diff --git a/.github/actions/install-go-linters/action.yml b/.github/actions/install-go-linters/action.yml new file mode 100644 index 00000000000..ccaae62634e --- /dev/null +++ b/.github/actions/install-go-linters/action.yml @@ -0,0 +1,35 @@ +name: "lint-go" +description: "This action will install go linting tools (golangci-lint and goimports-reviser), and executes them on the codebase." +inputs: + cache-dependency-path: + description: 'Used to specify the path to a dependency file - go.sum' + strategy: + description: "See install-go for info" + _golangci_version: + description: "Internal: the golangci version we want" + default: "89476e7a1eaa0a8a06c17343af960a5fd9e7edb7" # v1.62.2 + _goimports_version: + description: "Internal: the goimports reviser version we want" + default: "f034195cc8a7ffc7cc70d60aa3a25500874eaf04" # v3.8.2 + +runs: + using: composite + steps: + - name: "Install golang" + uses: ./.github/actions/install-go + with: + strategy: ${{ inputs.strategy }} + - name: "`go install` needed tools" + shell: bash + run: | + # go install golangci-lint and goimports-reviser + err="$(go install -v github.com/golangci/golangci-lint/cmd/golangci-lint@${{ inputs._golangci_version }} 2>&1)" || { + echo "Failed installing golangci:" + echo "$err" + exit 1 + } + err="$(go install -v github.com/incu6us/goimports-reviser/v3@${{ inputs._goimports_version }} 2>&1)" || { + echo "Failed installing goimports-reviser:" + echo "$err" + exit 1 + } diff --git a/.github/actions/install-go/action.yml b/.github/actions/install-go/action.yml new file mode 100644 index 00000000000..274108ba165 --- /dev/null +++ b/.github/actions/install-go/action.yml @@ -0,0 +1,75 @@ +name: "Go install" +description: "This action will install go (currently supported version by default). Operator may optionally require the `strategy` input: + - 'canary', for the latest RC/beta + - 'latest-stable', for the latest patch release for the currently supported version (this is normally the default, unless nerdctl is lagging) + - 'old-stable' for the latest patch release of the minimum minor go version nerdctl is supporting" +inputs: + cache-dependency-path: + description: 'Used to specify the path to a dependency file - go.sum' + strategy: + default: "" + description: "You may set this to `canary`, `latest-stable`, or `old-stable`. Otherwise defauls to the explicitly supported version." + # These below are technically not input variables (that we expect people to specific or change). + # We are just abusing the system here for convenience, since a composite action does not let you define env. + # This here is the one, central location where we would update go versions when there is a newly supported go version. + _current: + default: "1.23.4" + description: "What we consider the current blessed go version (typically the latest patch release of the last major.minor version)" + _stable: + default: "1.23.x" + description: "The latest major.minor version we support" + _old_stable: + default: "1.22.x" + description: "The minimum major.minor go version that we still support" + +runs: + using: composite + steps: + - name: "Set GO_VERSION environment variable from user strategy" + shell: bash + run: | + golang::canary(){ + # Enable extended globbing features to use advanced pattern matching + shopt -s extglob + # Get latest golang version and split it in components + norm=() + while read -r line; do + line_trimmed="${line//+([[:space:]])/}" + norm+=("$line_trimmed") + done < \ + <(sed -E 's/^go([0-9]+)[.]([0-9]+)([.]([0-9]+))?(([a-z]+)([0-9]+))?/\1.\2\n\4\n\6\n\7/i' \ + <(curl -fsSL "https://go.dev/dl/?mode=json&include=all" | jq -rc .[0].version) \ + ) + # Serialize version, making sure we have a patch version, and separate possible rcX into .rc-X + [ "${norm[1]}" != "" ] || norm[1]="0" + norm[1]=".${norm[1]}" + [ "${norm[2]}" == "" ] || norm[2]="-${norm[2]}" + [ "${norm[3]}" == "" ] || norm[3]=".