github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-15 13:58:55 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #10631 from stevenhorsman/action-lint-workflow

Browse Source 
Action lint workflow
This commit is contained in:
Steve Horsman
2024-12-09 09:33:07 +00:00
committed by GitHub
parent bec1de7bd7 b4b3471bcb
commit 9b7fb31ce6
32 changed files with 146 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/actionlint.yaml vendored
View File

@@ -21,4 +21,5 @@ self-hosted-runner:
- sev-snp - sev-snp
- s390x - s390x
- s390x-large - s390x-large
- tdx - tdx-no-attestation
- tdx-attestation

33
.github/workflows/actionlint.yaml vendored Normal file
View File

@@ -0,0 +1,33 @@
name: Lint GHA workflows
on:
workflow_dispatch:
pull_request:
types:
- opened
- edited
- reopened
- synchronize
paths:
- '.github/workflows/**'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
run-actionlint:
env:
GH_TOKEN: ${{ github.token }}
runs-on: ubuntu-24.04
steps:
- name: Checkout the code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install actionlint gh extension
run: gh extension install https://github.com/cschleiden/gh-actionlint
- name: Run actionlint
run: gh actionlint

2
.github/workflows/add-issues-to-project.yaml vendored
View File

@@ -33,7 +33,7 @@ jobs:
run: | run: |
# Clone into a temporary directory to avoid overwriting # Clone into a temporary directory to avoid overwriting
# any existing github directory. # any existing github directory.
pushd $(mktemp -d) &>/dev/null pushd "$(mktemp -d)" &>/dev/null
git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts
sudo install hub-util.sh /usr/local/bin sudo install hub-util.sh /usr/local/bin
popd &>/dev/null popd &>/dev/null

2
.github/workflows/add-pr-sizing-label.yaml vendored
View File

@@ -36,7 +36,7 @@ jobs:
run: | run: |
# Clone into a temporary directory to avoid overwriting # Clone into a temporary directory to avoid overwriting
# any existing github directory. # any existing github directory.
pushd $(mktemp -d) &>/dev/null pushd "$(mktemp -d)" &>/dev/null
git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts
sudo install pr-add-size-label.sh /usr/local/bin sudo install pr-add-size-label.sh /usr/local/bin
popd &>/dev/null popd &>/dev/null

16
.github/workflows/build-checks.yaml vendored
View File

@@ -49,8 +49,8 @@ jobs:
steps: steps:
- name: Adjust a permission for repo - name: Adjust a permission for repo
run: | run: |
sudo chown -R $USER:$USER $GITHUB_WORKSPACE $HOME sudo chown -R "$USER":"$USER" "$GITHUB_WORKSPACE" "$HOME"
sudo rm -rf $GITHUB_WORKSPACE/* && echo "GITHUB_WORKSPACE removed" || { sleep 10 && sudo rm -rf $GITHUB_WORKSPACE/*; } sudo rm -rf "$GITHUB_WORKSPACE"/* || { sleep 10 && sudo rm -rf "$GITHUB_WORKSPACE"/*; }
sudo rm -f /tmp/kata_hybrid* # Sometime we got leftover from test_setup_hvsock_failed() sudo rm -f /tmp/kata_hybrid* # Sometime we got leftover from test_setup_hvsock_failed()
- name: Checkout the code - name: Checkout the code
@@ -67,12 +67,12 @@ jobs:
if: ${{ matrix.component == 'runtime' }} if: ${{ matrix.component == 'runtime' }}
run: | run: |
./tests/install_go.sh -f -p ./tests/install_go.sh -f -p
echo "/usr/local/go/bin" >> $GITHUB_PATH echo "/usr/local/go/bin" >> "$GITHUB_PATH"
- name: Install rust - name: Install rust
if: ${{ matrix.component != 'runtime' }} if: ${{ matrix.component != 'runtime' }}
run: | run: |
./tests/install_rust.sh ./tests/install_rust.sh
echo "${HOME}/.cargo/bin" >> $GITHUB_PATH echo "${HOME}/.cargo/bin" >> "$GITHUB_PATH"
- name: Install musl-tools - name: Install musl-tools
if: ${{ matrix.component != 'runtime' }} if: ${{ matrix.component != 'runtime' }}
run: sudo apt-get -y install musl-tools run: sudo apt-get -y install musl-tools
@@ -86,8 +86,8 @@ jobs:
gperf_install_dir=$(mktemp -d -t gperf.XXXXXXXXXX) gperf_install_dir=$(mktemp -d -t gperf.XXXXXXXXXX)
./ci/install_libseccomp.sh "${libseccomp_install_dir}" "${gperf_install_dir}" ./ci/install_libseccomp.sh "${libseccomp_install_dir}" "${gperf_install_dir}"
echo "Set environment variables for the libseccomp crate to link the libseccomp library statically" echo "Set environment variables for the libseccomp crate to link the libseccomp library statically"
echo "LIBSECCOMP_LINK_TYPE=static" >> $GITHUB_ENV echo "LIBSECCOMP_LINK_TYPE=static" >> "$GITHUB_ENV"
echo "LIBSECCOMP_LIB_PATH=${libseccomp_install_dir}/lib" >> $GITHUB_ENV echo "LIBSECCOMP_LIB_PATH=${libseccomp_install_dir}/lib" >> "$GITHUB_ENV"
- name: Install protobuf-compiler - name: Install protobuf-compiler
if: ${{ matrix.command != 'make vendor' && (matrix.component == 'agent' || matrix.component == 'genpolicy' || matrix.component == 'agent-ctl') }} if: ${{ matrix.command != 'make vendor' && (matrix.component == 'agent' || matrix.component == 'genpolicy' || matrix.component == 'agent-ctl') }}
run: sudo apt-get -y install protobuf-compiler run: sudo apt-get -y install protobuf-compiler
@@ -97,8 +97,8 @@ jobs:
- name: Setup XDG_RUNTIME_DIR for the `runtime` tests - name: Setup XDG_RUNTIME_DIR for the `runtime` tests
if: ${{ matrix.command != 'make vendor' && matrix.command != 'make check' && matrix.component == 'runtime' }} if: ${{ matrix.command != 'make vendor' && matrix.command != 'make check' && matrix.component == 'runtime' }}
run: | run: |
XDG_RUNTIME_DIR=$(mktemp -d /tmp/kata-tests-$USER.XXX | tee >(xargs chmod 0700)) XDG_RUNTIME_DIR=$(mktemp -d "/tmp/kata-tests-$USER.XXX" | tee >(xargs chmod 0700))
echo "XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR}" >> $GITHUB_ENV echo "XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR}" >> "$GITHUB_ENV"
- name: Running `${{ matrix.command }}` for ${{ matrix.component }} - name: Running `${{ matrix.command }}` for ${{ matrix.component }}
run: | run: |
cd ${{ matrix.component-path }} cd ${{ matrix.component-path }}

