Skip to content

build(deps): bump golang.org/x/crypto from 0.28.0 to 0.29.0 #11515

build(deps): bump golang.org/x/crypto from 0.28.0 to 0.29.0

build(deps): bump golang.org/x/crypto from 0.28.0 to 0.29.0 #11515

Workflow file for this run

name: Go build
on:
push:
branches:
- main
- release-*
paths-ignore:
- 'docs/**'
- 'examples/**'
- '**.md'
- LICENSE
- '**.svg'
- '.github/workflows/docs.yml'
- '.github/workflows/mkdocs-set-default-version.yml'
- 'mkdocs.yml'
pull_request:
branches:
- main
- release-*
paths-ignore:
- 'docs/**'
- 'examples/**'
- '**.md'
- LICENSE
- '**.svg'
- '.github/workflows/docs.yml'
- '.github/workflows/mkdocs-set-default-version.yml'
- 'mkdocs.yml'
env:
MAKEFLAGS: -j
CURL_OPTS: --proto =https --tlsv1.2 --retry 5 --retry-all-errors --silent --show-error --location --fail
jobs:
prepare:
name: Prepare
runs-on: ubuntu-latest
outputs:
smoketest-matrix: ${{ steps.generate-smoketest-matrix.outputs.smoketests }}
autopilot-matrix: ${{ steps.generate-autopilot-matrix.outputs.matrix }}
steps:
- name: "Workflow run :: Checkout"
uses: actions/checkout@v4
with:
persist-credentials: false
- name: "Generate :: Smoke test matrix"
id: generate-smoketest-matrix
run: |
./vars.sh FROM=inttest smoketests | jq --raw-input --raw-output \
'split(" ") | [ .[] | select(startswith("check-")) | .[6:] ] | "smoketests=" + tojson' >>$GITHUB_OUTPUT
- name: "Generate :: Autopilot test matrix"
id: generate-autopilot-matrix
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
k0sSortVersion=$(./vars.sh FROM=. k0s_sort_version)
mkdir -p build/cache/bin
curl $CURL_OPTS --output build/cache/bin/k0s_sort "https://github.com/k0sproject/version/releases/download/$k0sSortVersion/k0s_sort-linux-amd64"
chmod +x build/cache/bin/k0s_sort
export PATH="$(realpath build/cache/bin):$PATH"
set -x
k8sVersion="$(./vars.sh kubernetes_version)"
majorVersion="${k8sVersion%%.*}"
minorVersion=${k8sVersion#$majorVersion.}
minorVersion="${minorVersion%%.*}"
{
printf matrix=
hack/tools/gen-matrix.sh "$majorVersion.$(($minorVersion - 1))" "$majorVersion.$minorVersion"
} >> "$GITHUB_OUTPUT"
build-k0s:
strategy:
matrix:
target-os: [linux, windows]
target-arch: [amd64]
name: "Build :: k0s :: ${{ matrix.target-os }}-${{ matrix.target-arch }}"
uses: ./.github/workflows/build-k0s.yml
with:
target-os: ${{ matrix.target-os }}
target-arch: ${{ matrix.target-arch }}
build-airgap-image-bundle:
name: "Build :: Airgap image bundle"
needs: [build-k0s]
uses: ./.github/workflows/build-airgap-image-bundle.yml
with:
target-os: linux
target-arch: amd64
generate-sbom:
name: "Build :: SBOM"
needs: [build-k0s]
runs-on: ubuntu-22.04
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- name: Generate SBOM
run: |
make bindata
mkdir -p sbom && chmod 777 sbom
make sbom/spdx.json
- uses: actions/upload-artifact@v4
with:
name: spdx.json
path: sbom/spdx.json
unittests-k0s-linux-amd64:
name: "Unit tests :: linux-amd64"
runs-on: ubuntu-22.04
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Cache GOCACHE
uses: actions/cache@v4
with:
key: unittests-k0s-linux-amd64-gocache-${{ github.ref_name }}-${{ github.sha }}
restore-keys: |
unittests-k0s-linux-amd64-gocache-${{ github.ref_name }}-
build-k0s-linux-amd64-gocache-${{ github.ref_name }}-
path: |
build/cache/go/build
- name: Cache GOMODCACHE
uses: actions/cache@v4
with:
key: unittests-k0s-linux-amd64-gomodcache-${{ hashFiles('go.sum') }}
restore-keys: |
build-k0s-linux-amd64-gomodcache-${{ hashFiles('go.sum') }}
path: |
build/cache/go/mod
- name: Run unit tests
env:
EMBEDDED_BINS_BUILDMODE: none
run: make check-unit
unittests-k0s-windows-amd64:
name: "Unit tests :: windows-amd64"
runs-on: windows-2022
defaults:
run:
shell: bash
steps:
- name: Check out
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Prepare build environment
run: .github/workflows/prepare-build-env.sh
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache GOCACHE
uses: actions/cache@v4
with:
key: unittests-k0s-windows-amd64-gocache-${{ github.ref_name }}-${{ github.sha }}
restore-keys: |
unittests-k0s-windows-amd64-gocache-${{ github.ref_name }}-
path: |
~\AppData\Local\go-build
- name: Cache GOMODCACHE
uses: actions/cache@v4
with:
key: unittests-k0s-windows-amd64-gomodcache-${{ hashFiles('go.sum') }}
restore-keys: |
build-k0s-windows-amd64-gomodcache-${{ hashFiles('go.sum') }}
path: |
~\go\pkg\mod
- name: Run unit tests
env:
EMBEDDED_BINS_BUILDMODE: none
TARGET_OS: windows
GO: go
GO_ENV: ''
run: |
make --touch .k0sbuild.docker-image.k0s
make check-unit
smoketests:
strategy:
fail-fast: false
matrix:
smoke-suite: ${{ fromJson(needs.prepare.outputs.smoketest-matrix) }}
name: "Smoke test :: ${{ matrix.smoke-suite }}"
needs: [prepare, build-k0s, build-airgap-image-bundle]
uses: ./.github/workflows/smoketest.yaml
with:
name: ${{ matrix.smoke-suite }}
autopilot-tests:
strategy:
fail-fast: false
matrix:
version: ${{fromJson(needs.prepare.outputs.autopilot-matrix)}}
smoke-suite:
- controllerworker
- ha3x3
name: "Autopilot test :: ${{ matrix.version }} :: ${{ matrix.smoke-suite }}"
needs: [prepare, build-k0s]
uses: ./.github/workflows/smoketest.yaml
with:
name: ap-${{ matrix.smoke-suite }}
job-name: autopilot-test
k0s-reference-version: ${{ matrix.version }}
build-arm:
name: build on armv7/arm64
if: github.repository == 'k0sproject/k0s'
strategy:
fail-fast: false
matrix:
arch:
- arm # this is armv7
- arm64
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
steps:
# https://github.com/actions/checkout/issues/273#issuecomment-642908752 (see below)
- name: "Pre: Fixup directories"
if: matrix.arch == 'arm'
run: find . -type d -not -perm /u+w -exec chmod u+w '{}' \;
- name: Set up Docker Context for Buildx
if: matrix.arch != 'arm'
run: docker context create builders
- name: Set up Docker Buildx
if: matrix.arch != 'arm'
uses: docker/setup-buildx-action@v3
with:
endpoint: builders
- name: Check out code into the Go module directory
uses: actions/checkout@v4
with:
fetch-depth: 0 # for `git describe`
persist-credentials: false
- name: Prepare build environment
run: .github/workflows/prepare-build-env.sh
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache embedded binaries
uses: actions/cache@v4
with:
key: ${{ runner.os }}-embedded-bins-${{ matrix.arch }}-${{ hashFiles('**/embedded-bins/**/*') }}
path: |
.bins.linux.stamp
embedded-bins/staging/linux/bin/
embedded-bins/Makefile.variables
- name: Cache GOCACHE
uses: actions/cache@v4
with:
key: ${{ runner.os }}-smoketest-arm-gocache-${{ matrix.arch }}-${{ github.ref_name }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-smoketest-arm-gocache-${{ matrix.arch }}-${{ github.ref_name }}-
path: |
build/cache/go/build
- name: Cache GOMODCACHE
uses: actions/cache@v4
with:
key: ${{ runner.os }}-smoketest-arm-gomodcache-${{ matrix.arch }}-${{ hashFiles('go.sum') }}
