Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(ci): add a "build-id" input var to ci builds #6

Open
wants to merge 107 commits into
base: main
Choose a base branch
from
Open

fix(ci): add a "build-id" input var to ci builds #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
107 commits
Select commit Hold shift + click to select a range
47d3dae
fix: Disable test "can read previous version's cache" (#485)
smoser Aug 22, 2023
3134d84
fix: build.yaml run section needs set -e, and add -x (#482)
smoser Aug 22, 2023
fae3417
feat: Support spaces in bom author/vendor and cmd exec inside lxc. (#…
smoser Aug 22, 2023
bd233ea
fix: handle error else leads to a nil ptr access (#486)
rchincha Aug 23, 2023
2b35592
fix: Move bom to top level subcmd, simplify shouldSkipInternalUserns …
smoser Aug 23, 2023
f6001ec
fix: Add bom generate subcommand (#490)
smoser Aug 24, 2023
eaf8036
fix: only use workaround for overlay if there are zero lowerdirs (#493)
smoser Aug 30, 2023
e4c3ac4
fix: Mount atomfs molecule with overlay filesystem with xino=on (#492)
smoser Aug 30, 2023
396ff9d
fix: clarify comments in molecule.Mount and lxcRootfsString (#494)
smoser Sep 1, 2023
e721fe0
test: update "previous" version to 1.0.0-rc5 (#484)
rchincha Sep 5, 2023
fdddd5b
test: add a bom test for derived images (#483)
rchincha Sep 5, 2023
2341b93
test: Mark the bom tests as slow. (#488)
smoser Sep 5, 2023
0fe7ea8
fix: Get nightly workflow running, cleanup build workflow. (#497)
smoser Sep 7, 2023
a1af45a
fix: mount previously built squashfs layers if needed (#502)
rchincha Sep 11, 2023
5ec5d86
ci: clean disk before run and show disk usage (#501)
andaaron Sep 11, 2023
91c40aa
fix: add an explicit 'userxattr' option for overlay (#504)
rchincha Sep 12, 2023
bcc5009
Add some doc about make invocation (#498)
smoser Sep 13, 2023
8d8e102
fix: use a version of umoci with fix for failing chmod (#505)
hallyn Sep 13, 2023
3eb5cf6
docs: add a "nightly" badge (#507)
rchincha Sep 20, 2023
1aab90a
feat: Better lint and test for devs and Makefile cleanup. (#511)
smoser Sep 25, 2023
24fbadd
chore: Move back to upstream for umoci import, go mod tidy (#512)
smoser Sep 27, 2023
0cbd6f6
fix: In Makefile, download zot as ZOT rather than regclient (#513)
smoser Sep 27, 2023
96dbbe5
Cleanup/imports parsing (#509)
smoser Oct 2, 2023
957000a
chore: Clone images to local oci repo before building (#518)
smoser Oct 3, 2023
4689ad5
fix: Improve bind imports, support lower case 'source' in yaml, add g…
smoser Oct 3, 2023
d9f849b
build: bind BUILD_D in so you can use a BUILD_D outside of the tree. …
smoser Oct 4, 2023
4016f63
feat(check): add a check for symlinks in roots-dir path (#521)
rchincha Oct 5, 2023
565b032
Fix/mounting squashfs extract (#514)
smoser Oct 12, 2023
82f16fb
docs: Document missing Ubuntu dependencies (#526)
ariel-miculas Oct 19, 2023
0cf2d70
fix(gzip)!: change the default block size (#529)
rchincha Oct 20, 2023
f0f9642
fix: handle ancient empty docker layers (#522)
rchincha Oct 26, 2023
d0b712e
Fix/build deps (#527)
raharper Oct 27, 2023
c9428a0
docs: make type: oci description match code (#532)
mikemccracken Nov 2, 2023
67d1ffb
feat: use squashfuse ready notifier if available (#528)
ariel-miculas Nov 3, 2023
533c4a6
feat(import): copy folder contents (#453)
rchincha Nov 6, 2023
589a648
fix(umoci)!: umoci's copy buffer set to 1 MiB (#531)
rchincha Nov 6, 2023
dcc1eca
check whether symlink exists (#534)
