chore(ci): kresify gh actions #52

Workflow file for this run

.github/workflows/ci.yaml at 42001d1

	# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
	#
	# Generated on 2024-05-06T11:15:19Z by kres 97aa50e.

	name: default
	concurrency:
	group: ${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: true
	"on":
	push:
	branches:
	- main
	- release-*
	tags:
	- v*
	pull_request:
	branches:
	- main
	- release-*
	jobs:
	default:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- generic
	if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
	outputs:
	labels: ${{ steps.retrieve-pr-labels.outputs.result }}
	services:
	buildkitd:
	image: moby/buildkit:v0.13.1
	options: --privileged
	ports:
	- 1234:1234
	volumes:
	- /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit
	- /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Set up Docker Buildx
	id: setup-buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver: remote
	endpoint: tcp://127.0.0.1:1234
	timeout-minutes: 10
	- name: external-artifacts
	run: \|
	make external-artifacts
	- name: generate
	run: \|
	make generate docs
	- name: uki-certs
	env:
	PLATFORM: linux/amd64
	run: \|
	make uki-certs
	- name: check-dirty
	run: \|
	make check-dirty
	- name: build
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	PLATFORM: linux/amd64,linux/arm64
	PUSH: "true"
	run: \|
	make talosctl-all kernel sd-boot sd-stub initramfs installer imager talos _out/integration-test-linux-amd64
	- name: lint
	run: \|
	make lint
	- name: talosctl-cni-bundle
	run: \|
	make talosctl-cni-bundle
	- name: iso
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	run: \|
	make iso secureboot-iso
	- name: images-essential
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	PLATFORM: linux/amd64,linux/arm64
	run: \|
	make images-essential
	- name: unit-tests
	run: \|
	make unit-tests
	- name: unit-tests-race
	run: \|
	make unit-tests-race
	- name: coverage
	uses: codecov/codecov-action@v4
	with:
	files: _out/coverage.txt
	token: ${{ secrets.CODECOV_TOKEN }}
	timeout-minutes: 3
	- name: Generate executable list
	run: \|
	find _out -type f -executable > _out/executable-artifacts
	- name: save-artifacts
	uses: actions/upload-artifact@v4
	with:
	name: artifacts
	path: \|
	_out
	retention-days: "5"
	- name: Retrieve PR labels
	id: retrieve-pr-labels
	uses: actions/github-script@v7
	with:
	retries: "3"
	script: \|
	if (context.eventName != "pull_request") { return "[]" }

	const resp = await github.rest.issues.get({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	})

