1# Copyright 2021 The Sigstore Authors.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15name: CI-Tests
16
17on:
18 workflow_dispatch:
19 push:
20 paths:
21 - '**'
22 - '!**.md'
23 - '!doc/**'
24 - '!**.txt'
25 - '!images/**'
26 - '!LICENSE'
27 - 'test/**'
28 branches: ['main', 'release-*']
29 pull_request:
30
31permissions: read-all
32
33env:
34 GO_VERSION: '1.21'
35
36jobs:
37 unit-tests:
38 name: Run unit tests
39 permissions:
40 contents: read
41 runs-on: ${{ matrix.os }}
42 strategy:
43 matrix:
44 os: [macos-latest, ubuntu-latest, windows-latest]
45 env:
46 OS: ${{ matrix.os }}
47
48 steps:
49 - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
50 # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
51 - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
52 with:
53 # In order:
54 # * Module download cache
55 # * Build cache (Linux)
56 # * Build cache (Mac)
57 # * Build cache (Windows)
58 path: |
59 ~/go/pkg/mod
60 ~/.cache/go-build
61 ~/Library/Caches/go-build
62 %LocalAppData%\go-build
63 key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
64 restore-keys: |
65 ${{ runner.os }}-go-
66 - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
67 with:
68 go-version: ${{ env.GO_VERSION }}
69 check-latest: true
70 - name: Run Go tests
71 env:
72 # See #2091 for the issue describing this temp workaround.
73 GODEBUG: x509sha1=1
74 run: go test -tags=sct -covermode atomic -coverprofile coverage.txt $(go list ./... | grep -v third_party/)
75 - name: Upload Coverage Report
76 uses: codecov/codecov-action@7afa10ed9b269c561c2336fd862446844e0cbf71 # v4.2.0
77 with:
78 env_vars: OS
79 - name: Run Go tests w/ `-race`
80 env:
81 # See #2091 for the issue describing this temp workaround.
82 GODEBUG: x509sha1=1
83 if: ${{ runner.os == 'Linux' }}
84 run: go test -tags=sct -race $(go list ./... | grep -v third_party/)
85
86 e2e-tests:
87 name: Run e2e tests
88 runs-on: ubuntu-latest
89
90 steps:
91 - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
92 # Related to https://github.com/sigstore/cosign/issues/3149
93 - name: free up disk space
94 run: |
95 rm -rf /usr/share/dotnet/
96 rm -rf "$AGENT_TOOLSDIRECTORY"
97 rm -rf "/usr/local/share/boost"
98 rm -rf /opt/ghc
99 docker rmi $(docker image ls -aq) || true
100 swapoff /swapfile || true
101 rm -rf /swapfile /usr/share/dotnet /usr/local/lib/android /opt/ghc || true
102 apt purge aria2 ansible hhvm mono-devel azure-cli shellcheck rpm xorriso zsync \
103 clang-6.0 lldb-6.0 lld-6.0 clang-format-6.0 clang-8 lldb-8 lld-8 clang-format-8 \
104 clang-9 lldb-9 lld-9 clangd-9 clang-format-9 dotnet-sdk-3.0 dotnet-sdk-3.1=3.1.101-1 \
105 esl-erlang firefox g++-8 g++-9 gfortran-8 gfortran-9 google-chrome-stable \
106 google-cloud-sdk ghc-8.0.2 ghc-8.2.2 ghc-8.4.4 ghc-8.6.2 ghc-8.6.3 ghc-8.6.4 \
107 ghc-8.6.5 ghc-8.8.1 ghc-8.8.2 ghc-8.8.3 ghc-8.10.1 cabal-install-2.0 cabal-install-2.2 \
108 cabal-install-2.4 cabal-install-3.0 cabal-install-3.2 heroku imagemagick \
109 libmagickcore-dev libmagickwand-dev libmagic-dev ant ant-optional kubectl \
110 mercurial apt-transport-https mono-complete mysql-client libmysqlclient-dev \
111 mysql-server mssql-tools unixodbc-dev yarn bazel chrpath libssl-dev libxft-dev \
112 libfreetype6 libfreetype6-dev libfontconfig1 libfontconfig1-dev php7.1 php7.1-bcmath \
113 php7.1-bz2 php7.1-cgi php7.1-cli php7.1-common php7.1-curl php7.1-dba php7.1-dev \
114 php7.1-enchant php7.1-fpm php7.1-gd php7.1-gmp php7.1-imap php7.1-interbase php7.1-intl \
115 php7.1-json php7.1-ldap php7.1-mbstring php7.1-mcrypt php7.1-mysql php7.1-odbc \
116 php7.1-opcache php7.1-pgsql php7.1-phpdbg php7.1-pspell php7.1-readline php7.1-recode \
117 php7.1-snmp php7.1-soap php7.1-sqlite3 php7.1-sybase php7.1-tidy php7.1-xml \
118 php7.1-xmlrpc php7.1-xsl php7.1-zip php7.2 php7.2-bcmath php7.2-bz2 php7.2-cgi \
119 php7.2-cli php7.2-common php7.2-curl php7.2-dba php7.2-dev php7.2-enchant php7.2-fpm \
120 php7.2-gd php7.2-gmp php7.2-imap php7.2-interbase php7.2-intl php7.2-json php7.2-ldap \
121 php7.2-mbstring php7.2-mysql php7.2-odbc php7.2-opcache php7.2-pgsql php7.2-phpdbg \
122 php7.2-pspell php7.2-readline php7.2-recode php7.2-snmp php7.2-soap php7.2-sqlite3 \
123 php7.2-sybase php7.2-tidy php7.2-xml php7.2-xmlrpc php7.2-xsl php7.2-zip php7.3 \
124 php7.3-bcmath php7.3-bz2 php7.3-cgi php7.3-cli php7.3-common php7.3-curl php7.3-dba \
125 php7.3-dev php7.3-enchant php7.3-fpm php7.3-gd php7.3-gmp php7.3-imap php7.3-interbase \
126 php7.3-intl php7.3-json php7.3-ldap php7.3-mbstring php7.3-mysql php7.3-odbc \
127 php7.3-opcache php7.3-pgsql php7.3-phpdbg php7.3-pspell php7.3-readline php7.3-recode \
128 php7.3-snmp php7.3-soap php7.3-sqlite3 php7.3-sybase php7.3-tidy php7.3-xml \
129 php7.3-xmlrpc php7.3-xsl php7.3-zip php7.4 php7.4-bcmath php7.4-bz2 php7.4-cgi \
130 php7.4-cli php7.4-common php7.4-curl php7.4-dba php7.4-dev php7.4-enchant php7.4-fpm \
131 php7.4-gd php7.4-gmp php7.4-imap php7.4-interbase php7.4-intl php7.4-json php7.4-ldap \
132 php7.4-mbstring php7.4-mysql php7.4-odbc php7.4-opcache php7.4-pgsql php7.4-phpdbg \
133 php7.4-pspell php7.4-readline php7.4-snmp php7.4-soap php7.4-sqlite3 php7.4-sybase \
134 php7.4-tidy php7.4-xml php7.4-xmlrpc php7.4-xsl php7.4-zip php-amqp php-apcu \
135 php-igbinary php-memcache php-memcached php-mongodb php-redis php-xdebug \
136 php-zmq snmp pollinate libpq-dev postgresql-client powershell ruby-full \
137 sphinxsearch subversion mongodb-org -yq >/dev/null 2>&1 || true
138 apt-get remove -y 'php.*' || true
139 apt-get autoremove -y >/dev/null 2>&1 || true
140 apt-get autoclean -y >/dev/null 2>&1 || true
141 - name: check disk space
142 run: df -h
143 # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
144 - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
145 with:
146 # In order:
147 # * Module download cache
148 # * Build cache (Linux)
149 # * Build cache (Mac)
150 # * Build cache (Windows)
151 path: |
152 ~/go/pkg/mod
153 ~/.cache/go-build
154 ~/Library/Caches/go-build
155 %LocalAppData%\go-build
156 key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
157 restore-keys: |
158 ${{ runner.os }}-go-
159 - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
160 with:
161 go-version: ${{ env.GO_VERSION }}
162 check-latest: true
163 - uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
164 - name: setup kind cluster
165 run: |
166 # Used to test: cosign generate-key-pair k8s://...
167 go install sigs.k8s.io/kind@v0.20.0
168 kind create cluster
169
170 - name: Run end-to-end tests
171 run: ./test/e2e_test.sh
172
173 - name: Collect diagnostics
174 if: ${{ failure() }}
175 uses: chainguard-dev/actions/kind-diag@84c993eaf02da1c325854fb272a4df9184bd80fc # main
176
177 e2e-windows-powershell-tests:
178 name: Run PowerShell E2E tests
179 runs-on: windows-latest
180 steps:
181 - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
182 - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
183 with:
184 go-version: ${{ env.GO_VERSION }}
185 check-latest: true
186
187 # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
188 - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
189 with:
190 # In order:
191 # * Module download cache
192 # * Build cache (Windows)
193 path: |
194 ~/go/pkg/mod
195 %LocalAppData%\go-build
196 key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
197 restore-keys: |
198 ${{ runner.os }}-go-
199
200 - name: Run e2e_test.ps1
201 run: ./test/e2e_test.ps1
202
203 license-check:
204 name: license boilerplate check
205 runs-on: ubuntu-latest
206 steps:
207 - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
208 - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
209 with:
210 go-version: ${{ env.GO_VERSION }}
211 check-latest: true
212 - name: Install addlicense
213 run: go install github.com/google/addlicense@latest
214 - name: Check license headers
215 run: |
216 set -e
217 addlicense -check -l apache -c 'The Sigstore Authors' -ignore "third_party/**" -v *
218
219 golangci:
220 name: lint
221 runs-on: ubuntu-latest
222 steps:
223 - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
224 - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
225 with:
226 go-version: '1.21'
227 check-latest: true
228 - name: golangci-lint
229 uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
230 with:
231 # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
232 version: v1.56
233 args: --timeout=5m
View as plain text