From 57db12fd9a6f5aac5c20ab72ec625daa5e9a13e0 Mon Sep 17 00:00:00 2001
From: Kyle Harding <kyle@balena.io>
Date: Thu, 18 Apr 2024 10:21:20 -0400
Subject: [PATCH] Skip tests on aarch64 where nested KVM is not available

We don't have any ARM64 GitHub VM runners with KVM, as nested
KVM is currently only available on x86_64.

Previously we were testing with containerized runners
so they had access to the host kernel, but it is insecure
to use self-hosted runners on public repositories such
as this.

Signed-off-by: Kyle Harding <kyle@balena.io>
---
 .github/workflows/flowzone.yml | 4 ++--
 docker-compose.test.yml        | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/flowzone.yml b/.github/workflows/flowzone.yml
index f7722ff..0187b03 100644
--- a/.github/workflows/flowzone.yml
+++ b/.github/workflows/flowzone.yml
@@ -26,8 +26,8 @@ jobs:
     with:
       docker_runs_on: >
         {
-          "linux/amd64": ["self-hosted","runtime:container","X64"],
-          "linux/arm64": ["self-hosted","runtime:container","ARM64"]
+          "linux/amd64": ["self-hosted","X64"],
+          "linux/arm64": ["self-hosted","ARM64"]
         }
       docker_images: >
         ghcr.io/balena-io-experimental/container-jail
diff --git a/docker-compose.test.yml b/docker-compose.test.yml
index 62aa367..f0be24f 100644
--- a/docker-compose.test.yml
+++ b/docker-compose.test.yml
@@ -19,6 +19,11 @@ services:
       - /bin/sh
       - -c
       - |
+        if [[ "$(uname -m)" != "x86_64" ]] && [[ -z "$(ls /dev/kvm)" ]]; then
+          echo "Nested KVM unavailable on this architecture!"
+          exit 0
+        fi
+
         set -ex
         apk add --no-cache docker-cli-compose