diff --git a/.github/workflows/.dco.yml b/.github/workflows/.dco.yml new file mode 100644 index 0000000000..34b3206b9a --- /dev/null +++ b/.github/workflows/.dco.yml @@ -0,0 +1,48 @@ +# reusable workflow +name: .dco + +# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025 + +on: + workflow_call: + +env: + ALPINE_VERSION: 3.16 + +jobs: + run: + runs-on: ubuntu-20.04 + steps: + - + name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - + name: Dump context + uses: actions/github-script@v6 + with: + script: | + console.log(JSON.stringify(context, null, 2)); + - + name: Get base ref + id: base-ref + uses: actions/github-script@v6 + with: + result-encoding: string + script: | + if (/^refs\/pull\//.test(context.ref) && context.payload?.pull_request?.base?.ref != undefined) { + return context.payload.pull_request.base.ref; + } + return context.ref.replace(/^refs\/heads\//g, ''); + - + name: Validate + run: | + docker run --rm \ + -v "$(pwd):/workspace" \ + -e VALIDATE_REPO \ + -e VALIDATE_BRANCH \ + alpine:${{ env.ALPINE_VERSION }} sh -c 'apk add --no-cache -q bash git openssh-client && git config --system --add safe.directory /workspace && cd /workspace && hack/validate/dco' + env: + VALIDATE_REPO: ${{ github.server_url }}/${{ github.repository }}.git + VALIDATE_BRANCH: ${{ steps.base-ref.outputs.result }} diff --git a/.github/workflows/.windows.yml b/.github/workflows/.windows.yml index cd9ee88832..e1c740d982 100644 --- a/.github/workflows/.windows.yml +++ b/.github/workflows/.windows.yml @@ -1,6 +1,8 @@ # reusable workflow name: .windows +# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025 + on: workflow_call: inputs: diff --git a/.github/workflows/buildkit.yml b/.github/workflows/buildkit.yml index f4a20003e7..9f1442a8ce 100644 --- a/.github/workflows/buildkit.yml +++ b/.github/workflows/buildkit.yml @@ -16,8 +16,13 @@ env: BUNDLES_OUTPUT: ./bundles jobs: + validate-dco: + uses: ./.github/workflows/.dco.yml + build: runs-on: ubuntu-20.04 + needs: + - validate-dco steps: - name: Checkout diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index abadd40246..655cf7b22f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,8 +18,13 @@ env: BUNDLES_OUTPUT: ./bundles jobs: + validate-dco: + uses: ./.github/workflows/.dco.yml + build: runs-on: ubuntu-20.04 + needs: + - validate-dco strategy: fail-fast: false matrix: @@ -54,6 +59,8 @@ jobs: cross: runs-on: ubuntu-20.04 + needs: + - validate-dco strategy: fail-fast: false matrix: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e5d9af9aab..701df02002 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -24,8 +24,13 @@ env: DOCKER_GRAPHDRIVER: overlay2 jobs: + validate-dco: + uses: ./.github/workflows/.dco.yml + build-dev: runs-on: ubuntu-20.04 + needs: + - validate-dco strategy: fail-fast: false matrix: @@ -55,6 +60,60 @@ jobs: *.cache-to=type=gha,scope=dev${{ matrix.mode }},mode=max *.output=type=cacheonly + validate-prepare: + runs-on: ubuntu-20.04 + needs: + - validate-dco + outputs: + matrix: ${{ steps.scripts.outputs.matrix }} + steps: + - + name: Checkout + uses: actions/checkout@v3 + - + name: Create matrix + id: scripts + run: | + scripts=$(jq -ncR '[inputs]' <<< "$(ls -I .validate -I all -I default -I dco -I golangci-lint.yml -I yamllint.yaml -A ./hack/validate/)") + echo "::set-output name=matrix::$scripts" + - + name: Show matrix + run: | + echo ${{ steps.scripts.outputs.matrix }} + + validate: + runs-on: ubuntu-20.04 + needs: + - validate-prepare + - build-dev + strategy: + fail-fast: true + matrix: + script: ${{ fromJson(needs.validate-prepare.outputs.matrix) }} + steps: + - + name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - + name: Set up runner + uses: ./.github/actions/setup-runner + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - + name: Build dev image + uses: docker/bake-action@v2 + with: + targets: dev + set: | + dev.cache-from=type=gha,scope=dev + - + name: Validate + run: | + make -o build validate-${{ matrix.script }} + unit: runs-on: ubuntu-20.04 needs: @@ -265,6 +324,8 @@ jobs: integration-cli-prepare: runs-on: ubuntu-20.04 + needs: + - validate-dco outputs: matrix: ${{ steps.tests.outputs.matrix }} steps: diff --git a/.github/workflows/windows-2019.yml b/.github/workflows/windows-2019.yml index 22100f69c5..4231ab2946 100644 --- a/.github/workflows/windows-2019.yml +++ b/.github/workflows/windows-2019.yml @@ -10,7 +10,12 @@ on: workflow_dispatch: jobs: + validate-dco: + uses: ./.github/workflows/.dco.yml + run: + needs: + - validate-dco uses: ./.github/workflows/.windows.yml with: os: windows-2019 diff --git a/.github/workflows/windows-2022.yml b/.github/workflows/windows-2022.yml index 29545f11f8..933ce5b0c9 100644 --- a/.github/workflows/windows-2022.yml +++ b/.github/workflows/windows-2022.yml @@ -13,7 +13,12 @@ on: pull_request: jobs: + validate-dco: + uses: ./.github/workflows/.dco.yml + run: + needs: + - validate-dco uses: ./.github/workflows/.windows.yml with: os: windows-2022 diff --git a/Makefile b/Makefile index 93868c487d..cfe3c17e4b 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: all binary dynbinary build cross help install manpages run shell test test-docker-py test-integration test-unit validate win +.PHONY: all binary dynbinary build cross help install manpages run shell test test-docker-py test-integration test-unit validate validate-% win BUILDX_VERSION ?= v0.9.1 @@ -247,6 +247,9 @@ test-unit: build ## run the unit tests validate: build ## validate DCO, Seccomp profile generation, gofmt,\n./pkg/ isolation, golint, tests, tomls, go vet and vendor $(DOCKER_RUN_DOCKER) hack/validate/all +validate-%: build ## validate specific check + $(DOCKER_RUN_DOCKER) hack/validate/$* + win: build ## cross build the binary for windows $(DOCKER_RUN_DOCKER) DOCKER_CROSSPLATFORMS=windows/amd64 hack/make.sh cross