From 740cf500fdcf88b17a82f9ba46f911463aec88d7 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Fri, 15 Jul 2022 13:55:18 +0300 Subject: [PATCH 1/9] workflows: simplify build configuration, use OS matrix --- .github/workflows/build.yml | 113 +++++++----------------------------- 1 file changed, 22 insertions(+), 91 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a895af440..41879e1de 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -19,9 +19,12 @@ env: GO111MODULE: "on" jobs: - build_cli_ubuntu: - name: Build CLI (Ubuntu) - runs-on: ubuntu-20.04 + build_cli: + name: Build CLI + runs-on: ${{matrix.os}} + strategy: + matrix: + os: [ubuntu-20.04, windows-2022] steps: - uses: actions/checkout@v2 @@ -50,48 +53,17 @@ jobs: - name: Upload artifact uses: actions/upload-artifact@v2 with: - name: neo-go-binaries-ubuntu - path: ./bin/neo-go + name: neo-go-binaries + path: ./bin/neo-go* if-no-files-found: error - build_cli_wsc: - name: Build CLI (Windows Server Core) - runs-on: windows-2022 - - steps: - - uses: actions/checkout@v2 - with: - ref: ${{ github.event.inputs.ref }} - fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.18 - - - name: Restore Go modules from cache - uses: actions/cache@v2 - with: - path: /home/runner/go/pkg/mod - key: deps-${{ hashFiles('go.sum') }} - - - name: Update Go modules - run: go mod download -json - - - name: Build CLI - run: make build - - - name: Upload artifact - uses: actions/upload-artifact@v2 - with: - name: neo-go-binaries-wsc - path: ./bin/neo-go.exe - if-no-files-found: error - - build_image_ubuntu: - needs: build_cli_ubuntu - name: Build Docker image (Ubuntu) - runs-on: ubuntu-20.04 + build_image: + needs: build_cli + name: Build Docker image + runs-on: ${{matrix.os}} + strategy: + matrix: + os: [ubuntu-20.04, windows-2022] steps: - uses: actions/checkout@v2 @@ -108,54 +80,13 @@ jobs: - name: Build Docker image run: make image - build_image_wsc: - needs: build_cli_wsc - name: Build Docker image (Windows Server Core) - runs-on: windows-2022 - - steps: - - uses: actions/checkout@v2 - with: - ref: ${{ github.event.inputs.ref }} - fetch-depth: 0 - - # For proper `deps` make target execution. - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.18 - - - name: Build Docker image - run: make image - - build_privnet_image_ubuntu: - needs: build_cli_ubuntu - name: Build privnet Docker image (Ubuntu) - runs-on: ubuntu-20.04 - - steps: - - uses: actions/checkout@v2 - with: - ref: ${{ github.event.inputs.ref }} - fetch-depth: 0 - - # For proper `deps` make target execution. - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.18 - - # For information purposes. - - name: Print Docker version - run: docker --version - - - name: Build privnet Docker image - run: make env_image - - build_privnet_image_wsc: - needs: build_cli_wsc - name: Build privnet Docker image (Windows Server Core) - runs-on: windows-2022 + build_privnet_image: + needs: build_cli + name: Build privnet Docker image + runs-on: ${{matrix.os}} + strategy: + matrix: + os: [ubuntu-20.04, windows-2022] steps: - uses: actions/checkout@v2 From 16083459b828fa0a1bb234fcf906df4c93875098 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Fri, 15 Jul 2022 13:56:08 +0300 Subject: [PATCH 2/9] workflows: add MacOS CLI build and test configurations Unfortunately, the default MacOS runner produces amd64 binaries, therefore we need to set GOARCH appropriately. At the same time, docker image will be linux/arm64, so we can build it as well. --- .github/workflows/build.yml | 10 ++++++++-- .github/workflows/run_tests.yml | 8 ++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 41879e1de..016de7845 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -24,7 +24,11 @@ jobs: runs-on: ${{matrix.os}} strategy: matrix: - os: [ubuntu-20.04, windows-2022] + os: [ubuntu-20.04, windows-2022, macos-12] + arch: [amd64, arm64] + exclude: + - os: windows-2022 + arch: 'arm64' steps: - uses: actions/checkout@v2 @@ -49,11 +53,13 @@ jobs: - name: Build CLI run: make build + env: + GOARCH: ${{ matrix.arch }} - name: Upload artifact uses: actions/upload-artifact@v2 with: - name: neo-go-binaries + name: neo-go-${{ matrix.os }}-${{ matrix.arch }} path: ./bin/neo-go* if-no-files-found: error diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index 250d9882a..d08cdc32c 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -82,14 +82,18 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - os: [ubuntu-20.04, windows-2022] + os: [ubuntu-20.04, windows-2022, macos-12] go_versions: [ '1.16', '1.17', '1.18' ] exclude: - # Only latest Go version for