6
.github/workflows/build-kata-static-tarball-amd64.yaml vendored
View File

@@ -89,7 +89,7 @@ jobs:
make "${KATA_ASSET}-tarball" make "${KATA_ASSET}-tarball"
build_dir=$(readlink -f build) build_dir=$(readlink -f build)
# store-artifact does not work with symlink # store-artifact does not work with symlink
mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/.
env: env:
KATA_ASSET: ${{ matrix.asset }} KATA_ASSET: ${{ matrix.asset }}
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
@@ -181,7 +181,7 @@ jobs:
make "${KATA_ASSET}-tarball" make "${KATA_ASSET}-tarball"
build_dir=$(readlink -f build) build_dir=$(readlink -f build)
# store-artifact does not work with symlink # store-artifact does not work with symlink
mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/.
env: env:
KATA_ASSET: ${{ matrix.asset }} KATA_ASSET: ${{ matrix.asset }}
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
@@ -252,7 +252,7 @@ jobs:
make "${KATA_ASSET}-tarball" make "${KATA_ASSET}-tarball"
build_dir=$(readlink -f build) build_dir=$(readlink -f build)
# store-artifact does not work with symlink # store-artifact does not work with symlink
mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/.
env: env:
KATA_ASSET: shim-v2 KATA_ASSET: shim-v2
TAR_OUTPUT: shim-v2.tar.gz TAR_OUTPUT: shim-v2.tar.gz

8
.github/workflows/build-kata-static-tarball-arm64.yaml vendored
View File

@@ -61,7 +61,7 @@ jobs:
make "${KATA_ASSET}-tarball" make "${KATA_ASSET}-tarball"
build_dir=$(readlink -f build) build_dir=$(readlink -f build)
# store-artifact does not work with symlink # store-artifact does not work with symlink
mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/.
env: env:
KATA_ASSET: ${{ matrix.asset }} KATA_ASSET: ${{ matrix.asset }}
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
@@ -121,7 +121,7 @@ jobs:
make "${KATA_ASSET}-tarball" make "${KATA_ASSET}-tarball"
build_dir=$(readlink -f build) build_dir=$(readlink -f build)
# store-artifact does not work with symlink # store-artifact does not work with symlink
mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/.
env: env:
KATA_ASSET: ${{ matrix.asset }} KATA_ASSET: ${{ matrix.asset }}
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
@@ -189,7 +189,7 @@ jobs:
make "${KATA_ASSET}-tarball" make "${KATA_ASSET}-tarball"
build_dir=$(readlink -f build) build_dir=$(readlink -f build)
# store-artifact does not work with symlink # store-artifact does not work with symlink
mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/.
env: env:
KATA_ASSET: shim-v2 KATA_ASSET: shim-v2
TAR_OUTPUT: shim-v2.tar.gz TAR_OUTPUT: shim-v2.tar.gz
@@ -214,7 +214,7 @@ jobs:
steps: steps:
- name: Adjust a permission for repo - name: Adjust a permission for repo
run: | run: |
sudo chown -R $USER:$USER $GITHUB_WORKSPACE sudo chown -R "$USER":"$USER" "$GITHUB_WORKSPACE"
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:

