From 86cc3b43e2b1fac76dafad9a13f805eda967e457 Mon Sep 17 00:00:00 2001 From: Carlos Eduardo Arango Gutierrez Date: Sun, 16 Feb 2025 17:51:13 +0100 Subject: [PATCH] [no-relnotes] Use reusable workflows for CI This commit introduces the following changes to the CI structure. A more agressive split of the CI steps to reusable workflows. We now have the following high-level workflows: - A set of basic checks that are run on PR and can be invoked from a workflow - A full ci pipeline that is run on push to main and release-* branches (as well as PR copy bot branches) - A standalone definition for CodeQL Signed-off-by: Carlos Eduardo Arango Gutierrez --- .github/workflows/basic-checks.yaml | 49 +++++++++++++++++++++ .github/workflows/ci.yaml | 34 ++++++++++++++ .github/workflows/code_scanning.yaml | 53 ++++++++++++++++++++++ .github/workflows/golang.yaml | 66 +++++++++++----------------- .github/workflows/image.yaml | 34 +++++--------- .github/workflows/variables.yaml | 44 +++++++++++++++++++ deployments/devel/Dockerfile | 1 - 7 files changed, 216 insertions(+), 65 deletions(-) create mode 100644 .github/workflows/basic-checks.yaml create mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/code_scanning.yaml create mode 100644 .github/workflows/variables.yaml diff --git a/.github/workflows/basic-checks.yaml b/.github/workflows/basic-checks.yaml new file mode 100644 index 000000000..2d529d4b0 --- /dev/null +++ b/.github/workflows/basic-checks.yaml @@ -0,0 +1,49 @@ +# Copyright 2025 NVIDIA CORPORATION +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +name: "basic checks" + +on: + workflow_call: + outputs: + version: + description: "The short SHA to use as a version string" + value: ${{ jobs.variables.outputs.version }} + golang_version: + description: "The golang version for this project" + value: ${{ jobs.variables.outputs.golang_version }} + pull_request: + types: + - opened + - synchronize + branches: + - main + - release-* + +jobs: + variables: + uses: ./.github/workflows/variables.yaml + + golang: + needs: + - variables + uses: ./.github/workflows/golang.yaml + with: + golang_version: ${{ needs.variables.outputs.golang_version }} + + code-scanning: + needs: + - variables + uses: ./.github/workflows/code_scanning.yaml + with: + golang_version: ${{ needs.variables.outputs.golang_version }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 000000000..56f33e2a8 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,34 @@ +# Copyright 2025 NVIDIA CORPORATION +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +name: CI Pipeline + +on: + push: + branches: + - "pull-request/[0-9]+" + - main + - release-* + +jobs: + basic: + uses: ./.github/workflows/basic-checks.yaml + + image: + uses: ./.github/workflows/image.yaml + needs: + - basic + secrets: inherit + with: + version: ${{ needs.basic.outputs.version }} + build_multi_arch_images: ${{ github.ref_name == 'main' || startsWith(github.ref_name, 'release-') }} diff --git a/.github/workflows/code_scanning.yaml b/.github/workflows/code_scanning.yaml new file mode 100644 index 000000000..c02930f8a --- /dev/null +++ b/.github/workflows/code_scanning.yaml @@ -0,0 +1,53 @@ +# Copyright 2025 NVIDIA CORPORATION +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +name: "CodeQL" + +on: + workflow_call: + inputs: + golang_version: + required: true + type: string + +jobs: + analyze: + name: Analyze Go code with CodeQL + runs-on: ubuntu-latest + timeout-minutes: 360 + permissions: + security-events: write + packages: read + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ inputs.golang_version }} + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: go + build-mode: manual + + - shell: bash + run: | + make build + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:go" diff --git a/.github/workflows/golang.yaml b/.github/workflows/golang.yaml index 90e7f79d0..882f119cd 100644 --- a/.github/workflows/golang.yaml +++ b/.github/workflows/golang.yaml @@ -15,17 +15,11 @@ name: Golang on: - pull_request: - types: - - opened - - synchronize - branches: - - main - - release-* - push: - branches: - - main - - release-* + workflow_call: + inputs: + golang_version: + required: true + type: string jobs: check: @@ -33,54 +27,44 @@ jobs: steps: - uses: actions/checkout@v4 name: Checkout code - - name: Get Golang version - id: vars - run: | - GOLANG_VERSION=$(./hack/golang-version.sh) - echo "GOLANG_VERSION=${GOLANG_VERSION##GOLANG_VERSION := }" >> $GITHUB_ENV + - name: Install Go uses: actions/setup-go@v5 with: - go-version: ${{ env.GOLANG_VERSION }} + go-version: ${{ inputs.golang_versions }} + - name: Lint uses: golangci/golangci-lint-action@v6 with: version: latest args: -v --timeout 5m skip-cache: true + - name: Check golang modules run: | make check-modules make -C deployments/devel check-modules + test: name: Unit test runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Get Golang version - id: vars - run: | - GOLANG_VERSION=$(./hack/golang-version.sh) - echo "GOLANG_VERSION=${GOLANG_VERSION##GOLANG_VERSION ?