Windows. + # Only latest Go version for Windows and MacOS. - os: windows-2022 go_versions: '1.16' - os: windows-2022 go_versions: '1.17' + - os: macos-12 + go_versions: '1.16' + - os: macos-12 + go_versions: '1.17' # Exclude latest Go version for Ubuntu as Coverage uses it. - os: ubuntu-20.04 go_versions: '1.18' From 4822728f5d48f84aba9e3f0f7cec97522dd92a46 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Mon, 18 Jul 2022 17:35:36 +0300 Subject: [PATCH 3/9] Makefile: drop obsolete targets They're not used at least since 2019. --- Makefile | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/Makefile b/Makefile index 9c8b4fcb6..dd8bb62ff 100644 --- a/Makefile +++ b/Makefile @@ -24,7 +24,7 @@ IMAGE_REPO=nspccdev/neo-go # All of the targets are phony here because we don't really use make dependency # tracking for files -.PHONY: build $(BINARY) deps image docker/$(BINARY) image-latest image-push image-push-latest check-version clean-cluster push-tag \ +.PHONY: build $(BINARY) deps image docker/$(BINARY) image-latest image-push image-push-latest clean-cluster \ test vet lint fmt cover build: deps @@ -86,21 +86,12 @@ image-push-latest: @echo "=> Publish image for Ubuntu with 'latest' tag" @docker push $(IMAGE_REPO):latest -check-version: - git fetch && (! git rev-list ${VERSION}) - deps: @CGO_ENABLED=0 \ go mod download @CGO_ENABLED=0 \ go mod tidy -v -push-tag: - git checkout ${BRANCH} - git pull origin ${BRANCH} - git tag ${VERSION} - git push origin ${VERSION} - test: @go test ./... -cover From b8b85ce911af65699a5a90dca8748ff8a1b7c171 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Mon, 18 Jul 2022 19:14:42 +0300 Subject: [PATCH 4/9] workflows/Makefile: build Docker image for MacOS We build multiarch linux/amd64 and linux/arm64, because MacOS runner can't build docker images and even if it could that'd be linux/amd64 while we want linux/arm64 for Apple CPUs. Unfortunately, given the way GitHub workflows work we can't avoid using a Makefile helper, there is no easy way to set variables conditionally and/or use some logic to affect their contents. We reintroduce build_image_wsc as well here because Windows images can't be built with buildx using GitHub runners. --- .github/workflows/build.yml | 40 +++++++++++++++++++++++++++++++++---- Makefile | 11 +++++++++- 2 files changed, 46 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 016de7845..003d14989 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -66,10 +66,39 @@ jobs: build_image: needs: build_cli name: Build Docker image - runs-on: ${{matrix.os}} - strategy: - matrix: - os: [ubuntu-20.04, windows-2022] + runs-on: ubuntu-20.04 + + steps: + - uses: actions/checkout@v2 + with: + ref: ${{ github.event.inputs.ref }} + fetch-depth: 0 + + - name: Set up QEMU + if: runner.os != 'Windows' + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Set vars + id: setvars + run: make gh-docker-vars + + - name: Build and push + uses: docker/build-push-action@v3 + with: + push: false + platforms: linux/amd64,linux/arm64 + build-args: | + REPO=${{ steps.setvars.outputs.repo }} + VERSION=${{ steps.setvars.outputs.version }} + tags: ${{ steps.setvars.outputs.repo }}:${{ steps.setvars.outputs.version }}${{ steps.setvars.outputs.suffix }} + + build_image_wsc: + needs: build_cli + name: Build Docker image (Windows Server Core) + runs-on: windows-2022 steps: - uses: actions/checkout@v2 @@ -100,6 +129,9 @@ jobs: ref: ${{ github.event.inputs.ref }} fetch-depth: 0 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + # For proper `deps` make target execution. - name: Set up Go uses: actions/setup-go@v2 diff --git a/Makefile b/Makefile index dd8bb62ff..3ad6298c0 100644 --- a/Makefile +++ b/Makefile @@ -25,7 +25,7 @@ IMAGE_REPO=nspccdev/neo-go # All of the targets are phony here because we don't really use make dependency # tracking for files .PHONY: build $(BINARY) deps image docker/$(BINARY) image-latest image-push image-push-latest clean-cluster \ - test vet lint fmt cover + test vet lint fmt cover version gh-docker-vars build: deps @echo "=> Building binary" @@ -92,6 +92,15 @@ deps: @CGO_ENABLED=0 \ go mod tidy -v +version: + @echo $(VERSION) + +gh-docker-vars: + @echo "::set-output name=file::$(D_FILE)" + @echo "::set-output name=version::$(VERSION)" + @echo "::set-output name=repo::$(REPO)" + @echo "::set-output name=suffix::$(IMAGE_SUFFIX)" + test: @go test ./... -cover From bc6787f17c5f7e68ea0c6ba75fdd32d7b165b4f2 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Tue, 19 Jul 2022 14:41:53 +0300 Subject: [PATCH 5/9] workflows: don't build privnet image It only differs from