Skip to content

Patch: Upgrade google.golang.org/grpc to fix CVE-2023-44487 #17

Patch: Upgrade google.golang.org/grpc to fix CVE-2023-44487

Patch: Upgrade google.golang.org/grpc to fix CVE-2023-44487 #17

Workflow file for this run

name: Go-build-and-test
on:
push:
branches:
- master
pull_request:
branches: [ master ]
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.19.x
uses: actions/setup-go@v2
with:
# Use the same go version with build job
go-version: '1.19'
- name: Check out code into the Go module directory
uses: actions/checkout@v2
with:
# When checking out the repository that
# triggered a workflow, this defaults to the reference or SHA for that event.
# Default value should work for both pull_request and merge(push) event.
ref: ${{github.event.pull_request.head.sha}}
- name: Install goimports and gofumpt
run: |
go install golang.org/x/tools/cmd/goimports@latest
go install mvdan.cc/[email protected]
- name: Run gofmt
uses: Jerome1337/[email protected]
with:
gofmt-path: 'apiserver cli ray-operator'
gofmt-flags: '-l -d -s'
- name: Run linter against ray operator
uses: golangci/golangci-lint-action@v2
with:
# Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
version: v1.54.1
# Optional: working directory, useful for monorepos
working-directory: ./ray-operator
# Optional: golangci-lint command line arguments.
# args: --issues-exit-code=0
args: --timeout=3m
# Optional: show only new issues if it's a pull request. The default value is `false`.
# only-new-issues: true
# Optional: if set to true then the action will use pre-installed Go.
skip-go-installation: true
# Optional: if set to true then the action don't cache or restore ~/go/pkg.
skip-pkg-cache: true
# Optional: if set to true then the action don't cache or restore ~/.cache/go-build.
# skip-build-cache: true
- name: Run linter against apiserver
uses: golangci/golangci-lint-action@v2
with:
version: v1.54.1
working-directory: ./apiserver
args: --timeout=3m
skip-go-installation: true
skip-pkg-cache: true
- name: Run linter against cli
uses: golangci/golangci-lint-action@v2
with:
version: v1.54.1
working-directory: ./cli
args: --timeout=3m
skip-go-installation: true
skip-pkg-cache: true
- name: Run goimports
run: test -z "$(set -o pipefail && $(go env GOPATH)/bin/goimports -l apiserver/ cli/ $(find ./ray-operator -name "*.go" | grep -v zz_generated.deepcopy.go) | tee goimports.out)" || { cat goimports.out && exit 1; }
- name: Open this to see how to fix goimports if it fails
run: |
echo "Run command 'goimports -w apiserver/ cli/ $(find ./ray-operator -name "*.go" | grep -v zz_generated.deepcopy.go)' to correct your code format."
echo "Proposed format changes:"
$(go env GOPATH)/bin/goimports -d apiserver/ cli/ $(find ./ray-operator -name "*.go" | grep -v zz_generated.deepcopy.go)
if: failure()
- name: Run gofumpt
run: test -z "$(set -o pipefail && $(go env GOPATH)/bin/gofumpt -l apiserver/ ray-operator/ cli/ | tee gofumpt.out)" || { cat gofumpt.out && exit 1; }
- name: Open this to see how to fix gofumpt if it fails
run: |
echo "Run command 'gofumpt -w apiserver/ ray-operator/ cli/' to correct your code format."
echo "Proposed format changes:"
$(go env GOPATH)/bin/gofumpt -d apiserver/ ray-operator/ cli/
if: failure()
build_apiserver:
env:
working-directory: ./apiserver
cli-working-directory: ./cli
name: Build Apiserver, CLI Binaries and Docker Images
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.19.x
uses: actions/setup-go@v2
with:
go-version: '1.19'
- name: Check out code into the Go module directory
uses: actions/checkout@v2
with:
# When checking out the repository that
# triggered a workflow, this defaults to the reference or SHA for that event.
# Default value should work for both pull_request and merge(push) event.
ref: ${{github.event.pull_request.head.sha}}
- name: list directories
working-directory: ${{env.working-directory}}
run: |
pwd
ls -R
- name: install kubebuilder
run: |
wget https://github.com/kubernetes-sigs/kubebuilder/releases/download/v3.0.0/kubebuilder_$(go env GOOS)_$(go env GOARCH)
