Merge pull request #2159 from containers/dependabot/cargo/unicode-wid… #5440
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
pull_request: {} | |
push: | |
tags: | |
- "*" | |
branches: | |
- main | |
env: | |
CARGO_TERM_COLOR: always | |
GO_VERSION: '1.22' | |
ACTION_MSRV_TOOLCHAIN: 1.66.1 | |
NIX_VERSION: '2.21.0' | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/registry | |
~/.cargo/git | |
target | |
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
- run: .github/install-deps | |
- name: Select Toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN'] }} | |
default: true | |
override: true | |
components: rustfmt | |
- run: cargo build && git diff --exit-code | |
dependencies: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- run: make verify-dependencies | |
go-lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- uses: actions/checkout@v4 | |
- uses: golangci/golangci-lint-action@v5 | |
with: | |
version: v1.56.2 | |
only-new-issues: true | |
get-script: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: sigstore/cosign-installer@v3 | |
- run: scripts/get | |
release-static: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
env: | |
COSIGN_EXPERIMENTAL: 1 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/registry | |
~/.cargo/git | |
target | |
key: ${{ runner.os }}-cargo-release-static-${{ hashFiles('**/Cargo.lock') }} | |
- run: .github/install-deps | |
- name: Select Toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
# Ubuntu 22.04 glibc static is not compatible with rustc 1.58.1 (see | |
# ACTION_MSRV_TOOLCHAIN). Means we now just use the latest one, since | |
# the static builds are made for the community. | |
toolchain: stable | |
default: true | |
override: true | |
components: rustfmt | |
- run: make release-static | |
- run: | | |
mkdir ${{ github.sha }} | |
mv target/x86_64-unknown-linux-gnu/release/conmonrs ${{ github.sha }} | |
- run: ./${{ github.sha }}/conmonrs -v | |
- uses: sigstore/cosign-installer@v3 | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
- name: Sign binary | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
run: | | |
cd ${{ github.sha }} | |
cosign sign-blob -y conmonrs \ | |
--output-signature conmonrs.sig \ | |
--output-certificate conmonrs.cert | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: conmonrs | |
path: ${{ github.sha }}/* | |
- uses: google-github-actions/auth@v2 | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
with: | |
credentials_json: ${{ secrets.GCS_CRIO_SA }} | |
- uses: google-github-actions/upload-cloud-storage@v2 | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
with: | |
path: ${{ github.sha }} | |
destination: cri-o/conmon-rs | |
create-marker: | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
needs: | |
- release-static | |
- build-static | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- run: .github/create-marker | |
- uses: google-github-actions/auth@v2 | |
with: | |
credentials_json: ${{ secrets.GCS_CRIO_SA }} | |
- uses: google-github-actions/upload-cloud-storage@v2 | |
with: | |
path: . | |
glob: latest-*.txt | |
destination: cri-o/conmon-rs | |
build-static: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
env: | |
COSIGN_EXPERIMENTAL: 1 | |
strategy: | |
matrix: | |
arch: [amd64, arm64, ppc64le, s390x] | |
name: build-static-${{ matrix.arch }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v26 | |
with: | |
install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install | |
- uses: cachix/cachix-action@v14 | |
with: | |
name: conmon-rs | |
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
pushFilter: "(conmon-rs|cargo-vendor)" | |
- run: nix-build nix/default-${{ matrix.arch }}.nix | |
- run: file result/bin/conmonrs | grep static | grep stripped | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: build-static-${{ matrix.arch }} | |
path: | | |
result/bin/conmonrs | |
- run: | | |
mkdir ${{ github.sha }} | |
cp result/bin/conmonrs ${{ github.sha }}/conmonrs.${{ matrix.arch }} | |
- uses: sigstore/cosign-installer@v3 | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
- name: Sign binary | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
run: | | |
