-
Notifications
You must be signed in to change notification settings - Fork 324
214 lines (198 loc) · 9.4 KB
/
test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
name: Test
on: [push, pull_request]
jobs:
build_job:
runs-on: ubuntu-latest
name: Build on ${{ matrix.arch }}
strategy:
matrix:
include:
- arch: armv7
distro: ubuntu_latest
- arch: aarch64
distro: ubuntu_latest
- arch: s390x
distro: ubuntu_latest
- arch: ppc64le
distro: ubuntu_latest
- arch: riscv64
distro: ubuntu_latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
set-safe-directory: true
- uses: uraimo/[email protected]
name: Build
id: build
with:
arch: ${{ matrix.arch }}
distro: ${{ matrix.distro }}
githubToken: ${{ github.token }}
install: |
apt-get update -q -y
apt-get install -q -y automake libtool autotools-dev libseccomp-dev git make libcap-dev cmake pkg-config gcc wget go-md2man libsystemd-dev gperf clang-format libyajl-dev libprotobuf-c-dev
run: |
find $(pwd) -name '.git' -exec bash -c 'git config --global --add safe.directory ${0%/.git}' {} \;
./autogen.sh
./configure CFLAGS='-Wall -Werror'
make -j $(nproc) -C libocispec libocispec.la
make git-version.h
make -j $(nproc) libcrun.la
make -j $(nproc) crun
make -j $(nproc) clean
if ./configure CFLAGS='-Wall -Werror --enable-shared'; then
make -j $(nproc) -C libocispec libocispec.la
make git-version.h
make -j $(nproc) libcrun.la
make -j $(nproc) crun
fi
Test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- test: disable-systemd
- test: check
- test: podman
#- test: cri-o
- test: containerd
- test: oci-validation
- test: alpine-build
- test: centos8-build
- test: centos9-build
#- test: centos10-build
- test: clang-format
- test: clang-check
- test: checkpoint-restore
- test: fuzzing
- test: codespell
- test: wasmedge-build
steps:
- name: checkout
uses: actions/checkout@v4
- name: install dependencies
run: |
# If Dockerfile is present in test directory, the test is run
# inside container, so these dependencies won't be needed.
test -f "tests/${{ matrix.test }}/Dockerfile" && exit 0
sudo add-apt-repository -y ppa:criu/ppa
# add-apt-repository runs apt-get update so we don't have to.
sudo apt-get install -q -y criu automake libtool autotools-dev libseccomp-dev git make libcap-dev cmake pkg-config gcc wget go-md2man libsystemd-dev gperf clang-format libyajl-dev containerd runc libasan6 libprotobuf-c-dev
- name: run autogen.sh
run: |
git clean -fdx .
find $(pwd) -name '.git' -exec bash -c 'git config --global --add safe.directory ${0%/.git}' {} \;
./autogen.sh
- name: run test
run: |
case "${{ matrix.test }}" in
disable-systemd)
./configure --disable-systemd
make -j $(nproc)
;;
check)
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
./configure --disable-dl
make
make syntax-check
echo run tests as root
sudo make check ASAN_OPTIONS=detect_leaks=false || cat test-suite.log
echo run tests as rootless
make check ASAN_OPTIONS=detect_leaks=false || (cat test-suite.log; exit 1)
echo run tests as rootless in a user namespace
unshare -r make check ASAN_OPTIONS=detect_leaks=false || (cat test-suite.log; exit 1)
# check that the working dir is clean
git describe --broken --dirty --all | grep -qv dirty
;;
podman)
sudo mkdir -p /var/lib/containers /var/tmp
sudo docker build -t crun-podman tests/podman
sudo docker run --cgroupns=host --privileged --rm -v /var/tmp:/var/tmp:rw -v /var/lib/containers:/var/lib/containers:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-podman
;;
#cri-o)
# sudo mkdir -p /var/lib/var-crio/tmp /var/lib/tmp-crio /var/lib/var-tmp-crio
# sudo docker build -t crun-cri-o tests/cri-o
# sudo docker run --cgroupns=host --net host --privileged --rm -v /dev/zero:/sys/module/apparmor/parameters/enabled -v /var/lib/tmp-crio:/tmp:rw -v /var/lib/var-tmp-crio:/var/tmp -v /var/lib/var-crio:/var/lib/containers:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-cri-o
# ;;
containerd)
sudo mkdir -p /var/lib/var-containerd
sudo docker build -t crun-containerd tests/containerd
sudo docker run --cgroupns=host --privileged --net host --rm -v /tmp:/tmp:rw -v /var/lib/var-containerd:/var/lib:rw -v /sys:/sys:rw,rslave -v ${PWD}:/crun crun-containerd
;;
oci-validation)
sudo docker build -t crun-oci-validation tests/oci-validation
sudo docker run --cgroupns=host --privileged --rm -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-oci-validation
;;
alpine-build)
sudo docker build -t crun-alpine-build tests/alpine-build
sudo docker run --cgroupns=host --privileged --rm -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-alpine-build
;;
centos8-build)
sudo docker build -t crun-centos8-build tests/centos8-build
sudo docker run --cgroupns=host --privileged --rm -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-centos8-build
;;
centos9-build)
sudo docker build -t crun-centos9-build tests/centos9-build
sudo docker run --cgroupns=host --privileged --rm -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-centos9-build
;;
centos10-build)
sudo docker build -t crun-centos10-build tests/centos10-build
sudo docker run --cgroupns=host --privileged --rm -v /var/tmp:/var/tmp:rw -v /var/lib/containers:/var/lib/containers:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-centos10-build
;;
clang-format)
sudo docker build -t crun-clang-format tests/clang-format
sudo docker run --rm -w /crun -v ${PWD}:/crun crun-clang-format
;;
clang-check)
sudo docker build -t crun-clang-check tests/clang-check
sudo docker run --privileged --rm -w /crun -v ${PWD}:/crun crun-clang-check
;;
checkpoint-restore)
./configure
make -j $(nproc)
sudo python3 tests/test_checkpoint_restore.py
;;
fuzzing)
sudo docker build -t crun-fuzzing tests/fuzzing
sudo docker run --cgroupns=host -e RUN_TIME=300 --privileged --rm -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-fuzzing
;;
codespell)
sudo docker build -t crun-codespell tests/codespell
sudo docker run --rm -w /crun -v ${PWD}:/crun crun-codespell codespell -q 0
;;
wasmedge-build)
sudo docker build -t wasmedge tests/wasmedge-build
sudo docker run --privileged --cgroupns=host --rm -v containers:/var/lib/containers:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -w /crun -v ${PWD}:/crun wasmedge
;;
esac
shellcheck:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
- name: vars
run: |
echo 'VERSION=v0.8.0' >> $GITHUB_ENV
echo 'BASEURL=https://github.com/koalaman/shellcheck/releases/download' >> $GITHUB_ENV
echo 'SHA256SUM=f4bce23c11c3919c1b20bcb0f206f6b44c44e26f2bc95f8aa708716095fa0651' >> $GITHUB_ENV
echo ~/bin >> $GITHUB_PATH
- name: install shellcheck
run: |
mkdir ~/bin
curl -sSfL --retry 5 $BASEURL/$VERSION/shellcheck-$VERSION.linux.x86_64.tar.xz |
tar xfJ - -C ~/bin --strip 1 shellcheck-$VERSION/shellcheck
sha256sum ~/bin/shellcheck | grep -q $SHA256SUM
# make sure to remove the old version
sudo rm -f /usr/bin/shellcheck
- name: install dependencies
run: |
sudo apt-get update -q -y
sudo apt-get install -q -y automake libtool autotools-dev libseccomp-dev git make libcap-dev cmake pkg-config gcc wget go-md2man libsystemd-dev gperf clang-format libyajl-dev libprotobuf-c-dev
- uses: lumaxis/shellcheck-problem-matchers@v2
- name: shellcheck
run: |
find $(pwd) -name '.git' -exec bash -c 'git config --global --add safe.directory ${0%/.git}' {} \;
./autogen.sh
./configure
make shellcheck