_message
+      run: |
+        if [[ "${{ github.event_name }}" == pull_request ]]; then
+          commit_msg_header="${{ github.event.pull_request.title }}"
+        else
+          # get first line of commit message
+          commit_msg_header=`echo "${{ github.event.head_commit.message }}" | head -n 1`
+        fi
+
+        commit_msg_type_regex='feat|fix|refactor|style|test|docs|build|tool|chore|deps'
+        commit_msg_scope_regex='.{1,20}'
+        commit_msg_subject_regex='.{1,150}'
+        commit_msg_regex="^(${commit_msg_type_regex})(\(${commit_msg_scope_regex}\))?: (${commit_msg_subject_regex})\$"
+        merge_msg_regex="^Merge branch '.+' into .+\$"
+        full_regex="(${commit_msg_regex})|(${merge_msg_regex})"
+
+        echo $commit_msg_header | grep -qP "$full_regex" || {
+          echo "ERROR: Invalid commit message header. Please fix format of your PR title or the commit pushed to main."
+          echo "Current value:"
+          echo "$commit_msg_header"
+          echo
+          echo "Examples of valid commits:"
+          echo 'example 1: "feat(cli): new feature"'
+          echo 'example 2: "fix(advanced-metrics): bug fix"'
+          echo 'example 3: "docs: update readme"'
+          echo
+          echo "Valid types are: $commit_msg_type_regex"
+          echo "For more details, see .github/workflows/commit-message.yaml"
+          exit 1
+        }

.github/workflows/docs.yaml

@@ -0,0 +1,38 @@
+# Simple workflow for deploying static content to GitHub Pages
+name: Build and Deploy Retina.sh
+on:
+  push:
+    branches: ["docs", "main", "ghpages"]
+  workflow_dispatch:
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+jobs:
+  deploy:
+    environment:
+      name: retina.sh 
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Pages
+        uses: actions/configure-pages@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 20
+      - name: build
+        run: |
+          npm install --prefix site/
+          npm run build --prefix site/
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v1
+        with:
+          path: "./site/build"
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v1

.github/workflows/golangci-lint.yaml

@@ -0,0 +1,30 @@
+name: golangci-lint
+on:
+  workflow_dispatch:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+jobs:
+  golangci:
+    strategy:
+      fail-fast: false
+      matrix:
+        go-version: ['1.21.x']
+        os: [ubuntu-latest, windows-latest]
+    name: Lint
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/setup-go@v5
+      with:
+        go-version: ${{ matrix.go-version }}
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: golangci-lint
+      uses: golangci/golangci-lint-action@v4
+      with:
+        version: v1.55
+        args: --concurrency 4 --verbose --new-from-rev=origin/master --config=.golangci.yml --timeout=25m 
+        only-new-issues: true
+        skip-cache: true

.github/workflows/images.yaml

@@ -0,0 +1,86 @@
+name: Build and Publish Retina Container Images
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  images:
+    name: Build Images
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        platform: ["linux"]
+        arch: ["amd64", "arm64"]
+        component: ["agent", "operator"]
+
+    # required for AZ login/SP
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ">=1.21.0"
+      - run: go version
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Az CLI login
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Build/Push Images
+        shell: bash
+        run: |
+          set -euo pipefail
+          az acr login -n ${{ secrets.ACR_NAME }}
+          echo "TAG=$(make version)" >> $GITHUB_ENV
+          make build PLATFORMS=${{ matrix.platform }}/${{ matrix.arch }} COMPONENT=${{ matrix.component }}
+
+
+  manifests:
+    name: Generate Manifests
+    runs-on: ubuntu-latest
+    needs: images
+
+    strategy:
+      matrix:
+        component: ["agent", "operator"]
+
+    # required for AZ login/SP
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Az CLI login
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Generate Manifests
+        shell: bash
+        run: |
+          set -euo pipefail
+          az acr login -n ${{ secrets.ACR_NAME }}
+          make manifest COMPONENT=${{ matrix.component }}

.github/workflows/integration.yaml

@@ -0,0 +1,74 @@
+name: Integration Tests For Retina
+on:
+  workflow_dispatch:
+jobs:
+  integ-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Free up disk space
+        run: |
+          # https://github.com/actions/runner-images/issues/2840#issuecomment-790492173
+          # du -sh /*        2> /dev/null | sort -rh  2> /dev/null | head
+          # du -h -d2 /usr   2> /dev/null | sort -rh  2> /dev/null | head
+          echo "Check free disk space before cleanup."
+          df -h
+          echo "Removing non-essential tools and libraries."
+          sudo rm -rf "$AGENT_TOOLSDIRECTORY"
+          sudo rm -rf /opt/ghc
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf /usr/local/share/boost
+          # delete libraries for Android (12G), PowerShell (1.3G), Swift (1.7G)
+          sudo rm -rf /usr/local/lib/android
+          sudo rm -rf /usr/local/share/powershell
+          sudo rm -rf /usr/share/swift
+          echo "Check free disk space after cleanup."
+          df -h
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - uses: actions/setup-go@v2
+        with:
+          go-version: "^1.18"
+
+      - name: Make retina image
+        run: |
+          export CONTAINER_BUILDER=docker
+          export CONTAINER_RUNTIME=docker
+          make all-images-local
+          make install-kubectl-retina
+          make base-images-remove
+          curl -LO https://github.com/kvaps/kubectl-node-shell/raw/master/kubectl-node_shell
+          chmod +x ./kubectl-node_shell
+          sudo mv ./kubectl-node_shell /usr/local/bin/kubectl-node_shell
+          docker system prune -f
+
+      - name: Deploy Kind
+        run: make kind-setup
+
+      - name: Install retina
+        run: make kind-install
+
+      - name: Run tests
+        run: make retina-integration
+
+      - name: Export Kubernetes logs
+        if: failure()
+        run: make retina-export-logs
+
+      - name: Archive Kubernetes logs
+        if: failure()
+        uses: actions/upload-artifact@v3
+        with:
+          name: kubernetes-node-logs
+          path: kubernetes-logs
+
+      - name: Archive iptable and ipset
+        if: failure()
+        uses: actions/upload-artifact@v3
+        with:
+          name: iptable-ipset-snapshot
+          path: ./test/integration/plugin-simulations/npm-iptables
+      - name: Cleanup
+        if: always()
+        run: make kind-clean

.github/workflows/markdownlint.yaml

@@ -0,0 +1,19 @@
+name: Markdown Lint
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+jobs:
+  markdownlint:
+    name: markdownlint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - uses: DavidAnson/markdownlint-cli2-action@v9
+        with:
+          command: config
+          globs: |
+            .github/.markdownlint.json
+            **/*.md