cd ${{ github.sha }} | |
cosign sign-blob -y conmonrs.${{ matrix.arch }} \ | |
--output-signature conmonrs.${{ matrix.arch }}.sig \ | |
--output-certificate conmonrs.${{ matrix.arch }}.cert | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: conmonrs-${{ matrix.arch }} | |
path: ${{ github.sha }}/* | |
- uses: google-github-actions/auth@v2 | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
with: | |
credentials_json: ${{ secrets.GCS_CRIO_SA }} | |
- uses: google-github-actions/upload-cloud-storage@v2 | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
with: | |
path: ${{ github.sha }} | |
destination: cri-o/conmon-rs | |
doc: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/registry | |
~/.cargo/git | |
target | |
key: ${{ runner.os }}-cargo-doc-${{ hashFiles('**/Cargo.lock') }} | |
- run: .github/install-deps | |
- name: Select Toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN'] }} | |
default: true | |
override: true | |
components: rustfmt | |
- name: Cargo doc | |
run: cargo doc --no-deps | |
lint-clippy: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/registry | |
~/.cargo/git | |
target | |
key: ${{ runner.os }}-cargo-clippy-${{ hashFiles('**/Cargo.lock') }} | |
- run: .github/install-deps | |
- name: Select Toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: nightly | |
default: true | |
override: true | |
components: clippy, rustfmt | |
- name: Clippy Lint | |
run: cargo +nightly clippy --all-targets --all-features -- -D warnings | |
lint-rustfmt: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Select Toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN'] }} | |
default: true | |
override: true | |
components: rustfmt | |
- name: Rustfmt | |
run: cargo fmt && git diff --exit-code | |
test-unit: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- run: .github/install-deps | |
- name: Select Nightly Toolchain | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: nightly | |
override: true | |
- name: Install rustfmt | |
shell: bash | |
run: rustup component add rustfmt | |
- name: Unit tests | |
uses: actions-rs/cargo@v1 | |
with: | |
command: test | |
args: --no-fail-fast | |
env: | |
CARGO_INCREMENTAL: '0' | |
RUSTFLAGS: '-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Zpanic_abort_tests' | |
RUSTDOCFLAGS: '-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Zpanic_abort_tests' | |
- name: Coverage | |
uses: actions-rs/[email protected] | |
with: | |
config: .github/grcov.yml | |
- name: Upload Results | |
uses: codecov/codecov-action@v4 | |
test-integration: | |
needs: release-static | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Rust and Golang Cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/registry | |
~/.cargo/git | |
target | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: ${{ runner.os }}-cargo-test-integration-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('**/go.sum') }} | |
- name: Setup Testfiles Cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
/tmp/conmon-test-images | |
key: ${{ runner.os }}-cargo-test-files-${{ hashFiles('pkg/client/files_test.go') }} | |
- run: rm -rf target/x86_64-unknown-linux-gnu/release/conmonrs | |
- uses: actions/download-artifact@v4 | |
with: | |
name: conmonrs | |
path: target/x86_64-unknown-linux-gnu/release | |
- run: chmod +x target/x86_64-unknown-linux-gnu/release/conmonrs | |
- run: .github/install-deps | |
- name: create symlink | |
run: sudo ln -f -s $(go env GOROOT)/bin/* /usr/bin/ | |
- name: Integration tests | |
run: RUNTIME_PATH="/usr/sbin/runc" make integration-static | |
- name: Chown cache | |
run: | | |
sudo chown -R $(id -u):$(id -g) ~/go/pkg/mod | |
sudo chown -R $(id -u):$(id -g) ~/.cache/go-build | |
test-critest: | |
needs: release-static | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: conmonrs | |
path: target/x86_64-unknown-linux-musl/release | |
- run: sudo cp target/x86_64-unknown-linux-musl/release/conmonrs /usr/local/bin | |
- run: sudo chmod +x /usr/local/bin/conmonrs | |
- run: .github/setup | |
- name: Run critest | |
run: sudo critest | |
typos: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: crate-ci/[email protected] | |
with: | |
config: .github/typos.toml |