Merge pull request #5 from HackStrix/feature/sandbox-template #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| test: | |
| name: Run Tests | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| # 1.21.x dropped: go.mod requires >= 1.22 (needed for SysProcAttr.CgroupFD) | |
| go-version: [ "1.22.x", "1.23.x", "1.24.x", "1.25.x", "1.26.x"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go ${{ matrix.go-version }} | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Verify dependencies | |
| run: go mod verify | |
| - name: Build | |
| run: go build -v ./... | |
| - name: Run tests with race detector | |
| run: go test -v -race -coverprofile=coverage.txt -covermode=atomic ./... | |
| # cgroup-integration: Layer 3 tests that require real cgroupv2 and root access. | |
| # Runs only on the latest stable Go version to keep CI fast. | |
| cgroup-integration: | |
| name: Cgroup Integration Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.26.x" | |
| - name: Verify cgroupv2 is available | |
| run: | | |
| if ! grep -q cgroup2 /proc/mounts; then | |
| echo "cgroupv2 not mounted — skipping integration tests" | |
| echo "CGROUP_AVAILABLE=false" >> "$GITHUB_ENV" | |
| else | |
| echo "CGROUP_AVAILABLE=true" >> "$GITHUB_ENV" | |
| fi | |
| - name: Build test dependencies (healthworker) | |
| run: go build ./testdata/healthworker/... | |
| - name: Run cgroup integration tests (as root) | |
| if: env.CGROUP_AVAILABLE == 'true' | |
| run: | | |
| sudo --preserve-env=PATH,GOPATH,GOCACHE,HOME \ | |
| env HERD_CGROUP_TEST=1 \ | |
| $(which go) test -v -run TestSandbox -timeout 60s ./... | |
| env: | |
| GOPATH: ${{ env.GOPATH }} | |
| GOCACHE: ${{ env.GOCACHE }} | |
| lint: | |
| name: Lint Code | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.22.x" | |
| cache: false # golangci-lint-action handles its own caching | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| version: latest | |
| args: --timeout=5m |