mirror of https://gitee.com/openkylin/runc.git
159 lines
5.3 KiB
YAML
159 lines
5.3 KiB
YAML
---
|
|
# We use Cirrus for Vagrant tests and native CentOS 7 and 8, because macOS
|
|
# instances of GHA are too slow and flaky, and Linux instances of GHA do not
|
|
# support KVM.
|
|
|
|
# NOTE Cirrus execution environments lack a terminal, needed for
|
|
# some integration tests. So we use `ssh -tt` command to fake a terminal.
|
|
|
|
task:
|
|
timeout_in: 30m
|
|
|
|
env:
|
|
DEBIAN_FRONTEND: noninteractive
|
|
HOME: /root
|
|
# yamllint disable rule:key-duplicates
|
|
matrix:
|
|
DISTRO: fedora
|
|
|
|
name: vagrant DISTRO:$DISTRO
|
|
|
|
compute_engine_instance:
|
|
image_project: cirrus-images
|
|
image: family/docker-kvm
|
|
platform: linux
|
|
nested_virtualization: true
|
|
# CPU limit: `16 / NTASK`: see https://cirrus-ci.org/faq/#are-there-any-limits
|
|
cpu: 8
|
|
# Memory limit: `4GB * NCPU`
|
|
memory: 32G
|
|
|
|
host_info_script: |
|
|
uname -a
|
|
echo "-----"
|
|
cat /etc/os-release
|
|
echo "-----"
|
|
cat /proc/cpuinfo
|
|
echo "-----"
|
|
df -T
|
|
install_libvirt_vagrant_script: |
|
|
apt-get update
|
|
apt-get install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt
|
|
systemctl enable --now libvirtd
|
|
vagrant_cache:
|
|
fingerprint_script: uname -s ; cat Vagrantfile.$DISTRO
|
|
folder: /root/.vagrant.d
|
|
vagrant_up_script: |
|
|
ln -sf Vagrantfile.$DISTRO Vagrantfile
|
|
# Retry if it fails (download.fedoraproject.org returns 404 sometimes)
|
|
vagrant up --no-tty || vagrant up --no-tty
|
|
mkdir -p -m 0700 /root/.ssh
|
|
vagrant ssh-config >> /root/.ssh/config
|
|
guest_info_script: |
|
|
ssh default 'sh -exc "uname -a && systemctl --version && df -T && cat /etc/os-release"'
|
|
unit_tests_script: |
|
|
ssh default 'sudo -i make -C /vagrant localunittest'
|
|
integration_systemd_script: |
|
|
ssh -tt default "sudo -i make -C /vagrant localintegration RUNC_USE_SYSTEMD=yes"
|
|
integration_fs_script: |
|
|
ssh -tt default "sudo -i make -C /vagrant localintegration"
|
|
integration_systemd_rootless_script: |
|
|
ssh -tt default "sudo -i make -C /vagrant localrootlessintegration RUNC_USE_SYSTEMD=yes"
|
|
integration_fs_rootless_script: |
|
|
ssh -tt default "sudo -i make -C /vagrant localrootlessintegration"
|
|
|
|
task:
|
|
timeout_in: 30m
|
|
|
|
env:
|
|
HOME: /root
|
|
CIRRUS_WORKING_DIR: /home/runc
|
|
GO_VERSION: "1.17.3"
|
|
BATS_VERSION: "v1.3.0"
|
|
# yamllint disable rule:key-duplicates
|
|
matrix:
|
|
DISTRO: centos-7
|
|
DISTRO: centos-stream-8
|
|
|
|
name: ci / $DISTRO
|
|
|
|
compute_engine_instance:
|
|
image_project: centos-cloud
|
|
image: family/$DISTRO
|
|
platform: linux
|
|
cpu: 4
|
|
memory: 8G
|
|
|
|
install_dependencies_script: |
|
|
case $DISTRO in
|
|
centos-7)
|
|
(cd /etc/yum.repos.d && curl -O https://copr.fedorainfracloud.org/coprs/adrian/criu-el7/repo/epel-7/adrian-criu-el7-epel-7.repo)
|
|
# sysctl
|
|
echo "user.max_user_namespaces=15076" > /etc/sysctl.d/userns.conf
|
|
sysctl --system
|
|
;;
|
|
centos-stream-8)
|
|
yum config-manager --set-enabled powertools # for glibc-static
|
|
;;
|
|
esac
|
|
# Work around dnf mirror failures by retrying a few times.
|
|
for i in $(seq 0 2); do
|
|
sleep $i
|
|
yum install -y -q gcc git iptables jq glibc-static libseccomp-devel make criu fuse-sshfs && break
|
|
done
|
|
[ $? -eq 0 ] # fail if yum failed
|
|
# install Go
|
|
curl -fsSL "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" | tar Cxz /usr/local
|
|
# install bats
|
|
cd /tmp
|
|
git clone https://github.com/bats-core/bats-core
|
|
cd bats-core
|
|
git checkout $BATS_VERSION
|
|
./install.sh /usr/local
|
|
cd -
|
|
# Add a user for rootless tests
|
|
useradd -u2000 -m -d/home/rootless -s/bin/bash rootless
|
|
# Allow root and rootless itself to execute `ssh rootless@localhost` in tests/rootless.sh
|
|
ssh-keygen -t ecdsa -N "" -f /root/rootless.key
|
|
mkdir -m 0700 -p /home/rootless/.ssh
|
|
cp /root/rootless.key /home/rootless/.ssh/id_ecdsa
|
|
cat /root/rootless.key.pub >> /home/rootless/.ssh/authorized_keys
|
|
chown -R rootless.rootless /home/rootless
|
|
# set PATH
|
|
echo 'export PATH=/usr/local/go/bin:/usr/local/bin:$PATH' >> /root/.bashrc
|
|
# Setup ssh localhost for terminal emulation (script -e did not work)
|
|
ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 -N ""
|
|
cat /root/.ssh/id_ed25519.pub >> /root/.ssh/authorized_keys
|
|
chmod 400 /root/.ssh/authorized_keys
|
|
ssh-keyscan localhost >> /root/.ssh/known_hosts
|
|
echo -e "Host localhost\n\tStrictHostKeyChecking no\t\nIdentityFile /root/.ssh/id_ed25519\n" >> /root/.ssh/config
|
|
sed -e "s,PermitRootLogin.*,PermitRootLogin prohibit-password,g" -i /etc/ssh/sshd_config
|
|
systemctl restart sshd
|
|
host_info_script: |
|
|
uname -a
|
|
echo "-----"
|
|
cat /etc/os-release
|
|
echo "-----"
|
|
cat /proc/cpuinfo
|
|
echo "-----"
|
|
df -T
|
|
echo "-----"
|
|
systemctl --version
|
|
unit_tests_script: |
|
|
ssh -tt localhost "make -C /home/runc localunittest"
|
|
integration_systemd_script: |
|
|
ssh -tt localhost "make -C /home/runc localintegration RUNC_USE_SYSTEMD=yes"
|
|
integration_fs_script: |
|
|
ssh -tt localhost "make -C /home/runc localintegration"
|
|
integration_systemd_rootless_script: |
|
|
echo "SKIP: integration_systemd_rootless_script requires cgroup v2"
|
|
integration_fs_rootless_script: |
|
|
case $DISTRO in
|
|
centos-7)
|
|
echo "SKIP: FIXME: integration_fs_rootless_script is skipped because of EPERM on writing cgroup.procs"
|
|
;;
|
|
centos-stream-8)
|
|
ssh -tt localhost "make -C /home/runc localrootlessintegration"
|
|
;;
|
|
esac
|