1name: validate
2on:
3 push:
4 tags:
5 - v*
6 branches:
7 - master
8 - release-*
9 pull_request:
10env:
11 GO_VERSION: 1.20.x
12
13jobs:
14 keyring:
15 runs-on: ubuntu-22.04
16 steps:
17 - uses: actions/checkout@v3
18 - name: check runc.keyring
19 run: make validate-keyring
20
21 lint:
22 runs-on: ubuntu-20.04
23 steps:
24 - uses: actions/checkout@v3
25 with:
26 fetch-depth: 2
27 - uses: actions/setup-go@v4
28 with:
29 go-version: "${{ env.GO_VERSION }}"
30 cache: false # golangci-lint-action does its own caching
31 - name: install deps
32 run: |
33 sudo apt -q update
34 sudo apt -q install libseccomp-dev
35 - uses: golangci/golangci-lint-action@v3
36 with:
37 version: v1.53
38 # Extra linters, only checking new code from a pull request.
39 - name: lint-extra
40 if: github.event_name == 'pull_request'
41 run: |
42 golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1 --out-format=github-actions
43
44 compile-buildtags:
45 runs-on: ubuntu-20.04
46 env:
47 # Don't ignore C warnings. Note that the output of "go env CGO_CFLAGS" by default is "-g -O2", so we keep them.
48 CGO_CFLAGS: -g -O2 -Werror
49 steps:
50 - uses: actions/checkout@v3
51 - name: install go
52 uses: actions/setup-go@v4
53 with:
54 go-version: "${{ env.GO_VERSION }}"
55 - name: compile with no build tags
56 run: make BUILDTAGS=""
57
58 codespell:
59 runs-on: ubuntu-20.04
60 steps:
61 - uses: actions/checkout@v3
62 - name: install deps
63 # Version of codespell bundled with Ubuntu is way old, so use pip.
64 run: pip install codespell
65 - name: run codespell
66 run: codespell
67
68 shfmt:
69 runs-on: ubuntu-20.04
70 steps:
71 - uses: actions/checkout@v3
72 - name: shfmt
73 run: make shfmt
74
75 shellcheck:
76 runs-on: ubuntu-20.04
77 steps:
78 - uses: actions/checkout@v3
79 - name: vars
80 run: |
81 echo 'VERSION=v0.8.0' >> $GITHUB_ENV
82 echo 'BASEURL=https://github.com/koalaman/shellcheck/releases/download' >> $GITHUB_ENV
83 echo 'SHA256SUM=f4bce23c11c3919c1b20bcb0f206f6b44c44e26f2bc95f8aa708716095fa0651' >> $GITHUB_ENV
84 echo ~/bin >> $GITHUB_PATH
85 - name: install shellcheck
86 run: |
87 mkdir ~/bin
88 curl -sSfL --retry 5 $BASEURL/$VERSION/shellcheck-$VERSION.linux.x86_64.tar.xz |
89 tar xfJ - -C ~/bin --strip 1 shellcheck-$VERSION/shellcheck
90 sha256sum ~/bin/shellcheck | grep -q $SHA256SUM
91 # make sure to remove the old version
92 sudo rm -f /usr/bin/shellcheck
93 - uses: lumaxis/shellcheck-problem-matchers@v2
94 - name: shellcheck
95 run: |
96 make shellcheck
97 - name: check-config.sh
98 run : ./script/check-config.sh
99
100 deps:
101 runs-on: ubuntu-20.04
102 steps:
103 - uses: actions/checkout@v3
104 - name: install go
105 uses: actions/setup-go@v4
106 with:
107 go-version: "${{ env.GO_VERSION }}"
108 - name: verify deps
109 run: make verify-dependencies
110
111
112 commit:
113 runs-on: ubuntu-20.04
114 # Only check commits on pull requests.
115 if: github.event_name == 'pull_request'
116 steps:
117 - name: get pr commits
118 id: 'get-pr-commits'
119 uses: tim-actions/get-pr-commits@v1.1.0
120 with:
121 token: ${{ secrets.GITHUB_TOKEN }}
122
123 - name: check subject line length
124 uses: tim-actions/commit-message-checker-with-regex@v0.3.1
125 with:
126 commits: ${{ steps.get-pr-commits.outputs.commits }}
127 pattern: '^.{0,72}(\n.*)*$'
128 error: 'Subject too long (max 72)'
129
130 cfmt:
131 runs-on: ubuntu-20.04
132 steps:
133 - name: checkout
134 uses: actions/checkout@v3
135 with:
136 fetch-depth: 0
137 - name: install deps
138 run: |
139 sudo apt -qq update
140 sudo apt -qq install indent
141 - name: cfmt
142 run: |
143 make cfmt
144 git diff --exit-code
145
146
147 release:
148 runs-on: ubuntu-20.04
149 steps:
150 - name: checkout
151 uses: actions/checkout@v3
152 with:
153 fetch-depth: 0
154
155 - name: check CHANGELOG.md
156 run: make verify-changelog
157
158 # We have to run this under Docker as Ubuntu (host) does not support all
159 # the architectures we want to compile test against, and Dockerfile uses
160 # Debian (which does).
161 #
162 # XXX: as currently this is the only job that is using Docker, we are
163 # building and using the runcimage locally. In case more jobs running
164 # under Docker will emerge, it will be good to have a separate make
165 # runcimage job and share its result (the docker image) with whoever
166 # needs it.
167 - name: build docker image
168 run: make runcimage
169 - name: make releaseall
170 run: make releaseall
171 - name: upload artifacts
172 uses: actions/upload-artifact@v3
173 with:
174 name: release-${{ github.run_id }}
175 path: release/*
View as plain text