From 1125ae7835e405c32b1a41d3b557ddbae19d6fc4 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 5 Jan 2021 17:03:17 -0800 Subject: [PATCH 1/5] tests/events.bats: unify duplicated code There are three tests that only differ in delays (and a few other minor details line whitespace formatting and number of retries). Let's unify those so maintaining this code will be easier. This also implicitly increases the number of retries from 3 to 10 for the non-default --interval tests. Signed-off-by: Kir Kolyshkin --- tests/integration/events.bats | 78 +++++++++-------------------------- 1 file changed, 20 insertions(+), 58 deletions(-) diff --git a/tests/integration/events.bats b/tests/integration/events.bats index 8061057d3b2..da94cb80cc3 100644 --- a/tests/integration/events.bats +++ b/tests/integration/events.bats @@ -27,25 +27,30 @@ function teardown() { [[ "${lines[0]}" == *"data"* ]] } -@test "events --interval default" { +function test_events() { # XXX: currently cgroups require root containers. requires root init_cgroup_paths - # run busybox detached + local status interval retry_every=1 + if [ $# -eq 2 ]; then + interval="$1" + retry_every="$2" + fi + runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox [ "$status" -eq 0 ] - # spawn two sub processes (shells) - # the first sub process is an event logger that sends stats events to events.log - # the second sub process waits for an event that includes test_busybox then - # kills the test_busybox container which causes the event logger to exit - (__runc events test_busybox >events.log) & + # Spawn two subshels: + # 1. Event logger that sends stats events to events.log. + (__runc events ${interval:+ --interval "$interval"} test_busybox >events.log) & + # 2. Waits for an event that includes test_busybox then kills the + # test_busybox container which causes the event logger to exit. ( - retry 10 1 eval "grep -q 'test_busybox' events.log" + retry 10 "$retry_every" eval "grep -q 'test_busybox' events.log" teardown_running_container test_busybox ) & - wait # wait for the above sub shells to finish + wait # for both subshells to finish [ -e events.log ] @@ -54,59 +59,16 @@ function teardown() { [[ "$output" == *"data"* ]] } -@test "events --interval 1s" { - # XXX: currently cgroups require root containers. - requires root - init_cgroup_paths - - # run busybox detached - runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox - [ "$status" -eq 0 ] - - # spawn two sub processes (shells) - # the first sub process is an event logger that sends stats events to events.log once a second - # the second sub process tries 3 times for an event that incudes test_busybox - # pausing 1s between each attempt then kills the test_busybox container which - # causes the event logger to exit - (__runc events --interval 1s test_busybox >events.log) & - ( - retry 3 1 eval "grep -q 'test_busybox' events.log" - teardown_running_container test_busybox - ) & - wait # wait for the above sub shells to finish - - [ -e events.log ] +@test "events --interval default" { + test_events +} - grep -q 'test_busybox' events.log +@test "events --interval 1s" { + test_events 1s 1 } @test "events --interval 100ms" { - # XXX: currently cgroups require root containers. - requires root - init_cgroup_paths - - # run busybox detached - runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox - [ "$status" -eq 0 ] - - #prove there is no carry over of events.log from a prior test - [ ! -e events.log ] - - # spawn two sub processes (shells) - # the first sub process is an event logger that sends stats events to events.log once every 100ms - # the second sub process tries 3 times for an event that incudes test_busybox - # pausing 100s between each attempt then kills the test_busybox container which - # causes the event logger to exit - (__runc events --interval 100ms test_busybox >events.log) & - ( - retry 3 0.100 eval "grep -q 'test_busybox' events.log" - teardown_running_container test_busybox - ) & - wait # wait for the above sub shells to finish - - [ -e events.log ] - - grep -q 'test_busybox' events.log + test_events 100ms 0.1 } @test "events oom" { From 8ccd39a91b7ad5e02aa645cce4716006b0c32796 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 5 Jan 2021 17:09:56 -0800 Subject: [PATCH 2/5] ci: move commit length check from travis to gha Using https://github.com/tim-actions/commit-message-checker-with-regex Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 17 +++++++++++++++++ .travis.yml | 2 -- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index c3f58cc51ec..146d769f412 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -81,3 +81,20 @@ jobs: restore-keys: ${{ runner.os }}-go.sum- - name: verify deps run: make verify-dependencies + + + commit: + runs-on: ubuntu-20.04 + steps: + - name: get pr commits + id: 'get-pr-commits' + uses: tim-actions/get-pr-commits@v1.0.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: check subject line length + uses: tim-actions/commit-message-checker-with-regex@v0.3.1 + with: + commits: ${{ steps.get-pr-commits.outputs.commits }} + pattern: '^.