build(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 #7735
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| pull_request: {} | |
| push: | |
| tags: | |
| - "*" | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_TERM_COLOR: always | |
| NIX_VERSION: "2.32.4" | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Setup Cache | |
| uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - run: .github/install-deps | |
| - name: Select Toolchain | |
| uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 | |
| with: | |
| toolchain: stable | |
| components: rustfmt | |
| - run: cargo build && git diff --exit-code | |
| dependencies: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - run: make verify-dependencies | |
| go-lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 | |
| with: | |
| go-version-file: go.mod | |
| - uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 | |
| with: | |
| version: v2.8.0 | |
| only-new-issues: true | |
| get-script: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0 | |
| - run: scripts/get | |
| release-static: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| env: | |
| COSIGN_EXPERIMENTAL: 1 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Setup Cache | |
| uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-release-static-${{ hashFiles('**/Cargo.lock') }} | |
| - run: .github/install-deps | |
| - name: Select Toolchain | |
| uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 | |
| with: | |
| toolchain: stable | |
| components: rustfmt | |
| - run: make release-static | |
| - run: | | |
| mkdir ${{ github.sha }} | |
| mv target/x86_64-unknown-linux-gnu/release/conmonrs ${{ github.sha }} | |
| - run: ./${{ github.sha }}/conmonrs -v | |
| - uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0 | |
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
| - name: Sign binary | |
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
| run: | | |
| cd ${{ github.sha }} | |
| cosign sign-blob -y conmonrs \ | |
| --bundle conmonrs.bundle \ | |
| --output-signature conmonrs.sig \ | |
| --output-certificate conmonrs.cert | |
| - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: conmonrs | |
| path: ${{ github.sha }}/* | |
| - uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 | |
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
| with: | |
| credentials_json: ${{ secrets.GCS_CRIO_SA }} | |
| - uses: google-github-actions/upload-cloud-storage@6397bd7208e18d13ba2619ee21b9873edc94427a # v3.0.0 | |
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
| with: | |
| path: ${{ github.sha }} | |
| destination: cri-o/conmon-rs | |
| create-marker: | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
| needs: | |
| - release-static | |
| - build-static | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - run: .github/create-marker | |
| - uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 | |
| with: | |
| credentials_json: ${{ secrets.GCS_CRIO_SA }} | |
| - uses: google-github-actions/upload-cloud-storage@6397bd7208e18d13ba2619ee21b9873edc94427a # v3.0.0 | |
| with: | |
| path: . | |
| glob: latest-*.txt | |
| destination: cri-o/conmon-rs | |
| build-static: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| env: | |
| COSIGN_EXPERIMENTAL: 1 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: [amd64, arm64, ppc64le, s390x] | |
| name: build-static-${{ matrix.arch }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v28 | |
| with: | |
| install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install | |
| - uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # v16 | |
| with: | |
| name: conmon-rs | |
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| pushFilter: "(conmon-rs)" | |
| - run: nix-build nix/default-${{ matrix.arch }}.nix | |
| - run: file result/bin/conmonrs | grep static | grep stripped | |
| - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: build-static-${{ matrix.arch }} | |
| path: | | |
| result/bin/conmonrs | |
| - run: | | |
| mkdir ${{ github.sha }} | |
| cp result/bin/conmonrs ${{ github.sha }}/conmonrs.${{ matrix.arch }} | |
| - uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0 | |
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
| - name: Sign binary | |
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
| run: | | |
| cd ${{ github.sha }} | |
| cosign sign-blob -y conmonrs.${{ matrix.arch }} \ | |
| --bundle conmonrs.${{ matrix.arch }}.bundle \ | |
| --output-signature conmonrs.${{ matrix.arch }}.sig \ | |
| --output-certificate conmonrs.${{ matrix.arch }}.cert | |
| - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: conmonrs-${{ matrix.arch }} | |
| path: ${{ github.sha }}/* | |
| - uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 | |
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
| with: | |
| credentials_json: ${{ secrets.GCS_CRIO_SA }} | |
| - uses: google-github-actions/upload-cloud-storage@6397bd7208e18d13ba2619ee21b9873edc94427a # v3.0.0 | |
