Use larger runner for (most) integration test suites #3478
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| source_policy: | |
| description: 'Enable BuildKit source policy' | |
| type: boolean | |
| default: false | |
| pull_request: | |
| branches: | |
| - main | |
| - release/** | |
| paths-ignore: | |
| - 'website/**' | |
| - 'docs/**' | |
| - '*.md' | |
| - 'CODEOWNERS' | |
| - 'LICENSE' | |
| - '.github/copilot-instructions.md' | |
| - '.github/workflows/retag.yml' | |
| - '.github/workflows/retag/**' | |
| - 'cmd/retagger/**' | |
| - 'cmd/worker-image-matrix/**' | |
| - '.github/workflows/worker-images/**' | |
| - '.github/workflows/worker-images.yml' | |
| - '.github/workflows/dependabot.yml' | |
| - '.github/workflows/release.yml' | |
| - '.github/workflows/deploy-docs.yml' | |
| push: | |
| branches: | |
| - main | |
| - release/** | |
| paths-ignore: | |
| - 'website/**' | |
| - 'docs/**' | |
| - '*.md' | |
| - 'CODEOWNERS' | |
| - 'LICENSE' | |
| - '.github/copilot-instructions.md' | |
| - '.github/workflows/retag.yml' | |
| - '.github/workflows/retag/**' | |
| - 'cmd/retagger/**' | |
| - 'cmd/worker-image-matrix/**' | |
| - '.github/workflows/worker-images/**' | |
| - '.github/workflows/worker-images.yml' | |
| permissions: | |
| contents: read | |
| packages: read | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 | |
| with: | |
| egress-policy: audit | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version: '1.25' | |
| cache: false | |
| # Use the golang-ci lint action which automattically sets up GHA caching and other things | |
| # Note: There is also a "lint" target in docker-bake.hcl for local linting | |
| # If you make changes to this, please make sure to also update the local linting target | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 | |
| with: | |
| version: v2.8.0 | |
| args: --timeout=30m | |
| - name: custom linters | |
| run: go run ./cmd/lint ./... | |
| - name: validate generated files | |
| run: | | |
| go generate ./... || exit $? | |
| if ! git diff --exit-code; then | |
| echo "::error::Missing updates to generated files. Please run 'go generate ./...' and commit the changes" | |
| exit 1 | |
| fi | |
| integration: | |
| runs-on: ${{ matrix.suite == 'other' && 'ubuntu-22.04' || 'ubuntu-latest-4-cores' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| suite: | |
| - Mariner2 | |
| - Azlinux3 | |
| - Bookworm | |
| - Bullseye | |
| - Bionic | |
| - Focal | |
| - Jammy | |
| - Noble | |
| - Windows | |
| - Almalinux8 | |
| - Almalinux9 | |
| - Rockylinux8 | |
| - Rockylinux9 | |
| - Trixie | |
| - other | |
| include: | |
| - suite: other | |
| skip: Mariner2|Azlinux3|Bookworm|Bullseye|Bionic|Focal|Jammy|Noble|Windows|Almalinux8|Almalinux9|Rockylinux8|Rockylinux9|Trixie | |
| # TODO: support diff/merge | |
| # Right now this is handled by the e2e suite, but we can migrate that here. | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version: '1.25' | |
| cache: false | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: ./.github/actions/enable-containerd | |
| - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 | |
| name: Login to GHCR | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker info | |
| run: | | |
| docker info | |
| docker version | |
| - name: Setup otel-collector | |
| run: | | |
| set -e | |
| mkdir -p /tmp/otel-traces | |
| chmod 777 /tmp/otel-traces | |
| if ! docker run -d --net=host --restart=always --name otel-collector \ | |
| -v ${{ github.workspace }}/.github/otel-collector-ci.yaml:/etc/otelcol-contrib/config.yaml:ro \ | |
| -v /tmp/otel-traces:/data:rw \ | |
