From 1de5e41c4dd6fc2870514a392f95c6064271519d Mon Sep 17 00:00:00 2001 From: Claudio Matsuoka Date: Tue, 16 Sep 2025 15:53:14 -0300 Subject: [PATCH 1/2] test: build local spread binary Don't rely on GitHub runners providing a (potentially outdated) spread binary. Instead, check out a reference version and build a local binary to be used in the github CI test. Signed-off-by: Claudio Matsuoka --- .github/workflows/test.yaml | 28 +++++++++++++++++++++++++--- spread.yaml | 2 +- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9b09af5e..9422e961 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -11,13 +11,35 @@ on: jobs: run-tests: - runs-on: self-hosted + runs-on: [self-hosted] steps: - uses: actions/checkout@v4 - - name: Run tests + - name: Run unit tests run: | - spread google: + sudo snap install go --classic + go test -v ./... + + - name: Build local spread + run: | + mkdir spread-testing + cd spread-testing + git init + git remote add origin https://github.com/canonical/spread.git + # Pin spread to a known stable commit; update only after verification. + git fetch --depth=1 origin ae284792596e00d325a1787604fe4ec7e00574aa + git checkout FETCH_HEAD + go build -o spread-testing ./cmd/spread + sudo install -m755 spread-testing /usr/bin/spread + cd .. + rm -Rf spread-testing + + - name: Run spread tests + run: | + uname -a + trap 'rm -f /tmp/key.json' EXIT + (umask 177; echo "${{ secrets.SPREAD_GOOGLE_KEY }}" | base64 -d > /tmp/key.json) + /usr/bin/spread google: - name: Discard spread workers if: always() diff --git a/spread.yaml b/spread.yaml index 982e71c2..c5ee9d6b 100644 --- a/spread.yaml +++ b/spread.yaml @@ -16,7 +16,7 @@ environment: backends: google: - key: "$(HOST: echo $SPREAD_GOOGLE_KEY)" + key: /tmp/key.json location: snapd-spread/us-east1-b halt-timeout: 2h systems: From c23b77db0a674503e6f965294ebf09a4e1d53c10 Mon Sep 17 00:00:00 2001 From: Claudio Matsuoka Date: Wed, 25 Feb 2026 17:59:53 -0300 Subject: [PATCH 2/2] ci: use environment variable to pass secret Signed-off-by: Claudio Matsuoka --- .github/workflows/test.yaml | 6 ++---- spread.yaml | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9422e961..885d7a0e 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -11,7 +11,7 @@ on: jobs: run-tests: - runs-on: [self-hosted] + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -37,9 +37,7 @@ jobs: - name: Run spread tests run: | uname -a - trap 'rm -f /tmp/key.json' EXIT - (umask 177; echo "${{ secrets.SPREAD_GOOGLE_KEY }}" | base64 -d > /tmp/key.json) - /usr/bin/spread google: + SPREAD_GOOGLE_KEY=$(echo "${{ secrets.SPREAD_GOOGLE_KEY }}" | base64 -d) /usr/bin/spread google: - name: Discard spread workers if: always() diff --git a/spread.yaml b/spread.yaml index c5ee9d6b..982e71c2 100644 --- a/spread.yaml +++ b/spread.yaml @@ -16,7 +16,7 @@ environment: backends: google: - key: /tmp/key.json + key: "$(HOST: echo $SPREAD_GOOGLE_KEY)" location: snapd-spread/us-east1-b halt-timeout: 2h systems: