Skip to content
Control Plane CI

fix: Bump Go 1.26.1 to 1.26.2 for 6 stdlib CVEs (#2170) #756

Sign in to view logs

fix: Bump Go 1.26.1 to 1.26.2 for 6 stdlib CVEs (#2170)

fix: Bump Go 1.26.1 to 1.26.2 for 6 stdlib CVEs (#2170) #756

Workflow file for this run

.github/workflows/control-plane-ci.yml at 5b3fed2
name: Control Plane CI
on:
push:
branches: [develop, main]
paths:
- 'api/proto/meridian/control_plane/**'
- 'api/jsonschema/**'
- 'services/control-plane/**'
- 'examples/manifests/**'
- 'cookbook/**'
- 'buf.gen.jsonschema.yaml'
- 'scripts/validate-manifest-jsonschema.sh'
- '.github/workflows/control-plane-ci.yml'
pull_request:
branches: [develop, main]
paths:
- 'api/proto/meridian/control_plane/**'
- 'api/jsonschema/**'
- 'services/control-plane/**'
- 'examples/manifests/**'
- 'cookbook/**'
- 'buf.gen.jsonschema.yaml'
- 'scripts/validate-manifest-jsonschema.sh'
- '.github/workflows/control-plane-ci.yml'
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
proto-compile:
name: Proto Compilation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version: '1.26.2'
cache: true
- name: Set up buf
uses: bufbuild/buf-action@v1
with:
setup_only: true
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Generate protobuf files
run: buf generate
- name: Install protoc-gen-jsonschema
run: |
go install github.com/chrusty/protoc-gen-jsonschema/cmd/protoc-gen-jsonschema@latest
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
- name: Generate JSON Schema from manifest proto
run: |
buf generate --template buf.gen.jsonschema.yaml --path api/proto/meridian/control_plane/v1/manifest.proto
mkdir -p api/jsonschema
cp api/jsonschema/meridian.control_plane.v1/Manifest.json api/jsonschema/manifest.v1.schema.json
rm -rf api/jsonschema/meridian.control_plane.v1
echo "JSON Schema generated: api/jsonschema/manifest.v1.schema.json"
schema-sync-check:
name: Schema Sync Check
runs-on: ubuntu-latest
needs: proto-compile
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version: '1.26.2'
cache: true
- name: Set up buf
uses: bufbuild/buf-action@v1
with:
setup_only: true
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Install protoc-gen-jsonschema
run: |
go install github.com/chrusty/protoc-gen-jsonschema/cmd/protoc-gen-jsonschema@latest
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
- name: Validate JSON Schema is in sync with proto
run: make validate-manifest-jsonschema
- name: Report schema drift
if: failure()
run: |
echo "::error::JSON Schema is out of sync with proto definition."
echo "::error::Run 'make proto-jsonschema' and commit the updated schema."
echo ""
echo "This check prevents manual editing of generated JSON Schema files."
echo "The source of truth is api/proto/meridian/control_plane/v1/manifest.proto."
manifest-validation:
name: Manifest Validation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version: '1.26.2'
cache: true
- name: Set up buf
uses: bufbuild/buf-action@v1
with:
setup_only: true
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Generate protobuf files
run: buf generate
- name: Download dependencies
run: go mod download
- name: Validate example manifests
run: make validate-manifests
- name: Report validation failures
if: failure()
run: |
echo "::error::Manifest or cookbook pattern validation failed."
echo "::error::Check the output above for specific validation errors."
echo ""
echo "Manifests are validated against:"
echo " - Protobuf schema constraints (field types, required fields)"
echo " - CEL expression type-checking (policy expressions)"
echo " - Starlark script compilation (saga scripts)"
echo " - Handler parameter validation (required params, types, enum values)"
echo " - Cross-reference integrity (instrument code references)"
echo ""
echo "Cookbook patterns (.star files) are validated against:"
echo " - Starlark syntax"
echo " - Handler parameter validation via schema-derived service modules"
unit-tests:
name: Control Plane Unit Tests
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version: '1.26.2'
cache: true
- name: Set up buf
uses: bufbuild/buf-action@v1
with:
setup_only: true
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Generate protobuf files
run: buf generate
- name: Download dependencies
run: go mod download
- name: Install gotestsum
run: go install gotest.tools/gotestsum@v1.13.0
- name: Run control plane tests
run: |
gotestsum --format testdox \
--junitfile control-plane-test-results.xml \
-- -short -race -v ./services/control-plane/...
- name: Upload test results
uses: actions/upload-artifact@v7
if: always()
with:
name: control-plane-test-results
path: control-plane-test-results.xml
retention-days: 30
integration-tests:
name: Control Plane Integration Tests
runs-on: ubuntu-latest
needs: unit-tests
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version: '1.26.2'
cache: true
- name: Set up buf
uses: bufbuild/buf-action@v1
with:
setup_only: true
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Generate protobuf files
run: buf generate
- name: Download dependencies
run: go mod download
- name: Run integration tests
run: go test -race -v -count=1 -run "Integration" ./services/control-plane/...
continue-on-error: true # No integration tests exist yet; remove when added
timeout-minutes: 10