Migrate CI to runs-on #11321
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Validations" | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| Static-Analysis: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "Static analysis" | |
| # Runner definition: workflows/.github/runs-on.yml | |
| runs-on: runs-on=${{ github.run_id }}/runner=small | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| - name: Run static analysis | |
| run: make static-analysis | |
| Unit-Test: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "Unit tests" | |
| # we need more storage than what's on the default runner | |
| # Runner definition: workflows/.github/runs-on.yml | |
| runs-on: runs-on=${{ github.run_id }}/runner=small | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| download-test-fixture-cache: true | |
| - name: Run unit tests | |
| run: make unit | |
| Integration-Test: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "Integration tests" | |
| # Runner definition: workflows/.github/runs-on.yml | |
| runs-on: runs-on=${{ github.run_id }}/runner=small | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| download-test-fixture-cache: true | |
| - name: Validate syft output against the CycloneDX schema | |
| run: make validate-cyclonedx-schema | |
| - name: Run integration tests | |
| run: make integration | |
| Build-Snapshot-Artifacts: | |
| name: "Build snapshot artifacts" | |
| # Runner definition: workflows/.github/runs-on.yml | |
| # note: we explicitly do not use the magic cache feature (https://runs-on.com/caching/magic-cache/) | |
| # since it is not compatible with artifact uploads/downloads in the same workflow (https://runs-on.com/caching/magic-cache/#actionsupload-artifact-compatibility) | |
| runs-on: runs-on=${{ github.run_id }}/runner=build/extras= | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| bootstrap-apt-packages: "" | |
| - name: Build snapshot artifacts | |
| run: make snapshot | |
| - name: Smoke test snapshot build | |
| run: make snapshot-smoke-test | |
| # upload each platform artifact individually so downstream jobs can download only what they need | |
| - run: npm install @actions/[email protected] | |
| - name: Upload individual platform artifacts | |
| uses: actions/github-script@v8 | |
| env: | |
| ACTIONS_ARTIFACT_UPLOAD_CONCURRENCY: 10 | |
| with: | |
| script: | | |
| const { readdirSync } = require('fs') | |
| const { DefaultArtifactClient } = require('@actions/artifact') | |
| const artifact = new DefaultArtifactClient() | |
| const ls = d => readdirSync(d, { withFileTypes: true }) | |
| const baseDir = "./snapshot" | |
| const dirs = ls(baseDir).filter(f => f.isDirectory()).map(f => f.name) | |
| const uploads = [] | |
| for (const dir of dirs) { | |
| // uploadArtifact returns Promise<{id, size}> | |
| uploads.push(artifact.uploadArtifact( | |
| // name of the archive: | |
| `${dir}`, | |
| // array of all files to include: | |
| ls(`${baseDir}/${dir}`).map(f => `${baseDir}/${dir}/${f.name}`), | |
| // base directory to trim from entries: | |
| `${baseDir}/${dir}`, | |
| { retentionDays: 30 } | |
| )) | |
| } | |
| // wait for all uploads to finish | |
| try { | |
| const results = await Promise.all(uploads) | |
| console.log(`Successfully uploaded ${results.length} platform artifacts`) | |
| } catch (error) { | |
| console.error('Upload failed:', error) | |
| throw error | |
| } | |
| Acceptance-Linux: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "Acceptance tests (Linux)" | |
| needs: [Build-Snapshot-Artifacts] | |
| # Runner definition: workflows/.github/runs-on.yml | |
| runs-on: runs-on=${{ github.run_id }}/runner=small | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| download-test-fixture-cache: true | |
| - name: Download Linux amd64 snapshot | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 | |
| with: | |
| name: linux-build_linux_amd64_v1 | |
| path: snapshot/linux-build_linux_amd64_v1 | |
| - name: Run comparison tests (Linux) | |
| run: make compare-linux | |
| - name: Load test image cache | |
| if: steps.install-test-image-cache.outputs.cache-hit == 'true' | |
| run: make install-test-cache-load | |
| - name: Run install.sh tests (Linux) | |
| run: make install-test | |
| - name: (cache-miss) Create test image cache | |
| if: steps.install-test-image-cache.outputs.cache-hit != 'true' | |
| run: make install-test-cache-save | |
| Acceptance-Mac: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "Acceptance tests (Mac)" | |
| needs: [Build-Snapshot-Artifacts] | |
| runs-on: macos-latest | |
| steps: | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| bootstrap-apt-packages: "" | |
| go-dependencies: false | |
| download-test-fixture-cache: true | |
| - name: Download macOS Intel snapshot | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 | |
| with: | |
| name: darwin-build_darwin_amd64_v1 | |
| path: snapshot/darwin-build_darwin_amd64_v1 | |
| - name: Run comparison tests (Mac) | |
| run: make compare-mac | |
| - name: Run install.sh tests (Mac) | |
| run: make install-test-ci-mac | |
| Cli-Linux: | |
| # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline | |
| name: "CLI tests (Linux)" | |
| needs: [Build-Snapshot-Artifacts] | |
| # Runner definition: workflows/.github/runs-on.yml | |
| runs-on: runs-on=${{ github.run_id }}/runner=small | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Bootstrap environment | |
| uses: ./.github/actions/bootstrap | |
| with: | |
| download-test-fixture-cache: true | |
| - name: Download Linux amd64 snapshot | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 #v6.0.0 | |
| with: | |
| name: linux-build_linux_amd64_v1 | |
| path: snapshot/linux-build_linux_amd64_v1 | |
| - name: Run CLI Tests (Linux) | |
| run: make cli |