mirror of
https://github.com/NVIDIA/nvidia-container-toolkit
synced 2024-11-22 08:18:32 +00:00
Add github actions
Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
This commit is contained in:
parent
195e3a22b4
commit
6857f538a6
20
.github/dependabot.yml
vendored
Normal file
20
.github/dependabot.yml
vendored
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
# Please see the documentation for all configuration options:
|
||||||
|
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
|
||||||
|
|
||||||
|
version: 2
|
||||||
|
updates:
|
||||||
|
- package-ecosystem: "gomod"
|
||||||
|
target-branch: main
|
||||||
|
directory: "/"
|
||||||
|
schedule:
|
||||||
|
interval: "weekly"
|
||||||
|
day: "sunday"
|
||||||
|
ignore:
|
||||||
|
- dependency-name: k8s.io/*
|
||||||
|
labels:
|
||||||
|
- dependencies
|
||||||
|
|
||||||
|
- package-ecosystem: "github-actions"
|
||||||
|
directory: "/"
|
||||||
|
schedule:
|
||||||
|
interval: "daily"
|
113
.github/workflows/blossom-ci.yml
vendored
113
.github/workflows/blossom-ci.yml
vendored
@ -1,113 +0,0 @@
|
|||||||
# Copyright (c) 2020-2023, NVIDIA CORPORATION.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
# A workflow to trigger ci on hybrid infra (github + self hosted runner)
|
|
||||||
name: Blossom-CI
|
|
||||||
on:
|
|
||||||
issue_comment:
|
|
||||||
types: [created]
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
platform:
|
|
||||||
description: 'runs-on argument'
|
|
||||||
required: false
|
|
||||||
args:
|
|
||||||
description: 'argument'
|
|
||||||
required: false
|
|
||||||
jobs:
|
|
||||||
Authorization:
|
|
||||||
name: Authorization
|
|
||||||
runs-on: blossom
|
|
||||||
outputs:
|
|
||||||
args: ${{ env.args }}
|
|
||||||
|
|
||||||
# This job only runs for pull request comments
|
|
||||||
if: |
|
|
||||||
contains( '\
|
|
||||||
anstockatnv,\
|
|
||||||
rorajani,\
|
|
||||||
cdesiniotis,\
|
|
||||||
shivamerla,\
|
|
||||||
ArangoGutierrez,\
|
|
||||||
elezar,\
|
|
||||||
klueska,\
|
|
||||||
zvonkok,\
|
|
||||||
', format('{0},', github.actor)) &&
|
|
||||||
github.event.comment.body == '/blossom-ci'
|
|
||||||
steps:
|
|
||||||
- name: Check if comment is issued by authorized person
|
|
||||||
run: blossom-ci
|
|
||||||
env:
|
|
||||||
OPERATION: 'AUTH'
|
|
||||||
REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
REPO_KEY_DATA: ${{ secrets.BLOSSOM_KEY }}
|
|
||||||
|
|
||||||
Vulnerability-scan:
|
|
||||||
name: Vulnerability scan
|
|
||||||
needs: [Authorization]
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Checkout code
|
|
||||||
uses: actions/checkout@v2
|
|
||||||
with:
|
|
||||||
repository: ${{ fromJson(needs.Authorization.outputs.args).repo }}
|
|
||||||
ref: ${{ fromJson(needs.Authorization.outputs.args).ref }}
|
|
||||||
lfs: 'true'
|
|
||||||
|
|
||||||
# repo specific steps
|
|
||||||
#- name: Setup java
|
|
||||||
# uses: actions/setup-java@v1
|
|
||||||
# with:
|
|
||||||
# java-version: 1.8
|
|
||||||
|
|
||||||
# add blackduck properties https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/631308372/Methods+for+Configuring+Analysis#Using-a-configuration-file
|
|
||||||
#- name: Setup blackduck properties
|
|
||||||
# run: |
|
|
||||||
# PROJECTS=$(mvn -am dependency:tree | grep maven-dependency-plugin | awk '{ out="com.nvidia:"$(NF-1);print out }' | grep rapids | xargs | sed -e 's/ /,/g')
|
|
||||||
# echo detect.maven.build.command="-pl=$PROJECTS -am" >> application.properties
|
|
||||||
# echo detect.maven.included.scopes=compile >> application.properties
|
|
||||||
|
|
||||||
- name: Run blossom action
