Skip to content

Commit 1179da9

Browse files
committed
Merge tag 'v1.94.1' into cpierre/coreweave-v1.94.1
Release 1.94.1
2 parents fc7d74b + d885b34 commit 1179da9

238 files changed

Lines changed: 13833 additions & 2594 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/actions/go-cache/action.sh

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
#!/usr/bin/env bash
2+
#
3+
# This script sets up cigocacher, but should never fail the build if unsuccessful.
4+
# It expects to run on a GitHub-hosted runner, and connects to cigocached over a
5+
# private Azure network that is configured at the runner group level in GitHub.
6+
#
7+
# Usage: ./action.sh
8+
# Inputs:
9+
# URL: The cigocached server URL.
10+
# HOST: The cigocached server host to dial.
11+
# Outputs:
12+
# success: Whether cigocacher was set up successfully.
13+
14+
set -euo pipefail
15+
16+
if [ -z "${GITHUB_ACTIONS:-}" ]; then
17+
echo "This script is intended to run within GitHub Actions"
18+
exit 1
19+
fi
20+
21+
if [ -z "${URL:-}" ]; then
22+
echo "No cigocached URL is set, skipping cigocacher setup"
23+
exit 0
24+
fi
25+
26+
GOPATH=$(command -v go || true)
27+
if [ -z "${GOPATH}" ]; then
28+
if [ ! -f "tool/go" ]; then
29+
echo "Go not available, unable to proceed"
30+
exit 1
31+
fi
32+
GOPATH="./tool/go"
33+
fi
34+
35+
BIN_PATH="${RUNNER_TEMP:-/tmp}/cigocacher$(${GOPATH} env GOEXE)"
36+
if [ -d "cmd/cigocacher" ]; then
37+
echo "cmd/cigocacher found locally, building from local source"
38+
"${GOPATH}" build -o "${BIN_PATH}" ./cmd/cigocacher
39+
else
40+
echo "cmd/cigocacher not found locally, fetching from tailscale.com/cmd/cigocacher"
41+
"${GOPATH}" build -o "${BIN_PATH}" tailscale.com/cmd/cigocacher
42+
fi
43+
44+
CIGOCACHER_TOKEN="$("${BIN_PATH}" --auth --cigocached-url "${URL}" --cigocached-host "${HOST}" )"
45+
if [ -z "${CIGOCACHER_TOKEN:-}" ]; then
46+
echo "Failed to fetch cigocacher token, skipping cigocacher setup"
47+
exit 0
48+
fi
49+
50+
echo "Fetched cigocacher token successfully"
51+
echo "::add-mask::${CIGOCACHER_TOKEN}"
52+
53+
echo "GOCACHEPROG=${BIN_PATH} --cache-dir ${CACHE_DIR} --cigocached-url ${URL} --cigocached-host ${HOST} --token ${CIGOCACHER_TOKEN}" >> "${GITHUB_ENV}"
54+
echo "success=true" >> "${GITHUB_OUTPUT}"
Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
name: go-cache
2+
description: Set up build to use cigocacher
3+
4+
inputs:
5+
cigocached-url:
6+
description: URL of the cigocached server
7+
required: true
8+
cigocached-host:
9+
description: Host to dial for the cigocached server
10+
required: true
11+
checkout-path:
12+
description: Path to cloned repository
13+
required: true
14+
cache-dir:
15+
description: Directory to use for caching
16+
required: true
17+
18+
outputs:
19+
success:
20+
description: Whether cigocacher was set up successfully
21+
value: ${{ steps.setup.outputs.success }}
22+
23+
runs:
24+
using: composite
25+
steps:
26+
- name: Setup cigocacher
27+
id: setup
28+
shell: bash
29+
env:
30+
URL: ${{ inputs.cigocached-url }}
31+
HOST: ${{ inputs.cigocached-host }}
32+
CACHE_DIR: ${{ inputs.cache-dir }}
33+
working-directory: ${{ inputs.checkout-path }}
34+
# https://github.com/orgs/community/discussions/25910
35+
run: $GITHUB_ACTION_PATH/action.sh