20
.github/workflows/build-kata-static-tarball-ppc64le.yaml vendored
View File

@@ -36,8 +36,8 @@ jobs:
steps: steps:
- name: Prepare the self-hosted runner - name: Prepare the self-hosted runner
run: | run: |
${HOME}/scripts/prepare_runner.sh "${HOME}/scripts/prepare_runner.sh"
sudo rm -rf $GITHUB_WORKSPACE/* sudo rm -rf "$GITHUB_WORKSPACE"/*
- name: Login to Kata Containers quay.io - name: Login to Kata Containers quay.io
if: ${{ inputs.push-to-registry == 'yes' }} if: ${{ inputs.push-to-registry == 'yes' }}
@@ -63,7 +63,7 @@ jobs:
make "${KATA_ASSET}-tarball" make "${KATA_ASSET}-tarball"
build_dir=$(readlink -f build) build_dir=$(readlink -f build)
# store-artifact does not work with symlink # store-artifact does not work with symlink
mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/.
env: env:
KATA_ASSET: ${{ matrix.asset }} KATA_ASSET: ${{ matrix.asset }}
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
@@ -94,8 +94,8 @@ jobs:
steps: steps:
- name: Prepare the self-hosted runner - name: Prepare the self-hosted runner
run: | run: |
${HOME}/scripts/prepare_runner.sh "${HOME}/scripts/prepare_runner.sh"
sudo rm -rf $GITHUB_WORKSPACE/* sudo rm -rf "$GITHUB_WORKSPACE"/*
- name: Login to Kata Containers quay.io - name: Login to Kata Containers quay.io
if: ${{ inputs.push-to-registry == 'yes' }} if: ${{ inputs.push-to-registry == 'yes' }}
@@ -129,7 +129,7 @@ jobs:
make "${KATA_ASSET}-tarball" make "${KATA_ASSET}-tarball"
build_dir=$(readlink -f build) build_dir=$(readlink -f build)
# store-artifact does not work with symlink # store-artifact does not work with symlink
mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/.
env: env:
KATA_ASSET: ${{ matrix.asset }} KATA_ASSET: ${{ matrix.asset }}
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
@@ -167,8 +167,8 @@ jobs:
steps: steps:
- name: Prepare the self-hosted runner - name: Prepare the self-hosted runner
run: | run: |
${HOME}/scripts/prepare_runner.sh "${HOME}/scripts/prepare_runner.sh"
sudo rm -rf $GITHUB_WORKSPACE/* sudo rm -rf "$GITHUB_WORKSPACE"/*
- name: Login to Kata Containers quay.io - name: Login to Kata Containers quay.io
if: ${{ inputs.push-to-registry == 'yes' }} if: ${{ inputs.push-to-registry == 'yes' }}
@@ -202,7 +202,7 @@ jobs:
make "${KATA_ASSET}-tarball" make "${KATA_ASSET}-tarball"
build_dir=$(readlink -f build) build_dir=$(readlink -f build)
# store-artifact does not work with symlink # store-artifact does not work with symlink
mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/.
env: env:
KATA_ASSET: shim-v2 KATA_ASSET: shim-v2
TAR_OUTPUT: shim-v2.tar.gz TAR_OUTPUT: shim-v2.tar.gz
@@ -227,7 +227,7 @@ jobs:
steps: steps:
- name: Adjust a permission for repo - name: Adjust a permission for repo
run: | run: |
sudo chown -R $USER:$USER $GITHUB_WORKSPACE sudo chown -R "$USER":"$USER" "$GITHUB_WORKSPACE"
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:

8
.github/workflows/build-kata-static-tarball-s390x.yaml vendored
View File

@@ -67,7 +67,7 @@ jobs:
make "${KATA_ASSET}-tarball" make "${KATA_ASSET}-tarball"
build_dir=$(readlink -f build) build_dir=$(readlink -f build)
# store-artifact does not work with symlink # store-artifact does not work with symlink
mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/.
env: env:
KATA_ASSET: ${{ matrix.asset }} KATA_ASSET: ${{ matrix.asset }}
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
@@ -153,7 +153,7 @@ jobs:
make "${KATA_ASSET}-tarball" make "${KATA_ASSET}-tarball"
build_dir=$(readlink -f build) build_dir=$(readlink -f build)
# store-artifact does not work with symlink # store-artifact does not work with symlink
mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/.
env: env:
KATA_ASSET: ${{ matrix.asset }} KATA_ASSET: ${{ matrix.asset }}
TAR_OUTPUT: ${{ matrix.asset }}.tar.gz TAR_OUTPUT: ${{ matrix.asset }}.tar.gz
@@ -204,7 +204,7 @@ jobs:
make boot-image-se-tarball make boot-image-se-tarball
build_dir=$(readlink -f build) build_dir=$(readlink -f build)
sudo cp -r "${build_dir}" "kata-build" sudo cp -r "${build_dir}" "kata-build"
sudo chown -R $(id -u):$(id -g) "kata-build" sudo chown -R "$(id -u)":"$(id -g)" "kata-build"
env: env:
HKD_PATH: "host-key-document" HKD_PATH: "host-key-document"
@@ -268,7 +268,7 @@ jobs:
make "${KATA_ASSET}-tarball" make "${KATA_ASSET}-tarball"
build_dir=$(readlink -f build) build_dir=$(readlink -f build)
# store-artifact does not work with symlink # store-artifact does not work with symlink
mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. mkdir -p kata-build && cp "${build_dir}"/kata-static-"${KATA_ASSET}"*.tar.* kata-build/.
env: env:
KATA_ASSET: shim-v2 KATA_ASSET: shim-v2
TAR_OUTPUT: shim-v2.tar.gz TAR_OUTPUT: shim-v2.tar.gz

