Merge pull request #8192 from openshift-cherrypick-robot/cherry-pick-… #12402
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: test | |
| on: | |
| workflow_dispatch: | |
| push: | |
| tags: | |
| - v* | |
| branches: | |
| - main | |
| - release-* | |
| pull_request: | |
| env: | |
| GO_VERSION: '1.20' | |
| NIX_VERSION: '2.15.1' | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - run: scripts/github-actions-packages | |
| - run: make | |
| - run: bin/crio version | |
| - run: make bin/crio.cross.linux.amd64 | |
| - run: bin/crio.cross.linux.amd64 version | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: build | |
| path: | | |
| bin/crio | |
| bin/crio-status | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: docs | |
| path: | | |
| docs/crio-status.8 | |
| docs/crio.8 | |
| docs/crio.conf.5 | |
| docs/crio.conf.d.5 | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: config | |
| path: crio.conf | |
| build-386: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: go-build-386-${{ hashFiles('**/go.sum') }} | |
| restore-keys: go-build-386- | |
| - name: Build 386 binary in container | |
| run: | | |
| mkdir -p ~/.cache/go-build ~/go/pkg/mod | |
| sudo podman run \ | |
| -e CGO_CFLAGS='-D_LARGEFILE64_SOURCE' \ | |
| -v ~/go/pkg/mod:/go/pkg/mod \ | |
| -v ~/.cache/go-build:/root/.cache/go-build \ | |
| -v $PWD:/build \ | |
| -w /build \ | |
| -it i386/golang:${{ env.GO_VERSION }}-alpine \ | |
| sh -c \ | |
| "apk --no-cache add \ | |
| bash \ | |
| build-base \ | |
| git \ | |
| gpgme-dev \ | |
| libseccomp-dev \ | |
| libselinux-dev \ | |
| linux-headers \ | |
| tzdata && \ | |
| make bin/crio && \ | |
| bin/crio version" | |
| validate-docs: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: bin | |
| - run: chmod -R +x bin | |
| - run: | | |
| sudo -E make docs-generation | |
| hack/tree_status.sh | |
| validate-completions: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: bin | |
| - run: chmod -R +x bin | |
| - run: | | |
| sudo -E make completions-generation | |
| hack/tree_status.sh | |
| validate-nri-tests: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: build | |
| path: bin | |
| - run: | | |
| sudo -E make check-nri-bats-tests | |
| build-static-amd64: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: cachix/install-nix-action@v23 | |
| with: | |
| install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install | |
| - uses: cachix/cachix-action@v12 | |
| with: | |
| name: cri-o-static | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| pushFilter: cri-o | |
| - run: nix-build nix | |
| - run: result/bin/crio version | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: build-static-amd64 | |
| path: | | |
| result/bin/crio | |
| result/bin/crio-status | |
| result/bin/pinns | |
| build-static-arm64: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: cachix/install-nix-action@v23 | |
| with: | |
| install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install | |
| - uses: cachix/cachix-action@v12 | |
| with: | |
| name: cri-o-static | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| pushFilter: cri-o | |
| - run: nix-build nix/default-arm64.nix | |
| - run: file result/bin/crio | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: build-static-arm64 | |
| path: | | |
| result/bin/crio | |
| result/bin/crio-status | |
| result/bin/pinns | |
| build-static-ppc64le: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: cachix/install-nix-action@v23 | |
| with: | |
| install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install | |
| - uses: cachix/cachix-action@v12 | |
| with: | |
| name: cri-o-static | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| pushFilter: cri-o | |
| - run: nix-build nix/default-ppc64le.nix | |
| - run: file result/bin/crio | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: build-static-ppc64le | |
| path: | | |
| result/bin/crio | |
| result/bin/crio-status | |
| result/bin/pinns | |
| build-static-s390x: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: cachix/install-nix-action@v25 | |
| with: | |
| install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install | |
| - uses: cachix/cachix-action@v14 | |
| with: | |
| name: cri-o-static | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| pushFilter: cri-o | |
| - run: nix-build nix/default-s390x.nix | |
| - run: file result/bin/crio | grep S/390 | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-static-s390x | |
| path: | | |
| result/bin/crio | |
| result/bin/pinns | |
| static-build-upload: | |
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags') | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-static-amd64 | |
| - build-static-arm64 | |
| - build-static-ppc64le | |
| - build-static-s390x | |
| steps: | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: build-static-amd64 | |
| path: ${{ github.sha }}/amd64 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: build-static-arm64 | |
| path: ${{ github.sha }}/arm64 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: build-static-ppc64le | |
| path: ${{ github.sha }}/ppc64le | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: build-static-s390x | |
| path: ${{ github.sha }}/s390x | |
| - uses: google-github-actions/auth@v1 | |
| with: | |
| credentials_json: ${{ secrets.GCS_CRIO_SA }} | |
| - uses: google-github-actions/upload-cloud-storage@v1 | |
| with: | |
| path: ${{ github.sha }} | |
| destination: cri-o/artifacts | |
| upload-artifacts: | |
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags') | |
| runs-on: ubuntu-latest | |
| needs: | |
| - static-build-upload | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: make upload-artifacts | |
| env: | |
| GCS_CRIO_SA: ${{ secrets.GCS_CRIO_SA }} | |
| create-release: | |
| if: contains(github.ref, 'refs/tags') | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-latest | |
| needs: | |
| - release-notes | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: release-notes | |
| path: build/release-notes | |
| - name: Get release version | |
| run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
| - uses: ncipollo/release-action@v1 | |
| with: | |
| allowUpdates: true | |
| bodyFile: build/release-notes/${{ env.RELEASE_VERSION }}.md | |
| unit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - run: scripts/github-actions-packages | |
| - run: | | |
| make mockgen -j $(nproc) | |
| hack/tree_status.sh | |
| - run: sudo PATH="$PATH" make testunit | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: unit | |
| path: build/coverage | |
| coverage: | |
| needs: unit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: unit | |
| path: build/coverage | |
| - run: make codecov | |
| release-notes: | |
| permissions: | |
| contents: write | |
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Set current branch | |
| run: | | |
| raw=$(git branch -r --contains ${{ github.ref }}) | |
| branch=${raw##*/} | |
| echo "CURRENT_BRANCH=$branch" >> $GITHUB_ENV | |
| - run: make release-notes | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: release-notes | |
| path: build/release-notes | |
| if-no-files-found: ignore | |
| dependencies: | |
| permissions: | |
| contents: write | |
| if: github.ref == 'refs/heads/main' | |
| needs: release-notes | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - run: make dependencies | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: dependencies | |
| path: build/dependencies | |
| release-branch-forward: | |
| permissions: | |
| contents: write | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - run: make release-branch-forward | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| DRY_RUN: false | |
| codeql-build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| actions: read | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: github/codeql-action/init@v2 | |
| with: | |
| languages: go | |
| - uses: github/codeql-action/autobuild@v2 | |
| - uses: github/codeql-action/analyze@v2 | |
| security-checks: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Run Govulncheck | |
| run: make verify-govulncheck | |
| - name: Run Gosec | |
| run: make verify-gosec |