Commit Graph

108 Commits

Author SHA1 Message Date
Kir Kolyshkin 7b2b95d9a2 ci: bump to golangci-lint v2.0
The new configuration file was initially generated by golangci-lint
migrate, when tweaked to minimize and simplify.

golangci-lint v2 switches to a new version of staticcheck which shows
much more warnings. Some of them were fixed by a few previous commits,
and the rest of them are disabled.

In particular, ST1005 had to be disabled (an attempt to fix it was made
in https://github.com/opencontainers/runc/pull/3857 but it wasn't
merged).

Also, golangci-extra was modified to include ALL staticcheck linters.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 127e8e68d3)
Signed-off-by: lifubang <lifubang@acmcoder.com>
2025-04-24 02:35:52 +00:00
Kir Kolyshkin bcc92067e2 ci: bump shellcheck to v0.10.0
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit b48dd65114)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-04-22 00:35:01 -07:00
Kir Kolyshkin 874207492e CI: add Go 1.24, drop go1.22
Also, bump golangci-lint to v1.64 (v1.64.2 added Go 1.24 support).

NOTE we still use Go 1.23.x for official builds.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-11 18:02:48 -08:00
Kir Kolyshkin 9468986a49 ci: use a specific ubuntu version
GHA shows a warning telling that "ubuntu-latest" is going to be switched
to ubuntu-24.04 soon. Let's specify the version explicitly (and switch
to 24.04 for this job ahead of github).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-12-17 22:52:16 -08:00
Kir Kolyshkin e845f4be86 ci: bump golangci-lint to v1.62
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-12-17 22:50:44 -08:00
Kir Kolyshkin 47dc185880 Add runc_nocriu build tag
This allows to make a 17% smaller runc binary by not compiling in
checkpoint/restore support.

It turns out that google.golang.org/protobuf package, used by go-criu,
is quite big, and go linker can't drop unused stuff if reflection is
used anywhere in the code.

Currently there's no alternative to using protobuf in go-criu, and since
not all users use c/r, let's provide them an option for a smaller
binary.

For the reference, here's top10 biggest vendored packages, as reported
by gsa[1]:

$ gsa runc | grep vendor | head
│ 8.59%   │ google.golang.org/protobuf                  │ 1.3 MB │ vendor    │
│ 5.76%   │ github.com/opencontainers/runc              │ 865 kB │ vendor    │
│ 4.05%   │ github.com/cilium/ebpf                      │ 608 kB │ vendor    │
│ 2.86%   │ github.com/godbus/dbus/v5                   │ 429 kB │ vendor    │
│ 1.25%   │ github.com/urfave/cli                       │ 188 kB │ vendor    │
│ 0.90%   │ github.com/vishvananda/netlink              │ 135 kB │ vendor    │
│ 0.59%   │ github.com/sirupsen/logrus                  │ 89 kB  │ vendor    │
│ 0.56%   │ github.com/checkpoint-restore/go-criu/v6    │ 84 kB  │ vendor    │
│ 0.51%   │ golang.org/x/sys                            │ 76 kB  │ vendor    │
│ 0.47%   │ github.com/seccomp/libseccomp-golang        │ 71 kB  │ vendor    │

And here is a total binary size saving when `runc_nocriu` is used.

For non-stripped binaries:

$ gsa runc-cr runc-nocr | tail -3
│ -17.04% │ runc-cr                                  │ 15 MB    │ 12 MB    │ -2.6 MB │
│         │ runc-nocr                                │          │          │         │
└─────────┴──────────────────────────────────────────┴──────────┴──────────┴─────────┘

And for stripped binaries:

│ -17.01% │ runc-cr-stripped                         │ 11 MB    │ 8.8 MB   │ -1.8 MB │
│         │ runc-nocr-stripped                       │          │          │         │
└─────────┴──────────────────────────────────────────┴──────────┴──────────┴─────────┘

