containerd · apostasie · Mar 4, 2025 · Mar 5, 2025 · Mar 5, 2025 · Mar 5, 2025
diff --git a/.github/actions/dev-tools/action.yml b/.github/actions/dev-tools/action.yml
@@ -0,0 +1,23 @@
+name: "Dev-tools install"
+
+description: "This action installs dev-tools, with caching."
+
+runs:
+  using: composite
+  steps:
+    - name: Environment setup
+      shell: bash
+      run: |
+        echo "GO_VERSION=$(go version) >> "$GITHUB_ENV"
+        echo "UNAME=$(uname)" >> "$GITHB_ENV"
+    - name: Enable cache
+      uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf  # v4.2.2
+      id: cache
+      with:
+        path: ~/go/bin
+        key: dev-tools-${{ env.UNAME }}-${{ env.GO_VERSION }}-${{ hashFiles('Makefile') }}
+    - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
+      name: Install dev tools
+      shell: bash
+      continue-on-error: false
+      run: make install-dev-tools
diff --git a/.github/actions/install-go/action.yml b/.github/actions/install-go/action.yml
@@ -0,0 +1,35 @@
+name: "Go install"
+
+description: "This action installs go, with caching.
+  By default, the latest stable release is used.
+  You can also pass an explicit version:
+  - `1.23` will install the latest stable patch release for that branch
+  - `1.22.2` will install that specific version
+  - `canary` will install the latest alpha/beta/RC"
+
+inputs:
+  version:
+    default: ""
+    description: ""
+
+runs:
+  using: composite
+  steps:
+    - name: Environment setup
+      shell: bash
+      run: |
+        export GO_VERSION=${{ inputs.version }}
+        echo "GO_VERSION=$(make install-go-resolve-version)" >> "$GITHUB_ENV"
+        echo "PATH=/opt/go/bin:$HOME/go/bin:$PATH" >> "$GITHUB_ENV"
+        echo "UNAME=$(uname)" >> "$GITHB_ENV"
+    - name: Enable cache
+      uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf  # v4.2.2
+      id: cache
+      with:
+        path: /opt/go
+        key: golang-${{ env.UNAME }}-${{ env.GO_VERSION }}
+    - if: ${{ steps.cache.outputs.cache-hit != 'true' }}
+      name: Install go
+      shell: bash
+      continue-on-error: false
+      run: GO_INSTALL_DESTINATION=/opt make install-go
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -8,75 +8,67 @@ on:
   pull_request:
 
 env:
-  GO_VERSION: 1.24.x
+  GO_VERSION: 1.24
   GOTOOLCHAIN: local
+  GO_INSTALL_DESTINATION: /opt
+  GOOS: linux
 
 jobs:
-  go:
+  go_current:
     timeout-minutes: 5
-    name: "go | ${{ matrix.goos }} | ${{ matrix.canary }}"
-    runs-on: "${{ matrix.os }}"
-    defaults:
-      run:
-        shell: bash
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: ubuntu-24.04
-            goos: linux
-          - os: ubuntu-24.04
-            goos: freebsd
-          # FIXME: this is currently failing in a non-sensical way, so, running on linux instead...
-          # - os: windows-2022
-          - os: ubuntu-24.04
-            goos: windows
-          - os: ubuntu-24.04
-            goos: linux
-            # This allows the canary script to select any upcoming golang alpha/beta/RC
-            canary: go-canary
+    name: "go stable"
+    runs-on: ubuntu-24.04
+    steps:
+      # Clone
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
+      # Install go
+      - name: "Install go"
+        uses: ./.github/actions/install-go
+      # Install dev-tools
+      - name: "Install dev-tools"
+        uses: ./.github/actions/dev-tools
+
+      - name: imports
+        run: make lint-imports
+      - name: mod
+        run: make lint-mod
+      - name: go
+        run: make lint-go-all
+      - name: go
+        # This is duplicating some of the work done in projects-check (which uses an old / buggy version
+        # of go-licenses, and also only test for linux).
+        run: make lint-licenses-all
+
+  go_canary:
+    timeout-minutes: 5
+    name: "go canary"
+    runs-on: ubuntu-24.04
     env:
-      GOOS: "${{ matrix.goos }}"
+      GO_VERSION: canary
     steps:
+      # Clone
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-        with:
-          fetch-depth: 1
-      - name: Set GO env
-        run: |
-          # If canary is specified, get the latest available golang pre-release instead of the major version
-          if [ "$canary" != "" ]; then
-            . ./hack/build-integration-canary.sh
-            canary::golang::latest
-          fi
-      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34  # v5.3.0
-        with:
-          go-version: ${{ env.GO_VERSION }}
-          check-latest: true
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837  # v6.5.0
-        with:
-          args: --verbose
-          # See https://github.com/containerd/nerdctl/issues/3914
-          verify: false
+      # Install go
+      - name: "Install go"
+        uses: ./.github/actions/install-go
+      # Install dev-tools
+      - name: "Install dev-tools"
+        uses: ./.github/actions/dev-tools
+
+      - name: imports
+        run: make lint-imports
+      - name: mod
+        run: make lint-mod
+      - name: go
+        run: make lint-go-all
+
   other:
     timeout-minutes: 5
-    name: yaml | shell | imports order
+    name: "yaml | shell"
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-        with:
-          fetch-depth: 1
-      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34  # v5.3.0
-        with:
-          go-version: ${{ env.GO_VERSION }}
-          check-latest: true
-      - name: install required linters and dev-tools
-        run: |
-          make install-dev-tools
-      - name: yaml
+      - name: make lint-yaml
         run: make lint-yaml
-      - name: shell
+      - name: make lint-shell
         run: make lint-shell
-      - name: go imports ordering
-        run: |
-          make lint-imports
diff --git a/.github/workflows/test-canary.yml b/.github/workflows/test-canary.yml
@@ -11,21 +11,25 @@ on:
       - '**.md'
 
