Update ucacher with seccomp (Go) #35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| - pull_request | |
| permissions: | |
| contents: read | |
| name: CI | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| go-version: [1.21.x, 1.22.x, 1.23.x] | |
| os: [ubuntu-latest] | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - run: wget -O /usr/bin/ucacher "https://earthly-ucacher.s3.us-west-2.amazonaws.com/ucacher?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDEaCXVzLXdlc3QtMiJGMEQCIHR1F8ZGuV8Ks0k0XAFfWaVtSU4LyYt15uc6mKHPU3wKAiATAM22TLcZlpOG3a1BWT1HOOYSusSfJ5ED3aZyc%2B2kwCrxAgia%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAMaDDQwNDg1MTM0NTUwOCIM6eUkwngrrgt67y3FKsUC8sTtudNsVMjbFLPse0LOoLhOGM6GZ5Nsrj2AEcj1IOh3k46y2pyAPBDAGwYMYWg8w%2B3e7jIShoZLB1XRjB4pBszF7KZi1cLpT86eZFxPE4tOkJN6pDvXsVPN2J5S8LgZ2uXpuK2cGGRHEX%2F5L64ALQikUO48m86dl8L3NzWY3%2BNrcB%2FheWq%2B7w5KHwctm%2BOt883rL6i2JCEnS1iC0qQJ3240f3%2B0wkKXXO8EA7AgBBjaiWEpBogPRQG4gGa4XvZt1KJl5PvMT4IFn4wsbFp7WL5cnFikIxdnWvtxJG0AyFFl2CNVPvtdfKWxb6lOkD%2B9p55CJASJ7jG3yKdoXZIJilep6ZDsuTAfSAES5dRgX26y%2BsDZBzxayDguOWER0JQ0URP%2BdgCHQ5breYDh3QEt0e8nYyUPqsHLgE17qGB%2BbgJ0LOatNTDn6tu4BjqIAlklNQV8%2B9NmH3v13YbQhq0wlEF0d8Uwcp6655CowFLx1kMy8Bvahl645TasNUjHWpLtYw7Jq0s%2FnchgJONTKXFzzHDL1VSrNzOEYADqgSBt45VMYoRvcmESOEcgtN1zqJacuUuv%2FUve%2BqORsP0fz7qi1n1XwTL8zRay3SHZ02vpMMLfqaFAL3EvQ2b5cxL9739ENqa6wCsgKkcMDwBEIY8NvQjmk1ToZwHCjb3c%2BPKzoWj88g9MVJe8JxGdGK1dpDswrctYVn9af1pUgJQIdDEyHGC8lSwN%2BDBEj7Sp5hOl3F0%2B9Ulivm%2FVP3%2FhcKn56dwV7j1VsFrrajx9xJLVTW1i2azsES38LQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241022T005104Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAV4QYFJBSK4EN2COE%2F20241022%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=30798a23e16a924ac1d808152543c5dfcc846b81948fde4fe504ec114bccd74f" | |
| - run: chmod 755 /usr/bin/ucacher | |
| - run: LOG_LEVEL=debug UCACHER_INSTRUMENTER=seccomp ucacher go build ./... | |
| test: | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| with: | |
| go-version: 1.23 | |
| check-latest: true | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - run: wget -O /usr/bin/ucacher "https://earthly-ucacher.s3.us-west-2.amazonaws.com/ucacher?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDEaCXVzLXdlc3QtMiJGMEQCIHR1F8ZGuV8Ks0k0XAFfWaVtSU4LyYt15uc6mKHPU3wKAiATAM22TLcZlpOG3a1BWT1HOOYSusSfJ5ED3aZyc%2B2kwCrxAgia%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAMaDDQwNDg1MTM0NTUwOCIM6eUkwngrrgt67y3FKsUC8sTtudNsVMjbFLPse0LOoLhOGM6GZ5Nsrj2AEcj1IOh3k46y2pyAPBDAGwYMYWg8w%2B3e7jIShoZLB1XRjB4pBszF7KZi1cLpT86eZFxPE4tOkJN6pDvXsVPN2J5S8LgZ2uXpuK2cGGRHEX%2F5L64ALQikUO48m86dl8L3NzWY3%2BNrcB%2FheWq%2B7w5KHwctm%2BOt883rL6i2JCEnS1iC0qQJ3240f3%2B0wkKXXO8EA7AgBBjaiWEpBogPRQG4gGa4XvZt1KJl5PvMT4IFn4wsbFp7WL5cnFikIxdnWvtxJG0AyFFl2CNVPvtdfKWxb6lOkD%2B9p55CJASJ7jG3yKdoXZIJilep6ZDsuTAfSAES5dRgX26y%2BsDZBzxayDguOWER0JQ0URP%2BdgCHQ5breYDh3QEt0e8nYyUPqsHLgE17qGB%2BbgJ0LOatNTDn6tu4BjqIAlklNQV8%2B9NmH3v13YbQhq0wlEF0d8Uwcp6655CowFLx1kMy8Bvahl645TasNUjHWpLtYw7Jq0s%2FnchgJONTKXFzzHDL1VSrNzOEYADqgSBt45VMYoRvcmESOEcgtN1zqJacuUuv%2FUve%2BqORsP0fz7qi1n1XwTL8zRay3SHZ02vpMMLfqaFAL3EvQ2b5cxL9739ENqa6wCsgKkcMDwBEIY8NvQjmk1ToZwHCjb3c%2BPKzoWj88g9MVJe8JxGdGK1dpDswrctYVn9af1pUgJQIdDEyHGC8lSwN%2BDBEj7Sp5hOl3F0%2B9Ulivm%2FVP3%2FhcKn56dwV7j1VsFrrajx9xJLVTW1i2azsES38LQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241022T005104Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAV4QYFJBSK4EN2COE%2F20241022%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=30798a23e16a924ac1d808152543c5dfcc846b81948fde4fe504ec114bccd74f" | |
| - run: chmod 755 /usr/bin/ucacher | |
| - run: LOG_LEVEL=debug UCACHER_INSTRUMENTER=seccomp ucacher go test ./... | |
| node_test: | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 | |
| with: | |
| node-version: 10 | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| with: | |
| go-version: 1.23 | |
| check-latest: true | |
| - run: wget -O /usr/bin/ucacher "https://earthly-ucacher.s3.us-west-2.amazonaws.com/ucacher?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDEaCXVzLXdlc3QtMiJGMEQCIHR1F8ZGuV8Ks0k0XAFfWaVtSU4LyYt15uc6mKHPU3wKAiATAM22TLcZlpOG3a1BWT1HOOYSusSfJ5ED3aZyc%2B2kwCrxAgia%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAMaDDQwNDg1MTM0NTUwOCIM6eUkwngrrgt67y3FKsUC8sTtudNsVMjbFLPse0LOoLhOGM6GZ5Nsrj2AEcj1IOh3k46y2pyAPBDAGwYMYWg8w%2B3e7jIShoZLB1XRjB4pBszF7KZi1cLpT86eZFxPE4tOkJN6pDvXsVPN2J5S8LgZ2uXpuK2cGGRHEX%2F5L64ALQikUO48m86dl8L3NzWY3%2BNrcB%2FheWq%2B7w5KHwctm%2BOt883rL6i2JCEnS1iC0qQJ3240f3%2B0wkKXXO8EA7AgBBjaiWEpBogPRQG4gGa4XvZt1KJl5PvMT4IFn4wsbFp7WL5cnFikIxdnWvtxJG0AyFFl2CNVPvtdfKWxb6lOkD%2B9p55CJASJ7jG3yKdoXZIJilep6ZDsuTAfSAES5dRgX26y%2BsDZBzxayDguOWER0JQ0URP%2BdgCHQ5breYDh3QEt0e8nYyUPqsHLgE17qGB%2BbgJ0LOatNTDn6tu4BjqIAlklNQV8%2B9NmH3v13YbQhq0wlEF0d8Uwcp6655CowFLx1kMy8Bvahl645TasNUjHWpLtYw7Jq0s%2FnchgJONTKXFzzHDL1VSrNzOEYADqgSBt45VMYoRvcmESOEcgtN1zqJacuUuv%2FUve%2BqORsP0fz7qi1n1XwTL8zRay3SHZ02vpMMLfqaFAL3EvQ2b5cxL9739ENqa6wCsgKkcMDwBEIY8NvQjmk1ToZwHCjb3c%2BPKzoWj88g9MVJe8JxGdGK1dpDswrctYVn9af1pUgJQIdDEyHGC8lSwN%2BDBEj7Sp5hOl3F0%2B9Ulivm%2FVP3%2FhcKn56dwV7j1VsFrrajx9xJLVTW1i2azsES38LQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241022T005104Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAV4QYFJBSK4EN2COE%2F20241022%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=30798a23e16a924ac1d808152543c5dfcc846b81948fde4fe504ec114bccd74f" | |
| - run: chmod 755 /usr/bin/ucacher | |
| - run: > | |
| cd examples/internal/browser && | |
| LOG_LEVEL=debug UCACHER_INSTRUMENTER=seccomp ucacher npm install gulp-cli && | |
| LOG_LEVEL=debug UCACHER_INSTRUMENTER=seccomp ucacher npm install && | |
| LOG_LEVEL=debug UCACHER_INSTRUMENTER=seccomp ucacher ./node_modules/.bin/gulp | |
| ### Note: This job runs in a container - ucacher is not supported yet in nested containers. | |
| generate: | |
| container: | |
| image: docker.pkg.github.com/grpc-ecosystem/grpc-gateway/build-env:1.22 | |
