diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml index dd49463130..d47dcc16dc 100644 --- a/.github/actionlint.yaml +++ b/.github/actionlint.yaml @@ -21,4 +21,5 @@ self-hosted-runner: - sev-snp - s390x - s390x-large - - tdx + - tdx-no-attestation + - tdx-attestation diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml new file mode 100644 index 0000000000..2b613d6247 --- /dev/null +++ b/.github/workflows/actionlint.yaml @@ -0,0 +1,33 @@ +name: Lint GHA workflows + +on: + workflow_dispatch: + pull_request: + types: + - opened + - edited + - reopened + - synchronize + paths: + - '.github/workflows/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + run-actionlint: + env: + GH_TOKEN: ${{ github.token }} + runs-on: ubuntu-24.04 + steps: + - name: Checkout the code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install actionlint gh extension + run: gh extension install https://github.com/cschleiden/gh-actionlint + + - name: Run actionlint + run: gh actionlint diff --git a/.github/workflows/add-issues-to-project.yaml b/.github/workflows/add-issues-to-project.yaml index c7a12ccfd0..9ff930de39 100644 --- a/.github/workflows/add-issues-to-project.yaml +++ b/.github/workflows/add-issues-to-project.yaml @@ -33,7 +33,7 @@ jobs: run: | # Clone into a temporary directory to avoid overwriting # any existing github directory. - pushd $(mktemp -d) &>/dev/null + pushd "$(mktemp -d)" &>/dev/null git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts sudo install hub-util.sh /usr/local/bin popd &>/dev/null diff --git a/.github/workflows/add-pr-sizing-label.yaml b/.github/workflows/add-pr-sizing-label.yaml index 6058c2a23f..5d37989f90 100644 --- a/.github/workflows/add-pr-sizing-label.yaml +++ b/.github/workflows/add-pr-sizing-label.yaml @@ -36,7 +36,7 @@ jobs: run: | # Clone into a temporary directory to avoid overwriting # any existing github directory. - pushd $(mktemp -d) &>/dev/null + pushd "$(mktemp -d)" &>/dev/null git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts sudo install pr-add-size-label.sh /usr/local/bin popd &>/dev/null diff --git a/.github/workflows/build-checks.yaml b/.github/workflows/build-checks.yaml index 1995ed4d5f..30d4c00cba 100644 --- a/.github/workflows/build-checks.yaml +++ b/.github/workflows/build-checks.yaml @@ -49,8 +49,8 @@ jobs: steps: - name: Adjust a permission for repo run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE $HOME - sudo rm -rf $GITHUB_WORKSPACE/* && echo "GITHUB_WORKSPACE removed" || { sleep 10 && sudo rm -rf $GITHUB_WORKSPACE/*; } + sudo chown -R "$USER":"$USER" "$GITHUB_WORKSPACE" "$HOME" + sudo rm -rf "$GITHUB_WORKSPACE"/* || { sleep 10 && sudo rm -rf "$GITHUB_WORKSPACE"/*; } sudo rm -f /tmp/kata_hybrid* # Sometime we got leftover from test_setup_hvsock_failed() - name: Checkout the code @@ -67,12 +67,12 @@ jobs: if: ${{ matrix.component == 'runtime' }} run: | ./tests/install_go.sh -f -p - echo "/usr/local/go/bin" >> $GITHUB_PATH + echo "/usr/local/go/bin" >> "$GITHUB_PATH" - name: Install rust if: ${{ matrix.component != 'runtime' }} run: | ./tests/install_rust.sh - echo "${HOME}/.cargo/bin" >> $GITHUB_PATH + echo "${HOME}/.cargo/bin" >> "$GITHUB_PATH" - name: Install musl-tools if: ${{ matrix.component != 'runtime' }} run: sudo apt-get -y install musl-tools @@ -86,8 +86,8 @@ jobs: gperf_install_dir=$(mktemp -d -t gperf.XXXXXXXXXX) ./ci/install_libseccomp.sh "${libseccomp_install_dir}" "${gperf_install_dir}" echo "Set environment variables for the libseccomp crate to link the libseccomp library statically" - echo "LIBSECCOMP_LINK_TYPE=static" >> $GITHUB_ENV - echo "LIBSECCOMP_LIB_PATH=${libseccomp_install_dir}/lib" >> $GITHUB_ENV + echo "LIBSECCOMP_LINK_TYPE=static" >> "$GITHUB_ENV" + echo "LIBSECCOMP_LIB_PATH=${libseccomp_install_dir}/lib" >> "$GITHUB_ENV" - name: Install protobuf-compiler if: ${{ matrix.command != 'make vendor' && (matrix.component == 'agent' || matrix.component == 'genpolicy' || matrix.component == 'agent-ctl') }} run: sudo apt-get -y install protobuf-compiler @@ -97,8 +97,8 @@ jobs: - name: Setup XDG_RUNTIME_DIR for the `runtime` tests if: ${{ matrix.command != 'make vendor' && matrix.command != 'make check' && matrix.component == 'runtime' }} run: | - XDG_RUNTIME_DIR=$(mktemp -d /tmp/kata-tests-$USER.XXX | tee >(xargs chmod 0700)) - echo "XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR}" >> $GITHUB_ENV + XDG_RUNTIME_DIR=$(mktemp -d "/tmp/kata-tests-$USER.XXX" | tee >(xargs chmod 0700)) + echo "XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR}" >> "$GITHUB_ENV" - name: Running `${{ matrix.command }}` for ${{ matrix.component }} run: | cd ${{ matrix.component-path }} diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml index 76b170faa5..d2dac9d4bc 100644 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ b/.github/workflows/build-kata-static-tarball-amd64.yaml @@ -89,7 +89,7 @@ jobs: make "${KATA_ASSET}-tarball" build_dir=$(readlink -f build) # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/. env: KATA_ASSET: ${{ matrix.asset }} TAR_OUTPUT: ${{ matrix.asset }}.tar.gz @@ -181,7 +181,7 @@ jobs: make "${KATA_ASSET}-tarball" build_dir=$(readlink -f build) # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/. env: KATA_ASSET: ${{ matrix.asset }} TAR_OUTPUT: ${{ matrix.asset }}.tar.gz @@ -252,7 +252,7 @@ jobs: make "${KATA_ASSET}-tarball" build_dir=$(readlink -f build) # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/. env: KATA_ASSET: shim-v2 TAR_OUTPUT: shim-v2.tar.gz diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml index b277c6b159..b8adde4c2e 100644 --- a/.github/workflows/build-kata-static-tarball-arm64.yaml +++ b/.github/workflows/build-kata-static-tarball-arm64.yaml @@ -61,7 +61,7 @@ jobs: make "${KATA_ASSET}-tarball" build_dir=$(readlink -f build) # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/. env: KATA_ASSET: ${{ matrix.asset }} TAR_OUTPUT: ${{ matrix.asset }}.tar.gz @@ -121,7 +121,7 @@ jobs: make "${KATA_ASSET}-tarball" build_dir=$(readlink -f build) # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/. env: KATA_ASSET: ${{ matrix.asset }} TAR_OUTPUT: ${{ matrix.asset }}.tar.gz @@ -189,7 +189,7 @@ jobs: make "${KATA_ASSET}-tarball" build_dir=$(readlink -f build) # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/. env: KATA_ASSET: shim-v2 TAR_OUTPUT: shim-v2.tar.gz @@ -214,7 +214,7 @@ jobs: steps: - name: Adjust a permission for repo run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE + sudo chown -R "$USER":"$USER" "$GITHUB_WORKSPACE" - uses: actions/checkout@v4 with: diff --git a/.github/workflows/build-kata-static-tarball-ppc64le.yaml b/.github/workflows/build-kata-static-tarball-ppc64le.yaml index 3b2f2b8fcc..5f552b0db4 100644 --- a/.github/workflows/build-kata-static-tarball-ppc64le.yaml +++ b/.github/workflows/build-kata-static-tarball-ppc64le.yaml @@ -36,8 +36,8 @@ jobs: steps: - name: Prepare the self-hosted runner run: | - ${HOME}/scripts/prepare_runner.sh - sudo rm -rf $GITHUB_WORKSPACE/* + "${HOME}/scripts/prepare_runner.sh" + sudo rm -rf "$GITHUB_WORKSPACE"/* - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} @@ -63,7 +63,7 @@ jobs: make "${KATA_ASSET}-tarball" build_dir=$(readlink -f build) # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/. env: KATA_ASSET: ${{ matrix.asset }} TAR_OUTPUT: ${{ matrix.asset }}.tar.gz @@ -94,8 +94,8 @@ jobs: steps: - name: Prepare the self-hosted runner run: | - ${HOME}/scripts/prepare_runner.sh - sudo rm -rf $GITHUB_WORKSPACE/* + "${HOME}/scripts/prepare_runner.sh" + sudo rm -rf "$GITHUB_WORKSPACE"/* - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} @@ -129,7 +129,7 @@ jobs: make "${KATA_ASSET}-tarball" build_dir=$(readlink -f build) # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/. env: KATA_ASSET: ${{ matrix.asset }} TAR_OUTPUT: ${{ matrix.asset }}.tar.gz @@ -167,8 +167,8 @@ jobs: steps: - name: Prepare the self-hosted runner run: | - ${HOME}/scripts/prepare_runner.sh - sudo rm -rf $GITHUB_WORKSPACE/* + "${HOME}/scripts/prepare_runner.sh" + sudo rm -rf "$GITHUB_WORKSPACE"/* - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} @@ -202,7 +202,7 @@ jobs: make "${KATA_ASSET}-tarball" build_dir=$(readlink -f build) # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/. env: KATA_ASSET: shim-v2 TAR_OUTPUT: shim-v2.tar.gz @@ -227,7 +227,7 @@ jobs: steps: - name: Adjust a permission for repo run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE + sudo chown -R "$USER":"$USER" "$GITHUB_WORKSPACE" - uses: actions/checkout@v4 with: diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml index cd266b60bb..699e9598f2 100644 --- a/.github/workflows/build-kata-static-tarball-s390x.yaml +++ b/.github/workflows/build-kata-static-tarball-s390x.yaml @@ -67,7 +67,7 @@ jobs: make "${KATA_ASSET}-tarball" build_dir=$(readlink -f build) # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/. env: KATA_ASSET: ${{ matrix.asset }} TAR_OUTPUT: ${{ matrix.asset }}.tar.gz @@ -153,7 +153,7 @@ jobs: make "${KATA_ASSET}-tarball" build_dir=$(readlink -f build) # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/. env: KATA_ASSET: ${{ matrix.asset }} TAR_OUTPUT: ${{ matrix.asset }}.tar.gz @@ -204,7 +204,7 @@ jobs: make boot-image-se-tarball build_dir=$(readlink -f build) sudo cp -r "${build_dir}" "kata-build" - sudo chown -R $(id -u):$(id -g) "kata-build" + sudo chown -R "$(id -u)":"$(id -g)" "kata-build" env: HKD_PATH: "host-key-document" @@ -268,7 +268,7 @@ jobs: make "${KATA_ASSET}-tarball" build_dir=$(readlink -f build) # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. + mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/. env: KATA_ASSET: shim-v2 TAR_OUTPUT: shim-v2.tar.gz diff --git a/.github/workflows/cargo-deny-runner.yaml b/.github/workflows/cargo-deny-runner.yaml index 9e18198902..f0b1a6e361 100644 --- a/.github/workflows/cargo-deny-runner.yaml +++ b/.github/workflows/cargo-deny-runner.yaml @@ -24,7 +24,7 @@ jobs: run: bash cargo-deny-generator.sh working-directory: ./.github/cargo-deny-composite-action/ env: - GOPATH: ${{ runner.workspace }}/kata-containers + GOPATH: ${{ github.workspace }}/kata-containers - name: Run Action if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} uses: ./.github/cargo-deny-composite-action diff --git a/.github/workflows/ci-nightly-s390x.yaml b/.github/workflows/ci-nightly-s390x.yaml index f3817520a1..3ffec86e23 100644 --- a/.github/workflows/ci-nightly-s390x.yaml +++ b/.github/workflows/ci-nightly-s390x.yaml @@ -16,6 +16,6 @@ jobs: - name: Fetch a test result for {{ matrix.test_title }} run: | file_name="${TEST_TITLE}-$(date +%Y-%m-%d).log" - /home/${USER}/script/handle_test_log.sh download $file_name + "/home/${USER}/script/handle_test_log.sh" download "$file_name" env: TEST_TITLE: ${{ matrix.test_title }} diff --git