Forcing to replace and upgrade otelhttp version for CVE #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Go-build-and-test | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
branches: [ master ] | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Go | |
uses: actions/setup-go@v3 | |
with: | |
# Use the same go version with build job | |
go-version: '1.20' | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v2 | |
with: | |
# When checking out the repository that | |
# triggered a workflow, this defaults to the reference or SHA for that event. | |
# Default value should work for both pull_request and merge(push) event. | |
ref: ${{github.event.pull_request.head.sha}} | |
- name: Install goimports and gofumpt | |
run: | | |
go install golang.org/x/tools/cmd/goimports@latest | |
go install mvdan.cc/[email protected] | |
- name: Run gofmt | |
uses: Jerome1337/[email protected] | |
with: | |
gofmt-path: 'apiserver cli ray-operator' | |
gofmt-flags: '-l -d -s' | |
- name: Run linter against ray operator | |
uses: golangci/golangci-lint-action@v2 | |
with: | |
# Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version | |
version: v1.54.1 | |
# Optional: working directory, useful for monorepos | |
working-directory: ./ray-operator | |
# Optional: golangci-lint command line arguments. | |
# args: --issues-exit-code=0 | |
args: --timeout=3m | |
# Optional: show only new issues if it's a pull request. The default value is `false`. | |
# only-new-issues: true | |
# Optional: if set to true then the action will use pre-installed Go. | |
skip-go-installation: true | |
# Optional: if set to true then the action don't cache or restore ~/go/pkg. | |
skip-pkg-cache: true | |
# Optional: if set to true then the action don't cache or restore ~/.cache/go-build. | |
# skip-build-cache: true | |
- name: Run linter against apiserver | |
uses: golangci/golangci-lint-action@v2 | |
with: | |
version: v1.54.1 | |
working-directory: ./apiserver | |
args: --timeout=3m --exclude='SA1019' | |
skip-go-installation: true | |
skip-pkg-cache: true | |
- name: Run linter against security proxy | |
uses: golangci/golangci-lint-action@v2 | |
with: | |
version: v1.54.1 | |
working-directory: ./experimental | |
args: --timeout=3m | |
skip-go-installation: true | |
skip-pkg-cache: true | |
- name: Run linter against cli | |
uses: golangci/golangci-lint-action@v2 | |
with: | |
version: v1.54.1 | |
working-directory: ./cli | |
args: --timeout=3m | |
skip-go-installation: true | |
skip-pkg-cache: true | |
- name: Run goimports | |
run: test -z "$(set -o pipefail && $(go env GOPATH)/bin/goimports -l apiserver/ cli/ $(find ./ray-operator -name "*.go" | grep -v zz_generated.deepcopy.go) | tee goimports.out)" || { cat goimports.out && exit 1; } | |
- name: Open this to see how to fix goimports if it fails | |
run: | | |
echo "Run command 'goimports -w apiserver/ cli/ $(find ./ray-operator -name "*.go" | grep -v zz_generated.deepcopy.go)' to correct your code format." | |
echo "Proposed format changes:" | |
$(go env GOPATH)/bin/goimports -d apiserver/ cli/ $(find ./ray-operator -name "*.go" | grep -v zz_generated.deepcopy.go) | |
if: failure() | |
- name: Run gofumpt | |
run: test -z "$(set -o pipefail && $(go env GOPATH)/bin/gofumpt -l apiserver/ ray-operator/ cli/ | tee gofumpt.out)" || { cat gofumpt.out && exit 1; } | |
- name: Open this to see how to fix gofumpt if it fails | |
run: | | |
echo "Run command 'gofumpt -w apiserver/ ray-operator/ cli/' to correct your code format." | |
echo "Proposed format changes:" | |
$(go env GOPATH)/bin/gofumpt -d apiserver/ ray-operator/ cli/ | |
if: failure() | |
build_apiserver: | |
env: | |
working-directory: ./apiserver | |
cli-working-directory: ./cli | |
name: Build Apiserver, CLI Binaries and Docker Images | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: '1.20' | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v2 | |
with: | |
# When checking out the repository that | |
# triggered a workflow, this defaults to the reference or SHA for that event. | |
# Default value should work for both pull_request and merge(push) event. | |
ref: ${{github.event.pull_request.head.sha}} | |
- name: list directories | |
working-directory: ${{env.working-directory}} | |
run: | | |
pwd | |
ls -R | |
- name: install kubebuilder | |
run: | | |
wget https://github.com/kubernetes-sigs/kubebuilder/releases/download/v3.0.0/kubebuilder_$(go env GOOS)_$(go env GOARCH) | |
sudo mv kubebuilder_$(go env GOOS)_$(go env GOARCH) /usr/local/bin/kubebuilder | |
- name: Get revision SHA | |
id: vars | |
run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" | |
- name: Get dependencies | |
run: go mod download | |
working-directory: ${{env.working-directory}} | |
- name: Build | |
run: go build ./... | |
working-directory: ${{env.working-directory}} | |
- name: Test | |
run: go test ./pkg/... ./cmd/... -race -parallel 4 | |
working-directory: ${{env.working-directory}} | |
- name: Set up Docker | |
uses: docker-practice/actions-setup-docker@master | |
- name: Build Docker Image - Apiserver | |
run: | | |
docker build -t kuberay/apiserver:${{ steps.vars.outputs.sha_short }} -f apiserver/Dockerfile . | |
docker save -o /tmp/apiserver.tar kuberay/apiserver:${{ steps.vars.outputs.sha_short }} | |
- name: Upload Artifact Apiserver | |
uses: actions/upload-artifact@v2 | |
with: | |
name: apiserver_img | |
path: /tmp/apiserver.tar | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
if: contains(fromJson('["refs/heads/master"]'), github.ref) | |
- name: Push Apiserver to DockerHub | |
run: | | |
docker push kuberay/apiserver:${{ steps.vars.outputs.sha_short }}; | |
docker image tag kuberay/apiserver:${{ steps.vars.outputs.sha_short }} kuberay/apiserver:nightly; | |
docker push kuberay/apiserver:nightly | |
if: contains(fromJson('["refs/heads/master"]'), github.ref) | |
- name: Log in to Quay.io | |
uses: docker/login-action@v2 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_ROBOT_TOKEN }} | |
if: contains(fromJson('["refs/heads/master"]'), github.ref) | |
- name: Push Apiserver to Quay.io | |
run: | | |
docker image tag kuberay/apiserver:${{ steps.vars.outputs.sha_short }} quay.io/kuberay/apiserver:${{ steps.vars.outputs.sha_short }}; | |
docker push quay.io/kuberay/apiserver:${{ steps.vars.outputs.sha_short }}; | |
docker image tag kuberay/apiserver:${{ steps.vars.outputs.sha_short }} quay.io/kuberay/apiserver:nightly; | |
docker push quay.io/kuberay/apiserver:nightly | |
if: contains(fromJson('["refs/heads/master"]'), github.ref) | |
- name: Build CLI | |
run: go build -o kuberay -a main.go | |
working-directory: ${{env.cli-working-directory}} | |
build_security_proxy: | |
env: | |
working-directory: ./experimental | |
name: Build security proxy Binaries and Docker Images | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: '1.20' | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v2 | |
with: | |
# When checking out the repository that | |
# triggered a workflow, this defaults to the reference or SHA for that event. | |
# Default value should work for both pull_request and merge(push) event. | |
ref: ${{github.event.pull_request.head.sha}} | |
- name: list directories | |
working-directory: ${{env.working-directory}} | |
run: | | |
pwd | |
ls -R | |
- name: install kubebuilder | |
run: | | |
wget https://github.com/kubernetes-sigs/kubebuilder/releases/download/v3.0.0/kubebuilder_$(go env GOOS)_$(go env GOARCH) | |
sudo mv kubebuilder_$(go env GOOS)_$(go env GOARCH) /usr/local/bin/kubebuilder | |
- name: Get revision SHA | |
id: vars | |
run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" | |
- name: Get dependencies | |
run: go mod download | |
working-directory: ${{env.working-directory}} | |
