-
Notifications
You must be signed in to change notification settings - Fork 195
261 lines (255 loc) · 8.78 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
---
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
contents: read
env:
CARGO_TERM_COLOR: always
# Minimum supported Rust version (MSRV)
ACTION_MSRV_TOOLCHAIN: 1.60.0
# Pinned toolchain for linting
ACTION_LINTS_TOOLCHAIN: 1.60.0
jobs:
build:
name: "Build"
runs-on: ubuntu-latest
container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel
steps:
- name: Checkout repository
uses: actions/checkout@v3
# https://github.com/actions/checkout/issues/760
- name: Mark git checkout as safe
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Codestyle
run: ./ci/codestyle.sh
- name: Build
run: ./ci/build.sh && make install DESTDIR=$(pwd)/install && tar -C install -czf install.tar .
- name: Upload binary
uses: actions/upload-artifact@v4
with:
name: install.tar
path: install.tar
build-tests:
name: "Build Integration Test Data"
runs-on: ubuntu-latest
container:
image: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel
# Run privileged to hack around createrepo_c hitting the classic seccomp
# broken behaviour of returning EPERM instead of ENOSYS. We should be able
# to drop this once `ubuntu-latest` is bumped to include the fix for
# https://github.com/opencontainers/runc/issues/2151.
options: "--user root --privileged"
steps:
- name: Checkout repository
uses: actions/checkout@v3
# https://github.com/actions/checkout/issues/760
- name: Mark git checkout as safe
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Build
run: make -C tests/kolainst && make -C tests/kolainst install DESTDIR=$(pwd)/install && tar -C install -czf tests.tar .
- name: Upload binary
uses: actions/upload-artifact@v4
with:
name: tests.tar
path: tests.tar
cxx-verify:
name: "Verify CXX generation"
runs-on: ubuntu-latest
container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel
steps:
- name: Checkout repository
uses: actions/checkout@v3
# https://github.com/actions/checkout/issues/760
- name: Mark git checkout as safe
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Codestyle
run: ./ci/verify-cxx.sh
# TODO: Enable this once we've switched closer to having `cargo build`
# be the primary buildsystem entrypoint. Right now the problem is
# in order to build the libdnf-sys dependency it relies on us having
# run through autoconf, but that flow wants to a "real" Rust build
# and not clippy.
# linting:
# name: "Lints, pinned toolchain"
# runs-on: ubuntu-latest
# container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
# steps:
# - name: Checkout repository
# uses: actions/checkout@v3
# - name: Install dependencies
# run: ./ci/installdeps.sh
# - name: Remove system Rust toolchain
# run: dnf remove -y rust cargo
# - name: Install toolchain
# uses: dtolnay/rust-toolchain@v1
# with:
# toolchain: ${{ env['ACTION_LINTS_TOOLCHAIN'] }}
# components: rustfmt, clippy
# - name: cargo fmt (check)
# run: cargo fmt -- --check -l
# - name: cargo clippy (warnings)
# run: cargo clippy -- -D warnings
#build-clang:
# name: "Build (clang)"
# runs-on: ubuntu-latest
# container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel
# steps:
# - name: Checkout repository
# uses: actions/checkout@v3
# # https://github.com/actions/checkout/issues/760
# - name: Mark git checkout as safe
# run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
# - name: Build
# run: ./ci/clang-build-check.sh
integration:
name: "Container Integration"
needs: [build, build-tests]
runs-on: ubuntu-latest
container: quay.io/fedora/fedora-coreos:testing-devel
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Download build
uses: actions/download-artifact@v4.1.7
with:
name: install.tar
- name: Install
run: tar -C / -xzvf install.tar && rm -f install.tar
- name: Download tests
uses: actions/download-artifact@v4.1.7
with:
name: tests.tar
- name: Install Tests
run: tar -C / -xzvf tests.tar && rm -f tests.tar
- name: Integration tests
run: ./ci/test-container.sh
# Try to keep this in sync with https://github.com/ostreedev/ostree-rs-ext/blob/1fc115a760eeada22599e0f57026f58b22efded4/.github/workflows/rust.yml#L163
container-build:
name: "Container build"
needs: build
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Checkout coreos-layering-examples
uses: actions/checkout@v3
with:
repository: coreos/coreos-layering-examples
path: coreos-layering-examples
- name: Download
uses: actions/download-artifact@v4.1.7
with:
name: install.tar
- name: Integration tests
run: ./ci/container-build-integration.sh
cargo-deny:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: EmbarkStudios/cargo-deny-action@v1
with:
log-level: warn
command: check bans sources licenses
compose:
name: "Compose tests"
needs: build
runs-on: ubuntu-latest
container:
image: registry.ci.openshift.org/coreos/coreos-assembler:latest
options: "--user root --privileged -v /var/tmp:/var/tmp"
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install test dependencies
run: ./ci/install-test-deps.sh
- name: Download build
uses: actions/download-artifact@v4.1.7
with:
name: install.tar
- name: Install
run: tar -C / -xzvf install.tar
- name: Integration tests
run: env TMPDIR=/var/tmp JOBS=3 ./tests/compose.sh
compose-image:
name: "compose-image tests"
needs: build
runs-on: ubuntu-latest
container:
image: registry.ci.openshift.org/coreos/coreos-assembler:latest
options: "--user root --privileged -v /var/tmp:/var/tmp"
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install test dependencies
run: ./ci/install-test-deps.sh
- name: Download build
uses: actions/download-artifact@v4.1.7
with:
name: install.tar
- name: Install
run: tar -C / -xzvf install.tar
- name: Integration tests
run: env TMPDIR=/var/tmp JOBS=3 ./tests/compose-image.sh
container-encapsulate:
name: "Encapsulate tests"
needs: build
runs-on: ubuntu-latest
container:
image: registry.ci.openshift.org/coreos/coreos-assembler:latest
options: "--user root --privileged -v /var/tmp:/var/tmp"
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Download build
uses: actions/download-artifact@v4.1.7
with:
name: install.tar
- name: Install
run: tar -C / -xzvf install.tar
- name: Integration tests
run: env TMPDIR=/var/tmp ./tests/encapsulate.sh
build-c9s:
name: "Build (c9s)"
runs-on: ubuntu-latest
container: quay.io/centos/centos:stream9
steps:
- name: Install git
run: yum -y install git
- name: Checkout repository
uses: actions/checkout@v3
with:
submodules: true
# https://github.com/actions/checkout/issues/760
- name: Mark git checkout as safe
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Run ridiculous RHEL -devel package workaround
run: ./ci/ridiculous-rhel-devel-workaround.sh
- name: Install dependencies
run: ./ci/installdeps.sh
- name: Build
run: ./ci/build.sh && make install DESTDIR=$(pwd)/install && tar -C install -czf install.tar .
- name: Upload binary
uses: actions/upload-artifact@v4
with:
name: install-c9s.tar
path: install.tar
# Doc: https://github.com/redhat-plumbers-in-action/differential-shellcheck#usage
differential-shellcheck:
name: Differential ShellCheck
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Differential ShellCheck
uses: redhat-plumbers-in-action/differential-shellcheck@v4
with:
severity: warning
token: ${{ secrets.GITHUB_TOKEN }}