hallyn Nov 10, 2023
356d628
test: add a squashfs and tar interop test (#540)
rchincha Nov 11, 2023
c75830e
ci: point docker registry to local copy (#544)
rchincha Nov 11, 2023
6899344
test: drop references to docker:// images from test/ (#547)
smoser Nov 14, 2023
8d233ed
test: add busybox image, use it to mostly replace centos image (#545)
smoser Nov 15, 2023
c81f395
test: Fix the docker-clone make target to exit failure. (#551)
smoser Nov 15, 2023
edfada8
ci: add a job to sync 3rd party container images (#546)
rchincha Nov 16, 2023
eaefcb7
ci: fix image dest during copy (#552)
rchincha Nov 16, 2023
a34ebfa
test: add code coverage support (#550)
rchincha Nov 17, 2023
236d70e
test: Fix test failure due to .coverage changing during tar creation.…
smoser Nov 20, 2023
cd153e6
ci: Upload stacker binary (#556)
smoser Nov 20, 2023
53bc049
ci: fix upload order (#559)
rchincha Nov 21, 2023
2499397
fix: alpine bom (#561)
rchincha Nov 21, 2023
2f284d8
feat: Support legacy 'import' directive and use 'imports' for future …
smoser Nov 25, 2023
da119e7
test: add a bom workflow with substitutions (#562)
rchincha Nov 25, 2023
3897848
revert: "test: add a bom workflow with substitutions (#562)" (#563)
rchincha Nov 27, 2023
a576aa3
Fix bom test failures (#564)
smoser Nov 27, 2023
123ba76
fix: Tear down underlying atoms if atomfs mount fails (#565)
raharper Dec 1, 2023
4145415
test: Wrap use of skopeo to avoid its unwanted side effects. (#570)
smoser Dec 1, 2023
06f22d5
docs: add a adopters file (#573)
rchincha Dec 6, 2023
f265e66
ci: fix "convert" test (#574)
rchincha Dec 11, 2023
ec24577
fix: incorrect snapshot used during bom stage (#575)
rchincha Dec 12, 2023
b6996fd
fix: use overlay whiteouts when extracting tar layers (#577)
rchincha Dec 13, 2023
0a82ed4
fix: Update 'import' deprecation warning with a date. (#572)
smoser Dec 14, 2023
a396596
fix: Switch idmap from lxd to incus (#578)
hallyn Dec 15, 2023
d54e250
fix: catch failures in makefile when building skopeo (#579)
smoser Dec 18, 2023
68bae2b
fix: don't break on --substitute values which have commas (#580)
hallyn Jan 8, 2024
2152d8d
add stacker101 talk from internal presentation (#576)
mikemccracken Jan 8, 2024
583c4f6
fix: Remove the bin/ dir that was created as a side-effect of grab. (…
smoser Jan 12, 2024
554db17
refactor: rename 'layer' as 'image' in stacker publish path (#583)
rchincha Jan 12, 2024
19be9ba
ci: Use specific bats version, update zot, cleanup Makefile. (#584)
smoser Jan 18, 2024
47f8230
chore: update stacker-bom dep (#585)
rchincha Jan 19, 2024
710a944
fix: use a umoci which has fix for another empty lgetxattr (#586)
hallyn Jan 23, 2024
4f3ec05
ci: update go version to 1.21.x everywhere in ci (#587)
rchincha Jan 23, 2024
f53ad86
feat: add namespace arg when producing doc (#588)
rchincha Jan 26, 2024
3177e8d
fix: include license detection support in bom workflows (#589)
rchincha Jan 31, 2024
6af83b9
chore: update stacker-bom dep (#590)
rchincha Feb 8, 2024
da5e3c8
chore: update stacker-bom dep version (#593)
rchincha Feb 25, 2024
e627e90
chore: update stacker-bom version (#596)
rchincha Feb 29, 2024
ee32587
fix: umoci: update to get tar writing fix (#597)
mikemccracken Mar 1, 2024
0bde03a
feat: limit substitutions to double-braces (#598)
mikemccracken Mar 4, 2024
63b67b9
ci: sync a fixed alpine version to use in future (#599)
rchincha Mar 14, 2024
b585bfb
