This repository automatically runs Falco scap-open binary on all supported drivers through Ansible, spawning Firecracker microVMs to test Falco drivers against multiple kernels.
You can find list of machines being used here.

• Install Ansible
• Install Ignite from therealbobo fork (use main branch): https://github.com/therealbobo/ignite; just issue make and then sudo make install to install everything needed under /usr/local/.
• Install ignite CNI plugins by following this guide: https://ignite.readthedocs.io/en/stable/installation/#cni-plugins:

export CNI_VERSION=v0.9.1
export ARCH=$([ $(uname -m) = "x86_64" ] && echo amd64 || echo arm64)
sudo mkdir -p /opt/cni/bin
curl -sSL https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz | sudo tar -xz -C /opt/cni/bin

It is advised to avoid directly modifying vars.yml file;
instead one can create a local vars.yml file to override keys from the default vars.

The only mandatory thing to be configured is an ssh key pair:

#Path to the generated SSH private key file
ssh_key_path: "" # <-- Replace here with the key path
ssh_key_name: "" # <-- Replace here with the key name

From the ansible-playbooks directory you can run tests on all machines by typing:

ansible-playbook main-playbook.yml --ask-become --extra-vars "@/path/to/local/vars.yaml"

To rerun tests:

ansible-playbook scap-open.yml --ask-become --extra-vars "@/path/to/local/vars.yaml"

To cleanup all machines

ansible-playbook clean-up.yml --ask-become --extra-vars "@/path/to/local/vars.yaml"

To better suit the CI usage, a Github composite action has been developed.
Therefore, running kernel-testing in your Github workflow is as easy as adding this step:

- uses: falcosecurity/kernel-testing@main
  # Give it an id to be able to later use its outputs
  id: kernel_tests
  with:
    # libs version to be tested, eg: master.
    # Default: 'master'
    libsversion: master
    
    # libs repo to be tested, eg: falcosecurity/libs.
    # Default: 'falcosecurity/libs'
    libsrepo: falcosecurity/libs
    
    # Whether to generate matrixes as matrix artifact.
    # Default: false
    build_matrix: 'true'

Then you can use action outputs to retrieve artifacts:

- uses: actions/upload-artifact@latest
  with:
    name: ansible_output
    path: ${{ steps.kernel_tests.outputs.ansible_output }}
        
- uses: actions/upload-artifact@latest
  with:
    name: matrix
    path: ${{ steps.kernel_tests.outputs.matrix_output }}

As an example, see libs reusable workflow.

NOTE: Since we don't use annotated tags, one cannot use eg: falcosecurity/kernel-testing@v0, but only either exact tag name or master.

NOTE: Of course, you'll need to run your tests on virtualization-enabled nodes.