Skip to content

Commit 2e1843c

Browse files
apostasieapostasie
committed
Restructure GHA workflows
Signed-off-by: apostasie <spam_blackhole@farcloser.world>
1 parent 5c06c7d commit 2e1843c

20 files changed

+1130
-754
lines changed

.github/workflows/environment.yml

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
name: Shared environment
2+
3+
on:
4+
workflow_call:
5+
outputs:
6+
GO_OLD:
7+
description: "oldest tested golang version"
8+
value: "1.23"
9+
GO_STABLE:
10+
description: "main supported golang version"
11+
value: "1.24"
12+
GO_CANARY:
13+
description: "canary golang version"
14+
value: canary
15+
RUNNER_WINDOWS_OLD:
16+
description: "windows old runner"
17+
value: windows-2019
18+
RUNNER_WINDOWS_STABLE:
19+
description: "windows stable runner"
20+
value: windows-2022
21+
RUNNER_WINDOWS_CANARY:
22+
description: "windows canary runner"
23+
value: windows-2025
24+
RUNNER_LINUX_OLD:
25+
description: "linux old runner"
26+
value: ubuntu-22.04
27+
RUNNER_LINUX_STABLE:
28+
description: "linux stable runner"
29+
value: ubuntu-24.04
30+
RUNNER_LINUX_AMD64_STABLE:
31+
description: "linux amd64 stable runner"
32+
value: ubuntu-24.04
33+
RUNNER_LINUX_ARM64_STABLE:
34+
description: "linux arm64 stable runner"
35+
value: ubuntu-24.04-arm
36+
RUNNER_LINUX_CANARY:
37+
description: "linux canary runner"
38+
value: ubuntu-24.04
39+
RUNNER_MACOS_OLD:
40+
description: "macos old runner"
41+
value: macos-13
42+
RUNNER_MACOS_STABLE:
43+
description: "macos stable runner"
44+
value: macos-14
45+
RUNNER_MACOS_CANARY:
46+
description: "macos canary runner"
47+
value: macos-15
48+
TIMEOUT_SHORT:
49+
description: "short timeout"
50+
value: "10"
51+
TIMEOUT_LONG:
52+
description: "long timeout"
53+
value: "40"
54+
GITHUB_TOKEN:
55+
description: "Github token"
56+
value: ""
57+
WINDOWS_CONTAINERD_VERSION:
58+
description: "containerd version for windows"
59+
value: "v2.0.4"
60+
WINDOWS_WINCNI_VERSION:
61+
description: "wincni version"
62+
value: "v0.3.1"
63+
WINDOWS_BUILDKIT_VERSION:
64+
description: "buildkit version"
65+
value: "v0.20.2"
66+
67+
jobs:
68+
blank:
69+
name: "environment"
70+
runs-on: ubuntu-24.04
71+
steps:
72+
- run: |
73+
echo "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
74+
echo "Environment setup complete"

.github/workflows/job-build-dependencies.yml

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
# This job pre-heats the cache for the test image by building all dependencies
2+
name: build-dependencies
3+
4+
on:
5+
workflow_call:
6+
inputs:
7+
timeout:
8+
required: true
9+
type: number
10+
runner-for-linux-amd:
11+
required: true
12+
type: string
13+
runner-for-linux-arm:
14+
required: true
15+
type: string
16+
containerd-version-stable:
17+
required: true
18+
type: string
19+
containerd-version-old:
20+
required: true
21+
type: string
22+
23+
jobs:
24+
# This job builds the dependency target of the test docker image for all supported architectures and cache it in GHA
25+
build-dependencies:
26+
name: "${{ matrix.containerd }} | ${{ matrix.runner == inputs.runner-for-linux-arm && 'arm64' || 'amd64' }}"
27+
timeout-minutes: ${{ inputs.timeout }}
28+
runs-on: "${{ matrix.runner }}"
29+
defaults:
30+
run:
31+
shell: bash
32+
33+
strategy:
34+
fail-fast: false
35+
matrix:
36+
# Build for arm & amd, current containerd
37+
runner: ["${{ inputs.runner-for-linux-amd }}", "${{ inputs.runner-for-linux-arm }}"]
38+
containerd: ${{ inputs.containerd-version-current }}
39+
# Additionally build for old containerd on amd
40+
include:
41+
- runner: ${{ inputs.runner-for-linux-amd }}
42+
containerd: ${{ inputs.containerd-version-old }}
43+
44+
steps:
45+
- name: "Init: checkout"
46+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
47+
with:
48+
fetch-depth: 1
49+
50+
- name: "Init: expose GitHub Runtime variables for gha"
51+
uses: crazy-max/ghaction-github-runtime@3cb05d89e1f492524af3d41a1c98c83bc3025124 # v3.1.0
52+
53+
- name: "Run: build dependencies for the integration test environment image"
54+
run: |
55+
arch=${{ matrix.runner == inputs.runner-for-linux-arm && 'arm64' || 'amd64' }}
56+
docker buildx create --name with-gha --use
57+
docker buildx build \
58+
--cache-to type=gha,compression=zstd,mode=max,scope=test-integration-dependencies-"$arch" \
59+
--cache-from type=gha,scope=test-integration-dependencies-"$arch" \
60+
--target build-dependencies --build-arg CONTAINERD_VERSION=${{ matrix.containerd }} .