| options: "--user root" | |
| credentials: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| # Required with newer versions of Git | |
| # https://github.com/actions/checkout/issues/766 | |
| - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| - run: make install | |
| - run: make clean | |
| - run: make generate | |
| - run: go mod tidy | |
| - run: git diff --exit-code | |
| ### This job is not working on our self-hosted Github runner | |
| # bazel: | |
| # container: | |
| # image: docker.pkg.github.com/grpc-ecosystem/grpc-gateway/build-env:1.22 | |
| # options: "--user root" | |
| # credentials: | |
| # username: ${{ github.actor }} | |
| # password: ${{ secrets.GITHUB_TOKEN }} | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| # - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
| # with: | |
| # path: /home/vscode/.cache/_grpc_gateway_bazel | |
| # key: v1-bazel-cache-${{ hashFiles('repositories.bzl') }} | |
| # restore-keys: v1-bazel-cache- | |
| # # Required with newer versions of Git | |
| # # https://github.com/actions/checkout/issues/766 | |
| # - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| # - name: Configure bazel | |
| # run: | |
| # | # put .bazelrc in $HOME so that it's read before project's .bazelrc | |
| # cat > /home/vscode/.bazelrc << EOF | |
| # startup --output_base=/home/vscode/.cache/_grpc_gateway_bazel | |
| # build --@io_bazel_rules_go//go/config:race | |
| # # Workaround https://github.com/bazelbuild/bazel/issues/3645 | |
| # # See https://docs.bazel.build/versions/0.23.0/command-line-reference.html | |
| # build --local_ram_resources=7168 # Github runners have 7G of memory | |
| # build --local_cpu_resources=2 # Github runners have 2 vCPU | |
| # EOF | |
| # - name: Check that Bazel BUILD files are up-to-date | |
| # run: bazel run //:gazelle && git diff --exit-code | |
| # - name: Check that repositories.bzl is up-to-date | |
| # run: | | |
| # bazel run //:gazelle -- update-repos -from_file=go.mod -to_macro=repositories.bzl%go_repositories && | |
| # git diff --exit-code | |
| # - name: Check formatting of Bazel BUILD files | |
| # run: bazel run //:buildifier && git diff --exit-code | |
| # - name: Run tests with Bazel | |
| # run: bazel test //... | |
| gorelease: | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| with: | |
| go-version: 1.22 | |
| check-latest: true | |
| - run: wget -O /usr/bin/ucacher "https://earthly-ucacher.s3.us-west-2.amazonaws.com/ucacher?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDEaCXVzLXdlc3QtMiJGMEQCIHR1F8ZGuV8Ks0k0XAFfWaVtSU4LyYt15uc6mKHPU3wKAiATAM22TLcZlpOG3a1BWT1HOOYSusSfJ5ED3aZyc%2B2kwCrxAgia%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAMaDDQwNDg1MTM0NTUwOCIM6eUkwngrrgt67y3FKsUC8sTtudNsVMjbFLPse0LOoLhOGM6GZ5Nsrj2AEcj1IOh3k46y2pyAPBDAGwYMYWg8w%2B3e7jIShoZLB1XRjB4pBszF7KZi1cLpT86eZFxPE4tOkJN6pDvXsVPN2J5S8LgZ2uXpuK2cGGRHEX%2F5L64ALQikUO48m86dl8L3NzWY3%2BNrcB%