Skip to content

Commit

Permalink
Merge pull request containerd#3723 from apostasie/namespace-validate
Browse files Browse the repository at this point in the history 
Cleanup namespace validation
  • Loading branch information
@AkihiroSuda @apostasie
AkihiroSuda authored and apostasie committed Dec 6, 2024
2 parents 3206b49 + b8f4d9c commit d3fc11c
Show file tree
Hide file tree
Showing 16 changed files with 293 additions and 777 deletions.
103 changes: 37 additions & 66 deletions .github/workflows/lint.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
name: lint
# "Hide" the name from the GitHub check status line, as it just clutters the display
name: " "

on:
push:
Expand All @@ -7,72 +8,42 @@ on:
- 'release/**'
pull_request:

env:
GO_VERSION: 1.23.x

jobs:
go:
timeout-minutes: 5
name: "go | ${{ matrix.goos }} | ${{ matrix.canary }}"
runs-on: "${{ matrix.os }}"
defaults:
run:
shell: bash
# Source the common environment
environment:
name: " "
uses: ./.github/workflows/reusable_environment.yml

# Linting go
lint-go:
# Define the matrix we want to lint on: every supported OS, with the current go version, and additionally go canary on linux
strategy:
matrix:
# The GOOS-es we run golint for, with no canary (eg: the base supported GO_VERSION)
goos: [linux, freebsd, windows]
# And no canary
canary: [false]
include:
- os: ubuntu-24.04
goos: linux
- os: ubuntu-24.04
goos: freebsd
# FIXME: this is currently failing in a non-sensical way, so, running on linux instead...
# - os: windows-2022
- os: ubuntu-24.04
goos: windows
- os: ubuntu-24.04
goos: linux
# This allows the canary script to select any upcoming golang alpha/beta/RC
canary: go-canary
env:
GOOS: "${{ matrix.goos }}"
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- name: Set GO env
run: |
# If canary is specified, get the latest available golang pre-release instead of the major version
if [ "$canary" != "" ]; then
. ./hack/build-integration-canary.sh
canary::golang::latest
fi
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- name: golangci-lint
uses: golangci/golangci-lint-action@v6
with:
args: --verbose
other:
timeout-minutes: 5
name: yaml | shell | imports order
runs-on: ubuntu-24.04
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- name: yaml
run: make lint-yaml
- name: shell
run: make lint-shell
- name: go imports ordering
run: |
go install -v github.com/incu6us/goimports-reviser/v3@latest
make lint-imports
# Only run canary on linux (note: the canary script will select any upcoming golang alpha/beta/RC when the `canary` param is set to a non-empty string)
- goos: linux
canary: true

# If we do not "collapse" the name using a bogux matrix var, it will display all matrix parameters, which we do not want
name: "lint${{ matrix.c }}"
uses: ./.github/workflows/reusable_lint_go.yml
needs: environment
with:
goos: ${{ matrix.goos }}
canary: ${{ matrix.canary }}
os: ${{ needs.environment.outputs.HOST_UBUNTU_LTS }}
goversion: ${{ needs.environment.outputs.GO_VERSION }}
timeout-minutes: ${{ fromJSON(needs.environment.outputs.SHORT_TIMEOUT) }}

# Linting other filetypes
lint-other:
name: "lint"
uses: ./.github/workflows/reusable_lint_other.yml
needs: environment
with:
os: ${{ needs.environment.outputs.HOST_UBUNTU_LTS }}
timeout-minutes: ${{ fromJSON(needs.environment.outputs.SHORT_TIMEOUT) }}
38 changes: 27 additions & 11 deletions .github/workflows/project.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: project
name: " "

on:
push:
Expand All @@ -8,24 +8,40 @@ on:
pull_request:

jobs:
# Source the common environment
environment:
name: " "
uses: ./.github/workflows/reusable_environment.yml

project:
name: checks
runs-on: ubuntu-24.04
timeout-minutes: 20
name: "project checks"
timeout-minutes: ${{ fromJSON(needs.environment.outputs.SHORT_TIMEOUT) }}
runs-on: ${{ needs.environment.outputs.HOST_UBUNTU_LTS }}
needs: environment

steps:
- uses: actions/[email protected]
- name: "Checkout"
uses: actions/checkout@v4
with:
path: src/github.com/containerd/nerdctl
# Fetch the last 100 commits
fetch-depth: 100
- uses: actions/setup-go@v5

