build: Add actions to automate release #3686
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| permissions: | |
| actions: read | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: {} | |
| env: | |
| CARGO_TERM_COLOR: always | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| tests: | |
| if: ${{ !contains(github.event.pull_request.labels.*.name, 'control/skip-ci') }} | |
| runs-on: ubuntu-latest | |
| container: quay.io/coreos-assembler/fcos-buildroot:testing-devel | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install deps | |
| run: ./ci/installdeps.sh | |
| - name: Mark git checkout as safe | |
| run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| # xref containers/containers-image-proxy-rs | |
| - name: Cache Dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: "tests" | |
| - name: make validate-rust | |
| # the ruff checks are covered via a dedicated action | |
| run: make validate-rust | |
| - name: Run tests | |
| run: cargo test -- --nocapture --quiet | |
| - name: Manpage generation | |
| run: mkdir -p target/man && cargo run --features=docgen -- man --directory target/man | |
| - name: Clippy (gate on correctness and suspicous) | |
| run: make validate-rust | |
| fedora-container-tests: | |
| if: ${{ !contains(github.event.pull_request.labels.*.name, 'control/skip-ci') }} | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Get a newer podman for heredoc support (from debian testing) | |
| run: | | |
| set -eux | |
| echo 'deb [trusted=yes] https://ftp.debian.org/debian/ testing main' | sudo tee /etc/apt/sources.list.d/testing.list | |
| sudo apt update | |
| sudo apt install -y crun/testing podman/testing skopeo/testing | |
| - name: Installdeps | |
| run: sudo apt update && sudo apt install just | |
| - uses: actions/checkout@v4 | |
| - name: Build and run container integration tests | |
| run: sudo just run-container-integration run-container-external-tests | |
| cargo-deny: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: EmbarkStudios/cargo-deny-action@v2 | |
| with: | |
| log-level: warn | |
| command: check -A duplicate bans sources licenses | |
| install-tests: | |
| if: ${{ !contains(github.event.pull_request.labels.*.name, 'control/skip-ci') }} | |
| name: "Test install" | |
| # For a not-ancient podman | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Get a newer podman for heredoc support (from debian testing) | |
| run: | | |
| set -eux | |
| echo 'deb [trusted=yes] https://ftp.debian.org/debian/ testing main' | sudo tee /etc/apt/sources.list.d/testing.list | |
| sudo apt update | |
| sudo apt install -y crun/testing podman/testing skopeo/testing | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Free up disk space on runner | |
| run: sudo ./ci/clean-gha-runner.sh | |
| - name: Enable fsverity for / | |
| run: sudo tune2fs -O verity $(findmnt -vno SOURCE /) | |
| - name: Install utils | |
| run: sudo apt -y install fsverity just | |
| - name: Integration tests | |
| run: | | |
| set -xeu | |
| # Build images to test; TODO investigate doing single container builds | |
| # via GHA and pushing to a temporary registry to share among workflows? | |
| sudo just build-integration-test-image | |
| sudo podman build -t localhost/bootc-fsverity -f ci/Containerfile.install-fsverity | |
| # TODO move into a container, and then have this tool run other containers | |
| export CARGO_INCREMENTAL=0 # because we aren't caching the test runner bits | |
| cargo build --release -p tests-integration | |
| df -h / | |
| sudo install -m 0755 target/release/tests-integration /usr/bin/bootc-integration-tests | |
| rm target -rf | |
| df -h / | |
| # The ostree-container tests | |
| sudo podman run --privileged --pid=host -v /:/run/host -v $(pwd):/src:ro -v /var/tmp:/var/tmp \ | |
| -v /run/dbus:/run/dbus -v /run/systemd:/run/systemd localhost/bootc /src/crates/ostree-ext/ci/priv-integration.sh | |
| # Nondestructive but privileged tests | |
| sudo bootc-integration-tests host-privileged localhost/bootc-integration | |
| # Install tests | |
| sudo bootc-integration-tests install-alongside localhost/bootc-integration | |
| # system-reinstall-bootc tests | |
| cargo build --release -p system-reinstall-bootc | |
| # not sure why this is missing in the ubuntu image but just creating this directory allows the tests to pass | |
| sudo mkdir -p /run/sshd | |
| sudo install -m 0755 target/release/system-reinstall-bootc /usr/bin/system-reinstall-bootc | |
| # These tests may mutate the system live so we can't run in parallel | |
| sudo bootc-integration-tests system-reinstall localhost/bootc-integration --test-threads=1 | |
| # And the fsverity case | |
| sudo podman run --privileged --pid=host localhost/bootc-fsverity bootc install to-existing-root --stateroot=other \ | |
| --acknowledge-destructive --skip-fetch-check | |
| # Crude cross check | |
| sudo find /ostree/repo/objects -name '*.file' -type f | while read f; do | |
| sudo fsverity measure $f >/dev/null | |
| done | |
| docs: | |
| if: ${{ contains(github.event.pull_request.labels.*.name, 'documentation') }} | |
| runs-on: ubuntu-latest | |
| env: | |
| MDBOOK_VERSION: 0.4.37 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install mdBook | |
| run: | | |
| tag=$(curl 'https://api.github.com/repos/rust-lang/mdbook/releases/latest' | jq -r '.tag_name') | |
| url="https://github.com/rust-lang/mdbook/releases/download/${tag}/mdbook-${tag}-x86_64-unknown-linux-gnu.tar.gz" | |
| mkdir mdbook | |
| curl -sSL $url | tar -xz --directory=./mdbook | |
| echo `pwd`/mdbook >> $GITHUB_PATH | |
| - name: Install mdbook-mermaid | |
| run: | | |
| tag=$(curl 'https://api.github.com/repos/badboy/mdbook-mermaid/releases/latest' | jq -r '.tag_name') | |
| url="https://github.com/badboy/mdbook-mermaid/releases/download/${tag}/mdbook-mermaid-${tag}-x86_64-unknown-linux-gnu.tar.gz" | |
| mkdir mdbook-mermaid | |
| curl -sSL $url | tar -xz --directory=./mdbook-mermaid | |
| echo `pwd`/mdbook-mermaid >> $GITHUB_PATH | |
| - name: Install mdbook-linkcheck | |
| run: | | |
| tag=$(curl 'https://api.github.com/repos/Michael-F-Bryan/mdbook-linkcheck/releases/latest' | jq -r '.tag_name') | |
| archive="mdbook-linkcheck.x86_64-unknown-linux-gnu.zip" | |
| url="https://github.com/Michael-F-Bryan/mdbook-linkcheck/releases/download/${tag}/${archive}" | |
| mkdir mdbook-linkcheck | |
| curl -sSL -O $url && unzip ${archive} -d ./mdbook-linkcheck && chmod +x ./mdbook-linkcheck/mdbook-linkcheck | |
| echo `pwd`/mdbook-linkcheck >> $GITHUB_PATH | |
| - name: Build with mdBook | |
| run: cd docs && mdbook-mermaid install && mdbook build |