more changes #56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Container | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - release-* | |
| pull_request: | |
| branches: | |
| - main | |
| - release-* | |
| env: | |
| # renovate: datasource=go depName=github.com/goreleaser/goreleaser | |
| GORELEASER_VERSION: v1.17.2 | |
| # renovate: datasource=github-releases depName=kubernetes/minikube extractVersion=^v(?<version>.+)$ | |
| MINIKUBE_VERSION: 1.28.0 | |
| jobs: | |
| skip-check: | |
| name: Skip check | |
| continue-on-error: true | |
| runs-on: ubuntu-latest | |
| outputs: | |
| should_skip: ${{ steps.skip-check.outputs.should_skip }} | |
| permissions: | |
| actions: write | |
| contents: read | |
| steps: | |
| - id: skip-check | |
| uses: fkirc/skip-duplicate-actions@12aca0a884f6137d619d6a8a09fcc3406ced5281 # v5.3.0 | |
| with: | |
| do_not_skip: '["schedule", "workflow_dispatch"]' | |
| paths: |- | |
| [ | |
| "**.go", | |
| ".dockerignore", | |
| ".github/workflows/container.yml", | |
| ".go-version", | |
| "3rdparty", | |
| "Dockerfile*", | |
| "Makefile", | |
| "bpf/**", | |
| "deploy/**", | |
| "e2e/**", | |
| "go.mod", | |
| "go.sum" | |
| ] | |
| skip_after_successful_duplicate: false | |
| build-dependencies: | |
| name: Build and download dependencies | |
| needs: skip-check | |
| if: ${{ needs.skip-check.outputs.should_skip != 'true' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| packages: write | |
| contents: read | |
| steps: | |
| - name: Check out the code | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 | |
| with: | |
| go-version-file: .go-version | |
| - name: Set up Clang | |
| uses: KyleMayes/install-llvm-action@13d5d77cbf0bd7e35cb02a8f9ed4bb85bed3393b # v1.8.0 | |
| with: | |
| version: "14" | |
| - name: Install libbpf dependencies | |
| run: | | |
| sudo apt-get update -y | |
| sudo apt-get install -yq libelf-dev zlib1g-dev | |
| - name: Initialize and update libbpf submodule | |
| run: git submodule init && git submodule update | |
| - name: Build BPF | |
| run: make bpf | |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: ebpf-object-file-container | |
| path: pkg/profiler/cpu/cpu-profiler.bpf.o | |
| if-no-files-found: error | |
| - name: Validate | |
| uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0 | |
| with: | |
| distribution: goreleaser | |
| version: ${{ env.GORELEASER_VERSION }} | |
| args: check | |
| build-binaries: | |
| name: Build binaries using goreleaser | |
| runs-on: ubuntu-latest | |
| needs: build-dependencies | |
| container: | |
| image: docker.io/goreleaser/goreleaser-cross:v1.20.4 | |
| options: --privileged | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Check out the code | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| with: | |
| fetch-depth: 0 | |
| # https://github.com/actions/checkout/issues/766 | |
| - name: Add repository directory to the git global config as a safe directory | |
| run: git config --global --add safe.directory "${GITHUB_WORKSPACE}" | |
| - name: Set Tag | |
| run: | | |
| echo "goreleaser_current_tag=`git describe --match 'v*' --tags`" >> $GITHUB_ENV | |
| - name: Set up Go | |
| uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 | |
| with: | |
| go-version-file: .go-version | |
| cache: true | |
| - name: Initialize and update libbpf submodule | |
| run: git submodule init && git submodule update | |
| - name: Install libbpf dependencies | |
| run: | | |
| apt-get update -y | |
| apt-get install -yq lld libelf-dev zlib1g-dev libelf-dev:arm64 zlib1g-dev:arm64 | |
| - name: Get branch name | |
| shell: bash | |
| run: echo "GITHUB_BRANCH_NAME=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: ebpf-object-file-container | |
| path: pkg/profiler/cpu/cpu-profiler.bpf.o | |
| - name: Run Goreleaser | |
| run: goreleaser release --clean --skip-validate --skip-publish --snapshot --debug | |
| env: | |
| GORELEASER_CURRENT_TAG: "${{ env.goreleaser_current_tag }}" | |
| - name: Archive generated artifacts | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: parca-agent-dist-container | |
| if-no-files-found: error | |
| path: | | |
| goreleaser/dist | |
| !goreleaser/dist/*.txt | |
| build-and-push-container: | |
