Skip to content

Commit

Permalink
Merge pull request #3723 from apostasie/namespace-validate
Browse files Browse the repository at this point in the history
Cleanup namespace validation
  • Loading branch information
AkihiroSuda authored and apostasie committed Dec 6, 2024
2 parents 3206b49 + b8f4d9c commit f450502
Show file tree
Hide file tree
Showing 18 changed files with 664 additions and 765 deletions.
37 changes: 21 additions & 16 deletions .github/workflows/ghcr-image-build-and-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,51 +16,56 @@ on:
- '**.md'

env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}

jobs:
build:
# Source the common environment
environment:
name: " "
uses: ./.github/workflows/reusable_environment.yml

runs-on: ubuntu-24.04
build:
name: "project checks"
timeout-minutes: ${{ fromJSON(needs.environment.outputs.LONG_TIMEOUT) }}
runs-on: ${{ needs.environment.outputs.HOST_UBUNTU_LTS }}
needs: environment
permissions:
contents: read
packages: write

steps:
- name: Checkout repository
uses: actions/checkout@v4.2.2
- name: "Checkout"
uses: actions/checkout@v4

- name: Set up QEMU
- name: "Set up QEMU"
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
- name: "Set up Docker Buildx"
uses: docker/setup-buildx-action@v3

# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
- name: "Log into registry ${{ env.REGISTRY }}"
if: github.event_name != 'pull_request'
uses: docker/login-action@v3.3.0
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
registry: ${{ needs.environment.outputs.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
- name: "Extract Docker metadata"
id: meta
uses: docker/metadata-action@v5.6.1
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
images: ${{ needs.environment.outputs.REGISTRY }}/${{ env.IMAGE_NAME }}

# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
uses: docker/build-push-action@v6.10.0
- name: "Build and push Docker image"
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64,linux/arm64
Expand Down
103 changes: 37 additions & 66 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
name: lint
# "Hide" the name from the GitHub check status line, as it just clutters the display
name: " "

on:
push:
Expand All @@ -7,72 +8,42 @@ on:
- 'release/**'
pull_request:

env:
GO_VERSION: 1.23.x

jobs:
go:
timeout-minutes: 5
name: "go | ${{ matrix.goos }} | ${{ matrix.canary }}"
runs-on: "${{ matrix.os }}"
defaults:
run:
shell: bash
# Source the common environment
environment:
name: "lint"
uses: ./.github/workflows/reusable_environment.yml

# Linting go
lint-go:
# Define the matrix we want to lint on: every supported OS, with the current go version, and additionally go canary on linux
strategy:
matrix:
# The GOOS-es we run golint for, with no canary (eg: the base supported GO_VERSION)
goos: [linux, freebsd, windows]
# And no canary
canary: [false]
include:
- os: ubuntu-24.04
goos: linux
- os: ubuntu-24.04
goos: freebsd
# FIXME: this is currently failing in a non-sensical way, so, running on linux instead...
# - os: windows-2022
- os: ubuntu-24.04
goos: windows
- os: ubuntu-24.04
goos: linux
# This allows the canary script to select any upcoming golang alpha/beta/RC
canary: go-canary
env:
GOOS: "${{ matrix.goos }}"
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- name: Set GO env
run: |
# If canary is specified, get the latest available golang pre-release instead of the major version
if [ "$canary" != "" ]; then
. ./hack/build-integration-canary.sh
canary::golang::latest
fi
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- name: golangci-lint
uses: golangci/golangci-lint-action@v6
with:
args: --verbose
other:
timeout-minutes: 5
name: yaml | shell | imports order
runs-on: ubuntu-24.04
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- name: yaml
run: make lint-yaml
- name: shell
run: make lint-shell
- name: go imports ordering
run: |
go install -v github.com/incu6us/goimports-reviser/v3@latest
make lint-imports
# Only run canary on linux (note: the canary script will select any upcoming golang alpha/beta/RC when the `canary` param is set to a non-empty string)
- goos: linux
canary: true

