-
Notifications
You must be signed in to change notification settings - Fork 78
257 lines (215 loc) · 9.13 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
name: CI
on:
pull_request:
push:
merge_group:
schedule:
- cron: '0 0 * * *' # Every day at midnight
jobs:
checks:
name: Checks
runs-on: ${{ matrix.os }}
timeout-minutes: 20
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
steps:
- uses: actions/checkout@v4
- run: ./scripts/install-protobuf.sh
shell: bash
- run: rustup toolchain install nightly --component rustfmt
- run: cargo +nightly fmt --all -- --check --files-with-diff
# the "runc" and "containerd-shim" crates have `sync` code that is not covered by the workspace
- run: cargo check -p runc --all-targets
- run: cargo clippy -p runc --all-targets -- -D warnings
- run: cargo check -p containerd-shim --all-targets
- run: cargo clippy -p containerd-shim --all-targets -- -D warnings
# check the workspace
- run: cargo check --examples --tests --all-targets
- run: cargo check --examples --tests --all-targets --all-features
- run: cargo clippy --all-targets -- -D warnings
- run: cargo clippy --all-targets --all-features -- -D warnings
- run: cargo doc --no-deps --features docs
env:
RUSTDOCFLAGS: -Dwarnings
# See https://github.com/containerd/rust-extensions/issues/348
# - name: check unused dependencies
# uses: bnjbvr/[email protected]
# TODO: Merge this with the checks job above
windows-checks:
name: Windows Checks
runs-on: windows-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@v4
- run: ./scripts/install-protobuf.sh
shell: bash
- run: cargo check --examples --tests -p containerd-shim -p containerd-shim-protos -p containerd-client
- run: rustup toolchain install nightly --component rustfmt
- run: cargo +nightly fmt -p containerd-shim -p containerd-shim-protos -p containerd-client -- --check --files-with-diff
- run: cargo clippy -p containerd-shim -p containerd-shim-protos -- -D warnings
- run: cargo doc --no-deps -p containerd-shim -p containerd-shim-protos -p containerd-client
env:
RUSTDOCFLAGS: -Dwarnings
tests:
name: Tests
runs-on: ${{ matrix.os }}
timeout-minutes: 15
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
steps:
- uses: actions/checkout@v4
- run: ./scripts/install-protobuf.sh
shell: bash
- run: |
# runc-shim::cgroup::test_add_cgroup needs root permission to set cgroup
mkdir -p /tmp/dummy-xdr
sudo -E $(command -v cargo) test
sudo -E $(command -v cargo) test --all-features
# the shim has sync code that is not covered when running with --all-features
sudo -E $(command -v cargo) test -p containerd-shim
if: ${{ !contains(matrix.os, 'windows') }}
env:
# runc::tests::test_exec needs $XDG_RUNTIME_DIR to be set
XDG_RUNTIME_DIR: /tmp/dummy-xdr
- run: cargo test -p containerd-shim -p containerd-shim-protos -p containerd-client
if: ${{ contains(matrix.os, 'windows') }}
# Collect build timings
# See https://blog.rust-lang.org/2022/04/07/Rust-1.60.0.html#cargo---timings
timings:
name: Timings
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- run: ./scripts/install-protobuf.sh
shell: bash
- run: cargo build --all-features --timings
- uses: actions/upload-artifact@v4
with:
name: timings
path: target/cargo-timings/cargo-timing.html
if-no-files-found: error
deny:
name: Deny
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v1
linux-integration:
name: Linux Integration
runs-on: ${{ matrix.os }}
timeout-minutes: 40
strategy:
matrix:
os: [ubuntu-20.04, ubuntu-22.04]
containerd: [v1.6.28, v1.7.13, v2.0.0-beta.2]
steps:
- name: Checkout extensions
uses: actions/checkout@v4
- name: Download containerd archive
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release download ${{ matrix.containerd }} \
--repo containerd/containerd \
--pattern 'containerd-1.*-linux-amd64.tar.gz' \
--pattern 'containerd-2.*-linux-amd64.tar.gz' \
--output containerd.tar.gz
- name: Extract containerd binaries to $HOME/.local/bin
run: |
mkdir -p $HOME/.local/bin