[1]: https://github.com/Zxilly/go-size-analyzer

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-12-09 11:19:23 -08:00
Kir Kolyshkin cbb9b309cd ci: use Go 1.23
Where we only use one Go version, let's use Go 1.23.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-10-23 00:04:17 -07:00
Kir Kolyshkin 2cd24a4dae ci/gha: add all-done jobs
The sole reason is to simplify branch protection rules,
requiring just these to be passed.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-08-21 17:00:59 -07:00
Kir Kolyshkin 606257c6e1 Bump golangci-lint to v1.60, fix new warnings
The warnings fixed were:

libcontainer/configs/config_test.go:205:12: printf: non-constant format string in call to (*testing.common).Errorf (govet)
		t.Errorf(fmt.Sprintf("Expected error to not occur but it was %+v", err))
		         ^
libcontainer/cgroups/fs/blkio_test.go:481:13: printf: non-constant format string in call to (*testing.common).Errorf (govet)
			t.Errorf(fmt.Sprintf("test case '%s' failed unexpectedly: %s", testCase.desc, err))
			         ^
libcontainer/cgroups/fs/blkio_test.go:595:13: printf: non-constant format string in call to (*testing.common).Errorf (govet)
			t.Errorf(fmt.Sprintf("test case '%s' failed unexpectedly: %s", testCase.desc, err))
			         ^

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-08-14 20:39:15 +08:00
Kir Kolyshkin 15ec295bb1 ci/gha: bump golangci-lint to v1.59
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-07-10 16:25:30 -07:00
Kir Kolyshkin 309a6d91a4 ci/gha: add go-fix job
Add a CI job to ensure go fix produces no result. Quoting
`go doc cmd/fix`:

> Fix finds Go programs that use old APIs and rewrites them to use newer
> ones. After you update to a new Go release, fix helps make the
> necessary changes to your programs.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-07-03 10:12:25 -07:00
Kir Kolyshkin a3302f2054 ci: switch to go 1.22 as main version
Now when Go 1.22.4 is out it should no longer be a problem.

Leave Go 1.21 for CentOS testing (CentOS 7 and 8 have older glibc)
and Dockerfile (Debian 11 have older glibc).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 10:18:59 -07:00
Kir Kolyshkin 67f6c37bc2 ci/gha: switch to ubuntu 24.04
Let's replace ubuntu-22.04 with ubuntu-24.04 where we can, and keep
ubuntu-20.04 to test cgroup v1 stuff.

Leave ubuntu-22.04 for ci/cross-i386 (issue with systemctl restart hang
after apt install). This can be addressed separately later.

The only kludge we have to add is enable userns for runc binary being
tested (as userns is disabled by apparmor system-wide by default now,
see [1]).

[1] https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#unprivileged-user-namespace-restrictions-15

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-04 23:43:12 -07:00
Kir Kolyshkin b24fc9d2c4 ci: pin codespell
CI should not fail and require attention every time a new codespell
version is released.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-02 10:51:43 -07:00
Kir Kolyshkin f452f667c0 ci/gha: bump golangci-lint-action from 5 to 6
Note that github-actions output format is deprecated and no longer supported,
and it is also no longer needed since setup-go problem matcher already
handles default golangci-lint output format ("colored-line-number").

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-05-07 14:26:41 -07:00
Kir Kolyshkin d63018c252 ci/gha: bump golangci-lint to v1.57
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-04-25 08:39:26 -07:00
Kir Kolyshkin 6bcc736122 ci/gha: bump golangci/golangci-lint-action to v5
Since v5 removes caching [1], re-enable setup-go cache.

[1] https://github.com/golangci/golangci-lint-action/pull/1024

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-04-25 08:25:02 -07:00
Akihiro Suda 30dc98f577 CI: run apt with -y
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-04-23 09:10:09 +09:00
dependabot[bot] 935d586b39 build(deps): bump tim-actions/get-pr-commits from 1.3.0 to 1.3.1
Bumps [tim-actions/get-pr-commits](https://github.com/tim-actions/get-pr-commits) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/tim-actions/get-pr-commits/releases)
- [Commits](https://github.com/tim-actions/get-pr-commits/compare/v1.3.0...v1.3.1)

---
updated-dependencies:
- dependency-name: tim-actions/get-pr-commits
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-27 04:45:06 +00:00
Kir Kolyshkin 93e377233f ci/golangci-lint: add checks permission
This permission is now needed so that the linter can annotate code in a
PR (see [1]).

