actrun-cli/.github/workflows/workflow.yml at main · actionforge/actrun-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
on:
  push:
    tags:
      - '*'
    branches:
      - main
      - "feature/docker-run-node"

  pull_request:
    branches:
      - main

  workflow_dispatch:
    inputs:
      session_token:
        description: 'Session token'
        required: false
        default: ''
      publish:
        description: 'Publish'
        required: false
        type: boolean
        default: false

permissions:
  id-token: write
  attestations: write
  artifact-metadata: write
  # TODO: (Seb) Use fine-grained permissions as
  # we only need this for Anchore SBOM Action
  contents: write
  packages: write

jobs:
  agent-tests:
    runs-on: ubuntu-latest
    name: Agent Tests (race + fuzz)
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-go@v5
        with:
          go-version-file: go.mod

      - name: Unit tests with race detector
        run: go test -race -count=1 -v ./agent/...

      - name: Fuzz ParseDockerImage
        run: go test -fuzz=FuzzParseDockerImage -fuzztime=30s ./agent

      - name: Fuzz ParseShebang
        run: go test -fuzz=FuzzParseShebang -fuzztime=30s ./agent

      - name: Fuzz ResolveTemplate
        run: go test -fuzz=FuzzResolveTemplate -fuzztime=30s ./agent

  build-quick:

    runs-on: ubuntu-latest
    name: Quick Build and Test on Linux

    steps:

      - name: Build temporary actrun
        uses: actionforge/action@6635019c96dcd6b3e018df654473a547471338a5 # v0.14.5
        with:
          graph-file: build-quick.act
        env:
          UPLOAD_COVER: true

      - name: Test test_input_output.act
        # execute on every push that is a tag
        uses: actionforge/action@6635019c96dcd6b3e018df654473a547471338a5 # v0.14.5
        with:
          # Use actrun in workdir directory
          runner-path: ${{ github.workspace }}/actrun
          graph-file: test_input_output.act
          session-token: ${{ github.event.inputs.session_token }}

      - name: Test test_env.yml
        # execute on every push that is a tag
        uses: actionforge/action@6635019c96dcd6b3e018df654473a547471338a5 # v0.14.5
        with:
          # Use actrun in workdir directory
          runner-path: ${{ github.workspace }}/actrun
          graph-file: test_env.act
          session-token: ${{ github.event.inputs.session_token }}
        env:
          MY_ENV: "hello world"

  build-test-publish:
    name: Build, Test and Publish
    if: startsWith(github.ref, 'refs/tags/') && (github.event_name == 'workflow_dispatch' || (github.event_name == 'push'))

    strategy:
      matrix:
        license: [free]  # add pro when ready
        os: [windows-latest, ubuntu-latest, ubuntu-24.04-arm, macos-latest]

    runs-on: ${{ matrix.os }}

    env:
      PUBLISH_URL: https://beta.actionforge.dev/api/v2/releases/publish
      PUBLISH_S3_ENDPOINT: https://nyc3.digitaloceanspaces.com
      PUBLISH_S3_BUCKET: actionforge-dl
      # Most consumers for the region use the aws-sdk. Since we
      # are using DigitalOcean Spaces, we need to set the region
      # to us-east-1. Only Python3 use the correct nyc3 region.
      # https://docs.digitalocean.com/products/spaces/how-to/use-aws-sdks/#configure-a-client
      PUBLISH_S3_REGION: us-east-1

    steps:
      - name: Build temporary actrun
        uses: actionforge/action@6635019c96dcd6b3e018df654473a547471338a5 # v0.14.5
        with:
          graph-file: build-quick.act

      - name: (${{ matrix.license }})
        uses: actionforge/action@6635019c96dcd6b3e018df654473a547471338a5 # v0.14.5
        env:
          LICENSE: ${{ matrix.license }}
        with:
          runner-path: ${{ github.workspace }}/actrun
          graph-file: build-test-publish.act
          inputs: ${{ toJson(inputs) }}
          secrets: ${{ toJson(secrets) }}
          matrix: ${{ toJson(matrix) }}

  docker-manifest:
    name: Create Docker Multi-Arch Manifest
    needs: build-test-publish
    if: startsWith(github.ref, 'refs/tags/') && (github.event_name == 'workflow_dispatch' || (github.event_name == 'push'))
    runs-on: ubuntu-latest
    steps:
      - name: Create multi-arch manifest
        run: |
          IMAGE="ghcr.io/actionforge/actrun"
          VERSION="${GITHUB_REF_NAME}"

          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin

          docker buildx imagetools create \
            -t "$IMAGE:$VERSION" \
            -t "$IMAGE:latest" \
            "$IMAGE:${VERSION}-x64" \
            "$IMAGE:${VERSION}-arm64"