chore(deps): Bump the go-dependencies group across 1 directory with 6… #15371
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| permissions: read-all | |
| on: | |
| push: | |
| branches: [master] | |
| tags: | |
| - v[0-9]+.[0-9]+.[0-9]+** # Tag filters not as strict due to different regex system on Github Actions | |
| paths-ignore: | |
| - 'build-image/**' | |
| - '.github/workflows/build-image.yml' | |
| pull_request: | |
| paths-ignore: | |
| - 'build-image/**' | |
| - '.github/workflows/build-image.yml' | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-24.04 | |
| container: | |
| image: quay.io/cortexproject/build-image:master-5f643d518c | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Setup Git safe.directory | |
| run: | | |
| echo "this step is needed because when running in container, actions/checkout does not set safe.directory effectively." | |
| echo "See https://github.com/actions/runner/issues/2033. We should use --system instead of --global" | |
| git config --system --add safe.directory $GITHUB_WORKSPACE | |
| # Commands in the Makefile are hardcoded with an assumed file structure of the CI container | |
| # Symlink ensures paths specified in previous commands don’t break | |
| - name: Sym Link Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/cortexproject/cortex | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/cortexproject/cortex | |
| - name: Lint | |
| run: make BUILD_IN_CONTAINER=false lint | |
| - name: Check Vendor Directory | |
| run: make BUILD_IN_CONTAINER=false mod-check | |
| - name: Check Protos | |
| run: make BUILD_IN_CONTAINER=false check-protos | |
| - name: Check Modernize | |
| run: make BUILD_IN_CONTAINER=false check-modernize | |
| test: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: amd64 | |
| runner: ubuntu-24.04 | |
| - name: arm64 | |
| runner: ubuntu-24.04-arm | |
| name: test (${{ matrix.name }}) | |
| runs-on: ${{ matrix.runner }} | |
| container: | |
| image: quay.io/cortexproject/build-image:master-5f643d518c | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Setup Git safe.directory | |
| run: | | |
| echo "this step is needed because when running in container, actions/checkout does not set safe.directory effectively." | |
| echo "See https://github.com/actions/runner/issues/2033. We should use --system instead of --global" | |
| git config --system --add safe.directory $GITHUB_WORKSPACE | |
| - name: Sym Link Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/cortexproject/cortex | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/cortexproject/cortex | |
| - name: Run Tests | |
| run: make BUILD_IN_CONTAINER=false test | |
| test-no-race: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: amd64 | |
| runner: ubuntu-24.04 | |
| - name: arm64 | |
| runner: ubuntu-24.04-arm | |
| name: test-no-race (${{ matrix.name }}) | |
| runs-on: ${{ matrix.runner }} | |
| container: | |
| image: quay.io/cortexproject/build-image:master-5f643d518c | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Setup Git safe.directory | |
| run: | | |
| echo "this step is needed because when running in container, actions/checkout does not set safe.directory effectively." | |
| echo "See https://github.com/actions/runner/issues/2033. We should use --system instead of --global" | |
| git config --system --add safe.directory $GITHUB_WORKSPACE | |
| - name: Sym Link Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/cortexproject/cortex | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/cortexproject/cortex | |
| - name: Run Tests | |
| run: make BUILD_IN_CONTAINER=false test-no-race | |
| security: | |
| name: CodeQL | |
| if: github.repository == 'cortexproject/cortex' | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| # Initializes the CodeQL tools for scanning. | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3.29.5 | |
| with: | |
