Detect external bootc status changes via fsnotify (milestone 4d) #109
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| tags: ["v*"] | |
| pull_request: | |
| branches: [main] | |
| env: | |
| BINK_COMMIT: 8e49f3b0cf751c1b31221d93fd07fffb2842ff93 | |
| permissions: {} | |
| concurrency: | |
| group: ci-${{ github.head_ref || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| unit: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Go | |
| uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true # zizmor: ignore[cache-poisoning] | |
| - name: Check generated files | |
| run: | | |
| make fmt manifests generate | |
| git diff --exit-code || { echo "Run 'make fmt manifests generate' and commit the results"; exit 1; } | |
| - name: Unit tests | |
| run: make unit | |
| - name: Vet | |
| run: make vet | |
| - name: Lint | |
| run: make lint | |
| build-bink: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout bink | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| repository: alicefr/bink | |
| ref: ${{ env.BINK_COMMIT }} | |
| persist-credentials: false | |
| - name: Set up Go | |
| uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true # zizmor: ignore[cache-poisoning] | |
| - name: Install build dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| libgpgme-dev \ | |
| libbtrfs-dev \ | |
| libdevmapper-dev \ | |
| pkg-config | |
| - name: Build bink | |
| run: make build-bink | |
| - name: Upload bink binary | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: bink | |
| path: bink | |
| e2e: | |
| runs-on: ubuntu-latest | |
| needs: build-bink | |
| timeout-minutes: 30 | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| IMAGE: ghcr.io/${{ github.repository }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Download bink binary | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bink | |
| path: /usr/local/bin | |
| - name: Make bink executable | |
| run: chmod +x /usr/local/bin/bink | |
| - name: Set up Go | |
| uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true # zizmor: ignore[cache-poisoning] | |
| - name: Set up KVM | |
| run: sudo chmod 666 /dev/kvm | |
| - name: Configure kernel | |
| run: | | |
| # Unload AppArmor profiles — the passt profile blocks remount | |
| # operations needed for passt's self-sandboxing inside containers. | |
| sudo aa-teardown 2>/dev/null || true | |
| # Allow unprivileged user namespace creation (needed by passt | |
| # inside containers). | |
| sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 | |
| - name: Enable KSM | |
| run: | | |
| sudo sh -c 'echo 1 > /sys/kernel/mm/ksm/run' | |
| sudo sh -c 'echo 5000 > /sys/kernel/mm/ksm/pages_to_scan' | |
| - name: Install system dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y podman | |
| - name: Start podman socket | |
| run: systemctl --user start podman.socket | |
| - name: Build operator image | |
| run: make buildimg | |
| - name: Start bink cluster | |
| run: make start-bink | |
| - name: Deploy to bink cluster | |
| run: make deploy-bink | |
| - name: Gather deploy logs | |
| if: failure() | |
| run: make gather-bink | |
| - name: Run e2e tests | |
| run: make e2e V=1 | |
| - name: Upload logs | |
| if: always() | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: e2e-logs | |
| path: _output/logs/ | |
| if-no-files-found: ignore | |
| - name: Push to GHCR | |
| if: github.event_name == 'push' | |
| env: | |
| ACTOR: ${{ github.actor }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SHA: ${{ github.sha }} | |
| REF: ${{ github.ref }} | |
| REF_NAME: ${{ github.ref_name }} | |
| run: | | |
| podman login -u "${ACTOR}" -p "${GH_TOKEN}" ghcr.io | |
| podman push bootc-operator:dev "${IMAGE}":dev | |
| podman push bootc-operator:dev "${IMAGE}":"${SHA}" | |
| if [[ "${REF}" == refs/tags/v* ]]; then | |
| podman push bootc-operator:dev "${IMAGE}":"${REF_NAME}" | |
| fi | |
| if [[ "${REF}" == refs/heads/main ]]; then | |
| podman push bootc-operator:dev "${IMAGE}":latest | |
| fi |