Use GitHub actions matrix for build and add go tip #2182
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: test | ||
| on: | ||
| workflow_dispatch: | ||
| push: | ||
| tags: | ||
| - v* | ||
| branches: | ||
| - main | ||
| - release-* | ||
| - nixpkgs | ||
| pull_request: | ||
| env: | ||
| GO_VERSION: "1.23" | ||
| NIX_VERSION: "2.24.3" | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| vars: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| GO_VERSION: ${{ env.GO_VERSION }} | ||
| steps: | ||
| - run: echo "GO_VERSION=${{ env.GO_VERSION }}" >> $GITHUB_OUTPUT | ||
| build: | ||
| needs: vars | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| run: | ||
| - go-os: linux | ||
| go-version: ${{ needs.vars.GO_VERSION }} | ||
| - go-os: linux | ||
| go-version: tip | ||
| - go-os: freebsd | ||
| go-version: ${{ needs.vars.GO_VERSION }} | ||
| name: build / ${{ matrix.run.go-os }} / ${{ matrix.run.go-version }} | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | ||
| with: | ||
| go-version: ${{ matrix.run.go-version }} | ||
| - run: scripts/github-actions-packages | ||
| - run: make bin/crio.cross.${{ matrix.run.go-os }}.amd64 | ||
| - run: mv bin/bin/crio.cross.${{ matrix.run.go-os }}.amd64 bin/crio | ||
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | ||
| with: | ||
| name: build-${{ matrix.run.go-os }}-${{ matrix.run.go-version }} | ||
| path: | | ||
| bin/crio | ||
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | ||
| with: | ||
| name: docs | ||
| path: | | ||
| docs/crio.8 | ||
| docs/crio.conf.5 | ||
| docs/crio.conf.d.5 | ||
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | ||
| with: | ||
| name: config | ||
| path: crio.conf | ||
| validate-docs: | ||
| needs: build | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | ||
| with: | ||
| name: build-linux-${{ env.GO_VERSION }} | ||
| path: bin | ||
| - run: chmod -R +x bin | ||
| - run: | | ||
| sudo -E make docs-generation | ||
| hack/tree_status.sh | ||
| validate-completions: | ||
| needs: build | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | ||
| with: | ||
| name: build-linux-${{ env.GO_VERSION }} | ||
| path: bin | ||
| - run: chmod -R +x bin | ||
| - run: | | ||
| sudo -E make completions-generation | ||
| hack/tree_status.sh | ||
| validate-nri-tests: | ||
| needs: build | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | ||
| with: | ||
| go-version: ${{ env.GO_VERSION }} | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | ||
| with: | ||
| name: build-linux-${{ env.GO_VERSION }} | ||
| path: bin | ||
| - run: | | ||
| sudo -E make check-nri-bats-tests GOSUMDB= | ||
| build-static: | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| run: | ||
| - go-arch: amd64 | ||
| os-arch: x86-64 | ||
| - go-arch: arm64 | ||
| os-arch: aarch64 | ||
| - go-arch: ppc64le | ||
| os-arch: PowerPC | ||
| - go-arch: s390x | ||
| os-arch: S/390 | ||
| name: build static / ${{ matrix.run.go-arch }} | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v27 | ||
| with: | ||
| install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install | ||
| - uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15 | ||
| with: | ||
| name: cri-o-static | ||
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | ||
| pushFilter: cri-o | ||
| - run: nix-build nix/default-${{ matrix.run.go-arch }}.nix | ||
| - run: file result/bin/crio | grep ${{ matrix.run.os-arch }} | ||
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | ||
| with: | ||
| name: build-static-${{ matrix.run.go-arch }} | ||
| path: | | ||
| result/bin/crio | ||
| result/bin/pinns | ||
| static-build-upload: | ||
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags') | ||
| runs-on: ubuntu-latest | ||
| needs: | ||
| - build-static | ||
| steps: | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | ||
| with: | ||
| name: build-static-amd64 | ||
| path: ${{ github.sha }}/amd64 | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | ||
| with: | ||
| name: build-static-arm64 | ||
| path: ${{ github.sha }}/arm64 | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | ||
| with: | ||
| name: build-static-ppc64le | ||
| path: ${{ github.sha }}/ppc64le | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | ||
| with: | ||
| name: build-static-s390x | ||
| path: ${{ github.sha }}/s390x | ||
| - uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 | ||
| with: | ||
| credentials_json: ${{ secrets.GCS_CRIO_SA }} | ||
| - uses: google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0 # v2.2.1 | ||
| with: | ||
| path: ${{ github.sha }} | ||
| destination: cri-o/artifacts | ||
