forked from adamlaska/runc
-
Notifications
You must be signed in to change notification settings - Fork 0
185 lines (147 loc) · 6 KB
/
test.yml
File metadata and controls
185 lines (147 loc) · 6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# NOTE Github Actions execution environments lack a terminal, needed for
# some integration tests. Two ways to get a terminal are used below:
#
# 1. script utility -- for "local" integration tests;
# 2. ssh -tt -- for Vagrant VMs (script is buggy on CentOS 7).
name: ci
on:
push:
tags:
- v*
branches:
- master
pull_request:
jobs:
test:
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
# Docker/Moby still builds runc with Go 1.13, so we should still support Go 1.13.
go-version: [1.13.x, 1.15.x, 1.16.x]
rootless: ["rootless", ""]
race: ["-race", ""]
steps:
- name: checkout
uses: actions/checkout@v2
- name: install deps
run: |
# criu repo
sudo add-apt-repository -y ppa:criu/ppa
# apt-add-repository runs apt update so we don't have to
sudo apt -q install libseccomp-dev criu
- name: install go ${{ matrix.go-version }}
uses: actions/setup-go@v2
with:
stable: '!contains(${{ matrix.go-version }}, "beta") && !contains(${{ matrix.go-version }}, "rc")'
go-version: ${{ matrix.go-version }}
- name: build
run: sudo -E PATH="$PATH" make EXTRA_FLAGS="${{ matrix.race }}" all
- name: install bats
uses: mig4/setup-bats@v1
with:
bats-version: 1.3.0
- name: unit test
if: matrix.rootless != 'rootless'
run: sudo -E PATH="$PATH" -- make TESTFLAGS="${{ matrix.race }}" localunittest
- name: add rootless user
if: matrix.rootless == 'rootless'
run: |
sudo useradd -u2000 -m -d/home/rootless -s/bin/bash rootless
# Allow root to execute `ssh rootless@localhost` in tests/rootless.sh
ssh-keygen -t ecdsa -N "" -f $HOME/rootless.key
sudo mkdir -m 0700 -p /home/rootless/.ssh
sudo cp $HOME/rootless.key.pub /home/rootless/.ssh/authorized_keys
sudo chown -R rootless.rootless /home/rootless
- name: integration test (fs driver)
run: sudo -E PATH="$PATH" script -e -c 'make local${{ matrix.rootless }}integration'
- name: integration test (systemd driver)
# can't use systemd driver with cgroupv1
if: matrix.rootless != 'rootless'
run: sudo -E PATH="$PATH" script -e -c 'make RUNC_USE_SYSTEMD=yes local${{ matrix.rootless }}integration'
# cgroup v2 unified hierarchy + very recent kernel (openat2)
fedora:
# nested virtualization is only available on macOS hosts
runs-on: macos-10.15
timeout-minutes: 30
# only run it if others have passed
needs: [test]
steps:
- uses: actions/checkout@v2
- name: "Cache ~/.vagrant.d/boxes, using hash of Vagrantfile.fedora34"
uses: actions/cache@v2
with:
path: ~/.vagrant.d/boxes
key: vagrant-${{ hashFiles('Vagrantfile.fedora34') }}
- name: prepare vagrant
run: |
ln -sf Vagrantfile.fedora34 Vagrantfile
# Retry if it fails (download.fedoraproject.org returns 404 sometimes)
vagrant up || vagrant up
vagrant ssh-config >> ~/.ssh/config
- name: system info
run: ssh default 'sh -exc "uname -a && systemctl --version && df -T"'
- name: unit tests
run: ssh default 'cd /vagrant && sudo make localunittest'
- name: cgroupv2 with systemd
run: ssh -tt default "sudo make -C /vagrant localintegration RUNC_USE_SYSTEMD=yes"
- name: cgroupv2 with fs2
run: ssh -tt default "sudo make -C /vagrant localintegration"
- name: cgroupv2 with systemd (rootless)
run: ssh -tt default "sudo make -C /vagrant localrootlessintegration RUNC_USE_SYSTEMD=yes"
- name: cgroupv2 with fs2 (rootless)
run: ssh -tt default "sudo make -C /vagrant localrootlessintegration"
# kernel 3.10 (frankenized), systemd 219
centos7:
# nested virtualization is only available on macOS hosts
runs-on: macos-10.15
timeout-minutes: 15
# only run it if others have passed
needs: [test]
steps:
- uses: actions/checkout@v2
- name: "Cache ~/.vagrant.d/boxes, using hash of Vagrantfile.centos7"
uses: actions/cache@v2
with:
path: ~/.vagrant.d/boxes
key: vagrant-${{ hashFiles('Vagrantfile.centos7') }}
- name: prepare vagrant
run: |
ln -sf Vagrantfile.centos7 Vagrantfile
vagrant up
vagrant ssh-config >> ~/.ssh/config
- name: system info
run: ssh default 'rpm -q centos-release kernel systemd'
- name: unit tests
run: ssh default 'sudo -i make -C /vagrant localunittest'
- name: integration tests (fs cgroup driver)
run: ssh -tt default "sudo -i make -C /vagrant localintegration"
- name: integration tests (systemd cgroup driver)
run: ssh -tt default "sudo -i make -C /vagrant localintegration RUNC_USE_SYSTEMD=1"
- name: rootless integration
# FIXME: rootless is skipped because of EPERM on writing cgroup.procs
if: false
run: ssh default "sudo -i make -C /vagrant localrootlessintegration"
# We need to continue support for 32-bit ARM.
# However, we do not have 32-bit ARM CI, so we use i386 for testing 32bit stuff.
# We are not interested in providing official support for i386.
cross-i386:
runs-on: ubuntu-20.04
steps:
- name: checkout
uses: actions/checkout@v2
- name: install deps
run: |
sudo dpkg --add-architecture i386
# add criu repo
sudo add-apt-repository -y ppa:criu/ppa
# apt-add-repository runs apt update so we don't have to.
# Due to a bug in apt, we have to update it first
# (see https://bugs.launchpad.net/ubuntu-cdimage/+bug/1871268)
sudo apt -q install apt
sudo apt -q install libseccomp-dev libseccomp-dev:i386 gcc-multilib criu
- name: install go
uses: actions/setup-go@v2 # use default Go version
- name: unit test
# cgo is disabled by default when cross-compiling
run: sudo -E PATH="$PATH" -- make GOARCH=386 CGO_ENABLED=1 localunittest