github: Add static analysis #47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| permissions: | |
| contents: read | |
| jobs: | |
| code-tests: | |
| name: Code | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| # Differential ShellCheck requires full git history | |
| fetch-depth: 0 | |
| - name: Dependency Review | |
| uses: actions/dependency-review-action@v4 | |
| if: github.event_name == 'pull_request' | |
| - id: ShellCheck | |
| name: Differential ShellCheck | |
| uses: redhat-plumbers-in-action/differential-shellcheck@v5 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| if: github.event_name == 'pull_request' | |
| - name: Upload artifact with ShellCheck defects in SARIF format | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: Differential ShellCheck SARIF | |
| path: ${{ steps.ShellCheck.outputs.sarif }} | |
| if: github.event_name == 'pull_request' | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| - name: Check compatible min Go version | |
| run: | | |
| cd incus-osd | |
| go mod tidy | |
| - name: Download go dependencies | |
| run: | | |
| cd incus-osd | |
| go mod download | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| working-directory: incus-osd | |
| - name: Run test build | |
| run: | | |
| cd incus-osd | |
| go build -v -x ./cmd/incus-osd | |
| end-to-end: | |
| name: End to end testing | |
| strategy: | |
| fail-fast: false | |
| timeout-minutes: 15 | |
| runs-on: | |
| - self-hosted | |
| - cpu-4 | |
| - mem-4G | |
| - disk-100G | |
| - arch-amd64 | |
| - image-debian-12 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get install --yes \ | |
| debian-archive-keyring \ | |
| make \ | |
| pipx \ | |
| qemu-utils | |
| - name: Setup Incus | |
| run: | | |
| curl https://pkgs.zabbly.com/get/incus-daily | sudo sh | |
| sudo chmod 666 /var/lib/incus/unix.socket | |
| incus admin init --auto | |
| - name: Setup mkosi | |
| run: | | |
| pipx install git+https://github.com/systemd/[email protected] | |
| - name: Build initial image | |
| run: | | |
| export PATH=${PATH}:/root/.local/bin | |
| make | |
| - name: Start Incus OS | |
| run: | | |
| qemu-img convert -f raw -O qcow2 $(ls mkosi.output/IncusOS_*.raw | grep -v usr | grep -v esp | sort | tail -1) os-image.qcow2 | |
| incus image import --alias incus-os test/metadata.tar.xz os-image.qcow2 | |
| incus create --quiet --vm incus-os test-incus-os \ | |
| -c security.secureboot=false \ | |
| -c limits.cpu=2 \ | |
| -c limits.memory=2GiB \ | |
| -d root,size=50GiB | |
| incus config device add test-incus-os vtpm tpm | |
| incus start test-incus-os | |
| while :; do | |
| sleep 3 | |
| incus exec test-incus-os -- /usr/bin/true >/dev/null 2>&1 && break | |
| done | |
| incus list | |
| - name: Load the extensions | |
| run: | | |
| incus exec test-incus-os -- mkdir -p /var/lib/extensions | |
| incus file push --quiet mkosi.output/debug.raw test-incus-os/var/lib/extensions/ | |
| incus file push --quiet mkosi.output/incus.raw test-incus-os/var/lib/extensions/ | |
| incus exec test-incus-os -- systemd-sysext list | |
| incus exec test-incus-os -- systemd-sysext merge | |
| - name: Initialize Incus | |
| run: | | |
| incus exec test-incus-os -- systemd-sysusers | |
| incus exec test-incus-os -- systemctl enable --now incus-lxcfs incus-startup incus incus.socket | |
| incus exec test-incus-os -- incus admin init --auto | |
| - name: Test Incus | |
| run: | | |
| incus exec test-incus-os -- incus launch --quiet images:debian/12 c1 | |
| incus exec test-incus-os -- incus launch --quiet images:debian/12 v1 --vm | |
| incus exec test-incus-os -- sleep 30s | |
| incus exec test-incus-os -- incus list | |
| - name: Build a newer version of the image | |
| run: | | |
| export PATH=${PATH}:/root/.local/bin | |
| make | |
| - name: Apply the update | |
| run: | | |
| incus file pull --quiet test-incus-os/usr/lib/os-release - | |
| incus file create test-incus-os/var/lib/updates/ --type=directory | |
| incus file push --quiet $(ls mkosi.output/IncusOS_*.efi | sort | tail -1) test-incus-os/var/lib/updates/ | |
| incus file push --quiet $(ls mkosi.output/IncusOS_*.usr-x86-64.* | sort | tail -1) test-incus-os/var/lib/updates/ | |
| incus file push --quiet $(ls mkosi.output/IncusOS_*.usr-x86-64-verity.* | sort | tail -1) test-incus-os/var/lib/updates/ | |
| incus file push --quiet $(ls mkosi.output/IncusOS_*.usr-x86-64-verity-sig.* | sort | tail -1) test-incus-os/var/lib/updates/ | |
| incus exec test-incus-os -- systemctl start boot.mount | |
| incus exec test-incus-os -- unshare -m -- sh -c "mount /dev/mapper/usr /usr && /usr/lib/systemd/systemd-sysupdate && /usr/lib/systemd/systemd-sysupdate update && /usr/lib/systemd/systemd-sysupdate && /usr/lib/systemd/systemd-sysupdate reboot" | |
| while :; do | |
| sleep 3 | |
| incus exec test-incus-os -- /usr/bin/true >/dev/null 2>&1 && break | |
| done | |
| incus file pull --quiet test-incus-os/usr/lib/os-release - |