a/.github/workflows/ci-weekly.yaml b/.github/workflows/ci-weekly.yaml index 9cb4d7d4ed..8b0edbed49 100644 --- a/.github/workflows/ci-weekly.yaml +++ b/.github/workflows/ci-weekly.yaml @@ -83,4 +83,5 @@ jobs: commit-hash: ${{ inputs.commit-hash }} pr-number: ${{ inputs.pr-number }} target-branch: ${{ inputs.target-branch }} + tarball-suffix: -${{ inputs.tag }} secrets: inherit diff --git a/.github/workflows/darwin-tests.yaml b/.github/workflows/darwin-tests.yaml index d3d1c2a38a..3d0f4fae03 100644 --- a/.github/workflows/darwin-tests.yaml +++ b/.github/workflows/darwin-tests.yaml @@ -16,7 +16,7 @@ jobs: runs-on: macos-latest steps: - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: 1.22.2 - name: Checkout code diff --git a/.github/workflows/docs-url-alive-check.yaml b/.github/workflows/docs-url-alive-check.yaml index a133437981..4f093294fe 100644 --- a/.github/workflows/docs-url-alive-check.yaml +++ b/.github/workflows/docs-url-alive-check.yaml @@ -12,15 +12,15 @@ jobs: target_branch: ${{ github.base_ref }} steps: - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: 1.22.2 env: - GOPATH: ${{ runner.workspace }}/kata-containers + GOPATH: ${{ github.workspace }}/kata-containers - name: Set env run: | - echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV - echo "${{ github.workspace }}/bin" >> $GITHUB_PATH + echo "GOPATH=${{ github.workspace }}" >> "$GITHUB_ENV" + echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH" - name: Checkout code uses: actions/checkout@v4 with: @@ -29,4 +29,4 @@ jobs: # docs url alive check - name: Docs URL Alive Check run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && make docs-url-alive-check + cd "${GOPATH}/src/github.com/${{ github.repository }}" && make docs-url-alive-check diff --git a/.github/workflows/kata-runtime-classes-sync.yaml b/.github/workflows/kata-runtime-classes-sync.yaml index ae3935872b..80837b49d9 100644 --- a/.github/workflows/kata-runtime-classes-sync.yaml +++ b/.github/workflows/kata-runtime-classes-sync.yaml @@ -20,9 +20,9 @@ jobs: run: | pushd tools/packaging/kata-deploy/runtimeclasses/ echo "::group::Combine runtime classes" - for runtimeClass in `find . -type f \( -name "*.yaml" -and -not -name "kata-runtimeClasses.yaml" \) | sort`; do + for runtimeClass in $(find . -type f \( -name "*.yaml" -and -not -name "kata-runtimeClasses.yaml" \) | sort); do echo "Adding ${runtimeClass} to the resultingRuntimeClasses.yaml" - cat ${runtimeClass} >> resultingRuntimeClasses.yaml; + cat "${runtimeClass}" >> resultingRuntimeClasses.yaml; done echo "::endgroup::" echo "::group::Displaying the content of resultingRuntimeClasses.yaml" diff --git a/.github/workflows/move-issues-to-in-progress.yaml b/.github/workflows/move-issues-to-in-progress.yaml index b59544f8f5..d845082c3a 100644 --- a/.github/workflows/move-issues-to-in-progress.yaml +++ b/.github/workflows/move-issues-to-in-progress.yaml @@ -31,7 +31,7 @@ jobs: run: | # Clone into a temporary directory to avoid overwriting # any existing github directory. - pushd $(mktemp -d) &>/dev/null + pushd "$(mktemp -d)" &>/dev/null git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts sudo install hub-util.sh /usr/local/bin popd &>/dev/null @@ -72,9 +72,9 @@ jobs: project_type="org" project_column="In progress" - for issue_url in $(echo "$linked_issue_urls") + for issue_url in $linked_issue_urls do - issue=$(echo "$issue_url"| awk -F\/ '{print $NF}' || true) + issue=$(echo "$issue_url"| awk -F/ '{print $NF}' || true) [ -z "$issue" ] && { echo "::error::Cannot determine issue number from $issue_url for PR $pr" diff --git