2
.github/workflows/cargo-deny-runner.yaml vendored
View File

@@ -24,7 +24,7 @@ jobs:
run: bash cargo-deny-generator.sh run: bash cargo-deny-generator.sh
working-directory: ./.github/cargo-deny-composite-action/ working-directory: ./.github/cargo-deny-composite-action/
env: env:
GOPATH: ${{ runner.workspace }}/kata-containers GOPATH: ${{ github.workspace }}/kata-containers
- name: Run Action - name: Run Action
if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }}
uses: ./.github/cargo-deny-composite-action uses: ./.github/cargo-deny-composite-action

2
.github/workflows/ci-nightly-s390x.yaml vendored
View File

@@ -16,6 +16,6 @@ jobs:
- name: Fetch a test result for {{ matrix.test_title }} - name: Fetch a test result for {{ matrix.test_title }}
run: | run: |
file_name="${TEST_TITLE}-$(date +%Y-%m-%d).log" file_name="${TEST_TITLE}-$(date +%Y-%m-%d).log"
/home/${USER}/script/handle_test_log.sh download $file_name "/home/${USER}/script/handle_test_log.sh" download "$file_name"
env: env:
TEST_TITLE: ${{ matrix.test_title }} TEST_TITLE: ${{ matrix.test_title }}

1
.github/workflows/ci-weekly.yaml vendored
View File

@@ -83,4 +83,5 @@ jobs:
commit-hash: ${{ inputs.commit-hash }} commit-hash: ${{ inputs.commit-hash }}
pr-number: ${{ inputs.pr-number }} pr-number: ${{ inputs.pr-number }}
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
tarball-suffix: -${{ inputs.tag }}
secrets: inherit secrets: inherit

2
.github/workflows/darwin-tests.yaml vendored
View File

@@ -16,7 +16,7 @@ jobs:
runs-on: macos-latest runs-on: macos-latest
steps: steps:
- name: Install Go - name: Install Go
uses: actions/setup-go@v2 uses: actions/setup-go@v5
with: with:
go-version: 1.22.2 go-version: 1.22.2
- name: Checkout code - name: Checkout code

10
.github/workflows/docs-url-alive-check.yaml vendored
View File

@@ -12,15 +12,15 @@ jobs:
target_branch: ${{ github.base_ref }} target_branch: ${{ github.base_ref }}
steps: steps:
- name: Install Go - name: Install Go
uses: actions/setup-go@v2 uses: actions/setup-go@v5
with: with:
go-version: 1.22.2 go-version: 1.22.2
env: env:
GOPATH: ${{ runner.workspace }}/kata-containers GOPATH: ${{ github.workspace }}/kata-containers
- name: Set env - name: Set env
run: | run: |
echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV echo "GOPATH=${{ github.workspace }}" >> "$GITHUB_ENV"
echo "${{ github.workspace }}/bin" >> $GITHUB_PATH echo "${{ github.workspace }}/bin" >> "$GITHUB_PATH"
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
@@ -29,4 +29,4 @@ jobs:
# docs url alive check # docs url alive check
- name: Docs URL Alive Check - name: Docs URL Alive Check
run: | run: |
cd ${GOPATH}/src/github.com/${{ github.repository }} && make docs-url-alive-check cd "${GOPATH}/src/github.com/${{ github.repository }}" && make docs-url-alive-check

4
.github/workflows/kata-runtime-classes-sync.yaml vendored
View File

@@ -20,9 +20,9 @@ jobs:
run: | run: |
pushd tools/packaging/kata-deploy/runtimeclasses/ pushd tools/packaging/kata-deploy/runtimeclasses/
echo "::group::Combine runtime classes" echo "::group::Combine runtime classes"
for runtimeClass in `find . -type f \( -name "*.yaml" -and -not -name "kata-runtimeClasses.yaml" \) | sort`; do for runtimeClass in $(find . -type f \( -name "*.yaml" -and -not -name "kata-runtimeClasses.yaml" \) | sort); do
echo "Adding ${runtimeClass} to the resultingRuntimeClasses.yaml" echo "Adding ${runtimeClass} to the resultingRuntimeClasses.yaml"
cat ${runtimeClass} >> resultingRuntimeClasses.yaml; cat "${runtimeClass}" >> resultingRuntimeClasses.yaml;
done done
echo "::endgroup::" echo "::endgroup::"
echo "::group::Displaying the content of resultingRuntimeClasses.yaml" echo "::group::Displaying the content of resultingRuntimeClasses.yaml"

