Atomic KMS: enable bypass #7109
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Spread | |
on: | |
push: | |
branches: | |
- main | |
- release/[0-9]+.[0-9]+ | |
tags: | |
- v[0-9]+[0-9]+.[0-9]+ | |
merge_group: | |
types: [checks_requested] | |
pull_request: | |
types: [opened, synchronize, reopened, ready_for_review] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.number && format('pr{0}', github.event.number) || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
GetMatrix: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- id: set-matrix | |
name: Determine BuildAndTest matrix | |
run: | | |
set -euo pipefail | |
if ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}; then | |
TASKS='"lxd:ubuntu-24.04:spread/build/ubuntu:tsan" | |
"lxd:ubuntu-24.04:spread/build/ubuntu:tsan_clang"' | |
fi | |
TASKS+='"lxd:alpine-3.19:spread/build/alpine:amd64" | |
"lxd:alpine-3.20:spread/build/alpine:amd64" | |
"lxd:alpine-edge:spread/build/alpine:amd64" | |
"lxd:ubuntu-24.04:spread/build/sbuild:debian_sid" | |
"lxd:ubuntu-24.04:spread/build/sbuild:ubuntu" | |
"lxd:ubuntu-24.04:spread/build/sbuild:ubuntu_arm64" | |
"lxd:ubuntu-24.04:spread/build/sbuild:ubuntu_armhf" | |
"lxd:ubuntu-24.04:spread/build/ubuntu:clang" | |
"lxd:fedora-39:spread/build/fedora:amd64" | |
"lxd:fedora-40:spread/build/fedora:amd64" | |
"lxd:fedora-rawhide:spread/build/fedora:amd64" | |
"lxd:ubuntu-24.04:spread/build/sbuild:ubuntu_devel" | |
"lxd:ubuntu-24.04:spread/build/sbuild:ubuntu_proposed" | |
"lxd:ubuntu-24.04:spread/build/ubuntu:asan" | |
"lxd:ubuntu-24.04:spread/build/ubuntu:asan_clang" | |
"lxd:ubuntu-24.04:spread/build/ubuntu:ubsan" | |
"lxd:ubuntu-24.04:spread/build/ubuntu:ubsan_clang"' | |
echo ${TASKS:-} | jq -cs '{ "spread-task": . }' | awk '{ print "matrix=" $0 }' >> $GITHUB_OUTPUT | |
BuildAndTest: | |
needs: GetMatrix | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJSON(needs.GetMatrix.outputs.matrix) }} | |
runs-on: ubuntu-latest | |
env: | |
DEBFULLNAME: "Mir CI Bot" | |
DEBEMAIL: "[email protected]" | |
SPREAD_PATH: "/tmp/spread" | |
CCACHE_DIR: "/tmp/ccache" | |
steps: | |
- name: Set up LXD | |
uses: canonical/setup-lxd@main | |
- name: Set up Spread | |
run: | | |
sudo snap install spread-mir-ci | |
sudo snap connect spread-mir-ci:lxd lxd:lxd | |
lxc profile set default security.privileged=true security.nesting=true | |
sudo apt-get update | |
sudo apt-get install --yes binfmt-support qemu-user-static | |
echo "LXD_DIR=/var/snap/lxd/common/lxd" >> $GITHUB_ENV | |
- name: Check out code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up CCache | |
id: setup-ccache | |
run: | | |
mkdir --parents ${CCACHE_DIR} | |
/snap/bin/lxc profile device add default ccache disk source=${CCACHE_DIR} path=/root/.ccache | |
# Find the merge base to avoid populating the cache with short lived cache entries | |
# and evicting those we care for - from `main` | |
echo "merge-base=$( git merge-base origin/main ${{ github.sha }} )" >> $GITHUB_OUTPUT | |
- name: CCache | |
uses: actions/cache@v4 | |
with: | |
key: ccache-${{ matrix.spread-task }}-${{ steps.setup-ccache.outputs.merge-base }} | |
# if exact match isn't found, use the most recent entry for the task | |
restore-keys: | | |
ccache-${{ matrix.spread-task }}- | |
path: ${{ env.CCACHE_DIR }} | |
- name: Ensure ccache size | |
run: | | |
# a full build yielded at most 650M cache | |
echo "max_size = 800M" > ${CCACHE_DIR}/ccache.conf | |
- name: Run Spread task | |
run: snap run spread-mir-ci.spread -reuse -v ${{ matrix.spread-task }} | |
- name: CCache stats | |
run: cat ${CCACHE_DIR}/ccache.stats | |
- if: ${{ failure() && runner.debug }} | |
name: Setup upterm session | |
uses: mxschmitt/action-tmate@v3 | |
with: | |
limit-access-to-actor: true |