ci: replace travis with GHA for Fedora 33 and CentOS 7

.github/workflows/test.yml

@@ -80,3 +80,72 @@ jobs:
       # can't use systemd driver with cgroupv1
       if: matrix.rootless != 'rootless'
       run: sudo -E PATH="$PATH" script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm make RUNC_USE_SYSTEMD=yes local${{ matrix.rootless }}integration'
+
+
+  # cgroup v2 unified hierarchy + very recent kernel (openat2)
+  fedora:
+    # nested virtualization is only available on macOS hosts
+    runs-on: macos-10.15
+    timeout-minutes: 60
+    # only run it if others have passed
+    needs: [test]
+    steps:
+      - uses: actions/checkout@v2
+      - name: prepare vagrant
+        run: |
+          ln -sf Vagrantfile.fedora33 Vagrantfile
+          vagrant up
+          vagrant ssh-config >> ~/.ssh/config
+
+      - name: system info
+        run: ssh default 'sh -exc "uname -a && systemctl --version && df -T"'
+
+      - name: unit tests
+        run: ssh default 'cd /vagrant && sudo make localunittest'
+
+      # The integration tests require tty which GH actions lack;
+      # wrap those in "script" to emulate tty.
+      - name: cgroupv2 with systemd
+        run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo make -C /vagrant localintegration RUNC_USE_SYSTEMD=yes'"
+
+      - name: cgroupv2 with fs2
+        run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo make -C /vagrant localintegration'"
+
+      - name: cgroupv2 with systemd (rootless)
+        run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo make -C /vagrant localrootlessintegration RUNC_USE_SYSTEMD=yes'"
+
+      - name: cgroupv2 with fs2 (rootless)
+        run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo make -C /vagrant localrootlessintegration'"
+
+
+  # kernel 3.10 (frankenized), systemd 219
+  centos7:
+    # nested virtualization is only available on macOS hosts
+    runs-on: macos-10.15
+    timeout-minutes: 60
+    # only run it if others have passed
+    needs: [test]
+    steps:
+      - uses: actions/checkout@v2
+      - name: prepare vagrant
+        run: |
+          ln -sf Vagrantfile.centos7 Vagrantfile
+          vagrant up
+          vagrant ssh-config >> ~/.ssh/config
+
+      - name: system info
+        run: ssh default 'rpm -q centos-release kernel systemd'
+
+      - name: unit tests
+        run: ssh default 'sudo -i make -C /vagrant localunittest'
+
+      - name: integration tests (fs cgroup driver)
+        run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo -i make -C /vagrant localintegration'"
+
+      - name: integration tests (systemd cgroup driver)
+        run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo -i make -C /vagrant localintegration RUNC_USE_SYSTEMD=1'"
+
+      - name: rootless integration
+      # FIXME: rootless is skipped because of EPERM on writing cgroup.procs
+        if: false
+        run: ssh default "script -e -c /bin/bash -c 'stty rows 40 cols 80; TERM=xterm sudo -i make -C /vagrant localrootlessintegration'"

.github/workflows/validate.yml

@@ -81,3 +81,56 @@ jobs:
         restore-keys: ${{ runner.os }}-go.sum-
     - name: verify deps
       run: make verify-dependencies
+
+
+  commit:
+    runs-on: ubuntu-20.04
+    steps:
+      - name: get pr commits
+        id: 'get-pr-commits'
+        uses: tim-actions/get-pr-commits@v1.0.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: check subject line length
+        uses: tim-actions/commit-message-checker-with-regex@v0.3.1
+        with:
+          commits: ${{ steps.get-pr-commits.outputs.commits }}
+          pattern: '^.{0,72}(\n.*)*$'
+          error: 'Subject too long (max 72)'
+
+
+  cross:
+    runs-on: ubuntu-20.04
+    steps:
+    - uses: actions/checkout@v2
+      # We have to run this under Docker as Ubuntu (host) does not support all
+      # the architectures we want to compile test against, and Dockerfile uses
+      # Debian (which does).
+      #
+      # XXX: as currently this is the only job that is using Docker, we are
+      # building and using the runcimage locally. In case more jobs running
+      # under Docker will emerge, it will be good to have a separate make
+      # runcimage job and share its result (the docker image) with whoever
+      # needs it.
+    - name: build docker image
+      run: make runcimage
+    - name: cross
+      run: make cross
+
+
+  misc:
+    runs-on: ubuntu-20.04
+    steps:
+    - name: checkout
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - name: install deps
+      run: |
+        sudo apt -qq update
+        sudo apt -qq install libseccomp-dev indent
+    - name: make validate
+      run: make validate
+    - name: make release
+      run: make release