- name: Build | |
run: make build | |
working-directory: ${{env.working-directory}} | |
- name: Set up Docker | |
uses: docker-practice/actions-setup-docker@master | |
- name: Build Docker Image - security proxy | |
run: | | |
IMG=kuberay/security-proxy:${{ steps.vars.outputs.sha_short }} make docker-image | |
docker save -o /tmp/security-proxy.tar kuberay/security-proxy:${{ steps.vars.outputs.sha_short }} | |
working-directory: ${{env.working-directory}} | |
- name: Upload security proxy artifact | |
uses: actions/upload-artifact@v2 | |
with: | |
name: security-proxy_img | |
path: /tmp/security-proxy.tar | |
- name: Log in to Quay.io | |
uses: docker/login-action@v2 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_ROBOT_TOKEN }} | |
if: contains(fromJson('["refs/heads/master"]'), github.ref) | |
- name: Push security proxy to Quay.io | |
run: | | |
docker image tag kuberay/security-proxy:${{ steps.vars.outputs.sha_short }} quay.io/kuberay/security-proxy:${{ steps.vars.outputs.sha_short }}; | |
docker push quay.io/kuberay/security-proxy:${{ steps.vars.outputs.sha_short }}; | |
docker image tag kuberay/security-proxy:${{ steps.vars.outputs.sha_short }} quay.io/kuberay/security-proxy:nightly; | |
docker push quay.io/kuberay/security-proxy:nightly | |
if: contains(fromJson('["refs/heads/master"]'), github.ref) | |
build_operator: | |
env: | |
working-directory: ./ray-operator | |
name: Build Operator Binaries and Docker Images | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: '1.20' | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v2 | |
with: | |
# When checking out the repository that | |
# triggered a workflow, this defaults to the reference or SHA for that event. | |
# Default value should work for both pull_request and merge(push) event. | |
ref: ${{github.event.pull_request.head.sha}} | |
- name: list directories | |
working-directory: ${{env.working-directory}} | |
run: | | |
pwd | |
ls -R | |
- name: install kubebuilder | |
run: | | |
wget https://github.com/kubernetes-sigs/kubebuilder/releases/download/v3.0.0/kubebuilder_$(go env GOOS)_$(go env GOARCH) | |
sudo mv kubebuilder_$(go env GOOS)_$(go env GOARCH) /usr/local/bin/kubebuilder | |
- name: Get revision SHA | |
id: vars | |
run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" | |
- name: Get dependencies | |
run: go mod download | |
working-directory: ${{env.working-directory}} | |
- name: Build | |
run: make build | |
working-directory: ${{env.working-directory}} | |
- name: Test | |
run: make test | |
working-directory: ${{env.working-directory}} | |
- name: Set up Docker | |
uses: docker-practice/actions-setup-docker@master | |
- name: Build Docker Image - Operator | |
run: | | |
IMG=kuberay/operator:${{ steps.vars.outputs.sha_short }} make docker-image | |
docker save -o /tmp/operator.tar kuberay/operator:${{ steps.vars.outputs.sha_short }} | |
working-directory: ${{env.working-directory}} | |
- name: Upload Artifact Operator | |
uses: actions/upload-artifact@v2 | |
with: | |
name: operator_img | |
path: /tmp/operator.tar | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
if: contains(fromJson('["refs/heads/master"]'), github.ref) | |
- name: Push Operator to DockerHub | |
run: | | |
docker push kuberay/operator:${{ steps.vars.outputs.sha_short }}; | |
docker image tag kuberay/operator:${{ steps.vars.outputs.sha_short }} kuberay/operator:nightly; | |
docker push kuberay/operator:nightly | |
if: contains(fromJson('["refs/heads/master"]'), github.ref) | |
- name: Log in to Quay.io | |
uses: docker/login-action@v2 | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_ROBOT_TOKEN }} | |
if: contains(fromJson('["refs/heads/master"]'), github.ref) | |
- name: Push Operator to Quay.io | |
run: | | |
docker image tag kuberay/operator:${{ steps.vars.outputs.sha_short }} quay.io/kuberay/operator:${{ steps.vars.outputs.sha_short }}; | |