	return resp.data.labels.map(label => label.name)
	e2e-docker-short:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- generic
	if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: e2e-docker
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	SHORT_INTEGRATION_TEST: "yes"
	run: \|
	make e2e-docker
	e2e-iso:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- generic
	if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: e2e-iso
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	run: \|
	sudo -E make e2e-iso
	e2e-qemu-short:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- generic
	if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: e2e-qemu
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	SHORT_INTEGRATION_TEST: "yes"
	run: \|
	sudo -E make e2e-qemu
	integration-aws:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- generic
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/aws')
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Mask secrets
	run: \|
	echo -e "$(sops -d .secrets.yaml \| yq -e '.secrets \| to_entries[] \| "::add-mask::" + .value')"
	- name: Set secrets for job
	run: \|
	sops -d .secrets.yaml \| yq -e '.secrets \| to_entries[] \| .key + "=" + .value' >> "$GITHUB_ENV"
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: e2e-aws-prepare
	env:
	E2E_AWS_TARGET: default
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	run: \|
	make e2e-aws-prepare
	- name: checkout contrib
	uses: actions/checkout@v4
	with:
	path: _out/contrib
	ref: main
	repository: siderolabs/contrib
	- name: setup tf
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_wrapper: "false"
	- name: tf apply
	env:
	TF_E2E_ACTION: apply
	TF_E2E_TEST_TYPE: aws
	TF_SCRIPT_DIR: _out/contrib
	run: \|
	make e2e-cloud-tf
	- name: e2e-aws
	run: \|
	make e2e-aws
	- name: tf destroy
	if: always()
	env:
	TF_E2E_ACTION: destroy
	TF_E2E_TEST_TYPE: aws
	TF_SCRIPT_DIR: _out/contrib
	run: \|
	make e2e-cloud-tf
	integration-aws-nvidia-nonfree:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- generic
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/aws-nvidia-nonfree')
	needs:
	- default
	services:
	buildkitd:
	image: moby/buildkit:v0.13.1
	options: --privileged
	ports:
	- 1234:1234
	volumes:
	- /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit
	- /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Set up Docker Buildx
	id: setup-buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver: remote
	endpoint: tcp://127.0.0.1:1234
	timeout-minutes: 10
	- name: Mask secrets
	run: \|
	echo -e "$(sops -d .secrets.yaml \| yq -e '.secrets \| to_entries[] \| "::add-mask::" + .value')"
	- name: Set secrets for job
	run: \|
	sops -d .secrets.yaml \| yq -e '.secrets \| to_entries[] \| .key + "=" + .value' >> "$GITHUB_ENV"
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: checkout extensions
	uses: actions/checkout@v4
	with:
	path: _out/extensions
	ref: main
	repository: siderolabs/extensions
	- name: set variables
	run: \|
	cat _out/talos-metadata >> "$GITHUB_ENV"
	- name: build extensions
	env:
	PLATFORM: linux/amd64
	PUSH: "true"
	REGISTRY: registry.dev.siderolabs.io
	run: \|
	make nvidia-container-toolkit nonfree-kmod-nvidia extensions-metadata -C _out/extensions
	- name: e2e-aws-prepare
	env:
	E2E_AWS_TARGET: nvidia-nonfree
	EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	run: \|
	make e2e-aws-prepare
	- name: checkout contrib
	uses: actions/checkout@v4
	with:
	path: _out/contrib
	ref: main
	repository: siderolabs/contrib
	- name: setup tf
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_wrapper: "false"
	- name: tf apply
	env:
	TF_E2E_ACTION: apply
	TF_E2E_TEST_TYPE: aws
	TF_SCRIPT_DIR: _out/contrib
	run: \|
	make e2e-cloud-tf
	- name: e2e-aws-nvidia-nonfree
	env:
	EXTRA_TEST_ARGS: -talos.extensions.nvidia
	TEST_NUM_NODES: "4"
	run: \|
	make e2e-aws
	- name: tf destroy
	if: always()
	env:
	TF_E2E_ACTION: destroy
	TF_E2E_TEST_TYPE: aws
	TF_SCRIPT_DIR: _out/contrib
	run: \|
	make e2e-cloud-tf
	integration-aws-nvidia-oss:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- generic
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/aws-nvidia-oss')
	needs:
	- default
	services:
	buildkitd:
	image: moby/buildkit:v0.13.1
	options: --privileged
	ports:
	- 1234:1234
	volumes:
	- /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit
	- /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Set up Docker Buildx
	id: setup-buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver: remote
	endpoint: tcp://127.0.0.1:1234
	timeout-minutes: 10
	- name: Mask secrets
	run: \|
	echo -e "$(sops -d .secrets.yaml \| yq -e '.secrets \| to_entries[] \| "::add-mask::" + .value')"
	- name: Set secrets for job
	run: \|