| otel/opentelemetry-collector-contrib:0.144.0; then | |
| echo "::warning::Failed to start otel-collector for tracing, skipping trace configuration" | |
| exit 0 | |
| fi | |
| echo "OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318" >> "${GITHUB_ENV}" | |
| echo "OTEL_SERVICE_NAME=dalec-integration-test" >> "${GITHUB_ENV}" | |
| tmp="$(mktemp)" | |
| echo "[Service]" > "${tmp}" | |
| echo "Environment=\"OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318\"" >> "${tmp}" | |
| sudo mkdir -p /etc/systemd/system/docker.service.d | |
| sudo mkdir -p /etc/systemd/system/containerd.service.d | |
| sudo cp "${tmp}" /etc/systemd/system/docker.service.d/otlp.conf | |
| sudo cp "${tmp}" /etc/systemd/system/containerd.service.d/otlp.conf | |
| sudo systemctl stop docker.service docker.socket | |
| sudo systemctl stop containerd | |
| if ! sudo systemctl daemon-reload; then | |
| echo "::warning::Failed to reload systemd daemon for tracing configuration" | |
| fi | |
| if ! sudo systemctl start containerd; then | |
| echo "::error::Failed to restart containerd with tracing configuration" | |
| journalctl -u containerd | |
| exit 1 | |
| fi | |
| if ! sudo systemctl start docker; then | |
| sudo systemctl reset-failed docker | |
| if ! sudo systemctl start docker; then | |
| echo "::error::Failed to restart docker with tracing configuration" | |
| journalctl -u docker | |
| ps aux | grep dockerd | |
| exit 1 | |
| fi | |
| fi | |
| - name: download deps | |
| run: go mod download | |
| - name: Setup QEMU | |
| run: docker run --rm --privileged tonistiigi/binfmt:latest --install all | |
| - name: Setup source policy | |
| if: inputs.source_policy | |
| uses: ./.github/actions/setup-source-policy | |
| - name: Use azure ubuntu archive | |
| uses: ./.github/actions/dns-spoof-ubuntu-archive | |
| - name: Pre-build base images | |
| run: | | |
| set -eu | |
| docker buildx bake frontend | |
| if [ "${TEST_SUITE}" = "other" ]; then | |
| exit 0 | |
| fi | |
| # downcase the test suite to get the worker target | |
| worker="${TEST_SUITE,,}" | |
| if [ "${worker}" = "windows" ]; then | |
| worker="windowscross" | |
| fi | |
| export WORKER_TARGET=${worker}/worker | |
| docker buildx bake worker | |
| env: | |
| TEST_SUITE: ${{ matrix.suite }} | |
| - name: Run integration tests | |
| run: | | |
| set -ex | |
| if [ -n "${TEST_SUITE}" ] && [ ! "${TEST_SUITE}" = "other" ]; then | |
| run="-run=${TEST_SUITE}" | |
| fi | |
| if [ -n "${TEST_SKIP}" ]; then | |
| skip="-skip=${TEST_SKIP}" | |
| fi | |
| go test -timeout=59m -v -json ${run} ${skip} ./test | go run ./cmd/test2json2gha --slow 120s --logdir /tmp/testlogs | |
| env: | |
| TEST_SUITE: ${{ matrix.suite }} | |
| TEST_SKIP: ${{ matrix.skip }} | |
| - name: Get traces | |
| if: always() | |
| run: | | |
| set -ex | |
| mkdir -p /tmp/reports | |
| if [ -f /tmp/otel-traces/traces.jsonl ]; then | |
| cp /tmp/otel-traces/traces.jsonl /tmp/reports/traces.jsonl | |
| else | |
| echo "::warning::No traces file found" | |
| fi | |
| - name: Upload reports | |
| if: always() | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: integration-test-reports-${{matrix.suite}} | |
| path: /tmp/reports/* | |
| retention-days: 1 | |
| - name: Upload reports | |
| if: always() | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: integration-test-logs-${{matrix.suite}} | |
| path: /tmp/testlogs/* | |
| retention-days: 1 | |
| - name: dump logs | |
| if: failure() | |
| id: dump-logs | |
| run: | | |
| set -e | |
| dir="$(mktemp -d)" | |
| f="${dir}/dockerd.log" | |
| echo "DOCKERD_LOG_PATH=${f}" >> $GITHUB_OUTPUT | |
