Skip to content

build(deps): bump github.com/openfga/openfga from 1.6.1 to 1.6.2 (#14… #12221

build(deps): bump github.com/openfga/openfga from 1.6.1 to 1.6.2 (#14…

build(deps): bump github.com/openfga/openfga from 1.6.1 to 1.6.2 (#14… #12221

Workflow file for this run

name: Tests
on:
push:
branches:
- main
- stable-*
pull_request:
workflow_dispatch:
schedule:
- cron: '0 0 * * *' # Test TICS daily
env:
LXD_REQUIRED_TESTS: "storage_buckets"
LXD_SKIP_TESTS: "clustering_upgrade clustering_upgrade_large"
GOCOVERDIR: ${{ ( github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' ) && '/home/runner/work/lxd/lxd/coverage' || '' }}
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
cancel-in-progress: true
defaults:
run:
# Make sure bash is always invoked with `-eo pipefail`
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell
shell: bash
jobs:
code-tests:
env:
CGO_CFLAGS: "-I/home/runner/go/bin/dqlite/include/"
CGO_LDFLAGS: "-L/home/runner/go/bin/dqlite/libs/"
LD_LIBRARY_PATH: "/home/runner/go/bin/dqlite/libs/"
LD_RUN_PATH: "/home/runner/go/bin/dqlite/libs/"
CGO_LDFLAGS_ALLOW: "(-Wl,-wrap,pthread_create)|(-Wl,-z,now)"
name: Code
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
# A non-shallow clone is needed for the Differential ShellCheck
fetch-depth: 0
- name: Tune disk performance
uses: ./.github/actions/tune-disk-performance
- name: Dependency Review
uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
if: github.event_name == 'pull_request'
# XXX: `make static-analysis` also run shellcheck but this one provides
# useful feedback in the PR through github-code-scanning bot
- id: ShellCheck
name: Differential ShellCheck
uses: redhat-plumbers-in-action/differential-shellcheck@cc6721c45a8800cc666de45493545a07a638d121 # v5.4.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
strict-check-on-push: true
if: github.event_name == 'pull_request'
- name: Upload artifact with ShellCheck defects in SARIF format
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: Differential ShellCheck SARIF
path: ${{ steps.ShellCheck.outputs.sarif }}
if: github.event_name == 'pull_request'
- name: Install Go (1.22)
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: 1.22.x
- name: Install build dependencies
uses: ./.github/actions/install-lxd-builddeps
- name: Download minio/mc
run: |
# Download minio ready to include in dependencies for system tests.
mkdir -p "$(go env GOPATH)/bin"
curl -sSfL https://dl.min.io/server/minio/release/linux-amd64/minio --output "$(go env GOPATH)/bin/minio"
chmod +x "$(go env GOPATH)/bin/minio"
# Also grab the latest minio client to maintain compatibility with the server.
curl -sSfL https://dl.min.io/client/mc/release/linux-amd64/mc --output "$(go env GOPATH)/bin/mc"
chmod +x "$(go env GOPATH)/bin/mc"
- name: Download go dependencies
run: |
set -eux
go mod download
- name: Check compatibility with min Go version
run: |
set -eux
GOMIN="$(sed -n 's/^GOMIN=\([0-9.]\+\)$/\1/p' Makefile)"
sudo chmod o+w {go.mod,go.sum}
go mod tidy -go="${GOMIN}"
DOC_GOMIN="$(sed -n 's/^LXD requires Go \([0-9.]\+\) .*/\1/p' doc/requirements.md)"
[ "${GOMIN}" = "${DOC_GOMIN}" ]
- name: Make LXD tarball and unpack it
env:
CUSTOM_VERSION: "test"
run: |
set -eux
make dist
tar -xzf lxd-test.tar.gz -C /home/runner/work/lxd/
rm lxd-test.tar.gz
- name: Build LXD dependencies
run: |
set -eux
# Build from unpacked dist tarball.
cd /home/runner/work/lxd/lxd-test
make deps
# Include dqlite libs in dependencies for system tests.
mkdir /home/runner/go/bin/dqlite
mv /home/runner/work/lxd/lxd-test/vendor/dqlite/include /home/runner/go/bin/dqlite/include
mv /home/runner/work/lxd/lxd-test/vendor/dqlite/.libs /home/runner/go/bin/dqlite/libs
