From 8222708d78ff7d4f8b0b53cdb371b24dcf620606 Mon Sep 17 00:00:00 2001 From: Tom Proctor Date: Mon, 1 Dec 2025 14:35:31 +0000 Subject: [PATCH] review comments, testing CI before force pushing Change-Id: I427b80d35f18e3fc4b92518506c82c885acfafa0 Signed-off-by: Tom Proctor --- .github/actions/go-cache/action.sh | 9 ++++----- .github/workflows/test.yml | 24 +++++++++++------------- 2 files changed, 15 insertions(+), 18 deletions(-) diff --git a/.github/actions/go-cache/action.sh b/.github/actions/go-cache/action.sh index c0825d8d7..5d3ab87e5 100755 --- a/.github/actions/go-cache/action.sh +++ b/.github/actions/go-cache/action.sh @@ -26,6 +26,8 @@ JWT="$(curl -sSL -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "${A # cigocached serves a TLS cert with an FQDN, but DNS is based on VM name. HOST_AND_PORT="${URL#http*://}" FIRST_LABEL="${HOST_AND_PORT/.*/}" +# Save CONNECT_TO for later steps to use. +echo "CONNECT_TO=${HOST_AND_PORT}:${FIRST_LABEL}:" >> "${GITHUB_ENV}" BODY="$(jq -n --arg jwt "$JWT" '{"jwt": $jwt}')" CIGOCACHER_TOKEN="$(curl -sSL --connect-to "$HOST_AND_PORT:$FIRST_LABEL:" -H "Content-Type: application/json" "$URL/auth/exchange-token" -d "$BODY" | jq -r .access_token)" if [ -z "$CIGOCACHER_TOKEN" ]; then @@ -38,12 +40,9 @@ fi # TODO(tomhjp): bake cigocacher into runner image and use it for auth. echo "Fetched cigocacher token successfully" echo "::add-mask::${CIGOCACHER_TOKEN}" +echo "CIGOCACHER_TOKEN=${CIGOCACHER_TOKEN}" >> "${GITHUB_ENV}" -BIN_NAME="cigocacher" -if [[ "${RUNNER_OS:-}" == "Windows" ]]; then - BIN_NAME="cigocacher.exe" -fi -BIN_PATH="${RUNNER_TEMP:-/tmp}/${BIN_NAME}" +BIN_PATH="${RUNNER_TEMP:-/tmp}/cigocacher$(go env GOEXE)" go build -o "${BIN_PATH}" ./cmd/cigocacher echo "GOCACHEPROG=${BIN_PATH} --cache-dir ${CACHE_DIR} --cigocached-url ${URL} --token ${CIGOCACHER_TOKEN}" >> "${GITHUB_ENV}" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5d0c3c5da..e8ee315e4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,10 +2,6 @@ # both PRs and merged commits, and for the latter reports failures to slack. name: CI -permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - env: # Our fuzz job, powered by OSS-Fuzz, fails periodically because we upgrade to # new Go versions very eagerly. OSS-Fuzz is a little more conservative, and @@ -212,9 +208,12 @@ jobs: find $(go env GOCACHE) -type f -mmin +90 -delete windows: - # windows-8vpu is a 2022 GitHub-managed runner in our - # org with 8 cores and 32 GB of RAM: - # https://github.com/organizations/tailscale/settings/actions/github-hosted-runners/1 + permissions: + id-token: write # This is required for requesting the GitHub action identity JWT that can auth to cigocached + contents: read # This is required for actions/checkout + # ci-windows-github-1 is a 2022 GitHub-managed runner in our org with 8 cores + # and 32 GB of RAM. It is connected to a private Azure VNet that hosts cigocached. + # https://github.com/organizations/tailscale/settings/actions/github-hosted-runners/5 runs-on: ci-windows-github-1 needs: gomod-cache name: Windows (${{ matrix.name || matrix.shard}}) @@ -247,7 +246,7 @@ jobs: key: ${{ needs.gomod-cache.outputs.cache-key }} enableCrossOsArchive: true - - name: Setup cigocacher + - name: Set up cigocacher id: cigocacher-setup uses: ./src/.github/actions/go-cache with: @@ -268,12 +267,11 @@ jobs: # the equals signs cause great confusion. run: go test ./... -bench . -benchtime 1x -run "^$" - - name: Tidy cache - shell: pwsh + - name: Print stats + shell: bash + if: steps.cigocacher-setup.outputs.success == 'true' run: | - Get-ChildItem -Path cigocacher -File -Recurse | - Where-Object { $_.LastAccessTime -lt (Get-Date).AddMinutes(-90) } | - Remove-Item -Force + curl -sSL --connect-to "${CONNECT_TO}" -H "Authorization: Bearer ${CIGOCACHER_TOKEN}" "${{ vars.CIGOCACHED_AZURE_URL }}/session/stats" | jq . win-tool-go: runs-on: windows-latest