| languages: go | |
| - name: Autobuild | |
| uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3.29.5 | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v3.29.5 | |
| discover-tags: | |
| # Single source of truth for the integration build tags. Greps //go:build headers under | |
| # ./integration/ and emits both a CSV (for go test -c tag list) and the matrix JSON | |
| # (cross-product of arches × tags) consumed by `integration` below. | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| tags_csv: ${{ steps.discover.outputs.tags_csv }} | |
| matrix: ${{ steps.discover.outputs.matrix }} | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - id: discover | |
| shell: bash | |
| run: | | |
| TAGS=() | |
| while IFS= read -r line; do | |
| TAGS+=("$line") | |
| done < <(grep -hE "^//go:build " integration/*.go \ | |
| | sed -E 's|^//go:build ||' \ | |
| | sort -u | grep -v '^integration$') | |
| if [ "${#TAGS[@]}" -eq 0 ]; then | |
| echo "ERROR: no //go:build tags found under integration/" >&2 | |
| exit 1 | |
| fi | |
| TAGS_CSV=$(IFS=,; echo "${TAGS[*]}") | |
| echo "tags_csv=${TAGS_CSV}" >> "$GITHUB_OUTPUT" | |
| # Build matrix JSON: every tag runs on both amd64 and arm64. | |
| TAGS_JSON=$(printf '%s\n' "${TAGS[@]}" | jq -R . | jq -s .) | |
| MATRIX=$(jq -c -n --argjson tags "$TAGS_JSON" '{ | |
| include: [ | |
| ($tags[] | {runner: "ubuntu-24.04", arch: "amd64", tags: .}), | |
| ($tags[] | {runner: "ubuntu-24.04-arm", arch: "arm64", tags: .}) | |
| ] | |
| }') | |
| echo "matrix=${MATRIX}" >> "$GITHUB_OUTPUT" | |
| echo "Discovered tags: ${TAGS_CSV}" | |
| build: | |
| runs-on: ubuntu-24.04 | |
| container: | |
| image: quay.io/cortexproject/build-image:master-5f643d518c | |
| outputs: | |
| image_tag: ${{ steps.image-tag.outputs.image_tag }} | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Setup Git safe.directory | |
| run: | | |
| echo "this step is needed because when running in container, actions/checkout does not set safe.directory effectively." | |
| echo "See https://github.com/actions/runner/issues/2033. We should use --system instead of --global" | |
| git config --system --add safe.directory $GITHUB_WORKSPACE | |
| - name: Install Docker Client | |
| run: ./.github/workflows/scripts/install-docker.sh | |
| env: | |
| DOCKER_REGISTRY_USER: ${{secrets.DOCKER_REGISTRY_USER}} | |
| DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | |
| - name: Sym Link Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/cortexproject/cortex | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/cortexproject/cortex | |
| - name: Compute Image Tag | |
| id: image-tag | |
| run: echo "image_tag=$(make image-tag)" >> "$GITHUB_OUTPUT" | |
| - name: Build Image | |
| run: | | |
| touch build-image/.uptodate | |
| make BUILD_IN_CONTAINER=false | |
| - name: Save Images | |
| run: | | |
| mkdir /tmp/images | |
| ln -s /tmp/images ./docker-images | |
| make BUILD_IN_CONTAINER=false save-images | |
| - name: Create Docker Images Archive | |
| run: tar -cvf images.tar /tmp/images | |
| - name: Upload Docker Images Artifact | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: Docker Images | |
| path: ./images.tar | |
| build-integration-tests: | |
| needs: [discover-tags] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - runner: ubuntu-24.04 | |
| arch: amd64 | |
| - runner: ubuntu-24.04-arm | |
| arch: arm64 | |
| name: build-integration-tests (${{ matrix.arch }}) | |
| runs-on: ${{ matrix.runner }} | |
| container: | |
| image: quay.io/cortexproject/build-image:master-5f643d518c | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Setup Git safe.directory | |
| run: | | |
| git config --system --add safe.directory $GITHUB_WORKSPACE | |
| - name: Sym Link Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/cortexproject/cortex | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/cortexproject/cortex | |
