Skip to content

Merge pull request #2490 from containers/dependabot/github_actions/cr… #6248

Merge pull request #2490 from containers/dependabot/github_actions/cr…

Merge pull request #2490 from containers/dependabot/github_actions/cr… #6248

Workflow file for this run

name: ci
on:
pull_request: {}
push:
tags:
- "*"
branches:
- main
env:
CARGO_TERM_COLOR: always
GO_VERSION: "1.23"
ACTION_MSRV_TOOLCHAIN: 1.66.1
NIX_VERSION: "2.21.0"
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: dtolnay/rust-toolchain@315e265cd78dad1e1dcf3a5074f6d6c47029d5aa
with:
toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN'] }}
components: rustfmt
- run: cargo build && git diff --exit-code
dependencies:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- run: make verify-dependencies
go-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: ${{ env.GO_VERSION }}
- uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: v1.60.3
only-new-issues: true
get-script:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- run: scripts/get
release-static:
runs-on: ubuntu-latest
permissions:
id-token: write
env:
COSIGN_EXPERIMENTAL: 1
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-release-static-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: dtolnay/rust-toolchain@315e265cd78dad1e1dcf3a5074f6d6c47029d5aa
with:
# Ubuntu 22.04 glibc static is not compatible with rustc 1.58.1 (see
# ACTION_MSRV_TOOLCHAIN). Means we now just use the latest one, since
# the static builds are made for the community.
toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN'] }}
components: rustfmt
- run: make release-static
- run: |
mkdir ${{ github.sha }}
mv target/x86_64-unknown-linux-gnu/release/conmonrs ${{ github.sha }}
- run: ./${{ github.sha }}/conmonrs -v
- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
- name: Sign binary
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
run: |
cd ${{ github.sha }}
cosign sign-blob -y conmonrs \
--output-signature conmonrs.sig \
--output-certificate conmonrs.cert
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: conmonrs
path: ${{ github.sha }}/*
- uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
with:
credentials_json: ${{ secrets.GCS_CRIO_SA }}
- uses: google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0 # v2.2.1
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
with:
path: ${{ github.sha }}
destination: cri-o/conmon-rs
create-marker:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
needs:
- release-static
- build-static
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- run: .github/create-marker
- uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
with:
credentials_json: ${{ secrets.GCS_CRIO_SA }}
- uses: google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0 # v2.2.1
with:
path: .
glob: latest-*.txt
destination: cri-o/conmon-rs
build-static:
runs-on: ubuntu-latest
permissions:
id-token: write
env:
COSIGN_EXPERIMENTAL: 1
strategy:
fail-fast: false
matrix:
arch: [amd64, arm64, ppc64le, s390x]
name: build-static-${{ matrix.arch }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v28
with:
install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
with:
name: conmon-rs
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
pushFilter: "(conmon-rs|cargo-vendor)"
- run: nix-build nix/default-${{ matrix.arch }}.nix
- run: file result/bin/conmonrs | grep static | grep stripped
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: build-static-${{ matrix.arch }}
path: |
result/bin/conmonrs
- run: |
mkdir ${{ github.sha }}
cp result/bin/conmonrs ${{ github.sha }}/conmonrs.${{ matrix.arch }}
- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
- name: Sign binary
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
run: |
cd ${{ github.sha }}
cosign sign-blob -y conmonrs.${{ matrix.arch }} \
--output-signature conmonrs.${{ matrix.arch }}.sig \
--output-certificate conmonrs.${{ matrix.arch }}.cert
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: conmonrs-${{ matrix.arch }}
path: ${{ github.sha }}/*
- uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
with:
credentials_json: ${{ secrets.GCS_CRIO_SA }}
