Skip to content

feat: runtime run as no-root user #22582

feat: runtime run as no-root user

feat: runtime run as no-root user #22582

Workflow file for this run

# Copyright (c) 2021 Terminus, Inc.
#
# This program is free software: you can use, redistribute, and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# or later ("AGPL"), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
name: CI AND IT
on:
push:
tags:
- v*
branches:
- develop
- master
- release/*
paths:
- '**.go'
- '**/go.mod'
- '**/go.sum'
- '**/*.proto'
pull_request:
paths:
- '**.go'
- '**/go.mod'
- '**/go.sum'
- '**/*.proto'
jobs:
PREPARE:
runs-on: ubuntu-latest
container:
image: registry.erda.cloud/erda/gohub:1.0.9
steps:
- name: Clone repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Calculate Go Cache Path
id: go-cache-paths
run: |
echo "::set-output name=go-build::$(go env GOCACHE)"
echo "::set-output name=go-mod::$(go env GOMODCACHE)"
- uses: actions/cache@v3
with:
path: |
${{ steps.go-cache-paths.outputs.go-build }}
${{ steps.go-cache-paths.outputs.go-mod }}
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-4 # add '-1' to refresh cache
- name: Gen proto-go
run: |
HOME=/root make proto-go-in-local
- name: Upload proto-go As Artifact
uses: actions/upload-artifact@v3
with:
name: proto-go
path: ./api/proto-go
retention-days: 1
- name: Go generate # refresh cache
run: make prepare && go mod tidy
CI:
runs-on: ubuntu-latest
container:
image: registry.erda.cloud/erda/erda-base:20240607
needs:
- PREPARE
steps:
- name: Clone repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Fetch proto-go
uses: actions/download-artifact@v3
with:
name: proto-go
path: ./api/proto-go
- name: Calculate Go Cache Path
id: go-cache-paths
run: |
echo "::set-output name=go-build::$(go env GOCACHE)"
echo "::set-output name=go-mod::$(go env GOMODCACHE)"
- uses: actions/cache@v3
with:
path: |
${{ steps.go-cache-paths.outputs.go-build }}
${{ steps.go-cache-paths.outputs.go-mod }}
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-4
restore-keys: |
${{ runner.os }}-go-
- name: Run Build
run: make build-all
CODE-CHECK:
runs-on: ubuntu-latest
container:
image: registry.erda.cloud/erda/erda-base:20240607
needs:
- PREPARE
steps:
- name: Clone repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Fetch proto-go
uses: actions/download-artifact@v3
with:
name: proto-go
path: ./api/proto-go
- name: Calculate Go Cache Path
id: go-cache-paths
run: |
echo "::set-output name=go-build::$(go env GOCACHE)"
echo "::set-output name=go-mod::$(go env GOMODCACHE)"
- uses: actions/cache@v3
with:
path: |
${{ steps.go-cache-paths.outputs.go-build }}
${{ steps.go-cache-paths.outputs.go-mod }}
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-4
restore-keys: |
${{ runner.os }}-go-
- name: Go generate files # it's faster than download artifact
run: make prepare
- name: Check Go Imports
run: make check-imports
- name: Run SQL Lint
run: make miglint
- name: Run Go Lint
uses: golangci/golangci-lint-action@v3
with:
version: v1.49.0
args: --timeout=30m
#skip-go-installation: true # not available in v1.49.0
#skip-cache: true # not available in v1.49.0
skip-pkg-cache: true
skip-build-cache: true
CODE-TEST:
runs-on: ubuntu-latest
container:
image: registry.erda.cloud/erda/erda-base:20240607
needs:
- PREPARE
strategy:
fail-fast: true
matrix:
package-paths:
- ./internal/pkg/... ./apistructs/... ./bundle/...
- ./pkg/...
- ./internal/tools/orchestrator/...
- ./internal/tools/pipeline/...
- ./internal/tools/cluster-manager/... ./internal/tools/cluster-agent/... ./internal/tools/cluster-ops/...
- ./internal/tools/gittar/... ./internal/tools/kms/... ./internal/tools/volume-provisioner/...
- ./internal/tools/monitor/...
- ./internal/core/...
- ./internal/apps/dop/...
- ./internal/apps/admin/... ./internal/apps/devflow/... ./internal/apps/gallery/...
- ./internal/apps/msp/...
# - ./internal/apps/cmp/...
steps:
- name: Clone repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Fetch proto-go
uses: actions/download-artifact@v3
with:
name: proto-go
path: ./api/proto-go
- name: Calculate Go Cache Path
id: go-cache-paths
run: |
echo "::set-output name=go-build::$(go env GOCACHE)"
echo "::set-output name=go-mod::$(go env GOMODCACHE)"
- uses: actions/cache@v3
with:
path: |
${{ steps.go-cache-paths.outputs.go-build }}
${{ steps.go-cache-paths.outputs.go-mod }}
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-4
restore-keys: |
${{ runner.os }}-go-
- name: Go generate files
run: make prepare
- name: Gen coverage report name
shell: bash
id: cov-report-name
run: |
pkg_paths="${{ matrix.package-paths }}"
name=$(sed 's^\.\/^^g; s^\/\.\.\.^^g; s^\/^-^g; s^ ^_^g' <<< ${pkg_paths})
echo ${name}.txt
echo "::set-output name=name::coverage-${name}"
echo "::set-output name=path::coverage-${name}.txt"
- name: Run Go Test
env:
GOLANG_PROTOBUF_REGISTRATION_CONFLICT: ignore
run: |
mkdir -p ./coverage
go test -work -timeout=10s -failfast -race -cover -coverprofile=./coverage/${{ steps.cov-report-name.outputs.path }} -covermode=atomic -gcflags='-l -N' ${{ matrix.package-paths }}
- name: Upload coverage As Artifact
uses: actions/upload-artifact@v3
with:
name: ${{ steps.cov-report-name.outputs.name }}
path: ./coverage/${{ steps.cov-report-name.outputs.path }}
retention-days: 1
CODE-COV:
runs-on: ubuntu-latest
needs:
- CODE-TEST
steps:
- name: Clone repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Download coverage reports
uses: actions/download-artifact@v3
with:
path: ./coverage/
- name: Handle coverage reports
run: |
rm -fr ./coverage/proto-go
rm -fr ./coverage/pure-coverage
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
directory: ./coverage/
fail_ci_if_error: true
flags: by-github-actions
- name: Upload combined coverage reports to artifact
uses: actions/upload-artifact@v3
with:
name: pure-coverage
path: ./coverage/
retention-days: 30