ci: Provision swtpm #98
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
permissions: | |
actions: read | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
workflow_dispatch: {} | |
env: | |
CARGO_TERM_COLOR: always | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
tests: | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'control/skip-ci') }} | |
runs-on: ubuntu-latest | |
container: quay.io/coreos-assembler/fcos-buildroot:testing-devel | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install deps | |
run: ./ci/installdeps.sh | |
- name: Mark git checkout as safe | |
run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
# xref containers/containers-image-proxy-rs | |
- name: Cache Dependencies | |
uses: Swatinem/rust-cache@v2 | |
with: | |
key: "tests" | |
- name: cargo fmt (check) | |
run: cargo fmt -- --check -l | |
- name: Build | |
run: cargo test --no-run | |
- name: Build lib without default features | |
run: cd lib && cargo check --no-default-features | |
- name: Individual checks | |
run: (cd cli && cargo check) && (cd lib && cargo check) | |
- name: Lints | |
run: cargo xtask custom-lints | |
- name: Run tests | |
run: cargo test -- --nocapture --quiet | |
- name: Manpage generation | |
run: mkdir -p target/man && cargo run --features=docgen -- man --directory target/man | |
- name: Clippy (gate on correctness and suspicous) | |
run: cargo clippy -- -D clippy::correctness -D clippy::suspicious | |
fedora-container-tests: | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'control/skip-ci') }} | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build container (fedora) | |
run: sudo podman build --build-arg=base=quay.io/fedora/fedora-bootc:40 -t localhost/bootc -f hack/Containerfile . | |
- name: Container integration | |
run: sudo podman run --rm localhost/bootc bootc-integration-tests container | |
cargo-deny: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: EmbarkStudios/cargo-deny-action@v1 | |
with: | |
log-level: warn | |
command: check bans sources licenses | |
install-tests: | |
if: ${{ !contains(github.event.pull_request.labels.*.name, 'control/skip-ci') }} | |
name: "Test install" | |
# For a not-ancient podman | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Ensure host skopeo is disabled | |
run: sudo rm -f /bin/skopeo /usr/bin/skopeo | |
- name: Free up disk space on runner | |
run: sudo ./ci/clean-gha-runner.sh | |
- name: Setup swtpm | |
run: | | |
set -xeu | |
sudo apt install linux-modules-extra-$(uname -r) | |
sudo modprobe tpm_vtpm_proxy | |
sudo apt install swtpm-tools | |
sudo mkdir /var/tmp/swtpm; swtpm_setup --tpm-state /var/tmp/swtpm | |
sudo systemd-run --unit swtpm -- swtpm chardev --vtpm-proxy --tpmstate dir=/var/tmp/swtpm --tpm2 | |
while true; do | |
if sudo ls /dev/tpm*; break; fi | |
sleep 0.1 | |
done | |
- name: Integration tests | |
run: | | |
set -xeu | |
sudo podman build -t localhost/bootc -f hack/Containerfile . | |
export CARGO_INCREMENTAL=0 # because we aren't caching the test runner bits | |
cargo build --release -p tests-integration | |
df -h / | |
sudo install -m 0755 target/release/tests-integration /usr/bin/bootc-integration-tests | |
rm target -rf | |
df -h / | |
# Nondestructive but privileged tests | |
sudo bootc-integration-tests host-privileged localhost/bootc | |
# Finally the install-alongside suite | |
sudo bootc-integration-tests install-alongside localhost/bootc | |
docs: | |
if: ${{ contains(github.event.pull_request.labels.*.name, 'documentation') }} | |
runs-on: ubuntu-latest | |
env: | |
MDBOOK_VERSION: 0.4.37 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install mdBook | |
run: | | |
tag=$(curl 'https://api.github.com/repos/rust-lang/mdbook/releases/latest' | jq -r '.tag_name') | |
url="https://github.com/rust-lang/mdbook/releases/download/${tag}/mdbook-${tag}-x86_64-unknown-linux-gnu.tar.gz" | |
mkdir mdbook | |
curl -sSL $url | tar -xz --directory=./mdbook | |
echo `pwd`/mdbook >> $GITHUB_PATH | |
- name: Install mdbook-mermaid | |
run: | | |
tag=$(curl 'https://api.github.com/repos/badboy/mdbook-mermaid/releases/latest' | jq -r '.tag_name') | |
url="https://github.com/badboy/mdbook-mermaid/releases/download/${tag}/mdbook-mermaid-${tag}-x86_64-unknown-linux-gnu.tar.gz" | |
mkdir mdbook-mermaid | |
curl -sSL $url | tar -xz --directory=./mdbook-mermaid | |
echo `pwd`/mdbook-mermaid >> $GITHUB_PATH | |
- name: Install mdbook-linkcheck | |
run: | | |
tag=$(curl 'https://api.github.com/repos/Michael-F-Bryan/mdbook-linkcheck/releases/latest' | jq -r '.tag_name') | |
archive="mdbook-linkcheck.x86_64-unknown-linux-gnu.zip" | |
url="https://github.com/Michael-F-Bryan/mdbook-linkcheck/releases/download/${tag}/${archive}" | |
mkdir mdbook-linkcheck | |
curl -sSL -O $url && unzip ${archive} -d ./mdbook-linkcheck && chmod +x ./mdbook-linkcheck/mdbook-linkcheck | |
echo `pwd`/mdbook-linkcheck >> $GITHUB_PATH | |
- name: Build with mdBook | |
run: cd docs && mdbook-mermaid install && mdbook build |