Skip to content
This repository has been archived by the owner on Sep 28, 2023. It is now read-only.

build(deps): bump actions/checkout from 3 to 4 #24

build(deps): bump actions/checkout from 3 to 4

build(deps): bump actions/checkout from 3 to 4 #24

Workflow file for this run

name: test
on:
push:
tags:
- v*
branches:
- main
- release-*
pull_request:
env:
GO_VERSION: '1.19'
NIX_VERSION: '2.13.3'
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/checkout@v4
- uses: actions/cache@v3
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: go-build-${{ hashFiles('**/go.sum') }}
restore-keys: go-build-
- run: scripts/github-actions-packages
- run: make
- run: bin/crio version
- uses: actions/upload-artifact@v3
with:
name: build
path: |
bin/crio
bin/crio-status
- uses: actions/upload-artifact@v3
with:
name: docs
path: |
docs/crio-status.8
docs/crio.8
docs/crio.conf.5
docs/crio.conf.d.5
- uses: actions/upload-artifact@v3
with:
name: config
path: crio.conf
build-386:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v3
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: go-build-386-${{ hashFiles('**/go.sum') }}
restore-keys: go-build-386-
- name: Build 386 binary in container
run: |
mkdir -p ~/.cache/go-build ~/go/pkg/mod
sudo podman run \
-v ~/go/pkg/mod:/go/pkg/mod \
-v ~/.cache/go-build:/root/.cache/go-build \
-v $PWD:/build \
-w /build \
-it i386/golang:${{ env.GO_VERSION }}-alpine \
sh -c \
"apk --no-cache add \
bash \
build-base \
git \
gpgme-dev \
libseccomp-dev \
libselinux-dev \
linux-headers \
tzdata && \
make bin/crio && \
bin/crio version"
validate-docs:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v3
with:
name: build
path: bin
- run: chmod -R +x bin
- run: |
sudo -E make docs-generation
hack/tree_status.sh
validate-completions:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v3
with:
name: build
path: bin
- run: chmod -R +x bin
- run: |
sudo -E make completions-generation
hack/tree_status.sh
validate-nri-tests:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v3
with:
name: build
path: bin
- run: |
sudo -E make check-nri-bats-tests
build-static-amd64:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v19
with:
install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install
- uses: cachix/cachix-action@v12
with:
name: cri-o-static
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
pushFilter: cri-o
- run: nix-build nix
- run: result/bin/crio version
- uses: actions/upload-artifact@v3
with:
name: build-static-amd64
path: |
result/bin/crio
result/bin/crio-status
result/bin/pinns
build-static-arm64:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v19
with:
install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install
- uses: cachix/cachix-action@v12
with:
name: cri-o-static
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
pushFilter: cri-o
- run: nix-build nix/default-arm64.nix
- run: file result/bin/crio
- uses: actions/upload-artifact@v3
with:
name: build-static-arm64
path: |
result/bin/crio
result/bin/crio-status
result/bin/pinns
bundles:
runs-on: ubuntu-latest
needs:
- build
- build-static-amd64
- build-static-arm64
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v3
with:
path: |
~/go/pkg/mod
~/.cache/go-build
/tmp/spdx # default bom cache directory
key: go-bundles-${{ hashFiles('**/go.sum') }}
restore-keys: go-bundles-
- uses: actions/download-artifact@v3
with:
name: build-static-amd64
path: bin/static-amd64
- uses: actions/download-artifact@v3
with:
name: build-static-arm64
path: bin/static-arm64
- uses: actions/download-artifact@v3
with:
name: docs
path: docs
- uses: actions/download-artifact@v3
with:
name: config
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- run: chmod -R +x bin
- run: make bundles
- uses: actions/upload-artifact@v3
with:
name: bundle
path: build/bundle/*.tar.gz*
bundle-test:
runs-on: ubuntu-latest
needs: bundles
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v3
with:
name: bundle
path: build/bundle
- run: make bundle-test
bundle-test-e2e:
runs-on: ubuntu-latest
needs: bundles
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/download-artifact@v3