- uses: google-github-actions/upload-cloud-storage@386ab77f37fdf51c0e38b3d229fad286861cc0d0 # v2.2.1
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
with:
path: ${{ github.sha }}
destination: cri-o/conmon-rs
doc:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-doc-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: dtolnay/rust-toolchain@315e265cd78dad1e1dcf3a5074f6d6c47029d5aa
with:
toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN'] }}
components: rustfmt
- name: Cargo doc
run: cargo doc --no-deps
lint-clippy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-clippy-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: dtolnay/rust-toolchain@315e265cd78dad1e1dcf3a5074f6d6c47029d5aa
with:
toolchain: nightly
components: clippy, rustfmt
- name: Clippy Lint
run: cargo +nightly clippy --all-targets --all-features -- -D warnings
vendor:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-vendor-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: dtolnay/rust-toolchain@315e265cd78dad1e1dcf3a5074f6d6c47029d5aa
with:
toolchain: stable
- name: Vendor
run: cargo vendor .cargo-vendor && git diff --exit-code
lint-rustfmt:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Select Toolchain
uses: dtolnay/rust-toolchain@315e265cd78dad1e1dcf3a5074f6d6c47029d5aa
with:
toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN'] }}
components: rustfmt
- name: Rustfmt
run: cargo fmt && git diff --exit-code
test-unit:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- run: .github/install-deps
- name: Install cargo-llvm-cov
uses: taiki-e/install-action@cargo-llvm-cov
- name: Generate code coverage
run: cargo llvm-cov --all-features --lcov --output-path lcov.info
- name: Upload Results
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7
with:
files: lcov.info
test-integration:
needs: release-static
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: ${{ env.GO_VERSION }}
- name: Setup Rust and Golang Cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-cargo-test-integration-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('**/go.sum') }}
- name: Setup Testfiles Cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: |
/tmp/conmon-test-images
key: ${{ runner.os }}-cargo-test-files-${{ hashFiles('pkg/client/files_test.go') }}
- run: rm -rf target/x86_64-unknown-linux-gnu/release/conmonrs
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: conmonrs
path: target/x86_64-unknown-linux-gnu/release
- run: chmod +x target/x86_64-unknown-linux-gnu/release/conmonrs
- run: .github/install-deps
- name: create symlink
run: sudo ln -f -s $(go env GOROOT)/bin/* /usr/bin/
- name: Integration tests
run: sudo -E RUNTIME_PATH="/usr/sbin/runc" make integration-static
- name: Chown cache
run: |
sudo chown -R $(id -u):$(id -g) ~/go/pkg/mod
sudo chown -R $(id -u):$(id -g) ~/.cache/go-build
test-critest:
needs: release-static
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: conmonrs
path: target/x86_64-unknown-linux-musl/release
- run: .github/setup
- name: Install ginkgo
run: |
sudo chown -R $(id -u):$(id -g) ~/go
sudo chown -R $(id -u):$(id -g) ~/.cache
go install github.com/onsi/ginkgo/v2/ginkgo@latest
ginkgo version
sudo cp $(command -v ginkgo) /usr/local/bin
- name: Run critest
shell: bash
run: |
set -euox pipefail
sudo cp target/x86_64-unknown-linux-musl/release/conmonrs /usr/libexec/crio/conmonrs
sudo chmod +x /usr/libexec/crio/conmonrs
set +o errexit
sudo -E PATH=$PATH critest \
--runtime-endpoint=unix:///var/run/crio/crio.sock \
--parallel=$(nproc) \
--ginkgo.flake-attempts=3 \
--ginkgo.randomize-all \
--ginkgo.timeout=2m \
--ginkgo.trace \
--ginkgo.vv
TEST_RC=$?
set -o errexit
sudo journalctl --no-pager > journal.log
test $TEST_RC -ne 0 && cat journal.log
exit $TEST_RC
- name: Upload logs
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: journal.log
path: journal.log
typos:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: crate-ci/typos@bd36f89fcd3424dcefd442894589e6ee572a59f2 # v1.28.1
with:
config: .github/typos.toml
prettier:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: creyD/prettier_action@31355f8eef017f8aeba2e0bc09d8502b13dbbad1 # v4.3
with:
dry: true
prettier_options: --write .