diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 9466d5996be..00000000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,247 +0,0 @@ -# NOTE Github Actions execution environments lack a terminal, needed for -# some integration tests. So we use `script` command to fake a terminal. - -name: ci -on: - push: - tags: - - v* - branches: - - main - - release-* - pull_request: -permissions: - contents: read - -env: - # Don't ignore C warnings. Note that the output of "go env CGO_CFLAGS" by default is "-g -O2", so we keep them. - CGO_CFLAGS: -g -O2 -Werror - -jobs: - test: - timeout-minutes: 30 - strategy: - fail-fast: false - matrix: - os: [ubuntu-20.04, ubuntu-24.04, actuated-arm64-6cpu-8gb] - go-version: [1.22.x, 1.23.x] - rootless: ["rootless", ""] - race: ["-race", ""] - criu: ["", "criu-dev"] - dmz: ["", "runc_nodmz"] - exclude: - # Disable most of criu-dev jobs, as they are expensive - # (need to compile criu) and don't add much value/coverage. - - criu: criu-dev - go-version: 1.22.x - - criu: criu-dev - rootless: rootless - - criu: criu-dev - race: -race - - criu: criu-dev - dmz: runc_nodmz - # Disable most of runc_nodmz jobs, as they don't add much value - # (as dmz is disabled by default anyway). - - dmz: runc_nodmz - os: ubuntu-20.04 - - dmz: runc_nodmz - go-version: 1.22.x - - dmz: runc_nodmz - rootless: rootless - - dmz: runc_nodmz - race: -race - - go-version: 1.22.x - os: actuated-arm64-6cpu-8gb - - race: "-race" - os: actuated-arm64-6cpu-8gb - - criu: criu-dev - os: actuated-arm64-6cpu-8gb - - dmz: runc_nodmz - os: actuated-arm64-6cpu-8gb - - runs-on: ${{ matrix.os }} - - steps: -# https://gist.github.com/alexellis/1f33e581c75e11e161fe613c46180771#file-metering-gha-md -# vmmeter start - - name: Prepare arkade - uses: alexellis/arkade-get@master - if: matrix.os == 'actuated-arm64-6cpu-8gb' - with: - crane: latest - print-summary: false - - - name: Install vmmeter - if: matrix.os == 'actuated-arm64-6cpu-8gb' - run: | - crane export --platform linux/arm64 ghcr.io/openfaasltd/vmmeter:latest | sudo tar -xvf - -C /usr/local/bin - - - name: Run vmmeter - uses: self-actuated/vmmeter-action@master - if: matrix.os == 'actuated-arm64-6cpu-8gb' -# vmmeter end - - - name: checkout - uses: actions/checkout@v4 - - - name: Show host info - run: | - set -x - # Sync `set -x` outputs with command ouputs - exec 2>&1 - # Version - uname -a - cat /etc/os-release - # Hardware - cat /proc/cpuinfo - free -mt - # cgroup - ls -F /sys/fs/cgroup - cat /proc/self/cgroup - if [ -e /sys/fs/cgroup/cgroup.controllers ]; then - cat /sys/fs/cgroup/cgroup.controllers - cat /sys/fs/cgroup/cgroup.subtree_control - ls -F /sys/fs/cgroup$(grep -oP '0::\K.*' /proc/self/cgroup) - fi - # kernel config - script/check-config.sh - - - name: start sshd (used for testing rootless with systemd user session) - if: ${{ matrix.os == 'actuated-arm64-6cpu-8gb' && matrix.rootless == 'rootless' }} - run: | - # Generate new keys to fix "sshd: no hostkeys available -- exiting." - sudo ssh-keygen -A - if ! sudo systemctl start ssh.service; then - sudo journalctl -xeu ssh.service - exit 1 - fi - ps auxw | grep sshd - - - name: install deps - run: | - sudo apt update - sudo apt -y install libseccomp-dev sshfs uidmap - - - name: install CRIU - if: ${{ matrix.criu == '' }} - env: - PREFIX: https://download.opensuse.org/repositories/devel:/tools:/criu/xUbuntu - run: | - REPO=${PREFIX}_$(. /etc/os-release && echo $VERSION_ID) - curl -fSsLl $REPO/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_tools_criu.gpg > /dev/null - echo "deb $REPO/ /" | sudo tee /etc/apt/sources.list.d/criu.list - sudo apt update - sudo apt -y install criu - - - name: install CRIU (criu ${{ matrix.criu }}) - if: ${{ matrix.criu != '' }} - run: | - sudo apt -qy install \ - libcap-dev libnet1-dev libnl-3-dev \ - libprotobuf-c-dev libprotobuf-dev protobuf-c-compiler protobuf-compiler - git clone https://github.com/checkpoint-restore/criu.git ~/criu - (cd ~/criu && git checkout ${{ matrix.criu }} && sudo make install-criu) - rm -rf ~/criu - - - name: install go ${{ matrix.go-version }} - uses: actions/setup-go@v5 - with: - go-version: ${{ matrix.go-version }} - check-latest: true - - - name: build - env: - EXTRA_BUILDTAGS: ${{ matrix.dmz }} - run: sudo -E PATH="$PATH" make EXTRA_FLAGS="${{ matrix.race }}" all - - - name: Setup Bats and bats libs - uses: bats-core/bats-action@3.0.0 - with: - bats-version: 1.9.0 - support-install: false - assert-install: false - detik-install: false - file-install: false - - - name: Allow userns for runc - # https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#unprivileged-user-namespace-restrictions-15 - if: matrix.os == 'ubuntu-24.04' - run: | - sed "s;^profile runc /usr/sbin/;profile runc-test $PWD/;" < /etc/apparmor.d/runc | sudo apparmor_parser - - - name: unit test - if: matrix.rootless != 'rootless' - env: - EXTRA_BUILDTAGS: ${{ matrix.dmz }} - run: sudo -E PATH="$PATH" -- make TESTFLAGS="${{ matrix.race }}" localunittest - - - name: add rootless user - if: matrix.rootless == 'rootless' - run: | - sudo useradd -u2000 -m -d/home/rootless -s/bin/bash rootless - # Allow root and rootless itself to execute `ssh rootless@localhost` in tests/rootless.sh - ssh-keygen -t ecdsa -N "" -f $HOME/rootless.key - sudo mkdir -m 0700 -p /home/rootless/.ssh - sudo cp $HOME/rootless.key /home/rootless/.ssh/id_ecdsa - sudo cp $HOME/rootless.key.pub /home/rootless/.ssh/authorized_keys - sudo chown -R rootless.rootless /home/rootless - sudo chmod a+X $HOME # for Ubuntu 22.04 and later - - - name: integration test (fs driver) - run: sudo -E PATH="$PATH" script -e -c 'make local${{ matrix.rootless }}integration' - - - name: integration test (systemd driver) - # Skip rootless+systemd for ubuntu 20.04 because of cgroup v1. - if: ${{ !(matrix.os == 'ubuntu-20.04' && matrix.rootless == 'rootless') }} - run: | - # Delegate all cgroup v2 controllers to rootless user via --systemd-cgroup. - # The default (since systemd v252) is "pids memory cpu". - sudo mkdir -p /etc/systemd/system/user@.service.d - printf "[Service]\nDelegate=yes\n" | sudo tee /etc/systemd/system/user@.service.d/delegate.conf - sudo systemctl daemon-reload - # Run the tests. - sudo -E PATH="$PATH" script -e -c 'make RUNC_USE_SYSTEMD=yes local${{ matrix.rootless }}integration' - - # We need to continue support for 32-bit ARM. - # However, we do not have 32-bit ARM CI, so we use i386 for testing 32bit stuff. - # We are not interested in providing official support for i386. - cross-i386: - timeout-minutes: 15 - strategy: - fail-fast: false - matrix: - dmz: ["", "runc_nodmz"] - runs-on: ubuntu-22.04 - - steps: - - - name: checkout - uses: actions/checkout@v4 - - - name: install deps - run: | - sudo dpkg --add-architecture i386 - # add criu repo - sudo add-apt-repository -y ppa:criu/ppa - # apt-add-repository runs apt update so we don't have to. - - sudo apt -qy install libseccomp-dev libseccomp-dev:i386 gcc-multilib libgcc-s1:i386 criu - - - name: install go - uses: actions/setup-go@v5 - with: - go-version: 1.x # Latest stable - check-latest: true - - - name: unit test - env: - EXTRA_BUILDTAGS: ${{ matrix.dmz }} - run: sudo -E PATH="$PATH" -- make GOARCH=386 localunittest - - all-done: - needs: - - test - - cross-i386 - runs-on: ubuntu-24.04 - steps: - - run: echo "All jobs completed" diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml deleted file mode 100644 index 9f6c7ffc62e..00000000000 --- a/.github/workflows/validate.yml +++ /dev/null @@ -1,255 +0,0 @@ -name: validate -on: - push: - tags: - - v* - branches: - - main - - release-* - pull_request: -env: - GO_VERSION: 1.22.x -permissions: - contents: read - -jobs: - keyring: - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v4 - - name: check runc.keyring - run: make validate-keyring - - lint: - timeout-minutes: 30 - permissions: - contents: read - pull-requests: read - checks: write # to allow the action to annotate code in the PR. - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 2 - - uses: actions/setup-go@v5 - with: - go-version: "${{ env.GO_VERSION }}" - - name: install deps - run: | - sudo apt -q update - sudo apt -qy install libseccomp-dev - - uses: golangci/golangci-lint-action@v6 - with: - version: v1.60 - # Extra linters, only checking new code from a pull request. - - name: lint-extra - if: github.event_name == 'pull_request' - run: | - golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1 - - go-fix: - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 2 - - uses: actions/setup-go@v5 - with: - go-version: "${{ env.GO_VERSION }}" - - name: install deps - run: | - sudo apt -q update - sudo apt -qy install libseccomp-dev - - name: run go fix - run: | - go fix ./... - git diff --exit-code - - compile-buildtags: - runs-on: ubuntu-24.04 - env: - # Don't ignore C warnings. Note that the output of "go env CGO_CFLAGS" by default is "-g -O2", so we keep them. - CGO_CFLAGS: -g -O2 -Werror - steps: - - uses: actions/checkout@v4 - - name: install go - uses: actions/setup-go@v5 - with: - go-version: "${{ env.GO_VERSION }}" - - name: compile with no build tags - run: make BUILDTAGS="" - - codespell: - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v4 - - name: install deps - # Version of codespell bundled with Ubuntu is way old, so use pip. - run: pip install --break-system-packages codespell==v2.3.0 - - name: run codespell - run: codespell - - shfmt: - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v4 - - name: shfmt - run: make shfmt - - shellcheck: - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v4 - - name: install shellcheck - env: - VERSION: v0.9.0 - BASEURL: https://github.com/koalaman/shellcheck/releases/download - SHA256: 7087178d54de6652b404c306233264463cb9e7a9afeb259bb663cc4dbfd64149 - run: | - mkdir ~/bin - curl -sSfL --retry 5 $BASEURL/$VERSION/shellcheck-$VERSION.linux.x86_64.tar.xz | - tar xfJ - -C ~/bin --strip 1 shellcheck-$VERSION/shellcheck - sha256sum --strict --check - <<<"$SHA256 *$HOME/bin/shellcheck" - # make sure to remove the old version - sudo rm -f /usr/bin/shellcheck - # Add ~/bin to $PATH. - echo ~/bin >> $GITHUB_PATH - - uses: lumaxis/shellcheck-problem-matchers@v2 - - name: run - run: make shellcheck - - name: check-config.sh - run : ./script/check-config.sh - - space-at-eol: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - run: rm -fr vendor - - run: if git -P grep -I -n '\s$'; then echo "^^^ extra whitespace at EOL, please fix"; exit 1; fi - - deps: - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v4 - - name: install go - uses: actions/setup-go@v5 - with: - go-version: "${{ env.GO_VERSION }}" - check-latest: true - - name: verify deps - run: make verify-dependencies - - - commit: - permissions: - contents: read - pull-requests: read - runs-on: ubuntu-24.04 - # Only check commits on pull requests. - if: github.event_name == 'pull_request' - steps: - - name: get pr commits - id: 'get-pr-commits' - uses: tim-actions/get-pr-commits@v1.3.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: check subject line length - uses: tim-actions/commit-message-checker-with-regex@v0.3.2 - with: - commits: ${{ steps.get-pr-commits.outputs.commits }} - pattern: '^.{0,72}(\n.*)*$' - error: 'Subject too long (max 72)' - - cfmt: - runs-on: ubuntu-24.04 - steps: - - name: checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: install deps - run: | - sudo apt -qq update - sudo apt -qqy install indent - - name: cfmt - run: | - make cfmt - git diff --exit-code - - - release: - timeout-minutes: 30 - runs-on: ubuntu-24.04 - steps: - - name: checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: check CHANGELOG.md - run: make verify-changelog - - # We have to run this under Docker as Ubuntu (host) does not support all - # the architectures we want to compile test against, and Dockerfile uses - # Debian (which does). - # - # XXX: as currently this is the only job that is using Docker, we are - # building and using the runcimage locally. In case more jobs running - # under Docker will emerge, it will be good to have a separate make - # runcimage job and share its result (the docker image) with whoever - # needs it. - - name: build docker image - run: make runcimage - - name: make releaseall - run: make releaseall - - name: upload artifacts - uses: actions/upload-artifact@v4 - with: - name: release-${{ github.run_id }} - path: release/* - - - get-images: - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: install bashbrew - env: - BASEURL: https://github.com/docker-library/bashbrew/releases/download - VERSION: v0.1.7 - SHA256: 6b71a6fccfb2025d48a2b23324836b5513c29abfd2d16a57b7a2f89bd02fe53a - run: | - mkdir ~/bin - curl -sSfL --retry 5 -o ~/bin/bashbrew \ - $BASEURL/$VERSION/bashbrew-amd64 - sha256sum --strict --check - <<<"$SHA256 *$HOME/bin/bashbrew" - chmod a+x ~/bin/bashbrew - # Add ~/bin to $PATH. - echo ~/bin >> $GITHUB_PATH - - name: check that get-images.sh is up to date - run: | - cd tests/integration - ./bootstrap-get-images.sh > get-images.sh - git diff --exit-code - - all-done: - needs: - - cfmt - - codespell - - commit - - compile-buildtags - - deps - - get-images - - go-fix - - keyring - - lint - - release - - shellcheck - - shfmt - - space-at-eol - runs-on: ubuntu-24.04 - steps: - - run: echo "All jobs completed"