build(deps): Bump submodules and dependencies #2036
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# - When a third-party action is added (i.e., `uses`), please also add it to `download-licenses` in Makefile. | |
# - When a job is added/removed/renamed, please make corresponding changes in ci-docs.yaml. | |
name: CI | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- '**.md' | |
- 'contrib/**' | |
- '.github/CODEOWNERS' | |
pull_request: | |
branches: | |
- main | |
paths-ignore: | |
- '**.md' | |
- 'contrib/**' | |
- '.github/CODEOWNERS' | |
permissions: | |
id-token: write | |
contents: write | |
env: | |
DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }} | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
git-secrets: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Pull latest awslabs/git-secrets repo | |
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
with: | |
repository: awslabs/git-secrets | |
ref: 1.3.0 | |
fetch-tags: true | |
path: git-secrets | |
- name: Install git secrets from source | |
run: sudo make install | |
working-directory: git-secrets | |
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
- name: Scan repository for git secrets | |
run: | | |
git secrets --register-aws | |
git secrets --scan-history | |
gen-code-no-diff: | |
strategy: | |
matrix: | |
os: [macos-latest, windows-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
go-version-file: go.mod | |
cache: true | |
- run: make gen-code | |
- run: git diff --exit-code | |
unit-tests: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [macos-latest, windows-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Configure git CRLF settings | |
run: | | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
# Since this repository is not meant to be used as a library, | |
# we don't need to test the latest 2 major releases like Go does: https://go.dev/doc/devel/release#policy. | |
go-version-file: go.mod | |
cache: true | |
- run: make test-unit | |
# It's recommended to run golangci-lint in a job separate from other jobs (go test, etc) because different jobs run in parallel. | |
go-linter: | |
name: lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
go-version-file: go.mod | |
cache: false # caching can result in tar errors that files already exist | |
- name: set GOOS env to windows | |
run: | | |
echo "GOOS=windows" >> $GITHUB_ENV | |
- name: golangci-lint - windows | |
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 | |
with: | |
# Pin the version in case all the builds start to fail at the same time. | |
# There may not be an automatic way (e.g., dependabot) to update a specific parameter of a GitHub Action, | |
# so we will just update it manually whenever it makes sense (e.g., a feature that we want is added). | |
version: v1.56.1 | |
args: --fix=false --timeout=5m | |
- name: set GOOS env to darwin | |
run: | | |
echo "GOOS=darwin" >> $GITHUB_ENV | |
- name: golangci-lint - darwin | |
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 | |
with: | |
# Pin the version in case all the builds start to fail at the same time. | |
# There may not be an automatic way (e.g., dependabot) to update a specific parameter of a GitHub Action, | |
# so we will just update it manually whenever it makes sense (e.g., a feature that we want is added). | |
version: v1.56.1 | |
args: --fix=false --timeout=5m --skip-dirs="(^|/)deps($|/)" | |
shellcheck: | |
name: ShellCheck | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
- name: Run ShellCheck | |
uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0 | |
with: | |
version: v0.9.0 | |
continue-on-error: true | |
go-mod-tidy-check: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
go-version-file: go.mod | |
cache: true | |
# TODO: Use `go mod tidy --check` after https://github.com/golang/go/issues/27005 is fixed. | |
- run: go mod tidy | |
- run: git diff --exit-code | |
check-licenses: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
go-version-file: go.mod | |
cache: true | |
- run: make check-licenses | |
e2e-tests: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
[ | |
[self-hosted, macos, amd64, 13, test], | |
[self-hosted, macos, amd64, 14, test], | |
[self-hosted, macos, arm64, 13, test], | |
[self-hosted, macos, arm64, 14, test], | |
] | |
test-command: ['test-e2e-vm-serial', 'test-e2e-container'] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
with: | |
# We need to get all the git tags to make version injection work. See VERSION in Makefile for more detail. | |
fetch-depth: 0 | |