	sops -d .secrets.yaml \| yq -e '.secrets \| to_entries[] \| .key + "=" + .value' >> "$GITHUB_ENV"
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: checkout extensions
	uses: actions/checkout@v4
	with:
	path: _out/extensions
	ref: main
	repository: siderolabs/extensions
	- name: set variables
	run: \|
	cat _out/talos-metadata >> "$GITHUB_ENV"
	- name: build extensions
	env:
	PLATFORM: linux/amd64
	PUSH: "true"
	REGISTRY: registry.dev.siderolabs.io
	run: \|
	make nvidia-container-toolkit nvidia-open-gpu-kernel-modules extensions-metadata -C _out/extensions
	- name: e2e-aws-prepare
	env:
	E2E_AWS_TARGET: nvidia-oss
	EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	run: \|
	make e2e-aws-prepare
	- name: checkout contrib
	uses: actions/checkout@v4
	with:
	path: _out/contrib
	ref: main
	repository: siderolabs/contrib
	- name: setup tf
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_wrapper: "false"
	- name: tf apply
	env:
	TF_E2E_ACTION: apply
	TF_E2E_TEST_TYPE: aws
	TF_SCRIPT_DIR: _out/contrib
	run: \|
	make e2e-cloud-tf
	- name: e2e-aws-nvidia-oss
	env:
	EXTRA_TEST_ARGS: -talos.extensions.nvidia
	TEST_NUM_NODES: "4"
	run: \|
	make e2e-aws
	- name: tf destroy
	if: always()
	env:
	TF_E2E_ACTION: destroy
	TF_E2E_TEST_TYPE: aws
	TF_SCRIPT_DIR: _out/contrib
	run: \|
	make e2e-cloud-tf
	integration-azure:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- generic
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/azure')
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Mask secrets
	run: \|
	echo -e "$(sops -d .secrets.yaml \| yq -e '.secrets \| to_entries[] \| "::add-mask::" + .value')"
	- name: Set secrets for job
	run: \|
	sops -d .secrets.yaml \| yq -e '.secrets \| to_entries[] \| .key + "=" + .value' >> "$GITHUB_ENV"
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: e2e-azure-prepare
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	run: \|
	make e2e-azure-prepare
	- name: checkout contrib
	uses: actions/checkout@v4
	with:
	path: _out/contrib
	ref: main
	repository: siderolabs/contrib
	- name: setup tf
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_wrapper: "false"
	- name: tf apply
	env:
	ARM_CLIENT_ID: ${{ env.AZURE_CLIENT_ID }}
	ARM_CLIENT_SECRET: ${{ env.AZURE_CLIENT_SECRET }}
	ARM_SUBSCRIPTION_ID: ${{ env.AZURE_SUBSCRIPTION_ID }}
	ARM_TENANT_ID: ${{ env.AZURE_TENANT_ID }}
	TF_E2E_ACTION: apply
	TF_E2E_TEST_TYPE: azure
	TF_SCRIPT_DIR: _out/contrib
	run: \|
	make e2e-cloud-tf
	- name: e2e-azure
	run: \|
	make e2e-azure
	- name: tf destroy
	if: always()
	env:
	ARM_CLIENT_ID: ${{ env.AZURE_CLIENT_ID }}
	ARM_CLIENT_SECRET: ${{ env.AZURE_CLIENT_SECRET }}
	ARM_SUBSCRIPTION_ID: ${{ env.AZURE_SUBSCRIPTION_ID }}
	ARM_TENANT_ID: ${{ env.AZURE_TENANT_ID }}
	TF_E2E_ACTION: destroy
	TF_E2E_TEST_TYPE: azure
	TF_SCRIPT_DIR: _out/contrib
	run: \|
	make e2e-cloud-tf
	integration-cilium:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- talos
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/cilium')
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: e2e-cilium
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	QEMU_WORKERS: "2"
	SHORT_INTEGRATION_TEST: "yes"
	WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}]'
	WITH_CUSTOM_CNI: cilium
	WITH_FIREWALL: accept
	WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: "yes"
	run: \|
	sudo -E make e2e-qemu
	- name: e2e-cilium-strict
	env:
	CILIUM_INSTALL_TYPE: strict
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	QEMU_WORKERS: "2"
	SHORT_INTEGRATION_TEST: "yes"
	WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}, {"op": "add", "path": "/cluster/proxy", "value": {"disabled": true}}]'
	WITH_CUSTOM_CNI: cilium
	WITH_FIREWALL: accept
	WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: "yes"
	run: \|
	sudo -E make e2e-qemu
	- name: e2e-cilium-strict-kubespan
	env:
	CILIUM_INSTALL_TYPE: strict
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	QEMU_WORKERS: "2"
	SHORT_INTEGRATION_TEST: "yes"
	WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}, {"op": "add", "path": "/cluster/proxy", "value": {"disabled": true}}]'
	WITH_CUSTOM_CNI: cilium
	WITH_FIREWALL: accept
	WITH_KUBESPAN: "true"
	WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: "yes"
	run: \|
	sudo -E make e2e-qemu
	integration-cloud-images:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- generic
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/cloud-images')
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Mask secrets
	run: \|
	echo -e "$(sops -d .secrets.yaml \| yq -e '.secrets \| to_entries[] \| "::add-mask::" + .value')"
	- name: Set secrets for job
	run: \|
	sops -d .secrets.yaml \| yq -e '.secrets \| to_entries[] \| .key + "=" + .value' >> "$GITHUB_ENV"
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: images
