Merge pull request #44116 from crazy-max/gha-validate

ci(test): validate job matrix

.github/workflows/.dco.yml

@@ -0,0 +1,48 @@
+# reusable workflow
+name: .dco
+
+# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025
+
+on:
+  workflow_call:
+
+env:
+  ALPINE_VERSION: 3.16
+
+jobs:
+  run:
+    runs-on: ubuntu-20.04
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      -
+        name: Dump context
+        uses: actions/github-script@v6
+        with:
+          script: |
+            console.log(JSON.stringify(context, null, 2));
+      -
+        name: Get base ref
+        id: base-ref
+        uses: actions/github-script@v6
+        with:
+          result-encoding: string
+          script: |
+            if (/^refs\/pull\//.test(context.ref) && context.payload?.pull_request?.base?.ref != undefined) {
+              return context.payload.pull_request.base.ref;
+            }
+            return context.ref.replace(/^refs\/heads\//g, '');
+      -
+        name: Validate
+        run: |
+          docker run --rm \
+            -v "$(pwd):/workspace" \
+            -e VALIDATE_REPO \
+            -e VALIDATE_BRANCH \
+            alpine:${{ env.ALPINE_VERSION }} sh -c 'apk add --no-cache -q bash git openssh-client && git config --system --add safe.directory /workspace && cd /workspace && hack/validate/dco'
+        env:
+          VALIDATE_REPO: ${{ github.server_url }}/${{ github.repository }}.git
+          VALIDATE_BRANCH: ${{ steps.base-ref.outputs.result }}

.github/workflows/.windows.yml

@@ -1,6 +1,8 @@
 # reusable workflow
 name: .windows
 
+# TODO: hide reusable workflow from the UI. Tracked in https://github.com/community/community/discussions/12025
+
 on:
   workflow_call:
     inputs:

.github/workflows/buildkit.yml

@@ -16,8 +16,13 @@ env:
   BUNDLES_OUTPUT: ./bundles
 
 jobs:
+  validate-dco:
+    uses: ./.github/workflows/.dco.yml
+
   build:
     runs-on: ubuntu-20.04
+    needs:
+      - validate-dco
     steps:
       -
         name: Checkout

.github/workflows/ci.yml

@@ -18,8 +18,13 @@ env:
   BUNDLES_OUTPUT: ./bundles
 
 jobs:
+  validate-dco:
+    uses: ./.github/workflows/.dco.yml
+
   build:
     runs-on: ubuntu-20.04
+    needs:
+      - validate-dco
     strategy:
       fail-fast: false
       matrix:
@@ -54,6 +59,8 @@ jobs:
 
   cross:
     runs-on: ubuntu-20.04
+    needs:
+      - validate-dco
     strategy:
       fail-fast: false
       matrix:

.github/workflows/test.yml

@@ -24,8 +24,13 @@ env:
   DOCKER_GRAPHDRIVER: overlay2
 
 jobs:
+  validate-dco:
+    uses: ./.github/workflows/.dco.yml
+
   build-dev:
     runs-on: ubuntu-20.04
+    needs:
+      - validate-dco
     strategy:
       fail-fast: false
       matrix:
@@ -55,6 +60,60 @@ jobs:
             *.cache-to=type=gha,scope=dev${{ matrix.mode }},mode=max
             *.output=type=cacheonly
 
+  validate-prepare:
+    runs-on: ubuntu-20.04
+    needs:
+      - validate-dco
+    outputs:
+      matrix: ${{ steps.scripts.outputs.matrix }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Create matrix
+        id: scripts
+        run: |
+          scripts=$(jq -ncR '[inputs]' <<< "$(ls -I .validate -I all -I default -I dco -I golangci-lint.yml -I yamllint.yaml -A ./hack/validate/)")
+          echo "::set-output name=matrix::$scripts"
+      -
+        name: Show matrix
+        run: |
+          echo ${{ steps.scripts.outputs.matrix }}
+
+  validate:
+    runs-on: ubuntu-20.04
+    needs:
+      - validate-prepare
+      - build-dev
+    strategy:
+      fail-fast: true
+      matrix:
+        script: ${{ fromJson(needs.validate-prepare.outputs.matrix) }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      -
+        name: Set up runner
+        uses: ./.github/actions/setup-runner
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Build dev image
+        uses: docker/bake-action@v2
+        with:
+          targets: dev
+          set: |
+            dev.cache-from=type=gha,scope=dev
+      -
+        name: Validate
+        run: |
+          make -o build validate-${{ matrix.script }}
+
   unit:
     runs-on: ubuntu-20.04
     needs:
@@ -265,6 +324,8 @@ jobs:
 
   integration-cli-prepare:
     runs-on: ubuntu-20.04
+    needs:
+      - validate-dco
     outputs:
       matrix: ${{ steps.tests.outputs.matrix }}
     steps:

.github/workflows/windows-2019.yml

@@ -10,7 +10,12 @@ on:
   workflow_dispatch:
 
 jobs:
+  validate-dco:
+    uses: ./.github/workflows/.dco.yml
+
   run:
+    needs:
+      - validate-dco
     uses: ./.github/workflows/.windows.yml
     with:
       os: windows-2019

.github/workflows/windows-2022.yml

@@ -13,7 +13,12 @@ on:
   pull_request:
 
 jobs:
+  validate-dco:
+    uses: ./.github/workflows/.dco.yml
+
   run:
+    needs:
+      - validate-dco
     uses: ./.github/workflows/.windows.yml
     with:
       os: windows-2022

Makefile

@@ -1,4 +1,4 @@
-.PHONY: all binary dynbinary build cross help install manpages run shell test test-docker-py test-integration test-unit validate win
+.PHONY: all binary dynbinary build cross help install manpages run shell test test-docker-py test-integration test-unit validate validate-% win
 
 BUILDX_VERSION ?= v0.9.1
 
@@ -247,6 +247,9 @@ test-unit: build ## run the unit tests
 validate: build ## validate DCO, Seccomp profile generation, gofmt,\n./pkg/ isolation, golint, tests, tomls, go vet and vendor
 	$(DOCKER_RUN_DOCKER) hack/validate/all
 
+validate-%: build ## validate specific check
+	$(DOCKER_RUN_DOCKER) hack/validate/$*
+
 win: build ## cross build the binary for windows
 	$(DOCKER_RUN_DOCKER) DOCKER_CROSSPLATFORMS=windows/amd64 hack/make.sh cross