name: LinuxKit CI on: [push, pull_request] env: TOTAL_SHARDS: 12 # change here once jobs: build: name: Build & Test strategy: matrix: target: - os: linux arch: amd64 suffix: amd64-linux runner: ubuntu-latest - os: linux arch: arm64 suffix: arm64-linux runner: ubuntu-latest - os: linux arch: s390x suffix: s390x-linux runner: ubuntu-latest - os: darwin arch: amd64 suffix: amd64-darwin runner: macos-latest - os: darwin arch: arm64 suffix: arm64-darwin runner: macos-latest - os: windows arch: amd64 suffix: amd64-windows.exe runner: ubuntu-latest runs-on: ${{ matrix.target.runner }} steps: - name: Check out code uses: actions/checkout@v4 - name: Set up Go based on go.mod uses: actions/setup-go@v5 with: go-version-file: 'src/cmd/linuxkit/go.mod' id: go - name: Set path run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH env: GOPATH: ${{runner.workspace}} - name: golangci-lint CLI uses: golangci/golangci-lint-action@v7 with: version: v2.0.2 working-directory: src/cmd/linuxkit args: --verbose --timeout=10m - name: go vet CLI run: | cd src/cmd/linuxkit && go vet ./... - name: Build run: | make GOARCH=${{matrix.target.arch}} GOOS=${{matrix.target.os}} LOCAL_TARGET=$(pwd)/bin/linuxkit-${{matrix.target.suffix}} local-build file bin/linuxkit-${{matrix.target.suffix}} env: GOPATH: ${{runner.workspace}} - name: Checksum run: | cd bin if command -v sha256sum > /dev/null; then sha256sum linuxkit-${{matrix.target.suffix}} > linuxkit-${{matrix.target.suffix}}.SHA256SUM else openssl sha256 -r linuxkit-${{matrix.target.suffix}} | tr -d '*' > linuxkit-${{matrix.target.suffix}}.SHA256SUM fi cat linuxkit-${{matrix.target.suffix}}.SHA256SUM - name: Test run: make local-test env: GOPATH: ${{runner.workspace}} - name: Upload binary uses: actions/upload-artifact@v4 with: name: linuxkit-${{matrix.target.suffix}} path: | bin/linuxkit-${{matrix.target.suffix}} bin/linuxkit-${{matrix.target.suffix}}.SHA256SUM if-no-files-found: error build_packages: name: Build Packages needs: build runs-on: ubuntu-latest steps: - name: Check out code uses: actions/checkout@v4 - name: Set up binfmt # Only register arm64 as we are on amd64 already. s390x is not reliable run: docker run --privileged --rm tonistiigi/binfmt --install arm64 - name: Download linuxkit uses: actions/download-artifact@v4 with: name: linuxkit-amd64-linux path: bin - name: Symlink Linuxkit run: | chmod ugo+x bin/linuxkit-amd64-linux sudo ln -s $(pwd)/bin/linuxkit-amd64-linux /usr/local/bin/linuxkit /usr/local/bin/linuxkit version - name: Cache Packages uses: actions/cache@v4 with: path: ~/.linuxkit/cache/ key: ${{ runner.os }}-linuxkit-${{ github.sha }} restore-keys: | ${{ runner.os }}-linuxkit- - name: Build Packages # Skip s390x as emulation is unreliable run: | make OPTIONS="-v 2 --skip-platforms linux/s390x" -C pkg build - name: Build Test Packages # ensures that the test packages are in linuxkit cache when we need them for tests later # Skip s390x as emulation is unreliable run: | make OPTIONS="-v 2 --skip-platforms linux/s390x" -C test/pkg build - name: Check Kernel Dependencies up to date # checks that any kernel dependencies are up to date. # if they are, then running `make update-kernel-yamls` will not change anything run: | echo "checking git diff before running make update-kernel-yamls" git diff --exit-code echo "running make update-kernel-yamls" make -C kernel update-kernel-yamls echo "checking git diff again after running make update-kernel-yamls; should be no changes" git diff --exit-code - name: Build Kernels # ensures that the kernel packages are in linuxkit cache when we need them for tests later # no need for excluding s390x, as each build.yml in the kernel explicitly lists archs run: | make OPTIONS="-v 2" -C kernel build - name: list cache contents run: | linuxkit cache ls gen_package_test_matrix: name: Generate Package Test Matrix needs: [ build_packages, build ] runs-on: ubuntu-latest outputs: shard_list: ${{ steps.mk.outputs.list }} steps: - name: Generate Test Matrix id: mk shell: bash run: | set -x N="${{ env.TOTAL_SHARDS }}" # Priority: repo var SHARDS → event-based default (PR=6, else 10) if [ -n "${{ vars.SHARDS }}" ]; then N="${{ vars.SHARDS }}" fi # Build JSON array ["1/N","2/N",...,"N/N"] shards="" for i in $(seq 1 "$N"); do if [ -z "$shards" ]; then shards="\"$i/$N\"" else shards="$shards,\"$i/$N\"" fi done echo "list=[$shards]" >> "$GITHUB_OUTPUT" test_packages: name: Packages Tests needs: [ build_packages, build, gen_package_test_matrix ] runs-on: ubuntu-latest strategy: matrix: shard: ${{ fromJson(needs.gen_package_test_matrix.outputs.shard_list) }} steps: - name: Check out code uses: actions/checkout@v4 - name: Install Pre-Requisites run: | export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -qy qemu-utils qemu-system-x86 expect - name: Restore RTF From Cache id: cache-rtf uses: actions/cache@v4 with: path: bin key: rtf-${{hashFiles('Makefile')}} - name: Build RTF if: steps.cache-rtf.outputs.cache-hit != 'true' run: make bin/rtf - name: Symlink RTF run: | sudo ln -s $(pwd)/bin/rtf /usr/local/bin/rtf - name: Download linuxkit uses: actions/download-artifact@v4 with: name: linuxkit-amd64-linux path: bin - name: Symlink Linuxkit run: | chmod ugo+x bin/linuxkit-amd64-linux sudo ln -s $(pwd)/bin/linuxkit-amd64-linux /usr/local/bin/linuxkit /usr/local/bin/linuxkit version - name: Restore Package Cache uses: actions/cache@v4 with: path: ~/.linuxkit/cache/ key: ${{ runner.os }}-linuxkit-${{ github.sha }} restore-keys: | ${{ runner.os }}-linuxkit- - name: list cache contents run: | linuxkit cache ls - name: Run Tests run: make test TEST_SUITE=linuxkit.packages TEST_SHARD=${{ matrix.shard }} test_kernel: name: Kernel Tests needs: [ build_packages, build ] runs-on: ubuntu-latest steps: - name: Check out code uses: actions/checkout@v4 - name: Install Pre-Requisites run: | export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -qy qemu-utils qemu-system-x86 expect - name: Restore RTF From Cache id: cache-rtf uses: actions/cache@v4 with: path: bin key: rtf-${{hashFiles('Makefile')}} - name: Build RTF if: steps.cache-rtf.outputs.cache-hit != 'true' run: make bin/rtf - name: Symlink RTF run: | sudo ln -s $(pwd)/bin/rtf /usr/local/bin/rtf - name: Download linuxkit uses: actions/download-artifact@v4 with: name: linuxkit-amd64-linux path: bin - name: Symlink Linuxkit run: | chmod ugo+x bin/linuxkit-amd64-linux sudo ln -s $(pwd)/bin/linuxkit-amd64-linux /usr/local/bin/linuxkit /usr/local/bin/linuxkit version - name: Restore Package Cache uses: actions/cache@v4 with: path: ~/.linuxkit/cache/ key: ${{ runner.os }}-linuxkit-${{ github.sha }} restore-keys: | ${{ runner.os }}-linuxkit- - name: list cache contents run: | linuxkit cache ls - name: Run Tests run: make test TEST_SUITE=linuxkit.kernel test_linuxkit: name: LinuxKit Build Tests needs: [ build_packages, build ] runs-on: ubuntu-latest steps: - name: Check out code uses: actions/checkout@v4 - name: Install Pre-Requisites run: | export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -qy qemu-utils qemu-system-x86 expect - name: Restore RTF From Cache id: cache-rtf uses: actions/cache@v4 with: path: bin key: rtf-${{hashFiles('Makefile')}} - name: Restore Package Cache uses: actions/cache@v4 with: path: ~/.linuxkit/cache/ key: ${{ runner.os }}-linuxkit-${{ github.sha }} restore-keys: | ${{ runner.os }}-linuxkit- - name: Build RTF if: steps.cache-rtf.outputs.cache-hit != 'true' run: make bin/rtf - name: Symlink RTF run: | sudo ln -s $(pwd)/bin/rtf /usr/local/bin/rtf - name: Download linuxkit uses: actions/download-artifact@v4 with: name: linuxkit-amd64-linux path: bin - name: Symlink Linuxkit run: | chmod ugo+x bin/linuxkit-amd64-linux sudo ln -s $(pwd)/bin/linuxkit-amd64-linux /usr/local/bin/linuxkit /usr/local/bin/linuxkit version - name: list cache contents run: | linuxkit cache ls - name: Run Tests run: make test TEST_SUITE=linuxkit.build test_platforms: name: Platform Tests needs: [ build_packages, build ] runs-on: ubuntu-latest steps: - name: Check out code uses: actions/checkout@v4 - name: Install Pre-Requisites run: | export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -qy qemu-utils qemu-system-x86 expect - name: Restore RTF From Cache id: cache-rtf uses: actions/cache@v4 with: path: bin key: rtf-${{hashFiles('Makefile')}} - name: Build RTF if: steps.cache-rtf.outputs.cache-hit != 'true' run: make bin/rtf - name: Symlink RTF run: | sudo ln -s $(pwd)/bin/rtf /usr/local/bin/rtf - name: Download linuxkit uses: actions/download-artifact@v4 with: name: linuxkit-amd64-linux path: bin - name: Symlink Linuxkit run: | chmod ugo+x bin/linuxkit-amd64-linux sudo ln -s $(pwd)/bin/linuxkit-amd64-linux /usr/local/bin/linuxkit /usr/local/bin/linuxkit version - name: Restore Package Cache uses: actions/cache@v4 with: path: ~/.linuxkit/cache/ key: ${{ runner.os }}-linuxkit-${{ github.sha }} restore-keys: | ${{ runner.os }}-linuxkit- - name: list cache contents run: | linuxkit cache ls - name: Run Tests run: make test TEST_SUITE=linuxkit.platforms test_security: name: Security Tests needs: [ build_packages, build ] runs-on: ubuntu-latest steps: - name: Check out code uses: actions/checkout@v4 - name: Install Pre-Requisites run: | export DEBIAN_FRONTEND=noninteractive sudo apt-get update sudo apt-get install -qy qemu-utils qemu-system-x86 expect - name: Restore RTF From Cache id: cache-rtf uses: actions/cache@v4 with: path: bin key: rtf-${{hashFiles('Makefile')}} - name: Build RTF if: steps.cache-rtf.outputs.cache-hit != 'true' run: make bin/rtf - name: Symlink RTF run: | sudo ln -s $(pwd)/bin/rtf /usr/local/bin/rtf - name: Download linuxkit uses: actions/download-artifact@v4 with: name: linuxkit-amd64-linux path: bin - name: Symlink Linuxkit run: | chmod ugo+x bin/linuxkit-amd64-linux sudo ln -s $(pwd)/bin/linuxkit-amd64-linux /usr/local/bin/linuxkit /usr/local/bin/linuxkit version - name: Restore Package Cache uses: actions/cache@v4 with: path: ~/.linuxkit/cache/ key: ${{ runner.os }}-linuxkit-${{ github.sha }} restore-keys: | ${{ runner.os }}-linuxkit- - name: list cache contents run: | linuxkit cache ls - name: Run Tests run: make test TEST_SUITE=linuxkit.security