${norm[3]}" + # Save it + IFS= + echo "GO_VERSION=${norm[*]}" >> "$GITHUB_ENV" + } + + if [ "${{ inputs.strategy }}" == "canary" ]; then + golang::canary + elif [ "${{ inputs.strategy }}" == "latest-stable" ]; then + echo "GO_VERSION=${{ inputs._stable }}" >> "$GITHUB_ENV" + elif [ "${{ inputs.strategy }}" == "old-stable" ]; then + echo "GO_VERSION=${{ inputs._old_stable }}" >> "$GITHUB_ENV" + else + echo "GO_VERSION=${{ inputs._current }}" >> "$GITHUB_ENV" + fi + - name: "Setup Go" + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + with: + go-version: ${{ env.GO_VERSION }} + cache-dependency-path: ${{ inputs.cache-dependency-path }} + # See https://github.com/containerd/nerdctl/issues/3733 + # GitHub cache is very limited. We currently depend on it for the (more important) build dependencies caching. + # Disabling this here will slow down the setup a bit. + cache: false + - name: "Cleanup go version string" + shell: bash + # Remove possible trailing .x + run: | + echo "GO_VERSION=${GO_VERSION%.x*}" >> "$GITHUB_ENV" diff --git a/.github/workflows/ghcr-image-build-and-publish.yml b/.github/workflows/ghcr-image-build-and-publish.yml index e0b812946a8..d57db42cb98 100644 --- a/.github/workflows/ghcr-image-build-and-publish.yml +++ b/.github/workflows/ghcr-image-build-and-publish.yml @@ -31,19 +31,19 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -53,14 +53,14 @@ jobs: # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@v5.6.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image - uses: docker/build-push-action@v6.10.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: context: . platforms: linux/amd64,linux/arm64 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 433922ed207..da814b9c00c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -7,72 +7,60 @@ on: - 'release/**' pull_request: -env: - GO_VERSION: 1.23.x - jobs: go: timeout-minutes: 5 - name: "go | ${{ matrix.goos }} | ${{ matrix.canary }}" + name: "go | ${{ matrix.goos }} | ${{ matrix.goversion }}" runs-on: "${{ matrix.os }}" - defaults: - run: - shell: bash strategy: matrix: include: - os: ubuntu-24.04 goos: linux + goversion: latest-stable - os: ubuntu-24.04 goos: freebsd + goversion: latest-stable # FIXME: this is currently failing in a non-sensical way, so, running on linux instead... # - os: windows-2022 - os: ubuntu-24.04 goos: windows + goversion: latest-stable - os: ubuntu-24.04 goos: linux - # This allows the canary script to select any upcoming golang alpha/beta/RC - canary: go-canary - env: - GOOS: "${{ matrix.goos }}" + goversion: canary steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - - name: Set GO env - run: | - # If canary is specified, get the latest available golang pre-release instead of the major version - if [ "$canary" != "" ]; then - . ./hack/build-integration-canary.sh - canary::golang::latest - fi - - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GO_VERSION }} - check-latest: true - cache: true - - name: golangci-lint - uses: golangci/golangci-lint-action@v6 + - name: "Install go linters" + uses: ./.github/actions/install-go-linters with: - args: --verbose + strategy: ${{ matrix.goversion }} + - name: "`make lint-imports`" + # Import ordering is not influenced by GOOS - running it multiple times is thus unnecessary + # Note we are picking freebsd as the GOOS to run it on, as linux is running multiple times (eg: canary) + if: ${{ matrix.goos=='freebsd' }} + shell: bash + run: | + make lint-imports + - name: "`make lint-go` for ${{ matrix.goos }}" + env: + VERBOSE: true + GOOS: ${{ matrix.goos }} + shell: bash + run: | + make lint-go + other: timeout-minutes: 5 - name: yaml | shell | imports order + name: yaml | shell runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GO_VERSION }} - check-latest: true - cache: true - name: yaml run: make lint-yaml - name: shell run: make lint-shell - - name: go imports ordering - run: | - go install -v github.com/incu6us/goimports-reviser/v3@latest - make lint-imports diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index ebeef72caec..6789a6d62a9 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -13,18 +13,16 @@ jobs: runs-on: ubuntu-24.04 timeout-minutes: 20 steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: src/github.com/containerd/nerdctl fetch-depth: 100 - - uses: actions/setup-go@v5 + - uses: ./src/github.com/containerd/nerdctl/.github/actions/install-go with: - go-version: ${{ env.GO_VERSION }} cache-dependency-path: src/github.com/containerd/nerdctl - - uses: containerd/project-checks@v1.1.0 + - uses: containerd/project-checks@434a07157608eeaa1d5c8d4dd506154204cd9401 # v1.1.0 with: working-directory: src/github.com/containerd/nerdctl - repo-access-token: ${{ secrets.GITHUB_TOKEN }} - run: ./hack/verify-no-patent.sh working-directory: src/github.com/containerd/nerdctl - run: ./hack/verify-pkg-isolation.sh diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4043288037c..b3a17aa0813 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,8 +10,8 @@ jobs: runs-on: ubuntu-24.04 timeout-minutes: 40 steps: - - uses: actions/checkout@v4.2.2 - - uses: actions/setup-go@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: 1.23.x - name: "Compile binaries" diff --git a/.github/workflows/test-canary.yml b/.github/workflows/test-canary.yml index 152097cd0fc..0b465e5fb2a 100644 --- a/.github/workflows/test-canary.yml +++ b/.github/workflows/test-canary.yml @@ -19,7 +19,7 @@ jobs: runs-on: "ubuntu-24.04" timeout-minutes: 40 steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - name: "Prepare integration test environment" @@ -55,10 +55,10 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - - name: Set GO env + - name: Set Containerd version run: | # Get latest containerd args=(curl --proto '=https' --tlsv1.2 -fsSL -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28") @@ -67,19 +67,15 @@ jobs: } || args+=(-H "Authorization: Bearer $GITHUB_TOKEN") ctd_v="$("${args[@]}" https://api.github.com/repos/containerd/containerd/tags | jq -rc .[0].name)" echo "CONTAINERD_VERSION=${ctd_v:1}" >> "$GITHUB_ENV" - - . ./hack/build-integration-canary.sh - canary::golang::latest - - uses: actions/setup-go@v5 + - name: "Install go" + uses: ./.github/actions/install-go with: - go-version: ${{ env.GO_VERSION }} - cache: true - check-latest: true + strategy: canary - run: go install ./cmd/nerdctl - run: go install -v gotest.tools/gotestsum@v1 # This here is solely to get the cni install script, which has not been modified in 3+ years. # There is little to no reason to update this to latest containerd - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: containerd/containerd ref: "v1.7.24" diff --git a/.github/workflows/test-kube.yml b/.github/workflows/test-kube.yml index 2bd0d00f28c..580a9a2181a 100644 --- a/.github/workflows/test-kube.yml +++ b/.github/workflows/test-kube.yml @@ -17,7 +17,7 @@ jobs: env: ROOTFUL: true steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - name: "Run Kubernetes integration tests" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index feba1ca4c26..a048e1dad80 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,7 +10,6 @@ on: - '**.md' env: - GO_VERSION: 1.23.x SHORT_TIMEOUT: 5 LONG_TIMEOUT: 60 @@ -40,11 +39,11 @@ jobs: CONTAINERD_VERSION: "${{ matrix.containerd }}" ARCH: "${{ matrix.arch }}" steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - name: "Expose GitHub Runtime variables for gha" - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - name: "Build dependencies for the integration test environment image" run: | docker buildx create --name with-gha --use @@ -73,16 +72,15 @@ jobs: - os: ubuntu-24.04 goos: linux steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - - uses: actions/setup-go@v5 + - name: "Install go" + uses: ./.github/actions/install-go with: - go-version: ${{ env.GO_VERSION }} - check-latest: true - cache: true + strategy: latest-stable - if: ${{ matrix.goos=='windows' }} - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: containerd/containerd ref: v1.7.24 @@ -126,11 +124,11 @@ jobs: ARCH: "${{ matrix.arch }}" UBUNTU_VERSION: "${{ matrix.ubuntu }}" steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - name: "Expose GitHub Runtime variables for gha" - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - name: "Prepare integration test environment" run: | docker buildx create --name with-gha --use @@ -175,7 +173,7 @@ jobs: ARCH: "${{ matrix.arch }}" UBUNTU_VERSION: "${{ matrix.ubuntu }}" steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - name: Enable ipv4 and ipv6 forwarding @@ -183,7 +181,7 @@ jobs: sudo sysctl -w net.ipv6.conf.all.forwarding=1 sudo sysctl -w net.ipv4.ip_forward=1 - name: "Expose GitHub Runtime variables for gha" - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - name: Enable IPv6 for Docker, and configure docker to use containerd for gha run: | sudo mkdir -p /etc/docker @@ -271,7 +269,7 @@ jobs: } EOT sudo systemctl restart apparmor.service - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - name: "Register QEMU (tonistiigi/binfmt)" @@ -284,7 +282,7 @@ jobs: docker run --privileged --rm tonistiigi/binfmt --install linux/arm64 docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7 - name: "Expose GitHub Runtime variables for gha" - uses: crazy-max/ghaction-github-runtime@v3 + uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - name: "Prepare (network driver=slirp4netns, port driver=builtin)" run: | docker buildx create --name with-gha --use @@ -311,32 +309,28 @@ jobs: runs-on: ubuntu-24.04 strategy: matrix: - go-version: ["1.22.x", "1.23.x"] + go-version: ["old-stable", "latest-stable"] steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - - uses: actions/setup-go@v5 + - name: "Install go" + uses: ./.github/actions/install-go with: - go-version: ${{ matrix.go-version }} - cache: true - check-latest: true + strategy: ${{ matrix.go-version }} - name: "build" - run: GO_VERSION="$(echo ${{ matrix.go-version }} | sed -e s/.x//)" make binaries + run: make binaries test-integration-docker-compatibility: timeout-minutes: 30 name: docker runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GO_VERSION }} - cache: true - check-latest: true + - name: "Install go" + uses: ./.github/actions/install-go - name: "Register QEMU (tonistiigi/binfmt)" run: | # `--install all` will only install emulation for architectures that cannot be natively executed @@ -365,17 +359,14 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GO_VERSION }} - cache: true - check-latest: true + - name: "Install go" + uses: ./.github/actions/install-go - run: go install ./cmd/nerdctl - run: go install -v gotest.tools/gotestsum@v1 - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: containerd/containerd ref: v1.7.24 @@ -399,10 +390,10 @@ jobs: # ubuntu-24.04 lacks the vagrant package runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - - uses: actions/cache@v4 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: /root/.vagrant.d key: vagrant-${{ matrix.box }} diff --git a/Makefile b/Makefile index ae4e18c94f3..ca6388b52cb 100644 --- a/Makefile +++ b/Makefile @@ -67,13 +67,16 @@ clean: find . -name \#\* -delete rm -rf $(CURDIR)/_output/* $(MAKEFILE_DIR)/vendor -lint: lint-go lint-imports lint-yaml lint-shell +lint: lint-go-all lint-imports lint-yaml lint-shell -lint-go: +lint-go-all: cd $(MAKEFILE_DIR) && GOOS=linux golangci-lint run $(VERBOSE_FLAG_LONG) ./... && \ GOOS=windows golangci-lint run $(VERBOSE_FLAG_LONG) ./... && \ GOOS=freebsd golangci-lint run $(VERBOSE_FLAG_LONG) ./... +lint-go: + cd $(MAKEFILE_DIR) && golangci-lint run $(VERBOSE_FLAG_LONG) ./... + lint-imports: cd $(MAKEFILE_DIR) && ./hack/lint-imports.sh diff --git a/hack/build-integration-canary.sh b/hack/build-integration-canary.sh index 0396ada100e..093f88719ef 100755 --- a/hack/build-integration-canary.sh +++ b/hack/build-integration-canary.sh @@ -322,27 +322,3 @@ canary::golang::hublatest(){ printf "%s" "$available_version" } - -canary::golang::latest(){ - # Enable extended globbing features to use advanced pattern matching - shopt -s extglob - - # Get latest golang version and split it in components - norm=() - while read -r line; do - line_trimmed="${line//+([[:space:]])/}" - norm+=("$line_trimmed") - done < \ - <(sed -E 's/^go([0-9]+)[.]([0-9]+)([.]([0-9]+))?(([a-z]+)([0-9]+))?/\1.\2\n\4\n\6\n\7/i' \ - <(curl -fsSL "https://go.dev/dl/?mode=json&include=all" | jq -rc .[0].version) \ - ) - - # Serialize version, making sure we have a patch version, and separate possible rcX into .rc-X - [ "${norm[1]}" != "" ] || norm[1]="0" - norm[1]=".${norm[1]}" - [ "${norm[2]}" == "" ] || norm[2]="-${norm[2]}" - [ "${norm[3]}" == "" ] || norm[3]=".${norm[3]}" - # Save it - IFS= - echo "GO_VERSION=${norm[*]}" >> "$GITHUB_ENV" -}