# If we do not "collapse" the name using a bogux matrix var, it will display all matrix parameters, which we do not want
name: "lint${{ matrix.c }}"
uses: ./.github/workflows/reusable_lint_go.yml
needs: environment
with:
goos: ${{ matrix.goos }}
canary: ${{ matrix.canary }}
os: ${{ needs.environment.outputs.HOST_UBUNTU_LTS }}
goversion: ${{ needs.environment.outputs.GO_VERSION }}
timeout-minutes: ${{ fromJSON(needs.environment.outputs.SHORT_TIMEOUT) }}

# Linting other filetypes
lint-other:
name: "lint"
uses: ./.github/workflows/reusable_lint_other.yml
needs: environment
with:
os: ${{ needs.environment.outputs.HOST_UBUNTU_LTS }}
timeout-minutes: ${{ fromJSON(needs.environment.outputs.SHORT_TIMEOUT) }}
38 changes: 27 additions & 11 deletions .github/workflows/project.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: project
name: " "

on:
push:
Expand All @@ -8,24 +8,40 @@ on:
pull_request:

jobs:
# Source the common environment
environment:
name: "project checks"
uses: ./.github/workflows/reusable_environment.yml

project:
name: checks
runs-on: ubuntu-24.04
timeout-minutes: 20
name: "project checks"
timeout-minutes: ${{ fromJSON(needs.environment.outputs.SHORT_TIMEOUT) }}
runs-on: ${{ needs.environment.outputs.HOST_UBUNTU_LTS }}
needs: environment

steps:
- uses: actions/[email protected]
- name: "Checkout"
uses: actions/checkout@v4
with:
path: src/github.com/containerd/nerdctl
# Fetch the last 100 commits
fetch-depth: 100
- uses: actions/setup-go@v5

- name: "Install go"
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
go-version: ${{ needs.environment.outputs.GO_VERSION }}
cache-dependency-path: src/github.com/containerd/nerdctl
- uses: containerd/[email protected]

- name: "Install and run default containerd project checks"
uses: containerd/[email protected]
with:
working-directory: src/github.com/containerd/nerdctl
repo-access-token: ${{ secrets.GITHUB_TOKEN }}
- run: ./hack/verify-no-patent.sh

- name: "Verify no patent"
run: ./hack/verify-no-patent.sh
working-directory: src/github.com/containerd/nerdctl
- run: ./hack/verify-pkg-isolation.sh

- name: "Verify package isolation"
run: ./hack/verify-pkg-isolation.sh
working-directory: src/github.com/containerd/nerdctl
28 changes: 23 additions & 5 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -1,27 +1,44 @@
# See https://github.com/containerd/nerdctl/blob/main/MAINTAINERS_GUIDE.md for how to make a release.
name: Release

on:
push:
tags:
- 'v*'
- 'test-action-release-*'
jobs:
# Source the common environment
environment:
name: " "
uses: ./.github/workflows/reusable_environment.yml

release:
runs-on: ubuntu-24.04
timeout-minutes: 40
name: "checks"
timeout-minutes: ${{ fromJSON(needs.environment.outputs.LONG_TIMEOUT) }}
runs-on: ${{ needs.environment.outputs.HOST_UBUNTU_LTS }}
needs: environment

steps:
- uses: actions/[email protected]
- uses: actions/setup-go@v5
- name: "Checkout"
uses: actions/checkout@v4

- name: "Install go"
uses: actions/setup-go@v5
with:
go-version: 1.23.x
go-version: ${{ needs.environment.outputs.GO_VERSION }}
check-latest: true

- name: "Compile binaries"
run: make artifacts

- name: "SHA256SUMS"
run: |
( cd _output; sha256sum nerdctl-* ) | tee /tmp/SHA256SUMS
mv /tmp/SHA256SUMS _output/SHA256SUMS
- name: "The sha256sum of the SHA256SUMS file"
run: (cd _output; sha256sum SHA256SUMS)

