Update ucacher with seccomp tracer #27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| - pull_request | |
| permissions: | |
| contents: read | |
| name: CI | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| go-version: [1.21.x, 1.22.x, 1.23.x] | |
| os: [ubuntu-latest] | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - run: wget -O /usr/bin/ucacher "https://earthly-ucacher.s3.us-west-2.amazonaws.com/ucacher?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjECwaCXVzLXdlc3QtMiJIMEYCIQDGDo0JeGXByXkEHmhl4ocsG33E5XlbG84GTvbulvYoqwIhAPFhKJyotQrCNNcs6Iaaw8Wk%2BowLaIPdHjUfRSMlOEVYKvECCJX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQAxoMNDA0ODUxMzQ1NTA4Igzppy%2Bmbzy3eqHl4y8qxQJxkdG0lcDsGM4LJmZHJfYAEfA1hN%2BNuagTVUeIpO4uyz000%2F6bVxv1I1K8MNT37ZNaPQ0rYXm8jCPkMLjzDZAjZERf%2BpRMdWVQddx2C%2B5bubnR941YDqlLKmpxVH3OY05krwc1FNZWMNjEep9Ty89qN64Scu9Tlvy%2FWPEBQ3iYmA23%2BR8itr5VbLHqfL2%2FnG5FoAbamOVebRuFouKeQseskOxMzhgcqZsbkGgrXig9m097sHRVmIFg6q%2FnHmvwQS7xzCHh0oiOVraZ2qRLQcYSivebrNWh45%2F6Nwmyq%2Bfux3OGhOzFrSjkZu8ozVi4TRbDQTkvPXkFmFCp%2FzC5C9JVf1TyMpkFQfNHzTCKZxL1pa2pCSX0r040mwX%2BYvWGz8jnlTyexRD%2BTk0zymQPSjOIbj8GnmqctVFOZrGpIVcox47pbzu3MN3Y2rgGOoYCMZNCZ%2BJoQx2QZ9bCnGKetoa2fjIQJdOqifokxH7vqbEf%2FGvY4bmsgGUApt60OI%2BpQ6xYFKr0YGYXsDxQ81qcHcIVTda0A46rzAVvkcddtKqpaPZ4MAY0Zs5DOGdNr88FzSDRUAl5%2FDxnHDvgzPp3EBCFD2lZjI2xQfWgJ01CVxHVQRiTT9OefY6J74XqArRpOD4ddYcoTkPDcRA4koEc9%2Fass1lJ6SQLWr3xHeFukMlGHhRsziwIvtxSxBLlqO%2Becsft1qgdlkoUqZBAaSkQDgKA9CRd28TmoId%2FR8Yx0xgWnmww2gnuW1CdMXdxrWmC63F8%2FE86e3v5UWKwD5j%2FE%2FUa6JVZeQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241021T195104Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAV4QYFJBSMW7SQDHT%2F20241021%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=a15bf0f019ac1957ccb2254fb010f0d70eb3547accf4bbb5485944145600d529" | |
| - run: chmod 755 /usr/bin/ucacher | |
| - run: LOG_LEVEL=debug ucacher go build ./... | |
| test: | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| with: | |
| go-version: 1.23 | |
| check-latest: true | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - run: wget -O /usr/bin/ucacher "https://earthly-ucacher.s3.us-west-2.amazonaws.com/ucacher?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjECwaCXVzLXdlc3QtMiJIMEYCIQDGDo0JeGXByXkEHmhl4ocsG33E5XlbG84GTvbulvYoqwIhAPFhKJyotQrCNNcs6Iaaw8Wk%2BowLaIPdHjUfRSMlOEVYKvECCJX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQAxoMNDA0ODUxMzQ1NTA4Igzppy%2Bmbzy3eqHl4y8qxQJxkdG0lcDsGM4LJmZHJfYAEfA1hN%2BNuagTVUeIpO4uyz000%2F6bVxv1I1K8MNT37ZNaPQ0rYXm8jCPkMLjzDZAjZERf%2BpRMdWVQddx2C%2B5bubnR941YDqlLKmpxVH3OY05krwc1FNZWMNjEep9Ty89qN64Scu9Tlvy%2FWPEBQ3iYmA23%2BR8itr5VbLHqfL2%2FnG5FoAbamOVebRuFouKeQseskOxMzhgcqZsbkGgrXig9m097sHRVmIFg6q%2FnHmvwQS7xzCHh0oiOVraZ2qRLQcYSivebrNWh45%2F6Nwmyq%2Bfux3OGhOzFrSjkZu8ozVi4TRbDQTkvPXkFmFCp%2FzC5C9JVf1TyMpkFQfNHzTCKZxL1pa2pCSX0r040mwX%2BYvWGz8jnlTyexRD%2BTk0zymQPSjOIbj8GnmqctVFOZrGpIVcox47pbzu3MN3Y2rgGOoYCMZNCZ%2BJoQx2QZ9bCnGKetoa2fjIQJdOqifokxH7vqbEf%2FGvY4bmsgGUApt60OI%2BpQ6xYFKr0YGYXsDxQ81qcHcIVTda0A46rzAVvkcddtKqpaPZ4MAY0Zs5DOGdNr88FzSDRUAl5%2FDxnHDvgzPp3EBCFD2lZjI2xQfWgJ01CVxHVQRiTT9OefY6J74XqArRpOD4ddYcoTkPDcRA4koEc9%2Fass1lJ6SQLWr3xHeFukMlGHhRsziwIvtxSxBLlqO%2Becsft1qgdlkoUqZBAaSkQDgKA9CRd28TmoId%2FR8Yx0xgWnmww2gnuW1CdMXdxrWmC63F8%2FE86e3v5UWKwD5j%2FE%2FUa6JVZeQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241021T195104Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAV4QYFJBSMW7SQDHT%2F20241021%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=a15bf0f019ac1957ccb2254fb010f0d70eb3547accf4bbb5485944145600d529" | |
| - run: chmod 755 /usr/bin/ucacher | |
| - run: ucacher go test ./... | |
| node_test: | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 | |
| with: | |
| node-version: 10 | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| with: | |
| go-version: 1.23 | |
| check-latest: true | |
| - run: wget -O /usr/bin/ucacher "https://earthly-ucacher.s3.us-west-2.amazonaws.com/ucacher?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjECwaCXVzLXdlc3QtMiJIMEYCIQDGDo0JeGXByXkEHmhl4ocsG33E5XlbG84GTvbulvYoqwIhAPFhKJyotQrCNNcs6Iaaw8Wk%2BowLaIPdHjUfRSMlOEVYKvECCJX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQAxoMNDA0ODUxMzQ1NTA4Igzppy%2Bmbzy3eqHl4y8qxQJxkdG0lcDsGM4LJmZHJfYAEfA1hN%2BNuagTVUeIpO4uyz000%2F6bVxv1I1K8MNT37ZNaPQ0rYXm8jCPkMLjzDZAjZERf%2BpRMdWVQddx2C%2B5bubnR941YDqlLKmpxVH3OY05krwc1FNZWMNjEep9Ty89qN64Scu9Tlvy%2FWPEBQ3iYmA23%2BR8itr5VbLHqfL2%2FnG5FoAbamOVebRuFouKeQseskOxMzhgcqZsbkGgrXig9m097sHRVmIFg6q%2FnHmvwQS7xzCHh0oiOVraZ2qRLQcYSivebrNWh45%2F6Nwmyq%2Bfux3OGhOzFrSjkZu8ozVi4TRbDQTkvPXkFmFCp%2FzC5C9JVf1TyMpkFQfNHzTCKZxL1pa2pCSX0r040mwX%2BYvWGz8jnlTyexRD%2BTk0zymQPSjOIbj8GnmqctVFOZrGpIVcox47pbzu3MN3Y2rgGOoYCMZNCZ%2BJoQx2QZ9bCnGKetoa2fjIQJdOqifokxH7vqbEf%2FGvY4bmsgGUApt60OI%2BpQ6xYFKr0YGYXsDxQ81qcHcIVTda0A46rzAVvkcddtKqpaPZ4MAY0Zs5DOGdNr88FzSDRUAl5%2FDxnHDvgzPp3EBCFD2lZjI2xQfWgJ01CVxHVQRiTT9OefY6J74XqArRpOD4ddYcoTkPDcRA4koEc9%2Fass1lJ6SQLWr3xHeFukMlGHhRsziwIvtxSxBLlqO%2Becsft1qgdlkoUqZBAaSkQDgKA9CRd28TmoId%2FR8Yx0xgWnmww2gnuW1CdMXdxrWmC63F8%2FE86e3v5UWKwD5j%2FE%2FUa6JVZeQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241021T195104Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAV4QYFJBSMW7SQDHT%2F20241021%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=a15bf0f019ac1957ccb2254fb010f0d70eb3547accf4bbb5485944145600d529" | |
| - run: chmod 755 /usr/bin/ucacher | |
| - run: > | |
| cd examples/internal/browser && | |
| ucacher npm install gulp-cli && | |
| ucacher npm install && | |
| ls -l ./node_modules/bin && | |
| ucacher ./node_modules/.bin/gulp | |
| ### Note: This job runs in a container - ucacher is not supported yet in nested containers. | |
| generate: | |
| container: | |
| image: docker.pkg.github.com/grpc-ecosystem/grpc-gateway/build-env:1.22 | |
| options: "--user root" | |
