Build-as-a-Test & Abortable Workflows (#231)

* build cli on every PR * build coordinator on every PR, while only triggering image builds on main. * abort previous runs of workflows if new commits are pushed Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2024-10-01 01:36:09 -04:00 · 2022-06-30 11:27:23 +02:00 · 2022-06-30 11:27:23 +02:00 · 5d293e355d
commit 5d293e355d
parent 040e498b42
13 changed files with 159 additions and 71 deletions
--- a/.github/actions/build_cli/action.yml
+++ b/.github/actions/build_cli/action.yml
@ -1,38 +1,38 @@
 name: build
 description: "Runs cmake & default make target in build folder."
 runs:
-  using: 'composite'
+  using: "composite"
  steps:
-  - name: Install build dependencies
-    run: |
-      sudo apt-get update
-      sudo apt-get install \
-        build-essential cmake \
-        -y
-    shell: bash
-  # https://github.blog/2022-04-12-git-security-vulnerability-announced/
-  - name: Mark repository safe
-    run: |
-      git config --global --add safe.directory /__w/constellation/constellation
-    shell: bash
+    - name: Install build dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install \
+          build-essential cmake \
+          -y
+      shell: bash
+    # https://github.blog/2022-04-12-git-security-vulnerability-announced/
+    - name: Mark repository safe
+      run: |
+        git config --global --add safe.directory /__w/constellation/constellation
+      shell: bash

-  - name: Install Go
-    uses: actions/setup-go@v3
-    with:
-      go-version: '1.18'
-  - name: Build CLI
-    run: |
-      mkdir build
-      cd build
-      cmake ..
-      make -j`nproc` cli
-      echo "$(pwd)" >> $GITHUB_PATH
-      export PATH="$PATH:$(pwd)"
-    shell: bash
-  - name: Build hack/pcr-reader
-    run: |
-      cd hack/pcr-reader/
-      go build .
-      echo "$(pwd)" >> $GITHUB_PATH
-      export PATH="$PATH:$(pwd)"
-    shell: bash
+    - name: Install Go
+      uses: actions/setup-go@v3
+      with:
+        go-version: "1.18"
+    - name: Build CLI
+      run: |
+        mkdir build
+        cd build
+        cmake ..
+        make -j`nproc` cli
+        echo "$(pwd)" >> $GITHUB_PATH
+        export PATH="$PATH:$(pwd)"
+      shell: bash
+    - name: Build hack/pcr-reader
+      run: |
+        cd hack/pcr-reader/
+        go build .
+        echo "$(pwd)" >> $GITHUB_PATH
+        export PATH="$PATH:$(pwd)"
+      shell: bash
--- a/.github/workflows/build-access-manager-image.yml
+++ b/.github/workflows/build-access-manager-image.yml
@ -12,6 +12,11 @@ on:
      - "access_manager/**"
      - "internal/deploy/**"

+# Abort runs of *this* workflow, if a new commit with the same ref is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
  build-access-manager:
    runs-on: ubuntu-latest
@ -28,6 +33,6 @@ jobs:
        uses: ./.github/actions/build_micro-service
        with:
          name: access-manager
-          projectVersion: '0.0.0'
+          projectVersion: "0.0.0"
          dockerfile: access_manager/Dockerfile
          githubToken: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/build-activation-image.yml
+++ b/.github/workflows/build-activation-image.yml
@ -14,6 +14,11 @@ on:
      - "internal/grpc/**"
      - "internal/oid/**"