a/.github/workflows/publish-kata-deploy-payload-amd64.yaml b/.github/workflows/publish-kata-deploy-payload-amd64.yaml index c0d4f31337..260f7efaf5 100644 --- a/.github/workflows/publish-kata-deploy-payload-amd64.yaml +++ b/.github/workflows/publish-kata-deploy-payload-amd64.yaml @@ -62,5 +62,5 @@ jobs: id: build-and-push-kata-payload run: | ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz \ + "$(pwd)"/kata-static.tar.xz \ ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} diff --git a/.github/workflows/publish-kata-deploy-payload-arm64.yaml b/.github/workflows/publish-kata-deploy-payload-arm64.yaml index 5a6737f7ae..eb2f714874 100644 --- a/.github/workflows/publish-kata-deploy-payload-arm64.yaml +++ b/.github/workflows/publish-kata-deploy-payload-arm64.yaml @@ -28,7 +28,7 @@ jobs: steps: - name: Adjust a permission for repo run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE + sudo chown -R "$USER":"$USER" "$GITHUB_WORKSPACE" - uses: actions/checkout@v4 with: @@ -66,6 +66,5 @@ jobs: id: build-and-push-kata-payload run: | ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz \ + "$(pwd)"/kata-static.tar.xz \ ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} - diff --git a/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml b/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml index 04f423d3e4..34dd746871 100644 --- a/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml +++ b/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml @@ -28,12 +28,12 @@ jobs: steps: - name: Prepare the self-hosted runner run: | - ${HOME}/scripts/prepare_runner.sh - sudo rm -rf $GITHUB_WORKSPACE/* + "${HOME}/scripts/prepare_runner.sh" + sudo rm -rf "$GITHUB_WORKSPACE"/* - name: Adjust a permission for repo run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE + sudo chown -R "$USER":"$USER" "$GITHUB_WORKSPACE" - uses: actions/checkout@v4 with: @@ -71,5 +71,5 @@ jobs: id: build-and-push-kata-payload run: | ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz \ + "$(pwd)"/kata-static.tar.xz \ ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} diff --git a/.github/workflows/publish-kata-deploy-payload-s390x.yaml b/.github/workflows/publish-kata-deploy-payload-s390x.yaml index 3ad8ba65ad..9632f160c0 100644 --- a/.github/workflows/publish-kata-deploy-payload-s390x.yaml +++ b/.github/workflows/publish-kata-deploy-payload-s390x.yaml @@ -62,5 +62,5 @@ jobs: id: build-and-push-kata-payload run: | ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz \ + "$(pwd)"/kata-static.tar.xz \ ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} diff --git a/.github/workflows/release-amd64.yaml b/.github/workflows/release-amd64.yaml index 4ac868cdf2..5e519b0ae4 100644 --- a/.github/workflows/release-amd64.yaml +++ b/.github/workflows/release-amd64.yaml @@ -42,18 +42,18 @@ jobs: run: | # We need to do such trick here as the format of the $GITHUB_REF # is "refs/tags/" - tag=$(echo $GITHUB_REF | cut -d/ -f3-) + tag=$(echo "$GITHUB_REF" | cut -d/ -f3-) if [ "${tag}" = "main" ]; then tag=$(./tools/packaging/release/release.sh release-version) - tags=(${tag} "latest") + tags=("${tag}" "latest") else - tags=(${tag}) + tags=("${tag}") fi - for tag in ${tags[@]}; do + for tag in "${tags[@]}"; do ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ + "$(pwd)"/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ "${tag}-${{ inputs.target-arch }}" ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ + "$(pwd)"/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ "${tag}-${{ inputs.target-arch }}" done diff --git a/.github/workflows/release-arm64.yaml