.github/workflows/checklocks.yml

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
name: checklocks
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
pull_request:
8+
paths:
9+
- '**/*.go'
10+
- '.github/workflows/checklocks.yml'
11+
12+
concurrency:
13+
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
14+
cancel-in-progress: true
15+
16+
jobs:
17+
checklocks:
18+
runs-on: [ ubuntu-latest ]
19+
steps:
20+
- name: Check out code
21+
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
22+
23+
- name: Build checklocks
24+
run: ./tool/go build -o /tmp/checklocks gvisor.dev/gvisor/tools/checklocks/cmd/checklocks
25+
26+
- name: Run checklocks vet
27+
# TODO(#12625): add more packages as we add annotations
28+
run: |-
29+
./tool/go vet -vettool=/tmp/checklocks \
30+
./envknob \
31+
./ipn/store/mem \
32+
./net/stun/stuntest \
33+
./net/wsconn \
34+
./proxymap

.github/workflows/cigocacher.yml

Lines changed: 73 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,73 @@
1+
name: Build cigocacher
2+
3+
on:
4+
# Released on-demand. The commit will be used as part of the tag, so generally
5+
# prefer to release from main where the commit is stable in linear history.
6+
workflow_dispatch:
7+
8+
jobs:
9+
build:
10+
strategy:
11+
matrix:
12+
GOOS: ["linux", "darwin", "windows"]
13+
GOARCH: ["amd64", "arm64"]
14+
runs-on: ubuntu-24.04
15+
env:
16+
GOOS: "${{ matrix.GOOS }}"
17+
GOARCH: "${{ matrix.GOARCH }}"
18+
CGO_ENABLED: "0"
19+
steps:
20+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
21+
- name: Build
22+
run: |
23+
OUT="cigocacher$(./tool/go env GOEXE)"
24+
./tool/go build -o "${OUT}" ./cmd/cigocacher/
25+
tar -zcf cigocacher-${{ matrix.GOOS }}-${{ matrix.GOARCH }}.tar.gz "${OUT}"
26+
27+
- uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
28+
with:
29+
name: cigocacher-${{ matrix.GOOS }}-${{ matrix.GOARCH }}
30+
path: cigocacher-${{ matrix.GOOS }}-${{ matrix.GOARCH }}.tar.gz
31+
32+
release:
33+
runs-on: ubuntu-24.04
34+
needs: build
35+
permissions:
36+
contents: write
37+
steps:
38+
- name: Download all artifacts
39+
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
40+
with:
41+
pattern: 'cigocacher-*'
42+
merge-multiple: true
43+
# This step is a simplified version of actions/create-release and
44+
# actions/upload-release-asset, which are archived and unmaintained.
45+
- name: Create release
46+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
47+
with:
48+
script: |
49+
const fs = require('fs');
50+
const path = require('path');
51+
52+
const { data: release } = await github.rest.repos.createRelease({
53+
owner: context.repo.owner,
54+
repo: context.repo.repo,
55+
tag_name: `cmd/cigocacher/${{ github.sha }}`,
56+
name: `cigocacher-${{ github.sha }}`,
57+
draft: false,
58+
prerelease: true,
59+
target_commitish: `${{ github.sha }}`
60+
});
61+
62+
const files = fs.readdirSync('.').filter(f => f.endsWith('.tar.gz'));
63+
64+
for (const file of files) {
65+
await github.rest.repos.uploadReleaseAsset({
66+
owner: context.repo.owner,
67+
repo: context.repo.repo,
68+
release_id: release.id,
69+
name: file,
70+
data: fs.readFileSync(file)
71+
});
72+
console.log(`Uploaded ${file}`);
73+
}
Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
# For most projects, this workflow file will not need changing; you simply need
2+
# to commit it to your repository.
3+
#
4+
# You may wish to alter this file to override the set of languages analyzed,
5+
# or to provide custom queries or build logic.
6+
#
7+
# ******** NOTE ********
8+
# We have attempted to detect the languages in your repository. Please check
9+
# the `language` matrix defined below to confirm you have the correct set of
10+
# supported CodeQL languages.
11+
#
12+
name: "CodeQL"
13+
14+
on:
15+
push:
16+
branches: [ main, release-branch/* ]
17+
pull_request:
18+
# The branches below must be a subset of the branches above
19+
branches: [ main ]
20+
merge_group:
21+
branches: [ main ]
22+
schedule:
23+
- cron: '31 14 * * 5'
24+
25+
concurrency:
26+
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
27+
cancel-in-progress: true
28+
29+
jobs:
30+
analyze:
31+
name: Analyze
32+
runs-on: ubuntu-latest
33+
permissions:
34+
actions: read
35+
contents: read
36+
security-events: write
37+
38+
strategy:
39+
fail-fast: false
40+
matrix:
41+
language: [ 'go' ]
42+
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
43+
# Learn more:
44+
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
45+
46+
steps:
47+
- name: Checkout repository
48+
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
49+
50+
# Install a more recent Go that understands modern go.mod content.
51+
- name: Install Go
52+
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
53+
with:
54+
go-version-file: go.mod
55+
56+
# Initializes the CodeQL tools for scanning.
57+
- name: Initialize CodeQL
58+
uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5
59+
with:
60+
languages: ${{ matrix.language }}
61+
# If you wish to specify custom queries, you can do so here or in a config file.
62+
# By default, queries listed here will override any specified in a config file.
63+
# Prefix the list here with "+" to use these queries and those in the config file.
64+
# queries: ./path/to/local/query, your-org/your-repo/queries@main
65+
66+
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
67+
# If this step fails, then you should remove it and run the build manually (see below)
68+
- name: Autobuild
69+
uses: github/codeql-action/autobuild@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5
70+
71+
# ℹ️ Command-line programs to run using the OS shell.
72+
# 📚 https://git.io/JvXDl
73+
74+
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
75+
# and modify them (or add more) to build your code if your project
76+
# uses a compiled language
77+
78+
#- run: |
79+
# make bootstrap
80+
# make release
81+
82+
- name: Perform CodeQL Analysis
83+
uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5

.github/workflows/docker-base.yml

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
name: "Validate Docker base image"
2+
on:
3+
workflow_dispatch:
4+
pull_request:
5+
paths:
6+
- "Dockerfile.base"
7+
- ".github/workflows/docker-base.yml"
8+
jobs:
9+
build-and-test:
10+
runs-on: ubuntu-latest
11+
steps:
12+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
13+
- name: "build and test"
14+
run: |
15+
set -e
16+
IMG="test-base:$(head -c 8 /dev/urandom | xxd -p)"
17+
docker build -t "$IMG" -f Dockerfile.base .
18+
19+
iptables_version=$(docker run --rm "$IMG" iptables --version)
20+
if [[ "$iptables_version" != *"(legacy)"* ]]; then
21+
echo "ERROR: Docker base image should contain legacy iptables; found ${iptables_version}"
22+
exit 1
23+
fi
24+
25+
ip6tables_version=$(docker run --rm "$IMG" ip6tables --version)
26+
if [[ "$ip6tables_version" != *"(legacy)"* ]]; then
27+
echo "ERROR: Docker base image should contain legacy ip6tables; found ${ip6tables_version}"
28+
exit 1
29+
fi
Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
name: "Dockerfile build"
2+
on:
3+
push:
4+
branches:
5+
- main
6+
pull_request:
7+
jobs:
8+
deploy:
9+
runs-on: ubuntu-latest
10+
steps:
11+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
12+
- name: "Build Docker image"
13+
run: docker build .
Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
name: update-flakehub
2+
3+
on:
4+
push:
5+
tags:
6+
- "v[0-9]+.*[02468].[0-9]+"
7+
workflow_dispatch:
8+
inputs:
9+
tag:
10+
description: "The existing tag to publish to FlakeHub"
11+
type: "string"
12+
required: true
13+
jobs:
14+
flakehub-publish:
15+
runs-on: "ubuntu-latest"
16+
permissions:
17+
id-token: "write"
18+
contents: "read"
19+
steps:
20+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
21+
with:
22+
ref: "${{ (inputs.tag != null) && format('refs/tags/{0}', inputs.tag) || '' }}"
23+
- uses: DeterminateSystems/nix-installer-action@786fff0690178f1234e4e1fe9b536e94f5433196 # v20
24+
- uses: DeterminateSystems/flakehub-push@71f57208810a5d299fc6545350981de98fdbc860 # v6
25+
with:
26+
visibility: "public"
27+
tag: "${{ inputs.tag }}"

0 commit comments

Comments
 (0)