-
Notifications
You must be signed in to change notification settings - Fork 156
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CI: Travis -> GitHub Actions; Create Release Binaries and Container I…
…mages (#444) [![Checks](https://github.com/fastly/pebble/actions/workflows/checks.yml/badge.svg)](https://github.com/fastly/pebble/actions/workflows/checks.yml) [![Tests](https://github.com/fastly/pebble/actions/workflows/tests.yml/badge.svg)](https://github.com/fastly/pebble/actions/workflows/tests.yml) As a follow-on to #439 this change request implements the first step of building a new CI system for Pebble. As this is a testbed environment for Boulder, some of these changes may prove to be useful in the latter context. Per #434 (comment), GitHub Actions is a reasonable choice for a new CI implementation to supersede Travis. Much, but not all, of the existing functionality is present in this initial set of changes. Items currently implemented include: - Binary production of `pebble` and `challtestsrv` for platforms: - AMD64 - darwin - linux - windows - ARM64 - darwin - linux - windows - Multiplatform docker images published on the GitHub Container Registry for platforms: - linux/amd64 - linux/arm64 - windows/amd64 - Golang linting. - Golang coverage. - Local test scripts for Go and Docker: - `./build.sh` - `./docker.sh` - `./test.sh` This PR also adds a `-version` flag to Pebble, which is set during release build to the Git commit ref. This change builds on earlier work done in #379 and #442.
- Loading branch information
Showing
17 changed files
with
307 additions
and
320 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,2 @@ | ||
.git | ||
pebble.exe | ||
pebble | ||
/pebble | ||
/pebble.exe |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,53 +1,48 @@ | ||
name: Checks | ||
|
||
# Run on push to main and any pull request. | ||
on: | ||
push: | ||
branches: | ||
- main | ||
pull_request: | ||
|
||
permissions: | ||
checks: write # Allow write access to checks to allow annotation of code in the PR. | ||
contents: read | ||
pull-requests: read | ||
|
||
env: | ||
CGO_ENABLED: 0 | ||
GO_VERSION: stable | ||
GOLANGCI_LINT_VERSION: v1.56.2 | ||
SHELLCHECK_SCRIPTS: ./*.sh | ||
jobs: | ||
|
||
checks: | ||
name: Check Process | ||
go-lint-checks: | ||
runs-on: ubuntu-latest | ||
env: | ||
GO_VERSION: oldstable | ||
GOLANGCI_LINT_VERSION: v1.56.2 | ||
CGO_ENABLED: 0 | ||
|
||
steps: | ||
|
||
- name: Check out code | ||
uses: actions/checkout@v4 | ||
- uses: actions/checkout@v4 | ||
- uses: actions/setup-go@v5 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Set up Go | ||
uses: actions/setup-go@v5 | ||
go-version: ${{ env.GO_VERSION }} | ||
- name: Run GolangCI-Lint | ||
uses: golangci/golangci-lint-action@v4 | ||
with: | ||
# skip cache because of flaky behaviors | ||
skip-build-cache: true | ||
skip-pkg-cache: true | ||
version: ${{ env.GOLANGCI_LINT_VERSION }} | ||
go-mod-checks: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/setup-go@v5 | ||
with: | ||
go-version: ${{ env.GO_VERSION }} | ||
|
||
- name: Check and get dependencies | ||
- name: Check if go.mod is tidy | ||
run: | | ||
go mod tidy | ||
git diff --exit-code go.mod | ||
git diff --exit-code go.sum | ||
- name: vendoring | ||
run: go mod vendor | ||
|
||
- name: vendoring diff | ||
run: git diff --exit-code vendor/ | ||
|
||
# https://golangci-lint.run/usage/install#other-ci | ||
- name: Install golangci-lint ${{ env.GOLANGCI_LINT_VERSION }} | ||
git diff --exit-code go.mod go.sum || | ||
(echo "::error::go.mod and go.sum need to be tidy" && exit 1) | ||
- name: Check if vendor directory is up to date | ||
run: | | ||
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION} | ||
golangci-lint run | ||
go mod vendor | ||
git diff --exit-code vendor || | ||
(echo "::error::vendor directory needs to be updated" && exit 1) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,38 +1,34 @@ | ||
name: Go Matrix | ||
name: Go Build Matrix | ||
on: | ||
push: | ||
branches: | ||
- main | ||
pull_request: | ||
|
||
permissions: | ||
contents: read | ||
pull-requests: read | ||
|
||
jobs: | ||
|
||
cross: | ||
name: Build | ||
name: Build on ${{ matrix.os }} with Go ${{ matrix.go-version }} | ||
runs-on: ${{ matrix.os }} | ||
env: | ||
CGO_ENABLED: 0 | ||
|
||
strategy: | ||
matrix: | ||
go-version: [ oldstable, stable ] | ||
os: [ubuntu-latest, macos-latest, windows-latest] | ||
|
||
go-version: | ||
- oldstable | ||
- stable | ||
os: | ||
- ubuntu-latest | ||
- macos-14 # M1 runners | ||
- macos-latest | ||
- windows-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Set up Go | ||
uses: actions/setup-go@v5 | ||
with: | ||
