Skip to content
Build

Socket cookie poc #1315

Sign in to view logs

Socket cookie poc

Socket cookie poc #1315

Workflow file for this run

.github/workflows/build.yaml at 557d268
name: Build
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
build:
name: Build
runs-on: ubuntu-22.04
if: ${{ github.event.head_commit.message != '[Release] Update Chart.yaml' }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Get head sha
id: parse-commit-sha
run: |
head=$(git rev-parse HEAD)
echo "head_commit_sha=${head}" >> $GITHUB_ENV
echo "Head commit sha ${head}"
- name: Get merge request latest commit
id: parse-commit
if: ${{ github.event_name == 'pull_request' }}
run: |
msg=$(git show -s --format=%s)
echo "head_commit_message=${msg}" >> $GITHUB_ENV
echo "Latest commit: ${msg}"
echo "Env commit ${{env.head_commit_message}}"
echo "Contains msg ${{ contains(env.head_commit_message, '#skip-lint') }}"
- name: Secret Scanning
uses: trufflesecurity/trufflehog@main
with:
extra_args: --only-verified
- name: Setup Go 1.22
uses: actions/setup-go@v5
with:
go-version: '1.22.3'
- name: Build agent go binary amd64
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-agent
- name: Build controller go binary amd64
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-controller
- name: Build image-scanner go binary amd64
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-image-scanner
- name: Build linter go binary amd64
run: UNAME_M=x86_64 VERSION=${RELEASE_TAG:-commit-$GITHUB_SHA} make kvisor-linter
- name: Run golangci-lint
# You may pin to the exact commit or the version.
# uses: golangci/golangci-lint-action@537aa1903e5d359d0b27dbc19ddd22c5087f3fbc
if: ${{ github.event_name == 'pull_request' && !contains(env.head_commit_message, '#skip-lint') }}
uses: golangci/golangci-lint-action@v6.0.1
with:
args: -v --timeout=5m
skip-pkg-cache: true
skip-build-cache: true
version: v1.58.2
- name: Test
if: ${{ github.event_name == 'pull_request' && !contains(env.head_commit_message, '#skip-test') }}
run: go test -race -short ./...
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker build and push pr (controller)
if: ${{ github.event_name == 'pull_request' }}
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.controller
platforms: linux/amd64
push: true
tags: ghcr.io/castai/kvisor/kvisor-controller:${{ env.head_commit_sha }}
- name: Docker build and push pr (agent)
if: ${{ github.event_name == 'pull_request' }}
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.agent
platforms: linux/amd64
push: true
tags: ghcr.io/castai/kvisor/kvisor-agent:${{ env.head_commit_sha }}
- name: Docker build and push pr (scanners)
if: ${{ github.event_name == 'pull_request' }}
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.scanners
platforms: linux/amd64
push: true
tags: ghcr.io/castai/kvisor/kvisor-scanners:${{ env.head_commit_sha }}
- name: Docker build and push main (controller)
if: ${{ github.event_name != 'pull_request' && github.event_name != 'release'}}
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.controller
platforms: linux/amd64
push: true
tags: ghcr.io/castai/kvisor/kvisor-controller:${{ env.head_commit_sha }},ghcr.io/castai/kvisor/kvisor-controller:latest
- name: Docker build and push main (agent)
if: ${{ github.event_name != 'pull_request' && github.event_name != 'release'}}
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.agent
platforms: linux/amd64
push: true
tags: ghcr.io/castai/kvisor/kvisor-agent:${{ env.head_commit_sha }},ghcr.io/castai/kvisor/kvisor-agent:latest
- name: Docker build and push main (scanners)
if: ${{ github.event_name != 'pull_request' && github.event_name != 'release'}}
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.scanners
platforms: linux/amd64
push: true
tags: ghcr.io/castai/kvisor/kvisor-scanners:${{ env.head_commit_sha }},ghcr.io/castai/kvisor/kvisor-scanners:latest
- name: Summary
run: |
echo "**Pushed docker images:**" >> $GITHUB_STEP_SUMMARY
echo "ghcr.io/castai/kvisor/kvisor-controller:${{ env.head_commit_sha }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "ghcr.io/castai/kvisor/kvisor-agent:${{ env.head_commit_sha }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "ghcr.io/castai/kvisor/kvisor-scanners:${{ env.head_commit_sha }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Upgrade with helm:**" >> $GITHUB_STEP_SUMMARY
echo "helm upgrade castai-kvisor castai-helm/kvisor -n castai-agent --reuse-values --set image.tag=${{ env.head_commit_sha }}" >> $GITHUB_STEP_SUMMARY
# TODO: we might want to run the tests both in ubuntu-22.04, as well as ubuntu-20.04 to test
# if we everything is working with cgroups v1 and v2
e2e:
name: E2E
runs-on: ubuntu-22.04
if: ${{ github.event_name == 'pull_request' }}
needs: build
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Get head sha
id: parse-commit-sha
run: |
head=$(git rev-parse HEAD)
echo "head_commit_sha=${head}" >> $GITHUB_ENV
echo "Head commit sha ${head}"
- name: Setup Go 1.21
uses: actions/setup-go@v5
with:
go-version: '1.21'
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create kind cluster
uses: helm/kind-action@v1.8.0
with:
config: ./e2e/kind-config.yaml
cluster_name: kvisor-e2e
- name: Run e2e
shell: bash
run: |
KIND_CONTEXT=kvisor-e2e IMAGE_TAG=${{ env.head_commit_sha }} ./e2e/run.sh