| if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags') | |
| with: | |
| path: ${{ github.sha }} | |
| destination: cri-o/conmon-rs | |
| doc: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Setup Cache | |
| uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-doc-${{ hashFiles('**/Cargo.lock') }} | |
| - run: .github/install-deps | |
| - name: Select Toolchain | |
| uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 | |
| with: | |
| toolchain: stable | |
| components: rustfmt | |
| - name: Cargo doc | |
| run: cargo doc --no-deps | |
| lint-clippy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Setup Cache | |
| uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ runner.os }}-cargo-clippy-${{ hashFiles('**/Cargo.lock') }} | |
| - run: .github/install-deps | |
| - name: Select Toolchain | |
| uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 | |
| with: | |
| toolchain: nightly | |
| components: clippy, rustfmt | |
| - name: Clippy Lint | |
| run: cargo +nightly clippy --all-targets --all-features -- -D warnings | |
| lint-rustfmt: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Select Toolchain | |
| uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 | |
| with: | |
| toolchain: stable | |
| components: rustfmt | |
| - name: Rustfmt | |
| run: cargo fmt && git diff --exit-code | |
| test-unit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - run: .github/install-deps | |
| - name: Install cargo-llvm-cov | |
| uses: taiki-e/install-action@cargo-llvm-cov | |
| - name: Generate code coverage | |
| run: cargo llvm-cov --all-features --lcov --output-path lcov.info | |
| - name: Upload Results | |
| uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 | |
| with: | |
| files: lcov.info | |
| test-integration: | |
| needs: release-static | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Setup Rust and Golang Cache | |
| uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| ~/go/pkg/mod | |
| ~/.cache/go-build | |
| key: ${{ runner.os }}-cargo-test-integration-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('**/go.sum') }} | |
| - name: Setup Testfiles Cache | |
| uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 | |
| with: | |
| path: | | |
| /tmp/conmon-test-images | |
| key: ${{ runner.os }}-cargo-test-files-${{ hashFiles('pkg/client/files_test.go') }} | |
| - run: rm -rf target/x86_64-unknown-linux-gnu/release/conmonrs | |
| - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: conmonrs | |
| path: target/x86_64-unknown-linux-gnu/release | |
| - run: chmod +x target/x86_64-unknown-linux-gnu/release/conmonrs | |
| - run: .github/install-deps | |
| - name: create symlink | |
| run: sudo ln -f -s $(go env GOROOT)/bin/* /usr/bin/ | |
| - name: Integration tests | |
| run: sudo -E RUNTIME_PATH="/usr/bin/crun" make integration-static | |
| - name: Chown cache | |
| run: | | |
| sudo chown -R $(id -u):$(id -g) ~/go/pkg/mod | |
| sudo chown -R $(id -u):$(id -g) ~/.cache/go-build | |
| test-critest: | |
| needs: release-static | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 | |
| with: | |
| go-version-file: go.mod | |
| - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: conmonrs | |
| path: target/x86_64-unknown-linux-musl/release | |
| - run: .github/setup | |
| - name: Install ginkgo | |
| run: | | |
| sudo chown -R $(id -u):$(id -g) ~/go | |
| sudo chown -R $(id -u):$(id -g) ~/.cache | |
| go install github.com/onsi/ginkgo/v2/ginkgo@latest | |
| ginkgo version | |
| sudo cp $(command -v ginkgo) /usr/local/bin | |
| - name: Run critest | |
| shell: bash | |
| run: | | |
| set -euox pipefail | |
| sudo cp target/x86_64-unknown-linux-musl/release/conmonrs /usr/libexec/crio/conmonrs | |
| sudo chmod +x /usr/libexec/crio/conmonrs | |
| set +o errexit | |
| sudo -E PATH=$PATH critest \ | |
| --runtime-endpoint=unix:///var/run/crio/crio.sock \ | |
| --parallel=$(nproc) \ | |
| --ginkgo.flake-attempts=3 \ | |
| --ginkgo.randomize-all \ | |
| --ginkgo.timeout=2m \ | |
| --ginkgo.trace \ | |
| --ginkgo.v | |
| TEST_RC=$? | |
| set -o errexit | |
| sudo journalctl --no-pager > journal.log | |
| test $TEST_RC -ne 0 && cat journal.log | |
| exit $TEST_RC | |
| - name: Upload logs | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: journal.log | |
| path: journal.log | |
| cargo-audit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 | |
| with: | |
| toolchain: stable | |
| - uses: rustsec/[email protected] | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| cargo-deny: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 | |
| with: | |
| toolchain: stable | |
| - uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2.0.15 | |
| typos: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: crate-ci/typos@631208b7aac2daa8b707f55e7331f9112b0e062d # v1.44.0 | |
| with: | |
| config: .github/typos.toml | |
| prettier: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: creyD/prettier_action@8c18391fdc98ed0d884c6345f03975edac71b8f0 # v4.6 | |
| with: | |
| dry: true | |
| prettier_options: --write . |