Project Compatibility Suite
June 27, 2026 ยท View on GitHub
The suite command is the reusable path for projects that ship more than one eBPF artifact.
It runs a list of artifacts against one or more VM-backed matrices, preserves the normal per-artifact JSON/Markdown reports, and writes one suite-level summary for CI and release artifacts.
Example
make validator-static
make examples
./bin/bpfcompat suite \
--suite suites/dev-functional.yaml \
--out reports/suites/dev-functional/suite.json \
--markdown reports/suites/dev-functional/suite.md
Suite File
Paths in a suite file are resolved relative to the suite file location. This keeps external repositories portable when the GitHub Action runs from its own checked-out action directory.
name: my-bpf-suite
defaults:
matrix: ../matrices/dev-one.yaml
workdir: ../.bpfcompat
report_dir: ../reports/suites/my-bpf-suite
validation_mode: load_attach
timeout: 8m
concurrency: 1
cases:
- name: exec-tracepoint
artifact: ../build/exec_tracepoint.bpf.o
manifest: ../manifests/exec_tracepoint.yaml
artifact_name: exec_tracepoint
- name: network-xdp
artifact: ../build/network_xdp.bpf.o
manifest: ../manifests/network_xdp.yaml
artifact_name: network_xdp
validation_mode: load_only
- name: exec-behavior
artifact: ../build/exec_tracepoint.bpf.o
manifest: ../manifests/exec_tracepoint.yaml
artifact_name: exec_tracepoint
validation_mode: behavior
test:
mode: behavior
command: ./scripts/smoke-exec.sh
timeout: 30s
expect:
exit_code: 0
stdout_contains: saw-execve
Each case supports the same core inputs as bpfcompat test:
artifactartifact_uriartifact_nameartifact_versionartifact_variantmatrixmanifestoutmarkdownworkdirrunnervalidation_modetimeoutconcurrencykeep_vm_on_failure
validation_mode controls what each case proves:
load_only: run libbpf load/verifier checks and skip attach and behavior commands. This is useful for fast kernel compatibility screening.load_attach: run load plus attach checks. This is the default suite/web gate behavior for most artifacts.behavior: run load, attach, and functional commands while the BPF links are alive. This is the closest match for Falco-style event/smoke assertions.
Behavior commands can be declared in a manifest using functional_tests, or
inline in the suite with a test block. The inline block is converted into a
generated manifest before the runner starts:
cases:
- name: exec-behavior
artifact: ../build/exec_tracepoint.bpf.o
manifest: ../manifests/exec_tracepoint.yaml
test:
mode: behavior
command: ./scripts/smoke-exec.sh
expect:
exit_code: 0
stdout_contains: saw-execve
Suite JSON includes per-case target verdicts, and suite Markdown includes both the case summary and a collection matrix. The matrix is intentionally high-level: it shows which artifact case passed or failed on each target first, then links to the per-artifact reports for verifier logs, BTF/CO-RE state, attach evidence, and behavior-test output.
GitHub Action
Single-artifact mode remains supported. Suite mode is enabled by setting
suite:
- uses: Kernel-Guard/bpfcompat@v0.2.0
with:
suite: suites/dev-functional.yaml
suite-out: reports/bpfcompat-suite.json
suite-markdown: reports/bpfcompat-suite.md
timeout: 8m
concurrency: "1"
The action writes the suite Markdown to the GitHub job summary and preserves the per-artifact report files declared by the suite.
Why This Exists
This matches the integration shape requested by real eBPF maintainers:
- choose a VM/kernel matrix,
- provide a list of BPF artifacts,
- provide manifests that describe attach and functional test steps,
- fail CI on compatibility regressions,
- keep a detailed report artifact for debugging.
Adapter Template
For an external project starting from scratch, copy the template under:
adapters/generic-ebpf-suite/
It includes:
- a suite file with multiple artifact cases,
- a manifest with a functional event assertion,
- a GitHub Actions workflow for a self-hosted Linux/KVM runner.
This is the recommended integration shape for projects that do not already have Falco-style kernel-testing infrastructure.