Dockerfile

@@ -60,9 +60,7 @@ ARG UMOCI_VERSION
 RUN curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/${UMOCI_VERSION}/umoci.amd64 \
     && chmod +x /usr/local/bin/umoci
 
-COPY script/tmpmount /
 WORKDIR /go/src/github.com/opencontainers/runc
-ENTRYPOINT ["/tmpmount"]
 
 # setup a playground for us to spawn containers in
 COPY tests/integration/multi-arch.bash tests/integration/

tests/integration/events.bats

@@ -27,25 +27,30 @@ function teardown() {
 	[[ "${lines[0]}" == *"data"* ]]
 }
 
-@test "events --interval default" {
+function test_events() {
 	# XXX: currently cgroups require root containers.
 	requires root
 	init_cgroup_paths
 
-	# run busybox detached
+	local status interval retry_every=1
+	if [ $# -eq 2 ]; then
+		interval="$1"
+		retry_every="$2"
+	fi
+
 	runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
 	[ "$status" -eq 0 ]
 
-	# spawn two sub processes (shells)
-	# the first sub process is an event logger that sends stats events to events.log
-	# the second sub process waits for an event that includes test_busybox then
-	# kills the test_busybox container which causes the event logger to exit
-	(__runc events test_busybox >events.log) &
+	# Spawn two subshels:
+	# 1. Event logger that sends stats events to events.log.
+	(__runc events ${interval:+ --interval "$interval"} test_busybox >events.log) &
+	# 2. Waits for an event that includes test_busybox then kills the
+	#    test_busybox container which causes the event logger to exit.
 	(
-		retry 10 1 eval "grep -q 'test_busybox' events.log"
+		retry 10 "$retry_every" eval "grep -q 'test_busybox' events.log"
 		teardown_running_container test_busybox
 	) &
-	wait # wait for the above sub shells to finish
+	wait # for both subshells to finish
 
 	[ -e events.log ]
 
@@ -54,59 +59,16 @@ function teardown() {
 	[[ "$output" == *"data"* ]]
 }
 
-@test "events --interval 1s" {
-	# XXX: currently cgroups require root containers.
-	requires root
-	init_cgroup_paths
-
-	# run busybox detached
-	runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
-	[ "$status" -eq 0 ]
-
-	# spawn two sub processes (shells)
-	# the first sub process is an event logger that sends stats events to events.log once a second
-	# the second sub process tries 3 times for an event that incudes test_busybox
-	# pausing 1s between each attempt then kills the test_busybox container which
-	# causes the event logger to exit
-	(__runc events --interval 1s test_busybox >events.log) &
-	(
-		retry 3 1 eval "grep -q 'test_busybox' events.log"
-		teardown_running_container test_busybox
-	) &
-	wait # wait for the above sub shells to finish
-
-	[ -e events.log ]
+@test "events --interval default" {
+	test_events
+}
 
-	grep -q 'test_busybox' events.log
+@test "events --interval 1s" {
+	test_events 1s 1
 }
 
 @test "events --interval 100ms" {
-	# XXX: currently cgroups require root containers.
-	requires root
-	init_cgroup_paths
-
-	# run busybox detached
-	runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
-	[ "$status" -eq 0 ]
-
-	#prove there is no carry over of events.log from a prior test
-	[ ! -e events.log ]
-
-	# spawn two sub processes (shells)
-	# the first sub process is an event logger that sends stats events to events.log once every 100ms
-	# the second sub process tries 3 times for an event that incudes test_busybox
-	# pausing 100s between each attempt then kills the test_busybox container which
-	# causes the event logger to exit
-	(__runc events --interval 100ms test_busybox >events.log) &
-	(
-		retry 3 0.100 eval "grep -q 'test_busybox' events.log"
-		teardown_running_container test_busybox
-	) &
-	wait # wait for the above sub shells to finish
-
-	[ -e events.log ]
-
-	grep -q 'test_busybox' events.log
+	test_events 100ms 0.1
 }
 
 @test "events oom" {