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	PLATFORM: linux/amd64,linux/arm64
	run: \|
	make images
	- name: cloud-images
	run: \|
	make cloud-images
	integration-equinix-metal:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- generic
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/equinix-metal')
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Mask secrets
	run: \|
	echo -e "$(sops -d .secrets.yaml \| yq -e '.secrets \| to_entries[] \| "::add-mask::" + .value')"
	- name: Set secrets for job
	run: \|
	sops -d .secrets.yaml \| yq -e '.secrets \| to_entries[] \| .key + "=" + .value' >> "$GITHUB_ENV"
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: e2e-equinix-metal-prepare
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	run: \|
	make e2e-equinix-metal-prepare
	- name: checkout contrib
	uses: actions/checkout@v4
	with:
	path: _out/contrib
	ref: main
	repository: siderolabs/contrib
	- name: setup tf
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_wrapper: "false"
	- name: tf apply
	env:
	TF_E2E_ACTION: apply
	TF_E2E_TEST_TYPE: equinix-metal
	TF_SCRIPT_DIR: _out/contrib
	run: \|
	make e2e-cloud-tf
	- name: e2e-equinix-metal
	run: \|
	make e2e-equinix-metal
	- name: tf destroy
	if: always()
	env:
	TF_E2E_ACTION: destroy
	TF_E2E_TEST_TYPE: equinix-metal
	TF_SCRIPT_DIR: _out/contrib
	run: \|
	make e2e-cloud-tf
	integration-extensions:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- talos
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/extensions')
	needs:
	- default
	services:
	buildkitd:
	image: moby/buildkit:v0.13.1
	options: --privileged
	ports:
	- 1234:1234
	volumes:
	- /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit
	- /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Set up Docker Buildx
	id: setup-buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver: remote
	endpoint: tcp://127.0.0.1:1234
	timeout-minutes: 10
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: checkout extensions
	uses: actions/checkout@v4
	with:
	path: _out/extensions
	ref: main
	repository: siderolabs/extensions
	- name: set variables
	run: \|
	cat _out/talos-metadata >> "$GITHUB_ENV"
	- name: build extensions
	env:
	PLATFORM: linux/amd64
	PUSH: "true"
	REGISTRY: registry.dev.siderolabs.io
	run: \|
	make all extensions-metadata -C _out/extensions
	- name: installer extensions
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	run: \|
	make installer-with-extensions
	- name: e2e-extensions
	env:
	EXTRA_TEST_ARGS: -talos.extensions.qemu
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	QEMU_EXTRA_DISKS: "3"
	QEMU_MEMORY_WORKERS: "4096"
	SHORT_INTEGRATION_TEST: "yes"
	WITH_CONFIG_PATCH_WORKER: '@_out/extensions-patch.yaml'
	run: \|
	sudo -E make e2e-qemu
	integration-image-factory:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- talos
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/image-factory')
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: factory-1.6-iso
	env:
	FACTORY_BOOT_METHOD: iso
	FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
	FACTORY_UPGRADE: "true"
	FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f
	FACTORY_UPGRADE_VERSION: v1.6.1
	FACTORY_VERSION: v1.6.0
	KUBERNETES_VERSION: 1.29.0
	run: \|
	sudo -E make e2e-image-factory
	- name: factory-1.6-image
	env:
	FACTORY_BOOT_METHOD: disk-image
	FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
	FACTORY_UPGRADE: "true"
	FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f
	FACTORY_UPGRADE_VERSION: v1.6.1
	FACTORY_VERSION: v1.6.0
	KUBERNETES_VERSION: 1.29.0
	run: \|
	sudo -E make e2e-image-factory
	- name: factory-1.6-pxe
	env:
	FACTORY_BOOT_METHOD: pxe
	FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
	FACTORY_VERSION: v1.6.1
	KUBERNETES_VERSION: 1.29.0
	run: \|
	sudo -E make e2e-image-factory
	- name: factory-1.6-secureboot
	env:
	FACTORY_BOOT_METHOD: secureboot-iso
	FACTORY_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f
	FACTORY_UPGRADE: "true"
	FACTORY_UPGRADE_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
	FACTORY_UPGRADE_VERSION: v1.6.1
	FACTORY_VERSION: v1.6.0
	KUBERNETES_VERSION: 1.29.0
	run: \|
	sudo -E make e2e-image-factory
	- name: factory-1.5-iso
	env:
	FACTORY_BOOT_METHOD: iso
	FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
	FACTORY_UPGRADE: "true"
	FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f
	FACTORY_UPGRADE_VERSION: v1.5.5
	FACTORY_VERSION: v1.5.5
	KUBERNETES_VERSION: 1.28.5
	run: \|
	sudo -E make e2e-image-factory
	- name: factory-1.3-iso
	env:
	FACTORY_BOOT_METHOD: iso
	FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
	FACTORY_UPGRADE: "true"
	FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f
	FACTORY_UPGRADE_VERSION: v1.3.7
	FACTORY_VERSION: v1.3.7
	KUBERNETES_VERSION: 1.26.5