| name: Container build and push | |
| needs: build-binaries | |
| runs-on: ubuntu-latest | |
| container: | |
| # https://github.com/containers/podman/tree/main/contrib/podmanimage | |
| # Specifying SHA repeatedly fails: | |
| # @sha256:421ac576cebff98e90c531e7b9ce4482370ecc7cee59abc2341714031bfb5f43 | |
| image: quay.io/containers/podman:v4.5.0 | |
| options: >- | |
| --device /dev/fuse:rw | |
| --privileged | |
| --security-opt label=disable | |
| --security-opt seccomp=unconfined | |
| permissions: | |
| id-token: write | |
| packages: write | |
| contents: read | |
| steps: | |
| - name: Install dependencies | |
| run: dnf install --assumeyes --repo fedora git make jq | |
| - name: Check out code into the Go module directory | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| # https://github.com/actions/checkout/issues/766 | |
| - name: Add repository directory to the git global config as a safe directory | |
| run: git config --global --add safe.directory "${GITHUB_WORKSPACE}" | |
| - name: Set up Go | |
| uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 | |
| with: | |
| go-version-file: .go-version | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: parca-agent-dist-container | |
| path: goreleaser/dist | |
| - name: Build container | |
| run: make container | |
| - name: Check images are created | |
| run: >- | |
| [[ -n "$(podman image list --filter=reference=ghcr.io/parca-dev/parca-agent --quiet)" ]] | |
| - name: Install cosign | |
| if: github.event_name != 'pull_request' | |
| uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # tag=v2.8.1 | |
| - name: Login to registry | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| echo "${{ secrets.GITHUB_TOKEN }}" | podman login -u parca-dev --password-stdin ghcr.io | |
| echo "${{ secrets.QUAY_PASSWORD }}" | cosign login -u "${{ secrets.QUAY_USERNAME }}" --password-stdin quay.io | |
| - name: Install crane | |
| if: github.event_name != 'pull_request' | |
| uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # v0.3 | |
| - name: Push and sign container (when merged) | |
| if: github.event_name != 'pull_request' | |
| env: | |
| COSIGN_EXPERIMENTAL: true | |
| run: | | |
| make push-container | |
| make sign-container | |
| make push-signed-quay-container | |
| - name: Save container image | |
| run: | | |
| IMAGE="$(podman image list --filter=reference=ghcr.io/parca-dev/parca-agent --format='{{.Repository}}:{{.Tag}}' | head -1)" | |
| podman image save --output=dist/parca-agent.tar "${IMAGE}" | |
| - name: Upload container image artifact | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: parca-agent.tar | |
| path: dist/parca-agent.tar | |
| run-end-to-end-tests: | |
| name: run end-to-end tests | |
| runs-on: ubuntu-latest | |
| needs: build-and-push-container | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Check out the code | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: Set up Go | |
| uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 | |
| with: | |
| go-version-file: .go-version | |
| cache: true | |
| - name: Set up jsonnet | |
| run: ./env-jsonnet.sh | |
| - name: Set up Minikube | |
| uses: medyagh/setup-minikube@3213bac7294895b1d92c1f4db1f99c91a308efaf # v0.0.13 | |
| with: | |
| minikube-version: ${{ env.MINIKUBE_VERSION }} | |
| driver: none | |
| kubernetes-version: stable # Determined by Minikube version | |
| - name: Download container image artifact | |
| uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: parca-agent.tar | |
| path: dist | |
| - name: Load container image | |
| run: docker image load --input=dist/parca-agent.tar | |
| - name: Run e2e tests | |
| run: make actions-e2e E2E_KUBECONTEXT=minikube | |
| - name: Upload kubectl logs | |
| run: ./e2e/e2e-dump.sh | |
| # Uncomment the next two lines to use upterm to debug CI | |
| # Run `touch continue` from upterm session to close upterm | |
| # and finish this step | |
| # - name: Setup upterm session | |
| # uses: lhotari/action-upterm@v1 | |
| - name: Archive production artifacts | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| if: ${{ always() }} | |
| with: | |
| name: kubectl e2e dump | |
| path: | | |
| ./tmp/e2e-dump |