Add taskfile for building and running tests

.github/workflows/ci.yml

@@ -37,8 +37,11 @@ jobs:
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
+      - uses: go-task/setup-task@01a4adf9db2d14c1de7a560f09170b6e0df736aa  # v2.1.0
+        with:
+          version: 3.x
       - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd  # v4.0.0
-      - run: make validate
+      - run: task validate
 
   #
   # Project checks
@@ -58,15 +61,18 @@ jobs:
         with:
           go-version-file: 'src/github.com/containerd/nerdbox/.github/.tool-versions'
 
+      - uses: go-task/setup-task@01a4adf9db2d14c1de7a560f09170b6e0df736aa  # v2.1.0
+        with:
+          version: 3.x
+
       - uses: containerd/project-checks@d7751f3c375b8fe4a84c02a068184ee4c1f59bc4  # v1.2.2
         if: github.repository == 'containerd/nerdbox'
         with:
           working-directory: src/github.com/containerd/nerdbox
           repo-access-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: verify go modules and vendor directory
-        run: |
-          make verify-vendor
+        run: task verify-vendor
         working-directory: src/github.com/containerd/nerdbox
 
   #
@@ -89,9 +95,12 @@ jobs:
         with:
           go-version-file: '.github/.tool-versions'
 
+      - uses: go-task/setup-task@01a4adf9db2d14c1de7a560f09170b6e0df736aa  # v2.1.0
+        with:
+          version: 3.x
+
       - name: Run unit tests
-        shell: bash
-        run: make test-unit
+        run: task test:unit
 
   #
   # Protobuf checks
@@ -126,9 +135,14 @@ jobs:
           echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
           echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
 
+      - uses: go-task/setup-task@01a4adf9db2d14c1de7a560f09170b6e0df736aa  # v2.1.0
+        with:
+          version: 3.x
+
       - run: script/install-proto-tools
-      - run: make proto-fmt
-      - run: make check-protos check-api-descriptors
+      - run: task proto-fmt
+      - run: task check-protos
+      - run: task check-api-descriptors
 
   #
   # Build kernels on cache miss
@@ -259,10 +273,17 @@ jobs:
         with:
           go-version-file: '.github/.tool-versions'
 
+      - uses: go-task/setup-task@01a4adf9db2d14c1de7a560f09170b6e0df736aa  # v2.1.0
+        with:
+          version: 3.x
+
+      - name: Install gotestsum
+        run: go install gotest.tools/gotestsum@v1.13.0
+
       - name: Verify user namespaces not restricted
         run: |
           go build -o _output/userns-check ./script/userns-check
           _output/userns-check
 
       - name: Run integration tests
-        run: go test -v ./integration/...
+        run: task test:integration

.gitignore

@@ -1,2 +1,3 @@
 _output
 kernel/*.old
+.task

Makefile

@@ -16,6 +16,10 @@ GO ?= go
 DOCKER ?= docker
 BUILDX ?= $(DOCKER) buildx
 
+ifeq (,$(shell command -v task 2>/dev/null))
+$(error 'task' is required to build nerdbox. Install from https://taskfile.dev)
+endif
+
 ROOTDIR=$(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST)))))
 
 WHALE = "🇩"
@@ -58,15 +62,10 @@ API_PACKAGES=$(shell ($(GO) list ${GO_TAGS} ./... | grep /api/ ))
 all: build
 
 build:
-	@echo "$(WHALE) $@"
-	HOST_OS=$(shell uname -s | tr '[:upper:]' '[:lower:]') KERNEL_ARCH=$(ARCH) $(BUILDX) bake
+	@task build
 
 _output/containerd-shim-nerdbox-v1: cmd/containerd-shim-nerdbox-v1 FORCE
-	@echo "$(WHALE) $@"
-	$(GO) build ${DEBUG_GO_GCFLAGS} ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@ ${GO_LDFLAGS} ${GO_TAGS} ./$<
-ifeq ($(OS),Darwin)
-	codesign --entitlements cmd/containerd-shim-nerdbox-v1/containerd-shim-nerdbox-v1.entitlements --force -s - $@
-endif
+	@task build:shim
 
 _output/containerd-shim-nerdbox-v1.exe: cmd/containerd-shim-nerdbox-v1 FORCE
 	@echo "$(WHALE) $@"
@@ -77,15 +76,10 @@ _output/vminitd: cmd/vminitd FORCE
 	$(GO) build ${DEBUG_GO_GCFLAGS} ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@ ${GO_STATIC_LDFLAGS} ${GO_STATIC_TAGS}  ./$<
 
 _output/nerdbox-initrd: cmd/vminitd FORCE
-	@echo "$(WHALE) $@"
-	$(BUILDX) bake initrd
+	@task build:initrd
 
 _output/integration.test: integration FORCE
-	@echo "$(WHALE) $@"
-	$(GO) test -c -o $@ ${GO_LDFLAGS} ${GO_TAGS} ./integration
-ifeq ($(OS),Darwin)
-	codesign --entitlements cmd/containerd-shim-nerdbox-v1/containerd-shim-nerdbox-v1.entitlements --force -s - $@
-endif
+	@task build:integration
 
