Update ucacher with seccomp tracer #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| - pull_request | |
| permissions: | |
| contents: read | |
| name: CI | |
| jobs: | |
| ucacher: | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - run: wget -O /usr/bin/ucacher "https://earthly-ucacher.s3.us-west-2.amazonaws.com/ucacher?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjECwaCXVzLXdlc3QtMiJIMEYCIQDGDo0JeGXByXkEHmhl4ocsG33E5XlbG84GTvbulvYoqwIhAPFhKJyotQrCNNcs6Iaaw8Wk%2BowLaIPdHjUfRSMlOEVYKvECCJX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQAxoMNDA0ODUxMzQ1NTA4Igzppy%2Bmbzy3eqHl4y8qxQJxkdG0lcDsGM4LJmZHJfYAEfA1hN%2BNuagTVUeIpO4uyz000%2F6bVxv1I1K8MNT37ZNaPQ0rYXm8jCPkMLjzDZAjZERf%2BpRMdWVQddx2C%2B5bubnR941YDqlLKmpxVH3OY05krwc1FNZWMNjEep9Ty89qN64Scu9Tlvy%2FWPEBQ3iYmA23%2BR8itr5VbLHqfL2%2FnG5FoAbamOVebRuFouKeQseskOxMzhgcqZsbkGgrXig9m097sHRVmIFg6q%2FnHmvwQS7xzCHh0oiOVraZ2qRLQcYSivebrNWh45%2F6Nwmyq%2Bfux3OGhOzFrSjkZu8ozVi4TRbDQTkvPXkFmFCp%2FzC5C9JVf1TyMpkFQfNHzTCKZxL1pa2pCSX0r040mwX%2BYvWGz8jnlTyexRD%2BTk0zymQPSjOIbj8GnmqctVFOZrGpIVcox47pbzu3MN3Y2rgGOoYCMZNCZ%2BJoQx2QZ9bCnGKetoa2fjIQJdOqifokxH7vqbEf%2FGvY4bmsgGUApt60OI%2BpQ6xYFKr0YGYXsDxQ81qcHcIVTda0A46rzAVvkcddtKqpaPZ4MAY0Zs5DOGdNr88FzSDRUAl5%2FDxnHDvgzPp3EBCFD2lZjI2xQfWgJ01CVxHVQRiTT9OefY6J74XqArRpOD4ddYcoTkPDcRA4koEc9%2Fass1lJ6SQLWr3xHeFukMlGHhRsziwIvtxSxBLlqO%2Becsft1qgdlkoUqZBAaSkQDgKA9CRd28TmoId%2FR8Yx0xgWnmww2gnuW1CdMXdxrWmC63F8%2FE86e3v5UWKwD5j%2FE%2FUa6JVZeQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241021T195104Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAV4QYFJBSMW7SQDHT%2F20241021%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=a15bf0f019ac1957ccb2254fb010f0d70eb3547accf4bbb5485944145600d529" | |
| - run: chmod 755 /usr/bin/ucacher | |
| build: | |
| strategy: | |
| matrix: | |
| go-version: [1.21.x, 1.22.x, 1.23.x] | |
| os: [ubuntu-latest] | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - run: wget -O /usr/bin/ucacher "https://earthly-ucacher.s3.us-west-2.amazonaws.com/ucacher?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjECwaCXVzLXdlc3QtMiJIMEYCIQDGDo0JeGXByXkEHmhl4ocsG33E5XlbG84GTvbulvYoqwIhAPFhKJyotQrCNNcs6Iaaw8Wk%2BowLaIPdHjUfRSMlOEVYKvECCJX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQAxoMNDA0ODUxMzQ1NTA4Igzppy%2Bmbzy3eqHl4y8qxQJxkdG0lcDsGM4LJmZHJfYAEfA1hN%2BNuagTVUeIpO4uyz000%2F6bVxv1I1K8MNT37ZNaPQ0rYXm8jCPkMLjzDZAjZERf%2BpRMdWVQddx2C%2B5bubnR941YDqlLKmpxVH3OY05krwc1FNZWMNjEep9Ty89qN64Scu9Tlvy%2FWPEBQ3iYmA23%2BR8itr5VbLHqfL2%2FnG5FoAbamOVebRuFouKeQseskOxMzhgcqZsbkGgrXig9m097sHRVmIFg6q%2FnHmvwQS7xzCHh0oiOVraZ2qRLQcYSivebrNWh45%2F6Nwmyq%2Bfux3OGhOzFrSjkZu8ozVi4TRbDQTkvPXkFmFCp%2FzC5C9JVf1TyMpkFQfNHzTCKZxL1pa2pCSX0r040mwX%2BYvWGz8jnlTyexRD%2BTk0zymQPSjOIbj8GnmqctVFOZrGpIVcox47pbzu3MN3Y2rgGOoYCMZNCZ%2BJoQx2QZ9bCnGKetoa2fjIQJdOqifokxH7vqbEf%2FGvY4bmsgGUApt60OI%2BpQ6xYFKr0YGYXsDxQ81qcHcIVTda0A46rzAVvkcddtKqpaPZ4MAY0Zs5DOGdNr88FzSDRUAl5%2FDxnHDvgzPp3EBCFD2lZjI2xQfWgJ01CVxHVQRiTT9OefY6J74XqArRpOD4ddYcoTkPDcRA4koEc9%2Fass1lJ6SQLWr3xHeFukMlGHhRsziwIvtxSxBLlqO%2Becsft1qgdlkoUqZBAaSkQDgKA9CRd28TmoId%2FR8Yx0xgWnmww2gnuW1CdMXdxrWmC63F8%2FE86e3v5UWKwD5j%2FE%2FUa6JVZeQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241021T195104Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAV4QYFJBSMW7SQDHT%2F20241021%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=a15bf0f019ac1957ccb2254fb010f0d70eb3547accf4bbb5485944145600d529" | |
| - run: chmod 755 /usr/bin/ucacher | |
| - run: ucacher go build ./... | |
| test: | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| with: | |
| go-version: 1.23 | |
| check-latest: true | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - run: wget -O /usr/bin/ucacher "https://earthly-ucacher.s3.us-west-2.amazonaws.com/ucacher?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjECwaCXVzLXdlc3QtMiJIMEYCIQDGDo0JeGXByXkEHmhl4ocsG33E5XlbG84GTvbulvYoqwIhAPFhKJyotQrCNNcs6Iaaw8Wk%2BowLaIPdHjUfRSMlOEVYKvECCJX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQAxoMNDA0ODUxMzQ1NTA4Igzppy%2Bmbzy3eqHl4y8qxQJxkdG0lcDsGM4LJmZHJfYAEfA1hN%2BNuagTVUeIpO4uyz000%2F6bVxv1I1K8MNT37ZNaPQ0rYXm8jCPkMLjzDZAjZERf%2BpRMdWVQddx2C%2B5bubnR941YDqlLKmpxVH3OY05krwc1FNZWMNjEep9Ty89qN64Scu9Tlvy%2FWPEBQ3iYmA23%2BR8itr5VbLHqfL2%2FnG5FoAbamOVebRuFouKeQseskOxMzhgcqZsbkGgrXig9m097sHRVmIFg6q%2FnHmvwQS7xzCHh0oiOVraZ2qRLQcYSivebrNWh45%2F6Nwmyq%2Bfux3OGhOzFrSjkZu8ozVi4TRbDQTkvPXkFmFCp%2FzC5C9JVf1TyMpkFQfNHzTCKZxL1pa2pCSX0r040mwX%2BYvWGz8jnlTyexRD%2BTk0zymQPSjOIbj8GnmqctVFOZrGpIVcox47pbzu3MN3Y2rgGOoYCMZNCZ%2BJoQx2QZ9bCnGKetoa2fjIQJdOqifokxH7vqbEf%2FGvY4bmsgGUApt60OI%2BpQ6xYFKr0YGYXsDxQ81qcHcIVTda0A46rzAVvkcddtKqpaPZ4MAY0Zs5DOGdNr88FzSDRUAl5%2FDxnHDvgzPp3EBCFD2lZjI2xQfWgJ01CVxHVQRiTT9OefY6J74XqArRpOD4ddYcoTkPDcRA4koEc9%2Fass1lJ6SQLWr3xHeFukMlGHhRsziwIvtxSxBLlqO%2Becsft1qgdlkoUqZBAaSkQDgKA9CRd28TmoId%2FR8Yx0xgWnmww2gnuW1CdMXdxrWmC63F8%2FE86e3v5UWKwD5j%2FE%2FUa6JVZeQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241021T195104Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAV4QYFJBSMW7SQDHT%2F20241021%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=a15bf0f019ac1957ccb2254fb010f0d70eb3547accf4bbb5485944145600d529" | |
| - run: chmod 755 /usr/bin/ucacher | |
| - run: ucacher go test ./... | |
| node_test: | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 | |
| with: | |
| node-version: 10 | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| with: | |
| go-version: 1.23 | |
| check-latest: true | |
| - run: wget -O /usr/bin/ucacher "https://earthly-ucacher.s3.us-west-2.amazonaws.com/ucacher?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjECwaCXVzLXdlc3QtMiJIMEYCIQDGDo0JeGXByXkEHmhl4ocsG33E5XlbG84GTvbulvYoqwIhAPFhKJyotQrCNNcs6Iaaw8Wk%2BowLaIPdHjUfRSMlOEVYKvECCJX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQAxoMNDA0ODUxMzQ1NTA4Igzppy%2Bmbzy3eqHl4y8qxQJxkdG0lcDsGM4LJmZHJfYAEfA1hN%2BNuagTVUeIpO4uyz000%2F6bVxv1I1K8MNT37ZNaPQ0rYXm8jCPkMLjzDZAjZERf%2BpRMdWVQddx2C%2B5bubnR941YDqlLKmpxVH3OY05krwc1FNZWMNjEep9Ty89qN64Scu9Tlvy%2FWPEBQ3iYmA23%2BR8itr5VbLHqfL2%2FnG5FoAbamOVebRuFouKeQseskOxMzhgcqZsbkGgrXig9m097sHRVmIFg6q%2FnHmvwQS7xzCHh0oiOVraZ2qRLQcYSivebrNWh45%2F6Nwmyq%2Bfux3OGhOzFrSjkZu8ozVi4TRbDQTkvPXkFmFCp%2FzC5C9JVf1TyMpkFQfNHzTCKZxL1pa2pCSX0r040mwX%2BYvWGz8jnlTyexRD%2BTk0zymQPSjOIbj8GnmqctVFOZrGpIVcox47pbzu3MN3Y2rgGOoYCMZNCZ%2BJoQx2QZ9bCnGKetoa2fjIQJdOqifokxH7vqbEf%2FGvY4bmsgGUApt60OI%2BpQ6xYFKr0YGYXsDxQ81qcHcIVTda0A46rzAVvkcddtKqpaPZ4MAY0Zs5DOGdNr88FzSDRUAl5%2FDxnHDvgzPp3EBCFD2lZjI2xQfWgJ01CVxHVQRiTT9OefY6J74XqArRpOD4ddYcoTkPDcRA4koEc9%2Fass1lJ6SQLWr3xHeFukMlGHhRsziwIvtxSxBLlqO%2Becsft1qgdlkoUqZBAaSkQDgKA9CRd28TmoId%2FR8Yx0xgWnmww2gnuW1CdMXdxrWmC63F8%2FE86e3v5UWKwD5j%2FE%2FUa6JVZeQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241021T195104Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAV4QYFJBSMW7SQDHT%2F20241021%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=a15bf0f019ac1957ccb2254fb010f0d70eb3547accf4bbb5485944145600d529" | |
| - run: chmod 755 /usr/bin/ucacher | |
| - run: > | |
| cd examples/internal/browser && | |
| ucacher npm install gulp-cli && | |
| ucacher npm install && | |
| ucacher ./node_modules/.bin/gulp | |
| ### Note: This job runs in a container - ucacher is not supported yet in nested containers. | |
| generate: | |
| container: | |
| image: docker.pkg.github.com/grpc-ecosystem/grpc-gateway/build-env:1.22 | |
| options: "--user root" | |
| credentials: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| # Required with newer versions of Git | |
| # https://github.com/actions/checkout/issues/766 | |
| - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| - run: make install | |
| - run: make clean | |
| - run: make generate | |
| - run: go mod tidy | |
| - run: git diff --exit-code | |
| ### This job is not working on our self-hosted Github runner | |
| # bazel: | |
| # container: | |
| # image: docker.pkg.github.com/grpc-ecosystem/grpc-gateway/build-env:1.22 | |