 env:
-  UBUNTU_VERSION: "24.04"
+  GO_VERSION: canary
+  GOTOOLCHAIN: local
+  GO_INSTALL_DESTINATION: /opt
+  GOOS: linux
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
 jobs:
   linux:
-    runs-on: "ubuntu-24.04"
+    runs-on: ubuntu-24.04
     timeout-minutes: 40
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-        with:
-          fetch-depth: 1
-      - name: "Prepare integration test environment"
+      - name: "Setup environment"
         run: |
+          # Get latest canary go version
+          export GO_VERSION=$(make install-go-resolve-version)
+          # Build integration image with updated dependencies
           . ./hack/build-integration-canary.sh
-          canary::build::integration
+          LOG_LEVEL=info canary::build::integration
       - name: "Remove snap loopback devices (conflicts with our loopback devices in TestRunDevice)"
         run: |
           sudo systemctl disable --now snapd.service snapd.socket
@@ -41,6 +45,7 @@ jobs:
           docker run --privileged --rm tonistiigi/binfmt --install linux/amd64
           docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
           docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
+
       - name: "Run unit tests"
         run: go test -v ./pkg/...
       - name: "Run integration tests"
@@ -50,48 +55,56 @@ jobs:
 
   windows:
     timeout-minutes: 40
-    runs-on: windows-latest
+    runs-on: windows-2022
+    env:
+      GOOS: windows
     defaults:
       run:
         shell: bash
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
+      - name: "Clone"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
+      - name: "Setup go environment"
+        run: |
+          echo "GO_VERSION=$(make install-go-resolve-version)" >> "$GITHUB_ENV"
+          echo "PATH=$GO_INSTALL_DESTINATION/go/bin:$HOME/go/bin:$PATH" >> "$GITHUB_ENV"
+      - name: "Cache go"
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf  # v4.2.2
+        id: cache-go
+        with:
+          path: /opt/go
+          key: golang-${{ env.GOOS }}-${{ env.GO_VERSION }}
+      - if: ${{ steps.cache-go.outputs.cache-hit != 'true' }}
+        name: "Setup go"
+        continue-on-error: false
+        run: make install-go
+      - name: "Cache dev-tools"
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf  # v4.2.2
+        id: cache-go-dev
         with:
-          fetch-depth: 1
-      - name: Set GO env
+          path: ~/go/bin
+          key: golang-dev-${{ env.GOOS }}-${{ env.GO_VERSION }}-${{ hashFiles('Makefile') }}
+      - if: ${{ steps.cache-go-dev.outputs.cache-hit != 'true' }}
+        name: "Setup dev tools"
+        continue-on-error: false
+        run: make install-dev-tools
+      - name: "Setup CNI & containerd"
         run: |
-          # Get latest containerd
+          # CNI install script has not been modified in 3+ years.
+          # There is little to no reason to update this to latest containerd
+          curl -fsSLO https://raw.githubusercontent.com/containerd/containerd/refs/tags/v1.7.25/script/setup/install-cni-windows
+          GOPATH=$(go env GOPATH) ./install-cni-windows
+          # Setup nerdctl
+          go install ./cmd/nerdctl
+          # Get latest tagged containerd
           args=(curl --proto '=https' --tlsv1.2 -fsSL -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28")
           [ "${GITHUB_TOKEN:-}" == "" ] && {
-            >&2 printf "GITHUB_TOKEN is not set - you might face rate limitations with the Github API\n"
+            echo "GITHUB_TOKEN is not set - you might face rate limitations with the Github API"
           } || args+=(-H "Authorization: Bearer $GITHUB_TOKEN")
           ctd_v="$("${args[@]}" https://api.github.com/repos/containerd/containerd/tags | jq -rc .[0].name)"
-          echo "CONTAINERD_VERSION=${ctd_v:1}" >> "$GITHUB_ENV"
-
-          . ./hack/build-integration-canary.sh
-          canary::golang::latest
-      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34  # v5.3.0
-        with:
-          go-version: ${{ env.GO_VERSION }}
-          check-latest: true
-      - run: go install ./cmd/nerdctl
-      - run: make install-dev-tools
-      # This here is solely to get the cni install script, which has not been modified in 3+ years.
-      # There is little to no reason to update this to latest containerd
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-        with:
-          repository: containerd/containerd
-          ref: "v1.7.25"
-          path: containerd
-          fetch-depth: 1
-      - name: "Set up CNI"
-        working-directory: containerd
-        run: GOPATH=$(go env GOPATH) script/setup/install-cni-windows
-      # Windows setup script can only use released versions
-      - name: "Set up containerd"
-        env:
-          ctrdVersion: ${{ env.CONTAINERD_VERSION }}
-        run: powershell hack/configure-windows-ci.ps1
+          ctrdVersion="${ctd_v:1}" powershell hack/configure-windows-ci.ps1
+      - name: "Run unit tests"
+        run: go test -v ./pkg/...
       - name: "Run integration tests"
         run: ./hack/test-integration.sh -test.only-flaky=false
       - name: "Run integration tests (flaky)"

diff --git a/.github/workflows/test-kube.yml b/.github/workflows/test-kube.yml
@@ -12,14 +12,12 @@ on:
 
 jobs:
   linux:
-    runs-on: "ubuntu-24.04"
+    runs-on: ubuntu-24.04
     timeout-minutes: 40
     env:
       ROOTFUL: true
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-        with:
-          fetch-depth: 1
       - name: "Run Kubernetes integration tests"
         # See https://github.com/containerd/nerdctl/blob/main/docs/testing/README.md#about-parallelization
         run: |