Testing Strategy and CI/CD
Relevant source files
The following files were used as context for generating this wiki page:
- .github/workflows/android_e2e.yml
- .github/workflows/codeql-analysis.yml
- .github/workflows/e2e.yml
- .github/workflows/pr_build_debug.yml
- .github/workflows/pr_build_debug_comment.yml
- docs/e2e-tests.md
- pkg/event_processor/base_event.go
- pkg/event_processor/processor_test.go
- pkg/event_processor/testdata/all.json
- test/e2e/android/android_gotls_e2e_test.sh
- test/e2e/android/common_android.sh
- test/e2e/android/setup_android_env.sh
- test/e2e/bash_advanced_test.sh
- test/e2e/common.sh
- test/e2e/ecaptureq_e2e_test.sh
- test/e2e/edge_cases_test.sh
- test/e2e/gnutls_e2e_test.sh
- test/e2e/go_https_client.go
- test/e2e/gotls_advanced_test.sh
- test/e2e/gotls_e2e_test.sh
- test/e2e/run_e2e.sh
- test/e2e/tls_e2e_test.sh
- test/e2e/tls_keylog_advanced_test.sh
- test/e2e/tls_pcap_advanced_test.sh
- test/e2e/tls_text_advanced_test.sh
The eCapture project employs a multi-layered testing strategy to ensure the reliability of eBPF-based capture across diverse Linux kernels and architectures. This strategy spans from local Go unit tests for userspace logic to comprehensive End-to-End (E2E) tests running on real hardware/virtualized kernels, integrated into a robust GitHub Actions CI/CD pipeline.
1. Testing Layers
1.1 Go Unit Tests
Unit tests focus on the userspace control plane and event processing logic. These tests do not require root privileges or eBPF capabilities as they use mocked data or recorded event streams.
- Event Processor: Validates the scheduling loop, UUID-based affinity, and event reconstruction. The
TestEventProcessor_Servefunction uses JSON-serialized events and binary payloads to simulate kernel-to-userspace data flow pkg/event_processor/processor_test.go:31-114. - Protocol Parsers: Tests the
IParserimplementations (HTTP/1.1, HTTP/2) against known byte streams to ensure correct plaintext extraction pkg/event_processor/processor_test.go:97-101. - Truncation Logic: Ensures that large payloads are correctly handled according to configuration limits pkg/event_processor/processor_test.go:116-196.
1.2 End-to-End (E2E) Tests
E2E tests are the core of eCapture's validation. They run on real Linux environments and execute actual captures against target applications.
- TLS/OpenSSL: Uses
curlto generate traffic and verifies that eCapture extracts the expected plaintext (e.g., "GitHub" from an API response) test/e2e/tls_e2e_test.sh:59-145. - GnuTLS: Verifies hooks on
libgnutlsby using compatible versions ofwgetorcurltest/e2e/gnutls_e2e_test.sh:125-220. - GoTLS: Employs a custom Go HTTPS client to test the
gotlsprobe, verifying support for Go's internal ABI test/e2e/gotls_e2e_test.sh:118-213. - eCaptureQ: Tests the WebSocket streaming mechanism by running
ecaptureq_clientalongside the main probe .github/workflows/e2e.yml:95-101.
1.3 Security and Quality Scans
- CodeQL: Automated static analysis for Go and C (eBPF) code to detect security vulnerabilities and logic errors .github/workflows/codeql-analysis.yml:24-35.
- Codecov: Tracks test coverage to identify untested paths in the userspace logic .github/workflows/codeql-analysis.yml:90-93.
2. CI/CD Architecture
The CI/CD system is built on GitHub Actions, automating the build, test, and release cycles for multiple architectures (x86_64 and arm64).
Build and Test Pipeline Data Flow
This diagram illustrates the flow from a Pull Request to a verified build artifact.
Diagram: PR Validation and E2E Pipeline
Sources: .github/workflows/e2e.yml:1-22, .github/workflows/pr_build_debug.yml:1-22, .github/workflows/codeql-analysis.yml:12-35
Multi-Arch Build Strategy
eCapture uses a matrix strategy to build for both Linux and Android across different CPU architectures.
| Target OS | Architecture | Toolchain | Artifact Type |
|---|---|---|---|
| Linux | amd64 | Clang-14 / GCC | Binary / RPM / DEB |
| Linux | arm64 | aarch64-linux-gnu-gcc | Binary / RPM / DEB |
| Android | arm64 | Android NDK | Binary |
Sources: .github/workflows/pr_build_debug.yml:19-22, .github/workflows/pr_build_debug.yml:33-60
3. Implementation Details
3.1 E2E Test Framework
The E2E tests are orchestrated via Bash scripts that manage the lifecycle of the eCapture process and the target client.
- Setup: Checks for root privileges and kernel version compatibility test/e2e/common.sh:32-59.
- Execution: Launches eCapture in the background, waits for initialization, then triggers the network event test/e2e/tls_e2e_test.sh:66-83.
- Verification: Uses
grepto verify plaintext patterns and checks for "Failed to decode event" errors to catch struct alignment regressions test/e2e/tls_e2e_test.sh:101-110. - Cleanup: A trap-based
cleanup_handlerensures that eCapture processes are killed and temporary logs are handled test/e2e/tls_e2e_test.sh:29-48.
3.2 Automated Release Pipeline
When a tag is pushed, the builder/Makefile.release is invoked to create production-ready binaries.
- Environment Prep: Installs
llvm,clang, andlinux-source.github/workflows/pr_build_debug.yml:33-47. - Compilation: Runs
make releasewhich compiles both CO-RE and non-CO-RE versions .github/workflows/pr_build_debug.yml:67-75. - Packaging: Bundles binaries into
.tar.gzand generates checksums.
Diagram: Event Processor Unit Test Data Flow
Sources: pkg/event_processor/processor_test.go:44-77, pkg/event_processor/base_event.go:76-87
4. Key Testing Files
| File Path | Purpose |
|---|---|
.github/workflows/e2e.yml | Main GitHub Actions workflow for E2E testing. |
test/e2e/common.sh | Utility functions for shell-based E2E tests. |
pkg/event_processor/processor_test.go | Unit tests for the userspace event pipeline. |
.github/workflows/pr_build_debug.yml | Cross-platform build verification for PRs. |
test/e2e/tls_text_advanced_test.sh | Advanced scenarios (HTTP/2, PID/UID filtering). |
Sources: .github/workflows/e2e.yml:1-22, test/e2e/common.sh:1-12, pkg/event_processor/processor_test.go:1-30, test/e2e/tls_text_advanced_test.sh:1-15