Skip to content

crio from open source version 1.31.0 can be built successfully #1

crio from open source version 1.31.0 can be built successfully

crio from open source version 1.31.0 can be built successfully #1

Workflow file for this run

name: test
on:
workflow_dispatch:
push:
tags:
- v*
branches:
- main
- release-*
- nixpkgs
pull_request:
env:
GO_VERSION: "1.23"
NIX_VERSION: "2.24.3"
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- run: scripts/github-actions-packages
- run: make
- run: bin/crio version
- run: make bin/crio.cross.linux.amd64
- run: bin/crio.cross.linux.amd64 version
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: build
path: |
bin/crio
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: docs
path: |
docs/crio.8
docs/crio.conf.5
docs/crio.conf.d.5
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: config
path: crio.conf
build-freebsd:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- run: scripts/github-actions-packages
- run: make bin/crio.cross.freebsd.amd64
validate-docs:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: build
path: bin
- run: chmod -R +x bin
- run: |
sudo -E make docs-generation
hack/tree_status.sh
validate-completions:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: build
path: bin
- run: chmod -R +x bin
- run: |
sudo -E make completions-generation
hack/tree_status.sh
validate-nri-tests:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: build
path: bin
- run: |
sudo -E make check-nri-bats-tests GOSUMDB=
build-static:
strategy:
fail-fast: false
matrix:
run:
- go-arch: amd64
os-arch: x86-64
- go-arch: arm64
os-arch: aarch64
- go-arch: ppc64le
os-arch: PowerPC
- go-arch: s390x
os-arch: S/390
name: build static / ${{ matrix.run.go-arch }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
with:
install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
with:
name: cri-o-static
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
pushFilter: cri-o
- run: nix-build nix/default-${{ matrix.run.go-arch }}.nix
- run: file result/bin/crio | grep ${{ matrix.run.os-arch }}
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: build-static-${{ matrix.run.go-arch }}
path: |
result/bin/crio
result/bin/pinns
static-build-upload:
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags')
runs-on: ubuntu-latest
needs:
- build-static
steps:
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: build-static-amd64
path: ${{ github.sha }}/amd64
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: build-static-arm64
path: ${{ github.sha }}/arm64
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: build-static-ppc64le
path: ${{ github.sha }}/ppc64le
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: build-static-s390x
path: ${{ github.sha }}/s390x
- uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # v2.1.5
with:
credentials_json: ${{ secrets.GCS_CRIO_SA }}
- uses: google-github-actions/upload-cloud-storage@e485962f2bef914ac9c3bdd571f821f0ba7946c4 # v2.2.0
with:
path: ${{ github.sha }}
destination: cri-o/artifacts
upload-artifacts:
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags')
runs-on: ubuntu-latest
needs:
- static-build-upload
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- run: make upload-artifacts
env:
GCS_CRIO_SA: ${{ secrets.GCS_CRIO_SA }}
create-release:
if: contains(github.ref, 'refs/tags')
permissions:
contents: write
runs-on: ubuntu-latest
needs:
- release-notes
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: release-notes
path: build/release-notes
- name: Get release version
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
with:
allowUpdates: true
bodyFile: build/release-notes/${{ env.RELEASE_VERSION }}.md
unit:
strategy:
fail-fast: false
matrix:
run:
- runner: ubuntu-latest
arch: amd64
type: root
- runner: ubuntu-latest
arch: amd64
type: rootless
- runner: actuated-arm64-4cpu-16gb
arch: arm64
type: root
name: unit / ${{ matrix.run.arch }} / ${{ matrix.run.type }}
runs-on: ${{ matrix.run.runner }}
steps:
- uses: alexellis/arkade-get@d543d47741e9217ba62ff0214444add9a35825f3
with:
crane: latest
print-summary: false
- name: Install vmmeter
run: crane export --platform linux/${{ matrix.run.arch }} ghcr.io/openfaasltd/vmmeter:latest | sudo tar -xvf - -C /usr/local/bin
- uses: self-actuated/vmmeter-action@c7e2162e39294a810cab647cacc215ecd68a44f6
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: go-unit-${{ matrix.run.arch }}-${{ matrix.run.type }}-${{ hashFiles('**/go.sum') }}
- run: scripts/github-actions-packages
- name: Update mocks
run: |
make mockgen -j $(nproc)
hack/tree_status.sh
- name: Download crun on arm64 # Required for checkpoint restore (criu) tests.
if: ${{ matrix.run.arch == 'arm64' }}
run: |
sudo curl -sSfL --retry 5 --retry-delay 3 \
-o $CRUN_PATH \
https://github.com/containers/crun/releases/download/$CRUN_VERSION/crun-$CRUN_VERSION-linux-arm64
sudo chmod +x $CRUN_PATH
crun --version
env:
CRUN_VERSION: 1.16.1
CRUN_PATH: /usr/bin/crun
- name: Run unit tests as root
if: ${{ matrix.run.type == 'root' }}
run: |
sudo PATH="$PATH" GOCACHE="$(go env GOCACHE)" GOMODCACHE="$(go env GOMODCACHE)" make testunit
sudo chown -R $(id -u):$(id -g) "$(go env GOCACHE)" "$(go env GOMODCACHE)" || true
- name: Run unit tests rootless
if: ${{ matrix.run.type == 'rootless' }}
run: make testunit
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: unit-${{ matrix.run.arch }}-${{ matrix.run.type }}
path: build/coverage
coverage:
needs: unit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: unit-amd64-root
path: build/coverage
- uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
with:
files: build/coverage/coverprofile
verbose: true
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
release-notes:
permissions:
contents: write
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- name: Set current branch
run: |
raw=$(git branch -r --contains ${{ github.ref }})
branch=${raw##*/}
echo "CURRENT_BRANCH=$branch" >> $GITHUB_ENV
- run: make release-notes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: release-notes
path: build/release-notes
if-no-files-found: ignore
dependencies:
permissions:
contents: write
if: github.ref == 'refs/heads/main'
needs: release-notes
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- run: make dependencies
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: dependencies
path: build/dependencies
codeql-build:
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: github/codeql-action/init@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2
with:
languages: go
- uses: github/codeql-action/autobuild@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2
- uses: github/codeql-action/analyze@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2
security-checks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- name: Run Govulncheck
run: make verify-govulncheck
- name: Run Gosec
run: make verify-gosec