- name: "Install go"
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
go-version: ${{ needs.environment.outputs.GO_VERSION }}
cache-dependency-path: src/github.com/containerd/nerdctl
- uses: containerd/[email protected]

- name: "Install and run default containerd project checks"
uses: containerd/[email protected]
with:
working-directory: src/github.com/containerd/nerdctl
repo-access-token: ${{ secrets.GITHUB_TOKEN }}
- run: ./hack/verify-no-patent.sh

- name: "Verify no patent"
run: ./hack/verify-no-patent.sh
working-directory: src/github.com/containerd/nerdctl
- run: ./hack/verify-pkg-isolation.sh

- name: "Verify package isolation"
run: ./hack/verify-pkg-isolation.sh
working-directory: src/github.com/containerd/nerdctl
84 changes: 51 additions & 33 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
@@ -1,43 +1,61 @@
# See https://github.com/containerd/nerdctl/blob/main/MAINTAINERS_GUIDE.md for how to make a release.
name: Release

on:
push:
tags:
- 'v*'
- 'test-action-release-*'
jobs:
# Source the common environment
environment:
name: " "
uses: ./.github/workflows/reusable_environment.yml

release:
runs-on: ubuntu-24.04
timeout-minutes: 40
name: "checks"
timeout-minutes: ${{ fromJSON(needs.environment.outputs.LONG_TIMEOUT) }}
runs-on: ${{ needs.environment.outputs.HOST_UBUNTU_LTS }}
needs: environment

steps:
- uses: actions/[email protected]
- uses: actions/setup-go@v5
with:
go-version: 1.23.x
- name: "Compile binaries"
run: make artifacts
- name: "SHA256SUMS"
run: |
( cd _output; sha256sum nerdctl-* ) | tee /tmp/SHA256SUMS
mv /tmp/SHA256SUMS _output/SHA256SUMS
- name: "The sha256sum of the SHA256SUMS file"
run: (cd _output; sha256sum SHA256SUMS)
- name: "Prepare the release note"
run: |
shasha=$(sha256sum _output/SHA256SUMS | awk '{print $1}')
cat <<-EOF | tee /tmp/release-note.txt
$(hack/generate-release-note.sh)
- - -
The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
The sha256sum of the SHA256SUMS file itself is \`${shasha}\` .
- - -
Release manager: [ADD YOUR NAME HERE] (@[ADD YOUR GITHUB ID HERE])
EOF
- name: "Create release"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
tag="${GITHUB_REF##*/}"
gh release create -F /tmp/release-note.txt --draft --title "${tag}" "${tag}" _output/*
- name: "Checkout"
uses: actions/checkout@v4

- name: "Install go"
uses: actions/setup-go@v5
with:
go-version: ${{ needs.environment.outputs.GO_VERSION }}
check-latest: true

- name: "Compile binaries"
run: make artifacts

- name: "SHA256SUMS"
run: |
( cd _output; sha256sum nerdctl-* ) | tee /tmp/SHA256SUMS
mv /tmp/SHA256SUMS _output/SHA256SUMS
- name: "The sha256sum of the SHA256SUMS file"
run: (cd _output; sha256sum SHA256SUMS)

- name: "Prepare the release note"
run: |
shasha=$(sha256sum _output/SHA256SUMS | awk '{print $1}')
cat <<-EOF | tee /tmp/release-note.txt
$(hack/generate-release-note.sh)
- - -
The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
The sha256sum of the SHA256SUMS file itself is \`${shasha}\` .
- - -
Release manager: [ADD YOUR NAME HERE] (@[ADD YOUR GITHUB ID HERE])
EOF
- name: "Create release"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
tag="${GITHUB_REF##*/}"
gh release create -F /tmp/release-note.txt --draft --title "${tag}" "${tag}" _output/*
52 changes: 52 additions & 0 deletions .github/workflows/reusable_environment.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: common_environment