6
.github/workflows/move-issues-to-in-progress.yaml vendored
View File

@@ -31,7 +31,7 @@ jobs:
run: | run: |
# Clone into a temporary directory to avoid overwriting # Clone into a temporary directory to avoid overwriting
# any existing github directory. # any existing github directory.
pushd $(mktemp -d) &>/dev/null pushd "$(mktemp -d)" &>/dev/null
git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts
sudo install hub-util.sh /usr/local/bin sudo install hub-util.sh /usr/local/bin
popd &>/dev/null popd &>/dev/null
@@ -72,9 +72,9 @@ jobs:
project_type="org" project_type="org"
project_column="In progress" project_column="In progress"
for issue_url in $(echo "$linked_issue_urls") for issue_url in $linked_issue_urls
do do
issue=$(echo "$issue_url"| awk -F\/ '{print $NF}' || true) issue=$(echo "$issue_url"| awk -F/ '{print $NF}' || true)
[ -z "$issue" ] && { [ -z "$issue" ] && {
echo "::error::Cannot determine issue number from $issue_url for PR $pr" echo "::error::Cannot determine issue number from $issue_url for PR $pr"

2
.github/workflows/publish-kata-deploy-payload-amd64.yaml vendored
View File

@@ -62,5 +62,5 @@ jobs:
id: build-and-push-kata-payload id: build-and-push-kata-payload
run: | run: |
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
$(pwd)/kata-static.tar.xz \ "$(pwd)"/kata-static.tar.xz \
${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }}

5
.github/workflows/publish-kata-deploy-payload-arm64.yaml vendored
View File

@@ -28,7 +28,7 @@ jobs:
steps: steps:
- name: Adjust a permission for repo - name: Adjust a permission for repo
run: | run: |
sudo chown -R $USER:$USER $GITHUB_WORKSPACE sudo chown -R "$USER":"$USER" "$GITHUB_WORKSPACE"
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
@@ -66,6 +66,5 @@ jobs:
id: build-and-push-kata-payload id: build-and-push-kata-payload
run: | run: |
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
$(pwd)/kata-static.tar.xz \ "$(pwd)"/kata-static.tar.xz \
${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }}

8
.github/workflows/publish-kata-deploy-payload-ppc64le.yaml vendored
View File

@@ -28,12 +28,12 @@ jobs:
steps: steps:
- name: Prepare the self-hosted runner - name: Prepare the self-hosted runner
run: | run: |
${HOME}/scripts/prepare_runner.sh "${HOME}/scripts/prepare_runner.sh"
sudo rm -rf $GITHUB_WORKSPACE/* sudo rm -rf "$GITHUB_WORKSPACE"/*
- name: Adjust a permission for repo - name: Adjust a permission for repo
run: | run: |
sudo chown -R $USER:$USER $GITHUB_WORKSPACE sudo chown -R "$USER":"$USER" "$GITHUB_WORKSPACE"
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
@@ -71,5 +71,5 @@ jobs:
id: build-and-push-kata-payload id: build-and-push-kata-payload
run: | run: |
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
$(pwd)/kata-static.tar.xz \ "$(pwd)"/kata-static.tar.xz \
${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }}

2
.github/workflows/publish-kata-deploy-payload-s390x.yaml vendored
View File

@@ -62,5 +62,5 @@ jobs:
id: build-and-push-kata-payload id: build-and-push-kata-payload
run: | run: |
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
$(pwd)/kata-static.tar.xz \ "$(pwd)"/kata-static.tar.xz \
${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }}

12
.github/workflows/release-amd64.yaml vendored
View File

@@ -42,18 +42,18 @@ jobs:
run: | run: |
# We need to do such trick here as the format of the $GITHUB_REF # We need to do such trick here as the format of the $GITHUB_REF
# is "refs/tags/<tag>" # is "refs/tags/<tag>"
tag=$(echo $GITHUB_REF | cut -d/ -f3-) tag=$(echo "$GITHUB_REF" | cut -d/ -f3-)
if [ "${tag}" = "main" ]; then if [ "${tag}" = "main" ]; then
tag=$(./tools/packaging/release/release.sh release-version) tag=$(./tools/packaging/release/release.sh release-version)
tags=(${tag} "latest") tags=("${tag}" "latest")
else else
tags=(${tag}) tags=("${tag}")
fi fi
for tag in ${tags[@]}; do for tag in "${tags[@]}"; do
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
$(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ "$(pwd)"/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \
"${tag}-${{ inputs.target-arch }}" "${tag}-${{ inputs.target-arch }}"
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
$(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ "$(pwd)"/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \
"${tag}-${{ inputs.target-arch }}" "${tag}-${{ inputs.target-arch }}"
done done