persist-credentials: false | |
submodules: recursive | |
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
go-version-file: go.mod | |
cache: true | |
- name: Set output variables | |
id: vars | |
run: | | |
has_creds=${{ (github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name) && github.actor != 'dependabot[bot]' }} | |
echo "has_creds=$has_creds" >> $GITHUB_OUTPUT | |
- name: configure aws credentials | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
if: ${{ steps.vars.outputs.has_creds == true }} | |
with: | |
role-to-assume: ${{ secrets.ROLE }} | |
role-session-name: credhelper-test | |
aws-region: ${{ secrets.REGION }} | |
- name: Clean up previous files | |
run: | | |
sudo rm -rf /opt/finch | |
sudo rm -rf ~/.finch | |
sudo rm -rf ./_output | |
if pgrep '^qemu-system'; then | |
sudo pkill '^qemu-system' | |
fi | |
if pgrep '^socket_vmnet'; then | |
sudo pkill '^socket_vmnet' | |
fi | |
- name: Install Rosetta 2 | |
run: echo "A" | softwareupdate --install-rosetta || true | |
- run: brew install lz4 automake autoconf libtool yq | |
shell: zsh {0} | |
- name: Build project | |
run: | | |
export PATH="/opt/homebrew/opt/libtool/libexec/gnubin:$PATH" | |
make | |
shell: zsh {0} | |
- run: | | |
git status | |
git clean -f -d | |
REGISTRY=${{ steps.vars.outputs.has_creds == true && env.REGISTRY || '' }} make ${{ matrix.test-command }} | |
shell: zsh {0} | |
windows-e2e-tests: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [[self-hosted, windows, amd64, test]] | |
test-command: ['test-e2e-vm-serial', 'test-e2e-container'] | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 180 | |
steps: | |
- name: Configure git CRLF settings | |
run: | | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
- name: Cleanup previous checkouts | |
run: | | |
takeown /F C:\actions-runner\_work\finch /R | |
Remove-Item C:\actions-runner\_work\finch\finch -Recurse -Force -ErrorAction Ignore | |
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
with: | |
# We need to get all the git tags to make version injection work. See VERSION in Makefile for more detail. | |
fetch-depth: 0 | |
persist-credentials: false | |
submodules: recursive | |
- name: Set output variables | |
id: vars | |
run: | | |
$has_creds="${{ (github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name) && github.actor != 'dependabot[bot]'}}" | |
echo "has_creds=$has_creds" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append | |
exit 0 # if $has_creds is false, powershell will exit with code 1 and this step will fail | |
- name: configure aws credentials | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
if: env.has_creds == 'true' | |
with: | |
role-to-assume: ${{ secrets.ROLE }} | |
role-session-name: credhelper-test | |
aws-region: ${{ secrets.REGION }} | |
- name: Remove Finch VM | |
run: | | |
wsl --list --verbose | |
wsl --shutdown | |
wsl --unregister lima-finch | |
wsl --list --verbose | |
- name: Clean up previous files | |
run: | | |
Remove-Item C:\Users\Administrator\.finch -Recurse -ErrorAction Ignore | |
Remove-Item C:\Users\Administrator\AppData\Local\.finch -Recurse -ErrorAction Ignore | |
make clean | |
cd deps/finch-core && make clean | |
- name: Build project | |
run: | | |
git status | |
make | |
- name: Run e2e tests | |
run: | | |
# set path to use newer ssh version | |
$newPath = (";C:\Program Files\Git\bin\;" + "C:\Program Files\Git\usr\bin\;" + "$env:Path") | |
$env:Path = $newPath | |
# set networking config option to allow for VM/container -> host communication | |
echo "[experimental]`nnetworkingMode=mirrored`nhostAddressLoopback=true" > C:\Users\Administrator\.wslconfig | |
git status | |
git clean -f -d | |
make ${{ matrix.test-command }} | |
- name: Remove Finch VM and Clean Up Previous Environment | |
if: ${{ always() }} | |
run: | | |
# We want these cleanup commands to always run, ignore errors so the step completes. | |
$ErrorActionPreference = 'Ignore' | |
taskkill /f /im wslservice.exe 2> nul || cmd /c "exit /b 0" | |
wsl --list --verbose | |
wsl --shutdown | |
wsl --unregister lima-finch | |
wsl --list --verbose | |
Remove-Item C:\Users\Administrator\AppData\Local\.finch -Recurse | |
make clean | |
cd deps/finch-core && make clean | |
exit 0 # Cleanup may set the exit code e.g. if a file doesn't exist; just ignore | |
mdlint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
- uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0 | |
with: | |
args: '**/*.md' | |
# CHANGELOG.md is only updated by release-please bot. | |
ignore: 'CHANGELOG.md' |