env:
GO_VERSION: 1.23.x
HOST_UBUNTU_LTS: ubuntu-24.04
SHORT_TIMEOUT: 5
LONG_TIMEOUT: 20
# REGISTRY_SERVER: ghcr.io
# BUSYBOX_VERSION: 5ad83957fa74aafd061afbfb8da14ce3220659a9
# REGISTRY_VERSION: v2.8.3
# CURL_VERSION: 8.11.0_4

on:
workflow_call:
outputs:
GO_VERSION:
description: "The major golang version we are targeting"
value: ${{ jobs.environment.outputs.output_go }}
HOST_UBUNTU_LTS:
description: "The major LTS ubuntu host runner we run our tasks on"
value: ${{ jobs.environment.outputs.output_ubuntu_lts }}
SHORT_TIMEOUT:
description: "The timeout for tasks that are supposed to run fast (lint, etc)"
value: ${{ jobs.environment.outputs.output_short_timeout }}
LONG_TIMEOUT:
description: "The timeout for tasks that are going to run up to 20 minutes (building, integration, etc)"
value: ${{ jobs.environment.outputs.output_long_timeout }}
# REGISTRY_SERVER:
# description: "The second output string"
# value: ${{ jobs.environment.outputs.output_registry }}

jobs:
environment:
name: "environ"
runs-on: ubuntu-24.04
steps:
- id: go
run: echo "GO_VERSION=$GO_VERSION" >> $GITHUB_OUTPUT
- id: ubuntu_lts
run: echo "HOST_UBUNTU_LTS=$HOST_UBUNTU_LTS" >> $GITHUB_OUTPUT
- id: short_timeout
run: echo "SHORT_TIMEOUT=$SHORT_TIMEOUT" >> $GITHUB_OUTPUT
- id: long_timeout
run: echo "LONG_TIMEOUT=$LONG_TIMEOUT" >> $GITHUB_OUTPUT
# - id: registry_server
# run: echo "REGISTRY_SERVER=$REGISTRY_SERVER" >> $GITHUB_OUTPUT
outputs:
output_go: ${{ steps.go.outputs.GO_VERSION }}
output_ubuntu_lts: ${{ steps.ubuntu_lts.outputs.HOST_UBUNTU_LTS }}
output_short_timeout: ${{ steps.short_timeout.outputs.SHORT_TIMEOUT }}
output_long_timeout: ${{ steps.long_timeout.outputs.LONG_TIMEOUT }}
# output_registry: ${{ steps.registry.outputs.REGISTRY_SERVER }}
69 changes: 69 additions & 0 deletions .github/workflows/reusable_lint_go.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
# This defines a reusable golint job that will run `make lint-go` and `make lint-imports`
# See `inputs` for expected parameters
name: tasks_lint_go

on:
workflow_call:
inputs:
os:
required: true
type: string
description: "the host runner we are going to use"
goos:
required: true
type: string
description: "the GOOS we want to lint for (linux/windows/freebsd)"
goversion:
required: true
type: string
description: "the golang version we want to use"
canary:
required: false
type: boolean
default: false
description: "whether we want to try and find an alpha/beta/RC version of golang instead of the default version"
timeout-minutes:
required: false
type: number
default: 100
description: "the timeout in minutes for this task"

jobs:
go:
name: "${{ inputs.goos }} ${{ inputs.canary && 'canary' || inputs.goversion }}"
timeout-minutes: ${{ inputs.timeout-minutes }}
runs-on: ${{ inputs.os }}

env:
GOOS: "${{ inputs.goos }}"
GO_VERSION: "${{ inputs.goversion }}"

steps:
- name: "Checkout"
uses: actions/checkout@v4

- name: "Set go version"
run: |
# If canary is specified, get the latest available golang pre-release instead of the major version
if [ "${{ inputs.canary }}" == true ]; then
. ./hack/build-integration-canary.sh
canary::golang::latest
fi
- name: "Install go"
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true

- name: "Run golangci-lint"
uses: golangci/golangci-lint-action@v6
with:
args: --verbose

# Go imports ordering applies to all platforms, so, only run it once, for linux / no canary
- name: "Verify imports ordering"
if: ${{ inputs.goos == 'linux' && ! inputs.canary }}
run: |
go install github.com/incu6us/goimports-reviser/v3@latest
make lint-imports
Loading

0 comments on commit d3fc11c

Please sign in to comment.