mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-05-16 20:37:15 +00:00
1c1945f997
Ensures go.mod and go.sum files are kept up-to-date on PRs that modify Go code, go modules, or the Go version in versions.yaml. The workflow can also be run directly from the GitHub UI, in order to check the tidyness of the target branch. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Signed-off-by: Greg Kurz <groug@kaod.org>
272 lines
9.3 KiB
YAML
272 lines
9.3 KiB
YAML
on:
|
|
pull_request:
|
|
types:
|
|
- opened
|
|
- edited
|
|
- reopened
|
|
- synchronize
|
|
workflow_dispatch:
|
|
|
|
permissions: {}
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
name: Static checks
|
|
jobs:
|
|
skipper:
|
|
uses: ./.github/workflows/gatekeeper-skipper.yaml
|
|
with:
|
|
commit-hash: ${{ github.event.pull_request.head.sha }}
|
|
target-branch: ${{ github.event.pull_request.base.ref }}
|
|
|
|
check-kernel-config-version:
|
|
name: check-kernel-config-version
|
|
needs: skipper
|
|
if: ${{ needs.skipper.outputs.skip_static != 'yes' }}
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Checkout the code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
- name: Ensure the kernel config version has been updated
|
|
run: |
|
|
kernel_dir="tools/packaging/kernel/"
|
|
kernel_version_file="${kernel_dir}kata_config_version"
|
|
modified_files=$(git diff --name-only origin/"$GITHUB_BASE_REF"..HEAD)
|
|
if git diff --name-only origin/"$GITHUB_BASE_REF"..HEAD "${kernel_dir}" | grep "${kernel_dir}"; then
|
|
echo "Kernel directory has changed, checking if $kernel_version_file has been updated"
|
|
if echo "$modified_files" | grep -v "README.md" | grep "${kernel_dir}" >>"/dev/null"; then
|
|
echo "$modified_files" | grep "$kernel_version_file" >>/dev/null || ( echo "Please bump version in $kernel_version_file" && exit 1)
|
|
else
|
|
echo "Readme file changed, no need for kernel config version update."
|
|
fi
|
|
echo "Check passed"
|
|
fi
|
|
|
|
build-checks:
|
|
needs: skipper
|
|
if: ${{ needs.skipper.outputs.skip_static != 'yes' }}
|
|
uses: ./.github/workflows/build-checks.yaml
|
|
with:
|
|
instance: ubuntu-22.04
|
|
|
|
build-checks-depending-on-kvm:
|
|
name: build-checks-depending-on-kvm
|
|
runs-on: ubuntu-22.04
|
|
needs: skipper
|
|
if: ${{ needs.skipper.outputs.skip_static != 'yes' }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
component:
|
|
- runtime-rs
|
|
include:
|
|
- component: runtime-rs
|
|
command: "sudo -E env PATH=$PATH LIBC=gnu SUPPORT_VIRTUALIZATION=true make test"
|
|
- component: runtime-rs
|
|
component-path: src/dragonball
|
|
steps:
|
|
- name: Checkout the code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
- name: Install system deps
|
|
run: |
|
|
sudo apt-get update && sudo apt-get install -y build-essential musl-tools
|
|
- name: Install yq
|
|
run: |
|
|
sudo -E ./ci/install_yq.sh
|
|
env:
|
|
INSTALL_IN_GOPATH: false
|
|
- name: Install rust
|
|
run: |
|
|
export PATH="$PATH:/usr/local/bin"
|
|
./tests/install_rust.sh
|
|
- name: Running `${{ matrix.command }}` for ${{ matrix.component }}
|
|
run: |
|
|
export PATH="$PATH:${HOME}/.cargo/bin"
|
|
cd "${COMPONENT_PATH}"
|
|
eval "${COMMAND}"
|
|
env:
|
|
COMMAND: ${{ matrix.command }}
|
|
COMPONENT_PATH: ${{ matrix.component-path }}
|
|
RUST_BACKTRACE: "1"
|
|
RUST_LIB_BACKTRACE: "0"
|
|
|
|
static-checks:
|
|
name: static-checks
|
|
runs-on: ubuntu-22.04
|
|
needs: skipper
|
|
if: ${{ needs.skipper.outputs.skip_static != 'yes' }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
cmd:
|
|
- "make static-checks"
|
|
env:
|
|
GOPATH: ${{ github.workspace }}
|
|
permissions:
|
|
contents: read # for checkout
|
|
packages: write # for push to ghcr.io
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
path: ./src/github.com/${{ github.repository }}
|
|
- name: Install yq
|
|
run: |
|
|
cd "${GOPATH}/src/github.com/${GITHUB_REPOSITORY}"
|
|
./ci/install_yq.sh
|
|
env:
|
|
INSTALL_IN_GOPATH: false
|
|
- name: Read properties from versions.yaml
|
|
run: |
|
|
cd "${GOPATH}/src/github.com/${GITHUB_REPOSITORY}"
|
|
go_version="$(yq '.languages.golang.version' versions.yaml)"
|
|
[ -n "$go_version" ]