- name: "Prepare the release note"
run: |
shasha=$(sha256sum _output/SHA256SUMS | awk '{print $1}')
Expand All @@ -35,6 +52,7 @@ jobs:
- - -
Release manager: [ADD YOUR NAME HERE] (@[ADD YOUR GITHUB ID HERE])
EOF
- name: "Create release"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
73 changes: 73 additions & 0 deletions .github/workflows/reusable_environment.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
name: common_environment

env:
GO_VERSION: 1.23.x
HOST_UBUNTU_LTS: ubuntu-24.04
SHORT_TIMEOUT: 5
LONG_TIMEOUT: 20
# Will use docker.io for Docker Hub if empty
REGISTRY: ghcr.io

# Versions for images we maintain
BUSYBOX_VERSION: 5ad83957fa74aafd061afbfb8da14ce3220659a9
DISTRIBUTION_VERSION: v2.8.3
CURL_VERSION: 8.11.0_4

on:
workflow_call:
outputs:
GO_VERSION:
description: "The major golang version we are targeting"
value: ${{ jobs.environment.outputs.output_go }}
HOST_UBUNTU_LTS:
description: "The major LTS ubuntu host runner we run our tasks on"
value: ${{ jobs.environment.outputs.output_ubuntu_lts }}
SHORT_TIMEOUT:
description: "The timeout for tasks that are supposed to run fast (lint, etc)"
value: ${{ jobs.environment.outputs.output_short_timeout }}
LONG_TIMEOUT:
description: "The timeout for tasks that are going to run up to 20 minutes (building, integration, etc)"
value: ${{ jobs.environment.outputs.output_long_timeout }}
REGISTRY:
description: "The registry where to push our images"
value: ${{ jobs.environment.outputs.output_registry }}
BUSYBOX_VERSION:
description: "Busybox version"
value: ${{ jobs.environment.outputs.output_busybox }}
DISTRIBUTION_VERSION:
description: "Distribution version"
value: ${{ jobs.environment.outputs.output_distribution }}
CURL_VERSION:
description: "Curl version"
value: ${{ jobs.environment.outputs.output_curl }}

jobs:
environment:
name: "environ"
runs-on: ubuntu-24.04
steps:
- id: go
run: echo "GO_VERSION=$GO_VERSION" >> $GITHUB_OUTPUT
- id: ubuntu_lts
run: echo "HOST_UBUNTU_LTS=$HOST_UBUNTU_LTS" >> $GITHUB_OUTPUT
- id: short_timeout
run: echo "SHORT_TIMEOUT=$SHORT_TIMEOUT" >> $GITHUB_OUTPUT
- id: long_timeout
run: echo "LONG_TIMEOUT=$LONG_TIMEOUT" >> $GITHUB_OUTPUT
- id: registry
run: echo "REGISTRY=$REGISTRY" >> $GITHUB_OUTPUT
- id: busybox
run: echo "BUSYBOX_VERSION=$BUSYBOX_VERSION" >> $GITHUB_OUTPUT
- id: distribution
run: echo "DISTRIBUTION_VERSION=$DISTRIBUTION_VERSION" >> $GITHUB_OUTPUT
- id: curl
run: echo "CURL_VERSION=$CURL_VERSION" >> $GITHUB_OUTPUT
outputs:
output_go: ${{ steps.go.outputs.GO_VERSION }}
output_ubuntu_lts: ${{ steps.ubuntu_lts.outputs.HOST_UBUNTU_LTS }}
output_short_timeout: ${{ steps.short_timeout.outputs.SHORT_TIMEOUT }}
output_long_timeout: ${{ steps.long_timeout.outputs.LONG_TIMEOUT }}
output_registry: ${{ steps.registry.outputs.REGISTRY }}
output_busybox: ${{ steps.registry.outputs.BUSYBOX_VERSION }}
output_distribution: ${{ steps.registry.outputs.DISTRIBUTION_VERSION }}
output_curl: ${{ steps.registry.outputs.CURL_VERSION }}
Loading

0 comments on commit f450502

Please sign in to comment.