Skip to content

Merge pull request #2426 from containers/dependabot/github_actions/cr… #1323

Merge pull request #2426 from containers/dependabot/github_actions/cr…

Merge pull request #2426 from containers/dependabot/github_actions/cr… #1323

Workflow file for this run

name: ci
on:
pull_request: {}
push:
tags:
- "*"
branches:
- main
env:
CARGO_TERM_COLOR: always
GO_VERSION: "1.23"
ACTION_MSRV_TOOLCHAIN: 1.66.1
NIX_VERSION: "2.21.0"
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a
with:
toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN'] }}
components: rustfmt
- run: cargo build && git diff --exit-code
dependencies:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- run: make verify-dependencies
go-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
with:
version: v1.60.3
only-new-issues: true
get-script:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
- run: scripts/get
release-static:
runs-on: ubuntu-latest
permissions:
id-token: write
env:
COSIGN_EXPERIMENTAL: 1
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-release-static-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a
with:
# Ubuntu 22.04 glibc static is not compatible with rustc 1.58.1 (see
# ACTION_MSRV_TOOLCHAIN). Means we now just use the latest one, since
# the static builds are made for the community.
toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN'] }}
components: rustfmt
- run: make release-static
- run: |
mkdir ${{ github.sha }}
mv target/x86_64-unknown-linux-gnu/release/conmonrs ${{ github.sha }}
- run: ./${{ github.sha }}/conmonrs -v
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
- name: Sign binary
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
run: |
cd ${{ github.sha }}
cosign sign-blob -y conmonrs \
--output-signature conmonrs.sig \
--output-certificate conmonrs.cert
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: conmonrs
path: ${{ github.sha }}/*
- uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # v2.1.5
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
with:
credentials_json: ${{ secrets.GCS_CRIO_SA }}
- uses: google-github-actions/upload-cloud-storage@e485962f2bef914ac9c3bdd571f821f0ba7946c4 # v2.2.0
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
with:
path: ${{ github.sha }}
destination: cri-o/conmon-rs
create-marker:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
needs:
- release-static
- build-static
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- run: .github/create-marker
- uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # v2.1.5
with:
credentials_json: ${{ secrets.GCS_CRIO_SA }}
- uses: google-github-actions/upload-cloud-storage@e485962f2bef914ac9c3bdd571f821f0ba7946c4 # v2.2.0
with:
path: .
glob: latest-*.txt
destination: cri-o/conmon-rs
build-static:
runs-on: ubuntu-latest
permissions:
id-token: write
env:
COSIGN_EXPERIMENTAL: 1
strategy:
fail-fast: false
matrix:
arch: [amd64, arm64, ppc64le, s390x]
name: build-static-${{ matrix.arch }}
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v28
with:
install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
with:
name: conmon-rs
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
pushFilter: "(conmon-rs|cargo-vendor)"
- run: nix-build nix/default-${{ matrix.arch }}.nix
- run: file result/bin/conmonrs | grep static | grep stripped
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: build-static-${{ matrix.arch }}
path: |
result/bin/conmonrs
- run: |
mkdir ${{ github.sha }}
cp result/bin/conmonrs ${{ github.sha }}/conmonrs.${{ matrix.arch }}
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
- name: Sign binary
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
run: |
cd ${{ github.sha }}
cosign sign-blob -y conmonrs.${{ matrix.arch }} \
--output-signature conmonrs.${{ matrix.arch }}.sig \
--output-certificate conmonrs.${{ matrix.arch }}.cert
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: conmonrs-${{ matrix.arch }}
path: ${{ github.sha }}/*
- uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # v2.1.5
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
with:
credentials_json: ${{ secrets.GCS_CRIO_SA }}
- uses: google-github-actions/upload-cloud-storage@e485962f2bef914ac9c3bdd571f821f0ba7946c4 # v2.2.0