| - name: Compile Integration Test Binary | |
| # Tag list comes from the discover-tags job — single source of truth. | |
| run: | | |
| ALL_TAGS="slicelabels,integration,${{ needs.discover-tags.outputs.tags_csv }}" | |
| mkdir -p out/bin | |
| go test -c -tags="${ALL_TAGS}" -o out/bin/integration.test ./integration/ | |
| - name: Generate Run-Pattern Manifest | |
| # For each build tag, derive a -test.run regex listing every TestX function in source files | |
| # gated by that tag. The integration job will read these to select which tests to run. | |
| shell: bash | |
| run: | | |
| IFS=',' read -ra TAGS <<< "${{ needs.discover-tags.outputs.tags_csv }}" | |
| for tag in "${TAGS[@]}"; do | |
| names=$(grep -lE "^//go:build.*\b${tag}\b" integration/*.go 2>/dev/null \ | |
| | xargs -r grep -hE "^func Test[A-Z]" \ | |
| | sed -E 's/func (Test[A-Za-z0-9_]+).*/\1/' | sort -u | tr '\n' '|' | sed 's/|$//') | |
| if [ -z "$names" ]; then | |
| echo "ERROR: no tests found for tag ${tag}" >&2 | |
| exit 1 | |
| fi | |
| printf '^(%s)$\n' "$names" > "out/bin/run-pattern-${tag}.txt" | |
| echo "tag=${tag} tests=$(echo "$names" | tr '|' '\n' | wc -l)" | |
| done | |
| - name: Stage Test Data | |
| # The integration tests read docs/configuration/*.yaml at runtime via getCortexProjectDir() | |
| # in integration/util.go. Bundling these so the integration job doesn't need a checkout. | |
| run: | | |
| mkdir -p out/testdata/docs | |
| cp -r docs/configuration out/testdata/docs/ | |
| - name: Create Integration Tests Archive | |
| run: tar -C out -czvf integration-tests-${{ matrix.arch }}.tar.gz bin testdata | |
| - name: Upload Integration Tests Artifact | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: integration-tests-${{ matrix.arch }} | |
| path: ./integration-tests-${{ matrix.arch }}.tar.gz | |
| integration: | |
| needs: [discover-tags, build, build-integration-tests, lint] | |
| runs-on: ${{ matrix.runner }} | |
| timeout-minutes: 50 | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.discover-tags.outputs.matrix) }} | |
| steps: | |
| - name: Download Docker Images Artifacts | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: Docker Images | |
| - name: Extract Docker Images Archive | |
| run: tar -xvf images.tar -C / | |
| - name: Load Docker Images | |
| # Load every saved docker image tar into the runner's docker daemon. Each tar in /tmp/images | |
| # was produced by `make save-images` in the build job (one file per image:tag-arch). | |
| run: | | |
| for img in /tmp/images/*; do | |
| [ -f "$img" ] || continue | |
| docker load -i "$img" | |
| done | |
| - name: Download Integration Tests Artifact | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: integration-tests-${{ matrix.arch }} | |
| - name: Extract Integration Tests Archive | |
| run: tar -xzvf integration-tests-${{ matrix.arch }}.tar.gz | |
| - name: Preload Images | |
| # We download docker images used by integration tests so that all images are available | |
| # locally and the download time doesn't account in the test execution time, which is subject | |
| # to a timeout. Each pull is wrapped in a small retry helper so a transient Docker Hub / | |
| # quay.io registry hiccup (e.g. "context deadline exceeded") doesn't fail the whole job. | |
| run: | | |
| # Retry a command up to 3 times with exponential backoff (5s, then 10s). A transient | |
| # docker pull failure is retried; a genuine, persistent failure still fails the step | |
| # because the final `return 1` propagates under `bash -e`. | |
| retry() { | |
| local max_attempts=3 attempt=1 delay=5 | |
| until "$@"; do | |
| if [ "$attempt" -ge "$max_attempts" ]; then | |
| echo "ERROR: '$*' failed after ${max_attempts} attempts." >&2 | |
| return 1 | |
| fi | |
| echo "WARNING: '$*' failed (attempt ${attempt}/${max_attempts}); retrying in ${delay}s..." >&2 | |
| sleep "$delay" | |