docker push quay.io/kuberay/operator:${{ steps.vars.outputs.sha_short }}; | |
docker image tag kuberay/operator:${{ steps.vars.outputs.sha_short }} quay.io/kuberay/operator:nightly; | |
docker push quay.io/kuberay/operator:nightly | |
if: contains(fromJson('["refs/heads/master"]'), github.ref) | |
test-compatibility-2_5_0: | |
needs: | |
- build_operator | |
- build_apiserver | |
- lint | |
runs-on: ubuntu-latest | |
name: Compatibility Test - 2.5.0 | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v2 | |
with: | |
# When checking out the repository that | |
# triggered a workflow, this defaults to the reference or SHA for that event. | |
# Default value should work for both pull_request and merge(push) event. | |
ref: ${{github.event.pull_request.head.sha}} | |
- uses: ./.github/workflows/actions/compatibility | |
with: | |
ray_version: 2.5.0 | |
test-compatibility-2_6_3: | |
needs: | |
- build_operator | |
- build_apiserver | |
- lint | |
runs-on: ubuntu-latest | |
name: Compatibility Test - 2.6.3 | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v2 | |
with: | |
# When checking out the repository that | |
# triggered a workflow, this defaults to the reference or SHA for that event. | |
# Default value should work for both pull_request and merge(push) event. | |
ref: ${{github.event.pull_request.head.sha}} | |
- uses: ./.github/workflows/actions/compatibility | |
with: | |
ray_version: 2.6.3 | |
test-compatibility-2_7_0: | |
needs: | |
- build_operator | |
- build_apiserver | |
- lint | |
runs-on: ubuntu-latest | |
name: Compatibility Test - 2.7.0 | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v2 | |
with: | |
# When checking out the repository that | |
# triggered a workflow, this defaults to the reference or SHA for that event. | |
# Default value should work for both pull_request and merge(push) event. | |
ref: ${{github.event.pull_request.head.sha}} | |
- uses: ./.github/workflows/actions/compatibility | |
with: | |
ray_version: 2.7.0 | |
test-compatibility-2_8_0: | |
needs: | |
- build_operator | |
- build_apiserver | |
- lint | |
runs-on: ubuntu-latest | |
name: Compatibility Test - 2.8.0 | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v2 | |
with: | |
# When checking out the repository that | |
# triggered a workflow, this defaults to the reference or SHA for that event. | |
# Default value should work for both pull_request and merge(push) event. | |
ref: ${{github.event.pull_request.head.sha}} | |
- uses: ./.github/workflows/actions/compatibility | |
with: | |
ray_version: 2.8.0 | |
test-compatibility-nightly: | |
needs: | |
- build_operator | |
- build_apiserver | |
- lint | |
runs-on: ubuntu-latest | |
name: Compatibility Test - Nightly | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v2 | |
with: | |
# When checking out the repository that | |
# triggered a workflow, this defaults to the reference or SHA for that event. | |
# Default value should work for both pull_request and merge(push) event. | |
ref: ${{github.event.pull_request.head.sha}} | |
- uses: ./.github/workflows/actions/compatibility | |
with: | |
ray_version: nightly | |
python-client-test: | |
runs-on: ubuntu-latest | |
name: Python Client Test | |
steps: | |
- name: Set up Docker | |
uses: docker-practice/actions-setup-docker@master | |
- name: Install Kind | |
run: | | |
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 | |
chmod +x ./kind | |
sudo mv ./kind /usr/local/bin/kind | |
kind create cluster | |
shell: bash | |
- name: Checkout Python | |
uses: actions/checkout@v2 | |
- name: Setup Python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: '3.x' | |
- name: Install package and run unittest for Python client | |
working-directory: ./clients/python-client | |
run: | | |
pip install -e . | |
python3 -m unittest discover 'python_client_test/' |