b/.github/workflows/release-arm64.yaml index 5003606e1a..b132a7fc1f 100644 --- a/.github/workflows/release-arm64.yaml +++ b/.github/workflows/release-arm64.yaml @@ -42,18 +42,18 @@ jobs: run: | # We need to do such trick here as the format of the $GITHUB_REF # is "refs/tags/" - tag=$(echo $GITHUB_REF | cut -d/ -f3-) + tag=$(echo "$GITHUB_REF" | cut -d/ -f3-) if [ "${tag}" = "main" ]; then tag=$(./tools/packaging/release/release.sh release-version) - tags=(${tag} "latest") + tags=("${tag}" "latest") else - tags=(${tag}) + tags=("${tag}") fi - for tag in ${tags[@]}; do + for tag in "${tags[@]}"; do ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ + "$(pwd)"/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ "${tag}-${{ inputs.target-arch }}" ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ + "$(pwd)"/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ "${tag}-${{ inputs.target-arch }}" done diff --git a/.github/workflows/release-ppc64le.yaml b/.github/workflows/release-ppc64le.yaml index 36f0379de5..1db17a3ec9 100644 --- a/.github/workflows/release-ppc64le.yaml +++ b/.github/workflows/release-ppc64le.yaml @@ -20,8 +20,8 @@ jobs: steps: - name: Prepare the self-hosted runner run: | - bash ${HOME}/scripts/prepare_runner.sh - sudo rm -rf $GITHUB_WORKSPACE/* + bash "${HOME}/scripts/prepare_runner.sh" + sudo rm -rf "$GITHUB_WORKSPACE"/* - name: Login to Kata Containers docker.io uses: docker/login-action@v3 @@ -47,18 +47,18 @@ jobs: run: | # We need to do such trick here as the format of the $GITHUB_REF # is "refs/tags/" - tag=$(echo $GITHUB_REF | cut -d/ -f3-) + tag=$(echo "$GITHUB_REF" | cut -d/ -f3-) if [ "${tag}" = "main" ]; then tag=$(./tools/packaging/release/release.sh release-version) - tags=(${tag} "latest") + tags=("${tag}" "latest") else - tags=(${tag}) + tags=("${tag}") fi - for tag in ${tags[@]}; do + for tag in "${tags[@]}"; do ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ + "$(pwd)"/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ "${tag}-${{ inputs.target-arch }}" ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ + "$(pwd)"/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ "${tag}-${{ inputs.target-arch }}" done diff --git a/.github/workflows/release-s390x.yaml b/.github/workflows/release-s390x.yaml index 4d54c90e02..1909b3f5ef 100644 --- a/.github/workflows/release-s390x.yaml +++ b/.github/workflows/release-s390x.yaml @@ -42,18 +42,18 @@ jobs: run: | # We need to do such trick here as the format of the $GITHUB_REF # is "refs/tags/" - tag=$(echo $GITHUB_REF | cut -d/ -f3-) + tag=$(echo "$GITHUB_REF" | cut -d/ -f3-) if [ "${tag}" = "main" ]; then tag=$(./tools/packaging/release/release.sh release-version) - tags=(${tag} "latest") + tags=("${tag}" "latest") else - tags=(${tag}) + tags=("${tag}") fi - for tag in ${tags[@]}; do + for tag in "${tags[@]}"; do ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ + "$(pwd)"/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ "${tag}-${{ inputs.target-arch }}" ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ + "$(pwd)"/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ "${tag}-${{ inputs.target-arch }}" done diff --git a/.github/workflows/run-cri-containerd-tests-ppc64le.yaml b/.github/workflows/run-cri-containerd-tests-ppc64le.yaml index 8a8a8e9c66..2614f63ea6 100644 --- a/.github/workflows/run-cri-containerd-tests-ppc64le.yaml +++ b/.github/workflows/run-cri-containerd-tests-ppc64le.yaml @@ -30,12 +30,12 @@ jobs: KATA_HYPERVISOR: ${{ matrix.vmm }} steps: - name: Adjust a permission for repo - run: sudo chown -R $USER:$USER $GITHUB_WORKSPACE - + run: sudo chown -R "$USER":"$USER" "$GITHUB_WORKSPACE" + - name: Prepare the self-hosted runner run: | - bash ${HOME}/scripts/prepare_runner.sh cri-containerd - sudo rm -rf $GITHUB_WORKSPACE/* + bash "${HOME}/scripts/prepare_runner.sh" cri-containerd + sudo rm -rf "$GITHUB_WORKSPACE"/* - uses: actions/checkout@v4 with: @@ -62,6 +62,6 @@ jobs: - name: Run cri-containerd tests run: bash tests/integration/cri-containerd/gha-run.sh run - + - name: Cleanup actions for the self hosted runner - run: ${HOME}/scripts/cleanup_runner.sh + run: bash "${HOME}/scripts/cleanup_runner.sh" diff --git a/.github/workflows/run-k8s-tests-on-amd64.yaml b/.github/workflows/run-k8s-tests-on-amd64.yaml index 66fe6b73d8..8a12687d32 100644 --- a/.github/workflows/run-k8s-tests-on-amd64.yaml +++ b/.github/workflows/run-k8s-tests-on-amd64.yaml @@ -86,11 +86,11 @@ jobs: - name: Install `bats` run: bash tests/integration/kubernetes/gha-run.sh install-bats - + - name: Run tests timeout-minutes: 30 run: bash tests/integration/kubernetes/gha-run.sh run-tests - + - name: Collect artifacts ${{ matrix.vmm }} if: always() run: bash tests/integration/kubernetes/gha-run.sh collect-artifacts @@ -99,7 +99,7 @@ jobs: - name: Archive artifacts ${{ matrix.vmm }} uses: actions/upload-artifact@v4 with: - name: k8s-tests-${{ matrix.vmm }}-${{ matrix.snapshotter }}-${{ matrix.k8s }}-${{ matrix.instance }}-${{ inputs.tag }} + name: k8s-tests-${{ matrix.vmm }}-${{ matrix.snapshotter }}-${{ matrix.k8s }}-${{ inputs.tag }} path: /tmp/artifacts retention-days: 1 diff --git a/.github/workflows/run-k8s-tests-on-ppc64le.yaml b/.github/workflows/run-k8s-tests-on-ppc64le.yaml index e8d7d929dc..5c6a885f07 100644 --- a/.github/workflows/run-k8s-tests-on-ppc64le.yaml +++ b/.github/workflows/run-k8s-tests-on-ppc64le.yaml @@ -44,9 +44,9 @@ jobs: TARGET_ARCH: "ppc64le" steps: - name: Prepare the self-hosted runner - run: | - bash ${HOME}/scripts/prepare_runner.sh kubernetes - sudo rm -rf $GITHUB_WORKSPACE/* + run: | + bash "${HOME}/scripts/prepare_runner.sh" kubernetes + sudo rm -rf "$GITHUB_WORKSPACE"/* - uses: actions/checkout@v4 with: @@ -62,13 +62,13 @@ jobs: - name: Install golang run: | ./tests/install_go.sh -f -p - echo "/usr/local/go/bin" >> $GITHUB_PATH + echo "/usr/local/go/bin" >> "$GITHUB_PATH" - name: Prepare the runner for k8s cluster creation - run: bash ${HOME}/scripts/k8s_cluster_cleanup.sh + run: bash "${HOME}/scripts/k8s_cluster_cleanup.sh" - name: Create k8s cluster using kubeadm - run: bash ${HOME}/scripts/k8s_cluster_create.sh + run: bash "${HOME}/scripts/k8s_cluster_create.sh" - name: Deploy Kata timeout-minutes: 10 @@ -79,4 +79,4 @@ jobs: run: bash tests/integration/kubernetes/gha-run.sh run-tests - name: Delete cluster and post cleanup actions - run: bash ${HOME}/scripts/k8s_cluster_cleanup.sh + run: bash "${HOME}/scripts/k8s_cluster_cleanup.sh" diff --git a/.github/workflows/run-k8s-tests-on-zvsi.yaml b/.github/workflows/run-k8s-tests-on-zvsi.yaml index debe41939c..8b18ea8cfe 100644 --- a/.github/workflows/run-k8s-tests-on-zvsi.yaml +++ b/.github/workflows/run-k8s-tests-on-zvsi.yaml @@ -88,13 +88,13 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: Set SNAPSHOTTER to empty if overlayfs - run: echo "SNAPSHOTTER=" >> $GITHUB_ENV + run: echo "SNAPSHOTTER=" >> "$GITHUB_ENV" if: ${{ matrix.snapshotter == 'overlayfs' }} - name: Set KBS and KBS_INGRESS if qemu-coco-dev run: | - echo "KBS=true" >> $GITHUB_ENV - echo "KBS_INGRESS=nodeport" >> $GITHUB_ENV + echo "KBS=true" >> "$GITHUB_ENV" + echo "KBS_INGRESS=nodeport" >> "$GITHUB_ENV" if: ${{ matrix.vmm == 'qemu-coco-dev' }} # qemu-runtime-rs