move the github actions CI into containerised steps

2024-02-20 13:55:31 +11:00 · 2024-02-20 13:55:31 +11:00 · a1b5370138
--- a/.github/workflows/ci-go.yml
+++ b/.github/workflows/ci-go.yml
@ -11,37 +11,44 @@ on:
 permissions:
  contents: read
 env:
  GOFLAGS: -tags=containers_image_openpgp,exclude_graphdriver_btrfs,exclude_graphdriver_devicemapper
 jobs:
  ci-from-docker:
    runs-on: ubuntu-latest
    container:
      image: registry.access.redhat.com/ubi8/go-toolset:1.18.10
    steps:
    - name: Checkout repository
      uses: actions/checkout@v4
-
+    - name: Install Go runtime deps
-    - name: Build from buildah
+      run: |
-      uses: redhat-actions/buildah-build@v2
+        make install-go-tools
-      with:
+    - name: Build all
-        image: test-image
+      run: |
-        tags: ${{ github.sha }}
+        make build-all
-        context: .
+    - name: Run unit tests
-        containerfiles: ./Dockerfile.ci
+      run: |
-        build-args: REGISTRY=registry.access.redhat.com
+        make unit-test-go
  vendor-check:
    runs-on: ubuntu-latest
    container:
      image: registry.access.redhat.com/ubi8/go-toolset:1.20.10
    steps:
    - name: Checkout repository
      uses: actions/checkout@v4
    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version-file: go.mod
    - run: |
        go mod vendor
        go mod tidy -compat=1.18
        hack/ci-utils/isClean.sh
  generate-check:
    runs-on: ubuntu-latest
    container:
      image: registry.access.redhat.com/ubi8/go-toolset:1.18.10
    steps:
    - name: Checkout repository
      uses: actions/checkout@v4
    - name: Run make generate
      run: |
        make generate
        hack/ci-utils/isClean.sh
--- a/Dockerfile.ci
+++ b/Dockerfile.ci
@ -1,37 +0,0 @@
 ARG REGISTRY
 FROM ${REGISTRY}/ubi8/go-toolset:1.18.10
 USER root
 ENV GOPATH=/root/go
 RUN mkdir -p /app
 WORKDIR /app
 #we have multiple steps for copy so we can make use of caching
 COPY vendor/ vendor
 COPY docs/ docs
 COPY hack/ hack
 COPY swagger/ swagger
 COPY test/ test
 COPY python/ python
 COPY portal/ portal
 COPY cmd/ cmd
 COPY pkg/ pkg
 #COPY all files with an extension (directories not copied)
 COPY ?*.* .
 COPY Makefile LICENSE ./
 COPY .git .git
 COPY .gitignore .gitignore
 COPY .pipelines .pipelines
 COPY .gdn .gdn
 COPY .github .github
 COPY .env .env
 COPY .sha256sum .sha256sum
 COPY .config .config
 RUN hack/ci-utils/build.sh
--- a/10
+++ b/10
@ -15,6 +15,7 @@ AUTOREST_VERSION = 3.6.3
 AUTOREST_IMAGE = quay.io/openshift-on-azure/autorest:${AUTOREST_VERSION}
 GATEKEEPER_VERSION = v3.10.0
 GATEKEEPER_IMAGE ?= ${RP_IMAGE_ACR}.azurecr.io/gatekeeper:$(GATEKEEPER_VERSION)
 GOTESTSUM = gotest.tools/gotestsum@v1.11.0
 ifneq ($(shell uname -s),Darwin)
    export CGO_CFLAGS=-Dgpgme_off_t=off_t
@ -213,10 +214,10 @@ validate-fips:
 	hack/fips/validate-fips.sh ./aro
 unit-test-go:
-	go run gotest.tools/gotestsum@v1.9.0 --format pkgname --junitfile report.xml -- -coverprofile=cover.out ./...
+	go run ${GOTESTSUM} --format pkgname --junitfile report.xml -- -coverprofile=cover.out ./...
 unit-test-go-coverpkg:
-	go run gotest.tools/gotestsum@v1.9.0 --format pkgname --junitfile report.xml -- -coverpkg=./... -coverprofile=cover_coverpkg.out ./...