| attempt=$((attempt + 1)) | |
| delay=$((delay * 2)) | |
| done | |
| } | |
| retry docker pull minio/minio:RELEASE.2024-05-28T17-19-04Z | |
| retry docker pull consul:1.8.4 | |
| retry docker pull quay.io/coreos/etcd:v3.5.29 | |
| if [ "$TEST_TAGS" = "integration_backward_compatibility" ]; then | |
| retry docker pull quay.io/cortexproject/cortex:v1.16.1 | |
| retry docker pull quay.io/cortexproject/cortex:v1.17.2 | |
| retry docker pull quay.io/cortexproject/cortex:v1.18.1 | |
| retry docker pull quay.io/cortexproject/cortex:v1.19.1 | |
| retry docker pull quay.io/cortexproject/cortex:v1.20.1 | |
| retry docker pull quay.io/cortexproject/cortex:v1.21.0 | |
| elif [ "$TEST_TAGS" = "integration_query_fuzz" ]; then | |
| retry docker pull quay.io/cortexproject/cortex:v1.20.1 | |
| retry docker pull quay.io/prometheus/prometheus:v3.8.1 | |
| elif [ "$TEST_TAGS" = "integration_configs_db" ]; then | |
| retry docker pull postgres:9.6.16 | |
| fi | |
| retry docker pull memcached:1.6.1 | |
| retry docker pull redis:7.0.4-alpine | |
| env: | |
| TEST_TAGS: ${{ matrix.tags }} | |
| - name: Integration Tests | |
| timeout-minutes: 45 | |
| run: | | |
| export CORTEX_IMAGE_PREFIX="${IMAGE_PREFIX:-quay.io/cortexproject/}" | |
| export IMAGE_TAG="${{ needs.build.outputs.image_tag }}" | |
| export CORTEX_IMAGE="${CORTEX_IMAGE_PREFIX}cortex:${IMAGE_TAG}-${{ matrix.arch }}" | |
| export CORTEX_CHECKOUT_DIR="$PWD/testdata" | |
| PATTERN="$(cat bin/run-pattern-${{ matrix.tags }}.txt)" | |
| echo "Running integration tests on ${{ matrix.arch }} with image: ${CORTEX_IMAGE}" | |
| echo "Selecting tests via -test.run=${PATTERN}" | |
| ./bin/integration.test -test.timeout=2400s -test.v -test.count=1 -test.run="${PATTERN}" | |
| env: | |
| IMAGE_PREFIX: ${{ secrets.IMAGE_PREFIX }} | |
| deploy: | |
| needs: [build, test, lint, integration] | |
| if: (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) && github.repository == 'cortexproject/cortex' | |
| runs-on: ubuntu-24.04 | |
| container: | |
| image: quay.io/cortexproject/build-image:master-5f643d518c | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Setup Git safe.directory | |
| run: | | |
| echo "this step is needed because when running in container, actions/checkout does not set safe.directory effectively." | |
| echo "See https://github.com/actions/runner/issues/2033. We should use --system instead of --global" | |
| git config --system --add safe.directory $GITHUB_WORKSPACE | |
| - name: Install Docker Client | |
| run: ./.github/workflows/scripts/install-docker.sh | |
| env: | |
| DOCKER_REGISTRY_USER: ${{secrets.DOCKER_REGISTRY_USER}} | |
| DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | |
| - name: Sym link Expected Path to Workspace | |
| run: | | |
| mkdir -p /go/src/github.com/cortexproject/cortex | |
| ln -s $GITHUB_WORKSPACE/* /go/src/github.com/cortexproject/cortex | |
| - name: Download Docker Images Artifact | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: Docker Images | |
| - name: Extract Docker Images Archive | |
| run: tar -xvf images.tar -C / | |
| - name: Load Images | |
| run: | | |
| ln -s /tmp/images ./docker-images | |
| make BUILD_IN_CONTAINER=false load-images | |
| - name: Deploy | |
| run: | | |
| if [ -n "$DOCKER_REGISTRY_PASSWORD" ]; then | |
| docker login -u "$DOCKER_REGISTRY_USER" -p "$DOCKER_REGISTRY_PASSWORD" | |
| fi | |
| if [ -n "$QUAY_REGISTRY_PASSWORD" ]; then | |
| docker login -u "$QUAY_REGISTRY_USER" -p "$QUAY_REGISTRY_PASSWORD" quay.io; | |
| fi | |
| export IMAGE_TAG="${{ needs.build.outputs.image_tag }}" | |
| ./push-images $NOQUAY | |
| env: | |
| DOCKER_REGISTRY_USER: ${{secrets.DOCKER_REGISTRY_USER}} | |
| DOCKER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | |
| QUAY_REGISTRY_USER: ${{secrets.QUAY_REGISTRY_USER}} | |
| QUAY_REGISTRY_PASSWORD: ${{secrets.QUAY_REGISTRY_PASSWORD}} | |
| NOQUAY: ${{secrets.NOQUAY}} |