sync with anchore/stereocope #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Validations" | |
on: | |
workflow_dispatch: | |
inputs: | |
run-tmate: | |
description: "Start a tmate session" | |
required: false | |
default: "" | |
tmate-duration: | |
description: "Tmate session duration" | |
required: false | |
default: 5 | |
push: | |
branches: | |
- main | |
pull_request: | |
jobs: | |
Static-Analysis: | |
name: "Static analysis" | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0 | |
- name: Bootstrap environment | |
uses: ./.github/actions/bootstrap | |
- name: Run static analysis | |
run: make static-analysis | |
Unit-Test: | |
name: "Unit tests" | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0 | |
- name: Bootstrap environment | |
uses: ./.github/actions/bootstrap | |
- name: Run unit tests | |
run: make unit | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: unit-test-results | |
path: test/results/**/* | |
Integration-Test: | |
name: "Integration tests" | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0 | |
- name: Bootstrap environment | |
uses: ./.github/actions/bootstrap | |
with: | |
# needed for rootless containerd | |
bootstrap-apt-packages: "rootlesskit" | |
- name: Enable systemd for podman socket activation | |
run: | | |
set -x | |
loginctl enable-linger $(whoami) | |
# we need to make certain that the bus instance is up and ready before systemctl attempts to use it. | |
# if we can figure a non-racey way to do this, that would be nice. | |
sleep 5 | |
export XDG_RUNTIME_DIR=/run/user/$UID | |
mkdir -p $HOME/.config/systemd/user | |
systemctl --user enable --now podman.socket | |
sudo systemctl enable --now podman.socket | |
sudo systemctl start podman.socket | |
sleep 1 | |
# simple test to make sure the daemon is up and running | |
podman images ls | |
sudo podman images ls | |
- name: Setup containerd | |
uses: crazy-max/ghaction-setup-containerd@60acbf31e6572da7b83a4ed6b428ed92a35ff4d7 #v3.0.0 | |
- name: Configure rootless containerd | |
run: | | |
set -x | |
mkdir ~/.local/bin | |
pushd ~/.local/bin | |
curl -O https://raw.githubusercontent.com/containerd/nerdctl/v1.5.0/extras/rootless/containerd-rootless.sh | |
curl -O https://raw.githubusercontent.com/containerd/nerdctl/v1.5.0/extras/rootless/containerd-rootless-setuptool.sh | |
chmod 755 containerd-rootless.sh containerd-rootless-setuptool.sh | |
popd | |
containerd-rootless-setuptool.sh install | |
sleep 1 | |
export CONTAINERD_ADDRESS=/proc/$(cat $XDG_RUNTIME_DIR/containerd-rootless/child_pid)/root/run/containerd/containerd.sock | |
# simple test to make sure the daemon is up and running | |
ctr image ls | |
sudo ctr image ls | |
- name: Setup tmate session | |
if: ${{ github.event.inputs.run-tmate == 'true' }} | |
uses: mxschmitt/action-tmate@v3 | |
timeout-minutes: ${{ fromJSON(github.event.inputs.tmate-duration) }} | |
with: | |
limit-access-to-actor: true | |
- name: Build key for test-fixture cache | |
run: make integration-fingerprint | |
- name: Restore integration test-fixture cache | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2 | |
with: | |
path: ${{ github.workspace }}/test/integration/test-fixtures/cache | |
key: ${{ runner.os }}-integration-test-cache-${{ hashFiles('test/integration/test-fixtures/cache.fingerprint') }} | |
- name: Build key for tool cache | |
run: make integration-tools-fingerprint | |
- name: Restore integration tool cache | |
id: integration-tool-cache | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2 | |
with: | |
path: ${{ github.workspace }}/test/integration/tools/cache | |
key: ${{ runner.os }}-integration-tools-cache-${{ hashFiles('test/integration/tools/cache.fingerprint') }} | |
- name: (cache-hit) Load integration tool cache | |
if: steps.integration-tool-cache.outputs.cache-hit == 'true' | |
run: make integration-tools-load | |
- name: Run integration tests | |
run: make integration | |
Build-Snapshot-Artifacts: | |
name: "Build snapshot artifacts" | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0 | |
- name: Bootstrap environment | |
uses: ./.github/actions/bootstrap | |
- name: Build snapshot artifacts | |
run: make snapshot | |