-
Notifications
You must be signed in to change notification settings - Fork 614
421 lines (408 loc) · 16.7 KB
/
test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
name: test
on:
push:
branches:
- main
- 'release/**'
pull_request:
paths-ignore:
- '**.md'
env:
GO_VERSION: 1.23.x
SHORT_TIMEOUT: 5
LONG_TIMEOUT: 60
jobs:
# This job builds the dependency target of the test docker image for all supported architectures and cache it in GHA
build-dependencies:
timeout-minutes: 15
name: dependencies | ${{ matrix.containerd }} | ${{ matrix.arch }}
runs-on: "${{ matrix.runner }}"
strategy:
fail-fast: false
matrix:
include:
- runner: ubuntu-24.04
containerd: v1.6.36
arch: amd64
- runner: ubuntu-24.04
containerd: v1.7.24
arch: amd64
- runner: ubuntu-24.04
containerd: v2.0.0
arch: amd64
- runner: arm64-8core-32gb
containerd: v2.0.0
arch: arm64
env:
CONTAINERD_VERSION: "${{ matrix.containerd }}"
ARCH: "${{ matrix.arch }}"
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- name: "Expose GitHub Runtime variables for gha"
uses: crazy-max/ghaction-github-runtime@v3
- name: "Build dependencies for the integration test environment image"
run: |
docker buildx create --name with-gha --use
docker buildx build \
--output=type=docker \
--cache-to type=gha,mode=max,scope=${ARCH}-${CONTAINERD_VERSION} \
--cache-from type=gha,scope=${ARCH}-${CONTAINERD_VERSION} \
--target build-dependencies --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} .
test-unit:
# FIXME:
# Supposed to work: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions#example-returning-a-json-data-type
# Apparently does not
# timeout-minutes: ${{ fromJSON(env.SHORT_TIMEOUT) }}
timeout-minutes: 10
name: unit | ${{ matrix.goos }}
runs-on: "${{ matrix.os }}"
defaults:
run:
shell: bash
strategy:
matrix:
include:
- os: windows-2022
goos: windows
- os: ubuntu-24.04
goos: linux
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- if: ${{ matrix.goos=='windows' }}
uses: actions/[email protected]
with:
repository: containerd/containerd
ref: v1.7.24
path: containerd
fetch-depth: 1
- if: ${{ matrix.goos=='windows' }}
name: "Set up CNI"
working-directory: containerd
run: GOPATH=$(go env GOPATH) script/setup/install-cni-windows
- name: "Run unit tests"
run: make test-unit
test-integration:
needs: build-dependencies
timeout-minutes: 30
name: rootful | ${{ matrix.containerd }} | ${{ matrix.runner }}
runs-on: "${{ matrix.runner }}"
strategy:
fail-fast: false
matrix:
# ubuntu-20.04: cgroup v1, ubuntu-22.04 and later: cgroup v2
include:
- ubuntu: 20.04
containerd: v1.6.36
runner: "ubuntu-20.04"
arch: amd64
- ubuntu: 22.04
containerd: v1.7.24
runner: "ubuntu-22.04"
arch: amd64
- ubuntu: 24.04
containerd: v2.0.0
runner: "ubuntu-24.04"
arch: amd64
- ubuntu: 24.04
containerd: v2.0.0
runner: arm64-8core-32gb
arch: arm64
env:
CONTAINERD_VERSION: "${{ matrix.containerd }}"
ARCH: "${{ matrix.arch }}"
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- name: "Expose GitHub Runtime variables for gha"
uses: crazy-max/ghaction-github-runtime@v3
- name: "Prepare integration test environment"
run: |
docker buildx create --name with-gha --use
docker buildx build \
--output=type=docker \
--cache-from type=gha,scope=${ARCH}-${CONTAINERD_VERSION} \
-t test-integration --target test-integration --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} .
- name: "Remove snap loopback devices (conflicts with our loopback devices in TestRunDevice)"
run: |
sudo systemctl disable --now snapd.service snapd.socket
sudo apt-get purge -y snapd
sudo losetup -Dv
sudo losetup -lv
- name: "Register QEMU (tonistiigi/binfmt)"
run: |
# `--install all` will only install emulation for architectures that cannot be natively executed
# Since some arm64 platforms do provide native fallback execution for 32 bits,
# armv7 emulation may or may not be installed, causing variance in the result of `uname -m`.
# To avoid that, we explicitly list the architectures we do want emulation for.
docker run --privileged --rm tonistiigi/binfmt --install linux/amd64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
- name: "Run integration tests"
run: docker run -t --rm --privileged test-integration ./hack/test-integration.sh -test.only-flaky=false
- name: "Run integration tests (flaky)"
run: docker run -t --rm --privileged test-integration ./hack/test-integration.sh -test.only-flaky=true
test-integration-ipv6:
needs: build-dependencies
timeout-minutes: 10
name: ipv6 | ${{ matrix.containerd }} | ${{ matrix.ubuntu }}
runs-on: "ubuntu-${{ matrix.ubuntu }}"
strategy:
fail-fast: false
matrix:
include:
- ubuntu: 24.04
containerd: v2.0.0
arch: amd64
env:
CONTAINERD_VERSION: "${{ matrix.containerd }}"
ARCH: "${{ matrix.arch }}"
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- name: Enable ipv4 and ipv6 forwarding
run: |
sudo sysctl -w net.ipv6.conf.all.forwarding=1
sudo sysctl -w net.ipv4.ip_forward=1
- name: "Expose GitHub Runtime variables for gha"
uses: crazy-max/ghaction-github-runtime@v3
- name: Enable IPv6 for Docker, and configure docker to use containerd for gha
run: |
sudo mkdir -p /etc/docker
echo '{"ipv6": true, "fixed-cidr-v6": "2001:db8:1::/64", "experimental": true, "ip6tables": true}' | sudo tee /etc/docker/daemon.json
sudo systemctl restart docker
- name: "Prepare integration test environment"
run: |
docker buildx create --name with-gha --use
docker buildx build \
--output=type=docker \
--cache-from type=gha,scope=${ARCH}-${CONTAINERD_VERSION} \
-t test-integration --target test-integration --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} .
- name: "Remove snap loopback devices (conflicts with our loopback devices in TestRunDevice)"
run: |
sudo systemctl disable --now snapd.service snapd.socket
sudo apt-get purge -y snapd
sudo losetup -Dv
sudo losetup -lv
- name: "Register QEMU (tonistiigi/binfmt)"
run: |
# `--install all` will only install emulation for architectures that cannot be natively executed
# Since some arm64 platforms do provide native fallback execution for 32 bits,
# armv7 emulation may or may not be installed, causing variance in the result of `uname -m`.
# To avoid that, we explicitly list the architectures we do want emulation for.
docker run --privileged --rm tonistiigi/binfmt --install linux/amd64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
- name: "Run integration tests"
# The nested IPv6 network inside docker and qemu is complex and needs a bunch of sysctl config.
# Therefore, it's hard to debug why the IPv6 tests fail in such an isolation layer.
# On the other side, using the host network is easier at configuration.
# Besides, each job is running on a different instance, which means using host network here
# is safe and has no side effects on others.
run: docker run --network host -t --rm --privileged test-integration ./hack/test-integration.sh -test.only-ipv6
test-integration-rootless:
needs: build-dependencies
timeout-minutes: 30
name: "${{ matrix.target }} | ${{ matrix.containerd }} | ${{ matrix.rootlesskit }} | ${{ matrix.ubuntu }}"
runs-on: "ubuntu-${{ matrix.ubuntu }}"
strategy:
fail-fast: false
matrix:
# ubuntu-20.04: cgroup v1, ubuntu-22.04 and later: cgroup v2
include:
- ubuntu: 20.04
containerd: v1.6.36
rootlesskit: v1.1.1 # Deprecated
target: rootless
arch: amd64
- ubuntu: 22.04
containerd: v1.7.24
rootlesskit: v2.3.1
target: rootless
arch: amd64
- ubuntu: 24.04
containerd: v2.0.0
rootlesskit: v2.3.1
target: rootless
arch: amd64
- ubuntu: 24.04
containerd: v1.7.24
rootlesskit: v2.3.1
target: rootless-port-slirp4netns
arch: amd64
env:
CONTAINERD_VERSION: "${{ matrix.containerd }}"
ARCH: "${{ matrix.arch }}"
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
ROOTLESSKIT_VERSION: "${{ matrix.rootlesskit }}"
TEST_TARGET: "test-integration-${{ matrix.target }}"
steps:
- name: "Set up AppArmor"
if: matrix.ubuntu == '24.04'
run: |
cat <<EOT | sudo tee "/etc/apparmor.d/usr.local.bin.rootlesskit"
abi <abi/4.0>,
include <tunables/global>
/usr/local/bin/rootlesskit flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.local.bin.rootlesskit>
}
EOT
sudo systemctl restart apparmor.service
- uses: actions/[email protected]
with:
fetch-depth: 1
- name: "Register QEMU (tonistiigi/binfmt)"
run: |
# `--install all` will only install emulation for architectures that cannot be natively executed
# Since some arm64 platforms do provide native fallback execution for 32 bits,
# armv7 emulation may or may not be installed, causing variance in the result of `uname -m`.
# To avoid that, we explicitly list the architectures we do want emulation for.
docker run --privileged --rm tonistiigi/binfmt --install linux/amd64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
- name: "Expose GitHub Runtime variables for gha"
uses: crazy-max/ghaction-github-runtime@v3
- name: "Prepare (network driver=slirp4netns, port driver=builtin)"
run: |
docker buildx create --name with-gha --use
docker buildx build \
--output=type=docker \
--cache-from type=gha,scope=${ARCH}-${CONTAINERD_VERSION} \
-t ${TEST_TARGET} --target ${TEST_TARGET} --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} --build-arg ROOTLESSKIT_VERSION=${ROOTLESSKIT_VERSION} .