[1] https://github.com/golangci/golangci-lint-action/pull/931/commits/bc1904f0c946172fc1821908fc41649db49f0334

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-02-12 22:14:41 -08:00
dependabot[bot] 27cbabd00d build(deps): bump golangci/golangci-lint-action from 3 to 4
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-12 04:07:38 +00:00
dependabot[bot] 7b655782bf build(deps): bump actions/upload-artifact from 3 to 4
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-15 04:57:18 +00:00
dependabot[bot] e66ba70f50 build(deps): bump actions/setup-go from 4 to 5
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-07 04:18:24 +00:00
dependabot[bot] 2d0cd0b381 build(deps): bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-05 04:50:22 +00:00
dependabot[bot] fe6f33b2c0 build(deps): bump tim-actions/commit-message-checker-with-regex
Bumps [tim-actions/commit-message-checker-with-regex](https://github.com/tim-actions/commit-message-checker-with-regex) from 0.3.1 to 0.3.2.
- [Release notes](https://github.com/tim-actions/commit-message-checker-with-regex/releases)
- [Commits](https://github.com/tim-actions/commit-message-checker-with-regex/compare/v0.3.1...v0.3.2)

---
updated-dependencies:
- dependency-name: tim-actions/commit-message-checker-with-regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-28 04:21:42 +00:00
Kir Kolyshkin 17e7e230bd ci/gha: bump golangci-lint to v1.54
Currently, it is at v1.54.2.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-08-24 17:22:23 -07:00
Kir Kolyshkin b22073c5fe ci/gha: add job timeouts
The default timeout is 360 minutes, which is way long for these jobs.
If the CI (or a test) has stuck, we'd better know about it earlier than
in 6 hours.

Set the timeouts for some [relatively] long running jobs conservatively:
 - test and release jobs usually take ~10 minutes;
 - lint job takes 1 minute (but can be a few times slower when we switch
   Go or golangci-lint version);
 - cross-386 job takes about 2 minutes;
 - the rest is seconds (and I am lazy to set timeouts everywhere).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-08-16 16:08:35 -07:00
Kir Kolyshkin 98317c16ed ci: bump golangci-lint, remove fixed exception
The exception was fixed by https://github.com/polyfloyd/go-errorlint/pull/12
which eventually made its way into golangci-lint.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-07-16 15:02:26 +08:00
Kir Kolyshkin 5e53e6592a ci: bump shellcheck to 0.9.0, fix new SC2016 warnings
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-27 08:44:21 -07:00
Kir Kolyshkin 5929b01989 ci/gha: add space-at-eol check, fix existing issues
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-07 11:27:27 -07:00
dependabot[bot] 2a3470456e build(deps): bump tim-actions/get-pr-commits from 1.2.0 to 1.3.0
Bumps [tim-actions/get-pr-commits](https://github.com/tim-actions/get-pr-commits) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/tim-actions/get-pr-commits/releases)
- [Commits](https://github.com/tim-actions/get-pr-commits/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: tim-actions/get-pr-commits
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-17 05:00:09 +00:00
Kir Kolyshkin 62cc13ea1a gha: disable setup-go cache for golangci job
Since commit e3cf217cf1 actions/setup-go@v4 uses caching
implicitly, and olangci/golangci-lint-action also uses caching.

These two caches clash, resulting in multiple warnings in CI logs.

The official golangci-lint-action solution is to disable caching
for setup-go job (see [1]). Do the same.

[1] https://github.com/golangci/golangci-lint-action/pull/704

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-05-16 11:22:31 -07:00
Kir Kolyshkin 083e9789b8 ci/gha: rm actions/cache from validate/deps job
Since commit e3cf217cf1 actions/setup-go@v4 uses caching
implicitly, so it is no longer required.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-05-16 11:22:31 -07:00
Aleksa Sarai 22538f896a keyring: verify runc.keyring has legitimate maintainer keys
These checks ensure that all of the keys in the runc.keyring list are
actually the keys of the specified user and that the users themselves
are actually maintainers.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-19 13:48:14 +10:00
Kir Kolyshkin 953e1cc485 ci/gha: switch to or add ubuntu 22.04
For test jobs, add ubuntu 22.04 into the matrix, so we can test of both
cgroup v1 and v2.

