Bump openssl from 0.10.73 to 0.10.75 (#243) #1302
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| permissions: | |
| contents: write | |
| on: | |
| push: | |
| branches: '**' | |
| tags: | |
| - v[0-9]+.* | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| changes: | |
| runs-on: ubuntu-latest | |
| # Required permissions | |
| # permissions: | |
| # pull-requests: read | |
| # Set job outputs to values from filter step | |
| outputs: | |
| images-coredns: ${{ steps.filter.outputs.images-coredns }} | |
| images-nginx-ingress: ${{ steps.filter.outputs.images-nginx-ingress }} | |
| images-sind: ${{ steps.filter.outputs.images-sind }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # For pull requests it's not necessary to checkout the code | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| images-coredns: | |
| - 'images/coredns/**' | |
| images-nginx-ingress: | |
| - 'images/nginx-ingress/**' | |
| images-sind: | |
| - 'images/sind/**' | |
| install-script-test: | |
| strategy: | |
| matrix: | |
| include: | |
| - target: aarch64-apple-darwin | |
| os: macos-latest | |
| - target: aarch64-unknown-linux-gnu | |
| os: ubuntu-24.04 | |
| - target: x86_64-unknown-linux-gnu | |
| os: ubuntu-24.04 | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| DEBUG: true | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run skate install script | |
| run: | | |
| ./hack/install-skate.sh | |
| which skate | |
| - name: Run sind install script | |
| run: | | |
| ./hack/install-sind.sh | |
| which sind | |
| images-coredns: | |
| if: ${{ needs.changes.outputs.images-coredns == 'true' }} | |
| needs: [changes] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: ${{ runner.os }}-go- | |
| - # Add support for more platforms with QEMU (optional) | |
| # https://github.com/docker/setup-qemu-action | |
| name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build image | |
| run: | | |
| cd images/coredns | |
| TAG=latest make build | |
| images-nginx-ingress: | |
| if: ${{ needs.changes.outputs.images-nginx-ingress == 'true' }} | |
| needs: [changes] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build image | |
| run: | | |
| cd images/nginx-ingress | |
| TAG=latest make build | |
| images-sind: | |
| if: ${{ needs.changes.outputs.images-sind == 'true' }} | |
| needs: [changes] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build image | |
| run: | | |
| cd images/sind | |
| TAG=latest make build | |
| e2e-test: | |
| runs-on: ubuntu-latest | |
| env: | |
| SQLX_OFFLINE: 1 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cargo cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-test-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ runner.os }}-cargo-test- | |
| - name: Build binaries | |
| run: cargo build --locked --release | |
| - name: E2E Tests in Sind | |
| run: make run-e2e-tests-docker | |
| - name: Get syslogs on failure | |
| if: always() | |
| run: | | |
| mkdir -p e2e-evidence | |
| docker cp sind-node-1:/var/log/syslog ./e2e-evidence/sind-node-1-syslog | |
| docker cp sind-node-1:/var/log/skate.log ./e2e-evidence/sind-node-1-skate.log || true | |
| docker cp sind-node-1:/var/lib/skate/dns/addnhosts ./e2e-evidence/sind-node-1-addnhosts || true | |
| docker cp sind-node-2:/var/log/syslog ./e2e-evidence/sind-node-2-syslog | |
| docker cp sind-node-2:/var/log/skate.log ./e2e-evidence/sind-node-2-skate.log || true | |
| docker cp sind-node-2:/var/lib/skate/dns/addnhosts ./e2e-evidence/sind-node-2-addnhosts || true | |
| - name: upload logs | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: evidence | |
| path: | | |
| e2e-evidence/ | |
| e2e-test-fedora: | |
| runs-on: ubuntu-latest | |
| env: | |
| SQLX_OFFLINE: 1 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cargo cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-cargo-test-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ runner.os }}-cargo-test- | |
| - name: Build binaries | |
| run: cargo build --locked --release | |
| - name: E2E Tests in Sind (Fedora) | |
| run: make run-e2e-tests-docker-fedora | |
| - name: Get syslogs on failure | |
| if: always() | |
| run: | | |
| mkdir -p e2e-evidence | |
| docker cp sind-node-1:/var/log/syslog ./e2e-evidence/sind-node-1-syslog | |
| docker cp sind-node-1:/var/log/skate.log ./e2e-evidence/sind-node-1-skate.log || true | |
| docker cp sind-node-1:/var/lib/skate/dns/addnhosts ./e2e-evidence/sind-node-1-addnhosts || true | |
| docker cp sind-node-2:/var/log/syslog ./e2e-evidence/sind-node-2-syslog | |
| docker cp sind-node-2:/var/log/skate.log ./e2e-evidence/sind-node-2-skate.log || true | |
| docker cp sind-node-2:/var/lib/skate/dns/addnhosts ./e2e-evidence/sind-node-2-addnhosts || true | |
| - name: upload logs | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: e2e-fedora-evidence | |
| path: | | |
| e2e-evidence/ | |
| build: | |
| strategy: | |
| matrix: | |
| include: | |
| - target: aarch64-apple-darwin | |
| os: macos-latest | |
| - target: aarch64-unknown-linux-gnu | |
| os: ubuntu-24.04 | |
| - target: x86_64-unknown-linux-gnu | |
| os: ubuntu-24.04 | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| TARGET: ${{ matrix.TARGET }} | |
| OS: ${{ matrix.OS }} | |
| GH_TOKEN: ${{ github.token }} | |
| SQLX_OFFLINE: 1 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cargo cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: ${{ runner.os }}-${{ matrix.TARGET }}-cargo-build-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: ${{ runner.os }}-${{ matrix.TARGET }}-cargo-build- | |
| - name: Install and configure dependencies | |
| run: | | |
| # dependencies are only needed on ubuntu as that's the only place where | |
| # we make cross-compilation | |
| if [[ $OS =~ ^ubuntu.*$ ]]; then | |
| sudo apt-get update | |
| sudo apt-get install -qq crossbuild-essential-arm64 crossbuild-essential-armhf protobuf-compiler libprotobuf-dev | |
| fi | |
| # some additional configuration for cross-compilation on linux | |
| cat >>~/.cargo/config <<EOF | |
| [target.aarch64-unknown-linux-gnu] | |
| linker = "aarch64-linux-gnu-gcc" | |
| [target.aarch64-unknown-linux-musl] | |
| linker = "aarch64-linux-gnu-gcc" | |
| EOF | |
| - name: Install rust target | |
| run: rustup target add $TARGET | |
| - name: Normal Tests | |
| run: | |
| cargo test | |
| - name: Build Binaries | |
| run: cargo build --locked --release --target ${{ matrix.target }} | |
| - name: Archive artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{matrix.TARGET}} | |
| path: | | |
| target/${{matrix.TARGET}}/release/skate | |
| target/${{matrix.TARGET}}/release/skatelet | |
| target/${{matrix.TARGET}}/release/sind | |
| create-release: | |
| needs: [build, e2e-test] | |
| runs-on: ubuntu-latest | |
| if: github.ref_type == 'tag' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: taiki-e/create-gh-release-action@v1 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| release: | |
| needs: [create-release ] | |
| runs-on: ubuntu-latest | |
| if: github.ref_type == 'tag' | |
| strategy: | |
| matrix: | |
| include: | |
| - target: aarch64-apple-darwin | |
| - target: aarch64-unknown-linux-gnu | |
| - target: x86_64-unknown-linux-gnu | |
| env: | |
| TARGET: ${{ matrix.TARGET }} | |
| GH_TOKEN: ${{ github.token }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{matrix.TARGET}} | |
| path: | | |
| target/${{matrix.TARGET}}/release | |
| - name: Archive and upload | |
| run: | | |
| mkdir -p dist | |
| cd dist | |
| cp ../target/$TARGET/release/skate . | |
| cp ../target/$TARGET/release/skatelet . | |
| cp ../target/$TARGET/release/sind . | |
| chmod +x skate | |
| chmod +x skatelet | |
| tar -cvf skate-$TARGET.tar.gz skate | |
| tar -cvf skatelet-$TARGET.tar.gz skatelet | |
| tar -cvf sind-$TARGET.tar.gz sind | |
| gh release upload ${{github.ref_name}} *.tar.gz | |
| fcos-image: | |
| needs: [ release ] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write | |
| if: github.ref_type == 'tag' | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: https://ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 # see https://github.com/docker/metadata-action | |
| with: | |
| images: ghcr.io/skateco/fcos-skate | |
| # sha = short git hash | |
| # ref = branch or tag, sanitized | |
| # semver = semver tag, sanitized | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and export to Docker | |
| uses: docker/build-push-action@v6 | |
| with: | |
| # Since we need the cargo workspace, we need to make the repo root the context | |
| context: ./images/fcos-skate | |
| push: true | |
| build-args: VERSION=${{ github.ref_name }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| file: ./images/fcos-skate/ContainerFile | |
| platforms: linux/amd64,linux/arm64 | |