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
with:
path: ${{ github.sha }}
destination: cri-o/conmon-rs
doc:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-doc-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a
with:
toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN'] }}
components: rustfmt
- name: Cargo doc
run: cargo doc --no-deps
lint-clippy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-clippy-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a
with:
toolchain: nightly
components: clippy, rustfmt
- name: Clippy Lint
run: cargo +nightly clippy --all-targets --all-features -- -D warnings
vendor:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-vendor-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a
with:
toolchain: stable
- name: Vendor
run: cargo vendor .cargo-vendor && git diff --exit-code
lint-rustfmt:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Select Toolchain
uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a
with:
toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN'] }}
components: rustfmt
- name: Rustfmt
run: cargo fmt && git diff --exit-code
test-unit:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- run: .github/install-deps
- name: Select Toolchain
uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a
with:
toolchain: nightly
components: rustfmt
- name: Unit tests
run: cargo test --no-fail-fast
env:
CARGO_INCREMENTAL: "0"
RUSTFLAGS: "-Zprofile -Ccodegen-units=1 -Clink-dead-code -Coverflow-checks=off -Zpanic_abort_tests"
RUSTDOCFLAGS: "-Zprofile -Ccodegen-units=1 -Clink-dead-code -Coverflow-checks=off -Zpanic_abort_tests"
- name: Coverage
uses: actions-rs/grcov@770fa904bcbfc50da498080d1511da7388e6ddc6 # v0.1.6
with:
config: .github/grcov.yml
- name: Upload Results
uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
test-integration:
needs: release-static
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- name: Setup Rust and Golang Cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-cargo-test-integration-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('**/go.sum') }}
- name: Setup Testfiles Cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
/tmp/conmon-test-images
key: ${{ runner.os }}-cargo-test-files-${{ hashFiles('pkg/client/files_test.go') }}
- run: rm -rf target/x86_64-unknown-linux-gnu/release/conmonrs
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: conmonrs
path: target/x86_64-unknown-linux-gnu/release
- run: chmod +x target/x86_64-unknown-linux-gnu/release/conmonrs
- run: .github/install-deps
- name: create symlink
run: sudo ln -f -s $(go env GOROOT)/bin/* /usr/bin/
- name: Integration tests
run: sudo -E RUNTIME_PATH="/usr/sbin/runc" make integration-static
- name: Chown cache
run: |
sudo chown -R $(id -u):$(id -g) ~/go/pkg/mod
sudo chown -R $(id -u):$(id -g) ~/.cache/go-build
test-critest:
needs: release-static
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: conmonrs
path: target/x86_64-unknown-linux-musl/release
- run: .github/setup
- name: Install ginkgo
run: |
sudo chown -R $(id -u):$(id -g) ~/go
sudo chown -R $(id -u):$(id -g) ~/.cache
go install github.com/onsi/ginkgo/v2/ginkgo@latest
ginkgo version
sudo cp $(command -v ginkgo) /usr/local/bin
- name: Run critest
shell: bash
run: |
set -euox pipefail
sudo cp target/x86_64-unknown-linux-musl/release/conmonrs /usr/libexec/crio/conmonrs
sudo chmod +x /usr/libexec/crio/conmonrs
set +o errexit
sudo -E PATH=$PATH critest \
--runtime-endpoint=unix:///var/run/crio/crio.sock \
--parallel=$(nproc) \
--ginkgo.flake-attempts=3 \
--ginkgo.randomize-all \
--ginkgo.timeout=2m \
--ginkgo.trace \
--ginkgo.vv
TEST_RC=$?
set -o errexit
sudo journalctl --no-pager > journal.log
test $TEST_RC -ne 0 && cat journal.log
exit $TEST_RC
- name: Upload logs
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: journal.log
path: journal.log
typos:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: crate-ci/typos@8e6a4285bcbde632c5d79900a7779746e8b7ea3f # v1.24.6
with:
config: .github/typos.toml
prettier:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: creyD/prettier_action@31355f8eef017f8aeba2e0bc09d8502b13dbbad1 # v4.3
with:
dry: true
prettier_options: --write .