go-version: ${{ matrix.go-version }} | ||
|
||
- name: Build pebble | ||
run: go build -v -ldflags "-s -w" -trimpath -o pebble ./cmd/pebble | ||
|
||
- name: Build pebble-challtestsrv | ||
run: go build -v -ldflags "-s -w" -trimpath -o pebble-challtestsrv ./cmd/pebble-challtestsrv | ||
- name: Build the module | ||
run: go build -v ./... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,157 @@ | ||
name: Build Release | ||
# Run on semver tags. | ||
on: | ||
push: | ||
tags: | ||
- "v[0-9]+.[0-9]+.[0-9]+" | ||
permissions: | ||
contents: read | ||
packages: write # Allow docker/build-push-action to publish to GitHub Container Registry | ||
env: | ||
DOCKER_PLATFORMS: linux/amd64, linux/arm64, windows/amd64 | ||
DOCKER_IMAGE_BASENAME: ghcr.io/${{ github.repository_owner }} | ||
jobs: | ||
go-build: | ||
env: | ||
CGO_ENABLED: 0 | ||
GOARCH: ${{ matrix.go-arch }} | ||
GOOS: ${{ matrix.go-os }} | ||
LDFLAGS: -s -w -X 'main.version=${{ github.ref_name }} (${{ github.sha }})' | ||
OUTPUTDIR: /tmp/dist/${{ matrix.go-os }}/${{ matrix.go-arch }} | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
app: | ||
- pebble | ||
- pebble-challtestsrv | ||
go-arch: | ||
- amd64 | ||
- arm64 | ||
go-os: | ||
- darwin | ||
- linux | ||
- windows | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/setup-go@v5 | ||
with: | ||
check-latest: true | ||
go-version-file: go.mod | ||
- name: Build ${{ matrix.app }} for ${{ matrix.go-os }}/${{ matrix.go-arch }} | ||
run: | | ||
go build \ | ||
-ldflags="${LDFLAGS}" \ | ||
-o "${OUTPUTDIR}/" \ | ||
-trimpath \ | ||
-v \ | ||
./cmd/${{ matrix.app }} | ||
- name: Display ${{ matrix.app }} artifacts | ||
run: tree /tmp/dist | ||
- name: Store ${{ matrix.app }} artifacts | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: ${{ matrix.app }}-${{ matrix.go-os }}-${{ matrix.go-arch }} | ||
path: /tmp/dist | ||
docker-build: | ||
needs: | ||
- go-build | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
app: | ||
- pebble | ||
- pebble-challtestsrv | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Download ${{ matrix.app }} artifacts | ||
uses: actions/download-artifact@v4 | ||
with: | ||
merge-multiple: true | ||
path: /tmp/dist | ||
pattern: ${{ matrix.app }}-*-* | ||
- name: Display ${{ matrix.app }} artifacts | ||
run: tree /tmp/dist | ||
- name: Docker meta | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: ${{ env.DOCKER_IMAGE_BASENAME }}/${{ matrix.app }} | ||
# generate Docker tags based on the following events/attributes | ||
tags: | | ||
type=semver,pattern={{major}} | ||
type=semver,pattern={{major}}.{{minor}} | ||
type=semver,pattern={{version}} | ||
type=sha | ||
type=raw,value=latest | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Login to GitHub Container Registry | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Build and push ${{ github.repository }}/${{ matrix.app }} for ${{ env.DOCKER_PLATFORMS }} | ||
uses: docker/build-push-action@v5 | ||
with: | ||
build-args: APP=${{ matrix.app }} | ||
build-contexts: dist-files=/tmp/dist | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max | ||
file: Dockerfile.release | ||
labels: ${{ steps.meta.outputs.labels }} | ||
platforms: ${{ env.DOCKER_PLATFORMS }} | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
docker-version: | ||
needs: | ||
- docker-build | ||
runs-on: ${{ matrix.docker-os }} | ||
strategy: | ||
matrix: | ||
docker-os: | ||
- ubuntu-latest | ||
- windows-latest | ||
steps: | ||
- name: Login to GitHub Container Registry | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Display pebble version in container image | ||
run: docker run ${{ env.DOCKER_IMAGE_BASENAME }}/pebble:latest -version | ||
create-release: | ||
needs: | ||
- go-build | ||
permissions: | ||
contents: write # Allow creation of a release | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Download build artifacts | ||
uses: actions/download-artifact@v4 | ||
- name: Display build artifacts | ||
run: tree . | ||
- name: Create release | ||
# https://cli.github.com/manual/gh_release_create | ||
env: | ||
GITHUB_TOKEN: ${{ github.token }} | ||
run: | | ||
gh release create ${{ github.ref_name }} \ | ||
--repo ${{ github.repository }} \ | ||
--title "${{ github.ref_name }}" \ | ||
--verify-tag | ||
continue-on-error: true | ||
- name: Upload release files | ||
# https://cli.github.com/manual/gh_release_upload | ||
env: | ||
GITHUB_TOKEN: ${{ github.token }} | ||
run: | | ||
for artifact in *; do | ||
tar czf ${artifact}.tar.gz ${artifact} | ||
zip -r ${artifact}.zip ${artifact} | ||
gh release upload ${{ github.ref_name }} ${artifact}.* \ | ||
--repo ${{ github.repository }}; | ||
done |
Oops, something went wrong.