-
Notifications
You must be signed in to change notification settings - Fork 71
134 lines (130 loc) · 4.62 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
#
name: CI
on:
push:
tags:
- v*
branches:
- master
- main
pull_request:
jobs:
build:
strategy:
matrix:
go-version: [1.21.x]
# TODO: Get this working on windows-latest
os: [ubuntu-latest]
architecture: [x32, x64]
include:
- os: macos-latest
architecture: arm64
go-version: 1.21.x
- os: macos-14-large
architecture: x64
go-version: 1.21.x
name: Generate/Build/Test (${{ matrix.os }}, ${{ matrix.architecture }}, Go ${{ matrix.go-version }})
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go-version }}
architecture: ${{ matrix.architecture }}
- name: Install Protoc
uses: arduino/setup-protoc@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: "3.20.1"
- name: Install protoc-gen-go
run: go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28.0
- name: Check Protobuf Generation
run: |
go generate ./... ./cmd/... ./launcher/... ./verifier/...
git diff -G'^[^/]' --exit-code
- name: Install Linux 64-bit packages
run: sudo apt-get -y install libssl-dev
if: runner.os == 'Linux' && matrix.architecture == 'x64'
- name: Install Linux 32-bit packages
run: sudo dpkg --add-architecture i386; sudo apt-get update; sudo apt-get -y install libssl-dev:i386 libgcc-s1:i386 gcc-multilib
if: runner.os == 'Linux' && matrix.architecture == 'x32'
- name: Install Mac packages
run: |
brew install openssl
if: runner.os == 'macOS'
- name: Install Windows packages
run: choco install openssl
if: runner.os == 'Windows'
- name: Build all modules
run: go build -v ./... ./cmd/... ./launcher/... ./verifier/...
- name: Run specific tests under root permission
run: |
GO_EXECUTABLE_PATH=$(which go)
sudo $GO_EXECUTABLE_PATH test -v -run "TestFetchImageSignaturesDockerPublic" ./launcher
- name: Run specific tests to capture potential data race
run: go test -v ./launcher/... -race -run 'TestCacheConcurrentSetGet|^.*TokenRefresh.*$|^TestFetchContainerImageSignatures'
if: (runner.os == 'Linux' || runner.os == 'macOS') && matrix.architecture == 'x64'
- name: Test all modules
run: go test -v ./... ./cmd/... ./launcher/... ./verifier/... -skip='TestCacheConcurrentSetGet|TestHwAttestationPass|TestHardwareAttestationPass'
lint:
strategy:
matrix:
go-version: [1.21.x]
os: [ubuntu-latest]
dir: ["./", "./cmd", "./launcher"]
name: Lint ${{ matrix.dir }} (${{ matrix.os }}, Go ${{ matrix.go-version }})
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v2
with:
go-version: ${{ matrix.go-version }}
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v3.2.0
with:
version: latest
working-directory: ${{ matrix.dir }}
args: >
-D errcheck
-E stylecheck
-E goimports
-E misspell
-E revive
-E gofmt
-E goimports
--exclude-use-default=false
--max-same-issues=0
--max-issues-per-linter=0
--timeout 2m
lintc:
strategy:
matrix:
go-version: [1.21.x]
os: [ubuntu-latest]
name: Lint CGO (${{ matrix.os }}, Go ${{ matrix.go-version }})
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v2
with:
go-version: ${{ matrix.go-version }}
- name: Install Linux packages
run: sudo apt-get -y install libssl-dev
- name: Check for CGO Warnings (gcc)
run: CGO_CFLAGS=-Werror CC=gcc go build ./...
- name: Check for CGO Warnings (clang)
run: CGO_CFLAGS=-Werror CC=clang go build ./...