12
.github/workflows/release-arm64.yaml vendored
View File

@@ -42,18 +42,18 @@ jobs:
run: | run: |
# We need to do such trick here as the format of the $GITHUB_REF # We need to do such trick here as the format of the $GITHUB_REF
# is "refs/tags/<tag>" # is "refs/tags/<tag>"
tag=$(echo $GITHUB_REF | cut -d/ -f3-) tag=$(echo "$GITHUB_REF" | cut -d/ -f3-)
if [ "${tag}" = "main" ]; then if [ "${tag}" = "main" ]; then
tag=$(./tools/packaging/release/release.sh release-version) tag=$(./tools/packaging/release/release.sh release-version)
tags=(${tag} "latest") tags=("${tag}" "latest")
else else
tags=(${tag}) tags=("${tag}")
fi fi
for tag in ${tags[@]}; do for tag in "${tags[@]}"; do
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
$(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ "$(pwd)"/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \
"${tag}-${{ inputs.target-arch }}" "${tag}-${{ inputs.target-arch }}"
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
$(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ "$(pwd)"/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \
"${tag}-${{ inputs.target-arch }}" "${tag}-${{ inputs.target-arch }}"
done done

16
.github/workflows/release-ppc64le.yaml vendored
View File

@@ -20,8 +20,8 @@ jobs:
steps: steps:
- name: Prepare the self-hosted runner - name: Prepare the self-hosted runner
run: | run: |
bash ${HOME}/scripts/prepare_runner.sh bash "${HOME}/scripts/prepare_runner.sh"
sudo rm -rf $GITHUB_WORKSPACE/* sudo rm -rf "$GITHUB_WORKSPACE"/*
- name: Login to Kata Containers docker.io - name: Login to Kata Containers docker.io
uses: docker/login-action@v3 uses: docker/login-action@v3
@@ -47,18 +47,18 @@ jobs:
run: | run: |
# We need to do such trick here as the format of the $GITHUB_REF # We need to do such trick here as the format of the $GITHUB_REF
# is "refs/tags/<tag>" # is "refs/tags/<tag>"
tag=$(echo $GITHUB_REF | cut -d/ -f3-) tag=$(echo "$GITHUB_REF" | cut -d/ -f3-)
if [ "${tag}" = "main" ]; then if [ "${tag}" = "main" ]; then
tag=$(./tools/packaging/release/release.sh release-version) tag=$(./tools/packaging/release/release.sh release-version)
tags=(${tag} "latest") tags=("${tag}" "latest")
else else
tags=(${tag}) tags=("${tag}")
fi fi
for tag in ${tags[@]}; do for tag in "${tags[@]}"; do
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
$(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ "$(pwd)"/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \
"${tag}-${{ inputs.target-arch }}" "${tag}-${{ inputs.target-arch }}"
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
$(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ "$(pwd)"/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \
"${tag}-${{ inputs.target-arch }}" "${tag}-${{ inputs.target-arch }}"
done done

12
.github/workflows/release-s390x.yaml vendored
View File

@@ -42,18 +42,18 @@ jobs:
run: | run: |
# We need to do such trick here as the format of the $GITHUB_REF # We need to do such trick here as the format of the $GITHUB_REF
# is "refs/tags/<tag>" # is "refs/tags/<tag>"
tag=$(echo $GITHUB_REF | cut -d/ -f3-) tag=$(echo "$GITHUB_REF" | cut -d/ -f3-)
if [ "${tag}" = "main" ]; then if [ "${tag}" = "main" ]; then
tag=$(./tools/packaging/release/release.sh release-version) tag=$(./tools/packaging/release/release.sh release-version)
tags=(${tag} "latest") tags=("${tag}" "latest")
else else
tags=(${tag}) tags=("${tag}")
fi fi
for tag in ${tags[@]}; do for tag in "${tags[@]}"; do
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
$(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ "$(pwd)"/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \
"${tag}-${{ inputs.target-arch }}" "${tag}-${{ inputs.target-arch }}"
./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \
$(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ "$(pwd)"/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \
"${tag}-${{ inputs.target-arch }}" "${tag}-${{ inputs.target-arch }}"
done done

8
.github/workflows/run-cri-containerd-tests-ppc64le.yaml vendored
View File

@@ -30,12 +30,12 @@ jobs:
KATA_HYPERVISOR: ${{ matrix.vmm }} KATA_HYPERVISOR: ${{ matrix.vmm }}
steps: steps:
- name: Adjust a permission for repo - name: Adjust a permission for repo
run: sudo chown -R $USER:$USER $GITHUB_WORKSPACE run: sudo chown -R "$USER":"$USER" "$GITHUB_WORKSPACE"
- name: Prepare the self-hosted runner - name: Prepare the self-hosted runner
run: | run: |
bash ${HOME}/scripts/prepare_runner.sh cri-containerd bash "${HOME}/scripts/prepare_runner.sh" cri-containerd
sudo rm -rf $GITHUB_WORKSPACE/* sudo rm -rf "$GITHUB_WORKSPACE"/*
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
@@ -64,4 +64,4 @@ jobs:
run: bash tests/integration/cri-containerd/gha-run.sh run run: bash tests/integration/cri-containerd/gha-run.sh run
- name: Cleanup actions for the self hosted runner - name: Cleanup actions for the self hosted runner
run: ${HOME}/scripts/cleanup_runner.sh run: bash "${HOME}/scripts/cleanup_runner.sh"