	run: \|
	sudo -E make e2e-image-factory
	- name: factory-1.3-image
	env:
	FACTORY_BOOT_METHOD: disk-image
	FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
	FACTORY_VERSION: v1.3.7
	KUBERNETES_VERSION: 1.26.5
	run: \|
	sudo -E make e2e-image-factory
	integration-images:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- generic
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/images')
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: images
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	PLATFORM: linux/amd64,linux/arm64
	run: \|
	make images
	integration-misc:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- talos
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/misc')
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: e2e-firewall
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	SHORT_INTEGRATION_TEST: "yes"
	WITH_FIREWALL: block
	run: \|
	sudo -E make e2e-qemu
	- name: e2e-network-chaos
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	SHORT_INTEGRATION_TEST: "yes"
	WITH_NETWORK_CHAOS: "yes"
	run: \|
	sudo -E make e2e-qemu
	- name: e2e-canal-reset
	env:
	CUSTOM_CNI_URL: https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/canal.yaml
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	INTEGRATION_TEST_RUN: TestIntegration/api.ResetSuite/TestResetWithSpec
	run: \|
	sudo -E make e2e-qemu
	- name: e2e-bios-cgroupsv1
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	SHORT_INTEGRATION_TEST: "yes"
	WITH_CONFIG_PATCH: '[{"op": "add", "path": "/machine/install/extraKernelArgs/-", "value": "talos.unified_cgroup_hierarchy=0"}]'
	WITH_UEFI: "false"
	run: \|
	sudo -E make e2e-qemu
	- name: e2e-disk-image
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	SHORT_INTEGRATION_TEST: "yes"
	USE_DISK_IMAGE: "true"
	VIA_MAINTENANCE_MODE: "true"
	WITH_DISK_ENCRYPTION: "true"
	run: \|
	sudo -E make e2e-qemu
	- name: e2e-controlplane-port
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	SHORT_INTEGRATION_TEST: "yes"
	WITH_CONTROL_PLANE_PORT: "443"
	run: \|
	sudo -E make e2e-qemu
	- name: e2e-no-cluster-discovery
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	SHORT_INTEGRATION_TEST: "yes"
	WITH_CLUSTER_DISCOVERY: "false"
	run: \|
	sudo -E make e2e-qemu
	- name: e2e-kubespan
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io\
	SHORT_INTEGRATION_TEST: "yes"
	WITH_CLUSTER_DISCOVERY: "true"
	WITH_KUBESPAN: "true"
	run: \|
	sudo -E make e2e-qemu
	- name: e2e-default-hostname
	env:
	DISABLE_DHCP_HOSTNAME: "true"
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	SHORT_INTEGRATION_TEST: "yes"
	VIA_MAINTENANCE_MODE: "true"
	run: \|
	sudo -E make e2e-qemu
	- name: e2e-siderolink
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	SHORT_INTEGRATION_TEST: "yes"
	VIA_MAINTENANCE_MODE: "true"
	WITH_SIDEROLINK_AGENT: "true"
	run: \|
	sudo -E make e2e-qemu
	- name: e2e-siderolink-tunnel
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	SHORT_INTEGRATION_TEST: "yes"
	VIA_MAINTENANCE_MODE: "true"
	WITH_SIDEROLINK_AGENT: tunnel
	run: \|
	sudo -E make e2e-qemu
	integration-provision-0:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- talos
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/provision') \|\| contains(fromJSON(needs.default.outputs.labels), 'integration/provision-0')
	needs:
	- default
	services:
	buildkitd:
	image: moby/buildkit:v0.13.1
	options: --privileged
	ports:
	- 1234:1234
	volumes:
	- /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit
	- /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Set up Docker Buildx
	id: setup-buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver: remote
	endpoint: tcp://127.0.0.1:1234
	timeout-minutes: 10
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: provision-tests-prepare
	run: \|
	make provision-tests-prepare
	- name: provision-tests-track-0
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	run: \|
	sudo -E make provision-tests-track-0
	integration-provision-1:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- talos
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/provision') \|\| contains(fromJSON(needs.default.outputs.labels), 'integration/provision-1')
	needs:
	- default
	services:
	buildkitd:
	image: moby/buildkit:v0.13.1
	options: --privileged
	ports:
	- 1234:1234
	volumes:
	- /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit
	- /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Set up Docker Buildx
	id: setup-buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver: remote
	endpoint: tcp://127.0.0.1:1234
	timeout-minutes: 10
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: provision-tests-prepare
	run: \|
	make provision-tests-prepare
	- name: provision-tests-track-1