sudo mv kubebuilder_$(go env GOOS)_$(go env GOARCH) /usr/local/bin/kubebuilder
- name: Get revision SHA
id: vars
run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
- name: Get dependencies
run: go mod download
working-directory: ${{env.working-directory}}
- name: Build
run: go build ./...
working-directory: ${{env.working-directory}}
- name: Test
run: go test ./...
working-directory: ${{env.working-directory}}
- name: Set up Docker
uses: docker-practice/actions-setup-docker@master
- name: Build Docker Image - Apiserver
run: |
docker build -t kuberay/apiserver:${{ steps.vars.outputs.sha_short }} -f apiserver/Dockerfile .
docker save -o /tmp/apiserver.tar kuberay/apiserver:${{ steps.vars.outputs.sha_short }}
- name: Upload Artifact Apiserver
uses: actions/upload-artifact@v2
with:
name: apiserver_img
path: /tmp/apiserver.tar
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
if: contains(fromJson('["refs/heads/master"]'), github.ref)
- name: Push Apiserver to DockerHub
run: |
docker push kuberay/apiserver:${{ steps.vars.outputs.sha_short }};
docker image tag kuberay/apiserver:${{ steps.vars.outputs.sha_short }} kuberay/apiserver:nightly;
docker push kuberay/apiserver:nightly
if: contains(fromJson('["refs/heads/master"]'), github.ref)
- name: Log in to Quay.io
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}
if: contains(fromJson('["refs/heads/master"]'), github.ref)
- name: Push Apiserver to Quay.io
run: |
docker image tag kuberay/apiserver:${{ steps.vars.outputs.sha_short }} quay.io/kuberay/apiserver:${{ steps.vars.outputs.sha_short }};
docker push quay.io/kuberay/apiserver:${{ steps.vars.outputs.sha_short }};
docker image tag kuberay/apiserver:${{ steps.vars.outputs.sha_short }} quay.io/kuberay/apiserver:nightly;
docker push quay.io/kuberay/apiserver:nightly
if: contains(fromJson('["refs/heads/master"]'), github.ref)
- name: Build CLI
run: go build -o kuberay -a main.go
working-directory: ${{env.cli-working-directory}}
build_operator:
env:
working-directory: ./ray-operator
name: Build Operator Binaries and Docker Images
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.19.x
uses: actions/setup-go@v2
with:
go-version: '1.19'
- name: Check out code into the Go module directory
uses: actions/checkout@v2
with:
# When checking out the repository that
# triggered a workflow, this defaults to the reference or SHA for that event.
# Default value should work for both pull_request and merge(push) event.
ref: ${{github.event.pull_request.head.sha}}
- name: list directories
working-directory: ${{env.working-directory}}
run: |
pwd
ls -R
- name: install kubebuilder
run: |
wget https://github.com/kubernetes-sigs/kubebuilder/releases/download/v3.0.0/kubebuilder_$(go env GOOS)_$(go env GOARCH)
sudo mv kubebuilder_$(go env GOOS)_$(go env GOARCH) /usr/local/bin/kubebuilder
- name: Get revision SHA
id: vars
run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
- name: Get dependencies
run: go mod download
working-directory: ${{env.working-directory}}
- name: Build
run: make build
working-directory: ${{env.working-directory}}
- name: Test
run: make test
working-directory: ${{env.working-directory}}
- name: Set up Docker
uses: docker-practice/actions-setup-docker@master
- name: Build Docker Image - Operator
run: |
IMG=kuberay/operator:${{ steps.vars.outputs.sha_short }} make docker-image
docker save -o /tmp/operator.tar kuberay/operator:${{ steps.vars.outputs.sha_short }}
working-directory: ${{env.working-directory}}
- name: Upload Artifact Operator
uses: actions/upload-artifact@v2
with:
name: operator_img
path: /tmp/operator.tar
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
if: contains(fromJson('["refs/heads/master"]'), github.ref)
- name: Push Operator to DockerHub
run: |
docker push kuberay/operator:${{ steps.vars.outputs.sha_short }};
docker image tag kuberay/operator:${{ steps.vars.outputs.sha_short }} kuberay/operator:nightly;
docker push kuberay/operator:nightly
if: contains(fromJson('["refs/heads/master"]'), github.ref)
- name: Log in to Quay.io
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_ROBOT_TOKEN }}