| sudo journalctl -u docker > "${f}" | |
| - name: Upload buildkit logs | |
| if: failure() | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: e2e-dockerd-logs-${{ matrix.suite }} | |
| path: ${{ steps.dump-logs.outputs.DOCKERD_LOG_PATH }} | |
| retention-days: 1 | |
| unit: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 | |
| with: | |
| egress-policy: audit | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version: '1.25' | |
| cache: false | |
| - name: download deps | |
| run: go mod download | |
| - name: Run unit tests | |
| run: go test -v --test.short --json ./... | go run ./cmd/test2json2gha | |
| e2e: | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| disable_diff_merge: ["1", "0"] | |
| name: "Test E2E (disable diff/merge: ${{ matrix.disable_diff_merge }})" | |
| env: | |
| DALEC_DISABLE_DIFF_MERGE: ${{ matrix.disable_diff_merge }} | |
| FRONTEND_REF: localhost:5000/dalec/frontend | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 | |
| with: | |
| egress-policy: audit | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| # We need to fetch all commits so that we can diff against the base branch | |
| fetch-depth: 0 | |
| - name: Expose GitHub tokens for caching | |
| uses: crazy-max/ghaction-github-runtime@04d248b84655b509d8c44dc1d6f990c879747487 # v4.0.0 | |
| - name: Setup source policy | |
| if: inputs.source_policy | |
| uses: ./.github/actions/setup-source-policy | |
| - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 | |
| name: Login to GHCR | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: ./.github/actions/format-repo | |
| id: format-repo | |
| - name: Use azure ubuntu archive | |
| uses: ./.github/actions/dns-spoof-ubuntu-archive | |
| - name: Setup builder | |
| run: | | |
| # Sometimes the builder runs out of space... so cleanup anything we can first. | |
| docker image prune -a -f | |
| docker run -d --net=host ghcr.io/${{ steps.format-repo.outputs.result }}/mirror/dockerhub/library/registry:latest | |
| # If diff/merge are enabled we need to use a buildx builder to make sure the feature is supported. | |
| # Otherwise we can just use the default docker builder. | |
| if [ "${DALEC_DISABLE_DIFF_MERGE}" = "0" ]; then | |
| docker buildx create --use --driver-opt network=host | |
| echo FRONTEND_BAKE_TARGET="frontend-ci-full" >> $GITHUB_ENV | |
| echo USE_BUILDX=1 >> $GITHUB_ENV | |
| else | |
| echo DALEC_NO_CACHE_EXPORT="1" >> $GITHUB_ENV | |
| echo FRONTEND_BAKE_TARGET="frontend-ci" >> $GITHUB_ENV | |
| fi | |
| - name: Build frontend image | |
| run: docker buildx bake ${FRONTEND_BAKE_TARGET} | |
| - name: test | |
| run: | | |
| docker buildx bake test | |
| - name: Build go-md2man example in docs | |
| run: | | |
| version=$(cat docs/examples/go-md2man.yml | yq .version) | |
| docker build -t go-md2man:$version -f docs/examples/go-md2man.yml --target=mariner2/rpm --output=_output . | |
| docker build -t go-md2man:$version -f docs/examples/go-md2man.yml --target=mariner2 . | |
| - name: dump logs | |
| if: failure() | |
| id: dump-logs | |
| run: | | |
| set -e | |
| dir="$(mktemp -d)" | |
| f="${dir}/dockerd.log" | |
| echo "DOCKERD_LOG_PATH=${f}" >> $GITHUB_OUTPUT | |
| if [ "${USE_BUILDX}" = "1" ]; then | |
| docker logs $(docker ps -lq) > "${f}" | |
| else | |
| sudo journalctl -u docker > "${f}" | |
| fi | |
| - name: Upload buildkit logs | |
| if: failure() | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: e2e-dockerd-logs-diffmerge=${{ matrix.disable_diff_merge }} | |
| path: ${{ steps.dump-logs.outputs.DOCKERD_LOG_PATH }} | |
| retention-days: 1 | |