- name: Build binaries
run: |
set -eux
# Build from unpacked dist tarball.
cd /home/runner/work/lxd/lxd-test
make
strip --strip-all /home/runner/go/bin/{lxc*,lxd*} -v
- name: Check lxc/lxd-agent binary sizes
run: |
set -eux
# Build lxc/lxd-agent the same way as done in the snap
go build -trimpath -o "/tmp/bin/lxc" github.com/canonical/lxd/lxc
CGO_ENABLED=0 go build -trimpath -o "/tmp/bin/lxd-agent" -tags=agent,netgo github.com/canonical/lxd/lxd-agent
strip -s /tmp/bin/*
# bin/max (sizes are in MiB)
SIZES="lxc 15
lxd-agent 13"
MIB="$((1024 * 1024))"
while read -r bin max; do
cur="$(stat --format=%s "/tmp/bin/${bin}")"
min=$((max - 1))
min_mib="$((min * MIB))"
max_mib="$((max * MIB))"
rm -f "/tmp/bin/${bin}"
if [ "${cur}" -gt "${max_mib}" ]; then
echo "FAIL: ${bin} binary size exceeds ${max}MiB"
exit 1
fi
# XXX: check for when we need to lower the min/max sizes
if [ "${cur}" -lt "${min_mib}" ]; then
echo "Congratulations: ${bin} binary size reduced below ${min}MiB"
echo "It is now time to edit the workflow job to use smaller min/max sizes for ${bin}"
exit 1
fi
echo "OK: ${bin} is between ${min} and ${max}MiB"
done <<< ${SIZES}
- name: Make GOCOVERDIR
run: mkdir -p "${GOCOVERDIR}"
if: env.GOCOVERDIR != ''
- name: Run static analysis
env:
GITHUB_BEFORE: ${{ github.event.before }}
run: |
set -eux
sudo chmod o+w ./lxd/metadata/configuration.json
sudo chmod o+w ./doc/metadata.txt
sudo chmod o+w ./po/*
sudo chmod o+w ./lxd/auth/entitlements_generated.go
sudo chmod o+w ./lxd/auth/drivers/openfga_model.openfga
make static-analysis
- name: Unit tests (all)
run: |
set -eux
sudo --preserve-env=CGO_CFLAGS,CGO_LDFLAGS,CGO_LDFLAGS_ALLOW,GOCOVERDIR,LD_LIBRARY_PATH LD_LIBRARY_PATH=${LD_LIBRARY_PATH} env "PATH=${PATH}" make check-unit
- name: Upload coverage data
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: coverage-unit
path: ${{env.GOCOVERDIR}}
if: env.GOCOVERDIR != ''
- name: Upload system test dependencies
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: system-test-deps
path: |
/home/runner/go/bin/lxc*
/home/runner/go/bin/lxd*
/home/runner/go/bin/mc
/home/runner/go/bin/minio
/home/runner/go/bin/dqlite
retention-days: 1
system-tests:
env:
LXD_CEPH_CLUSTER: "ceph"
LXD_CEPH_CEPHFS: "cephfs"
LXD_CEPH_CEPHOBJECT_RADOSGW: "http://127.0.0.1"
LXD_CONCURRENT: "1"
LXD_VERBOSE: "1"
LXD_OFFLINE: "1"
LXD_TMPFS: "1"
name: System
runs-on: ubuntu-22.04
needs: code-tests
strategy:
fail-fast: false
matrix:
go: ["1.22.x"]
suite: ["cluster", "standalone"]
backend: ["dir", "btrfs", "lvm", "zfs", "ceph", "random"]
include:
- go: stable
suite: cluster
backend: dir
- go: stable
suite: standalone
backend: dir
steps:
- name: Checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Tune disk performance
uses: ./.github/actions/tune-disk-performance
- name: Reclaim disk space
uses: ./.github/actions/reclaim-disk-space
- name: Remove docker
uses: ./.github/actions/disable-docker
- name: Install Go (${{ matrix.go }})
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ matrix.go }}
- name: Install dependencies
run: |
set -eux
sudo add-apt-repository ppa:ubuntu-lxc/daily -y --no-update
sudo apt-get update
sudo systemctl mask lxc.service lxc-net.service
sudo apt-get install --no-install-recommends -y \
curl \
git \
libacl1-dev \
libcap-dev \
libdbus-1-dev \
liblxc-dev \
libseccomp-dev \
libselinux-dev \
libsqlite3-dev \
libtool \
libudev-dev \
make \
pkg-config\
acl \
attr \
bind9-dnsutils \
btrfs-progs \
busybox-static \
dnsmasq-base \
easy-rsa \
gettext \
jq \
lxc-utils \
lvm2 \
nftables \
quota \
rsync \
s3cmd \
socat \
sqlite3 \
squashfs-tools \
tar \
tcl \
thin-provisioning-tools \
uuid-runtime \
xfsprogs \
xz-utils \
zfsutils-linux
# reclaim some space
sudo apt-get clean
- name: Download system test dependencies
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: system-test-deps
merge-multiple: true
path: /home/runner/go/bin
- name: Set exec perms on LXD binaries
run: |
set -eux
ls -lR /home/runner/go/bin/
chmod uog+x /home/runner/go/bin/*
- name: Setup MicroCeph
if: ${{ matrix.backend == 'ceph' }}
uses: ./.github/actions/setup-microceph
