re-implement compose logic #8626
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| workflow_dispatch: | |
| inputs: | |
| debug_enabled: | |
| description: 'To run with tmate enter "debug_enabled"' | |
| required: false | |
| default: "false" | |
| permissions: | |
| contents: read # to fetch code (actions/checkout) | |
| jobs: | |
| validate: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - lint | |
| - validate-go-mod | |
| - validate-headers | |
| - validate-docs | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 | |
| - | |
| name: Run | |
| run: | | |
| make ${{ matrix.target }} | |
| binary: | |
| uses: docker/github-builder/.github/workflows/bake.yml@70313223e2665c3211b454b3fea6534624e78d64 # v1.4.0 | |
| permissions: | |
| contents: read # same as global permission | |
| id-token: write # for signing attestation(s) with GitHub OIDC Token | |
| with: | |
| runner: amd64 | |
| artifact-name: compose | |
| artifact-upload: true | |
| cache: true | |
| cache-scope: binary | |
| target: release | |
| output: local | |
| sbom: true | |
| sign: ${{ github.event_name != 'pull_request' }} | |
| binary-finalize: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - binary | |
| steps: | |
| - | |
| name: Download artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 | |
| with: | |
| path: /tmp/compose-output | |
| name: ${{ needs.binary.outputs.artifact-name }} | |
| - | |
| name: Rename provenance and sbom | |
| run: | | |
| for pdir in /tmp/compose-output/*/; do | |
| ( | |
| cd "$pdir" | |
| binname=$(find . -name 'docker-compose-*') | |
| filename=$(basename "${binname%.exe}") | |
| mv "provenance.json" "${filename}.provenance.json" | |
| mv "sbom-binary.spdx.json" "${filename}.sbom.json" | |
| find . -name 'sbom*.json' -exec rm {} \; | |
| if [ -f "provenance.sigstore.json" ]; then | |
| mv "provenance.sigstore.json" "${filename}.sigstore.json" | |
| fi | |
| ) | |
| done | |
| mkdir -p "./bin/release" | |
| mv /tmp/compose-output/**/* "./bin/release/" | |
| - | |
| name: Create checksum file | |
| working-directory: ./bin/release | |
| run: | | |
| find . -type f -print0 | sort -z | xargs -r0 shasum -a 256 -b | sed 's# \*\./# *#' > $RUNNER_TEMP/checksums.txt | |
| shasum -a 256 -U -c $RUNNER_TEMP/checksums.txt | |
| mv $RUNNER_TEMP/checksums.txt . | |
| cat checksums.txt | while read sum file; do | |
| if [[ "${file#\*}" == docker-compose-* && "${file#\*}" != *.provenance.json && "${file#\*}" != *.sbom.json && "${file#\*}" != *.sigstore.json ]]; then | |
| echo "$sum $file" > ${file#\*}.sha256 | |
| fi | |
| done | |
| - | |
| name: Upload artifacts | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 | |
| with: | |
| name: release | |
| path: ./bin/release/* | |
| if-no-files-found: error | |
| bin-image-test: | |
| if: github.event_name == 'pull_request' | |
| uses: docker/github-builder/.github/workflows/bake.yml@70313223e2665c3211b454b3fea6534624e78d64 # v1.4.0 | |
| with: | |
| runner: amd64 | |
| target: image-cross | |
| cache: true | |
| cache-scope: bin-image-test | |
| output: image | |
| push: false | |
| sbom: true | |
| set-meta-labels: true | |
| meta-images: | | |
| compose-bin | |
| meta-tags: | | |
| type=ref,event=pr | |
| meta-bake-target: meta-helper | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - | |
| name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 | |
| - | |
| name: Test | |
| uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 | |
| with: | |
| targets: test | |
| set: | | |
| *.cache-from=type=gha,scope=test | |
| *.cache-to=type=gha,scope=test | |
| - | |
| name: Gather coverage data | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 | |
| with: | |
| name: coverage-data-unit | |
| path: bin/coverage/unit/ | |
| if-no-files-found: error | |
| - | |
| name: Unit Test Summary | |
| uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2.4 | |
| with: | |
| paths: bin/coverage/unit/report.xml | |
| if: always() | |
| e2e: | |
| runs-on: ubuntu-latest | |
| name: e2e (${{ matrix.mode }}, ${{ matrix.channel }}) | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # current stable | |
| - mode: plugin | |
| engine: 29 | |
| channel: stable | |
| - mode: standalone | |
| engine: 29 | |
| channel: stable | |
| # old stable (latest major - 1) | |
| - mode: plugin | |
| engine: 28 | |
| channel: oldstable | |
| - mode: standalone | |
| engine: 28 | |
| channel: oldstable | |
| steps: | |
| - name: Prepare | |
| run: | | |
| mode=${{ matrix.mode }} | |
| engine=${{ matrix.engine }} | |
| echo "MODE_ENGINE_PAIR=${mode}-${engine}" >> $GITHUB_ENV | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Install Docker ${{ matrix.engine }} | |
| run: | | |
| sudo systemctl stop docker.service | |
| sudo apt-get purge docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin | |
| sudo apt-get install curl | |
| curl -fsSL https://test.docker.com -o get-docker.sh | |
| sudo sh ./get-docker.sh --version ${{ matrix.engine }} | |
| - name: Check Docker Version | |
| run: docker --version | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 | |
| - name: Set up Docker Model | |
| run: | | |
| sudo apt-get install docker-model-plugin | |
| docker model version | |
| - name: Set up Go | |
| uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 | |
| with: | |
| go-version-file: '.go-version' | |
| check-latest: true | |
| cache: true | |
| - name: Build example provider | |
| run: make example-provider | |
| - name: Pre-pull e2e test images | |
| run: | | |
| # Pull images used by e2e fixtures in parallel to avoid test | |
| # timeouts caused by slow downloads on cold CI runners. | |
| images=( | |
| "alpine" | |
| "nginx" | |
| "nginx:alpine" | |
| "busybox" | |
| "bash" | |
| "hello-world" | |
| "mariadb" | |
| "fluent/fluent-bit:3.1.7-debug" | |
| "alpine/curl" | |
| ) | |
| for img in "${images[@]}"; do | |
| docker pull "$img" & | |
| done | |
| wait | |
| - name: Build | |
| uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 | |
| with: | |
| source: . | |
| targets: binary-with-coverage | |
| set: | | |
| *.cache-from=type=gha,scope=binary-linux-amd64 | |
| *.cache-from=type=gha,scope=binary-e2e-${{ matrix.mode }} | |
| *.cache-to=type=gha,scope=binary-e2e-${{ matrix.mode }},mode=max | |
| env: | |
| BUILD_TAGS: e2e | |
| - name: Setup tmate session | |
| if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled }} | |
| uses: mxschmitt/action-tmate@c0afd6f790e3a5564914980036ebf83216678101 # v3.23 | |
| with: | |
| limit-access-to-actor: true | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Test plugin mode | |
| if: ${{ matrix.mode == 'plugin' }} | |
| run: | | |
| rm -rf ./bin/coverage/e2e | |
| mkdir -p ./bin/coverage/e2e | |
| make e2e-compose GOCOVERDIR=bin/coverage/e2e TEST_FLAGS="-v" | |
| - name: Gather coverage data | |
| if: ${{ matrix.mode == 'plugin' }} | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 | |
| with: | |
| name: coverage-data-e2e-${{ env.MODE_ENGINE_PAIR }} | |
| path: bin/coverage/e2e/ | |
| if-no-files-found: error | |
| - name: Test standalone mode | |
| if: ${{ matrix.mode == 'standalone' }} | |
| run: | | |
| rm -f /usr/local/bin/docker-compose | |
| cp bin/build/docker-compose /usr/local/bin | |
| make e2e-compose-standalone | |
| - name: e2e Test Summary | |
| uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2.4 | |
| with: | |
| paths: /tmp/report/report.xml | |
| if: always() | |
| coverage: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - test | |
| - e2e | |
| steps: | |
| # codecov won't process the report without the source code available | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 | |
| with: | |
| go-version-file: '.go-version' | |
| check-latest: true | |
| - name: Download unit test coverage | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 | |
| with: | |
| name: coverage-data-unit | |
| path: coverage/unit | |
| merge-multiple: true | |
| - name: Download E2E test coverage | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 | |
| with: | |
| pattern: coverage-data-e2e-* | |
| path: coverage/e2e | |
| merge-multiple: true | |
| - name: Merge coverage reports | |
| run: | | |
| go tool covdata textfmt -i=./coverage/unit,./coverage/e2e -o ./coverage.txt | |
| - name: Store coverage report in GitHub Actions | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 | |
| with: | |
| name: go-covdata-txt | |
| path: ./coverage.txt | |
| if-no-files-found: error | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3 | |
| with: | |
| files: ./coverage.txt | |
| release: | |
| permissions: | |
| contents: write # to create a release (ncipollo/release-action) | |
| runs-on: ubuntu-latest | |
| needs: | |
| - binary-finalize | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - | |
| name: Download artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 | |
| with: | |
| path: ./bin/release | |
| name: release | |
| - | |
| name: List artifacts | |
| run: | | |
| tree -nh ./bin/release | |
| - | |
| name: Check artifacts | |
| run: | | |
| find bin/release -type f -exec file -e ascii -- {} + | |
| - | |
| name: GitHub Release | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd # v1.21.0 | |
| with: | |
| artifacts: ./bin/release/* | |
| generateReleaseNotes: true | |
| draft: true | |
| token: ${{ secrets.GITHUB_TOKEN }} |