2
.github/workflows/run-k8s-tests-on-amd64.yaml vendored
View File

@@ -99,7 +99,7 @@ jobs:
- name: Archive artifacts ${{ matrix.vmm }} - name: Archive artifacts ${{ matrix.vmm }}
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:
name: k8s-tests-${{ matrix.vmm }}-${{ matrix.snapshotter }}-${{ matrix.k8s }}-${{ matrix.instance }}-${{ inputs.tag }} name: k8s-tests-${{ matrix.vmm }}-${{ matrix.snapshotter }}-${{ matrix.k8s }}-${{ inputs.tag }}
path: /tmp/artifacts path: /tmp/artifacts
retention-days: 1 retention-days: 1

12
.github/workflows/run-k8s-tests-on-ppc64le.yaml vendored
View File

@@ -45,8 +45,8 @@ jobs:
steps: steps:
- name: Prepare the self-hosted runner - name: Prepare the self-hosted runner
run: | run: |
bash ${HOME}/scripts/prepare_runner.sh kubernetes bash "${HOME}/scripts/prepare_runner.sh" kubernetes
sudo rm -rf $GITHUB_WORKSPACE/* sudo rm -rf "$GITHUB_WORKSPACE"/*
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
@@ -62,13 +62,13 @@ jobs:
- name: Install golang - name: Install golang
run: | run: |
./tests/install_go.sh -f -p ./tests/install_go.sh -f -p
echo "/usr/local/go/bin" >> $GITHUB_PATH echo "/usr/local/go/bin" >> "$GITHUB_PATH"
- name: Prepare the runner for k8s cluster creation - name: Prepare the runner for k8s cluster creation
run: bash ${HOME}/scripts/k8s_cluster_cleanup.sh run: bash "${HOME}/scripts/k8s_cluster_cleanup.sh"
- name: Create k8s cluster using kubeadm - name: Create k8s cluster using kubeadm
run: bash ${HOME}/scripts/k8s_cluster_create.sh run: bash "${HOME}/scripts/k8s_cluster_create.sh"
- name: Deploy Kata - name: Deploy Kata
timeout-minutes: 10 timeout-minutes: 10
@@ -79,4 +79,4 @@ jobs:
run: bash tests/integration/kubernetes/gha-run.sh run-tests run: bash tests/integration/kubernetes/gha-run.sh run-tests
- name: Delete cluster and post cleanup actions - name: Delete cluster and post cleanup actions
run: bash ${HOME}/scripts/k8s_cluster_cleanup.sh run: bash "${HOME}/scripts/k8s_cluster_cleanup.sh"

6
.github/workflows/run-k8s-tests-on-zvsi.yaml vendored
View File

@@ -88,13 +88,13 @@ jobs:
TARGET_BRANCH: ${{ inputs.target-branch }} TARGET_BRANCH: ${{ inputs.target-branch }}
- name: Set SNAPSHOTTER to empty if overlayfs - name: Set SNAPSHOTTER to empty if overlayfs
run: echo "SNAPSHOTTER=" >> $GITHUB_ENV run: echo "SNAPSHOTTER=" >> "$GITHUB_ENV"
if: ${{ matrix.snapshotter == 'overlayfs' }} if: ${{ matrix.snapshotter == 'overlayfs' }}
- name: Set KBS and KBS_INGRESS if qemu-coco-dev - name: Set KBS and KBS_INGRESS if qemu-coco-dev
run: | run: |
echo "KBS=true" >> $GITHUB_ENV echo "KBS=true" >> "$GITHUB_ENV"
echo "KBS_INGRESS=nodeport" >> $GITHUB_ENV echo "KBS_INGRESS=nodeport" >> "$GITHUB_ENV"
if: ${{ matrix.vmm == 'qemu-coco-dev' }} if: ${{ matrix.vmm == 'qemu-coco-dev' }}
# qemu-runtime-rs only works with overlayfs # qemu-runtime-rs only works with overlayfs

