CI #2481
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
push: | |
merge_group: | |
schedule: | |
- cron: '0 0 * * *' # Every day at midnight | |
jobs: | |
checks: | |
name: Checks | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 20 | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-latest] | |
steps: | |
- uses: actions/checkout@v4 | |
- run: ./scripts/install-protobuf.sh | |
shell: bash | |
- run: rustup toolchain install nightly --component rustfmt | |
- run: cargo +nightly fmt --all -- --check --files-with-diff | |
# the "runc" and "containerd-shim" crates have `sync` code that is not covered by the workspace | |
- run: cargo check -p runc --all-targets | |
- run: cargo clippy -p runc --all-targets -- -D warnings | |
- run: cargo check -p containerd-shim --all-targets | |
- run: cargo clippy -p containerd-shim --all-targets -- -D warnings | |
# check the workspace | |
- run: cargo check --examples --tests --all-targets | |
- run: cargo check --examples --tests --all-targets --all-features | |
- run: cargo clippy --all-targets -- -D warnings | |
- run: cargo clippy --all-targets --all-features -- -D warnings | |
- run: cargo doc --no-deps --features docs | |
env: | |
RUSTDOCFLAGS: -Dwarnings | |
# See https://github.com/containerd/rust-extensions/issues/348 | |
# - name: check unused dependencies | |
# uses: bnjbvr/[email protected] | |
# TODO: Merge this with the checks job above | |
windows-checks: | |
name: Windows Checks | |
runs-on: windows-latest | |
timeout-minutes: 20 | |
steps: | |
- uses: actions/checkout@v4 | |
- run: ./scripts/install-protobuf.sh | |
shell: bash | |
- run: cargo check --examples --tests -p containerd-shim -p containerd-shim-protos -p containerd-client | |
- run: rustup toolchain install nightly --component rustfmt | |
- run: cargo +nightly fmt -p containerd-shim -p containerd-shim-protos -p containerd-client -- --check --files-with-diff | |
- run: cargo clippy -p containerd-shim -p containerd-shim-protos -- -D warnings | |
- run: cargo doc --no-deps -p containerd-shim -p containerd-shim-protos -p containerd-client | |
env: | |
RUSTDOCFLAGS: -Dwarnings | |
tests: | |
name: Tests | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 15 | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
steps: | |
- uses: actions/checkout@v4 | |
- run: ./scripts/install-protobuf.sh | |
shell: bash | |
- run: | | |
# runc-shim::cgroup::test_add_cgroup needs root permission to set cgroup | |
mkdir -p /tmp/dummy-xdr | |
sudo -E $(command -v cargo) test | |
sudo -E $(command -v cargo) test --all-features | |
# the shim has sync code that is not covered when running with --all-features | |
sudo -E $(command -v cargo) test -p containerd-shim | |
if: ${{ !contains(matrix.os, 'windows') }} | |
env: | |
# runc::tests::test_exec needs $XDG_RUNTIME_DIR to be set | |
XDG_RUNTIME_DIR: /tmp/dummy-xdr | |
- run: cargo test -p containerd-shim -p containerd-shim-protos -p containerd-client | |
if: ${{ contains(matrix.os, 'windows') }} | |
# Collect build timings | |
# See https://blog.rust-lang.org/2022/04/07/Rust-1.60.0.html#cargo---timings | |
timings: | |
name: Timings | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
steps: | |
- uses: actions/checkout@v4 | |
- run: ./scripts/install-protobuf.sh | |
shell: bash | |
- run: cargo build --all-features --timings | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: timings | |
path: target/cargo-timings/cargo-timing.html | |
if-no-files-found: error | |
deny: | |
name: Deny | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: EmbarkStudios/cargo-deny-action@v1 | |
linux-integration: | |
name: Linux Integration | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 40 | |
strategy: | |
matrix: | |
os: [ubuntu-20.04, ubuntu-22.04] | |
containerd: [v1.6.28, v1.7.13, v2.0.0-beta.2] | |
steps: | |
- name: Checkout extensions | |
uses: actions/checkout@v4 | |
- name: Download containerd archive | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh release download ${{ matrix.containerd }} \ | |
--repo containerd/containerd \ | |
--pattern 'containerd-1.*-linux-amd64.tar.gz' \ | |
--pattern 'containerd-2.*-linux-amd64.tar.gz' \ | |
--output containerd.tar.gz | |
- name: Extract containerd binaries to $HOME/.local/bin | |
run: | | |
mkdir -p $HOME/.local/bin | |