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	run: \|
	sudo -E make provision-tests-track-1
	integration-provision-2:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- talos
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/provision') \|\| contains(fromJSON(needs.default.outputs.labels), 'integration/provision-2')
	needs:
	- default
	services:
	buildkitd:
	image: moby/buildkit:v0.13.1
	options: --privileged
	ports:
	- 1234:1234
	volumes:
	- /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit
	- /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Set up Docker Buildx
	id: setup-buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver: remote
	endpoint: tcp://127.0.0.1:1234
	timeout-minutes: 10
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: provision-tests-prepare
	run: \|
	make provision-tests-prepare
	- name: provision-tests-track-2
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	run: \|
	sudo -E make provision-tests-track-2
	integration-qemu:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- talos
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/qemu')
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: e2e-qemu
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	run: \|
	sudo -E make e2e-qemu
	integration-qemu-csi:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- talos
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/qemu-csi')
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: e2e-qemu-csi
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	QEMU_CPUS_WORKERS: "4"
	QEMU_EXTRA_DISKS: "1"
	QEMU_EXTRA_DISKS_SIZE: "12288"
	QEMU_MEMORY_WORKERS: "5120"
	QEMU_WORKERS: "3"
	SHORT_INTEGRATION_TEST: "yes"
	WITH_TEST: run_csi_tests
	run: \|
	sudo -E make e2e-qemu
	integration-qemu-encrypted-vip:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- talos
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/qemu-encrypted-vip')
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: e2e-qemu
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	WITH_DISK_ENCRYPTION: "true"
	WITH_KUBESPAN: "true"
	WITH_VIRTUAL_IP: "true"
	run: \|
	sudo -E make e2e-qemu
	integration-qemu-race:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- talos
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/qemu-race')
	needs:
	- default
	services:
	buildkitd:
	image: moby/buildkit:v0.13.1
	options: --privileged
	ports:
	- 1234:1234
	volumes:
	- /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit
	- /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Set up Docker Buildx
	id: setup-buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver: remote
	endpoint: tcp://127.0.0.1:1234
	timeout-minutes: 10
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: build-race
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	PLATFORM: linux/amd64
	PUSH: "true"
	TAG_SUFFIX: -race
	WITH_RACE: "1"
	run: \|
	make initramfs installer
	- name: e2e-qemu-race
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	TAG_SUFFIX: -race
	run: \|
	sudo -E make e2e-qemu
	integration-reproducibility-test:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- talos
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/reproducibility-test')
	needs:
	- default
	services:
	buildkitd:
	image: moby/buildkit:v0.13.1
	options: --privileged
	ports:
	- 1234:1234
	volumes:
	- /var/lib/buildkit/${{ github.repository }}:/var/lib/buildkit
	- /usr/etc/buildkit/buildkitd.toml:/etc/buildkit/buildkitd.toml
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Set up Docker Buildx
	id: setup-buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver: remote
	endpoint: tcp://127.0.0.1:1234
	timeout-minutes: 10
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: reproducibility-test
	env:
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	run: \|
	make reproducibility-test
	integration-trusted-boot:
	permissions:
	actions: read
	contents: write
	issues: read
	packages: write
	pull-requests: read
	runs-on:
	- self-hosted
	- talos
	if: contains(fromJSON(needs.default.outputs.labels), 'integration/trusted-boot')
	needs:
	- default
	steps:
	- name: checkout
	uses: actions/checkout@v4
	- name: Unshallow
	run: \|
	git fetch --prune --unshallow
	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: artifacts
	path: _out
	- name: Fix artifact permissions
	run: \|
	xargs -a _out/executable-artifacts -I {} chmod +x {}
	- name: integration-trusted-boot
	env:
	EXTRA_TEST_ARGS: -talos.trustedboot
	IMAGE_REGISTRY: registry.dev.siderolabs.io
	VIA_MAINTENANCE_MODE: "true"
	WITH_TRUSTED_BOOT_ISO: "true"
	run: \|
	sudo -E make e2e-qemu

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(ci): kresify gh actions #52

Workflow file

chore(ci): kresify gh actions #52

Jobs

Run details

Workflow file for this run