oci: dir: ensure ownership of new files matches image dir ownership #1868
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: Apache-2.0 | |
| # umoci: Umoci Modifies Open Containers' Images | |
| # Copyright (C) 2016-2025 SUSE LLC | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| name: ci | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| release: | |
| types: [ published ] | |
| schedule: | |
| - cron: '0 0 * * *' | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| - run: make release | |
| - name: upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: release-${{ github.run_id }} | |
| path: release/* | |
| validate: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: '^1' | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@v8 | |
| with: | |
| version: v2.1 | |
| - run: | | |
| make local-validate | |
| # TODO: Run the integration tests and rest of the CI, so we don't need to | |
| # special-case MacOS here. | |
| macos: | |
| runs-on: macos-latest | |
| env: | |
| COVERAGE: umoci.coverage | |
| GOCOVERDIR: umoci.coverdir | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: '^1' | |
| - name: install dependencies | |
| run: | | |
| brew ls --versions parallel && brew unlink parallel # clashes with moreutils | |
| brew install coreutils moreutils | |
| - run: make local-validate-build | |
| - run: make local-test-unit | |
| - run: go tool covdata textfmt -i "$GOCOVERDIR" -o "$COVERAGE" | |
| - name: codecov | |
| uses: codecov/codecov-action@v5 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| with: | |
| files: ${{ env.COVERAGE }} | |
| flags: unit,macos | |
| - name: upload coverage | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-${{ runner.os }}-${{ github.job }}-${{ strategy.job-index }} | |
| path: ${{ env.GOCOVERDIR }} | |
| linux-ci-image: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: get current date | |
| id: date | |
| run: | | |
| echo "date-weekfmt=$(date '+%Yw%W')" >>"$GITHUB_OUTPUT" | |
| echo "date-dayfmt=$(date '+%Y%m%d')" >>"$GITHUB_OUTPUT" | |
| - name: fetch cached ci image | |
| id: fetch-ci-image | |
| uses: actions/cache@v4 | |
| with: | |
| path: ${{ github.workspace }}/.cache/ci-image.tar.zst | |
| key: ${{ github.workflow }}-image-${{ steps.date.outputs.date-weekfmt }}-${{ hashFiles('Dockerfile') }}-${{ github.sha }}-${{ steps.date.outputs.date-dayfmt }}-${{ github.run_id }} | |
| restore-keys: | | |
| ${{ github.workflow }}-image-${{ steps.date.outputs.date-weekfmt }}-${{ hashFiles('Dockerfile') }}-${{ github.sha }}-${{ steps.date.outputs.date-dayfmt }}- | |
| ${{ github.workflow }}-image-${{ steps.date.outputs.date-weekfmt }}-${{ hashFiles('Dockerfile') }}-${{ github.sha }}- | |
| ${{ github.workflow }}-image-${{ steps.date.outputs.date-weekfmt }}-${{ hashFiles('Dockerfile') }}- | |
| ${{ github.workflow }}-image-${{ steps.date.outputs.date-weekfmt }}- | |
| - name: build updated ci image | |
| run: make ci-cache | |
| - name: upload ci image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ci-image.tar.zst | |
| path: ${{ github.workspace }}/.cache/ci-image.tar.zst | |
| unit: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - linux-ci-image | |
| env: | |
| COVERAGE: umoci.coverage | |
| GOCOVERDIR: umoci.coverdir | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: download ci image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ci-image.tar.zst | |
| path: ${{ github.workspace }}/.cache/ | |
| - run: make test-unit | |
| - run: go tool covdata textfmt -i "$GOCOVERDIR" -o "$COVERAGE" | |
| - name: codecov | |
| uses: codecov/codecov-action@v5 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| with: | |
| files: ${{ env.COVERAGE }} | |
| flags: unit,linux | |
| - name: upload coverage | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-${{ runner.os }}-${{ github.job }}-${{ strategy.job-index }} | |
| path: ${{ env.GOCOVERDIR }} | |
| integration: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - linux-ci-image | |
| strategy: | |
| matrix: | |
| image: | |
| - opensuse/leap:latest | |
| - almalinux:latest | |
| - debian:latest | |
| - ubuntu:latest | |
| - fedora:latest | |
| env: | |
| TEST_DOCKER_IMAGE: ${{ matrix.image }} | |
| COVERAGE: umoci.coverage | |
| GOCOVERDIR: umoci.coverdir | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: download ci image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ci-image.tar.zst | |
| path: ${{ github.workspace }}/.cache/ | |
| - run: make TEST_DOCKER_IMAGE=$TEST_DOCKER_IMAGE test-integration | |
| - run: go tool covdata textfmt -i "$GOCOVERDIR" -o "$COVERAGE" | |
| - name: codecov | |
| uses: codecov/codecov-action@v5 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| with: | |
| files: ${{ env.COVERAGE }} | |
| flags: integration,linux | |
| - name: upload coverage | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage-${{ runner.os }}-${{ github.job }}-${{ strategy.job-index }} | |
| path: ${{ env.GOCOVERDIR }} | |
| coverage: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - macos | |
| - unit | |
| - integration | |
| env: | |
| GOCOVERDIR: umoci.coverage | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: download all coverage | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: coverage | |
| - name: compute coverage | |
| run: | | |
| ./hack/ci-coverage.sh --merge="$GOCOVERDIR" --func coverage/*/ | |
| - name: upload final coverage | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage | |
| path: ${{ env.GOCOVERDIR }} |