test/testenv: fix leaking buildx dial-stdio processes on interrupt #3364
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| source_policy: | |
| description: 'Enable BuildKit source policy' | |
| type: boolean | |
| default: false | |
| pull_request: | |
| branches: | |
| - main | |
| - release/** | |
| paths-ignore: | |
| - 'website/**' | |
| - 'docs/**' | |
| - '*.md' | |
| - 'CODEOWNERS' | |
| - 'LICENSE' | |
| - '.github/copilot-instructions.md' | |
| - '.github/workflows/retag.yml' | |
| - '.github/workflows/retag/**' | |
| - 'cmd/retagger/**' | |
| - 'cmd/worker-image-matrix/**' | |
| - '.github/workflows/worker-images/**' | |
| - '.github/workflows/worker-images.yml' | |
| - '.github/workflows/dependabot.yml' | |
| - '.github/workflows/release.yml' | |
| - '.github/workflows/deploy-docs.yml' | |
| push: | |
| branches: | |
| - main | |
| - release/** | |
| paths-ignore: | |
| - 'website/**' | |
| - 'docs/**' | |
| - '*.md' | |
| - 'CODEOWNERS' | |
| - 'LICENSE' | |
| - '.github/copilot-instructions.md' | |
| - '.github/workflows/retag.yml' | |
| - '.github/workflows/retag/**' | |
| - 'cmd/retagger/**' | |
| - 'cmd/worker-image-matrix/**' | |
| - '.github/workflows/worker-images/**' | |
| - '.github/workflows/worker-images.yml' | |
| permissions: | |
| contents: read | |
| packages: read | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 | |
| with: | |
| egress-policy: audit | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version: '1.25' | |
| cache: false | |
| # Use the golang-ci lint action which automattically sets up GHA caching and other things | |
| # Note: There is also a "lint" target in docker-bake.hcl for local linting | |
| # If you make changes to this, please make sure to also update the local linting target | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 | |
| with: | |
| version: v2.8.0 | |
| args: --timeout=30m | |
| - name: custom linters | |
| run: go run ./cmd/lint ./... | |
| - name: validate generated files | |
| run: | | |
| go generate ./... || exit $? | |
| if ! git diff --exit-code; then | |
| echo "::error::Missing updates to generated files. Please run 'go generate ./...' and commit the changes" | |
| exit 1 | |
| fi | |
| integration: | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| suite: | |
| - Mariner2 | |
| - Azlinux3 | |
| - Bookworm | |
| - Bullseye | |
| - Bionic | |
| - Focal | |
| - Jammy | |
| - Noble | |
| - Windows | |
| - Almalinux8 | |
| - Almalinux9 | |
| - Rockylinux8 | |
| - Rockylinux9 | |
| - Trixie | |
| - other | |
| include: | |
| - suite: other | |
| skip: Mariner2|Azlinux3|Bookworm|Bullseye|Bionic|Focal|Jammy|Noble|Windows|Almalinux8|Almalinux9|Rockylinux8|Rockylinux9|Trixie | |
| # TODO: support diff/merge | |
| # Right now this is handled by the e2e suite, but we can migrate that here. | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version: '1.25' | |
| cache: false | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: ./.github/actions/enable-containerd | |
| - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 | |
| name: Login to GHCR | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup otel-collector | |
| run: | | |
| set -e | |
| mkdir -p /tmp/otel-traces | |
| chmod 777 /tmp/otel-traces | |
| if ! docker run -d --net=host --restart=always --name otel-collector \ | |
| -v ${{ github.workspace }}/.github/otel-collector-ci.yaml:/etc/otelcol-contrib/config.yaml:ro \ | |
| -v /tmp/otel-traces:/data:rw \ | |
| otel/opentelemetry-collector-contrib:0.144.0; then | |
| echo "::warning::Failed to start otel-collector for tracing, skipping trace configuration" | |
| exit 0 | |
| fi | |
| echo "OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318" >> "${GITHUB_ENV}" | |
| echo "OTEL_SERVICE_NAME=dalec-integration-test" >> "${GITHUB_ENV}" | |
| tmp="$(mktemp)" | |
| echo "[Service]" > "${tmp}" | |
| echo "Environment=\"OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318\"" >> "${tmp}" | |
| sudo mkdir -p /etc/systemd/system/docker.service.d | |
| sudo mkdir -p /etc/systemd/system/containerd.service.d | |
| sudo cp "${tmp}" /etc/systemd/system/docker.service.d/otlp.conf | |
| sudo cp "${tmp}" /etc/systemd/system/containerd.service.d/otlp.conf | |
| if ! sudo systemctl daemon-reload; then | |
| echo "::warning::Failed to reload systemd daemon for tracing configuration" | |
| fi | |
