mirror of
https://github.com/opencontainers/runc.git
synced 2026-07-11 06:03:57 +08:00
62cc13ea1a
Since commit e3cf217cf1 actions/setup-go@v4 uses caching
implicitly, and olangci/golangci-lint-action also uses caching.
These two caches clash, resulting in multiple warnings in CI logs.
The official golangci-lint-action solution is to disable caching
for setup-go job (see [1]). Do the same.
[1] https://github.com/golangci/golangci-lint-action/pull/704
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
209 lines
5.7 KiB
YAML
209 lines
5.7 KiB
YAML
name: validate
|
|
on:
|
|
push:
|
|
tags:
|
|
- v*
|
|
branches:
|
|
- main
|
|
- release-*
|
|
pull_request:
|
|
env:
|
|
GO_VERSION: 1.20.x
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
keyring:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: check runc.keyring
|
|
run: make validate-keyring
|
|
|
|
lint:
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 2
|
|
- uses: actions/setup-go@v4
|
|
with:
|
|
go-version: "${{ env.GO_VERSION }}"
|
|
cache: false # golangci-lint-action does its own caching
|
|
- name: install deps
|
|
run: |
|
|
sudo apt -q update
|
|
sudo apt -q install libseccomp-dev
|
|
- uses: golangci/golangci-lint-action@v3
|
|
with:
|
|
version: v1.51
|
|
# Extra linters, only checking new code from a pull request.
|
|
- name: lint-extra
|
|
if: github.event_name == 'pull_request'
|
|
run: |
|
|
golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1 --out-format=github-actions
|
|
|
|
compile-buildtags:
|
|
runs-on: ubuntu-22.04
|
|
env:
|
|
# Don't ignore C warnings. Note that the output of "go env CGO_CFLAGS" by default is "-g -O2", so we keep them.
|
|
CGO_CFLAGS: -g -O2 -Werror
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: install go
|
|
uses: actions/setup-go@v4
|
|
with:
|
|
go-version: "${{ env.GO_VERSION }}"
|
|
- name: compile with no build tags
|
|
run: make BUILDTAGS=""
|
|
|
|
codespell:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: install deps
|
|
# Version of codespell bundled with Ubuntu is way old, so use pip.
|
|
run: pip install codespell
|
|
- name: run codespell
|
|
run: codespell
|
|
|
|
shfmt:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: shfmt
|
|
run: make shfmt
|
|
|
|
shellcheck:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: install shellcheck
|
|
env:
|
|
VERSION: v0.8.0
|
|
BASEURL: https://github.com/koalaman/shellcheck/releases/download
|
|
SHA256: f4bce23c11c3919c1b20bcb0f206f6b44c44e26f2bc95f8aa708716095fa0651
|
|
run: |
|
|
mkdir ~/bin
|
|
curl -sSfL --retry 5 $BASEURL/$VERSION/shellcheck-$VERSION.linux.x86_64.tar.xz |
|
|
tar xfJ - -C ~/bin --strip 1 shellcheck-$VERSION/shellcheck
|
|
sha256sum --strict --check - <<<"$SHA256 *$HOME/bin/shellcheck"
|
|
# make sure to remove the old version
|
|
sudo rm -f /usr/bin/shellcheck
|
|
# Add ~/bin to $PATH.
|
|
echo ~/bin >> $GITHUB_PATH
|
|
- uses: lumaxis/shellcheck-problem-matchers@v2
|
|
- name: run
|
|
run: make shellcheck
|
|
- name: check-config.sh
|
|
run : ./script/check-config.sh
|
|
|
|
deps:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: install go
|
|
uses: actions/setup-go@v4
|
|
with:
|
|
go-version: "${{ env.GO_VERSION }}"
|
|
- name: verify deps
|
|
run: make verify-dependencies
|
|
|
|
|
|
commit:
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
runs-on: ubuntu-22.04
|
|
# Only check commits on pull requests.
|
|
if: github.event_name == 'pull_request'
|
|
steps:
|
|
- name: get pr commits
|
|
id: 'get-pr-commits'
|
|
uses: tim-actions/get-pr-commits@v1.2.0
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: check subject line length
|
|
uses: tim-actions/commit-message-checker-with-regex@v0.3.1
|
|
with:
|
|
commits: ${{ steps.get-pr-commits.outputs.commits }}
|
|
pattern: '^.{0,72}(\n.*)*$'
|
|
error: 'Subject too long (max 72)'
|
|
|
|
cfmt:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
- name: install deps
|
|
run: |
|
|
sudo apt -qq update
|
|
sudo apt -qq install indent
|
|
- name: cfmt
|
|
run: |
|
|
make cfmt
|
|
git diff --exit-code
|
|
|
|
|
|
release:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: check CHANGELOG.md
|
|
run: make verify-changelog
|
|
|
|
# We have to run this under Docker as Ubuntu (host) does not support all
|
|
# the architectures we want to compile test against, and Dockerfile uses
|
|
# Debian (which does).
|
|
#
|
|
# XXX: as currently this is the only job that is using Docker, we are
|
|
# building and using the runcimage locally. In case more jobs running
|
|
# under Docker will emerge, it will be good to have a separate make
|
|
# runcimage job and share its result (the docker image) with whoever
|
|
# needs it.
|
|
- name: build docker image
|
|
run: make runcimage
|
|
- name: make releaseall
|
|
run: make releaseall
|
|
- name: upload artifacts
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: release-${{ github.run_id }}
|
|
path: release/*
|
|
|
|
|
|
get-images:
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
- name: install bashbrew
|
|
env:
|
|
BASEURL: https://github.com/docker-library/bashbrew/releases/download
|
|
VERSION: v0.1.7
|
|
SHA256: 6b71a6fccfb2025d48a2b23324836b5513c29abfd2d16a57b7a2f89bd02fe53a
|
|
run: |
|
|
mkdir ~/bin
|
|
curl -sSfL --retry 5 -o ~/bin/bashbrew \
|
|
$BASEURL/$VERSION/bashbrew-amd64
|
|
sha256sum --strict --check - <<<"$SHA256 *$HOME/bin/bashbrew"
|
|
chmod a+x ~/bin/bashbrew
|
|
# Add ~/bin to $PATH.
|
|
echo ~/bin >> $GITHUB_PATH
|
|
- name: check that get-images.sh is up to date
|
|
run: |
|
|
cd tests/integration
|
|
./bootstrap-get-images.sh > get-images.sh
|
|
git diff --exit-code
|