| credentials: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| # Required with newer versions of Git | |
| # https://github.com/actions/checkout/issues/766 | |
| - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| - run: make install | |
| - run: make clean | |
| - run: make generate | |
| - run: go mod tidy | |
| - run: git diff --exit-code | |
| ### This job is not working on our self-hosted Github runner | |
| # bazel: | |
| # container: | |
| # image: docker.pkg.github.com/grpc-ecosystem/grpc-gateway/build-env:1.22 | |
| # options: "--user root" | |
| # credentials: | |
| # username: ${{ github.actor }} | |
| # password: ${{ secrets.GITHUB_TOKEN }} | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| # - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
| # with: | |
| # path: /home/vscode/.cache/_grpc_gateway_bazel | |
| # key: v1-bazel-cache-${{ hashFiles('repositories.bzl') }} | |
| # restore-keys: v1-bazel-cache- | |
| # # Required with newer versions of Git | |
| # # https://github.com/actions/checkout/issues/766 | |
| # - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| # - name: Configure bazel | |
| # run: | |
| # | # put .bazelrc in $HOME so that it's read before project's .bazelrc | |
| # cat > /home/vscode/.bazelrc << EOF | |
| # startup --output_base=/home/vscode/.cache/_grpc_gateway_bazel | |
| # build --@io_bazel_rules_go//go/config:race | |
| # # Workaround https://github.com/bazelbuild/bazel/issues/3645 | |
| # # See https://docs.bazel.build/versions/0.23.0/command-line-reference.html | |
| # build --local_ram_resources=7168 # Github runners have 7G of memory | |
| # build --local_cpu_resources=2 # Github runners have 2 vCPU | |
| # EOF | |
| # - name: Check that Bazel BUILD files are up-to-date | |
| # run: bazel run //:gazelle && git diff --exit-code | |
| # - name: Check that repositories.bzl is up-to-date | |
| # run: | | |
| # bazel run //:gazelle -- update-repos -from_file=go.mod -to_macro=repositories.bzl%go_repositories && | |
| # git diff --exit-code | |
| # - name: Check formatting of Bazel BUILD files | |
| # run: bazel run //:buildifier && git diff --exit-code | |
| # - name: Run tests with Bazel | |
| # run: bazel test //... | |
| gorelease: | |
| runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| with: | |
| go-version: 1.22 | |
| check-latest: true | |
| - run: wget -O /usr/bin/ucacher "https://earthly-ucacher.s3.us-west-2.amazonaws.com/ucacher?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjECwaCXVzLXdlc3QtMiJIMEYCIQDGDo0JeGXByXkEHmhl4ocsG33E5XlbG84GTvbulvYoqwIhAPFhKJyotQrCNNcs6Iaaw8Wk%2BowLaIPdHjUfRSMlOEVYKvECCJX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQAxoMNDA0ODUxMzQ1NTA4Igzppy%2Bmbzy3eqHl4y8qxQJxkdG0lcDsGM4LJmZHJfYAEfA1hN%2BNuagTVUeIpO4uyz000%2F6bVxv1I1K8MNT37ZNaPQ0rYXm8jCPkMLjzDZAjZERf%2BpRMdWVQddx2C%2B5bubnR941YDqlLKmpxVH3OY05krwc1FNZWMNjEep9Ty89qN64Scu9Tlvy%2FWPEBQ3iYmA23%2BR8itr5VbLHqfL2%2FnG5FoAbamOVebRuFouKeQseskOxMzhgcqZsbkGgrXig9m097sHRVmIFg6q%2FnHmvwQS7xzCHh0oiOVraZ2qRLQcYSivebrNWh45%2F6Nwmyq%2Bfux3OGhOzFrSjkZu8ozVi4TRbDQTkvPXkFmFCp%2FzC5C9JVf1TyMpkFQfNHzTCKZxL1pa2pCSX0r040mwX%2BYvWGz8jnlTyexRD%2BTk0zymQPSjOIbj8GnmqctVFOZrGpIVcox47pbzu3MN3Y2rgGOoYCMZNCZ%2BJoQx2QZ9bCnGKetoa2fjIQJdOqifokxH7vqbEf%2FGvY4bmsgGUApt60OI%2BpQ6xYFKr0YGYXsDxQ81qcHcIVTda0A46rzAVvkcddtKqpaPZ4MAY0Zs5DOGdNr88FzSDRUAl5%2FDxnHDvgzPp3EBCFD2lZjI2xQfWgJ01CVxHVQRiTT9OefY6J74XqArRpOD4ddYcoTkPDcRA4koEc9%2Fass1lJ6SQLWr3xHeFukMlGHhRsziwIvtxSxBLlqO%2Becsft1qgdlkoUqZBAaSkQDgKA9CRd28TmoId%2FR8Yx0xgWnmww2gnuW1CdMXdxrWmC63F8%2FE86e3v5UWKwD5j%2FE%2FUa6JVZeQ%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20241021T195104Z&X-Amz-SignedHeaders=host&X-Amz-Expires=43200&X-Amz-Credential=ASIAV4QYFJBSMW7SQDHT%2F20241021%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=a15bf0f019ac1957ccb2254fb010f0d70eb3547accf4bbb5485944145600d529" | |
| - run: chmod 755 /usr/bin/ucacher | |
| - run: ucacher go run golang.org/x/exp/cmd/gorelease@latest -base=v2.22.0 | |
| ### This job is not working, the git command seg faults | |
| # proto_lint: | |
| # runs-on: [earthly-satellite#grpc-gateway,earthly-cache-folder#/tmp/ucacher] | |
| # steps: | |
| # - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| # - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| # with: | |
| # go-version: 1.23 | |
| # check-latest: true | |
| # - run: ucacher make install | |
| # - run: PATH=$PATH:~/go/bin ucacher buf build | |
| # - run: PATH=$PATH:~/go/bin ucacher buf lint | |
| # - run: PATH=$PATH:~/go/bin buf format -w && git diff --exit-code | |
| # - run: PATH=$PATH:~/go/bin buf breaking --path protoc-gen-openapiv2/ --against 'https://github.com/grpc-ecosystem/grpc-gateway.git#branch=main' | |
| ### This job is not working on our self-hosted Github runner | |
| # lint: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| # - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 | |
| # with: | |
| # go-version: 1.22 | |
| # check-latest: true | |
| # - uses: dominikh/staticcheck-action@fe1dd0c3658873b46f8c9bb3291096a617310ca6 # v1.3.1 | |
| # with: | |
| # install-go: false | |
| ### This job is not working on our self-hosted Github runner | |
| # fuzz: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Build Fuzzers | |
| # id: build | |
| # uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master | |
| # with: | |
| # oss-fuzz-project-name: "grpc-gateway" | |
| # dry-run: false | |
| # language: go | |
| # - name: Run Fuzzers | |
| # uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master | |
| # with: | |
| # oss-fuzz-project-name: "grpc-gateway" | |
| # fuzz-seconds: 600 | |
| # dry-run: false | |
| # language: go | |
| # - name: Upload Crash | |
| # uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 | |
| # if: failure() && steps.build.outcome == 'success' | |
| # with: | |
| # name: artifacts | |
| # path: ./out/artifacts |