+# Abort runs of *this* workflow, if a new commit with the same ref is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
  build-activation-service:
    runs-on: ubuntu-latest
@ -30,6 +35,6 @@ jobs:
        uses: ./.github/actions/build_micro-service
        with:
          name: activation-service
-          projectVersion: '0.0.0'
+          projectVersion: "0.0.0"
          dockerfile: activation/Dockerfile
          githubToken: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/build-cli.yml
+++ b/.github/workflows/build-cli.yml
@ -0,0 +1,25 @@
+# Right now this workflow is only used as a test. We want to see that a commit does not break the build. The resulting artifact is not used currently.
+name: Build CLI
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  pull_request:
+
+# Abort runs of *this* workflow, if a new commit with the same ref is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build-cli:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v2
+
+      - name: Build cli
+        uses: ./.github/actions/build_cli
--- a/.github/workflows/build-coordinator.yml
+++ b/.github/workflows/build-coordinator.yml
@ -1,3 +1,4 @@
+# We build the coordinator as part of each PR to see that the build still works. An image is only created once merged to main (see condition on call-coreos).
 name: Build and Upload the Coordinator

 on:
@ -5,6 +6,13 @@ on:
  push:
    branches:
      - main
+  pull_request:
+
+# Abort runs of *this* workflow, if a new commit with the same ref is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
  build-coordinator:
    name: "Build the Coordinator"
@ -47,7 +55,7 @@ jobs:

  call-coreos:
    needs: build-coordinator
-    if: startsWith(needs.build-coordinator.outputs.coordinator-name, 'coordinator-')
+    if: github.ref == 'refs/heads/main' && startsWith(needs.build-coordinator.outputs.coordinator-name, 'coordinator-')
    uses: ./.github/workflows/build-coreos.yml
    with:
      coordinator-name: ${{ needs.build-coordinator.outputs.coordinator-name }}
--- a/.github/workflows/build-kms-image.yml
+++ b/.github/workflows/build-kms-image.yml
@ -13,6 +13,11 @@ on:
      - "internal/constants/**"
      - "internal/file/**"

+# Abort runs of *this* workflow, if a new commit with the same ref is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
  build-kms-server:
    runs-on: ubuntu-latest
--- a/.github/workflows/e2e-test-manual.yml
+++ b/.github/workflows/e2e-test-manual.yml
@ -4,53 +4,59 @@ on:
  workflow_dispatch:
    inputs:
      workerNodesCount:
-        description: 'Number of worker nodes to spawn.'
-        default: '2'
+        description: "Number of worker nodes to spawn."
+        default: "2"
        required: true
      controlNodesCount:
-        description: 'Number of control-plane nodes to spawn.'
-        default: '1'
+        description: "Number of control-plane nodes to spawn."
+        default: "1"
        required: true
      autoscale:
-        description: 'Autoscale?'
+        description: "Autoscale?"
        type: boolean
        default: false
        required: true
      cloudProvider:
-        description: 'Which cloud provider to use.'
+        description: "Which cloud provider to use."
        type: choice
        options:
-          - 'gcp'
-          - 'azure'
-        default: 'gcp'
+          - "gcp"
+          - "azure"
+        default: "gcp"
        required: true
      machineType:
-        description: 'VM machine type. Make sure it matches selected cloud provider!'
+        description: "VM machine type. Make sure it matches selected cloud provider!"
        type: choice
        options:
-          - 'n2d-standard-2' # GCP
-          - 'Standard_D4s_v3' # Azure
-        default: 'n2d-standard-2'
+          - "n2d-standard-2" # GCP
+          - "Standard_D4s_v3" # Azure
+        default: "n2d-standard-2"
        required: true
      sonobuoyTestSuiteCmd:
-        description: 'Which tests should be run? Check README for guidance!'
-        default: '--mode quick'
+        description: "Which tests should be run? Check README for guidance!"
+        default: "--mode quick"
        required: true
+
+# Abort runs of *this* workflow, if a new commit with the same ref is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
  e2e-test-manual:
    runs-on: ubuntu-latest
    steps:
-    - name: Check out repository
-      uses: actions/checkout@v3
-    - name: Run manual E2E test
-      uses: ./.github/actions/e2e_test
-      with:
-        workerNodesCount: ${{ github.event.inputs.workerNodesCount }}
-        controlNodesCount: ${{ github.event.inputs.controlNodesCount }}
-        autoscale: ${{ github.event.inputs.autoscale }}
-        cloudProvider: ${{ github.event.inputs.cloudProvider }}
-        machineType: ${{ github.event.inputs.machineType }}
-        gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
-        azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}
-        sonobuoyTestSuiteCmd: ${{ github.event.inputs.sonobuoyTestSuiteCmd }}
-        msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}
+      - name: Check out repository
+        uses: actions/checkout@v3
+      - name: Run manual E2E test
+        uses: ./.github/actions/e2e_test
+        with:
+          workerNodesCount: ${{ github.event.inputs.workerNodesCount }}
+          controlNodesCount: ${{ github.event.inputs.controlNodesCount }}
+          autoscale: ${{ github.event.inputs.autoscale }}
+          cloudProvider: ${{ github.event.inputs.cloudProvider }}
+          machineType: ${{ github.event.inputs.machineType }}
+          gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
+          azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}
+          sonobuoyTestSuiteCmd: ${{ github.event.inputs.sonobuoyTestSuiteCmd }}
+          msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}
--- a/.github/workflows/test-integration-etcdStore.yml
+++ b/.github/workflows/test-integration-etcdStore.yml
@ -7,6 +7,11 @@ on:
      - main
  pull_request:

+# Abort runs of *this* workflow, if a new commit with the same ref is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
  integration-test:
    runs-on: ubuntu-latest
--- a/.github/workflows/test-integration.yml
+++ b/.github/workflows/test-integration.yml
@ -7,6 +7,11 @@ on:
      - main
  pull_request:

+# Abort runs of *this* workflow, if a new commit with the same ref is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
  integration-test:
    runs-on: ubuntu-latest
--- a/.github/workflows/test-lint.yml
+++ b/.github/workflows/test-lint.yml
@ -8,6 +8,11 @@ permissions:
  # Allow read access to pull request. Use with `only-new-issues` option.
  pull-requests: read

+# Abort runs of *this* workflow, if a new commit with the same ref is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
  golangci:
    name: lint
--- a/.github/workflows/test-shellcheck.yml
+++ b/.github/workflows/test-shellcheck.yml
@ -5,14 +5,19 @@ on:
      - main
  pull_request:

+# Abort runs of *this* workflow, if a new commit with the same ref is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
  shellcheck:
    name: Shellcheck
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v2
-    - name: Run ShellCheck
-      uses: ludeeus/action-shellcheck@master
-      with:
-        severity: error
-        ignore_names: merge_config.sh
+      - uses: actions/checkout@v2
+      - name: Run ShellCheck
+        uses: ludeeus/action-shellcheck@master
+        with:
+          severity: error
+          ignore_names: merge_config.sh
--- a/.github/workflows/test-unittest.yml
+++ b/.github/workflows/test-unittest.yml
@ -7,6 +7,11 @@ on:
      - main
  pull_request:

+# Abort runs of *this* workflow, if a new commit with the same ref is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
  test:
    runs-on: ubuntu-latest
--- a/hack/go.sum
+++ b/hack/go.sum
@ -161,6 +161,7 @@ github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0
 github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
 github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
 github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
+github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
 github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
@ -288,6 +289,7 @@ github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h
 github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA=
 github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI=
 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
+github.com/containerd/containerd v1.6.0 h1:CLa12ZcV0d2ZTRKq1ssioeJpTnPJBMyndpEKA+UtzJg=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@ -322,6 +324,10 @@ github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/
 github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
 github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
+github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
+github.com/docker/docker v20.10.13+incompatible h1:5s7uxnKZG+b8hYWlPYUi6x1Sjpq2MSt96d15eLZeHyw=
+github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
+github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
@ -763,6 +769,8 @@ github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=
 github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis=
 github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74=
 github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
@ -864,6 +872,7 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM=
 github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM=