feat(ci): Bump to upstream v1.94.1 #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

ChandonPierre merged 117 commits into coreweave from cpierre/coreweave-v1.94.1

Jan 27, 2026

.github/actions/go-cache/action.sh

-Original file line number
+Diff line change
@@ -0,0 +1,54 @@
+    #!/usr/bin/env bash
+    #
+    # This script sets up cigocacher, but should never fail the build if unsuccessful.
+    # It expects to run on a GitHub-hosted runner, and connects to cigocached over a
+    # private Azure network that is configured at the runner group level in GitHub.
+    #
+    # Usage: ./action.sh
+    # Inputs:
+    #   URL: The cigocached server URL.
+    #   HOST: The cigocached server host to dial.
+    # Outputs:
+    #   success: Whether cigocacher was set up successfully.
+    set -euo pipefail
+    if [ -z "${GITHUB_ACTIONS:-}" ]; then
+        echo "This script is intended to run within GitHub Actions"
+        exit 1
+    fi
+    if [ -z "${URL:-}" ]; then
+        echo "No cigocached URL is set, skipping cigocacher setup"
+        exit 0
+    fi
+    GOPATH=$(command -v go || true)
+    if [ -z "${GOPATH}" ]; then
+      if [ ! -f "tool/go" ]; then
+        echo "Go not available, unable to proceed"
+        exit 1
+      fi
+      GOPATH="./tool/go"
+    fi
+    BIN_PATH="${RUNNER_TEMP:-/tmp}/cigocacher$(${GOPATH} env GOEXE)"
+    if [ -d "cmd/cigocacher" ]; then
+      echo "cmd/cigocacher found locally, building from local source"
+      "${GOPATH}" build -o "${BIN_PATH}" ./cmd/cigocacher
+    else
+      echo "cmd/cigocacher not found locally, fetching from tailscale.com/cmd/cigocacher"
+      "${GOPATH}" build -o "${BIN_PATH}" tailscale.com/cmd/cigocacher
+    fi
+    CIGOCACHER_TOKEN="$("${BIN_PATH}" --auth --cigocached-url "${URL}" --cigocached-host "${HOST}" )"
+    if [ -z "${CIGOCACHER_TOKEN:-}" ]; then
+        echo "Failed to fetch cigocacher token, skipping cigocacher setup"
+        exit 0
+    fi
+    echo "Fetched cigocacher token successfully"
+    echo "::add-mask::${CIGOCACHER_TOKEN}"
+    echo "GOCACHEPROG=${BIN_PATH} --cache-dir ${CACHE_DIR} --cigocached-url ${URL} --cigocached-host ${HOST} --token ${CIGOCACHER_TOKEN}" >> "${GITHUB_ENV}"
+    echo "success=true" >> "${GITHUB_OUTPUT}"

.github/actions/go-cache/action.yml

-Original file line number
+Diff line change
@@ -0,0 +1,35 @@
+    name: go-cache
+    description: Set up build to use cigocacher
+    inputs:
+      cigocached-url:
+        description: URL of the cigocached server
+        required: true
+      cigocached-host:
+        description: Host to dial for the cigocached server
+        required: true
+      checkout-path:
+        description: Path to cloned repository
+        required: true
+      cache-dir:
+        description: Directory to use for caching
+        required: true
+    outputs:
+      success:
+        description: Whether cigocacher was set up successfully
+        value: ${{ steps.setup.outputs.success }}
+    runs:
+      using: composite
+      steps:
+        - name: Setup cigocacher
+          id: setup
+          shell: bash
+          env:
+            URL: ${{ inputs.cigocached-url }}
+            HOST: ${{ inputs.cigocached-host }}
+            CACHE_DIR: ${{ inputs.cache-dir }}
+          working-directory: ${{ inputs.checkout-path }}
+          # https://github.com/orgs/community/discussions/25910
+          run: $GITHUB_ACTION_PATH/action.sh

.github/workflows/checklocks.yml

-Original file line number
+Diff line change
@@ -0,0 +1,34 @@
+    name: checklocks
+    on:
+      push:
+        branches:
+          - main
+      pull_request:
+        paths:
+          - '**/*.go'
+          - '.github/workflows/checklocks.yml'
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+      cancel-in-progress: true
+    jobs:
+      checklocks:
+        runs-on: [ ubuntu-latest ]
+        steps:
+          - name: Check out code
+            uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+          - name: Build checklocks
+            run: ./tool/go build -o /tmp/checklocks gvisor.dev/gvisor/tools/checklocks/cmd/checklocks
+          - name: Run checklocks vet
+            # TODO(#12625): add more packages as we add annotations
+            run: |-
+              ./tool/go vet -vettool=/tmp/checklocks \
+                ./envknob           \
+                ./ipn/store/mem     \
+                ./net/stun/stuntest \
+                ./net/wsconn        \
+                ./proxymap

.github/workflows/cigocacher.yml

-Original file line number
+Diff line change
@@ -0,0 +1,73 @@
+    name: Build cigocacher
+    on:
+      # Released on-demand. The commit will be used as part of the tag, so generally
+      # prefer to release from main where the commit is stable in linear history.
+      workflow_dispatch:
+    jobs:
+      build:
+        strategy:
+          matrix:
+            GOOS: ["linux", "darwin", "windows"]
+            GOARCH: ["amd64", "arm64"]
+        runs-on: ubuntu-24.04
+        env:
+          GOOS: "${{ matrix.GOOS }}"
+          GOARCH: "${{ matrix.GOARCH }}"
+          CGO_ENABLED: "0"
+        steps:
+        - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        - name: Build
+          run: |
+            OUT="cigocacher$(./tool/go env GOEXE)"
+            ./tool/go build -o "${OUT}" ./cmd/cigocacher/
+            tar -zcf cigocacher-${{ matrix.GOOS }}-${{ matrix.GOARCH }}.tar.gz "${OUT}"
+        - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+          with:
+            name: cigocacher-${{ matrix.GOOS }}-${{ matrix.GOARCH }}
+            path: cigocacher-${{ matrix.GOOS }}-${{ matrix.GOARCH }}.tar.gz
+      release:
+        runs-on: ubuntu-24.04
+        needs: build
+        permissions:
+          contents: write
+        steps:
+          - name: Download all artifacts
+            uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+            with:
+              pattern: 'cigocacher-*'
+              merge-multiple: true
+          # This step is a simplified version of actions/create-release and
+          # actions/upload-release-asset, which are archived and unmaintained.
+          - name: Create release
+            uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+            with:
+              script: |
+                const fs = require('fs');
+                const path = require('path');
+                const { data: release } = await github.rest.repos.createRelease({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  tag_name: `cmd/cigocacher/${{ github.sha }}`,
+                  name: `cigocacher-${{ github.sha }}`,
+                  draft: false,
+                  prerelease: true,
+                  target_commitish: `${{ github.sha }}`
+                });
+                const files = fs.readdirSync('.').filter(f => f.endsWith('.tar.gz'));
+                for (const file of files) {
+                  await github.rest.repos.uploadReleaseAsset({
+                    owner: context.repo.owner,
+                    repo: context.repo.repo,
+                    release_id: release.id,
+                    name: file,
+                    data: fs.readFileSync(file)
+                  });
+                  console.log(`Uploaded ${file}`);
+                }

.github/workflows/codeql-analysis.yml

-Original file line number
+Diff line change
@@ -0,0 +1,83 @@
+    # For most projects, this workflow file will not need changing; you simply need
+    # to commit it to your repository.
+    #
+    # You may wish to alter this file to override the set of languages analyzed,
+    # or to provide custom queries or build logic.
+    #
+    # ******** NOTE ********
+    # We have attempted to detect the languages in your repository. Please check
+    # the `language` matrix defined below to confirm you have the correct set of
+    # supported CodeQL languages.
+    #
+    name: "CodeQL"
+    on:
+      push:
+        branches: [ main, release-branch/* ]
+      pull_request:
+        # The branches below must be a subset of the branches above
+        branches: [ main ]
+      merge_group:
+        branches: [ main ]
+      schedule:
+        - cron: '31 14 * * 5'
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+      cancel-in-progress: true
+    jobs:
+      analyze:
+        name: Analyze
+        runs-on: ubuntu-latest
+        permissions:
+          actions: read
+          contents: read
+          security-events: write
+        strategy:
+          fail-fast: false
+          matrix:
+            language: [ 'go' ]
+            # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+            # Learn more:
+            # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+        steps:
+        - name: Checkout repository
+          uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        # Install a more recent Go that understands modern go.mod content.
+        - name: Install Go
+          uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+          with:
+            go-version-file: go.mod
+        # Initializes the CodeQL tools for scanning.
+        - name: Initialize CodeQL
+          uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5
+          with:
+            languages: ${{ matrix.language }}
+            # If you wish to specify custom queries, you can do so here or in a config file.
+            # By default, queries listed here will override any specified in a config file.
+            # Prefix the list here with "+" to use these queries and those in the config file.
+            # queries: ./path/to/local/query, your-org/your-repo/queries@main
+        # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+        # If this step fails, then you should remove it and run the build manually (see below)
+        - name: Autobuild
+          uses: github/codeql-action/autobuild@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5
+        # ℹ️ Command-line programs to run using the OS shell.
+        # 📚 https://git.io/JvXDl
+        # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+        #    and modify them (or add more) to build your code if your project
+        #    uses a compiled language
+        #- run: |
+        #   make bootstrap
+        #   make release
+        - name: Perform CodeQL Analysis
+          uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5

.github/workflows/docker-base.yml

-Original file line number
+Diff line change
@@ -0,0 +1,29 @@
+    name: "Validate Docker base image"
+    on:
+      workflow_dispatch:
+      pull_request:
+        paths:
+        - "Dockerfile.base"
+        - ".github/workflows/docker-base.yml"
+    jobs:
+      build-and-test:
+        runs-on: ubuntu-latest
+        steps:
+        - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        - name: "build and test"
+          run: |
+            set -e
+            IMG="test-base:$(head -c 8 /dev/urandom | xxd -p)"
+            docker build -t "$IMG" -f Dockerfile.base .
+            iptables_version=$(docker run --rm "$IMG" iptables --version)
+            if [[ "$iptables_version" != *"(legacy)"* ]]; then
+                echo "ERROR: Docker base image should contain legacy iptables; found ${iptables_version}"
+                exit 1
+            fi
+            ip6tables_version=$(docker run --rm "$IMG" ip6tables --version)
+            if [[ "$ip6tables_version" != *"(legacy)"* ]]; then
+                echo "ERROR: Docker base image should contain legacy ip6tables; found ${ip6tables_version}"
+                exit 1
+            fi

.github/workflows/docker-file-build.yml

-Original file line number
+Diff line change
@@ -0,0 +1,13 @@
+    name: "Dockerfile build"
+    on:
+      push:
+        branches:
+        - main
+      pull_request:
+    jobs:
+      deploy:
+        runs-on: ubuntu-latest
+        steps:
+        - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        - name: "Build Docker image"
+          run: docker build .

.github/workflows/flakehub-publish-tagged.yml

-Original file line number
+Diff line change
@@ -0,0 +1,27 @@
+    name: update-flakehub
+    on:
+      push:
+        tags:
+          - "v[0-9]+.*[02468].[0-9]+"
+      workflow_dispatch:
+        inputs:
+          tag:
+            description: "The existing tag to publish to FlakeHub"
+            type: "string"
+            required: true
+    jobs:
+      flakehub-publish:
+        runs-on: "ubuntu-latest"
+        permissions:
+          id-token: "write"
+          contents: "read"
+        steps:
+          - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+            with:
+              ref: "${{ (inputs.tag != null) && format('refs/tags/{0}', inputs.tag) || '' }}"
+          - uses: DeterminateSystems/nix-installer-action@786fff0690178f1234e4e1fe9b536e94f5433196 # v20
+          - uses: DeterminateSystems/flakehub-push@71f57208810a5d299fc6545350981de98fdbc860 # v6
+            with:
+              visibility: "public"
+              tag: "${{ inputs.tag }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(ci): Bump to upstream v1.94.1 #31

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!