Merge pull request #8621 from cri-o/nixpkgs #2093
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: test | |
on: | |
workflow_dispatch: | |
push: | |
tags: | |
- v* | |
branches: | |
- main | |
- release-* | |
- nixpkgs | |
pull_request: | |
env: | |
GO_VERSION: "1.23" | |
NIX_VERSION: "2.24.3" | |
permissions: | |
contents: read | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- run: scripts/github-actions-packages | |
- run: make | |
- run: bin/crio version | |
- run: make bin/crio.cross.linux.amd64 | |
- run: bin/crio.cross.linux.amd64 version | |
- uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 | |
with: | |
name: build | |
path: | | |
bin/crio | |
- uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 | |
with: | |
name: docs | |
path: | | |
docs/crio.8 | |
docs/crio.conf.5 | |
docs/crio.conf.d.5 | |
- uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 | |
with: | |
name: config | |
path: crio.conf | |
build-freebsd: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- run: scripts/github-actions-packages | |
- run: make bin/crio.cross.freebsd.amd64 | |
validate-docs: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: build | |
path: bin | |
- run: chmod -R +x bin | |
- run: | | |
sudo -E make docs-generation | |
hack/tree_status.sh | |
validate-completions: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: build | |
path: bin | |
- run: chmod -R +x bin | |
- run: | | |
sudo -E make completions-generation | |
hack/tree_status.sh | |
validate-nri-tests: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: build | |
path: bin | |
- run: | | |
sudo -E make check-nri-bats-tests GOSUMDB= | |
build-static: | |
strategy: | |
fail-fast: false | |
matrix: | |
run: | |
- go-arch: amd64 | |
os-arch: x86-64 | |
- go-arch: arm64 | |
os-arch: aarch64 | |
- go-arch: ppc64le | |
os-arch: PowerPC | |
- go-arch: s390x | |
os-arch: S/390 | |
name: build static / ${{ matrix.run.go-arch }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
- uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v27 | |
with: | |
install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install | |
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15 | |
with: | |
name: cri-o-static | |
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
pushFilter: cri-o | |
- run: nix-build nix/default-${{ matrix.run.go-arch }}.nix | |
- run: file result/bin/crio | grep ${{ matrix.run.os-arch }} | |
- uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 | |
with: | |
name: build-static-${{ matrix.run.go-arch }} | |
path: | | |
result/bin/crio | |
result/bin/pinns | |
static-build-upload: | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags') | |
runs-on: ubuntu-latest | |
needs: | |
- build-static | |
steps: | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: build-static-amd64 | |
path: ${{ github.sha }}/amd64 | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: build-static-arm64 | |
path: ${{ github.sha }}/arm64 | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: build-static-ppc64le | |
path: ${{ github.sha }}/ppc64le | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: build-static-s390x | |
path: ${{ github.sha }}/s390x | |
- uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6 | |
with: | |
credentials_json: ${{ secrets.GCS_CRIO_SA }} | |
- uses: google-github-actions/upload-cloud-storage@e485962f2bef914ac9c3bdd571f821f0ba7946c4 # v2.2.0 | |
with: | |
path: ${{ github.sha }} | |
destination: cri-o/artifacts | |
upload-artifacts: | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags') | |
runs-on: ubuntu-latest | |
needs: | |
- static-build-upload | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
- run: make upload-artifacts | |
env: | |
GCS_CRIO_SA: ${{ secrets.GCS_CRIO_SA }} | |
create-release: | |
if: contains(github.ref, 'refs/tags') | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
needs: | |
- release-notes | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: release-notes | |
path: build/release-notes | |
- name: Get release version | |
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
- uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
with: | |
allowUpdates: true | |
bodyFile: build/release-notes/${{ env.RELEASE_VERSION }}.md | |
unit: | |
strategy: | |
fail-fast: false | |
matrix: | |
run: | |
- runner: ubuntu-latest | |
arch: amd64 | |
type: root | |
- runner: ubuntu-latest | |
arch: amd64 | |
type: rootless | |
- runner: actuated-arm64-4cpu-16gb | |
arch: arm64 | |
type: root | |
name: unit / ${{ matrix.run.arch }} / ${{ matrix.run.type }} | |
runs-on: ${{ matrix.run.runner }} | |
steps: | |
- uses: alexellis/arkade-get@d543d47741e9217ba62ff0214444add9a35825f3 | |
with: | |
crane: latest | |
print-summary: false | |
- name: Install vmmeter | |
run: crane export --platform linux/${{ matrix.run.arch }} ghcr.io/openfaasltd/vmmeter:latest | sudo tar -xvf - -C /usr/local/bin | |
- uses: self-actuated/vmmeter-action@c7e2162e39294a810cab647cacc215ecd68a44f6 | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: go-unit-${{ matrix.run.arch }}-${{ matrix.run.type }}-${{ hashFiles('**/go.sum') }} | |
- run: scripts/github-actions-packages | |
- name: Update mocks | |
run: | | |
make mockgen -j $(nproc) | |
hack/tree_status.sh | |
- name: Run unit tests as root | |
if: ${{ matrix.run.type == 'root' }} | |
run: | | |
sudo PATH="$PATH" GOCACHE="$(go env GOCACHE)" GOMODCACHE="$(go env GOMODCACHE)" make testunit | |
sudo chown -R $(id -u):$(id -g) "$(go env GOCACHE)" "$(go env GOMODCACHE)" || true | |
- name: Run unit tests rootless | |
if: ${{ matrix.run.type == 'rootless' }} | |
run: make testunit | |
- uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 | |
with: | |
name: unit-${{ matrix.run.arch }}-${{ matrix.run.type }} | |
path: build/coverage | |
coverage: | |
needs: unit | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
with: | |
fetch-depth: 0 | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: unit-amd64-root | |
path: build/coverage | |
- uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 | |
with: | |
files: build/coverage/coverprofile | |
verbose: true | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
release-notes: | |
permissions: | |
contents: write | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags') | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Set current branch | |
run: | | |
raw=$(git branch -r --contains ${{ github.ref }}) | |
branch=${raw##*/} | |
echo "CURRENT_BRANCH=$branch" >> $GITHUB_ENV | |
- run: make release-notes | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 | |
with: | |
name: release-notes | |
path: build/release-notes | |
if-no-files-found: ignore | |
dependencies: | |
permissions: | |
contents: write | |
if: github.ref == 'refs/heads/main' | |
needs: release-notes | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- run: make dependencies | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 | |
with: | |
name: dependencies | |
path: build/dependencies | |
codeql-build: | |
runs-on: ubuntu-latest | |
permissions: | |
security-events: write | |
actions: read | |
contents: read | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
- uses: github/codeql-action/init@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2 | |
with: | |
languages: go | |
- uses: github/codeql-action/autobuild@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2 | |
- uses: github/codeql-action/analyze@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2 | |
security-checks: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 | |
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Run govulncheck | |
run: make verify-govulncheck | |
- name: Run gosec | |
run: make verify-gosec |