Merge pull request #7450 from cri-o/dependabot/github_actions/crate-c… #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: test | |
on: | |
push: | |
tags: | |
- v* | |
branches: | |
- main | |
- release-* | |
- nixpkgs | |
pull_request: | |
env: | |
GO_VERSION: '1.21' | |
NIX_VERSION: '2.18.0' | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- run: scripts/github-actions-packages | |
- run: make | |
- run: bin/crio version | |
- run: make bin/crio.cross.linux.amd64 | |
- run: bin/crio.cross.linux.amd64 version | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: build | |
path: | | |
bin/crio | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: docs | |
path: | | |
docs/crio.8 | |
docs/crio.conf.5 | |
docs/crio.conf.d.5 | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: config | |
path: crio.conf | |
build-freebsd: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- run: scripts/github-actions-packages | |
- run: make bin/crio.cross.freebsd.amd64 | |
build-386: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
~/go/pkg/mod | |
~/.cache/go-build | |
key: go-build-386-${{ hashFiles('**/go.sum') }} | |
restore-keys: go-build-386- | |
- name: Build 386 binary in container | |
run: | | |
mkdir -p ~/.cache/go-build ~/go/pkg/mod | |
sudo podman run \ | |
-v ~/go/pkg/mod:/go/pkg/mod \ | |
-v ~/.cache/go-build:/root/.cache/go-build \ | |
-v $PWD:/build \ | |
-w /build \ | |
-it i386/golang:${{ env.GO_VERSION }}-alpine \ | |
sh -c \ | |
"apk --no-cache add \ | |
bash \ | |
build-base \ | |
git \ | |
gpgme-dev \ | |
libseccomp-dev \ | |
libselinux-dev \ | |
linux-headers \ | |
tzdata && \ | |
make bin/crio && \ | |
bin/crio version" | |
validate-docs: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: build | |
path: bin | |
- run: chmod -R +x bin | |
- run: | | |
sudo -E make docs-generation | |
hack/tree_status.sh | |
validate-completions: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: build | |
path: bin | |
- run: chmod -R +x bin | |
- run: | | |
sudo -E make completions-generation | |
hack/tree_status.sh | |
validate-nri-tests: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: build | |
path: bin | |
- run: | | |
sudo -E make check-nri-bats-tests | |
build-static-amd64: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v23 | |
with: | |
install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install | |
- uses: cachix/cachix-action@v12 | |
with: | |
name: cri-o-static | |
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
pushFilter: cri-o | |
- run: nix-build nix | |
- run: result/bin/crio version | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: build-static-amd64 | |
path: | | |
result/bin/crio | |
result/bin/pinns | |
build-static-arm64: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v23 | |
with: | |
install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install | |
- uses: cachix/cachix-action@v12 | |
with: | |
name: cri-o-static | |
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
pushFilter: cri-o | |
- run: nix-build nix/default-arm64.nix | |
- run: file result/bin/crio | grep aarch64 | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: build-static-arm64 | |
path: | | |
result/bin/crio | |
result/bin/pinns | |
build-static-ppc64le: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v23 | |
with: | |
install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install | |
- uses: cachix/cachix-action@v12 | |
with: | |
name: cri-o-static | |
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
pushFilter: cri-o | |
- run: nix-build nix/default-ppc64le.nix | |
- run: file result/bin/crio | grep PowerPC | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: build-static-ppc64le | |
path: | | |
result/bin/crio | |
result/bin/pinns | |
static-build-upload: | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags') | |
runs-on: ubuntu-latest | |
needs: | |
- build-static-amd64 | |
- build-static-arm64 | |
- build-static-ppc64le | |
steps: | |
- uses: actions/download-artifact@v3 | |
with: | |
name: build-static-amd64 | |
path: ${{ github.sha }}/amd64 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: build-static-arm64 | |
path: ${{ github.sha }}/arm64 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: build-static-ppc64le | |
path: ${{ github.sha }}/ppc64le | |
- uses: google-github-actions/auth@v1 | |
with: | |
credentials_json: ${{ secrets.GCS_CRIO_SA }} | |
- uses: google-github-actions/upload-cloud-storage@v1 | |
with: | |
path: ${{ github.sha }} | |
destination: cri-o/artifacts | |
upload-artifacts: | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags') | |
runs-on: ubuntu-latest | |
needs: | |
- static-build-upload | |
steps: | |
- uses: actions/checkout@v4 | |
- run: make upload-artifacts | |
env: | |
GCS_CRIO_SA: ${{ secrets.GCS_CRIO_SA }} | |
create-release: | |
if: contains(github.ref, 'refs/tags') | |
runs-on: ubuntu-latest | |
needs: | |
- release-notes | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: release-notes | |
path: build/release-notes | |
- name: Get release version | |
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
- uses: ncipollo/release-action@v1 | |
with: | |
allowUpdates: true | |
bodyFile: build/release-notes/${{ env.RELEASE_VERSION }}.md | |
token: ${{ secrets.GH_TOKEN }} | |
unit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- run: scripts/github-actions-packages | |
- run: | | |
make mockgen -j $(nproc) | |
hack/tree_status.sh | |
- run: sudo PATH="$PATH" make testunit | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: unit | |
path: build/coverage | |
coverage: | |
needs: unit | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: unit | |
path: build/coverage | |
- run: make codecov | |
release-notes: | |
permissions: | |
contents: none | |
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags') | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
token: ${{ secrets.GH_TOKEN }} | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Set current branch | |
run: | | |
raw=$(git branch -r --contains ${{ github.ref }}) | |
branch=${raw##*/} | |
echo "CURRENT_BRANCH=$branch" >> $GITHUB_ENV | |
- run: make release-notes | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: release-notes | |
path: build/release-notes | |
if-no-files-found: ignore | |
dependencies: | |
permissions: | |
contents: none | |
if: github.ref == 'refs/heads/main' | |
needs: release-notes | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
token: ${{ secrets.GH_TOKEN }} | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- run: make dependencies | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: dependencies | |
path: build/dependencies | |
codeql-build: | |
runs-on: ubuntu-latest | |
permissions: | |
security-events: write | |
actions: read | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: github/codeql-action/init@v2 | |
with: | |
languages: go | |
- uses: github/codeql-action/autobuild@v2 | |
- uses: github/codeql-action/analyze@v2 | |
security-checks: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ env.GO_VERSION }} | |
- name: Run Govulncheck | |
run: make verify-govulncheck | |
- name: Run Gosec | |
run: make verify-gosec |