non-privnet by tag, it doesn't make sense rebuilding the same things over and over again. --- .github/workflows/build.yml | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 003d14989..c5c5be923 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -114,33 +114,3 @@ jobs: - name: Build Docker image run: make image - - build_privnet_image: - needs: build_cli - name: Build privnet Docker image - runs-on: ${{matrix.os}} - strategy: - matrix: - os: [ubuntu-20.04, windows-2022] - - steps: - - uses: actions/checkout@v2 - with: - ref: ${{ github.event.inputs.ref }} - fetch-depth: 0 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - # For proper `deps` make target execution. - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.18 - - # For information purposes. - - name: Print Docker version - run: docker --version - - - name: Build privnet Docker image - run: make env_image From 7b6f23ee7e14cb09d1ac89ce70a4dcd5d79ce44a Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Wed, 20 Jul 2022 13:36:00 +0300 Subject: [PATCH 6/9] workflows: move docker push logic to the Build workflow publish_to_dockerhub.yml duplicated build.yml and run_tests.yml in many ways. We always want to build docker images, it's just that we don't push them on every occasion and there is some additional logic around the latest tag. We also want to publish multiarch images now, so all of this logic better be consolidated in one workflow. It doesn't depend on tests, since we only publish on release or on manual run, so it's known to be good. --- .github/workflows/build.yml | 45 +++++- .github/workflows/publish_to_dockerhub.yml | 169 --------------------- 2 files changed, 41 insertions(+), 173 deletions(-) delete mode 100644 .github/workflows/publish_to_dockerhub.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c5c5be923..9d2f47d63 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,12 +8,28 @@ on: paths-ignore: - 'scripts/**' - '**/*.md' + push: + # Build for the master branch. + branches: + - master + release: + # Publish released commit as Docker `latest` and `git_revision` images. + types: + - published workflow_dispatch: inputs: ref: description: 'Ref to build CLI for Ubuntu and Windows Server Core [default: latest master; examples: v0.92.0, 0a4ff9d3e4a9ab432fd5812eb18c98e03b5a7432]' required: false default: '' + push_image: + description: 'Push images to DockerHub [default: false; examples: true, false]' + required: false + default: 'false' + use_latest_tag: + description: 'Use `latest` tag while pushing images to DockerHub (applied to Ubuntu image only) [default: false; examples: true, false]' + required: false + default: 'false' env: GO111MODULE: "on" @@ -65,7 +81,7 @@ jobs: build_image: needs: build_cli - name: Build Docker image + name: Build and push docker image runs-on: ubuntu-20.04 steps: @@ -81,23 +97,34 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + - name: Set vars id: setvars run: make gh-docker-vars + - name: Set latest tag + id: setlatest + if: ${{ (github.event_name == 'release' && github.event.release.target_commitish == 'master') || (github.event_name == 'workflow_dispatch' && github.event.inputs.push_image == 'true' && github.event.inputs.use_latest_tag == 'true') }} + run: echo "::set-output name=latest::,${{ steps.setvars.outputs.repo }}:latest" + - name: Build and push uses: docker/build-push-action@v3 with: - push: false + push: ${{ github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && github.event.inputs.push_image == 'true') }} platforms: linux/amd64,linux/arm64 build-args: | REPO=${{ steps.setvars.outputs.repo }} VERSION=${{ steps.setvars.outputs.version }} - tags: ${{ steps.setvars.outputs.repo }}:${{ steps.setvars.outputs.version }}${{ steps.setvars.outputs.suffix }} + tags: ${{ steps.setvars.outputs.repo }}:${{ steps.setvars.outputs.version }}${{ steps.setvars.outputs.suffix }}${{ steps.setlatest.outputs.latest }} build_image_wsc: needs: build_cli - name: Build Docker image (Windows Server Core) + name: Build and push docker image (Windows Server Core) runs-on: windows-2022 steps: @@ -112,5 +139,15 @@ jobs: with: go-version: 1.18 + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + - name: Build Docker image run: make image + + - name: Push image to registry + if: ${{ github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && github.event.inputs.push_image == 'true') }} + run: make image-push diff --git a/.github/workflows/publish_to_dockerhub.yml b/.github/workflows/publish_to_dockerhub.yml deleted file mode 100644 index d8cf5e969..000000000 --- a/.github/workflows/publish_to_dockerhub.yml +++ /dev/null @@ -1,169 +0,0 @@ -name: Push images to DockerHub - -# Controls when the action will run. -on: - push: - # Publish `master` as Docker `latest` and `git_revision` images. - branches: - - master - release: - # Publish released commit as Docker `latest` and `git_revision` images. - types: - - published - - # Allows to run this workflow manually from the Actions tab. - workflow_dispatch: - inputs: - ref: - description: 'Ref to build Docker images for Ubuntu and Windows Server Core [default: latest master; examples: v0.92.0, 0a4ff9d3e4a9ab432fd5812eb18c98e03b5a7432]' - required: false - default: '' - push_image: - description: 'Push images to DockerHub [default: false; examples: true, false]' - required: false - default: 'false' - use_latest_tag: - description: 'Use `latest` tag while pushing images to DockerHub (applied to Ubuntu image only) [default: false; examples: true, false]' - required: false - default: 'false' - -# Environment variables. -env: - GO111MODULE: "on" - -# A workflow run. -jobs: - tests_ubuntu: - name: Run Ubuntu-based tests before publishing - runs-on: ubuntu-20.04 - - steps: - - uses: actions/checkout@v2 - with: - ref: ${{ github.event.inputs.ref }} - # Allows to fetch all history for all branches and tags. Need this for proper versioning. - fetch-depth: 0 - - - name: Sync VM submodule - run: | - git submodule sync - git submodule update --init - - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.18 - - - name: Restore go modules from cache - uses: actions/cache@v2 - with: - path: /home/runner/go/pkg/mod - key: deps-${{ hashFiles('go.sum') }} - - - name: Update Go modules - run: go mod download -json - - - name: Run tests - run: make test - publish_ubuntu: - # Ensure test job passes before pushing image. - needs: tests_ubuntu - name: Publish Ubuntu-based image to DockerHub - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - with: - ref: ${{ github.event.inputs.ref }} - # Allows to fetch all history for all branches and tags. Need this for proper versioning. - fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.18 - - - name: Build image - run: make image - - - name: Build image with 'latest' tag - if: ${{ (github.event_name == 'release' && github.event.release.target_commitish == 'master') || (github.event_name == 'workflow_dispatch' && github.event.inputs.push_image == 'true' && github.event.inputs.use_latest_tag == 'true') }} - run: make image-latest - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - - - name: Push image to registry - if: ${{ github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && github.event.inputs.push_image == 'true') }} - run: make image-push - - - name: Push image with 'latest' tag to registry - if: ${{ (github.event_name == 'release' && github.event.release.target_commitish == 'master') || (github.event_name == 'workflow_dispatch' && github.event.inputs.push_image == 'true' && github.event.inputs.use_latest_tag == 'true') }} - run: make image-push-latest - - tests_wsc: - name: Run WindowsServerCore-based tests before publishing - runs-on: windows-2022 - - steps: - - uses: actions/checkout@v2 - with: - ref: ${{ github.event.inputs.ref }} - # Allows to fetch all history for all branches and tags. Need this for proper versioning. - fetch-depth: 0 - - - name: Sync VM submodule - run: | - git submodule sync - git submodule update --init - - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.18 - - - name: Restore go modules from cache - uses: actions/cache@v2 - with: - path: /home/runner/go/pkg/mod - key: deps-${{ hashFiles('go.sum') }} - - - name: Update Go modules - run: go mod download -json - - - name: Run tests - run: make test - publish_wsc: - # Ensure test job passes before pushing image. - needs: tests_wsc - name: Publish WindowsServerCore-based image to DockerHub - runs-on: windows-2022 - steps: - - uses: actions/checkout@v2 - with: - ref: ${{ github.event.inputs.ref }} - # Allows to fetch all history for all branches and tags. Need this for proper versioning. - fetch-depth: 0 - - - name: Show docker images - run: docker images - - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.18 - - - name: Build image - run: make image - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - - - name: Push image to registry - if: ${{ github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && github.event.inputs.push_image == 'true') }} - run: make image-push From 7dd21bc7e43596b6221bb5c32ad9af2285218d4c Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Wed, 20 Jul 2022 17:26:17 +0300 Subject: [PATCH 7/9] tests: merge CodeQL workflow into Tests, run tests on push 1. CodeQL is just one of the tests, it doesn't need a separate workflow. 