CI: move Vagrant tests to GitHub Actions (larger runners)

We have been using Cirrus CI for running vagrant workloads as the standard runners of GHA lacks nested virtualization, but it looks like GHA with the "larger" runners support nested virtualization. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-08-05 17:12:43 +09:00 · 2023-08-05 17:12:43 +09:00 · 2d3360ec71
commit 2d3360ec71
parent 2b2195c36b
3 changed files with 69 additions and 107 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@ -1,82 +0,0 @@
-# Cirrus CI gives open-source projects free 16.0 CPUs,
-# we use 4 CPUs x 3 tasks = 12 CPUs.
-# https://cirrus-ci.org/faq/#are-there-any-limits
-#
-# Undocumented constraints;
-# - The maximum memory limit is 4G times the number of CPUs.
-# - The number of CPUs should be multiple of 2.
-
-task:
-  name: Vagrant
-
-  compute_engine_instance:
-    image_project: cirrus-images
-    image: family/docker-kvm
-    platform: linux
-    nested_virtualization: true
-    cpu: 4
-    memory: 16G
-
-  env:
-    GOTEST: gotestsum --
-    # By default, Cirrus CI doesn't have HOME defined
-    HOME: /root
-    matrix:
-      BOX: fedora/37-cloud-base
-      # v7.0.0 does not boot. v6.0.0 was not released.
-      BOX: rockylinux/8@5.0.0
-  install_libvirt_vagrant_script: |
-    # if another process is keeping a lock, wait for 60 seconds for it to release the lock.
-    apt-get -o DPkg::Lock::Timeout=60 update
-    apt-get -o DPkg::Lock::Timeout=60 install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt
-    systemctl enable --now libvirtd
-
-  vagrant_cache:
-    folder: /root/.vagrant.d
-    fingerprint_script: uname --kernel-release --kernel-version && cat Vagrantfile
-
-  vagrant_up_script: |
-    vagrant up --no-tty
-
-  integration_script: |
-    vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-integration
-
-  cri_integration_script: |
-    vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri-integration
-
-  cri_test_script: |
-    vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri
-
-task:
-  name: CGroupsV2 - rootless CRI test
-
-  env:
-    HOME: /root
-
-  compute_engine_instance:
-    image_project: cirrus-images
-    image: family/docker-kvm
-    platform: linux
-    nested_virtualization: true
-    cpu: 4
-    memory: 16G
-
-  install_libvirt_vagrant_script: |
-    # if another process is keeping a lock, wait for 60 seconds for it to release the lock.
-    apt-get -o DPkg::Lock::Timeout=60 update
-    apt-get -o DPkg::Lock::Timeout=60 install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt
-    systemctl enable --now libvirtd
-
-  vagrant_cache:
-    folder: /root/.vagrant.d
-    fingerprint_script: uname -a; cat Vagrantfile
-
-  vagrant_up_script: |
-    vagrant up --provision-with=install-rootless-podman --no-tty
-
-  podman_build_script: |
-    # Execute rootless podman to create the UserNS env
-    vagrant ssh -- podman build --target cri-in-userns -t cri-in-userns -f /vagrant/contrib/Dockerfile.test /vagrant
-
-  test_script: |
-    vagrant ssh -- podman run --rm --privileged cri-in-userns
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -518,6 +518,75 @@ jobs:
            ${{github.workspace}}/report/*.xml
            ${{github.workspace}}/report/*.log

+  integration-vagrant:
+    name: Vagrant integration
+    # "Larger" runner is needed for nested virtualization
+    # https://github.com/organizations/containerd/settings/actions/runners
+    runs-on: ubuntu-latest-4-cores
+    timeout-minutes: 60
+    needs: [project, linters, protos, man]
+
+    strategy:
+      fail-fast: false
+      matrix:
+        box:
+          - fedora/37-cloud-base
+          # v7.0.0 does not boot. v6.0.0 was not released.
+          - rockylinux/8@5.0.0
+    env:
+      BOX: ${{ matrix.box }}
+
+    steps:
+      - name: Show the host info
+        run: |
+          set -x
+          uname -a
+          cat /etc/os-release
+          cat /proc/cpuinfo
+          free -mt
+      - uses: actions/checkout@v3
+      - uses: actions/cache@v3
+        with:
+          path: /root/.vagrant.d
+          key: vagrant-${{ matrix.box }}
+      - name: Set up vagrant
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt
+          sudo systemctl enable --now libvirtd
+      - name: Boot VM
+        run: sudo BOX=$BOX vagrant up --no-tty
+      - name: test-integration
+        run: sudo BOX=$BOX vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-integration
+      - name: test-cri-integration
+        run: sudo BOX=$BOX vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri-integration
+      - name: test-cri
+        run: sudo BOX=$BOX vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri
+
+  tests-cri-in-userns:
+    name: "CRI-in-UserNS"
+
+    runs-on: ubuntu-22.04
+    timeout-minutes: 40
+    needs: [project, linters, protos, man]
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up cgroup v2 delegation
+        run: |
+          sudo mkdir -p /etc/systemd/system/user@.service.d
+          cat <<EOF | sudo tee /etc/systemd/system/user@.service.d/delegate.conf
+          [Service]
+          Delegate=cpu cpuset io memory pids
+          EOF
+          sudo systemctl daemon-reload
+      - name: Build cri-in-userns image
+        run: podman build --target cri-in-userns -t cri-in-userns -f ./contrib/Dockerfile.test .
+      - name: Run cri-in-userns image
+        # Rootless Podman is used for testing CRI-in-UserNS
+        # (We could use rootless Docker or rootless nerdctl, but we are using Podman here because it is preinstalled)
+        run: podman run --rm --privileged cri-in-userns
+
  tests-mac-os:
    name: MacOS unit tests
    runs-on: macos-12
--- a/25
+++ b/25
@ -325,29 +325,4 @@ EOF
    SHELL
  end

-  # Rootless Podman is used for testing CRI-in-UserNS
-  # (We could use rootless nerdctl, but we are using Podman here because it is available in dnf)
-  config.vm.provision "install-rootless-podman", type: "shell", run: "never" do |sh|
-    sh.upload_path = "/tmp/vagrant-install-rootless-podman"
-    sh.inline = <<~SHELL
-        #!/usr/bin/env bash
-        set -eux -o pipefail
-        # Delegate cgroup v2 controllers to rootless
-        mkdir -p /etc/systemd/system/user@.service.d
-        cat > /etc/systemd/system/user@.service.d/delegate.conf << EOF
-[Service]
-Delegate=yes
-EOF
-        systemctl daemon-reload
-        # Install Podman
-        dnf install -y podman
-        # Configure Podman to resolve `golang` to `docker.io/library/golang`
-        mkdir -p /etc/containers
-        cat > /etc/containers/registries.conf <<EOF
-[registries.search]
-registries = ['docker.io']
-EOF
-    SHELL
-  end
-
 end