| if ! sudo systemctl restart containerd; then | |
| echo "::warning::Failed to restart containerd with tracing configuration" | |
| fi | |
| if ! sudo systemctl restart docker; then | |
| echo "::warning::Failed to restart docker with tracing configuration" | |
| fi | |
| - name: download deps | |
| run: go mod download | |
| - name: Setup QEMU | |
| run: docker run --rm --privileged tonistiigi/binfmt:latest --install all | |
| - name: Setup source policy | |
| if: inputs.source_policy | |
| uses: ./.github/actions/setup-source-policy | |
| - name: Aggressive cleanup | |
| run: | | |
| echo "================ INITIAL DISK USAGE ================" | |
| df -h | |
| echo | |
| echo "================ DOCKER: SYSTEM PRUNE (IMAGES + VOLUMES) ================" | |
| echo "Removing stopped containers, unused images, networks, and volumes..." | |
| docker system prune -f --all --volumes || true | |
| df -h | |
| echo | |
| echo "================ REMOVE JAVA (JDKs) ================" | |
| echo "Removing all JDKs from /usr/lib/jvm" | |
| sudo rm -rf /usr/lib/jvm || true | |
| df -h | |
| echo | |
| echo "================ REMOVE .NET SDKs ================" | |
| echo "Removing .NET SDKs from /usr/share/dotnet" | |
| sudo rm -rf /usr/share/dotnet || true | |
| df -h | |
| echo | |
| echo "================ REMOVE SWIFT TOOLCHAIN ================" | |
| echo "Removing Swift from /usr/share/swift" | |
| sudo rm -rf /usr/share/swift || true | |
| df -h | |
| echo | |
| echo "================ REMOVE HASKELL (GHCUP) ================" | |
| echo "Removing GHC toolchains from /usr/local/.ghcup" | |
| sudo rm -rf /usr/local/.ghcup || true | |
| df -h | |
| echo | |
| echo "================ REMOVE JULIA ================" | |
| echo "Removing Julia installations from /usr/local/julia*" | |
| sudo rm -rf /usr/local/julia* || true | |
| df -h | |
| echo | |
| echo "================ REMOVE ANDROID SDKs ================" | |
| echo "Removing Android SDKs from /usr/local/lib/android" | |
| sudo rm -rf /usr/local/lib/android || true | |
| df -h | |
| echo | |
| echo "================ REMOVE CHROMIUM ================" | |
| echo "Removing Chromium from /usr/local/share/chromium" | |
| sudo rm -rf /usr/local/share/chromium || true | |
| df -h | |
| echo | |
| echo "================ REMOVE EDGE & CHROME BUILDS ================" | |
| echo "Removing Microsoft Edge and Google Chrome from /opt" | |
| sudo rm -rf /opt/microsoft /opt/google || true | |
| df -h | |
| echo | |
| echo "================ REMOVE POWERSHELL ================" | |
| echo "Removing PowerShell from /usr/local/share/powershell" | |
| sudo rm -rf /usr/local/share/powershell || true | |
| df -h | |
| echo | |
| # Optional – huge space saver on GitHub runners | |
| # echo "================ REMOVE HOSTED TOOLCACHE ================" | |
| # echo "Removing GitHub hosted toolcache" | |
| # sudo rm -rf /opt/hostedtoolcache || true | |
| # df -h | |
| # echo | |
| du -d1 -h /opt/hostedtoolcache | sort -h -k1 | |
| echo "================ DOCKER: FINAL CLEANUP ================" | |
| echo "Removing dangling build cache and leftover images..." | |
| docker system prune -af || true | |
| docker builder prune -af || true | |
| df -h | |
| echo | |
| echo "================ CLEANUP COMPLETE ================" | |
| - name: Use azure ubuntu archive | |
| uses: ./.github/actions/dns-spoof-ubuntu-archive | |
| - name: Pre-build base images | |
| run: | | |
| set -eu | |
| docker buildx bake frontend | |
| if [ "${TEST_SUITE}" = "other" ]; then | |
| exit 0 | |
| fi | |
| # downcase the test suite to get the worker target | |
| worker="${TEST_SUITE,,}" | |
| if [ "${worker}" = "windows" ]; then | |
| worker="windowscross" | |
| fi | |
| export WORKER_TARGET=${worker}/worker | |
| docker buildx bake worker | |
| env: | |
| TEST_SUITE: ${{ matrix.suite }} | |
| - name: Run integration tests | |
| run: | | |
| set -ex | |
| if [ -n "${TEST_SUITE}" ] && [ ! "${TEST_SUITE}" = "other" ]; then | |
| run="-run=${TEST_SUITE}" | |
| fi | |
| if [ -n "${TEST_SKIP}" ]; then | |
| skip="-skip=${TEST_SKIP}" | |
| fi | |
| go test -timeout=59m -v -json ${run} ${skip} ./test | go run ./cmd/test2json2gha --slow 120s --logdir /tmp/testlogs | |
| env: | |
| TEST_SUITE: ${{ matrix.suite }} | |
| TEST_SKIP: ${{ matrix.skip }} | |
| - name: Get traces | |
| if: always() | |
| run: | | |
| set -ex | |
| mkdir -p /tmp/reports | |