- name: Make GOCOVERDIR
run: |
set -eux
mkdir -p "${GOCOVERDIR}"
if: env.GOCOVERDIR != ''
- name: "Run system tests (${{ matrix.go }}, ${{ matrix.suite }}, ${{ matrix.backend }})"
run: |
set -eux
chmod +x ~
echo "root:1000000:1000000000" | sudo tee /etc/subuid /etc/subgid
cd test
sudo --preserve-env=PATH,GOPATH,GOCOVERDIR,GITHUB_ACTIONS,LXD_VERBOSE,LXD_BACKEND,LXD_CEPH_CLUSTER,LXD_CEPH_CEPHFS,LXD_CEPH_CEPHOBJECT_RADOSGW,LXD_OFFLINE,LXD_SKIP_TESTS,LXD_REQUIRED_TESTS, LXD_BACKEND=${{ matrix.backend }} ./main.sh ${{ matrix.suite }}
- name: Upload coverage data
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: coverage-${{ matrix.go }}-${{ matrix.suite }}-${{ matrix.backend }}
path: ${{env.GOCOVERDIR}}
if: env.GOCOVERDIR != ''
tics:
name: Tiobe TICS
runs-on: ubuntu-22.04
needs: system-tests
env:
CGO_CFLAGS: "-I/home/runner/go/bin/dqlite/include/"
CGO_LDFLAGS: "-L/home/runner/go/bin/dqlite/libs/"
LD_LIBRARY_PATH: "/home/runner/go/bin/dqlite/libs/"
CGO_LDFLAGS_ALLOW: "(-Wl,-wrap,pthread_create)|(-Wl,-z,now)"
if: ${{ ( github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' ) && github.ref_name == 'main' && github.repository == 'canonical/lxd' }}
steps:
- name: Checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
with:
# A non-shallow clone is needed for the Differential ShellCheck
fetch-depth: 0
- name: Tune disk performance
uses: ./.github/actions/tune-disk-performance
- name: Reclaim disk space
uses: ./.github/actions/reclaim-disk-space
- name: Remove docker
uses: ./.github/actions/disable-docker
- name: Install Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: 1.22.x
- name: Download coverage data
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
pattern: coverage-*
path: ${{env.GOCOVERDIR}}
merge-multiple: true
- name: Download system test dependencies
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: system-test-deps
merge-multiple: true
path: /home/runner/go/bin
- name: Install build dependencies
uses: ./.github/actions/install-lxd-builddeps
- name: Install dependencies
run: |
go install github.com/axw/gocov/gocov@latest
go install github.com/AlekSi/gocov-xml@latest
go install honnef.co/go/tools/cmd/staticcheck@latest
- name: Convert coverage files
run: |
go tool covdata textfmt -i="${GOCOVERDIR}" -o "${GOCOVERDIR}"/coverage.out
gocov convert "${GOCOVERDIR}"/coverage.out > "${GOCOVERDIR}"/coverage.json
gocov-xml < "${GOCOVERDIR}"/coverage.json > "${GOCOVERDIR}"/coverage-go.xml
- name: Run TICS
uses: tiobe/tics-github-action@d18bbcecfe7c96a6e3499bffc6792c4e8e9428a6 # v3.2.0
with:
mode: qserver
project: LXD
viewerUrl: https://canonical.tiobe.com/tiobeweb/TICS/api/cfg?name=default
branchdir: ${{ github.workspace }}
ticsAuthToken: ${{ secrets.TICS_AUTH_TOKEN }}
installTics: true
calc: ALL
tmpdir: /tmp/tics
client:
name: Client
strategy:
fail-fast: false
matrix:
go:
- 1.22.x
os:
- ubuntu-latest
- macos-latest
- windows-latest
runs-on: ${{ matrix.os }}
steps:
- name: Checkout code
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Install Go (${{ matrix.go }})
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ matrix.go }}
- name: Create build directory
run: |
set -eux
mkdir bin
- name: Build static lxc (x86_64)
env:
CGO_ENABLED: 0
GOARCH: amd64
run: |
set -eux
go build -ldflags "-s -w" -o trimpath -o bin/lxc.x86_64 ./lxc
- name: Build static lxc (aarch64)
env:
CGO_ENABLED: 0
GOARCH: arm64
run: |
set -eux
go build -ldflags "-s -w" -o trimpath -o bin/lxc.aarch64 ./lxc
- name: Build static lxd-benchmark
if: runner.os == 'Linux'
env:
CGO_ENABLED: 0
run: |
set -eux
GOARCH=amd64 go build -ldflags "-s -w" -o trimpath -o bin/lxd-benchmark.x86_64 ./lxd-benchmark
GOARCH=arm64 go build -ldflags "-s -w" -o trimpath -o bin/lxd-benchmark.aarch64 ./lxd-benchmark
- name: Build static lxd-migrate
if: runner.os == 'Linux'
env:
CGO_ENABLED: 0
run: |
set -eux
GOARCH=amd64 go build -ldflags "-s -w" -o trimpath -o bin/lxd-migrate.x86_64 ./lxd-migrate
GOARCH=arm64 go build -ldflags "-s -w" -o trimpath -o bin/lxd-migrate.aarch64 ./lxd-migrate
- name: Unit tests (client)
env:
CGO_ENABLED: 0
run: |
set -eux
go test -v ./client/...