= }" >> $GITHUB_ENV - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOLANG_VERSION }} - - run: make test + - name: Checkout code + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ inputs.golang_version }} + - run: make test + build: name: Build runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Get Golang version - id: vars - run: | - GOLANG_VERSION=$(./hack/golang-version.sh) - echo "GOLANG_VERSION=${GOLANG_VERSION##GOLANG_VERSION ?= }" >> $GITHUB_ENV - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GOLANG_VERSION }} - - run: make build + - name: Checkout code + uses: actions/checkout@v4 + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ inputs.golang_version }} + - run: make build diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index e0afe8965..4fdf251aa 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -16,11 +16,11 @@ name: Image on: - push: - branches: - - "pull-request/[0-9]+" - - main - - release-* + workflow_call: + inputs: + version: + required: true + type: string jobs: build: @@ -28,24 +28,10 @@ jobs: steps: - uses: actions/checkout@v4 name: Check out code - - name: Calculate build vars - id: vars - run: | - echo "COMMIT_SHORT_SHA=${GITHUB_SHA:0:8}" >> $GITHUB_ENV - echo "LOWERCASE_REPO_OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | awk '{print tolower($0)}')" >> $GITHUB_ENV - - GENERATE_ARTIFACTS="false" - if [[ "${{ github.actor }}" == "dependabot[bot]" ]]; then - GENERATE_ARTIFACTS="false" - elif [[ "${{ github.event_name }}" == "pull_request" && "${{ github.event.pull_request.head.repo.full_name }}" == "${{ github.repository }}" ]]; then - GENERATE_ARTIFACTS="true" - elif [[ "${{ github.event_name }}" == "push" ]]; then - GENERATE_ARTIFACTS="true" - fi - echo "PUSH_ON_BUILD=${GENERATE_ARTIFACTS}" >> $GITHUB_ENV - echo "BUILD_MULTI_ARCH_IMAGES=${GENERATE_ARTIFACTS}" >> $GITHUB_ENV - name: Set up QEMU uses: docker/setup-qemu-action@v3 + with: + image: tonistiigi/binfmt:qemu-v7.0.0-28 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry @@ -56,8 +42,10 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build image env: - IMAGE_NAME: ghcr.io/${LOWERCASE_REPO_OWNER}/k8s-dra-driver-gpu - VERSION: ${COMMIT_SHORT_SHA} + IMAGE_NAME: ghcr.io/nvidia/k8s-dra-driver-gpu + VERSION: ${{ inputs.version }} + PUSH_ON_BUILD: true + BUILD_MULTI_ARCH_IMAGES: "true" run: | echo "${VERSION}" make -f deployments/container/Makefile build diff --git a/.github/workflows/variables.yaml b/.github/workflows/variables.yaml new file mode 100644 index 000000000..270e6c898 --- /dev/null +++ b/.github/workflows/variables.yaml @@ -0,0 +1,44 @@ +# Copyright (c) 2025, NVIDIA CORPORATION. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +on: + workflow_call: + outputs: + version: + description: "The short SHA to use as a version string" + value: ${{ jobs.variables.outputs.version }} + golang_version: + description: "The golang version for this project" + value: ${{ jobs.variables.outputs.golang_version }} + +jobs: + variables: + runs-on: ubuntu-latest + outputs: + version: ${{ steps.version.outputs.version }} + golang_version: ${{ steps.golang_version.outputs.golang_version }} + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Generate Commit Short SHA + id: version + run: echo "version=$(echo $GITHUB_SHA | cut -c1-8)" >> "$GITHUB_OUTPUT" + + - name: Get Golang Version + id: golang_version + run: | + GOLANG_VERSION=$(./hack/golang-version.sh) + echo "Detected $GOLANG_VERSION" + echo "golang_version=${GOLANG_VERSION}" >> $GITHUB_OUTPUT diff --git a/deployments/devel/Dockerfile b/deployments/devel/Dockerfile index 2e255541d..a06799143 100644 --- a/deployments/devel/Dockerfile +++ b/deployments/devel/Dockerfile @@ -24,4 +24,3 @@ RUN make install-tools # We need to set the /work directory as a safe directory. # This allows git commands to run in the container. RUN git config --file=/.gitconfig --add safe.directory /work -