Skip to content

Cascade runs-on and make CI workflows OS-aware #316

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
azazeal merged 5 commits into from
May 6, 2026
Merged

Cascade runs-on and make CI workflows OS-aware #316

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
de14808
gh: cascade runs-on across CI workflows
azazeal May 5, 2026
2662020
gh: made install step OS-aware and removed redundant caches
azazeal May 5, 2026
628691b
gh: switched the go-generate cleanup to git grep for portability
azazeal May 5, 2026
2e9a181
gh: addressed review
azazeal May 5, 2026
ec9209e
further addressed review
azazeal May 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 17 additions & 4 deletions .github/workflows/code-scan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ on:
required: false
type: boolean
default: true
runs-on:
required: false
type: string
default: ''
codeql-build-cmd:
required: false
type: string
Expand All @@ -16,7 +20,15 @@ on:
codeql-runs-on:
required: false
type: string
default: ubuntu-latest
default: ''
os-dependencies:
required: false
type: string
default: ''
codeql-os-dependencies:
required: false
type: string
default: ''

permissions:
actions: read
Expand All @@ -28,6 +40,7 @@ jobs:
if: inputs.run-codeql
uses: ./.github/workflows/codeql-analysis.yml
with:
codeql-build-cmd: ${{ inputs.codeql-build-cmd }}
codeql-build-mode: ${{ inputs.codeql-build-mode }}
codeql-runs-on: ${{ inputs.codeql-runs-on }}
runs-on: ${{ inputs.codeql-runs-on || inputs.runs-on || 'ubuntu-latest' }}
build-cmd: ${{ inputs.codeql-build-cmd }}
build-mode: ${{ inputs.codeql-build-mode }}
os-dependencies: ${{ inputs.codeql-os-dependencies || inputs.os-dependencies || '' }}
Comment thread
azazeal marked this conversation as resolved.
114 changes: 53 additions & 61 deletions .github/workflows/codeql-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,21 +3,21 @@ name: "CodeQL"
on:
workflow_call:
inputs:
codeql-make-bootstrap:
runs-on:
required: false
type: boolean
codeql-build-cmd:
type: string
default: ubuntu-latest
Comment thread
azazeal marked this conversation as resolved.
build-cmd:
required: false
type: string
default: 'V=1 make build'
codeql-build-mode:
build-mode:
Comment thread
azazeal marked this conversation as resolved.
required: false
type: string
default: ''
codeql-runs-on:
make-bootstrap:
required: false
type: string
default: ubuntu-latest
type: boolean
goprivate:
required: false
type: string
Expand All @@ -34,7 +34,7 @@ on:
jobs:
codeql-analyze:
name: CodeQL Analyze
runs-on: ${{ inputs.codeql-runs-on }}
runs-on: ${{ inputs.runs-on }}
strategy:
fail-fast: false
matrix:
Expand All @@ -44,90 +44,82 @@ jobs:
env:
GOPRIVATE: ${{ inputs.goprivate }}
steps:
-
name: Install Dependencies
- name: Install Dependencies
if: ${{ inputs.os-dependencies != '' }}
shell: bash
env:
OS_DEPS: ${{ inputs.os-dependencies }}
run: |
sudo apt-get update
# shellcheck disable=SC2086
sudo apt-get install ${OS_DEPS}
-
name: Checkout
case "${RUNNER_OS}" in
Linux)
sudo apt-get update
# shellcheck disable=SC2086
sudo apt-get install -y ${OS_DEPS}
;;
macOS)
# shellcheck disable=SC2086
brew install ${OS_DEPS}
;;
Windows)
# shellcheck disable=SC2086
choco install -y ${OS_DEPS}
;;
*)
echo "unsupported RUNNER_OS=${RUNNER_OS}" >&2
exit 1
;;
esac
Comment thread
azazeal marked this conversation as resolved.
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
submodules: recursive
ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
-
name: Setup Go
id: setup-go
- name: Setup Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version: 'stable'
check-latest: true
cache: true
Comment thread
azazeal marked this conversation as resolved.
-
name: chmod cache dir
if: steps.setup-go.outputs.cache-hit == 'true'
run: |
chmod -R 0755 \
~/.cache/go-build \
~/go/pkg/mod || true
-
name: Action Cache
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
-
name: Setup SSH key for private dependencies
cache-dependency-path: '**/go.sum'
- name: Setup SSH key for private dependencies
uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 # v0.10.0
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
if: ${{ env.SSH_PRIVATE_KEY != '' }}
with:
ssh-private-key: |
${{ secrets.SSH_PRIVATE_KEY }}
-
name: Reconfigure Git for private repos
- name: Reconfigure Git for private repos
if: ${{ env.PAT != '' }}
env:
PAT: ${{ secrets.PAT }}
if: ${{ env.PAT != '' }}
run: |
git config --global url.https://${{ secrets.PAT }}@github.com/.insteadOf git+ssh://git@github.com
git config --global url.git@github.com:.insteadOf https://github.com/
-
# Initializes the CodeQL tools for scanning.
name: Initialize CodeQL
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
with:
languages: ${{ matrix.language }}
build-mode: ${{ inputs.codeql-build-mode }}
queries: security-and-quality # use Canonical suite
packs: codeql/go-queries # and pin the official pack explicitly
-
name: Make bootstrap
if: inputs.codeql-make-bootstrap
build-mode: ${{ inputs.build-mode }}
queries: security-and-quality # use Canonical suite
packs: codeql/go-queries # and pin the official pack explicitly
- name: Make bootstrap
if: inputs.make-bootstrap
run: |
make bootstrap
-
# Run only when the selected build mode expects a manual build:
# - '' (unset) keeps legacy behavior for existing callers.
# - 'manual' means the caller wants this step to drive the build.
# 'autobuild' and 'none' are handled by codeql-action itself, so we skip.
name: Build
if: inputs.codeql-build-mode == '' || inputs.codeql-build-mode == 'manual'
# Run only when the selected build mode expects a manual build:
# - '' (unset) keeps legacy behavior for existing callers.
# - 'manual' means the caller wants this step to drive the build.
# 'autobuild' and 'none' are handled by codeql-action itself, so we skip.
- name: Build
if: inputs.build-mode == '' || inputs.build-mode == 'manual'
shell: bash
env:
CODEQL_BUILD_CMD: ${{ inputs.codeql-build-cmd }}
BUILD_CMD: ${{ inputs.build-cmd }}
run: |
eval "${CODEQL_BUILD_CMD}"
-
name: Perform CodeQL Analysis
eval "${BUILD_CMD}"
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
with:
output: codeql-results
Expand Down
49 changes: 33 additions & 16 deletions .github/workflows/goBuild.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
on:
workflow_call:
inputs:
runs-on:
Comment thread
azazeal marked this conversation as resolved.
required: false
type: string
default: ubuntu-latest
build-command:
required: false
type: string
Expand Down Expand Up @@ -44,53 +48,66 @@ jobs:

build:
needs: set-go-matrix
runs-on: ubuntu-latest
runs-on: ${{ inputs.runs-on }}
env:
GOPRIVATE: ${{ inputs.goprivate }}
strategy:
matrix: ${{ fromJson(needs.set-go-matrix.outputs.matrix) }}
steps:
-
name: Install Dependencies # Some dependencies require this package
- name: Install Dependencies # Some dependencies require this package
if: ${{ inputs.os-dependencies != '' }}
shell: bash
env:
OS_DEPS: ${{ inputs.os-dependencies }}
run: |
sudo apt-get update
# shellcheck disable=SC2086
sudo apt-get install ${OS_DEPS}
-
name: Checkout
case "${RUNNER_OS}" in
Linux)
sudo apt-get update
# shellcheck disable=SC2086
sudo apt-get install -y ${OS_DEPS}
;;
macOS)
# shellcheck disable=SC2086
brew install ${OS_DEPS}
;;
Windows)
# shellcheck disable=SC2086
choco install -y ${OS_DEPS}
;;
*)
echo "unsupported RUNNER_OS=${RUNNER_OS}" >&2
exit 1
;;
esac
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
submodules: true
ssh-key: ${{ secrets.SSH_PRIVATE_KEY }}
-
name: Reconfigure Git for go.step.sm
- name: Reconfigure Git for go.step.sm
env:
PAT: ${{ secrets.PAT }}
if: ${{ env.PAT != '' }}
run: |
git config --global url.https://${{ secrets.PAT }}@github.com/.insteadOf git+ssh://git@github.com
git config --global url.git@github.com:.insteadOf https://github.com/
-
name: Install Go
- name: Install Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
go-version: ${{ matrix.go }}
check-latest: true
cache: true
-
name: Setup SSH key for private dependencies
cache-dependency-path: '**/go.sum'
- name: Setup SSH key for private dependencies
uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 # v0.10.0
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
if: ${{ env.SSH_PRIVATE_KEY != '' }}
with:
ssh-private-key: |
${{ secrets.SSH_PRIVATE_KEY }}
-
name: Build
- name: Build
shell: bash
env:
BUILD_CMD: ${{ inputs.build-command }}
run: eval "${BUILD_CMD}"
Loading