ci: use fixed numbered build env (#600)
rchincha Mar 14, 2024
f3a8d3b
feat: support importing sboms along with images (#567)
rchincha Mar 18, 2024
1910fed
fix: cache: serialize legacy import field (#603)
mikemccracken Mar 20, 2024
fe13853
feat: add stacker version as annotation to images (#602)
mikemccracken Mar 20, 2024
42e845f
ci: fix bom test failure (#605)
rchincha Mar 22, 2024
1996784
ci: fix a failing test (#606)
rchincha Mar 23, 2024
77e452a
Hallyn 2024 03 18 test rmdir (#604)
rchincha Mar 29, 2024
86ba851
fix: handle unix.EACCES error also (#607)
rchincha Mar 29, 2024
6d069c7
fix: allow bom build and verification for `build_only` layers (#609)
rchincha Apr 4, 2024
61d3828
fix: fix another incorrect substitution doc (#612)
mikemccracken Apr 16, 2024
676060a
fix: update umoci to 16c5101 (#614)
mikemccracken Apr 17, 2024
25b859b
fix: avoid max read size reached error when cmp imported files (#618)
raharper May 9, 2024
a704191
fix: update stackeryaml ref doc for runtime_user (#613)
mikemccracken May 9, 2024
98ca66e
fix: allow bom build and verification for `build_only` layers (#610)
rchincha May 10, 2024
005988c
feat: print hashes for imports in yaml format (#608)
mikemccracken May 10, 2024
9e00369
test: fix failing nightly test (#619)
rchincha May 10, 2024
d3f8ebd
test: fix missing pkgs in bom (#620)
rchincha May 10, 2024
8fbf329
fix: check bind source file/dir exists (#624)
raharper Jun 11, 2024
f494a9a
chore: add test for failing on missing bind source (#625)
mikemccracken Jul 24, 2024
adf0a37
fix: remove superfluous userxattr whiteouts (#629)
rchincha Jul 31, 2024
81105cf
chore: fix linter errors (#634)
rchamarthy Aug 27, 2024
221b5c0
fix: codecov link on readme (#635)
rchamarthy Aug 27, 2024
3c4ef39
fix: update docs for bindsdoc (#623)
mikemccracken Aug 27, 2024
f52ce15
ci: fix code coverage upload (#636)
rchincha Aug 27, 2024
4cb72cf
ci: fix coverage upload (#637)
rchincha Aug 28, 2024
a9a3809
ci: fix nightly build workflow (#639)
rchincha Aug 30, 2024
34a42d2
feat: refactor to use machinerun.io/atomfs (#640)
rchamarthy Sep 1, 2024
acd8a68
fix: whiteout handling is broken for newly created dirs (#641)
rchincha Sep 6, 2024
ce1fd9f
fix: release workflow also needs the coverage token
rchincha Sep 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .github/actions/clean-runner/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
name: 'Clean runner'
description: 'Remove unneeded tooling'
runs:
using: "composite"
steps:
- shell: bash
run: |
# To free up ~15 GB of disk space
sudo rm -rf /opt/ghc
sudo rm -rf /usr/local/share/boost
sudo rm -rf /usr/local/lib/android
sudo rm -rf /usr/share/dotnet
20 changes: 20 additions & 0 deletions .github/actions/show-disk-usage/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: 'Show disk usage'
description: 'Show information about disk usage'
runs:
using: "composite"
steps:
- shell: bash
run: |
cd $GITHUB_WORKSPACE
set -x
df -h
sudo ls -lRh /tmp/* || true
sudo du -sh /tmp || true
sudo du -sh /tmp/* || true
sudo find /tmp/ -size +5M | sudo xargs ls -lh
sudo du -sh ./* || true
sudo find ./ -size +5M | xargs ls -lh
sudo du -sh /var/
sudo du -sh /var/lib/docker/
sudo du -sh /home/runner/work/
set +x
73 changes: 56 additions & 17 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,34 +2,51 @@ name: Reusable stacker build
on:
workflow_call:
inputs:
# note >-, args needs to be strings to be used as inputs
# for the reusable build.yaml workflow
go-version:
required: true
required: false
type: string
description: 'Stringified JSON object listing go versions'
default: >-
["1.21.x"]
privilege-level:
required: true
required: false
type: string
description: 'Stringified JSON object listing stacker privilege-level'
default: >-
["unpriv", "priv"]
build-id:
required: true
required: false
type: string
description: 'Stringified JSON object listing stacker build-id'
description: 'build-id'
default: "${{ github.sha }}"
slow-test:
required: false
type: boolean
description: 'Should slow tests be run?'
default: true
secrets:
codecov_token:
required: true

jobs:
build:
runs-on: ubuntu-22.04
services:
registry:
image: registry:2
image: ghcr.io/project-stacker/registry:2
ports:
- 5000:5000
strategy:
matrix:
go-version: ${{fromJson(inputs.go-version)}}
privilege-level: ${{fromJson(inputs.privilege-level)}}
build-id: ${{fromJson(inputs.build-id)}}
name: "golang ${{ matrix.go-version }} privilege ${{ matrix.privilege-level }}"
steps:
- uses: actions/checkout@v3
- name: Clean disk space
uses: ./.github/actions/clean-runner
- uses: benjlevesque/[email protected]
id: short-sha
- name: Set up golang ${{ matrix.go-version }}
Expand All @@ -42,39 +59,61 @@ jobs:
echo "GOPATH=$gopath" >> $GITHUB_ENV
echo "GOCACHE=$gopath/gocache" >> $GITHUB_ENV
echo "PATH=$gopath/bin:$PATH" >> $GITHUB_ENV
echo "SLOW_TEST=${{inputs.slow-test}}" >> $GITHUB_ENV
echo "STACKER_DOCKER_BASE=oci:$PWD/.build/oci-clone:" >> $GITHUB_ENV

echo "PWD=$PWD"
cat "$GITHUB_ENV"
- name: install dependencies
run: |
sudo add-apt-repository -y ppa:project-machine/squashfuse
sudo apt-get update
sudo apt-get install -yy lxc-utils lxc-dev libacl1-dev jq libcap-dev libseccomp-dev libpam-dev bats parallel libzstd-dev
GO111MODULE=off go get github.com/opencontainers/umoci/cmd/umoci
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
sudo apt-get install -yy autoconf automake make autogen autoconf libtool binutils git squashfs-tools libcryptsetup-dev libdevmapper-dev cryptsetup-bin squashfuse
./install-build-deps.sh
echo "running kernel is: $(uname -a)"
- name: docker-clone
run: |
make docker-clone "STACKER_DOCKER_BASE=docker://" CLONE_D="$PWD/.build/oci-clone"
- name: Go-download
run: |
make go-download
- name: Show disk usage before building the binaries
uses: ./.github/actions/show-disk-usage
- name: Build-level1
run: |
make show-info
make stacker-dynamic VERSION_FULL=${{ matrix.build-id }}
make stacker-dynamic VERSION_FULL=${{ inputs.build-id }}
- name: Build
run: |
make stacker VERSION_FULL=${{ matrix.build-id }}
make stacker VERSION_FULL=${{ inputs.build-id }}
env:
REGISTRY_URL: localhost:5000
ZOT_HOST: localhost
ZOT_PORT: 8080
- name: Show disk usage before running the tests
if: always()
uses: ./.github/actions/show-disk-usage
- name: Test
run: |
make check VERSION_FULL=${{ matrix.build-id }} PRIVILEGE_LEVEL=${{ matrix.privilege-level }}
make check VERSION_FULL=${{ inputs.build-id }} PRIVILEGE_LEVEL=${{ matrix.privilege-level }}
env:
REGISTRY_URL: localhost:5000
ZOT_HOST: localhost
ZOT_PORT: 8080
- name: Show disk usage after running the tests
if: always()
uses: ./.github/actions/show-disk-usage
- name: Upload code coverage
uses: codecov/codecov-action@v3
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.codecov_token }}
- name: Upload artifacts
uses: actions/upload-artifact@v3
if: ${{ matrix.privilege-level == 'priv' }}
with:
# if there is more than 1 go-version, we would need to account for that here.
name: binary
path: stacker
if-no-files-found: error
- uses: actions/cache@v3
id: restore-build
with:
path: stacker
key: ${{ matrix.build-id }}
key: ${{ inputs.build-id }}
17 changes: 9 additions & 8 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,12 @@ jobs:
build:
uses: ./.github/workflows/build.yaml
with:
# note >-, args needs to be strings to be used as inputs
# for the reusable build.yaml workflow
go-version: >-
["1.20.x"]
privilege-level: >-
["unpriv", "priv"]
build-id: >-
["${{ github.sha }}"]
slow-test: false
secrets:
codecov_token: ${{ secrets.CODECOV_TOKEN }}
coverage:
uses: ./.github/workflows/coverage.yaml
with:
slow-test: false
secrets:
codecov_token: ${{ secrets.CODECOV_TOKEN }}
2 changes: 1 addition & 1 deletion .github/workflows/cloc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
- name: Install go
uses: actions/setup-go@v3
with:
go-version: 1.20.x
go-version: 1.21.x
- name: Check out source code
uses: actions/checkout@v3
- name: Install dependencies
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
- name: Install go
uses: actions/setup-go@v3
with:
go-version: 1.20.x
go-version: 1.21.x

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
Expand Down
117 changes: 117 additions & 0 deletions .github/workflows/coverage.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
name: Reusable stacker build for coverage
on:
workflow_call:
inputs:
# note >-, args needs to be strings to be used as inputs
# for the reusable build.yaml workflow
go-version:
required: false
type: string
description: 'Stringified JSON object listing go versions'
default: >-
["1.21.x"]
privilege-level:
required: false
type: string
description: 'Stringified JSON object listing stacker privilege-level'
default: >-
["unpriv", "priv"]
build-id:
required: false
type: string
description: 'build-id'
default: "${{ github.sha }}"
slow-test:
required: false
type: boolean
description: 'Should slow tests be run?'