|
|
||||||
uses: NVIDIA/blossom-action@main
|
|
||||||
env:
|
|
||||||
REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
REPO_KEY_DATA: ${{ secrets.BLOSSOM_KEY }}
|
|
||||||
with:
|
|
||||||
args1: ${{ fromJson(needs.Authorization.outputs.args).args1 }}
|
|
||||||
args2: ${{ fromJson(needs.Authorization.outputs.args).args2 }}
|
|
||||||
args3: ${{ fromJson(needs.Authorization.outputs.args).args3 }}
|
|
||||||
|
|
||||||
Job-trigger:
|
|
||||||
name: Start ci job
|
|
||||||
needs: [Vulnerability-scan]
|
|
||||||
runs-on: blossom
|
|
||||||
steps:
|
|
||||||
- name: Start ci job
|
|
||||||
run: blossom-ci
|
|
||||||
env:
|
|
||||||
OPERATION: 'START-CI-JOB'
|
|
||||||
CI_SERVER: ${{ secrets.CI_SERVER }}
|
|
||||||
REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
|
|
||||||
Upload-Log:
|
|
||||||
name: Upload log
|
|
||||||
runs-on: blossom
|
|
||||||
if : github.event_name == 'workflow_dispatch'
|
|
||||||
steps:
|
|
||||||
- name: Jenkins log for pull request ${{ fromJson(github.event.inputs.args).pr }} (click here)
|
|
||||||
run: blossom-ci
|
|
||||||
env:
|
|
||||||
OPERATION: 'POST-PROCESSING'
|
|
||||||
CI_SERVER: ${{ secrets.CI_SERVER }}
|
|
||||||
REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
56
.github/workflows/golang.yaml
vendored
Normal file
56
.github/workflows/golang.yaml
vendored
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
# Copyright 2024 NVIDIA CORPORATION
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
name: Golang
|
||||||
|
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
- release-*
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
- release-*
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
check:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Lint
|
||||||
|
uses: golangci/golangci-lint-action@v3
|
||||||
|
with:
|
||||||
|
version: latest
|
||||||
|
args: -v --timeout 5m
|
||||||
|
skip-cache: true
|
||||||
|
test:
|
||||||
|
name: Unit test
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Checkout code
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
- name: Install Go
|
||||||
|
uses: actions/setup-go@v5
|
||||||
|
with:
|
||||||
|
go-version: '1.20'
|
||||||
|
- run: make test
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Build
|
||||||
|
run: make docker-build
|
108
.github/workflows/image.yaml
vendored
Normal file
108
.github/workflows/image.yaml
vendored
Normal file
@ -0,0 +1,108 @@
|
|||||||
|
# Copyright 2024 NVIDIA CORPORATION
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# Run this workflow on pull requests
|
||||||
|
name: image
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
- release-*
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
packages:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
package:
|
||||||
|
- ubuntu18.04-arm64
|
||||||
|
- ubuntu18.04-amd64
|
||||||
|
- ubuntu18.04-ppc64le
|
||||||
|
- centos7-aarch64
|
||||||
|
- centos7-x86_64
|
||||||
|
- centos8-ppc64le
|
||||||
|
fail-fast: false
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
name: Check out code
|
||||||
|
- name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v3
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v3
|
||||||
|
- name: build ${{ matrix.package }} packages
|
||||||
|
run: |
|
||||||
|
sudo apt-get install -y coreutils build-essential sed git bash make
|
||||||
|
echo "Building packages"
|
||||||
|
./scripts/build-packages.sh ${{ matrix.package }}
|
||||||
|
- name: 'Upload Artifacts'
|
||||||
|
uses: actions/upload-artifact@v4
|
||||||
|
with:
|
||||||
|
compression-level: 0