+	go run ${GOTESTSUM} --format pkgname --junitfile report.xml -- -coverpkg=./... -coverprofile=cover_coverpkg.out ./...
 lint-go:
 	hack/lint-go.sh
@ -254,4 +255,7 @@ vendor:
 	# See comments in the script for background on why we need it
 	hack/update-go-module-dependencies.sh
-.PHONY: admin.kubeconfig aks.kubeconfig aro az clean client deploy dev-config.yaml discoverycache generate image-aro-multistage image-fluentbit image-proxy lint-go runlocal-rp proxy publish-image-aro-multistage publish-image-fluentbit publish-image-proxy secrets secrets-update e2e.test tunnel test-e2e test-go test-python vendor build-all validate-go unit-test-go coverage-go validate-fips
+install-go-tools:
 	go install ${GOTESTSUM}
 .PHONY: admin.kubeconfig aks.kubeconfig aro az clean client deploy dev-config.yaml discoverycache generate image-aro-multistage image-fluentbit image-proxy lint-go runlocal-rp proxy publish-image-aro-multistage publish-image-fluentbit publish-image-proxy secrets secrets-update e2e.test tunnel test-e2e test-go test-python vendor build-all validate-go unit-test-go coverage-go validate-fips install-go-tools
--- a/hack/ci-utils/build.sh
+++ b/hack/ci-utils/build.sh
@ -1,7 +0,0 @@
 #!/bin/bash
 set -xe 
 go run hack/ci-utils/differenceChecker/main.go make generate
 make build-all
 make unit-test-go
--- a/hack/ci-utils/differenceChecker/main.go
+++ b/hack/ci-utils/differenceChecker/main.go
@ -1,108 +0,0 @@
 package main
 // Copyright (c) Microsoft Corporation.
 // Licensed under the Apache License 2.0.
 import (
 	"crypto/sha256"
 	"fmt"
 	"io/fs"
 	"log"
 	"os"
 	"os/exec"
 	"strings"
 )
 var ignoredDirectories map[string]bool = map[string]bool{"vendor": true, "pyenv": true, ".git": true}
 func main() {
 	if len(os.Args) < 2 {
 		fmt.Printf("usage : \n%s command -arg1 -arg2\n", os.Args[0])
 		os.Exit(1)
 	}
 	fmt.Println(os.Args)
 	hashTreeBefore, err := readDir(".")
 	if err != nil {
 		log.Println(err)
 	}
 	cmd := exec.Command(os.Args[1], os.Args[2:]...)
 	bytes, err := cmd.CombinedOutput()
 	if err != nil || cmd.ProcessState.ExitCode() != 0 {
 		log.Println(string(bytes))
 		log.Fatal(err)
 	}
 	hashTreeAfter, err := readDir(".")
 	if err != nil {
 		log.Fatal(err)
 	}
 	if !equivalentTrees(hashTreeBefore, hashTreeAfter) {
 		os.Exit(1)
 	}
 }
 func equivalentTrees(first, second hashTree) bool {
 	isEquivalent := true
 	if len(first.tree) != len(second.tree) {
 		isEquivalent = false
 	}
 	for key, bytes := range first.tree {
 		secondBytes, ok := second.tree[key]
 		delete(second.tree, key)
 		if !ok {
 			log.Printf("%s has been deleted after make generate", key)
 			isEquivalent = false
 			continue
 		}
 		if bytes != secondBytes {
 			log.Printf("%s has been modified after make generate", key)
 			isEquivalent = false
 			continue
 		}
 	}
 	for key := range second.tree {
 		log.Printf("%s has been added after make generate", key)
 	}
 	return isEquivalent
 }
 func readDir(name string) (hashTree, error) {
 	fileSystem := os.DirFS(name)
 	hashTree := &hashTree{tree: make(map[string][sha256.Size]byte)}
 	err := fs.WalkDir(fileSystem, ".", hashTree.update)
 	if err != nil {
 		return *hashTree, err
 	}
 	return *hashTree, nil
 }
 type hashTree struct {
 	tree map[string][sha256.Size]byte
 }
 func (h *hashTree) update(path string, file fs.DirEntry, pathError error) error {
 	if pathError != nil {
 		return pathError
 	}
 	if file.IsDir() || !file.Type().IsRegular() {
 		if ignoredDirectories[strings.TrimPrefix(path, "./")] {
 			return fs.SkipDir
 		}
 		return nil
 	}
 	bytes, err := os.ReadFile(path)
 	if err != nil {
 		return err
 	}
 	hash := sha256.Sum256(bytes)
 	h.tree[path] = hash
 	return nil
 }