.github/workflows/job-build.yml

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
# This job just builds nerdctl for the golang versions we support (as a smoke test)
2+
name: build
3+
4+
on:
5+
workflow_call:
6+
inputs:
7+
timeout:
8+
required: true
9+
type: number
10+
go-version-stable:
11+
required: true
12+
type: string
13+
go-version-old:
14+
required: true
15+
type: string
16+
runner:
17+
required: true
18+
type: string
19+
20+
jobs:
21+
build:
22+
name: ${{ format('go {0}', matrix.canary && 'canary' || matrix.go ) }}
23+
timeout-minutes: ${{ inputs.timeout }}
24+
runs-on: "${{ matrix.runner }}"
25+
defaults:
26+
run:
27+
shell: bash
28+
29+
strategy:
30+
fail-fast: false
31+
matrix:
32+
# Build for both old and stable go
33+
go: ["${{ inputs.go-version-old }}", "${{ inputs.go-version-stable }}"]
34+
canary: "false"
35+
# Additionally build for canary
36+
includes:
37+
go: ${{ inputs.go-version-stable }}
38+
canary: "true"
39+
40+
env:
41+
GO_VERSION: ${{ matrix.go }}
42+
43+
steps:
44+
- name: "Init: checkout"
45+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
46+
with:
47+
fetch-depth: 1
48+
49+
- if: ${{ matrix.canary == 'true' }}
50+
name: "Init: retrieve canary GO_VERSION"
51+
run: |
52+
. ./hack/github/golang.sh
53+
printf "GO_VERSION=%s\n" "$(go::canary::for::go-setup)" >> "$GITHUB_ENV"
54+
55+
- name: "Init: install go"
56+
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
57+
with:
58+
go-version: ${{ env.GO_VERSION }}
59+
check-latest: true
60+
61+
- name: "Run: make binaries"
62+
run: |
63+
# We officially support these
64+
GOOS=linux make binaries
65+
GOOS=windows make binaries
66+
GOOS=freebsd make binaries
67+
GOOS=darwin make binaries
68+
GOARCH=arm GOARM=7 make binaries
69+
70+
# These architectures are not released, but we still verify that we can at least compile
71+
GOARCH=arm GOARM=6 make binaries
72+
GOARCH=ppc64le make binaries
73+
GOARCH=riscv64 make binaries
74+
GOARCH=s390x make binaries

.github/workflows/job-lint-go.yml

Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,81 @@
1+
# This job runs golangci-lint
2+
# Note that technically, `make lint-go-all` would run the linter for all targets, and could be called once, on a single instance.
3+
# The point of running it on a matrix instead, each GOOS separately, is to verify that the tooling itself is working on the target OS.
4+
name: lint-go
5+
6+
on:
7+
workflow_call:
8+
inputs:
9+
timeout:
10+
required: true
11+
type: number
12+
go-version:
13+
required: true
14+
type: string
15+
runner-for-linux:
16+
required: true
17+
type: string
18+
runner-for-freebsd:
19+
required: true
20+
type: string
21+
runner-for-macos:
22+
required: true
23+
type: string
24+
runner-for-windows:
25+
required: true
26+
type: string
27+
28+
jobs:
29+
lint-go:
30+
name: ${{ format('{0}{1}', matrix.goos, matrix.canary && ' | canary' || '') }}
31+
timeout-minutes: ${{ inputs.timeout }}
32+
runs-on: "${{ matrix.runner }}"
33+
defaults:
34+
run:
35+
shell: bash
36+
37+
strategy:
38+
fail-fast: false
39+
matrix:
40+
canary: "false"
41+
include:
42+
- runner: ${{ inputs.runner-for-linux }}
43+
goos: linux
44+
- runner: ${{ inputs.runner-for-freebsd }}
45+
goos: freebsd
46+
- runner: ${{ inputs.runner-for-macos }}
47+
goos: darwin
48+
- runner: ${{ inputs.runner-for-windows }}
49+
goos: windows
50+
- runner: ${{ inputs.runner-for-linux }}
51+
goos: linux
52+
canary: "true"
53+
54+
env:
55+
GO_VERSION: ${{ inputs.go-version }}
56+
57+
steps:
58+
- name: "Init: checkout"
59+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
60+
with:
61+
fetch-depth: 1
62+
63+
- if: ${{ matrix.canary == 'true' }}
64+
name: "Init: retrieve canary GO_VERSION"
65+
run: |
66+
. ./hack/github/golang.sh
67+
printf "GO_VERSION=%s\n" "$(go::canary::for::go-setup)" >> "$GITHUB_ENV"
68+
69+
- name: "Init: install go"
70+
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
71+
with:
72+
go-version: ${{ env.GO_VERSION }}
73+
check-latest: true
74+
75+
- name: "Init: install dev-tools"
76+
run: |
77+
make install-dev-tools
78+
79+
- name: "Run"
80+
run: |
81+
NO_COLOR=true GOOS="${{ matrix.goos }}" make lint-go

.github/workflows/job-lint-other.yml

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
# This job runs any subsidiary linter not part of golangci (shell, yaml, etc)
2+
name: lint-other
3+
4+
on:
5+
workflow_call:
6+
inputs:
7+
timeout:
8+
required: true
9+
type: number
10+
go-version:
11+
required: true
12+
type: string
13+
runner:
14+
required: true
15+
type: string
16+
17+
jobs:
18+
lint-other:
19+
name: "yaml | shell"
20+
timeout-minutes: ${{ inputs.timeout }}
21+
runs-on: ${{ inputs.runner }}
22+
defaults:
23+
run:
24+
shell: bash
25+
26+
steps:
27+
- name: "Init: checkout"
28+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
29+
with:
30+
fetch-depth: 1
31+
32+
- name: "Init: install go"
33+
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
34+
with:
35+
go-version: ${{ inputs.go-version }}
36+
check-latest: true
37+
38+
- name: "Init: install dev-tools"
39+
run: |
40+
make install-dev-tools
41+
42+
- name: "Run: yaml"
43+
run: |
44+
make lint-yaml
45+
46+
- name: "Run: shell"
47+
run: |
48+
make lint-shell

.github/workflows/job-lint-project.yml

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
# This job runs containerd shared project-checks, that verifies licenses, headers, and commits.
2+
# To run locally, you may just use `make lint` instead, that does the same thing
3+
# (albeit `make lint` uses more modern versions).
4+
name: project-checks
5+
6+
on:
7+
workflow_call:
8+
inputs:
9+
timeout:
10+
required: true
11+
type: number
12+
go-version:
13+
required: true
14+
type: string
15+
runner:
16+
required: true
17+
type: string
18+
19+
jobs:
20+
project:
21+
name: "commits, licenses..."
22+
timeout-minutes: ${{ inputs.timeout }}
23+
runs-on: ${{ inputs.runner }}
24+
defaults:
25+
run:
26+
shell: bash
27+
28+
steps:
29+
- name: "Init: checkout"
30+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
31+
with:
32+
fetch-depth: 100
33+
path: src/github.com/containerd/nerdctl
34+
35+
- name: "Init: install go"
36+
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
37+
with:
38+
go-version: ${{ inputs.go-version }}
39+
check-latest: true
40+
cache-dependency-path: src/github.com/containerd/nerdctl
41+
42+
- name: "Run"
43+
uses: containerd/project-checks@d7751f3c375b8fe4a84c02a068184ee4c1f59bc4 # v1.2.2
44+
with:
45+
working-directory: src/github.com/containerd/nerdctl
46+
repo-access-token: ${{ secrets.GITHUB_TOKEN }}
47+
# go-licenses-ignore is set because go-licenses cannot detect the license of the following package:
48+
# * go-base36: Apache-2.0 OR MIT (https://github.com/multiformats/go-base36/blob/master/LICENSE.md)
49+
#
50+
# The list of the CNCF-approved licenses can be found here:
51+
# https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md
52+
go-licenses-ignore: |
53+
github.com/multiformats/go-base36

0 commit comments

Comments
 (0)