| if [ -f /tmp/otel-traces/traces.jsonl ]; then | |
| cp /tmp/otel-traces/traces.jsonl /tmp/reports/traces.jsonl | |
| else | |
| echo "::warning::No traces file found" | |
| fi | |
| - name: Upload reports | |
| if: always() | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: integration-test-reports-${{matrix.suite}} | |
| path: /tmp/reports/* | |
| retention-days: 1 | |
| - name: Upload reports | |
| if: always() | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: integration-test-logs-${{matrix.suite}} | |
| path: /tmp/testlogs/* | |
| retention-days: 1 | |
| - name: dump logs | |
| if: failure() | |
| id: dump-logs | |
| run: | | |
| set -e | |
| dir="$(mktemp -d)" | |
| f="${dir}/dockerd.log" | |
| echo "DOCKERD_LOG_PATH=${f}" >> $GITHUB_OUTPUT | |
| sudo journalctl -u docker > "${f}" | |
| - name: Upload buildkit logs | |
| if: failure() | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: e2e-dockerd-logs-${{ matrix.suite }} | |
| path: ${{ steps.dump-logs.outputs.DOCKERD_LOG_PATH }} | |
| retention-days: 1 | |
| unit: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 | |
| with: | |
| egress-policy: audit | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version: '1.25' | |
| cache: false | |
| - name: download deps | |
| run: go mod download | |
| - name: Run unit tests | |
| run: go test -v --test.short --json ./... | go run ./cmd/test2json2gha | |
| e2e: | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| disable_diff_merge: ["1", "0"] | |
| name: "Test E2E (disable diff/merge: ${{ matrix.disable_diff_merge }})" | |
| env: | |
| DALEC_DISABLE_DIFF_MERGE: ${{ matrix.disable_diff_merge }} | |
| FRONTEND_REF: localhost:5000/dalec/frontend | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 | |
| with: | |
| egress-policy: audit | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| # We need to fetch all commits so that we can diff against the base branch | |
| fetch-depth: 0 | |
| - name: Expose GitHub tokens for caching | |
| uses: crazy-max/ghaction-github-runtime@3cb05d89e1f492524af3d41a1c98c83bc3025124 # v3.1.0 | |
| - name: Setup source policy | |
| if: inputs.source_policy | |
| uses: ./.github/actions/setup-source-policy | |
| - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 | |
| name: Login to GHCR | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: ./.github/actions/format-repo | |
| id: format-repo | |
| - name: Use azure ubuntu archive | |
| uses: ./.github/actions/dns-spoof-ubuntu-archive | |
| - name: Setup builder | |
| run: | | |
| # Sometimes the builder runs out of space... so cleanup anything we can first. | |
| docker image prune -a -f | |
| docker run -d --net=host ghcr.io/${{ steps.format-repo.outputs.result }}/mirror/dockerhub/library/registry:latest | |
| # If diff/merge are enabled we need to use a buildx builder to make sure the feature is supported. | |
| # Otherwise we can just use the default docker builder. | |
| if [ "${DALEC_DISABLE_DIFF_MERGE}" = "0" ]; then | |
| docker buildx create --use --driver-opt network=host | |
| echo FRONTEND_BAKE_TARGET="frontend-ci-full" >> $GITHUB_ENV | |
| echo USE_BUILDX=1 >> $GITHUB_ENV | |
| else | |
| echo DALEC_NO_CACHE_EXPORT="1" >> $GITHUB_ENV | |
| echo FRONTEND_BAKE_TARGET="frontend-ci" >> $GITHUB_ENV | |
| fi | |
| - name: Build frontend image | |
| run: docker buildx bake ${FRONTEND_BAKE_TARGET} | |
| - name: test | |
| run: | | |
| docker buildx bake test | |
| - name: Build go-md2man example in docs | |
| run: | | |
| version=$(cat docs/examples/go-md2man.yml | yq .version) | |
| docker build -t go-md2man:$version -f docs/examples/go-md2man.yml --target=mariner2/rpm --output=_output . | |
| docker build -t go-md2man:$version -f docs/examples/go-md2man.yml --target=mariner2 . | |
| - name: dump logs | |
| if: failure() | |
| id: dump-logs | |
| run: | | |
| set -e | |
| dir="$(mktemp -d)" | |
| f="${dir}/dockerd.log" | |
| echo "DOCKERD_LOG_PATH=${f}" >> $GITHUB_OUTPUT | |
| if [ "${USE_BUILDX}" = "1" ]; then | |
| docker logs $(docker ps -lq) > "${f}" | |
| else | |
| sudo journalctl -u docker > "${f}" | |
| fi | |
| - name: Upload buildkit logs | |
| if: failure() | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: e2e-dockerd-logs-diffmerge=${{ matrix.disable_diff_merge }} | |
| path: ${{ steps.dump-logs.outputs.DOCKERD_LOG_PATH }} | |
| retention-days: 1 | |