c115736da8
Quotes in ci.yml are required to prevent YAML parsing errors. Otherwise Go 1.20 would be read as Go 1.2
210 lines
8.1 KiB
YAML
210 lines
8.1 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
pull_request:
|
|
branches: [ main ]
|
|
|
|
env:
|
|
GO_VERSION: '1.20'
|
|
NOMAD_VERSION: '1.4.4'
|
|
CNI_VERSION: '1.1.1'
|
|
|
|
jobs:
|
|
compile:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
CGO_ENABLED: 0
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
- uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
~/.cache/go-build
|
|
~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
- name: Update last trim for Go build cache
|
|
# Go usually trims all builds not used for at least five days. We simulate that the last trim just occurred recently.
|
|
# Otherwise, the cache restored in the previous step would not be used for the build resulting in a longer workflow run.
|
|
# More details: https://github.com/golang/go/blob/d60ad1e068263832c711aaf17b6ccb1b7f71b000/src/cmd/go/internal/cache/cache.go#L255-L326
|
|
run: date +%s > ~/.cache/go-build/trim.txt
|
|
continue-on-error: true
|
|
- name: Build
|
|
run: make build
|
|
- name: Upload Poseidon binary
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: poseidon
|
|
path: poseidon
|
|
|
|
lint:
|
|
name: lint
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
- name: golangci-lint
|
|
uses: golangci/golangci-lint-action@v3
|
|
with:
|
|
version: latest
|
|
args: --timeout=3m
|
|
|
|
test:
|
|
runs-on: ubuntu-latest
|
|
needs: [ compile ]
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
- uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
~/.cache/go-build
|
|
~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
- name: Update last trim for Go build cache
|
|
# Go usually trims all builds not used for at least five days. We simulate that the last trim just occurred recently.
|
|
# Otherwise, the cache restored in the previous step would not be used for the build resulting in a longer workflow run.
|
|
# More details: https://github.com/golang/go/blob/d60ad1e068263832c711aaf17b6ccb1b7f71b000/src/cmd/go/internal/cache/cache.go#L255-L326
|
|
run: date +%s > ~/.cache/go-build/trim.txt
|
|
continue-on-error: true
|
|
- name: Run tests
|
|
run: make coverhtml
|
|
- name: Publish code coverage
|
|
uses: paambaati/codeclimate-action@v3.2.0
|
|
env:
|
|
CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
|
|
with:
|
|
prefix: github.com/openHPI/poseidon/
|
|
coverageLocations: |
|
|
${{github.workspace}}/coverage_cleaned.cov:gocov
|
|
- name: Upload coverage report
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: coverage
|
|
path: coverage_unit.html
|
|
|
|
dep-scan:
|
|
runs-on: ubuntu-latest
|
|
needs: [ compile ]
|
|
if: github.event_name != 'push' || github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' && github.actor != 'dependabot'
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v3
|
|
- name: Run Trivy vulnerability scanner in repo mode
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
scan-type: 'fs'
|
|
format: 'template'
|
|
template: '@/contrib/sarif.tpl'
|
|
output: 'trivy-results.sarif'
|
|
severity: 'HIGH,CRITICAL'
|
|
- name: Upload Trivy scan results to GitHub Security tab
|
|
uses: github/codeql-action/upload-sarif@v2
|
|
with:
|
|
sarif_file: 'trivy-results.sarif'
|
|
|
|
e2e-test:
|
|
runs-on: ubuntu-latest
|
|
needs: [ compile, test ]
|
|
env:
|
|
POSEIDON_AWS_ENABLED: true
|
|
POSEIDON_AWS_ENDPOINT: ${{ secrets.POSEIDON_AWS_ENDPOINT }}
|
|
POSEIDON_AWS_FUNCTIONS: ${{ secrets.POSEIDON_AWS_FUNCTIONS }}
|
|
POSEIDON_NOMAD_DISABLEFORCEPULL: true
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
- name: Cache Go modules
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
~/.cache/go-build
|
|
~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
- name: Update last trim for Go build cache
|
|
# Go usually trims all builds not used for at least five days. We simulate that the last trim just occurred recently.
|
|
# Otherwise, the cache restored in the previous step would not be used for the build resulting in a longer workflow run.
|
|
# More details: https://github.com/golang/go/blob/d60ad1e068263832c711aaf17b6ccb1b7f71b000/src/cmd/go/internal/cache/cache.go#L255-L326
|
|
run: date +%s > ~/.cache/go-build/trim.txt
|
|
continue-on-error: true
|
|
- name: Cache Nomad and CNI binaries
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
${{ github.workspace }}/nomad
|
|
${{ github.workspace }}/cni/bin
|
|
key: ${{ runner.os }}-nomad-${{ env.NOMAD_VERSION }}
|
|
restore-keys: |
|
|
${{ runner.os }}-nomad-${{ env.NOMAD_VERSION }}
|
|
- name: Download Nomad binary
|
|
run: |
|
|
if [[ -f ./nomad ]]; then exit 0; fi
|
|
wget -q "https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip"
|
|
wget -q "https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS"
|
|
grep "nomad_${NOMAD_VERSION}_linux_amd64.zip" nomad_${NOMAD_VERSION}_SHA256SUMS | sha256sum -c -
|
|
unzip nomad_${NOMAD_VERSION}_linux_amd64.zip
|
|
- name: Download CNI binaries
|
|
run: |
|
|
if [[ -f ./cni/bin ]]; then exit 0; fi
|
|
wget -q "https://github.com/containernetworking/plugins/releases/download/v${CNI_VERSION}/cni-plugins-linux-amd64-v${CNI_VERSION}.tgz"
|
|
wget -q "https://github.com/containernetworking/plugins/releases/download/v${CNI_VERSION}/cni-plugins-linux-amd64-v${CNI_VERSION}.tgz.sha256"
|
|
grep "cni-plugins-linux-amd64-v${CNI_VERSION}.tgz" cni-plugins-linux-amd64-v${CNI_VERSION}.tgz.sha256 | sha256sum -c -
|
|
mkdir -p ./cni/bin
|
|
tar zxvf cni-plugins-linux-amd64-v${CNI_VERSION}.tgz -C ./cni/bin
|
|
- name: Set Nomad Config
|
|
run: |
|
|
cp ./docs/resources/secure-bridge.conflist ./cni/secure-bridge.conflist
|
|
echo "server { default_scheduler_config { memory_oversubscription_enabled = true } }, client { cni_path = \"${{ github.workspace }}/cni/bin\", cni_config_dir = \"${{ github.workspace }}/cni\" }" > e2e-config.hcl
|
|
- name: Download Poseidon binary
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: poseidon
|
|
- name: Get current branch name
|
|
id: branch-name
|
|
uses: tj-actions/branch-names@v6
|
|
- name: Checkout matching branch for Dockerfiles (optional)
|
|
id: checkout-dockerfiles
|
|
if: steps.branch-name.outputs.is_default == 'false'
|
|
uses: actions/checkout@v3
|
|
continue-on-error: true
|
|
with:
|
|
repository: openHPI/dockerfiles
|
|
path: deploy/dockerfiles
|
|
ref: ${{ steps.branch-name.outputs.current_branch }}
|
|
- name: Build new e2e test image (optional)
|
|
if: steps.checkout-dockerfiles.outcome == 'success'
|
|
run: make e2e-test-docker-image
|
|
- name: Run e2e tests
|
|
run: |
|
|
sudo ./nomad agent -dev -log-level=WARN -config e2e-config.hcl &
|
|
until curl -s --fail http://localhost:4646/v1/agent/health ; do sleep 1; done
|
|
chmod +x ./poseidon
|
|
./poseidon &
|
|
until curl -s --fail http://localhost:7200/api/v1/health ; do sleep 1; done
|
|
make e2e-test
|
|
- name: Run e2e recovery tests
|
|
run: |
|
|
killall poseidon
|
|
make e2e-test-recovery
|