name: ci concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true on: push: branches: - 'main' tags: - 'v*' pull_request: workflow_dispatch: inputs: debug_enabled: description: 'To run with tmate enter "debug_enabled"' required: false default: "false" permissions: contents: read # to fetch code (actions/checkout) jobs: validate: runs-on: ubuntu-latest strategy: fail-fast: false matrix: target: - lint - validate-go-mod - validate-headers - validate-docs steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Run run: | make ${{ matrix.target }} binary: uses: docker/github-builder/.github/workflows/bake.yml@70313223e2665c3211b454b3fea6534624e78d64 # v1.4.0 permissions: contents: read # same as global permission id-token: write # for signing attestation(s) with GitHub OIDC Token with: runner: amd64 artifact-name: compose artifact-upload: true cache: true cache-scope: binary target: release output: local sbom: true sign: ${{ github.event_name != 'pull_request' }} binary-finalize: runs-on: ubuntu-latest needs: - binary steps: - name: Download artifacts uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: path: /tmp/compose-output name: ${{ needs.binary.outputs.artifact-name }} - name: Rename provenance and sbom run: | for pdir in /tmp/compose-output/*/; do ( cd "$pdir" binname=$(find . -name 'docker-compose-*') filename=$(basename "${binname%.exe}") mv "provenance.json" "${filename}.provenance.json" mv "sbom-binary.spdx.json" "${filename}.sbom.json" find . -name 'sbom*.json' -exec rm {} \; if [ -f "provenance.sigstore.json" ]; then mv "provenance.sigstore.json" "${filename}.sigstore.json" fi ) done mkdir -p "./bin/release" mv /tmp/compose-output/**/* "./bin/release/" - name: Create checksum file working-directory: ./bin/release run: | find . -type f -print0 | sort -z | xargs -r0 shasum -a 256 -b | sed 's# \*\./# *#' > $RUNNER_TEMP/checksums.txt shasum -a 256 -U -c $RUNNER_TEMP/checksums.txt mv $RUNNER_TEMP/checksums.txt . cat checksums.txt | while read sum file; do if [[ "${file#\*}" == docker-compose-* && "${file#\*}" != *.provenance.json && "${file#\*}" != *.sbom.json && "${file#\*}" != *.sigstore.json ]]; then echo "$sum $file" > ${file#\*}.sha256 fi done - name: Upload artifacts uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: release path: ./bin/release/* if-no-files-found: error bin-image-test: if: github.event_name == 'pull_request' uses: docker/github-builder/.github/workflows/bake.yml@70313223e2665c3211b454b3fea6534624e78d64 # v1.4.0 with: runner: amd64 target: image-cross cache: true cache-scope: bin-image-test output: image push: false sbom: true set-meta-labels: true meta-images: | compose-bin meta-tags: | type=ref,event=pr meta-bake-target: meta-helper test: runs-on: ubuntu-latest steps: - name: Set up Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Test uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 with: targets: test set: | *.cache-from=type=gha,scope=test *.cache-to=type=gha,scope=test - name: Gather coverage data uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: coverage-data-unit path: bin/coverage/unit/ if-no-files-found: error - name: Unit Test Summary uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2.4 with: paths: bin/coverage/unit/report.xml if: always() e2e: runs-on: ubuntu-latest name: e2e (${{ matrix.mode }}, ${{ matrix.channel }}) strategy: fail-fast: false matrix: include: # current stable - mode: plugin engine: 29 channel: stable - mode: standalone engine: 29 channel: stable # old stable (latest major - 1) - mode: plugin engine: 28 channel: oldstable - mode: standalone engine: 28 channel: oldstable steps: - name: Prepare run: | mode=${{ matrix.mode }} engine=${{ matrix.engine }} echo "MODE_ENGINE_PAIR=${mode}-${engine}" >> $GITHUB_ENV - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install Docker ${{ matrix.engine }} run: | sudo systemctl stop docker.service sudo apt-get purge docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin sudo apt-get install curl curl -fsSL https://test.docker.com -o get-docker.sh sudo sh ./get-docker.sh --version ${{ matrix.engine }} - name: Check Docker Version run: docker --version - name: Set up Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Set up Docker Model run: | sudo apt-get install docker-model-plugin docker model version - name: Set up Go uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 with: go-version-file: '.go-version' check-latest: true cache: true - name: Build example provider run: make example-provider - name: Build uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 with: source: . targets: binary-with-coverage set: | *.cache-from=type=gha,scope=binary-linux-amd64 *.cache-from=type=gha,scope=binary-e2e-${{ matrix.mode }} *.cache-to=type=gha,scope=binary-e2e-${{ matrix.mode }},mode=max env: BUILD_TAGS: e2e - name: Setup tmate session if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled }} uses: mxschmitt/action-tmate@c0afd6f790e3a5564914980036ebf83216678101 # v3.23 with: limit-access-to-actor: true github-token: ${{ secrets.GITHUB_TOKEN }} - name: Test plugin mode if: ${{ matrix.mode == 'plugin' }} run: | rm -rf ./bin/coverage/e2e mkdir -p ./bin/coverage/e2e make e2e-compose GOCOVERDIR=bin/coverage/e2e TEST_FLAGS="-v" - name: Gather coverage data if: ${{ matrix.mode == 'plugin' }} uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: coverage-data-e2e-${{ env.MODE_ENGINE_PAIR }} path: bin/coverage/e2e/ if-no-files-found: error - name: Test standalone mode if: ${{ matrix.mode == 'standalone' }} run: | rm -f /usr/local/bin/docker-compose cp bin/build/docker-compose /usr/local/bin make e2e-compose-standalone - name: e2e Test Summary uses: test-summary/action@31493c76ec9e7aa675f1585d3ed6f1da69269a86 # v2.4 with: paths: /tmp/report/report.xml if: always() coverage: runs-on: ubuntu-latest needs: - test - e2e steps: # codecov won't process the report without the source code available - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up Go uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 with: go-version-file: '.go-version' check-latest: true - name: Download unit test coverage uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: coverage-data-unit path: coverage/unit merge-multiple: true - name: Download E2E test coverage uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: pattern: coverage-data-e2e-* path: coverage/e2e merge-multiple: true - name: Merge coverage reports run: | go tool covdata textfmt -i=./coverage/unit,./coverage/e2e -o ./coverage.txt - name: Store coverage report in GitHub Actions uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: go-covdata-txt path: ./coverage.txt if-no-files-found: error - name: Upload coverage to Codecov uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3 with: files: ./coverage.txt release: permissions: contents: write # to create a release (ncipollo/release-action) runs-on: ubuntu-latest needs: - binary-finalize steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Download artifacts uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: path: ./bin/release name: release - name: List artifacts run: | tree -nh ./bin/release - name: Check artifacts run: | find bin/release -type f -exec file -e ascii -- {} + - name: GitHub Release if: startsWith(github.ref, 'refs/tags/v') uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd # v1.21.0 with: artifacts: ./bin/release/* generateReleaseNotes: true draft: true token: ${{ secrets.GITHUB_TOKEN }}