name: test
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
# Cancel stale PR runs without interrupting push, tag, scheduled, or
# manually dispatched validation.
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
permissions:
contents: read
on:
workflow_dispatch:
push:
branches:
- 'master'
- '[0-9]+.[0-9]+'
- '[0-9]+.x'
pull_request:
env:
GO_VERSION: "1.26.4"
GIT_PAGER: "cat"
PAGER: "cat"
SETUP_BUILDX_VERSION: edge
SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
jobs:
validate-dco:
uses: ./.github/workflows/.dco.yml
build-dev:
runs-on: ${{ matrix.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
timeout-minutes: 120 # guardrails timeout for the whole job
needs:
- validate-dco
strategy:
fail-fast: false
matrix:
arch:
- amd64
- arm64
mode:
- ""
- systemd
- firewalld
steps:
-
name: Prepare
env:
MODE: ${{ matrix.mode }}
run: |
if [ "$MODE" = "systemd" ]; then
echo "SYSTEMD=true" >> $GITHUB_ENV
fi
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
with:
version: ${{ env.SETUP_BUILDX_VERSION }}
driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}
buildkitd-flags: --debug
-
name: Build dev image
uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
with:
targets: dev
set: |
*.cache-from=type=gha,scope=${{ matrix.mode == '' && format('dev-{0}', matrix.arch) || format('dev-{0}-{1}', matrix.mode, matrix.arch) }}
*.cache-to=type=gha,scope=${{ matrix.mode == '' && format('dev-{0}', matrix.arch) || format('dev-{0}-{1}', matrix.mode, matrix.arch) }}
${{ matrix.mode == '' && format('*.output=type=docker,dest=/tmp/dev-image-{0}.tar', matrix.arch) || '*.output=type=cacheonly' }}
-
name: Cache dev image
if: matrix.mode == ''
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
key: dev-image-${{ matrix.arch }}-${{ github.run_id }}
path: /tmp/dev-image-${{ matrix.arch }}.tar
test:
name: test (${{ matrix.arch }}, ${{ matrix.storage }})
if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
needs:
- build-dev
- validate-dco
uses: ./.github/workflows/.test.yml
strategy:
fail-fast: false
matrix:
include:
# Only amd64 gets the full matrix
- arch: amd64
storage: snapshotter
runnerSuffix: ""
extraModes: '["rootless", "systemd", "iptables+firewalld", "nftables", "nftables+firewalld"]'
# FIXME: add rootless-systemd once https://github.com/moby/moby/issues/44084 is resolved.
- arch: amd64
storage: graphdriver
runnerSuffix: ""
extraModes: '["rootless", "systemd"]'
# FIXME: add rootless-systemd once https://github.com/moby/moby/issues/44084 is resolved.
- arch: arm64
storage: snapshotter
runnerSuffix: "-arm"
extraModes: '[]'
with:
arch: ${{ matrix.arch }}
storage: ${{ matrix.storage }}
runnerSuffix: ${{ matrix.runnerSuffix }}
extraModes: ${{ matrix.extraModes }}
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
test-unit:
if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
needs:
- build-dev
- validate-dco
uses: ./.github/workflows/.test-unit.yml
strategy:
fail-fast: false
matrix:
include:
- arch: amd64
runnerSuffix: ""
- arch: arm64
runnerSuffix: "-arm"
with:
arch: ${{ matrix.arch }}
runnerSuffix: ${{ matrix.runnerSuffix }}
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
validate-prepare:
runs-on: ubuntu-24.04
timeout-minutes: 10 # guardrails timeout for the whole job
needs:
- validate-dco
outputs:
matrix: ${{ steps.scripts.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-
name: Create matrix
id: scripts
run: |
scripts=$(cd ./hack/validate && jq -nc '$ARGS.positional - ["all", "default", "dco"] | map(select(test("[.]")|not)) + ["generate-files"]' --args *)
echo "matrix=$scripts" >> $GITHUB_OUTPUT
echo "$scripts"
validate:
runs-on: ubuntu-24.04
timeout-minutes: 30 # guardrails timeout for the whole job
needs:
- validate-prepare
- build-dev
strategy:
matrix:
script: ${{ fromJson(needs.validate-prepare.outputs.matrix) }}
steps:
-
name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
fetch-depth: 0
-
name: Set up runner
uses: ./.github/actions/setup-runner
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
with:
version: ${{ env.SETUP_BUILDX_VERSION }}
driver: docker
buildkitd-flags: --debug
-
name: Restore dev image
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
key: dev-image-amd64-${{ github.run_id }}
path: /tmp/dev-image-amd64.tar
fail-on-cache-miss: true
-
name: Load dev image
run: |
docker load -i /tmp/dev-image-amd64.tar
-
name: Validate
env:
SCRIPT: ${{ matrix.script }}
run: |
make -o build "validate-${SCRIPT}"
validate-api-swagger:
runs-on: ubuntu-24.04
timeout-minutes: 10 # guardrails timeout for the whole job
defaults:
run:
working-directory: api
needs:
- validate-dco
name: validate (api-swagger)
steps:
-
name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-
name: Validate swagger
run: |
make validate-swagger
make validate-swagger-gen
smoke-prepare:
runs-on: ubuntu-24.04
timeout-minutes: 10 # guardrails timeout for the whole job
if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
needs:
- validate-dco
outputs:
includes: ${{ steps.gen.outputs.matrix }}
steps:
-
name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-
name: Create matrix
id: gen
uses: docker/bake-action/subaction/matrix@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
with:
target: binary-smoketest
fields: platforms
smoke:
runs-on: ubuntu-24.04
timeout-minutes: 20 # guardrails timeout for the whole job
if: ${{ github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only') }}
needs:
- smoke-prepare
strategy:
fail-fast: false
matrix:
include: ${{ fromJson(needs.smoke-prepare.outputs.includes) }}
steps:
-
name: Prepare
env:
PLATFORM: ${{ matrix.platforms }}
run: |
echo "PLATFORM_PAIR=${PLATFORM//\//-}" >> $GITHUB_ENV
-
name: Set up QEMU
uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
with:
version: ${{ env.SETUP_BUILDX_VERSION }}
driver-opts: image=${{ env.SETUP_BUILDKIT_IMAGE }}
buildkitd-flags: --debug
-
name: Test
uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
with:
targets: ${{ matrix.target }}
set: |
*.platform=${{ matrix.platforms }}