Forbid empty filter mask access rules in ControlInterfaceAccess #2205
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
- release-** | |
workflow_dispatch: | |
workflow_call: | |
env: | |
CARGO_TERM_COLOR: always | |
concurrency: | |
group: "build-${{ github.head_ref || github.ref }}" | |
cancel-in-progress: true | |
jobs: | |
build_and_system_tests_linux_amd64: | |
name: Build and run system tests Linux amd64 | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/eclipse-ankaios/devcontainer-base:0.10.2 | |
options: --privileged | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- name: Build debug | |
run: cargo build | |
- name: Prepare system tests | |
run: | | |
mkdir -p target/robot_tests_result | |
chown vscode target/robot_tests_result | |
- name: Run system tests in pull request verification | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
SYSTEM_TEST_EXCLUDE_TAG="non_execution_during_pull_request_verification" | |
echo "Run is a PR verification, system tests tagged with '$SYSTEM_TEST_EXCLUDE_TAG' are NOT executed and skipped." | |
su vscode -c "tools/run_robot_tests.sh --exclude $SYSTEM_TEST_EXCLUDE_TAG tests" | |
- name: Run all system tests | |
if: ${{ github.event_name != 'pull_request' }} | |
run: | | |
echo "Event name is '${{ github.event_name }}', all system tests are executed." | |
su vscode -c "tools/run_robot_tests.sh tests" | |
- uses: actions/upload-artifact@v4.3.3 | |
if: success() || failure() | |
with: | |
name: robot-tests-result | |
path: target/robot_tests_result | |
unit_tests_and_code_checks_linux_amd64: | |
name: Run unit tests Linux amd64 | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/eclipse-ankaios/devcontainer-base:0.10.2 | |
options: --privileged | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- name: Run unit tests | |
run: RUST_LOG=debug cargo nextest run | |
- name: Run clippy code checks | |
run: just clippy | |
- name: Prevent docker.io images in test | |
run: just check-test-images | |
- name: Check copyright headers | |
run: just check-copyright-headers | |
# If the next step fails, then a license used by a new dependency is currently | |
# not part of the whitelist in deny.toml. If the new license fits to the project | |
# then it should be added to the whitelist otherwise the dependency needs to be | |
# removed. | |
- name: Check licenses | |
run: just check-licenses | |
- name: Create license report | |
run: | | |
mkdir -p build | |
cargo about generate about.hbs > build/licenses.html | |
- uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: licenses | |
path: build/licenses.html | |
# We check advisories only for PRs in order to have stable builds on main. | |
# Remember that new advisories can pop up every time without changing the code. | |
- name: Check advisories for pull requests | |
if: ${{ github.event_name == 'pull_request' }} | |
run: just check-advisories | |
code_coverage_linux_amd64: | |
name: Create code coverage report | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/eclipse-ankaios/devcontainer-base:0.10.2 | |
options: --privileged | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- name: Create code coverage html report | |
run: | | |
rustup component add llvm-tools-preview | |
just coverage | |
- uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: code-coverage | |
path: target/llvm-cov/html | |
build_linux_amd64_debian_package: | |
name: Build Linux amd64 debian package | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/eclipse-ankaios/devcontainer-base:0.10.2 | |
options: --privileged | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- name: Build linux-amd64 release-mode | |
run: | | |
cargo build --release | |
mkdir -p dist/ | |
cp target/x86_64-unknown-linux-musl/release/ank target/x86_64-unknown-linux-musl/release/ank-server target/x86_64-unknown-linux-musl/release/ank-agent dist/ | |
- uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: ankaios-linux-amd64-bin | |
path: dist/ | |
- name: Build linux-amd64 debian package | |
run: | | |
cargo deb -p ank --target x86_64-unknown-linux-musl | |
- uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: ankaios-linux-amd64-deb | |
path: target/x86_64-unknown-linux-musl/debian/ankaios*.deb | |
build_linux_arm64: | |
# currently there is no arm64 github built-in runner available | |
# however, there is an issue in progress on the github runner repo | |
# requesting the support for arm64: https://github.com/actions/runner-images/issues/5631 | |
# if arm64 variants will be released we can switch to an arm64 image and save the longer built time for cross platform build | |
# and in addition, tests for arm64 can be enabled in this job, too | |
name: Build Linux arm64 debian package | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/eclipse-ankaios/devcontainer-base:0.10.2 | |
options: --user root | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- name: Build linux-arm64 release-mode | |
run: | | |
cargo build --target aarch64-unknown-linux-musl --release | |
mkdir -p dist/ | |
cp target/aarch64-unknown-linux-musl/release/ank target/aarch64-unknown-linux-musl/release/ank-server target/aarch64-unknown-linux-musl/release/ank-agent dist/ | |
- uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: ankaios-linux-arm64-bin | |
path: dist/ | |
- name: Build linux-arm64 debian package | |
run: | | |
cargo deb -p ank --target aarch64-unknown-linux-musl | |
- uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: ankaios-linux-arm64-deb | |
path: target/aarch64-unknown-linux-musl/debian/ankaios*.deb | |
requirements: | |
name: Build requirements tracing | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/eclipse-ankaios/devcontainer-base:0.10.2 | |
options: --user root | |
steps: | |
- uses: actions/checkout@v4.1.1 | |
- run: | | |
just trace-requirements dist/req_tracing_report.html | |
- uses: actions/upload-artifact@v4.3.3 | |
with: | |
name: requirement-tracing-report | |
path: dist/ |