default: true
secrets:
codecov_token:
required: true

jobs:
build:
runs-on: ubuntu-22.04
services:
registry:
image: ghcr.io/project-stacker/registry:2
ports:
- 5000:5000
strategy:
matrix:
go-version: ${{fromJson(inputs.go-version)}}
privilege-level: ${{fromJson(inputs.privilege-level)}}
name: "golang ${{ matrix.go-version }} privilege ${{ matrix.privilege-level }}"
steps:
- uses: actions/checkout@v3
- name: Clean disk space
uses: ./.github/actions/clean-runner
- uses: benjlevesque/[email protected]
id: short-sha
- name: Set up golang ${{ matrix.go-version }}
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go-version }}
- name: Setup Environment
run: |
gopath=$PWD/.build/gopath
echo "GOPATH=$gopath" >> $GITHUB_ENV
echo "GOCACHE=$gopath/gocache" >> $GITHUB_ENV
echo "PATH=$gopath/bin:$PATH" >> $GITHUB_ENV
echo "SLOW_TEST=${{inputs.slow-test}}" >> $GITHUB_ENV
echo "STACKER_DOCKER_BASE=oci:$PWD/.build/oci-clone:" >> $GITHUB_ENV
GOCOVERDIR=$(mktemp -d)
echo "GOCOVERDIR=$GOCOVERDIR" >> $GITHUB_ENV
echo "PWD=$PWD"
cat "$GITHUB_ENV"
- name: install dependencies
run: |
./install-build-deps.sh
echo "running kernel is: $(uname -a)"
- name: docker-clone
run: |
make docker-clone "STACKER_DOCKER_BASE=docker://" CLONE_D="$PWD/.build/oci-clone"
- name: Go-download
run: |
make go-download
- name: Show disk usage before building the binaries
uses: ./.github/actions/show-disk-usage
- name: Build-level1
run: |
make show-info
make stacker-dynamic VERSION_FULL=${{ inputs.build-id }}
- name: Show disk usage before running the tests
if: always()
uses: ./.github/actions/show-disk-usage
- name: Build and test
run: |
make check-cov GOCOVERDIR=$GOCOVERDIR PRIVILEGE_LEVEL=${{ matrix.privilege-level }}
go tool covdata textfmt -i $GOCOVERDIR -o coverage-${{ matrix.privilege-level }}.txt
go tool covdata percent -i $GOCOVERDIR
ls -altR $GOCOVERDIR
env:
REGISTRY_URL: localhost:5000
ZOT_HOST: localhost
ZOT_PORT: 8080
- name: Show disk usage after running the tests
if: always()
uses: ./.github/actions/show-disk-usage
- name: Upload code coverage
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.codecov_token }}
files: coverage-${{ matrix.privilege-level}}.txt
- name: Upload artifacts
uses: actions/upload-artifact@v3
if: ${{ matrix.privilege-level == 'priv' }}
with:
# if there is more than 1 go-version, we would need to account for that here.
name: binary-cov
path: stacker
if-no-files-found: error
- uses: actions/cache@v3
id: restore-build
with:
path: stacker
key: ${{ inputs.build-id }}
32 changes: 5 additions & 27 deletions .github/workflows/nightly.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,34 +1,12 @@
name: "Nightly"
name: "nightly"

on:
workflow_dispatch:
schedule:
- cron: '0 0 * * *'

env:
REGISTRY_URL: localhost:5000

jobs:
slow-tests:
name: "slow tests"
runs-on: ubuntu-20.04
steps:
- uses: actions/cache@v3
id: restore-build
with:
path: stacker
key: ${{ github.sha }}
- name: zot registry
env:
ZOT_HOST: localhost
ZOT_PORT: 5000
run: |
# start a zot instance (minimal)
podman run -d -p ${ZOT_PORT}:${ZOT_PORT} ghcr.io/project-zot/zot-minimal-linux-amd64:latest
# check if reachable
while true; do x=0; curl -f http://${REGISTRY_URL}/v2/ || x=1; if [ $x -eq 0 ]; then break; fi; sleep 1; done
- name: test
env:
SLOW_TEST: true
run: |
make check
build:
uses: ./.github/workflows/build.yaml
secrets:
codecov_token: ${{ secrets.CODECOV_TOKEN }}
7 changes: 4 additions & 3 deletions .github/workflows/release.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,12 @@ jobs:
# note >-, args needs to be strings to be used as inputs
# for the reusable build.yaml workflow
go-version: >-
["1.20.x"]
["1.21.x"]
privilege-level: >-
["priv"]
build-id: >-
["${{needs.build-id.outputs.build-id}}"]
build-id: "${{needs.build-id.outputs.build-id}}"
secrets:
codecov_token: ${{ secrets.CODECOV_TOKEN }}
release:
name: "Tagged Release"
runs-on: ubuntu-20.04
Expand Down
Loading
Loading