|
|
echo "GO_VERSION=${go_version}" >> "$GITHUB_ENV"
|
|
- name: Setup Golang version ${{ env.GO_VERSION }}
|
|
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
- name: Install system dependencies
|
|
run: |
|
|
sudo apt-get update && sudo apt-get -y install moreutils
|
|
- name: Install open-policy-agent
|
|
run: |
|
|
cd "${GOPATH}/src/github.com/${GITHUB_REPOSITORY}"
|
|
./tests/install_opa.sh
|
|
- name: Install regorus
|
|
env:
|
|
ARTEFACT_REPOSITORY: "${{ github.repository }}"
|
|
ARTEFACT_REGISTRY_USERNAME: "${{ github.actor }}"
|
|
ARTEFACT_REGISTRY_PASSWORD: "${{ secrets.GITHUB_TOKEN }}"
|
|
run: |
|
|
"${GOPATH}/src/github.com/${GITHUB_REPOSITORY}/tests/install_regorus.sh"
|
|
- name: Run check
|
|
env:
|
|
CMD: ${{ matrix.cmd }}
|
|
run: |
|
|
export PATH="${PATH}:${GOPATH}/bin"
|
|
cd "${GOPATH}/src/github.com/${GITHUB_REPOSITORY}" && ${CMD}
|
|
|
|
govulncheck:
|
|
needs: skipper
|
|
if: ${{ needs.skipper.outputs.skip_static != 'yes' }}
|
|
uses: ./.github/workflows/govulncheck.yaml
|
|
|
|
codegen:
|
|
name: codegen
|
|
runs-on: ubuntu-22.04
|
|
needs: skipper
|
|
if: ${{ needs.skipper.outputs.skip_static != 'yes' }}
|
|
permissions:
|
|
contents: read # for checkout
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
- name: generate
|
|
run: make -C src/agent generate-protocols
|
|
- name: check for diff
|
|
run: |
|
|
diff=$(git diff)
|
|
if [[ -z "${diff}" ]]; then
|
|
echo "No diff detected."
|
|
exit 0
|
|
fi
|
|
|
|
cat << EOF >> "${GITHUB_STEP_SUMMARY}"
|
|
Run \`make -C src/agent generate-protocols\` to update protobuf bindings.
|
|
|
|
\`\`\`diff
|
|
${diff}
|
|
\`\`\`
|
|
EOF
|
|
|
|
echo "::error::Golang protobuf bindings need to be regenerated (see Github step summary for diff)."
|
|
exit 1
|
|
|
|
go-mod-tidy:
|
|
name: go-mod-tidy
|
|
runs-on: ubuntu-22.04
|
|
needs: skipper
|
|
if: ${{ needs.skipper.outputs.skip_static != 'yes' }}
|
|
permissions:
|
|
contents: read # for checkout
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
- name: Check if Go-related files changed
|
|
id: check_go_changes
|
|
run: |
|
|
if [[ -z "${GITHUB_BASE_REF}" ]]; then
|
|
echo "run_go_mod_tidy=true" >> "${GITHUB_OUTPUT}"
|
|
echo "Called from workflow_dispatch, will run go mod tidy check"
|
|
exit 0
|
|
fi
|
|
modified_files=$(git diff --name-only origin/"${GITHUB_BASE_REF}"..HEAD)
|
|
if echo "${modified_files}" | grep -E '\.(go|mod|sum)$|^versions\.yaml$' > /dev/null; then
|
|
echo "run_go_mod_tidy=true" >> "${GITHUB_OUTPUT}"
|
|
echo "Go-related files changed, will run go mod tidy check"
|
|
else
|
|
echo "run_go_mod_tidy=false" >> "${GITHUB_OUTPUT}"
|
|
echo "No Go-related files changed, skipping go mod tidy check"
|
|
fi
|
|
- name: Install yq
|
|
if: steps.check_go_changes.outputs.run_go_mod_tidy == 'true'
|
|
run: ./ci/install_yq.sh
|
|
env:
|
|
INSTALL_IN_GOPATH: false
|
|
- name: Read properties from versions.yaml
|
|
if: steps.check_go_changes.outputs.run_go_mod_tidy == 'true'
|
|
run: |
|
|
go_version="$(yq '.languages.golang.version' versions.yaml)"
|
|
[ -n "${go_version}" ]
|
|
echo "GO_VERSION=${go_version}" >> "${GITHUB_ENV}"
|
|
- name: Setup Golang version ${{ env.GO_VERSION }}
|
|
if: steps.check_go_changes.outputs.run_go_mod_tidy == 'true'
|
|
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
- name: Run go mod tidy
|
|
if: steps.check_go_changes.outputs.run_go_mod_tidy == 'true'
|
|
run: |
|
|
# Run go mod tidy in all directories with go.mod files
|
|
mapfile -t go_mod_dirs < <(find . -name 'go.mod' -exec dirname {} \;)
|
|
for dir in "${go_mod_dirs[@]}"; do
|
|
echo "Running go mod tidy in ${dir}"
|
|
(cd "${dir}" && go mod tidy)
|
|
done
|
|
- name: Check for diff
|
|
if: steps.check_go_changes.outputs.run_go_mod_tidy == 'true'
|
|
run: |
|
|
diff=$(git diff)
|
|
if [[ -z "${diff}" ]]; then
|
|
echo "No diff detected."
|
|
exit 0
|
|
fi
|
|
|
|
cat << EOF >> "${GITHUB_STEP_SUMMARY}"
|
|
Run \`go mod tidy\` in the affected modules to update go.mod and go.sum files.
|
|
|
|
\`\`\`diff
|
|
${diff}
|
|
\`\`\`
|
|
EOF
|
|
|
|
echo "::error::Go modules are not up-to-date (see Github step summary for diff)."
|
|
exit 1
|