- name: "Disable BuildKit for RootlessKit v1 (workaround for issue #622)"
run: |
# https://github.com/containerd/nerdctl/issues/622
WORKAROUND_ISSUE_622=
if echo "${ROOTLESSKIT_VERSION}" | grep -q v1; then
WORKAROUND_ISSUE_622=1
fi
echo "WORKAROUND_ISSUE_622=${WORKAROUND_ISSUE_622}" >> "$GITHUB_ENV"
- name: "Test (network driver=slirp4netns, port driver=builtin)"
run: docker run -t --rm --privileged -e WORKAROUND_ISSUE_622=${WORKAROUND_ISSUE_622} ${TEST_TARGET} /test-integration-rootless.sh ./hack/test-integration.sh -test.only-flaky=false
- name: "Test (network driver=slirp4netns, port driver=builtin) (flaky)"
run: docker run -t --rm --privileged -e WORKAROUND_ISSUE_622=${WORKAROUND_ISSUE_622} ${TEST_TARGET} /test-integration-rootless.sh ./hack/test-integration.sh -test.only-flaky=true
build:
timeout-minutes: 5
name: "build | ${{ matrix.go-version }}"
runs-on: ubuntu-24.04
strategy:
matrix:
go-version: ["1.22.x", "1.23.x"]
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
cache: true
check-latest: true
- name: "build"
run: GO_VERSION="$(echo ${{ matrix.go-version }} | sed -e s/.x//)" make binaries
test-integration-docker-compatibility:
timeout-minutes: 30
name: docker
runs-on: ubuntu-24.04
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
check-latest: true
- name: "Register QEMU (tonistiigi/binfmt)"
run: |
# `--install all` will only install emulation for architectures that cannot be natively executed
# Since some arm64 platforms do provide native fallback execution for 32 bits,
# armv7 emulation may or may not be installed, causing variance in the result of `uname -m`.
# To avoid that, we explicitly list the architectures we do want emulation for.
docker run --privileged --rm tonistiigi/binfmt --install linux/amd64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
- name: "Prepare integration test environment"
run: |
sudo apt-get install -y expect
go install -v gotest.tools/gotestsum@v1
- name: "Ensure that the integration test suite is compatible with Docker"
run: WITH_SUDO=true ./hack/test-integration.sh -test.target=docker
- name: "Ensure that the IPv6 integration test suite is compatible with Docker"
run: WITH_SUDO=true ./hack/test-integration.sh -test.target=docker -test.only-ipv6
- name: "Ensure that the integration test suite is compatible with Docker (flaky only)"
run: WITH_SUDO=true ./hack/test-integration.sh -test.target=docker -test.only-flaky
test-integration-windows:
timeout-minutes: 30
name: windows
runs-on: windows-2022
defaults:
run:
shell: bash
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
check-latest: true
- run: go install ./cmd/nerdctl
- run: go install -v gotest.tools/gotestsum@v1
- uses: actions/[email protected]
with:
repository: containerd/containerd
ref: v1.7.24
path: containerd
fetch-depth: 1
- name: "Set up CNI"
working-directory: containerd
run: GOPATH=$(go env GOPATH) script/setup/install-cni-windows
- name: "Set up containerd"
env:
ctrdVersion: 1.7.24
run: powershell hack/configure-windows-ci.ps1
- name: "Run integration tests"
run: ./hack/test-integration.sh -test.only-flaky=false
- name: "Run integration tests (flaky)"
run: ./hack/test-integration.sh -test.only-flaky=true
test-integration-freebsd:
timeout-minutes: 30
name: FreeBSD
# ubuntu-24.04 lacks the vagrant package
runs-on: ubuntu-22.04
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/cache@v4
with:
path: /root/.vagrant.d
key: vagrant-${{ matrix.box }}
- name: Set up vagrant
run: |
sudo apt-get update
sudo apt-get install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt
sudo systemctl enable --now libvirtd
- name: Boot VM
run: |
ln -sf Vagrantfile.freebsd Vagrantfile
sudo vagrant up --no-tty
- name: test-unit
run: sudo vagrant up --provision-with=test-unit
- name: test-integration
run: sudo vagrant up --provision-with=test-integration