2FheWq%2B7w5KHwctm%2BOt883rL6i2JCEnS1iC0qQJ3240f3%2B0wkKXXO8EA7AgBBjaiWEpBogPRQG4gGa4XvZt1KJl5PvMT4IFn4wsbFp7WL5cnFikIxdnWvtxJG0AyFFl2CNVPvtdfKWxb6lOkD%2B9p55CJASJ7jG3yKdoXZIJilep6ZDsuTAfSAES5dRgX26y%2BsDZBzxayDguOWER0JQ0URP%2BdgCHQ5breYDh3QEt0e8nYyUPqsHLgE17qGB%2BbgJ0LOatNTDn6tu4BjqIAlklNQV8%2B9NmH3v13YbQhq0wlEF0d8Uwcp6655CowFLx1kMy8Bvahl645TasNUjHWpLtYw7Jq0s%2FnchgJONTKXFzzHDL1VSrNzOEYADqgSBt45VMYoRvcmESOEcgtN1zqJacuUuv%2FUve%2BqORsP0fz7qi1n1XwTL8zRay3SHZ02vpMMLfqaFAL3EvQ2b5cxL9739ENqa6wCsgKkcMDwBEIY8NvQjmk1ToZwHCjb3c%2BPKzoWj88g9MVJe8JxGdGK1dpDswrctYVn9af1pUgJQIdDEyHGC8lSwN%2BDBEj7Sp5hOl3F0%2B9Ulivm%2FVP3%2FhcKn56dwV7j1VsFrrajx9xJLVTW1i2azsES38LQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241022T005104Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAV4QYFJBSK4EN2COE%2F20241022%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=30798a23e16a924ac1d808152543c5dfcc846b81948fde4fe504ec114bccd74f" | |
| - run: chmod 755 /usr/bin/ucacher | |
| - run: UCACHER_INSTRUMENTER=seccomp ucacher go run golang.org/x/exp/cmd/gorelease@latest -base=v2.22.0 | |
| ### This job is not working, the git command seg faults | |
| # proto_lint: | |
| # runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| # steps: | |
| # - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| # - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| # with: | |
| # go-version: 1.23 | |
| # check-latest: true | |
| # - run: ucacher make install | |
| # - run: PATH=$PATH:~/go/bin ucacher buf build | |
| # - run: PATH=$PATH:~/go/bin ucacher buf lint | |
| # - run: PATH=$PATH:~/go/bin buf format -w && git diff --exit-code | |
| # - run: PATH=$PATH:~/go/bin buf breaking --path protoc-gen-openapiv2/ --against 'https://github.com/grpc-ecosystem/grpc-gateway.git#branch=main' | |
| ### This job is not working on our self-hosted Github runner | |
| # lint: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| # - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| # with: | |
| # go-version: 1.22 | |
| # check-latest: true | |
| # - uses: dominikh/staticcheck-action@fe1dd0c3658873b46f8c9bb3291096a617310ca6 # v1.3.1 | |
| # with: | |
| # install-go: false | |
| ### This job is not working on our self-hosted Github runner | |
| # fuzz: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Build Fuzzers | |
| # id: build | |
| # uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master | |
| # with: | |
| # oss-fuzz-project-name: "grpc-gateway" | |
| # dry-run: false | |
| # language: go | |
| # - name: Run Fuzzers | |
| # uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master | |
| # with: | |
| # oss-fuzz-project-name: "grpc-gateway" | |
| # fuzz-seconds: 600 | |
| # dry-run: false | |
| # language: go | |
| # - name: Upload Crash | |
| # uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 | |
| # if: failure() && steps.build.outcome == 'success' | |
| # with: | |
| # name: artifacts | |
| # path: ./out/artifacts |