feat: runtime run as no-root user #22582
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) 2021 Terminus, Inc. | |
# | |
# This program is free software: you can use, redistribute, and/or modify | |
# it under the terms of the GNU Affero General Public License, version 3 | |
# or later ("AGPL"), as published by the Free Software Foundation. | |
# | |
# This program is distributed in the hope that it will be useful, but WITHOUT | |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
# FITNESS FOR A PARTICULAR PURPOSE. | |
# | |
# You should have received a copy of the GNU Affero General Public License | |
# along with this program. If not, see <http://www.gnu.org/licenses/>. | |
name: CI AND IT | |
on: | |
push: | |
tags: | |
- v* | |
branches: | |
- develop | |
- master | |
- release/* | |
paths: | |
- '**.go' | |
- '**/go.mod' | |
- '**/go.sum' | |
- '**/*.proto' | |
pull_request: | |
paths: | |
- '**.go' | |
- '**/go.mod' | |
- '**/go.sum' | |
- '**/*.proto' | |
jobs: | |
PREPARE: | |
runs-on: ubuntu-latest | |
container: | |
image: registry.erda.cloud/erda/gohub:1.0.9 | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Calculate Go Cache Path | |
id: go-cache-paths | |
run: | | |
echo "::set-output name=go-build::$(go env GOCACHE)" | |
echo "::set-output name=go-mod::$(go env GOMODCACHE)" | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
${{ steps.go-cache-paths.outputs.go-build }} | |
${{ steps.go-cache-paths.outputs.go-mod }} | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-4 # add '-1' to refresh cache | |
- name: Gen proto-go | |
run: | | |
HOME=/root make proto-go-in-local | |
- name: Upload proto-go As Artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: proto-go | |
path: ./api/proto-go | |
retention-days: 1 | |
- name: Go generate # refresh cache | |
run: make prepare && go mod tidy | |
CI: | |
runs-on: ubuntu-latest | |
container: | |
image: registry.erda.cloud/erda/erda-base:20240607 | |
needs: | |
- PREPARE | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Fetch proto-go | |
uses: actions/download-artifact@v3 | |
with: | |
name: proto-go | |
path: ./api/proto-go | |
- name: Calculate Go Cache Path | |
id: go-cache-paths | |
run: | | |
echo "::set-output name=go-build::$(go env GOCACHE)" | |
echo "::set-output name=go-mod::$(go env GOMODCACHE)" | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
${{ steps.go-cache-paths.outputs.go-build }} | |
${{ steps.go-cache-paths.outputs.go-mod }} | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-4 | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Run Build | |
run: make build-all | |
CODE-CHECK: | |
runs-on: ubuntu-latest | |
container: | |
image: registry.erda.cloud/erda/erda-base:20240607 | |
needs: | |
- PREPARE | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Fetch proto-go | |
uses: actions/download-artifact@v3 | |
with: | |
name: proto-go | |
path: ./api/proto-go | |
- name: Calculate Go Cache Path | |
id: go-cache-paths | |
run: | | |
echo "::set-output name=go-build::$(go env GOCACHE)" | |
echo "::set-output name=go-mod::$(go env GOMODCACHE)" | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
${{ steps.go-cache-paths.outputs.go-build }} | |
${{ steps.go-cache-paths.outputs.go-mod }} | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-4 | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Go generate files # it's faster than download artifact | |
run: make prepare | |
- name: Check Go Imports | |
run: make check-imports | |
- name: Run SQL Lint | |
run: make miglint | |
- name: Run Go Lint | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
version: v1.49.0 | |
args: --timeout=30m | |
#skip-go-installation: true # not available in v1.49.0 | |
#skip-cache: true # not available in v1.49.0 | |
skip-pkg-cache: true | |
skip-build-cache: true | |
CODE-TEST: | |
runs-on: ubuntu-latest | |
container: | |
image: registry.erda.cloud/erda/erda-base:20240607 | |
needs: | |
- PREPARE | |
strategy: | |
fail-fast: true | |
matrix: | |
package-paths: | |
- ./internal/pkg/... ./apistructs/... ./bundle/... | |
- ./pkg/... | |
- ./internal/tools/orchestrator/... | |
- ./internal/tools/pipeline/... | |
- ./internal/tools/cluster-manager/... ./internal/tools/cluster-agent/... ./internal/tools/cluster-ops/... | |
- ./internal/tools/gittar/... ./internal/tools/kms/... ./internal/tools/volume-provisioner/... | |
- ./internal/tools/monitor/... | |
- ./internal/core/... | |
- ./internal/apps/dop/... | |
- ./internal/apps/admin/... ./internal/apps/devflow/... ./internal/apps/gallery/... | |
- ./internal/apps/msp/... | |
# - ./internal/apps/cmp/... | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Fetch proto-go | |
uses: actions/download-artifact@v3 | |
with: | |
name: proto-go | |
path: ./api/proto-go | |
- name: Calculate Go Cache Path | |
id: go-cache-paths | |
run: | | |
echo "::set-output name=go-build::$(go env GOCACHE)" | |
echo "::set-output name=go-mod::$(go env GOMODCACHE)" | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
${{ steps.go-cache-paths.outputs.go-build }} | |
${{ steps.go-cache-paths.outputs.go-mod }} | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-4 | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Go generate files | |
run: make prepare | |
- name: Gen coverage report name | |
shell: bash | |
id: cov-report-name | |
run: | | |
pkg_paths="${{ matrix.package-paths }}" | |
name=$(sed 's^\.\/^^g; s^\/\.\.\.^^g; s^\/^-^g; s^ ^_^g' <<< ${pkg_paths}) | |
echo ${name}.txt | |
echo "::set-output name=name::coverage-${name}" | |
echo "::set-output name=path::coverage-${name}.txt" | |
- name: Run Go Test | |
env: | |
GOLANG_PROTOBUF_REGISTRATION_CONFLICT: ignore | |
run: | | |
mkdir -p ./coverage | |
go test -work -timeout=10s -failfast -race -cover -coverprofile=./coverage/${{ steps.cov-report-name.outputs.path }} -covermode=atomic -gcflags='-l -N' ${{ matrix.package-paths }} | |
- name: Upload coverage As Artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ steps.cov-report-name.outputs.name }} | |
path: ./coverage/${{ steps.cov-report-name.outputs.path }} | |
retention-days: 1 | |
CODE-COV: | |
runs-on: ubuntu-latest | |
needs: | |
- CODE-TEST | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Download coverage reports | |
uses: actions/download-artifact@v3 | |
with: | |
path: ./coverage/ | |
- name: Handle coverage reports | |
run: | | |
rm -fr ./coverage/proto-go | |
rm -fr ./coverage/pure-coverage | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
directory: ./coverage/ | |
fail_ci_if_error: true | |
flags: by-github-actions | |
- name: Upload combined coverage reports to artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: pure-coverage | |
path: ./coverage/ | |
retention-days: 30 |