diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b5ddc2e1b4b..95b43a6698e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,114 +15,12 @@ on: pull_request: jobs: - test: - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - # Docker/Moby still builds runc with Go 1.13, so we should still support Go 1.13. - go-version: [1.13.x, 1.15.x, 1.16.x] - rootless: ["rootless", ""] - race: ["-race", ""] - - steps: - - - name: checkout - uses: actions/checkout@v2 - - - name: install deps - run: | - # criu repo - sudo add-apt-repository -y ppa:criu/ppa - # apt-add-repository runs apt update so we don't have to - sudo apt -q install libseccomp-dev criu - - - name: install go ${{ matrix.go-version }} - uses: actions/setup-go@v2 - with: - stable: '!contains(${{ matrix.go-version }}, "beta") && !contains(${{ matrix.go-version }}, "rc")' - go-version: ${{ matrix.go-version }} - - - name: build - run: sudo -E PATH="$PATH" make EXTRA_FLAGS="${{ matrix.race }}" all - - - name: install bats - uses: mig4/setup-bats@v1 - with: - bats-version: 1.3.0 - - - name: unit test - if: matrix.rootless != 'rootless' - run: sudo -E PATH="$PATH" -- make TESTFLAGS="${{ matrix.race }}" localunittest - - - name: add rootless user - if: matrix.rootless == 'rootless' - run: | - sudo useradd -u2000 -m -d/home/rootless -s/bin/bash rootless - # Allow root to execute `ssh rootless@localhost` in tests/rootless.sh - ssh-keygen -t ecdsa -N "" -f $HOME/rootless.key - sudo mkdir -m 0700 -p /home/rootless/.ssh - sudo cp $HOME/rootless.key.pub /home/rootless/.ssh/authorized_keys - sudo chown -R rootless.rootless /home/rootless - - - name: integration test (fs driver) - run: sudo -E PATH="$PATH" script -e -c 'make local${{ matrix.rootless }}integration' - - - name: integration test (systemd driver) - # can't use systemd driver with cgroupv1 - if: matrix.rootless != 'rootless' - run: sudo -E PATH="$PATH" script -e -c 'make RUNC_USE_SYSTEMD=yes local${{ matrix.rootless }}integration' - - - # cgroup v2 unified hierarchy + very recent kernel (openat2) - fedora: - # nested virtualization is only available on macOS hosts - runs-on: macos-10.15 - timeout-minutes: 30 - # only run it if others have passed - needs: [test] - steps: - - uses: actions/checkout@v2 - - - name: "Cache ~/.vagrant.d/boxes, using hash of Vagrantfile.fedora34" - uses: actions/cache@v2 - with: - path: ~/.vagrant.d/boxes - key: vagrant-${{ hashFiles('Vagrantfile.fedora34') }} - - - name: prepare vagrant - run: | - ln -sf Vagrantfile.fedora34 Vagrantfile - # Retry if it fails (download.fedoraproject.org returns 404 sometimes) - vagrant up || vagrant up - vagrant ssh-config >> ~/.ssh/config - - - name: system info - run: ssh default 'sh -exc "uname -a && systemctl --version && df -T"' - - - name: unit tests - run: ssh default 'cd /vagrant && sudo make localunittest' - - - name: cgroupv2 with systemd - run: ssh -tt default "sudo make -C /vagrant localintegration RUNC_USE_SYSTEMD=yes" - - - name: cgroupv2 with fs2 - run: ssh -tt default "sudo make -C /vagrant localintegration" - - - name: cgroupv2 with systemd (rootless) - run: ssh -tt default "sudo make -C /vagrant localrootlessintegration RUNC_USE_SYSTEMD=yes" - - - name: cgroupv2 with fs2 (rootless) - run: ssh -tt default "sudo make -C /vagrant localrootlessintegration" - # kernel 3.10 (frankenized), systemd 219 centos7: # nested virtualization is only available on macOS hosts runs-on: macos-10.15 timeout-minutes: 15 - # only run it if others have passed - needs: [test] steps: - uses: actions/checkout@v2 @@ -154,33 +52,3 @@ jobs: # FIXME: rootless is skipped because of EPERM on writing cgroup.procs if: false run: ssh default "sudo -i make -C /vagrant localrootlessintegration" - - # We need to continue support for 32-bit ARM. - # However, we do not have 32-bit ARM CI, so we use i386 for testing 32bit stuff. - # We are not interested in providing official support for i386. - cross-i386: - runs-on: ubuntu-20.04 - - steps: - - - name: checkout - uses: actions/checkout@v2 - - - name: install deps - run: | - sudo dpkg --add-architecture i386 - # add criu repo - sudo add-apt-repository -y ppa:criu/ppa - # apt-add-repository runs apt update so we don't have to. - - # Due to a bug in apt, we have to update it first - # (see https://bugs.launchpad.net/ubuntu-cdimage/+bug/1871268) - sudo apt -q install apt - sudo apt -q install libseccomp-dev libseccomp-dev:i386 gcc-multilib criu - - - name: install go - uses: actions/setup-go@v2 # use default Go version - - - name: unit test - # cgo is disabled by default when cross-compiling - run: sudo -E PATH="$PATH" -- make