|
||||||
|
name: toolkit-container-${{ matrix.package }}-${{ github.run_id }}
|
||||||
|
path: ${{ github.workspace }}/dist/*
|
||||||
|
|
||||||
|
image:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
image: [ubuntu20.04, centos7, ubi8, packaging]
|
||||||
|
needs: packages
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
name: Check out code
|
||||||
|
- name: Calculate build vars
|
||||||
|
id: vars
|
||||||
|
run: |
|
||||||
|
echo "COMMIT_SHORT_SHA=${GITHUB_SHA:0:8}" >> $GITHUB_ENV
|
||||||
|
echo "LOWERCASE_REPO_OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | awk '{print tolower($0)}')" >> $GITHUB_ENV
|
||||||
|
REPO_FULL_NAME="${{ github.event.pull_request.head.repo.full_name }}"
|
||||||
|
echo "${REPO_FULL_NAME}"
|
||||||
|
echo "LABEL_IMAGE_SOURCE=https://github.com/${REPO_FULL_NAME}" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
GENERATE_ARTIFACTS="false"
|
||||||
|
if [[ "${{ github.actor }}" == "dependabot[bot]" ]]; then
|
||||||
|
GENERATE_ARTIFACTS="false"
|
||||||
|
elif [[ "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.head.repo.full_name }}" == "${{ github.repository }}" ]]; then
|
||||||
|
GENERATE_ARTIFACTS="true"
|
||||||
|
elif [[ "${{ github.event_name }}" == "push" ]]; then
|
||||||
|
GENERATE_ARTIFACTS="true"
|
||||||
|
fi
|
||||||
|
echo "PUSH_ON_BUILD=${GENERATE_ARTIFACTS}" >> $GITHUB_ENV
|
||||||
|
echo "BUILD_MULTI_ARCH_IMAGES=${GENERATE_ARTIFACTS}" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
- name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v3
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v3
|
||||||
|
- name: Get built packages
|
||||||
|
uses: actions/download-artifact@v4
|
||||||
|
with:
|
||||||
|
path: ${{ github.workspace }}/dist/
|
||||||
|
pattern: toolkit-container-*
|
||||||
|
merge-multiple: true
|
||||||
|
|
||||||
|
- name: Login to GitHub Container Registry
|
||||||
|
uses: docker/login-action@v3
|
||||||
|
with:
|
||||||
|
registry: ghcr.io
|
||||||
|
username: ${{ github.actor }}
|
||||||
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
- name: Build image
|
||||||
|
env:
|
||||||
|
IMAGE_NAME: ghcr.io/${LOWERCASE_REPO_OWNER}/container-toolkit
|
||||||
|
VERSION: ${COMMIT_SHORT_SHA}
|
||||||
|
run: |
|
||||||
|
echo "${VERSION}"
|
||||||
|
make -f build/container/Makefile build-${{ matrix.image }}
|
22
.github/workflows/pre-sanity.yml
vendored
22
.github/workflows/pre-sanity.yml
vendored
@ -1,22 +0,0 @@
|
|||||||
name: Run pre sanity
|
|
||||||
|
|
||||||
# run this workflow for each commit
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
|
|
||||||
- name: Build dev image
|
|
||||||
run: make .build-image
|
|
||||||
|
|
||||||
- name: Build
|
|
||||||
run: make docker-build
|
|
||||||
|
|
||||||
- name: Tests
|
|
||||||
run: make docker-coverage
|
|
||||||
|
|
||||||
- name: Checks
|
|
||||||
run: make docker-check
|
|
@ -16,7 +16,7 @@ include:
|
|||||||
- .common-ci.yml
|
- .common-ci.yml
|
||||||
|
|
||||||
# Define the package build helpers
|
# Define the package build helpers
|
||||||
.multi-arch-build:
|
.multi-arch-build:
|
||||||
before_script:
|
before_script:
|
||||||
- apk add --no-cache coreutils build-base sed git bash make
|
- apk add --no-cache coreutils build-base sed git bash make
|
||||||
- '[[ -n "${SKIP_QEMU_SETUP}" ]] || docker run --rm --privileged multiarch/qemu-user-static --reset -p yes -c yes'
|
- '[[ -n "${SKIP_QEMU_SETUP}" ]] || docker run --rm --privileged multiarch/qemu-user-static --reset -p yes -c yes'
|
||||||
|
Loading…
Reference in New Issue
Block a user