github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/.github/workflows/validate.yml (about) 1 name: validate 2 on: 3 push: 4 tags: 5 - v* 6 branches: 7 - main 8 - release-* 9 pull_request: 10 env: 11 GO_VERSION: 1.20.x 12 permissions: 13 contents: read 14 15 jobs: 16 keyring: 17 runs-on: ubuntu-22.04 18 steps: 19 - uses: actions/checkout@v4 20 - name: check runc.keyring 21 run: make validate-keyring 22 23 lint: 24 timeout-minutes: 30 25 permissions: 26 contents: read 27 pull-requests: read 28 checks: write # to allow the action to annotate code in the PR. 29 runs-on: ubuntu-22.04 30 steps: 31 - uses: actions/checkout@v4 32 with: 33 fetch-depth: 2 34 - uses: actions/setup-go@v5 35 with: 36 go-version: "${{ env.GO_VERSION }}" 37 - name: install deps 38 run: | 39 sudo apt -q update 40 sudo apt -qy install libseccomp-dev 41 - uses: golangci/golangci-lint-action@v6 42 with: 43 version: v1.57 44 # Extra linters, only checking new code from a pull request. 45 - name: lint-extra 46 if: github.event_name == 'pull_request' 47 run: | 48 golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1 49 50 compile-buildtags: 51 runs-on: ubuntu-22.04 52 env: 53 # Don't ignore C warnings. Note that the output of "go env CGO_CFLAGS" by default is "-g -O2", so we keep them. 54 CGO_CFLAGS: -g -O2 -Werror 55 steps: 56 - uses: actions/checkout@v4 57 - name: install go 58 uses: actions/setup-go@v5 59 with: 60 go-version: "${{ env.GO_VERSION }}" 61 - name: compile with no build tags 62 run: make BUILDTAGS="" 63 64 codespell: 65 runs-on: ubuntu-22.04 66 steps: 67 - uses: actions/checkout@v4 68 - name: install deps 69 # Version of codespell bundled with Ubuntu is way old, so use pip. 70 run: pip install codespell 71 - name: run codespell 72 run: codespell 73 74 shfmt: 75 runs-on: ubuntu-22.04 76 steps: 77 - uses: actions/checkout@v4 78 - name: shfmt 79 run: make shfmt 80 81 shellcheck: 82 runs-on: ubuntu-22.04 83 steps: 84 - uses: actions/checkout@v4 85 - name: install shellcheck 86 env: 87 VERSION: v0.9.0 88 BASEURL: https://github.com/koalaman/shellcheck/releases/download 89 SHA256: 7087178d54de6652b404c306233264463cb9e7a9afeb259bb663cc4dbfd64149 90 run: | 91 mkdir ~/bin 92 curl -sSfL --retry 5 $BASEURL/$VERSION/shellcheck-$VERSION.linux.x86_64.tar.xz | 93 tar xfJ - -C ~/bin --strip 1 shellcheck-$VERSION/shellcheck 94 sha256sum --strict --check - <<<"$SHA256 *$HOME/bin/shellcheck" 95 # make sure to remove the old version 96 sudo rm -f /usr/bin/shellcheck 97 # Add ~/bin to $PATH. 98 echo ~/bin >> $GITHUB_PATH 99 - uses: lumaxis/shellcheck-problem-matchers@v2 100 - name: run 101 run: make shellcheck 102 - name: check-config.sh 103 run : ./script/check-config.sh 104 105 space-at-eol: 106 runs-on: ubuntu-latest 107 steps: 108 - uses: actions/checkout@v4 109 - run: rm -fr vendor 110 - run: if git -P grep -I -n '\s$'; then echo "^^^ extra whitespace at EOL, please fix"; exit 1; fi 111 112 deps: 113 runs-on: ubuntu-22.04 114 steps: 115 - uses: actions/checkout@v4 116 - name: install go 117 uses: actions/setup-go@v5 118 with: 119 go-version: "${{ env.GO_VERSION }}" 120 - name: verify deps 121 run: make verify-dependencies 122 123 124 commit: 125 permissions: 126 contents: read 127 pull-requests: read 128 runs-on: ubuntu-22.04 129 # Only check commits on pull requests. 130 if: github.event_name == 'pull_request' 131 steps: 132 - name: get pr commits 133 id: 'get-pr-commits' 134 uses: tim-actions/get-pr-commits@v1.3.1 135 with: 136 token: ${{ secrets.GITHUB_TOKEN }} 137 138 - name: check subject line length 139 uses: tim-actions/commit-message-checker-with-regex@v0.3.2 140 with: 141 commits: ${{ steps.get-pr-commits.outputs.commits }} 142 pattern: '^.{0,72}(\n.*)*$' 143 error: 'Subject too long (max 72)' 144 145 cfmt: 146 runs-on: ubuntu-22.04 147 steps: 148 - name: checkout 149 uses: actions/checkout@v4 150 with: 151 fetch-depth: 0 152 - name: install deps 153 run: | 154 sudo apt -qq update 155 sudo apt -qqy install indent 156 - name: cfmt 157 run: | 158 make cfmt 159 git diff --exit-code 160 161 162 release: 163 timeout-minutes: 30 164 runs-on: ubuntu-22.04 165 steps: 166 - name: checkout 167 uses: actions/checkout@v4 168 with: 169 fetch-depth: 0 170 171 - name: check CHANGELOG.md 172 run: make verify-changelog 173 174 # We have to run this under Docker as Ubuntu (host) does not support all 175 # the architectures we want to compile test against, and Dockerfile uses 176 # Debian (which does). 177 # 178 # XXX: as currently this is the only job that is using Docker, we are 179 # building and using the runcimage locally. In case more jobs running 180 # under Docker will emerge, it will be good to have a separate make 181 # runcimage job and share its result (the docker image) with whoever 182 # needs it. 183 - name: build docker image 184 run: make runcimage 185 - name: make releaseall 186 run: make releaseall 187 - name: upload artifacts 188 uses: actions/upload-artifact@v4 189 with: 190 name: release-${{ github.run_id }} 191 path: release/* 192 193 194 get-images: 195 runs-on: ubuntu-22.04 196 steps: 197 - uses: actions/checkout@v4 198 with: 199 fetch-depth: 0 200 - name: install bashbrew 201 env: 202 BASEURL: https://github.com/docker-library/bashbrew/releases/download 203 VERSION: v0.1.7 204 SHA256: 6b71a6fccfb2025d48a2b23324836b5513c29abfd2d16a57b7a2f89bd02fe53a 205 run: | 206 mkdir ~/bin 207 curl -sSfL --retry 5 -o ~/bin/bashbrew \ 208 $BASEURL/$VERSION/bashbrew-amd64 209 sha256sum --strict --check - <<<"$SHA256 *$HOME/bin/bashbrew" 210 chmod a+x ~/bin/bashbrew 211 # Add ~/bin to $PATH. 212 echo ~/bin >> $GITHUB_PATH 213 - name: check that get-images.sh is up to date 214 run: | 215 cd tests/integration 216 ./bootstrap-get-images.sh > get-images.sh 217 git diff --exit-code