- name: Unit tests (lxc)
env:
CGO_ENABLED: 0
run: |
set -eux
go test -v ./lxc/...
- name: Unit tests (shared)
env:
CGO_ENABLED: 0
run: |
set -eux
go test -v ./shared/...
- name: Upload lxc client artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
continue-on-error: true
with:
name: lxd-clients-${{ runner.os }}
path: bin/
documentation:
name: Documentation
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Install Go (1.22)
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: 1.22.x
- name: Install dependencies
run: |
set -eux
sudo apt-get install aspell aspell-en
sudo snap install mdl
- name: Run markdown linter
run: |
set -eux
make doc-lint
- name: Build docs (Sphinx)
shell: 'script -q -e -c "export TERM=xterm-256color; bash {0}"'
run: |
set -eux
make doc
if [ -s doc/.sphinx/warnings.txt ]; then cat doc/.sphinx/warnings.txt; exit 1; fi
- name: Run spell checker
run: |
set -eux
make doc-spellcheck
- name: Run inclusive naming checker
uses: get-woke/woke-action@b2ec032c4a2c912142b38a6a453ad62017813ed0 # v0
with:
fail-on-error: true
woke-args: "*.md **/*.md -c https://github.com/canonical/Inclusive-naming/raw/main/config.yml"
- name: Run link checker
# Run link checker during scheduled CI runs only
if: ${{ github.event_name == 'schedule' }}
shell: 'script -q -e -c "export TERM=xterm-256color; bash {0}"'
run: |
set -eux
make doc-linkcheck
- name: Upload documentation artifacts
if: always()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: documentation
path: doc/_build
snap:
name: Trigger snap edge build
runs-on: ubuntu-22.04
needs: [code-tests, system-tests, client, documentation]
if: ${{ github.repository == 'canonical/lxd' && github.event_name == 'push' && github.actor != 'dependabot[bot]' }}
steps:
- name: Checkout code
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Setup Launchpad SSH access
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
LAUNCHPAD_LXD_BOT_KEY: ${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}
run: |
set -eux
mkdir -m 0700 -p ~/.ssh/
ssh-agent -a "${SSH_AUTH_SOCK}" > /dev/null
ssh-add - <<< "${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}"
ssh-add -L > ~/.ssh/id_ed25519.pub
# In ephemeral environments like GitHub Action runners, relying on TOFU isn't providing any security
# so require the key obtained by `ssh-keyscan` to match the expected hash from https://help.launchpad.net/SSHFingerprints
ssh-keyscan git.launchpad.net >> ~/.ssh/known_hosts
ssh-keygen -qlF git.launchpad.net | grep -xF 'git.launchpad.net RSA SHA256:UNOzlP66WpDuEo34Wgs8mewypV0UzqHLsIFoqwe8dYo'
- name: Install Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: 1.22.x
- name: Trigger Launchpad snap build
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
TARGET: >-
${{ fromJson('{
"main": "latest-edge",
"stable-5.0": "5.0-edge",
}')[github.ref_name] }}
run: |
set -eux
git config --global transfer.fsckobjects true
git config --global user.name "Canonical LXD Bot"
git config --global user.email "[email protected]"
git config --global commit.gpgsign true
git config --global gpg.format "ssh"
git config --global user.signingkey ~/.ssh/id_ed25519.pub
localRev="$(git rev-parse HEAD)"
go install github.com/canonical/lxd-ci/lxd-snapcraft@latest
git clone -b "${TARGET}" git+ssh://[email protected]/~canonical-lxd/lxd ~/lxd-pkg-snap-lp
cd ~/lxd-pkg-snap-lp
lxd-snapcraft -package lxd -set-version "git-${localRev:0:7}" -set-source-commit "${localRev}"
git add --all
git commit --all --quiet -s --allow-empty -m "Automatic upstream build (${TARGET})" -m "Upstream commit: ${localRev}"
git show
git push --quiet