4
.github/workflows/run-kata-coco-stability-tests.yaml vendored
View File

@@ -21,6 +21,9 @@ on:
required: false required: false
type: string type: string
default: "" default: ""
tarball-suffix:
required: false
type: string
jobs: jobs:
# Generate jobs for testing CoCo on non-TEE environments # Generate jobs for testing CoCo on non-TEE environments
@@ -40,7 +43,6 @@ jobs:
DOCKER_REPO: ${{ inputs.repo }} DOCKER_REPO: ${{ inputs.repo }}
DOCKER_TAG: ${{ inputs.tag }} DOCKER_TAG: ${{ inputs.tag }}
GH_PR_NUMBER: ${{ inputs.pr-number }} GH_PR_NUMBER: ${{ inputs.pr-number }}
KATA_HOST_OS: ${{ matrix.host_os }}
KATA_HYPERVISOR: ${{ matrix.vmm }} KATA_HYPERVISOR: ${{ matrix.vmm }}
# Some tests rely on that variable to run (or not) # Some tests rely on that variable to run (or not)
KBS: "true" KBS: "true"

1
.github/workflows/run-kata-coco-tests.yaml vendored
View File

@@ -288,7 +288,6 @@ jobs:
DOCKER_REPO: ${{ inputs.repo }} DOCKER_REPO: ${{ inputs.repo }}
DOCKER_TAG: ${{ inputs.tag }} DOCKER_TAG: ${{ inputs.tag }}
GH_PR_NUMBER: ${{ inputs.pr-number }} GH_PR_NUMBER: ${{ inputs.pr-number }}
KATA_HOST_OS: ${{ matrix.host_os }}
KATA_HYPERVISOR: ${{ matrix.vmm }} KATA_HYPERVISOR: ${{ matrix.vmm }}
# Some tests rely on that variable to run (or not) # Some tests rely on that variable to run (or not)
KBS: "true" KBS: "true"

14
.github/workflows/static-checks.yaml vendored
View File

@@ -31,8 +31,8 @@ jobs:
run: | run: |
kernel_dir="tools/packaging/kernel/" kernel_dir="tools/packaging/kernel/"
kernel_version_file="${kernel_dir}kata_config_version" kernel_version_file="${kernel_dir}kata_config_version"
modified_files=$(git diff --name-only origin/$GITHUB_BASE_REF..HEAD) modified_files=$(git diff --name-only origin/"$GITHUB_BASE_REF"..HEAD)
if git diff --name-only origin/$GITHUB_BASE_REF..HEAD "${kernel_dir}" | grep "${kernel_dir}"; then if git diff --name-only origin/"$GITHUB_BASE_REF"..HEAD "${kernel_dir}" | grep "${kernel_dir}"; then
echo "Kernel directory has changed, checking if $kernel_version_file has been updated" echo "Kernel directory has changed, checking if $kernel_version_file has been updated"
if echo "$modified_files" | grep -v "README.md" | grep "${kernel_dir}" >>"/dev/null"; then if echo "$modified_files" | grep -v "README.md" | grep "${kernel_dir}" >>"/dev/null"; then
echo "$modified_files" | grep "$kernel_version_file" >>/dev/null || ( echo "Please bump version in $kernel_version_file" && exit 1) echo "$modified_files" | grep "$kernel_version_file" >>/dev/null || ( echo "Please bump version in $kernel_version_file" && exit 1)
@@ -107,19 +107,19 @@ jobs:
path: ./src/github.com/${{ github.repository }} path: ./src/github.com/${{ github.repository }}
- name: Install yq - name: Install yq
run: | run: |
cd ${GOPATH}/src/github.com/${{ github.repository }} cd "${GOPATH}/src/github.com/${{ github.repository }}"
./ci/install_yq.sh ./ci/install_yq.sh
env: env:
INSTALL_IN_GOPATH: false INSTALL_IN_GOPATH: false
- name: Install golang - name: Install golang
run: | run: |
cd ${GOPATH}/src/github.com/${{ github.repository }} cd "${GOPATH}/src/github.com/${{ github.repository }}"
./tests/install_go.sh -f -p ./tests/install_go.sh -f -p
echo "/usr/local/go/bin" >> $GITHUB_PATH echo "/usr/local/go/bin" >> "$GITHUB_PATH"
- name: Install system dependencies - name: Install system dependencies
run: | run: |
sudo apt-get -y install moreutils hunspell hunspell-en-gb hunspell-en-us pandoc sudo apt-get -y install moreutils hunspell hunspell-en-gb hunspell-en-us pandoc
- name: Run check - name: Run check
run: | run: |
export PATH=${PATH}:${GOPATH}/bin export PATH="${PATH}:${GOPATH}/bin"
cd ${GOPATH}/src/github.com/${{ github.repository }} && ${{ matrix.cmd }} cd "${GOPATH}/src/github.com/${{ github.repository }}" && ${{ matrix.cmd }}

6
src/runtime/pkg/govmm/.github/workflows/main.yml vendored
View File

@@ -9,13 +9,13 @@ jobs:
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Install Go - name: Install Go
uses: actions/setup-go@v2 uses: actions/setup-go@v5
with: with:
go-version: ${{ matrix.go-version }} go-version: ${{ matrix.go-version }}
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v4
- name: golangci-lint - name: golangci-lint
uses: golangci/golangci-lint-action@v2 uses: golangci/golangci-lint-action@v6
with: with:
version: latest version: latest
args: -c .golangci.yml -v args: -c .golangci.yml -v