only works with overlayfs diff --git a/.github/workflows/run-kata-coco-stability-tests.yaml b/.github/workflows/run-kata-coco-stability-tests.yaml index 42d46696d5..11ec21a139 100644 --- a/.github/workflows/run-kata-coco-stability-tests.yaml +++ b/.github/workflows/run-kata-coco-stability-tests.yaml @@ -21,6 +21,9 @@ on: required: false type: string default: "" + tarball-suffix: + required: false + type: string jobs: # Generate jobs for testing CoCo on non-TEE environments @@ -40,7 +43,6 @@ jobs: DOCKER_REPO: ${{ inputs.repo }} DOCKER_TAG: ${{ inputs.tag }} GH_PR_NUMBER: ${{ inputs.pr-number }} - KATA_HOST_OS: ${{ matrix.host_os }} KATA_HYPERVISOR: ${{ matrix.vmm }} # Some tests rely on that variable to run (or not) KBS: "true" diff --git a/.github/workflows/run-kata-coco-tests.yaml b/.github/workflows/run-kata-coco-tests.yaml index 47719247e2..34956a54d6 100644 --- a/.github/workflows/run-kata-coco-tests.yaml +++ b/.github/workflows/run-kata-coco-tests.yaml @@ -288,7 +288,6 @@ jobs: DOCKER_REPO: ${{ inputs.repo }} DOCKER_TAG: ${{ inputs.tag }} GH_PR_NUMBER: ${{ inputs.pr-number }} - KATA_HOST_OS: ${{ matrix.host_os }} KATA_HYPERVISOR: ${{ matrix.vmm }} # Some tests rely on that variable to run (or not) KBS: "true" diff --git a/.github/workflows/static-checks.yaml b/.github/workflows/static-checks.yaml index cf33405967..1438c634e4 100644 --- a/.github/workflows/static-checks.yaml +++ b/.github/workflows/static-checks.yaml @@ -31,8 +31,8 @@ jobs: run: | kernel_dir="tools/packaging/kernel/" kernel_version_file="${kernel_dir}kata_config_version" - modified_files=$(git diff --name-only origin/$GITHUB_BASE_REF..HEAD) - if git diff --name-only origin/$GITHUB_BASE_REF..HEAD "${kernel_dir}" | grep "${kernel_dir}"; then + modified_files=$(git diff --name-only origin/"$GITHUB_BASE_REF"..HEAD) + if git diff --name-only origin/"$GITHUB_BASE_REF"..HEAD "${kernel_dir}" | grep "${kernel_dir}"; then echo "Kernel directory has changed, checking if $kernel_version_file has been updated" if echo "$modified_files" | grep -v "README.md" | grep "${kernel_dir}" >>"/dev/null"; then echo "$modified_files" | grep "$kernel_version_file" >>/dev/null || ( echo "Please bump version in $kernel_version_file" && exit 1) @@ -107,19 +107,19 @@ jobs: path: ./src/github.com/${{ github.repository }} - name: Install yq run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} + cd "${GOPATH}/src/github.com/${{ github.repository }}" ./ci/install_yq.sh env: INSTALL_IN_GOPATH: false - name: Install golang run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} + cd "${GOPATH}/src/github.com/${{ github.repository }}" ./tests/install_go.sh -f -p - echo "/usr/local/go/bin" >> $GITHUB_PATH + echo "/usr/local/go/bin" >> "$GITHUB_PATH" - name: Install system dependencies run: | sudo apt-get -y install moreutils hunspell hunspell-en-gb hunspell-en-us pandoc - name: Run check run: | - export PATH=${PATH}:${GOPATH}/bin - cd ${GOPATH}/src/github.com/${{ github.repository }} && ${{ matrix.cmd }} + export PATH="${PATH}:${GOPATH}/bin" + cd "${GOPATH}/src/github.com/${{ github.repository }}" && ${{ matrix.cmd }} diff --git a/src/runtime/pkg/govmm/.github/workflows/main.yml b/src/runtime/pkg/govmm/.github/workflows/main.yml index 5765147660..6c6841ca13 100644 --- a/src/runtime/pkg/govmm/.github/workflows/main.yml +++ b/src/runtime/pkg/govmm/.github/workflows/main.yml @@ -9,13 +9,13 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: golangci-lint - uses: golangci/golangci-lint-action@v2 + uses: golangci/golangci-lint-action@v6 with: version: latest args: -c .golangci.yml -v