-
Notifications
You must be signed in to change notification settings - Fork 614
350 lines (337 loc) · 14.1 KB
/
test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
name: test
on:
push:
branches:
- main
- 'release/**'
pull_request:
paths-ignore:
- '**.md'
env:
GO_VERSION: 1.23.x
SHORT_TIMEOUT: 5
LONG_TIMEOUT: 60
jobs:
test-unit:
# Supposed to work: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/evaluate-expressions-in-workflows-and-actions#example-returning-a-json-data-type
# Apparently does not
# timeout-minutes: ${{ fromJSON(env.SHORT_TIMEOUT) }}
timeout-minutes: 5
name: unit | ${{ matrix.goos }}
runs-on: "${{ matrix.os }}"
defaults:
run:
shell: bash
strategy:
matrix:
include:
- os: windows-2022
goos: windows
- os: ubuntu-24.04
goos: linux
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- if: ${{ matrix.goos=='windows' }}
uses: actions/[email protected]
with:
repository: containerd/containerd
ref: v1.7.23
path: containerd
fetch-depth: 1
- if: ${{ matrix.goos=='windows' }}
name: "Set up CNI"
working-directory: containerd
run: GOPATH=$(go env GOPATH) script/setup/install-cni-windows
- name: "Run unit tests"
run: make test-unit
test-integration:
timeout-minutes: 60
name: rootful | ${{ matrix.containerd }} | ${{ matrix.runner }}
runs-on: "${{ matrix.runner }}"
strategy:
fail-fast: false
matrix:
# ubuntu-20.04: cgroup v1, ubuntu-22.04 and later: cgroup v2
include:
- ubuntu: 20.04
containerd: v1.6.36
runner: "ubuntu-20.04"
- ubuntu: 22.04
containerd: v1.7.23
runner: "ubuntu-22.04"
- ubuntu: 24.04
containerd: v2.0.0-rc.5
runner: "ubuntu-24.04"
- ubuntu: 24.04
containerd: v2.0.0-rc.5
runner: github-arm64-2c-8gb
env:
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
CONTAINERD_VERSION: "${{ matrix.containerd }}"
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- name: "Prepare integration test environment"
run: docker build -t test-integration --target test-integration --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} .
- name: "Remove snap loopback devices (conflicts with our loopback devices in TestRunDevice)"
run: |
sudo systemctl disable --now snapd.service snapd.socket
sudo apt-get purge -y snapd
sudo losetup -Dv
sudo losetup -lv
- name: "Register QEMU (tonistiigi/binfmt)"
run: |
# `--install all` will only install emulation for architectures that cannot be natively executed
# Since some arm64 platforms do provide native fallback execution for 32 bits,
# armv7 emulation may or may not be installed, causing variance in the result of `uname -m`.
# To avoid that, we explicitly list the architectures we do want emulation for.
docker run --privileged --rm tonistiigi/binfmt --install linux/amd64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
- name: "Run integration tests"
run: docker run -t --rm --privileged test-integration ./hack/test-integration.sh -test.only-flaky=false
- name: "Run integration tests (flaky)"
run: docker run -t --rm --privileged test-integration ./hack/test-integration.sh -test.only-flaky=true
test-integration-ipv6:
timeout-minutes: 60
name: ipv6 | ${{ matrix.containerd }} | ${{ matrix.ubuntu }}
runs-on: "ubuntu-${{ matrix.ubuntu }}"
strategy:
fail-fast: false
matrix:
# ubuntu-20.04: cgroup v1, ubuntu-22.04 and later: cgroup v2
include:
- ubuntu: 24.04
containerd: v2.0.0-rc.5
env:
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
CONTAINERD_VERSION: "${{ matrix.containerd }}"
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- name: Enable ipv4 and ipv6 forwarding
run: |
sudo sysctl -w net.ipv6.conf.all.forwarding=1
sudo sysctl -w net.ipv4.ip_forward=1
- name: Enable IPv6 for Docker
run: |
sudo mkdir -p /etc/docker
echo '{"ipv6": true, "fixed-cidr-v6": "2001:db8:1::/64", "experimental": true, "ip6tables": true}' | sudo tee /etc/docker/daemon.json
sudo systemctl restart docker
- name: "Prepare integration test environment"
run: docker build -t test-integration --target test-integration --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} .
- name: "Remove snap loopback devices (conflicts with our loopback devices in TestRunDevice)"
run: |
sudo systemctl disable --now snapd.service snapd.socket
sudo apt-get purge -y snapd
sudo losetup -Dv
sudo losetup -lv
- name: "Register QEMU (tonistiigi/binfmt)"
run: |
# `--install all` will only install emulation for architectures that cannot be natively executed
# Since some arm64 platforms do provide native fallback execution for 32 bits,
# armv7 emulation may or may not be installed, causing variance in the result of `uname -m`.
# To avoid that, we explicitly list the architectures we do want emulation for.
docker run --privileged --rm tonistiigi/binfmt --install linux/amd64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
- name: "Run integration tests"
# The nested IPv6 network inside docker and qemu is complex and needs a bunch of sysctl config.
# Therefore, it's hard to debug why the IPv6 tests fail in such an isolation layer.
# On the other side, using the host network is easier at configuration.
# Besides, each job is running on a different instance, which means using host network here
# is safe and has no side effects on others.
run: docker run --network host -t --rm --privileged test-integration ./hack/test-integration.sh -test.only-ipv6
test-integration-rootless:
timeout-minutes: 60
name: "${{ matrix.target }} | ${{ matrix.containerd }} | ${{ matrix.rootlesskit }} | ${{ matrix.ubuntu }}"
runs-on: "ubuntu-${{ matrix.ubuntu }}"
strategy:
fail-fast: false
matrix:
# ubuntu-20.04: cgroup v1, ubuntu-22.04 and later: cgroup v2
include:
- ubuntu: 20.04
containerd: v1.6.36
rootlesskit: v1.1.1 # Deprecated
target: rootless
- ubuntu: 22.04
containerd: v1.7.23
rootlesskit: v2.3.1
target: rootless
- ubuntu: 24.04
containerd: v2.0.0-rc.5
rootlesskit: v2.3.1
target: rootless
- ubuntu: 24.04
containerd: v1.7.23
rootlesskit: v2.3.1
target: rootless-port-slirp4netns
env:
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
CONTAINERD_VERSION: "${{ matrix.containerd }}"
ROOTLESSKIT_VERSION: "${{ matrix.rootlesskit }}"
TEST_TARGET: "test-integration-${{ matrix.target }}"
steps:
- name: "Set up AppArmor"
if: matrix.ubuntu == '24.04'
run: |
cat <<EOT | sudo tee "/etc/apparmor.d/usr.local.bin.rootlesskit"
abi <abi/4.0>,
include <tunables/global>
/usr/local/bin/rootlesskit flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.local.bin.rootlesskit>
}
EOT
sudo systemctl restart apparmor.service
- uses: actions/[email protected]
with:
fetch-depth: 1
- name: "Register QEMU (tonistiigi/binfmt)"
run: |
# `--install all` will only install emulation for architectures that cannot be natively executed
# Since some arm64 platforms do provide native fallback execution for 32 bits,
# armv7 emulation may or may not be installed, causing variance in the result of `uname -m`.
# To avoid that, we explicitly list the architectures we do want emulation for.
docker run --privileged --rm tonistiigi/binfmt --install linux/amd64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
- name: "Prepare (network driver=slirp4netns, port driver=builtin)"
run: docker build -t ${TEST_TARGET} --target ${TEST_TARGET} --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} --build-arg ROOTLESSKIT_VERSION=${ROOTLESSKIT_VERSION} .
- name: "Disable BuildKit for RootlessKit v1 (workaround for issue #622)"
run: |
# https://github.com/containerd/nerdctl/issues/622
WORKAROUND_ISSUE_622=
if echo "${ROOTLESSKIT_VERSION}" | grep -q v1; then
WORKAROUND_ISSUE_622=1
fi
echo "WORKAROUND_ISSUE_622=${WORKAROUND_ISSUE_622}" >> "$GITHUB_ENV"
- name: "Test (network driver=slirp4netns, port driver=builtin)"
run: docker run -t --rm --privileged -e WORKAROUND_ISSUE_622=${WORKAROUND_ISSUE_622} ${TEST_TARGET} /test-integration-rootless.sh ./hack/test-integration.sh -test.only-flaky=false
- name: "Test (network driver=slirp4netns, port driver=builtin) (flaky)"
run: docker run -t --rm --privileged -e WORKAROUND_ISSUE_622=${WORKAROUND_ISSUE_622} ${TEST_TARGET} /test-integration-rootless.sh ./hack/test-integration.sh -test.only-flaky=true
build:
timeout-minutes: 5
name: "build | ${{ matrix.go-version }}"
runs-on: ubuntu-24.04
strategy:
matrix:
go-version: ["1.22.x", "1.23.x"]
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
cache: true
check-latest: true
- name: "build"
run: GO_VERSION="$(echo ${{ matrix.go-version }} | sed -e s/.x//)" make binaries
test-integration-docker-compatibility:
timeout-minutes: 60
name: docker
runs-on: ubuntu-24.04
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
check-latest: true
- name: "Print docker info"
run: |
set -eux -o pipefail
docker info
docker version
- name: "Register QEMU (tonistiigi/binfmt)"
run: |
# `--install all` will only install emulation for architectures that cannot be natively executed
# Since some arm64 platforms do provide native fallback execution for 32 bits,
# armv7 emulation may or may not be installed, causing variance in the result of `uname -m`.
# To avoid that, we explicitly list the architectures we do want emulation for.
docker run --privileged --rm tonistiigi/binfmt --install linux/amd64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
- name: "Prepare integration test environment"
run: |
sudo apt-get install -y expect
go install -v gotest.tools/gotestsum@v1
- name: "Ensure that the integration test suite is compatible with Docker"
run: WITH_SUDO=true ./hack/test-integration.sh -test.target=docker
- name: "Ensure that the IPv6 integration test suite is compatible with Docker"
run: WITH_SUDO=true ./hack/test-integration.sh -test.target=docker -test.only-ipv6
- name: "Ensure that the integration test suite is compatible with Docker (flaky only)"
run: WITH_SUDO=true ./hack/test-integration.sh -test.target=docker -test.only-flaky
test-integration-windows:
timeout-minutes: 30
name: windows
runs-on: windows-2022
defaults:
run:
shell: bash
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
check-latest: true
- run: go install ./cmd/nerdctl
- run: go install -v gotest.tools/gotestsum@v1
- uses: actions/[email protected]
with:
repository: containerd/containerd
ref: v1.7.23
path: containerd
fetch-depth: 1
- name: "Set up CNI"
working-directory: containerd
run: GOPATH=$(go env GOPATH) script/setup/install-cni-windows
- name: "Set up containerd"
env:
ctrdVersion: 1.7.23
run: powershell hack/configure-windows-ci.ps1
- name: "Run integration tests"
run: ./hack/test-integration.sh -test.only-flaky=false
- name: "Run integration tests (flaky)"
run: ./hack/test-integration.sh -test.only-flaky=true
test-integration-freebsd:
timeout-minutes: 60
name: FreeBSD
# ubuntu-24.04 lacks the vagrant package
runs-on: ubuntu-22.04
steps:
- uses: actions/[email protected]
- uses: actions/cache@v4
with:
path: /root/.vagrant.d
key: vagrant-${{ matrix.box }}
- name: Set up vagrant
run: |
sudo apt-get update
sudo apt-get install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt
sudo systemctl enable --now libvirtd
- name: Boot VM
run: |
ln -sf Vagrantfile.freebsd Vagrantfile
sudo vagrant up --no-tty
- name: test-unit
run: sudo vagrant up --provision-with=test-unit
- name: test-integration
run: sudo vagrant up --provision-with=test-integration