if: contains(fromJson('["refs/heads/master"]'), github.ref)
- name: Push Operator to Quay.io
run: |
docker image tag kuberay/operator:${{ steps.vars.outputs.sha_short }} quay.io/kuberay/operator:${{ steps.vars.outputs.sha_short }};
docker push quay.io/kuberay/operator:${{ steps.vars.outputs.sha_short }};
docker image tag kuberay/operator:${{ steps.vars.outputs.sha_short }} quay.io/kuberay/operator:nightly;
docker push quay.io/kuberay/operator:nightly
if: contains(fromJson('["refs/heads/master"]'), github.ref)
test-compatibility-1_13_0:
needs:
- build_operator
- build_apiserver
- lint
runs-on: ubuntu-latest
name: Compatibility Test - 1.13.0
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
with:
# When checking out the repository that
# triggered a workflow, this defaults to the reference or SHA for that event.
# Default value should work for both pull_request and merge(push) event.
ref: ${{github.event.pull_request.head.sha}}
- uses: ./.github/workflows/actions/compatibility
with:
ray_version: 1.13.0
test-compatibility-2_4_0:
needs:
- build_operator
- build_apiserver
- lint
runs-on: ubuntu-latest
name: Compatibility Test - 2.4.0
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
with:
# When checking out the repository that
# triggered a workflow, this defaults to the reference or SHA for that event.
# Default value should work for both pull_request and merge(push) event.
ref: ${{github.event.pull_request.head.sha}}
- uses: ./.github/workflows/actions/compatibility
with:
ray_version: 2.4.0
test-compatibility-2_5_0:
needs:
- build_operator
- build_apiserver
- lint
runs-on: ubuntu-latest
name: Compatibility Test - 2.5.0
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
with:
# When checking out the repository that
# triggered a workflow, this defaults to the reference or SHA for that event.
# Default value should work for both pull_request and merge(push) event.
ref: ${{github.event.pull_request.head.sha}}
- uses: ./.github/workflows/actions/compatibility
with:
ray_version: 2.5.0
test-compatibility-2_6_3:
needs:
- build_operator
- build_apiserver
- lint
runs-on: ubuntu-latest
name: Compatibility Test - 2.6.3
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
with:
# When checking out the repository that
# triggered a workflow, this defaults to the reference or SHA for that event.
# Default value should work for both pull_request and merge(push) event.
ref: ${{github.event.pull_request.head.sha}}
- uses: ./.github/workflows/actions/compatibility
with:
ray_version: 2.6.3
test-compatibility-2_7_0:
needs:
- build_operator
- build_apiserver
- lint
runs-on: ubuntu-latest
name: Compatibility Test - 2.7.0
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
with:
# When checking out the repository that
# triggered a workflow, this defaults to the reference or SHA for that event.
# Default value should work for both pull_request and merge(push) event.
ref: ${{github.event.pull_request.head.sha}}
- uses: ./.github/workflows/actions/compatibility
with:
ray_version: 2.7.0
test-compatibility-nightly:
needs:
- build_operator
- build_apiserver
- lint
runs-on: ubuntu-latest
name: Compatibility Test - Nightly
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
with:
# When checking out the repository that
# triggered a workflow, this defaults to the reference or SHA for that event.
# Default value should work for both pull_request and merge(push) event.
ref: ${{github.event.pull_request.head.sha}}
- uses: ./.github/workflows/actions/compatibility
with:
ray_version: nightly
python-client-test:
runs-on: ubuntu-latest
name: Python Client Test
steps:
- name: Set up Docker
uses: docker-practice/actions-setup-docker@master
- name: Install Kind
run: |
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
kind create cluster
shell: bash
- name: Checkout Python
uses: actions/checkout@v2
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install package and run unittest for Python client
working-directory: ./clients/python-client
run: |
pip install -e .
python3 -m unittest discover 'python_client_test/'