-
Notifications
You must be signed in to change notification settings - Fork 997
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
gha: Run static-checks on self-hosted runners conditionally
Due to the restrictions on instance provisioning for self-hosted runners, performing static checks (36 jobs at the time of writing) on them each time a PR is updated could significantly burden them, consequently slowing down the entire CI system. To address this, the decision is to trigger these checks only when an 'ok-to-test' label is added. Meanwhile, the checks for x86_64, which are supported by GitHub-hosted runners, will remain unchanged. Fixes: #8998 Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
- Loading branch information
Showing
2 changed files
with
131 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,130 @@ | ||
on: | ||
pull_request_target: | ||
branches: | ||
- 'main' | ||
- 'stable-*' | ||
types: | ||
- opened | ||
- synchronize | ||
- reopened | ||
- labeled # a workflow runs only when the 'ok-to-test' label is added | ||
|
||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | ||
cancel-in-progress: true | ||
|
||
name: Static checks | ||
jobs: | ||
build-checks: | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
component: | ||
- agent | ||
- dragonball | ||
- runtime | ||
- runtime-rs | ||
- agent-ctl | ||
- kata-ctl | ||
- runk | ||
- trace-forwarder | ||
- genpolicy | ||
command: | ||
- "make vendor" | ||
- "make check" | ||
- "make test" | ||
- "sudo -E PATH=\"$PATH\" make test" | ||
include: | ||
- component: agent | ||
component-path: src/agent | ||
- component: dragonball | ||
component-path: src/dragonball | ||
- component: runtime | ||
component-path: src/runtime | ||
- component: runtime-rs | ||
component-path: src/runtime-rs | ||
- component: agent-ctl | ||
component-path: src/tools/agent-ctl | ||
- component: kata-ctl | ||
component-path: src/tools/kata-ctl | ||
- component: runk | ||
component-path: src/tools/runk | ||
- component: trace-forwarder | ||
component-path: src/tools/trace-forwarder | ||
- install-libseccomp: no | ||
- component: agent | ||
install-libseccomp: yes | ||
- component: runk | ||
install-libseccomp: yes | ||
- component: genpolicy | ||
component-path: src/tools/genpolicy | ||
instance: | ||
- "arm-no-k8s" | ||
- "s390x" | ||
- "ppc64le" | ||
runs-on: ${{ matrix.instance }} | ||
steps: | ||
- name: Adjust a permission for repo | ||
run: | | ||
sudo chown -R $USER:$USER $GITHUB_WORKSPACE $HOME | ||
sudo rm -rf $GITHUB_WORKSPACE/* | ||
sudo rm -f /tmp/kata_hybrid* # Sometime we got leftover from test_setup_hvsock_failed() | ||
- name: Checkout the code | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Rebase atop of the latest target branch | ||
run: | | ||
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" | ||
env: | ||
TARGET_BRANCH: ${{ github.event.pull_request.base.ref }} | ||
|
||
- name: Install yq | ||
run: | | ||
./ci/install_yq.sh | ||
env: | ||
INSTALL_IN_GOPATH: false | ||
- name: Install golang | ||
if: ${{ matrix.component == 'runtime' }} | ||
run: | | ||
./tests/install_go.sh -f -p | ||
echo "/usr/local/go/bin" >> $GITHUB_PATH | ||
- name: Install rust | ||
if: ${{ matrix.component != 'runtime' }} | ||
run: | | ||
./tests/install_rust.sh | ||
echo "${HOME}/.cargo/bin" >> $GITHUB_PATH | ||
- name: Install musl-tools | ||
if: ${{ matrix.component != 'runtime' }} | ||
run: sudo apt-get -y install musl-tools | ||
- name: Install devicemapper | ||
if: ${{ matrix.command == 'make check' && matrix.component == 'agent' }} | ||
run: sudo apt-get -y install libdevmapper-dev | ||
- name: Install libseccomp | ||
if: ${{ matrix.command != 'make vendor' && matrix.command != 'make check' && matrix.install-libseccomp == 'yes' }} | ||
run: | | ||
libseccomp_install_dir=$(mktemp -d -t libseccomp.XXXXXXXXXX) | ||
gperf_install_dir=$(mktemp -d -t gperf.XXXXXXXXXX) | ||
./ci/install_libseccomp.sh "${libseccomp_install_dir}" "${gperf_install_dir}" | ||
echo "Set environment variables for the libseccomp crate to link the libseccomp library statically" | ||
echo "LIBSECCOMP_LINK_TYPE=static" >> $GITHUB_ENV | ||
echo "LIBSECCOMP_LIB_PATH=${libseccomp_install_dir}/lib" >> $GITHUB_ENV | ||
- name: Install protobuf-compiler | ||
if: ${{ matrix.command == 'make check' && matrix.component == 'agent' }} | ||
run: sudo apt-get -y install protobuf-compiler | ||
- name: Install clang | ||
if: ${{ matrix.command == 'make check' && matrix.component == 'agent' }} | ||
run: sudo apt-get -y install clang | ||
- name: Setup XDG_RUNTIME_DIR for the `runtime` tests | ||
if: ${{ matrix.command != 'make vendor' && matrix.command != 'make check' && matrix.component == 'runtime' }} | ||
run: | | ||
XDG_RUNTIME_DIR=$(mktemp -d /tmp/kata-tests-$USER.XXX | tee >(xargs chmod 0700)) | ||
echo "XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR}" >> $GITHUB_ENV | ||
- name: Running `${{ matrix.command }}` for ${{ matrix.component }} | ||
run: | | ||
cd ${{ matrix.component-path }} | ||
${{ matrix.command }} | ||
env: | ||
RUST_BACKTRACE: "1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters