Cherry-pick fix for CVE-2023-20593 ("Zenbleed") #3966
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
pull_request: | |
branches: [develop] | |
# Here we list file types that don't affect the build and don't need to use | |
# up our Actions runners. | |
paths-ignore: | |
# draw.io (diagrams.net) files, the source of png images for docs | |
- '**.drawio' | |
# Example configuration files | |
- '**.example' | |
# Markdown documentation | |
- '**.md' | |
# Images for documentation | |
- '**.png' | |
# Templates for README files | |
- '**.tpl' | |
# Sample config files and OpenAPI docs | |
- '**.yaml' | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
list-variants: | |
# This needs to be its own job since the build job needs its output before | |
# it can initialize | |
if: github.repository == 'bottlerocket-os/bottlerocket' | |
name: "Determine variants" | |
runs-on: ubuntu-latest | |
outputs: | |
variants: ${{ steps.get-variants.outputs.variants }} | |
aarch-enemies: ${{ steps.get-variants.outputs.aarch-enemies }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: ./.github/actions/list-variants | |
id: get-variants | |
build: | |
needs: list-variants | |
runs-on: | |
group: bottlerocket | |
labels: bottlerocket_ubuntu-latest_32-core | |
continue-on-error: true | |
strategy: | |
matrix: | |
variant: ${{ fromJson(needs.list-variants.outputs.variants) }} | |
arch: [x86_64, aarch64] | |
exclude: ${{ fromJson(needs.list-variants.outputs.aarch-enemies) }} | |
fail-fast: false | |
name: "Build ${{ matrix.variant }}-${{ matrix.arch }}" | |
steps: | |
- name: Random delay | |
run: | | |
delay=$((1 + $RANDOM % 32)) | |
echo "Waiting ${delay} seconds before execution" | |
sleep $delay | |
- uses: actions/checkout@v3 | |
- name: Preflight step to set up the runner | |
uses: ./.github/actions/setup-node | |
- if: contains(matrix.variant, 'nvidia') | |
run: | | |
cat <<-EOF > Licenses.toml | |
[nvidia] | |
spdx-id = "LICENSE-LicenseRef-NVIDIA-Customer" | |
licenses = [ | |
{ path = "NVIDIA", license-url = "https://www.nvidia.com/en-us/drivers/nvidia-license/" } | |
] | |
EOF | |
- run: rustup component add rustfmt | |
- run: cargo make -e BUILDSYS_VARIANT=${{ matrix.variant }} unit-tests | |
- run: cargo make -e BUILDSYS_VARIANT=${{ matrix.variant }} check-fmt | |
# Avoid running Go lint check via `cargo make check-lints` since there's a separate golangci-lint workflow | |
- run: cargo make -e BUILDSYS_VARIANT=${{ matrix.variant }} check-clippy | |
- run: cargo make -e BUILDSYS_VARIANT=${{ matrix.variant }} check-shell | |
- run: | | |
cargo make -e BUILDSYS_VARIANT=${{ matrix.variant }} \ | |
-e BUILDSYS_ARCH=${{ matrix.arch }} \ | |
-e BUILDSYS_JOBS=12 \ | |
-e BUILDSYS_UPSTREAM_SOURCE_FALLBACK="${{ contains(matrix.variant, 'nvidia') }}" \ | |
-e BUILDSYS_UPSTREAM_LICENSE_FETCH="${{ contains(matrix.variant, 'nvidia') }}" |