2. It doesn't make a lot of sense running it daily, every push to the master branch deserves a scan. 3. And every push deserves a test run as well. --- .github/workflows/codeql-analysis.yml | 67 --------------------------- .github/workflows/run_tests.yml | 47 +++++++++++++++++++ 2 files changed, 47 insertions(+), 67 deletions(-) delete mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index b88d3cb8e..000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,67 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: [ master, master-2.x ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ master ] - schedule: - - cron: '35 8 * * 1' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - language: [ 'go' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index d08cdc32c..1cdac0461 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -1,6 +1,8 @@ name: Tests on: + push: + branches: [ master ] pull_request: branches: - master @@ -37,6 +39,51 @@ jobs: run: | ./scripts/check_deps.sh + codeql: + name: CodeQL + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + language: [ 'go' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + test_cover: name: Coverage runs-on: ubuntu-20.04 From cbf6a2940f11321c59a6174d4371c27c5ed280a0 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Wed, 20 Jul 2022 19:19:51 +0300 Subject: [PATCH 8/9] workflows: update setup-go to v3 Use built-in cache, simplify steps. --- .github/workflows/build.yml | 12 ++++-------- .github/workflows/run_tests.yml | 18 ++++-------------- 2 files changed, 8 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9d2f47d63..313d3dab4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -54,15 +54,10 @@ jobs: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: 1.18 - - - name: Restore Go modules from cache - uses: actions/cache@v2 - with: - path: /home/runner/go/pkg/mod - key: deps-${{ hashFiles('go.sum') }} + cache: true - name: Update Go modules run: go mod download -json @@ -135,9 +130,10 @@ jobs: # For proper `deps` make target execution. - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: 1.18 + cache: true - name: Login to DockerHub uses: docker/login-action@v2 diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index 1cdac0461..7954ba104 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -101,15 +101,10 @@ jobs: git submodule update --init - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: 1.18 - - - name: Restore Go modules from cache - uses: actions/cache@v2 - with: - path: /home/runner/go/pkg/mod - key: deps-${{ hashFiles('go.sum') }} + cache: true - name: Update Go modules run: go mod download -json @@ -151,15 +146,10 @@ jobs: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: '${{ matrix.go_versions }}' - - - name: Restore Go modules from cache - uses: actions/cache@v2 - with: - path: /home/runner/go/pkg/mod - key: deps-${{ hashFiles('go.sum') }} + cache: true - name: Update Go modules run: go mod download -json From ec77e8a4fad31dc643a96998f86014d63825486a Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Wed, 20 Jul 2022 19:21:40 +0300 Subject: [PATCH 9/9] workflows: use checkout@v3 No functional changes, but let's be up to date. --- .github/workflows/build.yml | 6 +++--- .github/workflows/run_tests.yml | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 313d3dab4..c53bdaae7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -47,7 +47,7 @@ jobs: arch: 'arm64' steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: ref: ${{ github.event.inputs.ref }} # Allows to fetch all history for all branches and tags. Need this for proper versioning. @@ -80,7 +80,7 @@ jobs: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: ref: ${{ github.event.inputs.ref }} fetch-depth: 0 @@ -123,7 +123,7 @@ jobs: runs-on: windows-2022 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: ref: ${{ github.event.inputs.ref }} fetch-depth: 0 diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index 7954ba104..adef34a96 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: golangci-lint uses: golangci/golangci-lint-action@v2 with: @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: fetch-depth: 0 - name: Check dependencies @@ -53,7 +53,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL @@ -91,7 +91,7 @@ jobs: env: CGO_ENABLED: 0 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: fetch-depth: 0 @@ -141,7 +141,7 @@ jobs: go_versions: '1.18' fail-fast: false steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: fetch-depth: 0