From 6506c12d52295ec4d1475c646322f3d043e6cda4 Mon Sep 17 00:00:00 2001 From: amaslennikov Date: Mon, 10 Jul 2023 09:01:53 +0300 Subject: [PATCH] Update github actions Arm64 build Code coverage Static checks Signed-off-by: amaslennikov --- .github/workflows/build-images.yml | 22 ++++ .github/workflows/build.yml | 22 ++++ .github/workflows/buildtest.yaml | 61 --------- .github/workflows/codeql.yaml | 41 ------- .github/workflows/image-push-master.yaml | 118 ------------------ .github/workflows/image-push-release.yaml | 143 ---------------------- .github/workflows/push-main.yml | 70 +++++++++++ .github/workflows/push-release.yml | 87 +++++++++++++ .github/workflows/static-scan.yaml | 33 ----- .github/workflows/test.yml | 45 +++++++ 10 files changed, 246 insertions(+), 396 deletions(-) create mode 100644 .github/workflows/build-images.yml create mode 100644 .github/workflows/build.yml delete mode 100644 .github/workflows/buildtest.yaml delete mode 100644 .github/workflows/codeql.yaml delete mode 100644 .github/workflows/image-push-master.yaml delete mode 100644 .github/workflows/image-push-release.yaml create mode 100644 .github/workflows/push-main.yml create mode 100644 .github/workflows/push-release.yml delete mode 100644 .github/workflows/static-scan.yaml create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml new file mode 100644 index 0000000..01e5d50 --- /dev/null +++ b/.github/workflows/build-images.yml @@ -0,0 +1,22 @@ +name: build-images +on: [pull_request] +jobs: + build-images: + runs-on: ubuntu-latest + steps: + - name: Set repository as lower-case output variable + id: repo_name + run: echo ::set-output name=repository::$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') + + - name: Check out code into the Go module directory + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Build container image + uses: docker/build-push-action@v3 + with: + push: false + tags: ghcr.io/${{ steps.repo_name.outputs.repository }}:latest-amd64 + file: ./Dockerfile diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..2fc8a86 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,22 @@ +on: [push, pull_request] +name: build +jobs: + build: + strategy: + matrix: + go-version: [1.19.x] + goarch: [amd64] + runs-on: ubuntu-latest + steps: + - name: Check out code into the Go module directory + uses: actions/checkout@v3 + + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: ${{ matrix.go-version }} + + - name: Build + env: + GOARCH: ${{ matrix.goarch }} + run: make build diff --git a/.github/workflows/buildtest.yaml b/.github/workflows/buildtest.yaml deleted file mode 100644 index bfe0b5e..0000000 --- a/.github/workflows/buildtest.yaml +++ /dev/null @@ -1,61 +0,0 @@ -name: go-build-and-test-amd64 -on: - push: - pull_request: - schedule: - - cron: "0 8 * * 0" # every sunday -jobs: - build: - name: build - strategy: - matrix: - go-version: [1.20.x] - os: [ubuntu-22.04] - goos: [linux] - goarch: [amd64] - runs-on: ${{ matrix.os }} - steps: - - name: set up Go - uses: actions/setup-go@v3 - with: - go-version: ${{ matrix.go-version }} - - name: check out code into the Go module directory - uses: actions/checkout@v2 - - name: build test for ${{ matrix.goarch }} - env: - GOARCH: ${{ matrix.goarch }} - GOOS: ${{ matrix.goos }} - run: make build - - test: - name: test - runs-on: ubuntu-22.04 - needs: build - steps: - - name: set up Go - uses: actions/setup-go@v3 - with: - go-version: 1.20.x - - name: check out code into the Go module directory - uses: actions/checkout@v3 - - name: run unit-test - run: make test - - coverage: - runs-on: ubuntu-22.04 - needs: build - name: coverage - steps: - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: 1.20.x - - name: Check out code into the Go module directory - uses: actions/checkout@v2 - - name: Go test with coverage - run: make test-coverage # sudo needed for netns change in test - - name: Coveralls - uses: coverallsapp/github-action@v2 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - file: accelerated-bridge.cover diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml deleted file mode 100644 index e6a457c..0000000 --- a/.github/workflows/codeql.yaml +++ /dev/null @@ -1,41 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - schedule: - - cron: "14 4 * * 4" - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ go ] - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - queries: +security-and-quality - - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - with: - category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/image-push-master.yaml b/.github/workflows/image-push-master.yaml deleted file mode 100644 index 441cc39..0000000 --- a/.github/workflows/image-push-master.yaml +++ /dev/null @@ -1,118 +0,0 @@ -name: "push images on merge to master" - -env: - IMAGE_NAME: ghcr.io/${{ github.repository }} - -on: - push: - branches: - - master -jobs: - build-and-push-amd64-accelerated-bridge-cni: - name: image push amd64 - runs-on: ubuntu-22.04 - steps: - - name: check out the repo - uses: actions/checkout@v3 - - - name: set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: login to Docker - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: build and push accelerated-bridge-cni - uses: docker/build-push-action@v4 - with: - context: . - push: true - platforms: linux/amd64 - tags: | - ${{ env.IMAGE_NAME }}:latest-amd64 - ${{ env.IMAGE_NAME }}:${{ github.sha }} - file: ./Dockerfile - - build-and-push-arm64-accelerated-bridge-cni: - name: image push arm64 - runs-on: ubuntu-22.04 - steps: - - name: check out the repo - uses: actions/checkout@v3 - - - name: set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: login to Docker - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: build and push accelerated-bridge-cni - uses: docker/build-push-action@v4 - with: - context: . - push: true - platforms: linux/arm64 - tags: | - ${{ env.IMAGE_NAME }}:latest-arm64 - file: ./Dockerfile.arm64 - - build-and-push-ppc64le-accelerated-bridge-cni: - name: image Push ppc64le - runs-on: ubuntu-22.04 - steps: - - name: check out the repo - uses: actions/checkout@v3 - - - name: set up QEMU - uses: docker/setup-qemu-action@v2 - - - name: set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: login to Docker - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: build and push accelerated-bridge-cni - uses: docker/build-push-action@v4 - with: - context: . - push: true - platforms: linux/ppc64le - tags: | - ${{ env.IMAGE_NAME }}:latest-ppc64le - file: ./Dockerfile.ppc64le - - push-manifest: - runs-on: ubuntu-22.04 - needs: [build-and-push-amd64-accelerated-bridge-cni,build-and-push-arm64-accelerated-bridge-cni,build-and-push-ppc64le-accelerated-bridge-cni] - steps: - - name: set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Create manifest for multi-arch images - run: | - docker buildx imagetools create -t ${{ env.IMAGE_NAME }}:latest \ - ${{ env.IMAGE_NAME }}:latest-amd64 \ - ${{ env.IMAGE_NAME }}:latest-arm64 \ - ${{ env.IMAGE_NAME }}:latest-ppc64le diff --git a/.github/workflows/image-push-release.yaml b/.github/workflows/image-push-release.yaml deleted file mode 100644 index 2f7c3e8..0000000 --- a/.github/workflows/image-push-release.yaml +++ /dev/null @@ -1,143 +0,0 @@ -name: "push images on release" - -env: - IMAGE_NAME: ghcr.io/${{ github.repository }} - -on: - push: - tags: - - v* -jobs: - build-and-push-amd64-accelerated-bridge-cni: - runs-on: ubuntu-22.04 - name: image push AMD64 - steps: - - name: check out the repo - uses: actions/checkout@v3 - - - name: set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: login to Docker - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: docker meta - id: docker_meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.IMAGE_NAME }} - tags: | - type=ref,event=tag - - - name: build and push accelerated-bridge-cni - uses: docker/build-push-action@v4 - with: - context: . - push: true - platforms: linux/amd64 - tags: | - ${{ steps.docker_meta.outputs.tags }}-amd64 - file: ./Dockerfile - - build-and-push-arm64-accelerated-bridge-cni: - runs-on: ubuntu-22.04 - name: image push ARM64 - steps: - - name: check out the repo - uses: actions/checkout@v3 - - - name: set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: login to Docker - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: docker meta - id: docker_meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.IMAGE_NAME }} - tags: | - type=ref,event=tag - - - name: build and push accelerated-bridge-cni - uses: docker/build-push-action@v4 - with: - context: . - push: true - platforms: linux/arm64 - tags: | - ${{ steps.docker_meta.outputs.tags }}-arm64 - file: ./Dockerfile.arm64 - - build-and-push-ppc64le-accelerated-bridge-cni: - runs-on: ubuntu-22.04 - name: image push ppc64le - steps: - - name: check out the repo - uses: actions/checkout@v3 - - - name: set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: login to Docker - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: docker meta - id: docker_meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.IMAGE_NAME }} - tags: | - type=ref,event=tag - - - name: build and push accelerated-bridge-cni - uses: docker/build-push-action@v4 - with: - context: . - push: true - platforms: linux/arm64 - tags: | - ${{ steps.docker_meta.outputs.tags }}-ppc64le - file: ./Dockerfile.ppc64le - - push-manifest: - runs-on: ubuntu-22.04 - needs: [build-and-push-amd64-accelerated-bridge-cni,build-and-push-arm64-accelerated-bridge-cni,build-and-push-ppc64le-accelerated-bridge-cni] - steps: - - name: set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: docker meta - id: docker_meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.IMAGE_NAME }} - tags: | - type=ref,event=tag - - - name: login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: create manifest for multi-arch images - run: | - docker buildx imagetools create -t ${{ env.IMAGE_NAME }}:${{ steps.docker_meta.outputs.tags }} \ - ${{ env.IMAGE_NAME }}:${{ steps.docker_meta.outputs.tags }}-amd64 \ - ${{ env.IMAGE_NAME }}:${{ steps.docker_meta.outputs.tags }}-arm64 \ - ${{ env.IMAGE_NAME }}:${{ steps.docker_meta.outputs.tags }}-ppc64le diff --git a/.github/workflows/push-main.yml b/.github/workflows/push-main.yml new file mode 100644 index 0000000..d4ab8f9 --- /dev/null +++ b/.github/workflows/push-main.yml @@ -0,0 +1,70 @@ +name: push-main +on: + push: + branches: + - main +jobs: + build-push-amd64: + runs-on: ubuntu-latest + steps: + - name: Set repository as lower-case output variable + id: repo_name + run: echo ::set-output name=repository::$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') + + - name: Check out code into the Go module directory + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Docker meta + id: docker_meta + uses: docker/metadata-action@v4 + with: + images: ghcr.io/${{ steps.repo_name.outputs.repository }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Push to GitHub Container Registry + uses: docker/build-push-action@v2 + with: + push: true + tags: | + ghcr.io/${{ steps.repo_name.outputs.repository }}:latest-amd64 + labels: ${{ steps.docker_meta.outputs.labels }} + file: ./Dockerfile + + create-push-manifest: + needs: [build-push-amd64] + runs-on: ubuntu-latest + steps: + - name: Set repository as lower-case output variable + id: repo_name + run: echo ::set-output name=repository::$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create manifest for multi-arch images + env: + REPOSITORY: ghcr.io/${{ steps.repo_name.outputs.repository }} + run: | + # Get artifacts from previous steps + docker pull ${{ env.REPOSITORY }}:latest-amd64 + # Create and update manifest + docker manifest create ${{ env.REPOSITORY }}:latest ${{ env.REPOSITORY }}:latest-amd64 + docker manifest annotate ${{ env.REPOSITORY }}:latest ${{ env.REPOSITORY }}:latest-amd64 --arch amd64 + # Push manifest + docker manifest push ${{ env.REPOSITORY }}:latest diff --git a/.github/workflows/push-release.yml b/.github/workflows/push-release.yml new file mode 100644 index 0000000..0f3f843 --- /dev/null +++ b/.github/workflows/push-release.yml @@ -0,0 +1,87 @@ +name: Image push release +on: + push: + tags: + - v* +jobs: + build-push-amd64: + name: Image push/amd64 + runs-on: ubuntu-latest + steps: + - name: Set repository as lower-case output variable + id: repo_name + run: echo ::set-output name=repository::$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') + + - name: Check out code into the Go module directory + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Docker meta + id: docker_meta + uses: docker/metadata-action@v4 + with: + images: ghcr.io/${{ steps.repo_name.outputs.repository }} + flavor: | + latest=false + + - name: Push container image + uses: docker/build-push-action@v3 + with: + context: . + push: true + tags: | + ghcr.io/${{ steps.repo_name.outputs.repository }}:stable-amd64 + ${{ steps.docker_meta.outputs.tags }}-amd64 + labels: ${{ steps.docker_meta.outputs.labels }} + file: ./Dockerfile + + create-push-manifest: + needs: [build-push-amd64] + runs-on: ubuntu-latest + steps: + - name: Set repository as lower-case output variable + id: repo_name + run: echo ::set-output name=repository::$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Docker meta + id: docker_meta + uses: docker/metadata-action@v4 + with: + images: ghcr.io/${{ steps.repo_name.outputs.repository }} + flavor: | + latest=false + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create manifest for multi-arch images + env: + REPOSITORY: ghcr.io/${{ steps.repo_name.outputs.repository }} + run: | + # Get artifacts from previous steps + docker pull ${{ steps.docker_meta.outputs.tags }}-amd64 + docker pull ${{ env.REPOSITORY }}:stable-amd64 + # Create and update manifests + docker manifest create ${{ steps.docker_meta.outputs.tags }} ${{ steps.docker_meta.outputs.tags }}-amd64 + docker manifest annotate ${{ steps.docker_meta.outputs.tags }} ${{ steps.docker_meta.outputs.tags }}-amd64 --arch amd64 + docker manifest create ${{ env.REPOSITORY }}:stable ${{ env.REPOSITORY }}:stable-amd64 + docker manifest annotate ${{ env.REPOSITORY }}:stable ${{ env.REPOSITORY }}:stable-amd64 --arch amd64 + # push manifests + docker manifest push ${{ steps.docker_meta.outputs.tags }} + docker manifest push ${{ env.REPOSITORY }}:stable diff --git a/.github/workflows/static-scan.yaml b/.github/workflows/static-scan.yaml deleted file mode 100644 index 3c026ba..0000000 --- a/.github/workflows/static-scan.yaml +++ /dev/null @@ -1,33 +0,0 @@ -name: go-static-analysis -on: [push, pull_request] -jobs: - golangci: - name: Lint - runs-on: ubuntu-22.04 - steps: - - name: set up Go - uses: actions/setup-go@v3 - with: - go-version: 1.20.x - - name: checkout PR - uses: actions/checkout@v2 - - name: run make lint - run: make lint - shellcheck: - name: shellcheck - runs-on: ubuntu-22.04 - steps: - - name: checkout PR - uses: actions/checkout@v2 - - name: run ShellCheck - uses: ludeeus/action-shellcheck@master - hadolint: - runs-on: ubuntu-22.04 - name: Hadolint - steps: - - name: checkout PR - uses: actions/checkout@v2 - - name: run Hadolint - uses: brpaz/hadolint-action@v1.2.1 - with: - dockerfile: Dockerfile diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..5ebf2dc --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,45 @@ +on: [push, pull_request] +name: test +jobs: + test: + strategy: + matrix: + go-version: [1.19.x] + os: [ubuntu-latest] + runs-on: ${{ matrix.os }} + steps: + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: ${{ matrix.go-version }} + + - name: Checkout code + uses: actions/checkout@v3 + + - name: lint + run: make lint + + - name: test + run: make test + + coverage: + runs-on: ubuntu-latest + name: coverage + needs: test + steps: + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: 1.19.x + + - name: Checkout code + uses: actions/checkout@v3 + + - name: Go test with coverage + run: make test-coverage + + - name: Coveralls + uses: coverallsapp/github-action@1.1.3 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + path-to-lcov: build/coverage/lcov.info