For validate jobs, just switch to ubuntu 22.04

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-10 10:32:02 -07:00
dependabot[bot] 1034cfa826 build(deps): bump lumaxis/shellcheck-problem-matchers from 1 to 2
Bumps [lumaxis/shellcheck-problem-matchers](https://github.com/lumaxis/shellcheck-problem-matchers) from 1 to 2.
- [Release notes](https://github.com/lumaxis/shellcheck-problem-matchers/releases)
- [Commits](https://github.com/lumaxis/shellcheck-problem-matchers/compare/v1...v2)

---
updated-dependencies:
- dependency-name: lumaxis/shellcheck-problem-matchers
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-04 17:44:14 +00:00
dependabot[bot] e3cf217cf1 build(deps): bump actions/setup-go from 3 to 4
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-16 05:11:04 +00:00
Austin Vazquez 5ecd40b9bd Add Go 1.20, require Go 1.19, drop Go 1.18
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2023-02-02 19:56:26 +00:00
Kir Kolyshkin 3fbc5ba7ca ci: add tests/int/get-images.sh check
This is to check that tests/integration/get-images.sh is in sync
with tests/integration/bootstrap-get-images.sh.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-01-24 16:43:12 -08:00
Kir Kolyshkin 56edc41ca6 ci: bump shfmt to 3.5.1, simplify CI setup
1. Bump shfmt to v3.5.1. Release notes:
   https://github.com/mvdan/sh/releases

2. Since shfmt v3.5.0, specifying -l bash (or -l bats) is no longer
   necessary. Therefore, we can use shfmt to find all the files.
   Add .editorconfig to ignore vendor subdirectory.

3. Use shfmt docker image, so that we don't have to install anything
   explicitly. This greatly simplifies the shfmt CI job. Add
   localshfmt target so developers can still use a local shfmt binary
   when necessary.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-11-02 11:08:36 -07:00
Kir Kolyshkin 6bf2c3b67e ci/gha: use v3 tag for actions/cache
This tag points to the latest v3 version (currently v3.0.11). Mainly
done to avoid cluttering git history with multiple minor v3 upgrades.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-10-17 10:05:17 -07:00
dependabot[bot] a04363c1b9 build(deps): bump actions/cache from 3.0.10 to 3.0.11
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.10 to 3.0.11.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.10...v3.0.11)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-14 04:11:15 +00:00
dependabot[bot] 8584900e50 build(deps): bump actions/cache from 3.0.9 to 3.0.10
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.9 to 3.0.10.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.9...v3.0.10)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-04 04:12:20 +00:00
dependabot[bot] 79a5c1109b build(deps): bump actions/cache from 3.0.8 to 3.0.9
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.8 to 3.0.9.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.8...v3.0.9)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-03 04:15:17 +00:00
dependabot[bot] 8206f5b2aa build(deps): bump actions/cache from 3.0.7 to 3.0.8
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.7 to 3.0.8.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.7...v3.0.8)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-23 04:19:26 +00:00
Sebastiaan van Stijn 7b6f5153b8 Merge pull request #3514 from kolyshkin/go119
Add go 1.19, require go 1.18, drop go 1.17
2022-08-16 22:38:40 +02:00
Kir Kolyshkin b7dcdcecb4 Add go 1.19, require go 1.18, drop go 1.17
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-08-16 09:53:54 -07:00
Kir Kolyshkin 0f4bf2c840 ci/gha: bump golangci-lint to 1.48
This version works with go 1.19, i.e. it fixes
https://github.com/golangci/golangci-lint/issues/2922.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-08-16 09:53:54 -07:00
dependabot[bot] bf8d7c713b build(deps): bump actions/cache from 3.0.5 to 3.0.7
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.5 to 3.0.7.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.5...v3.0.7)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-08-13 16:56:03 +00:00
Aleksa Sarai c0d44ea9fc merge branch 'pr-3523'
Kir Kolyshkin (1):
  CHANGELOG.md: forward-port 1.1.x changes

LGTMs: AkihiroSuda cyphar
Closes #3523
2022-07-20 14:26:51 +10:00