echo "$HOME/.local/bin" >> $GITHUB_PATH
tar -xf containerd.tar.gz -C $HOME/.local
- name: Checkout containerd
uses: actions/checkout@v4
with:
repository: containerd/containerd
path: src/github.com/containerd/containerd
ref: ${{ matrix.containerd }}
- name: Install shim
run: |
cargo build --release --bin containerd-shim-runc-v2-rs
sudo install -D ./target/release/containerd-shim-runc-v2-rs /usr/local/bin/
## get latest go version for integrations tests so we can skip runnings tests
- uses: actions/setup-go@v5
with:
go-version: '1.20.12'
- name: Integration
env:
TEST_RUNTIME: "io.containerd.runc.v2-rs"
TESTFLAGS_PARALLEL: 1
EXTRA_TESTFLAGS: "-no-criu -test.skip='(TestContainerPTY|TestContainerExecLargeOutputWithTTY|TestTaskUpdate|TestTaskResize|TestContainerAttach|TestContainerAttachProcess|TestRuntimeInfo)'"
TESTFLAGS_RACE: "-race"
# Pretend crun for now, remove after https://github.com/containerd/containerd/pull/9829
RUNC_FLAVOR: "crun"
run: |
sudo -E PATH=$PATH make integration
working-directory: src/github.com/containerd/containerd
windows-integration:
name: Windows Integration
runs-on: ${{ matrix.os }}
timeout-minutes: 40
strategy:
matrix:
os: [windows-latest]
containerd: [1.7.0]
steps:
- name: Checkout extensions
uses: actions/checkout@v4
- run: ./scripts/install-protobuf.sh
shell: bash
- name: Install containerd
run: |
$ErrorActionPreference = "Stop"
# Install containerd https://github.com/containerd/containerd/blob/v1.7.0/docs/getting-started.md#installing-containerd-on-windows
# Download and extract desired containerd Windows binaries
curl.exe -L https://github.com/containerd/containerd/releases/download/v${{ matrix.containerd }}/containerd-${{ matrix.containerd }}-windows-amd64.tar.gz -o containerd-windows-amd64.tar.gz
tar.exe xvf .\containerd-windows-amd64.tar.gz
# Copy and configure
mkdir "$Env:ProgramFiles\containerd"
Copy-Item -Path ".\bin\*" -Destination "$Env:ProgramFiles\containerd" -Recurse -Force
cd $Env:ProgramFiles\containerd\
.\containerd.exe config default | Out-File config.toml -Encoding ascii
# Review the configuration. Depending on setup you may want to adjust:
# - the sandbox_image (Kubernetes pause image)
# - cni bin_dir and conf_dir locations
Get-Content config.toml
# Register and start service
.\containerd.exe --register-service
Start-Service containerd
working-directory: ${{ runner.temp }}
- name: Run integration test
run: |
$ErrorActionPreference = "Stop"
get-service containerd
$env:TTRPC_ADDRESS="\\.\pipe\containerd-containerd.ttrpc"
# run the example
cargo run -p containerd-shim --example skeleton -- -namespace default -id 1234 -address "\\.\pipe\containerd-containerd" -publish-binary ./bin/containerd start
ps skeleton
cargo run -p containerd-shim-protos --example shim-proto-connect \\.\pipe\containerd-shim-bc764c65e177434fcefe8257dc440be8b8acf7c96156320d965938f7e9ae1a35-pipe
$skeleton = get-process skeleton -ErrorAction SilentlyContinue
if ($skeleton) { exit 1 }
- name: Run client
run: |
$ErrorActionPreference = "Stop"
get-service containerd
cargo run -p containerd-client --example version
# Currently Github actions UI supports no masks to mark matrix jobs as required to pass status checks.
# This means that every time version of Go, containerd, or OS is changed, a corresponding job should
# be added to the list of required checks. Which is not very convenient.
# To workaround this, a special job is added to report statuses of all other jobs, with fixed title.
# So it needs to be added to the list of required checks only once.
#
# See https://github.com/orgs/community/discussions/26822
results:
name: Report required job statuses
runs-on: ubuntu-latest
# List job dependencies which are required to pass status checks in order to be merged via merge queue.
needs: [checks, windows-checks, tests, deny, linux-integration, windows-integration]
if: ${{ always() }}
steps:
- run: exit 1
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}