GOARCH=386 CGO_ENABLED=1 localunittest diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml deleted file mode 100644 index fa812413ad8..00000000000 --- a/.github/workflows/validate.yml +++ /dev/null @@ -1,162 +0,0 @@ -name: validate -on: - push: - tags: - - v* - branches: - - master - - release-* - pull_request: - -jobs: - - lint: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - - name: install deps - run: | - sudo apt -q update - sudo apt -q install libseccomp-dev - - uses: golangci/golangci-lint-action@v2 - with: - # must be specified without patch version - version: v1.40 - - shfmt: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - - name: vars - run: | - echo "VERSION=3.2.4" >> $GITHUB_ENV - echo "$(go env GOPATH)/bin" >> $GITHUB_PATH - - name: cache go mod and $GOCACHE - uses: actions/cache@v2 - with: - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-shfmt-${{ env.VERSION }} - restore-keys: ${{ runner.os }}-shfmt- - - name: install shfmt - run: | - command -v shfmt || \ - (cd ~ && GO111MODULE=on time go get mvdan.cc/sh/v3/cmd/shfmt@v$VERSION) - - name: shfmt - run: make shfmt - - shellcheck: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - - name: vars - run: | - echo 'VERSION=v0.7.2' >> $GITHUB_ENV - echo 'BASEURL=https://github.com/koalaman/shellcheck/releases/download' >> $GITHUB_ENV - echo 'SHA256SUM=12ee2e0b90a3d1e9cae24ac9b2838be66b48573cb2c8e8f3c566b959df6f050c' >> $GITHUB_ENV - echo ~/bin >> $GITHUB_PATH - - name: install shellcheck - run: | - mkdir ~/bin - curl -sSfL --retry 5 $BASEURL/$VERSION/shellcheck-$VERSION.linux.x86_64.tar.xz | - tar xfJ - -C ~/bin --strip 1 shellcheck-$VERSION/shellcheck - sha256sum ~/bin/shellcheck | grep -q $SHA256SUM - # make sure to remove the old version - sudo rm -f /usr/bin/shellcheck - - uses: lumaxis/shellcheck-problem-matchers@v1 - - name: shellcheck - run: | - make shellcheck - - deps: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - - name: cache go mod and $GOCACHE - uses: actions/cache@v2 - with: - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-go.sum-${{ hashFiles('**/go.sum') }} - restore-keys: ${{ runner.os }}-go.sum- - - name: verify deps - run: make verify-dependencies - - - commit: - runs-on: ubuntu-20.04 - # Only check commits on pull requests. - if: github.event_name == 'pull_request' - steps: - - name: get pr commits - id: 'get-pr-commits' - uses: tim-actions/get-pr-commits@v1.1.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: check subject line length - uses: tim-actions/commit-message-checker-with-regex@v0.3.1 - with: - commits: ${{ steps.get-pr-commits.outputs.commits }} - pattern: '^.{0,72}(\n.*)*$' - error: 'Subject too long (max 72)' - - - cross: - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - # We have to run this under Docker as Ubuntu (host) does not support all - # the architectures we want to compile test against, and Dockerfile uses - # Debian (which does). - # - # XXX: as currently this is the only job that is using Docker, we are - # building and using the runcimage locally. In case more jobs running - # under Docker will emerge, it will be good to have a separate make - # runcimage job and share its result (the docker image) with whoever - # needs it. - - uses: satackey/action-docker-layer-caching@v0.0.11 - continue-on-error: true - - name: build docker image - run: make runcimage - - name: cross - run: make cross - - - cfmt: - runs-on: ubuntu-20.04 - steps: - - name: checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: install deps - run: | - sudo apt -qq update - sudo apt -qq install indent - - name: cfmt - run: | - make cfmt - git diff --exit-code - - - release: - runs-on: ubuntu-20.04 - steps: - - name: checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: install deps - run: | - sudo apt -qq update - sudo apt -qq install gperf - - name: make release - run: make release - - name: upload artifacts - uses: actions/upload-artifact@v2 - with: - name: release-${{ github.run_id }} - path: release/* diff --git a/tests/integration/update.bats b/tests/integration/update.bats index d51e93d0d47..e96d910013e 100644 --- a/tests/integration/update.bats +++ b/tests/integration/update.bats @@ -623,7 +623,7 @@ EOF # Trigger an update. This update doesn't actually change the device rules, # but it will trigger the devices cgroup code to reapply the current rules. # We trigger the update a few times to make sure we hit the race. - for _ in {1..30}; do + for _ in {1..300}; do # TODO: Update "runc update" so we can change the device rules. runc update --pids-limit 30 test_update [ "$status" -eq 0 ]