 _output/test_vminitd: cmd/test_vminitd FORCE
 	@echo "$(WHALE) $@"
@@ -106,32 +100,19 @@ _output/libkrun.so: FORCE
 
 
 generate: protos
-	@echo "$(WHALE) $@"
-	@PATH="${ROOTDIR}/bin:${PATH}" $(GO) generate -x ${PACKAGES}
+	@task generate
 
 protos:
-	@echo "$(WHALE) $@"
-	@(cd ${ROOTDIR}/api && PATH="${ROOTDIR}/bin:${PATH}" buf generate)
-	@(cd ${ROOTDIR}/api && buf build --exclude-imports -o next.txtpb)
-	go-fix-acronym -w -a '^Os' $(shell find api/ -name '*.pb.go')
-	go-fix-acronym -w -a '(Id|Io|Uuid|Os)$$' $(shell find api/ -name '*.pb.go')
+	@task protos
 
 check-protos: protos ## check if protobufs needs to be generated again
-	@echo "$(WHALE) $@"
-	@test -z "$$(git status --short | grep ".pb.go" | tee /dev/stderr)" || \
-		((git diff | cat) && \
-		(echo "$(ONI) please run 'make protos' when making changes to proto files" && false))
+	@task check-protos
 
 check-api-descriptors: protos ## check that protobuf changes aren't present.
-	@echo "$(WHALE) $@"
-	@test -z "$$(git status --short | grep ".txtpb" | tee /dev/stderr)" || \
-		((git diff $$(find . -name '*.txtpb') | cat) && \
-		(echo "$(ONI) please run 'make protos' when making changes to proto files and check-in the generated descriptor file changes" && false))
+	@task check-api-descriptors
 
 proto-fmt: ## check format of proto files
-	@echo "$(WHALE) $@"
-	@test -z "$$(find . -name '*.proto' -type f -exec grep -Hn -e "^ " {} \; | tee /dev/stderr)" || \
-		(echo "$(ONI) please indent proto files with tabs only" && false)
+	@task proto-fmt
 
 menuconfig:
 ifeq ($(KERNEL_VERSION),)
@@ -152,13 +133,13 @@ endif
 FORCE:
 
 validate:
-	@$(BUILDX) bake validate
+	@task validate
 
 lint:
-	@$(BUILDX) bake lint
+	@task lint
 
 clean:
-	rm -rf _output
+	@task clean
 
 shell:
 	@echo "$(WHALE) $@"
@@ -174,17 +155,10 @@ shell:
 		nerdbox-dev
 
 verify-vendor: ## verify if all the go.mod/go.sum files are up-to-date
-	@echo "$(WHALE) $@"
-	$(eval TMPDIR := $(shell mktemp -d))
-	@cp -R ${ROOTDIR} ${TMPDIR}
-	@(cd ${TMPDIR}/nerdbox && ${GO} mod tidy)
-	@(cd ${TMPDIR}/nerdbox && ${GO} mod verify)
-	diff -r -u ${ROOTDIR} ${TMPDIR}/nerdbox
-	@rm -rf ${TMPDIR}
+	@task verify-vendor
 
 test-unit:
-	go test -count=1 $(shell go list ./... | grep -v /integration)
+	@task test:unit
 
 test-integration: _output/integration.test
-	@echo "$(WHALE) $@"
-	gotestsum -f testname --raw-command ./integration/test.sh
+	@task test:integration

