-
Notifications
You must be signed in to change notification settings - Fork 62
135 lines (116 loc) · 4 KB
/
go-tests.yaml
File metadata and controls
135 lines (116 loc) · 4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# Copyright 2024 Chainguard, Inc.
# SPDX-License-Identifier: Apache-2.0
name: Go Tests
on:
push:
branches:
- "main"
pull_request:
branches:
- "main"
env:
CGO_ENABLED: "1"
GO_RELEASE: "go-1.26"
YARA_X_RELEASE: "1.17.0"
permissions: {}
jobs:
test:
if: ${{ github.repository == 'chainguard-dev/malcontent' }}
runs-on: ubuntu-latest-arm-16-core
permissions:
contents: read
container:
image: cgr.dev/chainguard/wolfi-base:latest@sha256:9a74366aa10eff2bf14dab0948123bd2c51703e1c553a73740ef687f723aecf4
options: >-
--cap-add DAC_OVERRIDE
--cap-add SETGID
--cap-add SETUID
--cap-drop ALL
--cgroupns private
--cpu-shares=16384
--memory-swappiness=0
--security-opt no-new-privileges
--ulimit core=0
--ulimit nofile=65535:65535
--ulimit nproc=65535:65535
steps:
- name: Install dependencies
run: |
apk update
apk add curl findutils gcc git gnutar "${GO_RELEASE}" make nodejs pkgconf upx xz "yara-x~${YARA_X_RELEASE}"
- name: Checkout code
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
- name: Trust repository
run: git config --global --add safe.directory "${GITHUB_WORKSPACE}"
- name: Get Go cache paths
id: go-env
run: |
echo "modcache=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
echo "cache=$(go env GOCACHE)" >> "$GITHUB_OUTPUT"
- name: Cache Go dependencies
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
${{ steps.go-env.outputs.modcache }}
${{ steps.go-env.outputs.cache }}
key: go-${{ hashFiles('go.sum') }}
restore-keys: go-
- name: Unit tests
run: make test
integration:
if: ${{ github.repository == 'chainguard-dev/malcontent' }}
runs-on: ubuntu-latest-arm-16-core
permissions:
contents: read
container:
image: cgr.dev/chainguard/wolfi-base:latest@sha256:9a74366aa10eff2bf14dab0948123bd2c51703e1c553a73740ef687f723aecf4
options: >-
--cap-add DAC_OVERRIDE
--cap-add SETGID
--cap-add SETUID
--cap-drop ALL
--cgroupns private
--cpu-shares=32768
--memory-swappiness=0
--security-opt no-new-privileges
--ulimit core=0
--ulimit nofile=65535:65535
--ulimit nproc=65535:65535
steps:
- name: Install dependencies
run: |
apk update
apk add curl findutils gcc git gnutar "${GO_RELEASE}" make nodejs pkgconf upx xz "yara-x~${YARA_X_RELEASE}"
- name: Checkout code
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
- name: Trust repository
run: git config --global --add safe.directory "${GITHUB_WORKSPACE}"
- name: Get Go cache paths
id: go-env
run: |
echo "modcache=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
echo "cache=$(go env GOCACHE)" >> "$GITHUB_OUTPUT"
- name: Cache Go dependencies
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
${{ steps.go-env.outputs.modcache }}
${{ steps.go-env.outputs.cache }}
key: go-${{ hashFiles('go.sum') }}
restore-keys: go-
- name: Get samples commit
id: samples
run: echo "commit=$(grep '^SAMPLES_COMMIT' Makefile | head -1 | cut -d'=' -f2 | tr -d ' ?')" >> "$GITHUB_OUTPUT"
- name: Cache malcontent samples
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: out/chainguard-sandbox/malcontent-samples
key: samples-${{ steps.samples.outputs.commit }}
- name: Prepare samples
run: make samples
- name: Integration tests
run: make integration