{0,72}(\n.*)*$' + error: 'Subject too long (max 72)' diff --git a/.travis.yml b/.travis.yml index 4a8ee4dfe42..597c5900702 100644 --- a/.travis.yml +++ b/.travis.yml @@ -60,11 +60,9 @@ before_install: - sudo apt-get -qq update - sudo apt-get install -y libseccomp-dev - GO111MODULE=off go get -u golang.org/x/lint/golint - - GO111MODULE=off go get -u github.com/vbatts/git-validation - (cd ~ && GO111MODULE=on go get mvdan.cc/sh/v3/cmd/shfmt@v3.2.0) - env | grep TRAVIS_ script: - - git-validation -run DCO,short-subject -v - make - make clean ci cross From 7ecba232e9fbcd8c5b8c7b37c588f6fa79c2e169 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 5 Jan 2021 17:12:51 -0800 Subject: [PATCH 3/5] ci: move cross compile check from travis to gha In here we have to use Docker, as Ubuntu does not support all the architectures we're compile-testing here. Since this is the only step that is using Docker, there is no sense to separate `make runcimage` from the rest of it. In case we'll have to use Docker image more, it will make sense to do so. While at it, ditch script/tmpmount (added by commit 1735ad788f2f744), because - it required root (because mount); - it is probably no longer needed. Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 19 +++++++++++++++++++ .travis.yml | 2 +- Dockerfile | 2 -- script/tmpmount | 4 ---- 4 files changed, 20 insertions(+), 7 deletions(-) delete mode 100755 script/tmpmount diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 146d769f412..02e3228f21a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -98,3 +98,22 @@ jobs: commits: ${{ steps.get-pr-commits.outputs.commits }} pattern: '^.{0,72}(\n.*)*$' error: 'Subject too long (max 72)' + + + cross: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + # We have to run this under Docker as Ubuntu (host) does not support all + # the architectures we want to compile test against, and Dockerfile uses + # Debian (which does). + # + # XXX: as currently this is the only job that is using Docker, we are + # building and using the runcimage locally. In case more jobs running + # under Docker will emerge, it will be good to have a separate make + # runcimage job and share its result (the docker image) with whoever + # needs it. + - name: build docker image + run: make runcimage + - name: cross + run: make cross diff --git a/.travis.yml b/.travis.yml index 597c5900702..bbb34594e88 100644 --- a/.travis.yml +++ b/.travis.yml @@ -65,4 +65,4 @@ before_install: script: - make - - make clean ci cross + - make clean ci diff --git a/Dockerfile b/Dockerfile index bb22f4d8fdb..1b38390eab6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -60,9 +60,7 @@ ARG UMOCI_VERSION RUN curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/${UMOCI_VERSION}/umoci.amd64 \ && chmod +x /usr/local/bin/umoci -COPY script/tmpmount / WORKDIR /go/src/github.com/opencontainers/runc -ENTRYPOINT ["/tmpmount"] # setup a playground for us to spawn containers in COPY tests/integration/multi-arch.bash tests/integration/ diff --git a/script/tmpmount b/script/tmpmount deleted file mode 100755 index 5ac6bc2bf13..00000000000 --- a/script/tmpmount +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -mount -t tmpfs none /tmp -exec "$@" From e431fe60f85f3721d03d178770c691a65c981c02 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 5 Jan 2021 17:16:36 -0800 Subject: [PATCH 4/5] ci: move misc validate tasks from travis to gha Note that `make ci` in Travis included `make test`, but we're already doing that elsewhere (see .github/workflows/test.yml). Signed-off-by: Kir Kolyshkin --- .github/workflows/validate.yml | 17 +++++++++++++++++ .travis.yml | 1 - 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 02e3228f21a..552a896470a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -117,3 +117,20 @@ jobs: run: make runcimage - name: cross run: make cross + + + misc: + runs-on: ubuntu-20.04 + steps: + - name: checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: install deps + run: | + sudo apt -qq update + sudo apt -qq install libseccomp-dev indent + - name: make validate + run: make validate + - name: make release + run: make release diff --git a/.travis.yml b/.travis.yml index bbb34594e88..1dcdf9e7a29 100644 --- a/.travis.yml +++ b/.travis.yml @@ -65,4 +65,3 @@ before_install: script: - make - - make clean ci From 2dc1bf91a4f64ef950d63fdd7d9582a4f510ddba Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Tue, 5 Jan 2021 13:42:43 -0800 Subject: [PATCH 5/5] ci: move Fedora 33 and CentOS 7 tests to gha ...and remove .travis.yml as GHA now covers everything it used to (unless I overlooked something). Inspired by https://github.com/containerd/containerd/pull/4279 Signed-off-by: Kir Kolyshkin --- .github/workflows/test.yml | 69 ++++++++++++++++++++++++++++++++++++++ .travis.yml | 67 ------------------------------------ 2 files changed, 69 insertions(+), 67 deletions(-) delete mode 100644 .travis.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b547f6167ff..a2cc3022d1c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -80,3 +80,72 @@ jobs: # can't use systemd driver with cgroupv1 if: matrix.rootless != 'rootless' run: sudo -E PATH="$PATH" script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm make RUNC_USE_SYSTEMD=yes local${{ matrix.rootless }}integration' + + + # cgroup v2 unified hierarchy + very recent kernel (openat2) + fedora: + # nested virtualization is only available on macOS hosts + runs-on: macos-10.15 + timeout-minutes: 60 + # only run it if others have passed + needs: [test] + steps: + - uses: actions/checkout@v2 + - name: prepare vagrant + run: | + ln -sf Vagrantfile.fedora33 Vagrantfile + vagrant up + vagrant ssh-config >> ~/.ssh/config + + - name: system info + run: ssh default 'sh -exc "uname -a && systemctl --version && df -T"' + + - name: unit tests + run: ssh default 'cd /vagrant && sudo make localunittest' + + # The integration tests require tty which GH actions lack; + # wrap those in "script" to emulate tty. + - name: cgroupv2 with systemd + run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo make -C /vagrant localintegration RUNC_USE_SYSTEMD=yes'" + + - name: cgroupv2 with fs2 + run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo make -C /vagrant localintegration'" + + - name: cgroupv2 with systemd (rootless) + run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo make -C /vagrant localrootlessintegration RUNC_USE_SYSTEMD=yes'" + + - name: cgroupv2 with fs2 (rootless) + run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo make -C /vagrant localrootlessintegration'" + + + # kernel 3.10 (frankenized), systemd 219 + centos7: + # nested virtualization is only available on macOS hosts + runs-on: macos-10.15 + timeout-minutes: 60 + # only run it if others have passed + needs: [test] + steps: + - uses: actions/checkout@v2 + - name: prepare vagrant + run: | + ln -sf Vagrantfile.centos7 Vagrantfile + vagrant up + vagrant ssh-config >> ~/.ssh/config + + - name: system info + run: ssh default 'rpm -q centos-release kernel systemd' + + - name: unit tests + run: ssh default 'sudo -i make -C /vagrant localunittest' + + - name: integration tests (fs cgroup driver) + run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo -i make -C /vagrant localintegration'" + + - name: integration tests (systemd cgroup driver) + run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo -i make -C /vagrant localintegration RUNC_USE_SYSTEMD=1'" + + - name: rootless integration + # FIXME: rootless is skipped because of EPERM on writing cgroup.procs + if: false + run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo -i make -C /vagrant localrootlessintegration'" diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 1dcdf9e7a29..00000000000 --- a/.travis.yml +++ /dev/null @@ -1,67 +0,0 @@ -dist: bionic -language: go -os: linux -go: - - 1.15.x - - 1.14.x - - tip -cache: - directories: - - /home/travis/.vagrant.d/boxes -jobs: - include: - - go: 1.15.x - name: "cgroup-systemd" - env: - - RUNC_USE_SYSTEMD=1 - script: - - make all - - sudo PATH="$PATH" make localintegration RUNC_USE_SYSTEMD=1 - - name: "fedora33" - before_install: - - sudo ./script/install-vagrant.sh - - ln -sf Vagrantfile.fedora33 Vagrantfile - - sudo vagrant up && sudo mkdir -p /root/.ssh && sudo sh -c "vagrant ssh-config >> /root/.ssh/config" - script: - - sudo ssh default 'sh -exc "uname -a && systemctl --version && df -T"' - - sudo ssh default -t 'cd /vagrant && sudo make localunittest' - # cgroupv2+systemd: test on vagrant host itself as we need systemd - - sudo ssh default -t 'cd /vagrant && sudo make localintegration RUNC_USE_SYSTEMD=yes' - # same setup but with fs2 driver instead of systemd - - sudo ssh default -t 'cd /vagrant && sudo make localintegration' - # cgroupv2+systemd (rootless) - - sudo ssh default -t 'cd /vagrant && sudo make localrootlessintegration RUNC_USE_SYSTEMD=yes' - # same setup but with fs2 driver (rootless) instead of systemd - - sudo ssh default -t 'cd /vagrant && sudo make localrootlessintegration' - - name: "centos7" - before_install: - - sudo ./script/install-vagrant.sh - - ln -sf Vagrantfile.centos7 Vagrantfile - - sudo vagrant up && sudo mkdir -p /root/.ssh && sudo sh -c "vagrant ssh-config >> /root/.ssh/config" - script: - # kernel 3.10 (frankenized), systemd 219 - - sudo ssh default 'rpm -q centos-release kernel systemd' - - sudo ssh default -t 'sudo -i make -C /vagrant localunittest' - - sudo ssh default -t 'sudo -i make -C /vagrant localintegration' - - sudo ssh default -t 'sudo -i make -C /vagrant localintegration RUNC_USE_SYSTEMD=1' - # FIXME: rootless is skipped because of EPERM on writing cgroup.procs - # - sudo ssh default -t 'sudo -i make -C /vagrant localrootlessintegration' - - allow_failures: - - go: tip - -go_import_path: github.com/opencontainers/runc - -# `make ci` uses Docker. -services: - - docker - -before_install: - - sudo apt-get -qq update - - sudo apt-get install -y libseccomp-dev - - GO111MODULE=off go get -u golang.org/x/lint/golint - - (cd ~ && GO111MODULE=on go get mvdan.cc/sh/v3/cmd/shfmt@v3.2.0) - - env | grep TRAVIS_ - -script: - - make