path: |
build/cache/go/mod
- name: Build
run: |
make bindata
make --touch codegen
make build
- name: Upload compiled executable
uses: actions/upload-artifact@v4
with:
name: k0s-${{ matrix.arch }}
path: k0s
- name: Unit tests
run: make check-unit
- name: Create airgap image list
run: make airgap-images.txt
- name: Cache airgap image bundle
id: cache-airgap-image-bundle
uses: actions/cache@v4
with:
key: airgap-image-bundle-linux-${{ matrix.arch }}-${{ hashFiles('Makefile', 'airgap-images.txt', 'hack/image-bundler/*') }}
path: |
airgap-images.txt
airgap-image-bundle-linux-${{ matrix.arch }}.tar
- name: Create airgap image bundle if not cached
if: steps.cache-airgap-image-bundle.outputs.cache-hit != 'true'
run: make airgap-image-bundle-linux-${{ matrix.arch }}.tar
- name: Upload airgap bundle
uses: actions/upload-artifact@v4
with:
name: airgap-image-bundle-linux-${{ matrix.arch }}.tar
path: airgap-image-bundle-linux-${{ matrix.arch }}.tar
# TODO We probably want to separate the smoketest into a separate callable workflow which we can call from the build step
# This way we could actually fully parallelize the build and smoketest steps. Currently we are limited by the fact that
# smoke-test step only start after both arm and armv7 builds have finished.
smoketest-arm:
name: Smoke test on armv7/arm64 -- ${{ matrix.test }}
if: github.repository == 'k0sproject/k0s'
needs: [build-arm]
strategy:
fail-fast: false
matrix:
arch:
- arm # this is armv7
- arm64
test:
- check-basic
- check-calico
- check-airgap
runs-on:
- self-hosted
- linux
- ${{ matrix.arch }}
steps:
- name: Set up Docker Context for Buildx
if: matrix.arch != 'arm'
run: docker context create builders
- name: Set up Docker Buildx
if: matrix.arch != 'arm'
uses: docker/setup-buildx-action@v3
with:
endpoint: builders
- name: Check out code into the Go module directory
uses: actions/checkout@v4
with:
fetch-depth: 0 # for `git describe`
persist-credentials: false
- name: Prepare build environment
run: .github/workflows/prepare-build-env.sh
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- name: Download compiled binary
uses: actions/download-artifact@v4
with:
name: k0s-${{ matrix.arch }}
- name: k0s sysinfo
run: |
chmod +x k0s
./k0s sysinfo
- name: Download airgap bundle
if: contains(matrix.test, 'airgap')
uses: actions/download-artifact@v4
with:
name: airgap-image-bundle-linux-${{ matrix.arch }}.tar
- name: Run smoketest
run: make -C inttest ${{ matrix.test }}
- name: Collect k0s logs and support bundle
if: failure()
uses: actions/upload-artifact@v4
with:
name: smoketest-${{ matrix.arch }}-check-basic-files
path: |
/tmp/*.log
/tmp/support-bundle.tar.gz
# https://github.com/actions/checkout/issues/273#issuecomment-642908752
# Golang mod cache tends to set directories to read-only, which breaks any
# attempts to simply remove those directories. The `make clean-gocache`
# target takes care of this, but the mod cache can't be deleted here,
# since it shall be cached across builds, and caching takes place as a
# post build action. So, as a workaround, ensure that all subdirectories
# are writable.
- name: "Post: Fixup directories"
if: always() && matrix.arch == 'arm'
run: find . -type d -not -perm /u+w -exec chmod u+w '{}' \;
- name: "Docker prune"
if: always() && matrix.arch == 'arm'
run: docker system prune --force --filter "until=$((24*7))h"