ci: Automatically cancel in-progress workflow runs on push (#717) #1273
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: QA & sanity checks | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - "*" | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| go-sanity: | |
| name: "Go: Code sanity" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| submodules: recursive | |
| - name: Build libhimmelblau | |
| # The code sanity check fails if himmelblau.h does not exist, so we generate it first. | |
| run: go generate ./internal/providers/msentraid/... | |
| - name: Go code sanity check | |
| uses: canonical/desktop-engineering/gh-actions/go/code-sanity@v2 | |
| with: | |
| golangci-lint-configfile: ".golangci.yaml" | |
| tools-directory: "tools" | |
| go-tests: | |
| name: "Go: Tests" | |
| runs-on: ubuntu-24.04 # ubuntu-latest-runner | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| test: [ "coverage", "asan" ] | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| submodules: recursive | |
| - uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| - uses: canonical/desktop-engineering/gh-actions/common/dpkg-install-speedup@main | |
| - name: Install dependencies | |
| run: | | |
| set -eu | |
| sudo apt-get update | |
| sudo apt-get install -y git-delta | |
| - name: Install coverage collection dependencies | |
| if: matrix.test == 'coverage' | |
| run: | | |
| set -eu | |
| go install github.com/AlekSi/gocov-xml@latest | |
| go install github.com/axw/gocov/gocov@latest | |
| dotnet tool install -g dotnet-reportgenerator-globaltool | |
| - name: Build libhimmelblau | |
| run: go generate ./internal/providers/msentraid/... | |
| - name: Prepare tests artifacts path | |
| run: | | |
| set -eu | |
| artifacts_dir=$(mktemp -d --tmpdir authd-test-artifacts-XXXXXX) | |
| echo AUTHD_TEST_ARTIFACTS_DIR="${artifacts_dir}" >> $GITHUB_ENV | |
| - name: Install gotestfmt and our wrapper script | |
| uses: canonical/desktop-engineering/gh-actions/go/gotestfmt@main | |
| - name: Run tests (with coverage collection) | |
| if: matrix.test == 'coverage' | |
| run: | | |
| set -eu | |
| # The coverage is not written if the output directory does not exist, so we need to create it. | |
| cov_dir=${PWD}/coverage | |
| raw_cov_dir=${cov_dir}/raw_files | |
| codecov_dir=${cov_dir}/codecov | |
| mkdir -p "${raw_cov_dir}" "${codecov_dir}" | |
| # Print executed commands to ease debugging | |
| set -x | |
| # Overriding the default coverage directory is not an exported flag of go test (yet), so | |
| # we need to override it using the test.gocoverdir flag instead. | |
| #TODO: Update when https://go-review.googlesource.com/c/go/+/456595 is merged. | |
| go test -json -cover -covermode=set ./... -shuffle=on -args -test.gocoverdir="${raw_cov_dir}" 2>&1 | \ | |
| gotestfmt --logfile "${AUTHD_TEST_ARTIFACTS_DIR}/gotestfmt.cover.log" | |
| # Convert the raw coverage data into textfmt so we can merge the Rust one into it | |
| go tool covdata textfmt -i="${raw_cov_dir}" -o="${cov_dir}/coverage.out" | |
| # Filter out the testutils package | |
| grep -v -e "testutils" "${cov_dir}/coverage.out" >"${cov_dir}/coverage.out.filtered" | |
| # Generate the Cobertura report for Go | |
| gocov convert "${cov_dir}/coverage.out.filtered" | gocov-xml > "${cov_dir}/coverage.xml" | |
| reportgenerator -reports:"${cov_dir}/coverage.xml" -targetdir:"${codecov_dir}" -reporttypes:Cobertura | |
| # Store the coverage directory for the next steps | |
| echo COVERAGE_DIR="${codecov_dir}" >> ${GITHUB_ENV} | |
| - name: Run msentraid tests (with Address Sanitizer) | |
| if: matrix.test == 'asan' | |
| env: | |
| # Do not optimize, keep debug symbols and frame pointer for better | |
| # stack trace information in case of ASAN errors. | |
| CGO_CFLAGS: "-O0 -g3 -fno-omit-frame-pointer" | |
| GO_TESTS_TIMEOUT: 30m | |
| # Use these flags to give ASAN a better time to unwind the stack trace | |
| GO_GC_FLAGS: -N -l | |
| run: | | |
| # Print executed commands to ease debugging | |
| set -x | |
| # For llvm-symbolizer | |
| sudo apt-get install -y llvm | |
| # We only run the msentraid tests with ASAN because only these use cgo. | |
| pushd ./internal/providers/msentraid | |
| go test -asan -gcflags=all="${GO_GC_FLAGS}" -c | |
| go tool test2json -p internal/providers/msentraid ./msentraid.test \ | |
| -test.v=test2json \ | |
| -test.failfast \ | |
| -test.timeout ${GO_TESTS_TIMEOUT} | \ | |
| gotestfmt --logfile "${AUTHD_TEST_ARTIFACTS_DIR}/gotestfmt.asan.log" || \ | |
| exit_code=$? | |
| popd | |
| # We don't need the xtrace output after this point | |
| set +x | |
| # We're logging to a file, and this is useful for having artifacts, but we still may want to see it in logs: | |
| for f in "${AUTHD_TEST_ARTIFACTS_DIR}"/*asan.log*; do | |
| if ! [ -e "${f}" ]; then | |
| continue | |
| fi | |
| if [ -s "${f}" ]; then | |
| echo "::group::${f} ($(wc -l < "${f}") lines)" | |
| cat "${f}" | |
| echo "::endgroup::" | |
| else | |
| echo "${f}: empty" | |
| fi | |
| done | |
| exit ${exit_code} | |
| - name: Upload coverage to Codecov | |
| if: matrix.test == 'coverage' | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| directory: ${{ env.COVERAGE_DIR }} | |
| files: ${{ env.COVERAGE_DIR }}/Cobertura.xml | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Upload coverage report as artifact | |
| if: matrix.test == 'coverage' && github.ref == 'refs/heads/main' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage | |
| path: ${{ env.COVERAGE_DIR }} | |
| - name: Upload test artifacts | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: authd-${{ github.job }}-artifacts-${{ github.run_attempt }} | |
| path: ${{ env.AUTHD_TEST_ARTIFACTS_DIR }} |