Skip to content

RFC: add encrypted scratch space for sandbox #5098

RFC: add encrypted scratch space for sandbox

RFC: add encrypted scratch space for sandbox #5098

Workflow file for this run

# (C) Copyright Confidential Containers Contributors
# # SPDX-License-Identifier: Apache-2.0
#
# Build binary and run unit tests
---
name: build
on:
pull_request:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
caa:
name: cloud-api-adaptor
runs-on: ${{ matrix.runner }}
strategy:
fail-fast: false
matrix:
type:
- dev
- release
runner:
- ubuntu-24.04
defaults:
run:
working-directory: src/cloud-api-adaptor
steps:
- name: Checkout the pull request code
uses: actions/checkout@v4
- name: Read properties from versions.yaml
run: |
go_version="$(yq '.tools.golang' versions.yaml)"
[ -n "$go_version" ]
echo "GO_VERSION=${go_version}" >> "$GITHUB_ENV"
- name: Setup Golang version ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: "**/go.sum"
- name: Install build dependencies
if: matrix.type == 'dev'
run: |
sudo apt-get update -y
sudo apt-get install -y libvirt-dev
- name: Build
run: |
# Build the binaries
if [ ${{ matrix.type }} == "release" ]; then
RELEASE_BUILD=true make build
else
RELEASE_BUILD=false make build
fi
- name: Test
if: matrix.type == 'dev'
run: |
go install github.com/jstemmer/[email protected]
export CI="true"
sudo -E env PATH="$PATH" make test | tee tests_report.txt
sudo chmod o+rw tests_report.txt
< tests_report.txt "$(go env GOPATH)/bin/go-junit-report" -set-exit-code > tests_report_junit.xml
shell: bash
- name: Upload tests report
uses: actions/upload-artifact@v4
if: matrix.type == 'dev'
with:
name: tests_report_junit-${{ matrix.runner }}_${{ env.GO_VERSION }}
path: ${{ github.workspace }}/tests_report_junit.xml
retention-days: 1
controllers:
name: controllers
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
controller:
- peerpod-ctrl
defaults:
run:
working-directory: src/${{ matrix.controller }}
steps:
- name: Checkout the pull request code
uses: actions/checkout@v4
- name: Read properties from versions.yaml
run: |
go_version="$(yq '.tools.golang' ../cloud-api-adaptor/versions.yaml)"
[ -n "$go_version" ]
echo "GO_VERSION=${go_version}" >> "$GITHUB_ENV"
- name: Setup Golang version ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: "**/go.sum"
- name: Install build dependencies
if: matrix.controller == 'peerpod-ctrl'
run: |
sudo apt-get update -y
sudo apt-get install -y libvirt-dev
- name: Verify go modules and manifests
run: make verify
- name: Build the controller manager
run: make build
- name: Run unit tests
run: make test
- name: Build the controller image
run: make docker-build
volumes:
name: volume controllers
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
controller:
- csi-wrapper
defaults:
run:
working-directory: src/${{ matrix.controller }}
steps:
- name: Checkout the pull request code
uses: actions/checkout@v4
- name: Read properties from versions.yaml
run: |
go_version="$(yq '.tools.golang' ../cloud-api-adaptor/versions.yaml)"
[ -n "$go_version" ]
echo "GO_VERSION=${go_version}" >> "$GITHUB_ENV"
- name: Setup Golang version ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: "**/go.sum"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build the controllers
run: make build
- name: Run unit tests
run: make test
- name: Build checks
run: make check
- name: Build docker images
run: |
echo "::group::Build csi-node-wrapper-docker"
make csi-node-wrapper-docker
echo "::endgroup::"
echo "::group::Build csi-controller-wrapper-docker"
make csi-controller-wrapper-docker
echo "::endgroup::"
echo "::group::Build csi-podvm-wrapper-docker"
make csi-podvm-wrapper-docker
echo "::endgroup::"
webhook:
runs-on: ubuntu-24.04
defaults:
run:
working-directory: src/webhook
steps:
- name: Checkout the pull request code
uses: actions/checkout@v4
- name: Read properties from versions.yaml
run: |
go_version="$(yq '.tools.golang' ../cloud-api-adaptor/versions.yaml)"
[ -n "$go_version" ]
echo "GO_VERSION=${go_version}" >> "$GITHUB_ENV"
- name: Setup Golang version ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: "**/go.sum"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Install kind
run: |
go install sigs.k8s.io/[email protected]
- name: Install bats
run: |
bats_version="$(yq '.tools.bats' ../cloud-api-adaptor/versions.yaml)"
[ -n "$bats_version" ]
git clone --branch "v${bats_version}" --single-branch \
https://github.com/bats-core/bats-core.git
cd bats-core
./install.sh ~/.local
- name: Verify go modules and manifests
run: make verify
- name: Build the webhook
run: make build
- name: Run unit tests and static checks
run: make test
- name: Run end-to-end tests
run: |
make test-e2e