diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b547f6167ff..a2cc3022d1c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -80,3 +80,72 @@ jobs: # can't use systemd driver with cgroupv1 if: matrix.rootless != 'rootless' run: sudo -E PATH="$PATH" script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm make RUNC_USE_SYSTEMD=yes local${{ matrix.rootless }}integration' + + + # cgroup v2 unified hierarchy + very recent kernel (openat2) + fedora: + # nested virtualization is only available on macOS hosts + runs-on: macos-10.15 + timeout-minutes: 60 + # only run it if others have passed + needs: [test] + steps: + - uses: actions/checkout@v2 + - name: prepare vagrant + run: | + ln -sf Vagrantfile.fedora33 Vagrantfile + vagrant up + vagrant ssh-config >> ~/.ssh/config + + - name: system info + run: ssh default 'sh -exc "uname -a && systemctl --version && df -T"' + + - name: unit tests + run: ssh default 'cd /vagrant && sudo make localunittest' + + # The integration tests require tty which GH actions lack; + # wrap those in "script" to emulate tty. + - name: cgroupv2 with systemd + run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo make -C /vagrant localintegration RUNC_USE_SYSTEMD=yes'" + + - name: cgroupv2 with fs2 + run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo make -C /vagrant localintegration'" + + - name: cgroupv2 with systemd (rootless) + run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo make -C /vagrant localrootlessintegration RUNC_USE_SYSTEMD=yes'" + + - name: cgroupv2 with fs2 (rootless) + run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo make -C /vagrant localrootlessintegration'" + + + # kernel 3.10 (frankenized), systemd 219 + centos7: + # nested virtualization is only available on macOS hosts + runs-on: macos-10.15 + timeout-minutes: 60 + # only run it if others have passed + needs: [test] + steps: + - uses: actions/checkout@v2 + - name: prepare vagrant + run: | + ln -sf Vagrantfile.centos7 Vagrantfile + vagrant up + vagrant ssh-config >> ~/.ssh/config + + - name: system info + run: ssh default 'rpm -q centos-release kernel systemd' + + - name: unit tests + run: ssh default 'sudo -i make -C /vagrant localunittest' + + - name: integration tests (fs cgroup driver) + run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo -i make -C /vagrant localintegration'" + + - name: integration tests (systemd cgroup driver) + run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo -i make -C /vagrant localintegration RUNC_USE_SYSTEMD=1'" + + - name: rootless integration + # FIXME: rootless is skipped because of EPERM on writing cgroup.procs + if: false + run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo -i make -C /vagrant localrootlessintegration'" diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index c3f58cc51ec..552a896470a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -81,3 +81,56 @@ jobs: restore-keys: ${{ runner.os }}-go.sum- - name: verify deps run: make verify-dependencies + + + commit: + runs-on: ubuntu-20.04 + steps: + - name: get pr commits + id: 'get-pr-commits' + uses: tim-actions/get-pr-commits@v1.0.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: check subject line length + uses: tim-actions/commit-message-checker-with-regex@v0.3.1 + with: + commits: ${{ steps.get-pr-commits.outputs.commits }} + pattern: '^.{0,72}(\n.*)*$' + error: 'Subject too long (max 72)' + + + cross: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + # We have to run this under Docker as Ubuntu (host) does not support all + # the architectures we want to compile test against, and Dockerfile uses + # Debian (which does). + # + # XXX: as currently this is the only job that is using Docker, we are + # building and using the runcimage locally. In case more jobs running + # under Docker will emerge, it will be good to have a separate make + # runcimage job and share its result (the docker image) with whoever + # needs it. + - name: build docker image + run: make runcimage + - name: cross + run: make cross + + + misc: + runs-on: ubuntu-20.04 + steps: + - name: checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: install deps + run: | + sudo apt -qq update + sudo apt -qq install libseccomp-dev indent + - name: make validate + run: make validate + - name: make release + run: make release diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 4a8ee4dfe42..00000000000 --- a/.travis.yml +++ /dev/null @@ -1,70 +0,0 @@ -dist: bionic -language: go -os: linux -go: - - 1.15.x - - 1.14.x - - tip -cache: - directories: - - /home/travis/.vagrant.d/boxes -jobs: - include: - - go: 1.15.x - name: "cgroup-systemd" - env: - - RUNC_USE_SYSTEMD=1 - script: - - make all - - sudo PATH="$PATH" make localintegration RUNC_USE_SYSTEMD=1 - - name: "fedora33" - before_install: - - sudo ./script/install-vagrant.sh - - ln -sf Vagrantfile.fedora33 Vagrantfile - - sudo vagrant up && sudo mkdir -p /root/.ssh && sudo sh -c "vagrant ssh-config >> /root/.ssh/config" - script: - - sudo ssh default 'sh -exc "uname -a && systemctl --version && df -T"' - - sudo ssh default -t 'cd /vagrant && sudo make localunittest' - # cgroupv2+systemd: test on vagrant host itself as we need systemd - - sudo ssh default -t 'cd /vagrant && sudo make localintegration RUNC_USE_SYSTEMD=yes' - # same setup but with fs2 driver instead of systemd - - sudo ssh default -t 'cd /vagrant && sudo make localintegration' - # cgroupv2+systemd (rootless) - - sudo ssh default -t 'cd /vagrant && sudo make localrootlessintegration RUNC_USE_SYSTEMD=yes' - # same setup but with fs2 driver (rootless) instead of systemd - - sudo ssh default -t 'cd /vagrant && sudo make localrootlessintegration' - - name: "centos7" - before_install: - - sudo ./script/install-vagrant.sh - - ln -sf Vagrantfile.centos7 Vagrantfile - - sudo vagrant up && sudo mkdir -p /root/.ssh && sudo sh -c "vagrant ssh-config >> /root/.ssh/config" - script: - # kernel 3.10 (frankenized), systemd 219 - - sudo ssh default 'rpm -q centos-release kernel systemd' - - sudo ssh default -t 'sudo -i make -C /vagrant localunittest' - - sudo ssh default -t 'sudo -i make -C /vagrant localintegration' - - sudo ssh default -t 'sudo -i make -C /vagrant localintegration RUNC_USE_SYSTEMD=1' - # FIXME: rootless is skipped because of EPERM on writing cgroup.procs - # - sudo ssh default -t 'sudo -i make -C /vagrant localrootlessintegration' - - allow_failures: - - go: tip - -go_import_path: github.com/opencontainers/runc - -# `make ci` uses Docker. -services: - - docker - -before_install: - - sudo apt-get -qq update - - sudo apt-get install -y libseccomp-dev - - GO111MODULE=off go get -u golang.org/x/lint/golint - - GO111MODULE=off go get -u github.com/vbatts/git-validation - - (cd ~ && GO111MODULE=on go get mvdan.cc/sh/v3/cmd/shfmt@v3.2.0) - - env | grep TRAVIS_ - -script: - - git-validation -run DCO,short-subject -v - - make - - make clean ci cross diff --git a/Dockerfile b/Dockerfile index bb22f4d8fdb..1b38390eab6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -60,9 +60,7 @@ ARG UMOCI_VERSION RUN curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/${UMOCI_VERSION}/umoci.amd64 \ && chmod +x /usr/local/bin/umoci -COPY script/tmpmount / WORKDIR /go/src/github.com/opencontainers/runc -ENTRYPOINT ["/tmpmount"] # setup a playground for us to spawn containers in COPY tests/integration/multi-arch.bash tests/integration/ diff --git a/script/tmpmount b/script/tmpmount deleted file mode 100755 index 5ac6bc2bf13..00000000000 --- a/script/tmpmount +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -mount -t tmpfs none /tmp -exec "$@" diff --git a/tests/integration/events.bats b/tests/integration/events.bats index 8061057d3b2..da94cb80cc3 100644 --- a/tests/integration/events.bats +++ b/tests/integration/events.bats @@ -27,25 +27,30 @@ function teardown() { [[ "${lines[0]}" == *"data"* ]] } -@test "events --interval default" { +function test_events() { # XXX: currently cgroups require root containers. requires root init_cgroup_paths - # run busybox detached + local status interval retry_every=1 + if [ $# -eq 2 ]; then + interval="$1" + retry_every="$2" + fi + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # spawn two sub processes (shells) - # the first sub process is an event logger that sends stats events to events.log - # the second sub process waits for an event that includes test_busybox then - # kills the test_busybox container which causes the event logger to exit - (__runc events test_busybox >events.log) & + # Spawn two subshels: + # 1. Event logger that sends stats events to events.log. + (__runc events ${interval:+ --interval "$interval"} test_busybox >events.log) & + # 2. Waits for an event that includes test_busybox then kills the + # test_busybox container which causes the event logger to exit. ( - retry 10 1 eval "grep -q 'test_busybox' events.log" + retry 10 "$retry_every" eval "grep -q 'test_busybox' events.log" teardown_running_container test_busybox ) & - wait # wait for the above sub shells to finish + wait # for both subshells to finish [ -e events.log ] @@ -54,59 +59,16 @@ function teardown() { [[ "$output" == *"data"* ]] } -@test "events --interval 1s" { - # XXX: currently cgroups require root containers. - requires root - init_cgroup_paths - - # run busybox detached - runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox - [ "$status" -eq 0 ] - - # spawn two sub processes (shells) - # the first sub process is an event logger that sends stats events to events.log once a second - # the second sub process tries 3 times for an event that incudes test_busybox - # pausing 1s between each attempt then kills the test_busybox container which - # causes the event logger to exit - (__runc events --interval 1s test_busybox >events.log) & - ( - retry 3 1 eval "grep -q 'test_busybox' events.log" - teardown_running_container test_busybox - ) & - wait # wait for the above sub shells to finish - - [ -e events.log ] +@test "events --interval default" { + test_events +} - grep -q 'test_busybox' events.log +@test "events --interval 1s" { + test_events 1s 1 } @test "events --interval 100ms" { - # XXX: currently cgroups require root containers. - requires root - init_cgroup_paths - - # run busybox detached - runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox - [ "$status" -eq 0 ] - - #prove there is no carry over of events.log from a prior test - [ ! -e events.log ] - - # spawn two sub processes (shells) - # the first sub process is an event logger that sends stats events to events.log once every 100ms - # the second sub process tries 3 times for an event that incudes test_busybox - # pausing 100s between each attempt then kills the test_busybox container which - # causes the event logger to exit - (__runc events --interval 100ms test_busybox >events.log) & - ( - retry 3 0.100 eval "grep -q 'test_busybox' events.log" - teardown_running_container test_busybox - ) & - wait # wait for the above sub shells to finish - - [ -e events.log ] - - grep -q 'test_busybox' events.log + test_events 100ms 0.1 } @test "events oom" {