echo "$HOME/.local/bin" >> $GITHUB_PATH | |
tar -xf containerd.tar.gz -C $HOME/.local | |
- name: Checkout containerd | |
uses: actions/checkout@v4 | |
with: | |
repository: containerd/containerd | |
path: src/github.com/containerd/containerd | |
ref: ${{ matrix.containerd }} | |
- name: Install shim | |
run: | | |
cargo build --release --bin containerd-shim-runc-v2-rs | |
sudo install -D ./target/release/containerd-shim-runc-v2-rs /usr/local/bin/ | |
## get latest go version for integrations tests so we can skip runnings tests | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '1.20.12' | |
- name: Integration | |
env: | |
TEST_RUNTIME: "io.containerd.runc.v2-rs" | |
TESTFLAGS_PARALLEL: 1 | |
EXTRA_TESTFLAGS: "-no-criu -test.skip='(TestContainerPTY|TestContainerExecLargeOutputWithTTY|TestTaskUpdate|TestTaskResize|TestContainerAttach|TestContainerAttachProcess|TestRuntimeInfo)'" | |
TESTFLAGS_RACE: "-race" | |
# Pretend crun for now, remove after https://github.com/containerd/containerd/pull/9829 | |
RUNC_FLAVOR: "crun" | |
run: | | |
sudo -E PATH=$PATH make integration | |
working-directory: src/github.com/containerd/containerd | |
windows-integration: | |
name: Windows Integration | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 40 | |
strategy: | |
matrix: | |
os: [windows-latest] | |
containerd: [1.7.0] | |
steps: | |
- name: Checkout extensions | |
uses: actions/checkout@v4 | |
- run: ./scripts/install-protobuf.sh | |
shell: bash | |
- name: Install containerd | |
run: | | |
$ErrorActionPreference = "Stop" | |
# Install containerd https://github.com/containerd/containerd/blob/v1.7.0/docs/getting-started.md#installing-containerd-on-windows | |
# Download and extract desired containerd Windows binaries | |
curl.exe -L https://github.com/containerd/containerd/releases/download/v${{ matrix.containerd }}/containerd-${{ matrix.containerd }}-windows-amd64.tar.gz -o containerd-windows-amd64.tar.gz | |
tar.exe xvf .\containerd-windows-amd64.tar.gz | |
# Copy and configure | |
mkdir "$Env:ProgramFiles\containerd" | |
Copy-Item -Path ".\bin\*" -Destination "$Env:ProgramFiles\containerd" -Recurse -Force | |
cd $Env:ProgramFiles\containerd\ | |
.\containerd.exe config default | Out-File config.toml -Encoding ascii | |
# Review the configuration. Depending on setup you may want to adjust: | |
# - the sandbox_image (Kubernetes pause image) | |
# - cni bin_dir and conf_dir locations | |
Get-Content config.toml | |
# Register and start service | |
.\containerd.exe --register-service | |
Start-Service containerd | |
working-directory: ${{ runner.temp }} | |
- name: Run integration test | |
run: | | |
$ErrorActionPreference = "Stop" | |
get-service containerd | |
$env:TTRPC_ADDRESS="\\.\pipe\containerd-containerd.ttrpc" | |
# run the example | |
cargo run -p containerd-shim --example skeleton -- -namespace default -id 1234 -address "\\.\pipe\containerd-containerd" -publish-binary ./bin/containerd start | |
ps skeleton | |
cargo run -p containerd-shim-protos --example shim-proto-connect \\.\pipe\containerd-shim-bc764c65e177434fcefe8257dc440be8b8acf7c96156320d965938f7e9ae1a35-pipe | |
$skeleton = get-process skeleton -ErrorAction SilentlyContinue | |
if ($skeleton) { exit 1 } | |
- name: Run client | |
run: | | |
$ErrorActionPreference = "Stop" | |
get-service containerd | |
cargo run -p containerd-client --example version | |
# Currently Github actions UI supports no masks to mark matrix jobs as required to pass status checks. | |
# This means that every time version of Go, containerd, or OS is changed, a corresponding job should | |
# be added to the list of required checks. Which is not very convenient. | |
# To workaround this, a special job is added to report statuses of all other jobs, with fixed title. | |
# So it needs to be added to the list of required checks only once. | |
# | |
# See https://github.com/orgs/community/discussions/26822 | |
results: | |
name: Report required job statuses | |
runs-on: ubuntu-latest | |
# List job dependencies which are required to pass status checks in order to be merged via merge queue. | |
needs: [checks, windows-checks, tests, deny, linux-integration, windows-integration] | |
if: ${{ always() }} | |
steps: | |
- run: exit 1 | |
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} |