| # options: "--user root" | |
| # credentials: | |
| # username: ${{ github.actor }} | |
| # password: ${{ secrets.GITHUB_TOKEN }} | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| # - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
| # with: | |
| # path: /home/vscode/.cache/_grpc_gateway_bazel | |
| # key: v1-bazel-cache-${{ hashFiles('repositories.bzl') }} | |
| # restore-keys: v1-bazel-cache- | |
| # # Required with newer versions of Git | |
| # # https://github.com/actions/checkout/issues/766 | |
| # - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| # - name: Configure bazel | |
| # run: | |
| # | # put .bazelrc in $HOME so that it's read before project's .bazelrc | |
| # cat > /home/vscode/.bazelrc << EOF | |
| # startup --output_base=/home/vscode/.cache/_grpc_gateway_bazel | |
| # build --@io_bazel_rules_go//go/config:race | |
| # # Workaround https://github.com/bazelbuild/bazel/issues/3645 | |
| # # See https://docs.bazel.build/versions/0.23.0/command-line-reference.html | |
| # build --local_ram_resources=7168 # Github runners have 7G of memory | |
| # build --local_cpu_resources=2 # Github runners have 2 vCPU | |
| # EOF | |
| # - name: Check that Bazel BUILD files are up-to-date | |
| # run: bazel run //:gazelle && git diff --exit-code | |
| # - name: Check that repositories.bzl is up-to-date | |
| # run: | | |
| # bazel run //:gazelle -- update-repos -from_file=go.mod -to_macro=repositories.bzl%go_repositories && | |
| # git diff --exit-code | |
| # - name: Check formatting of Bazel BUILD files | |
| # run: bazel run //:buildifier && git diff --exit-code | |
| # - name: Run tests with Bazel | |
| # run: bazel test //... | |
| gorelease: | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| with: | |
| go-version: 1.22 | |
| check-latest: true | |
| - run: wget -O /usr/bin/ucacher "https://earthly-ucacher.s3.us-west-2.amazonaws.com/ucacher?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjECwaCXVzLXdlc3QtMiJIMEYCIQDGDo0JeGXByXkEHmhl4ocsG33E5XlbG84GTvbulvYoqwIhAPFhKJyotQrCNNcs6Iaaw8Wk%2BowLaIPdHjUfRSMlOEVYKvECCJX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQAxoMNDA0ODUxMzQ1NTA4Igzppy%2Bmbzy3eqHl4y8qxQJxkdG0lcDsGM4LJmZHJfYAEfA1hN%2BNuagTVUeIpO4uyz000%2F6bVxv1I1K8MNT37ZNaPQ0rYXm8jCPkMLjzDZAjZERf%2BpRMdWVQddx2C%2B5bubnR941YDqlLKmpxVH3OY05krwc1FNZWMNjEep9Ty89qN64Scu9Tlvy%2FWPEBQ3iYmA23%2BR8itr5VbLHqfL2%2FnG5FoAbamOVebRuFouKeQseskOxMzhgcqZsbkGgrXig9m097sHRVmIFg6q%2FnHmvwQS7xzCHh0oiOVraZ2qRLQcYSivebrNWh45%2F6Nwmyq%2Bfux3OGhOzFrSjkZu8ozVi4TRbDQTkvPXkFmFCp%2FzC5C9JVf1TyMpkFQfNHzTCKZxL1pa2pCSX0r040mwX%2BYvWGz8jnlTyexRD%2BTk0zymQPSjOIbj8GnmqctVFOZrGpIVcox47pbzu3MN3Y2rgGOoYCMZNCZ%2BJoQx2QZ9bCnGKetoa2fjIQJdOqifokxH7vqbEf%2FGvY4bmsgGUApt60OI%2BpQ6xYFKr0YGYXsDxQ81qcHcIVTda0A46rzAVvkcddtKqpaPZ4MAY0Zs5DOGdNr88FzSDRUAl5%2FDxnHDvgzPp3EBCFD2lZjI2xQfWgJ01CVxHVQRiTT9OefY6J74XqArRpOD4ddYcoTkPDcRA4koEc9%2Fass1lJ6SQLWr3xHeFukMlGHhRsziwIvtxSxBLlqO%2Becsft1qgdlkoUqZBAaSkQDgKA9CRd28TmoId%2FR8Yx0xgWnmww2gnuW1CdMXdxrWmC63F8%2FE86e3v5UWKwD5j%2FE%2FUa6JVZeQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241021T195104Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAV4QYFJBSMW7SQDHT%2F20241021%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=a15bf0f019ac1957ccb2254fb010f0d70eb3547accf4bbb5485944145600d529" | |
| - run: chmod 755 /usr/bin/ucacher | |
| - run: ucacher go run golang.org/x/exp/cmd/gorelease@latest -base=v2.22.0 | |
| ### This job is not working, the git command seg faults | |
| # proto_lint: | |
| # runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| # steps: | |
| # - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| # - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| # with: | |
| # go-version: 1.23 | |
| # check-latest: true | |
| # - run: ucacher make install | |
| # - run: PATH=$PATH:~/go/bin ucacher buf build | |
| # - run: PATH=$PATH:~/go/bin ucacher buf lint | |
| # - run: PATH=$PATH:~/go/bin buf format -w && git diff --exit-code | |
| # - run: PATH=$PATH:~/go/bin buf breaking --path protoc-gen-openapiv2/ --against 'https://github.com/grpc-ecosystem/grpc-gateway.git#branch=main' | |
| ### This job is not working on our self-hosted Github runner | |
| # lint: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| # - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| # with: | |
| # go-version: 1.22 | |
| # check-latest: true | |
| # - uses: dominikh/staticcheck-action@fe1dd0c3658873b46f8c9bb3291096a617310ca6 # v1.3.1 | |
| # with: | |
| # install-go: false | |
| ### This job is not working on our self-hosted Github runner | |
| # fuzz: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Build Fuzzers | |
| # id: build | |
| # uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master | |
| # with: | |
| # oss-fuzz-project-name: "grpc-gateway" | |
| # dry-run: false | |
| # language: go | |
| # - name: Run Fuzzers | |
| # uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master | |
| # with: | |
| # oss-fuzz-project-name: "grpc-gateway" | |
| # fuzz-seconds: 600 | |
| # dry-run: false | |
| # language: go | |
| # - name: Upload Crash | |
| # uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 | |
| # if: failure() && steps.build.outcome == 'success' | |
| # with: | |
| # name: artifacts | |
| # path: ./out/artifacts |