with:
name: bundle
path: build/bundle
- run: make bundle-test-e2e
bundle-test-e2e-conmonrs:
runs-on: ubuntu-latest
needs: bundles
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/download-artifact@v3
with:
name: bundle
path: build/bundle
- run: make bundle-test-e2e-conmonrs
sign-artifacts:
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags')
runs-on: ubuntu-latest
permissions:
id-token: write
env:
COSIGN_EXPERIMENTAL: 1
needs: bundle-test
steps:
- uses: actions/checkout@v4
- uses: sigstore/cosign-installer@v3
- uses: actions/download-artifact@v3
with:
name: bundle
path: build/bundle
- run: make sign-artifacts
- uses: actions/upload-artifact@v3
with:
name: signatures
path: |
build/bundle/*.sig
build/bundle/*.cert
upload-artifacts:
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags')
runs-on: ubuntu-latest
needs: sign-artifacts
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v3
with:
name: bundle
path: build/bundle
- uses: actions/download-artifact@v3
with:
name: signatures
path: build/bundle
- run: make upload-artifacts
env:
GCS_CRIO_SA: ${{ secrets.GCS_CRIO_SA }}
create-release:
if: contains(github.ref, 'refs/tags')
runs-on: ubuntu-latest
needs:
- upload-artifacts
- release-notes
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v3
with:
name: bundle
path: build/bundle
- uses: actions/download-artifact@v3
with:
name: signatures
path: build/bundle
- uses: actions/download-artifact@v3
with:
name: release-notes
path: build/release-notes
- name: Get release version
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- uses: ncipollo/release-action@v1
with:
allowUpdates: true
artifacts: build/bundle/*.tar.gz*
bodyFile: build/release-notes/${{ env.RELEASE_VERSION }}.md
token: ${{ secrets.GH_TOKEN }}
unit:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/checkout@v4
- uses: actions/cache@v3
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: go-unit-${{ hashFiles('**/go.sum') }}
restore-keys: go-unit-
- run: scripts/github-actions-packages
- run: |
make mockgen -j $(nproc)
hack/tree_status.sh
- run: sudo PATH="$PATH" make testunit
- uses: actions/upload-artifact@v3
with:
name: unit
path: build/coverage
coverage:
needs: unit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/download-artifact@v3
with:
name: unit
path: build/coverage
- run: make codecov
release-notes:
permissions:
contents: none
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/heads/release') || contains(github.ref, 'refs/tags')
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.GH_TOKEN }}
- uses: actions/cache@v3
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: go-build-${{ hashFiles('**/go.sum') }}
restore-keys: go-build-
- name: Set current branch
run: |
raw=$(git branch -r --contains ${{ github.ref }})
branch=${raw##*/}
echo "CURRENT_BRANCH=$branch" >> $GITHUB_ENV
- run: make release-notes
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
- uses: actions/upload-artifact@v3
with:
name: release-notes
path: build/release-notes
if-no-files-found: ignore
dependencies:
permissions:
contents: none
if: github.ref == 'refs/heads/main'
needs: release-notes
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.GH_TOKEN }}
- uses: actions/cache@v3
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: go-build-${{ hashFiles('**/go.sum') }}
restore-keys: go-build-
- run: make dependencies
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
- uses: actions/upload-artifact@v3
with:
name: dependencies
path: build/dependencies
release-branch-forward:
permissions:
contents: none
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.GH_TOKEN }}
- uses: actions/cache@v3
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: go-build-${{ hashFiles('**/go.sum') }}
restore-keys: go-build-
- run: make release-branch-forward
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
DRY_RUN: false
codeql-build:
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
steps:
- uses: actions/checkout@v4
- uses: github/codeql-action/init@v2
with:
languages: go
- uses: github/codeql-action/autobuild@v2
- uses: github/codeql-action/analyze@v2