From 80eaa4aa64cd2b99b1a3b9cabf88354cfecc17fc Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Mon, 25 Sep 2023 13:49:04 +0200 Subject: [PATCH] cirrus/ci: Add ubuntu22_spicy_task and ubuntu22_spicy_head_task These tasks are meant to run nightly on the master branch. Currently, the external dns, http and dhcp Spicy analyzers are installed via zkg post building. The build artifact is uploaded to Cirrus and the benchmarker API triggered. For the spicy_head task, the auxil/spicy submodule is pulled to the latest commit. This also provides a bit of a nightly integration test. --- .cirrus.yml | 42 +++++++++++++++++++++++++++++++++++ ci/spicy-install-analyzers.sh | 31 ++++++++++++++++++++++++++ ci/ubuntu-22.04/Dockerfile | 2 ++ 3 files changed, 75 insertions(+) create mode 100755 ci/spicy-install-analyzers.sh diff --git a/.cirrus.yml b/.cirrus.yml index 5419d0afbf..219705ffb2 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -74,6 +74,17 @@ skip_task_on_pr: &SKIP_TASK_ON_PR skip: > ($CIRRUS_PR != '' && $CIRRUS_PR_LABELS !=~ '.*fullci.*') + +benchmark_only_if_template: &BENCHMARK_ONLY_IF_TEMPLATE + # only_if condition for cron-triggered benchmarking tests. + # These currently do not run for release/.* + only_if: > + ( $CIRRUS_REPO_NAME == 'zeek' || $CIRRUS_REPO_NAME == 'zeek-security' ) && + ( $CIRRUS_CRON == 'benchmark-nightly' || + $CIRRUS_PR_LABELS =~ '.*fullci.*' || + $CIRRUS_PR_LABELS =~ '.*benchmark.*' || + $CIRRUS_BRANCH =~ 'topic/awelzel/ubuntu22-spicy-task' ) + ci_template: &CI_TEMPLATE << : *BUILDS_ONLY_IF_TEMPLATE @@ -288,6 +299,37 @@ ubuntu22_task: path: build.tgz benchmark_script: ./ci/benchmark.sh +ubuntu22_spicy_task: + container: + # Ubuntu 22.04 EOL: April 2027 + dockerfile: ci/ubuntu-22.04/Dockerfile + << : *RESOURCES_TEMPLATE + << : *CI_TEMPLATE + env: + ZEEK_CI_CREATE_ARTIFACT: 1 + test_script: true # Don't run tests, these are redundant. + spicy_install_analyzers_script: ./ci/spicy-install-analyzers.sh + upload_binary_artifacts: + path: build.tgz + benchmark_script: ./ci/benchmark.sh + << : *BENCHMARK_ONLY_IF_TEMPLATE + +ubuntu22_spicy_head_task: + container: + # Ubuntu 22.04 EOL: April 2027 + dockerfile: ci/ubuntu-22.04/Dockerfile + << : *RESOURCES_TEMPLATE + << : *CI_TEMPLATE + env: + ZEEK_CI_CREATE_ARTIFACT: 1 + # Pull auxil/spicy to the latest head version. May or may not build. + ZEEK_CI_PREBUILD_COMMAND: 'cd auxil/spicy && git fetch && git reset --hard origin/main && git submodule update --init --recursive' + spicy_install_analyzers_script: ./ci/spicy-install-analyzers.sh + upload_binary_artifacts: + path: build.tgz + benchmark_script: ./ci/benchmark.sh + << : *BENCHMARK_ONLY_IF_TEMPLATE + ubuntu20_task: container: # Ubuntu 20.04 EOL: April 2025 diff --git a/ci/spicy-install-analyzers.sh b/ci/spicy-install-analyzers.sh new file mode 100755 index 0000000000..647063fac5 --- /dev/null +++ b/ci/spicy-install-analyzers.sh @@ -0,0 +1,31 @@ +#! /usr/bin/env bash +# +# Shell script to install the latest version of certain +# Spicy analyzers using zkg *and* repackages build.tgz. +# This script should run after build.sh, but before the +# artifact upload happens. +set -eux + +test -d ${CIRRUS_WORKING_DIR}/install + +# Install prefix +PREFIX=${CIRRUS_WORKING_DIR}/install + +export PATH=$PREFIX/bin:$PATH + +zkg --version + +ANALYZERS=" +https://github.com/zeek/spicy-dhcp +https://github.com/zeek/spicy-dns +https://github.com/zeek/spicy-http +" + +for analyzer in $ANALYZERS; do + echo Y | zkg -vvvvv install "${analyzer}" +done + +# After installing analyzers, package up build.tgz (representing +# the contents of the installation directory). This overwrites any +# existing artifact created by build.sh +tar -czf ${CIRRUS_WORKING_DIR}/build.tgz ${CIRRUS_WORKING_DIR}/install diff --git a/ci/ubuntu-22.04/Dockerfile b/ci/ubuntu-22.04/Dockerfile index 10a8b88502..fd3659c00b 100644 --- a/ci/ubuntu-22.04/Dockerfile +++ b/ci/ubuntu-22.04/Dockerfile @@ -25,7 +25,9 @@ RUN apt-get update && apt-get -y install \ make \ python3 \ python3-dev \ + python3-git \ python3-pip\ + python3-semantic-version \ ruby \ sqlite3 \ swig \