| upload-artifacts: | ||
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags') | ||
| runs-on: ubuntu-latest | ||
| needs: | ||
| - static-build-upload | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - run: make upload-artifacts | ||
| env: | ||
| GCS_CRIO_SA: ${{ secrets.GCS_CRIO_SA }} | ||
| create-release: | ||
| if: contains(github.ref, 'refs/tags') | ||
| permissions: | ||
| contents: write | ||
| runs-on: ubuntu-latest | ||
| needs: | ||
| - release-notes | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | ||
| with: | ||
| name: release-notes | ||
| path: build/release-notes | ||
| - name: Get release version | ||
| run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | ||
| - uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | ||
| with: | ||
| allowUpdates: true | ||
| bodyFile: build/release-notes/${{ env.RELEASE_VERSION }}.md | ||
| unit: | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| run: | ||
| - runner: ubuntu-latest | ||
| arch: amd64 | ||
| type: root | ||
| - runner: ubuntu-latest | ||
| arch: amd64 | ||
| type: rootless | ||
| name: unit / ${{ matrix.run.arch }} / ${{ matrix.run.type }} | ||
| runs-on: ${{ matrix.run.runner }} | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | ||
| with: | ||
| go-version: ${{ env.GO_VERSION }} | ||
| - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | ||
| with: | ||
| path: | | ||
| ~/.cache/go-build | ||
| ~/go/pkg/mod | ||
| key: go-unit-${{ matrix.run.arch }}-${{ matrix.run.type }}-${{ hashFiles('**/go.sum') }} | ||
| - run: scripts/github-actions-packages | ||
| - name: Update mocks | ||
| run: | | ||
| make mockgen -j $(nproc) | ||
| hack/tree_status.sh | ||
| - name: Run unit tests as root | ||
| if: ${{ matrix.run.type == 'root' }} | ||
| run: | | ||
| sudo PATH="$PATH" GOCACHE="$(go env GOCACHE)" GOMODCACHE="$(go env GOMODCACHE)" make testunit | ||
| sudo chown -R $(id -u):$(id -g) "$(go env GOCACHE)" "$(go env GOMODCACHE)" || true | ||
| - name: Run unit tests rootless | ||
| if: ${{ matrix.run.type == 'rootless' }} | ||
| run: make testunit | ||
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | ||
| with: | ||
| name: unit-${{ matrix.run.arch }}-${{ matrix.run.type }} | ||
| path: build/coverage | ||
| coverage: | ||
| needs: unit | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| fetch-depth: 0 | ||
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | ||
| with: | ||
| name: unit-amd64-root | ||
| path: build/coverage | ||
| - uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 | ||
| with: | ||
| files: build/coverage/coverprofile | ||
| verbose: true | ||
| env: | ||
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | ||
| release-notes: | ||
| permissions: | ||
| contents: write | ||
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags') | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| fetch-depth: 0 | ||
| - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | ||
| with: | ||
| go-version: ${{ env.GO_VERSION }} | ||
| - name: Set current branch | ||
| run: | | ||
| raw=$(git branch -r --contains ${{ github.ref }}) | ||
| branch=${raw##*/} | ||
| echo "CURRENT_BRANCH=$branch" >> $GITHUB_ENV | ||
| - run: make release-notes | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | ||
| with: | ||
| name: release-notes | ||
| path: build/release-notes | ||
| if-no-files-found: ignore | ||
| dependencies: | ||
| permissions: | ||
| contents: write | ||
| if: github.ref == 'refs/heads/main' | ||
| needs: release-notes | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| fetch-depth: 0 | ||
| - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | ||
| with: | ||
| go-version: ${{ env.GO_VERSION }} | ||
| - run: make dependencies | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | ||
| with: | ||
| name: dependencies | ||
| path: build/dependencies | ||
| codeql-build: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| security-events: write | ||
| actions: read | ||
| contents: read | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: github/codeql-action/init@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2 | ||
| with: | ||
| languages: go | ||
| - uses: github/codeql-action/autobuild@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2 | ||
| - uses: github/codeql-action/analyze@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2 | ||
| security-checks: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | ||
| with: | ||
| go-version: ${{ env.GO_VERSION }} | ||
| - name: Run govulncheck | ||
| run: make verify-govulncheck | ||
| - name: Run gosec | ||
| run: make verify-gosec | ||