Taskfile.yml

@@ -0,0 +1,149 @@
+version: '3'
+
+vars:
+  OUTPUT_DIR: '_output'
+  GO_TAGS: '-tags "no_grpc"'
+  LDFLAGS: '-s -w'
+  GO_LDFLAGS: '-ldflags "{{.LDFLAGS}}"'
+  # Map Go's GOARCH to the kernel arch naming convention (amd64 → x86_64).
+  KERNEL_ARCH:
+    sh: 'a=$(go env GOARCH); case "$a" in amd64) echo x86_64;; *) echo "$a";; esac'
+
+tasks:
+  default:
+    desc: Build all outputs via Docker Buildx Bake
+    deps: [build]
+
+  #
+  # Build tasks
+  #
+  build:
+    desc: Build all outputs via Docker Buildx Bake
+    cmds:
+      - HOST_OS={{OS}} KERNEL_ARCH={{.KERNEL_ARCH}} docker buildx bake
+
+  build:shim:
+    desc: Build containerd-shim-nerdbox-v1 for the current platform
+    cmds:
+      - mkdir -p {{.OUTPUT_DIR}}
+      - go build {{.GO_TAGS}} {{.GO_LDFLAGS}} -o {{.OUTPUT_DIR}}/containerd-shim-nerdbox-v1{{if eq OS "windows"}}.exe{{end}} ./cmd/containerd-shim-nerdbox-v1
+      - cmd: codesign --entitlements cmd/containerd-shim-nerdbox-v1/containerd-shim-nerdbox-v1.entitlements --force -s - {{.OUTPUT_DIR}}/containerd-shim-nerdbox-v1
+        platforms: [darwin]
+
+  build:guest:
+    desc: Build guest artifacts (kernel and initrd) via Docker Buildx Bake
+    cmds:
+      - KERNEL_ARCH={{.KERNEL_ARCH}} docker buildx bake kernel initrd
+
+  build:initrd:
+    desc: Build the nerdbox initrd via Docker Buildx Bake
+    cmds:
+      - KERNEL_ARCH={{.KERNEL_ARCH}} docker buildx bake initrd
+
+  build:integration:
+    desc: Build the integration test binary
+    cmds:
+      - mkdir -p {{.OUTPUT_DIR}}
+      - go test -c -o {{.OUTPUT_DIR}}/integration.test{{if eq OS "windows"}}.exe{{end}} {{.GO_LDFLAGS}} {{.GO_TAGS}} ./integration
+      - cmd: codesign --entitlements cmd/containerd-shim-nerdbox-v1/containerd-shim-nerdbox-v1.entitlements --force -s - {{.OUTPUT_DIR}}/integration.test
+        platforms: [darwin]
+
+  #
+  # Test tasks
+  #
+  test:unit:
+    desc: Run unit tests (excludes integration package)
+    cmds:
+      - go test -count=1 ./api/... ./cmd/... ./internal/... ./pkg/... ./plugins/...
+
+  test:integration:
+    desc: "Run integration tests (each test in its own process). Extra flags are forwarded to the test binary: task test:integration -- -run TestSystemInfo -v"
+    deps: [build:integration]
+    vars:
+      # When -v is in the extra flags, switch gotestsum to standard-verbose so
+      # t.Log() output is shown; otherwise testname format suppresses it.
+      GOTESTSUM_FORMAT:
+        sh: |
+          case " {{.CLI_ARGS}} " in *" -v "*|*" -v") echo standard-verbose ;; *) echo testname ;; esac
+    env:
+      TESTFLAGS: '{{.CLI_ARGS}}'
+    cmds:
+      - cmd: gotestsum -f {{.GOTESTSUM_FORMAT}} --raw-command bash integration/test.sh
+        platforms: [darwin, linux]
+      - cmd: gotestsum -f {{.GOTESTSUM_FORMAT}} --raw-command powershell -ExecutionPolicy Bypass -File integration/test.ps1
+        platforms: [windows]
+
+  #
+  # Code quality tasks
+  #
+  validate:
+    desc: Validate via Docker Buildx Bake
+    cmds:
+      - docker buildx bake validate
+
+  lint:
+    desc: Run linters via Docker Buildx Bake
+    cmds:
+      - docker buildx bake lint
+
+  protos:
+    desc: Regenerate protobuf bindings
+    dir: api
+    cmds:
+      - buf generate
+      - buf build --exclude-imports -o next.txtpb
+      - go-fix-acronym -w -a '^Os' $(find . -name '*.pb.go')
+      - go-fix-acronym -w -a '(Id|Io|Uuid|Os)$' $(find . -name '*.pb.go')
+
+  generate:
+    desc: Regenerate all derived artifacts (protobuf)
+    deps: [protos]
+
+  check-protos:
+    desc: Verify protobuf bindings are up to date
+    deps: [protos]
+    cmds:
+      - cmd: |
+          if [ -n "$(git status --short | grep ".pb.go")" ]; then
+            git diff | cat
+            echo "please run 'task protos' when making changes to proto files"
+            exit 1
+          fi
+
+  check-api-descriptors:
+    desc: Verify protobuf descriptor files are up to date
+    deps: [protos]
+    cmds:
+      - cmd: |
+          if [ -n "$(git status --short | grep ".txtpb")" ]; then
+            git diff $(find . -name '*.txtpb') | cat
+            echo "please run 'task protos' when making changes to proto files and check-in the generated descriptor file changes"
+            exit 1
+          fi
+
+  proto-fmt:
+    desc: Check proto files use tabs (not spaces) for indentation
+    cmds:
+      - cmd: |
+          if [ -n "$(find . -name '*.proto' -type f -exec grep -Hn -e "^ " {} \;)" ]; then
+            echo "please indent proto files with tabs only"
+            exit 1
+          fi
+
+  verify-vendor:
+    desc: Verify go.mod/go.sum and vendor directory are up to date
+    cmds:
+      - cmd: |
+          tmpdir=$(mktemp -d)
+          cp -R . "$tmpdir/nerdbox"
+          (cd "$tmpdir/nerdbox" && go mod tidy && go mod verify)
+          diff -r -u . "$tmpdir/nerdbox" || (rm -rf "$tmpdir" && exit 1)
+          rm -rf "$tmpdir"
+
+  #
+  # Clean
+  #
+  clean:
+    desc: Remove all build outputs
+    cmds:
+      - rm -rf {{.OUTPUT_DIR}}