Bump docker/setup-qemu-action from 3 to 4 #1114
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| types: [ opened, synchronize, reopened ] | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| security-events: write # Required for uploading SARIF files | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: '1.25' | |
| cache: true | |
| - name: Run fmt check | |
| run: | | |
| make fmt | |
| git diff --exit-code || (echo "Please run 'make fmt' to format code" && exit 1) | |
| - name: Run vet | |
| run: make vet | |
| - name: Run tidy | |
| run: make tidy | |
| # - name: Run golangci-lint | |
| # run: make ci-lint | |
| # TODO: Re-enable linting once fixed | |
| - name: Run Helm lint | |
| run: make helm-lint | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| test-suite: [unit] # TODO: Add 'integration' back once fixed | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: '1.25' | |
| cache: true | |
| - name: Setup Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt, clippy | |
| - name: Cache Rust dependencies | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| pkg/xet/target | |
| key: ${{ runner.os }}-rust-${{ hashFiles('pkg/xet/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-rust- | |
| - name: Run unit tests | |
| if: matrix.test-suite == 'unit' | |
| run: | | |
| make test | |
| make coverage | |
| - name: Run integration tests | |
| if: matrix.test-suite == 'integration' | |
| run: make integration-test | |
| - name: Upload coverage reports | |
| if: matrix.test-suite == 'unit' | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: coverage-reports | |
| path: | | |
| coverage-cmd.out | |
| coverage-pkg.out | |
| coverage-internal.out | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| component: [ome-manager, model-agent, multinode-prober, ome-agent] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: '1.25' | |
| cache: true | |
| - name: Setup Rust | |
| if: matrix.component == 'ome-agent' | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt, clippy | |
| - name: Cache Rust dependencies | |
| if: matrix.component == 'ome-agent' | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| pkg/xet/target | |
| key: ${{ runner.os }}-rust-${{ hashFiles('pkg/xet/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-rust- | |
| - name: Build ${{ matrix.component }} | |
| run: make ${{ matrix.component }} | |
| - name: Upload binary artifacts | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: ${{ matrix.component }}-binary | |
| path: bin/${{ matrix.component }} | |
| docker-build: | |
| name: Docker Build | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| image: [ome-image, model-agent-image, multinode-prober-image, ome-agent-image] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: '1.25' | |
| cache: true | |
| - name: Setup Rust | |
| if: matrix.image == 'ome-agent-image' | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt, clippy | |
| - name: Cache Rust dependencies | |
| if: matrix.image == 'ome-agent-image' | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| pkg/xet/target | |
| key: ${{ runner.os }}-rust-${{ hashFiles('pkg/xet/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-rust- | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build ${{ matrix.image }} | |
| run: | | |
| make ${{ matrix.image }} | |
| env: | |
| TAG: pr-${{ github.event.pull_request.number }} | |
| security-scan: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| - name: Upload Trivy scan results | |
| uses: github/codeql-action/upload-sarif@v4 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| license-check: | |
| name: License Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: '1.25' | |
| cache: true | |
| - name: Check licenses | |
| run: | | |
| go install github.com/google/go-licenses@latest | |
| go-licenses check ./... --disallowed_types=forbidden,restricted | |
| all-checks-passed: | |
| name: All CI Checks Passed | |
| needs: [lint, test, build, docker-build, security-scan, license-check] | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - name: Check all job statuses | |
| run: | | |
| if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" ]]; then | |
| echo "One or more CI checks failed" | |
| exit 1 | |
| else | |
| echo "All CI checks passed successfully" | |
| fi |