github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #8957 from AkihiroSuda/go-1.21

Browse Source 
Go 1.21.0
This commit is contained in:
Akihiro Suda 2023-08-19 02:51:58 +09:00 committed by GitHub
commit 4033add994
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 87 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.devcontainer/devcontainer.json
View File

@ -12,7 +12,7 @@
"features": { "features": {
"ghcr.io/devcontainers/features/docker-in-docker:2": {}, "ghcr.io/devcontainers/features/docker-in-docker:2": {},
"ghcr.io/devcontainers/features/go:1": { "ghcr.io/devcontainers/features/go:1": {
"version": "1.20" "version": "1.21"
} }
}, },

2
.github/workflows/build-test-images.yml vendored
View File

@ -43,7 +43,7 @@ jobs:
steps: steps:
- uses: actions/setup-go@v3 - uses: actions/setup-go@v3
with: with:
go-version: "1.20.7" go-version: "1.21.0"
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with: with:

18
.github/workflows/ci.yml vendored
View File

@ -9,7 +9,7 @@ on:
env: env:
# Go version we currently use to build containerd across all CI. # Go version we currently use to build containerd across all CI.
# Note: don't forget to update `Binaries` step, as it contains the matrix of all supported Go versions. # Note: don't forget to update `Binaries` step, as it contains the matrix of all supported Go versions.
GO_VERSION: "1.20.7" GO_VERSION: "1.21.0"
permissions: # added using https://github.com/step-security/secure-workflows permissions: # added using https://github.com/step-security/secure-workflows
contents: read contents: read
@ -203,13 +203,13 @@ jobs:
binaries: binaries:
name: Binaries name: Binaries
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
timeout-minutes: 10 timeout-minutes: 20
needs: [project, linters, protos, man] needs: [project, linters, protos, man]
strategy: strategy:
matrix: matrix:
os: [ubuntu-22.04, macos-12, windows-2019, windows-2022] os: [ubuntu-22.04, macos-12, windows-2019, windows-2022]
go-version: ["1.20.7", "1.19.12"] go-version: ["1.20.7", "1.21.0"]
steps: steps:
- uses: actions/setup-go@v4 - uses: actions/setup-go@v4
with: with:
@ -218,6 +218,12 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
# NOTE(aznashwan): starting with Golang 1.21, the windows-2019 GitHub runner's
# builtin MinGW version leads to DLL loading errors during runtime.
- name: Upgrade MinGW on Windows 2019
if: matrix.os == 'windows-2019'
run: choco upgrade mingw
- name: Make - name: Make
run: | run: |
make build make build
@ -269,6 +275,12 @@ jobs:
- run: script/setup/install-dev-tools - run: script/setup/install-dev-tools
# NOTE(aznashwan): starting with Golang 1.21, the windows-2019 GitHub runner's
# builtin MinGW version leads to DLL loading errors during runtime.
- name: Upgrade MinGW on Windows 2019
if: matrix.os == 'windows-2019'
run: choco upgrade mingw
- name: Binaries - name: Binaries
env: env:
CGO_ENABLED: 1 CGO_ENABLED: 1

2
.github/workflows/codeql.yml vendored
View File

@ -34,7 +34,7 @@ jobs:
- uses: actions/setup-go@v3 - uses: actions/setup-go@v3
with: with:
go-version: 1.20.7 go-version: 1.21.0
# Initializes the CodeQL tools for scanning. # Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL - name: Initialize CodeQL

74
.github/workflows/fuzz.yml vendored
View File

@ -4,33 +4,49 @@ permissions: # added using https://github.com/step-security/secure-workflows
contents: read contents: read
jobs: jobs:
# Run all fuzzing tests. Some of them use Go 1.18's testing.F. # ci_fuzz is temporarily disabled as it is not compatible with recent Go:
# Others use https://github.com/AdaLogics/go-fuzz-headers. #
ci_fuzz: #####
name: CI Fuzz # >github.com/containerd/containerd/contrib/apparmor
if: github.repository == 'containerd/containerd' # >github.com/containerd/containerd/contrib/apparmor
runs-on: ubuntu-latest # >Running go-fuzz -tags gofuzz -func FuzzLoadDefaultProfile -o fuzz_FuzzLoadDefaultProfile.a github.com/containerd/containerd/contrib/apparmor
timeout-minutes: 60 # >/usr/bin/ld: /usr/bin/ld: DWARF error: invalid or unhandled FORM value: 0x25
steps: # >fuzz_FuzzLoadDefaultProfile.a(000021.o): in function `_cgo_9c8efe9babca_C2func_res_search':
- name: Build Fuzzers # >cgo_unix_cgo_res.cgo2.c:(.text+0x32): undefined reference to `__res_search'
id: build # >/usr/bin/ld: fuzz_FuzzLoadDefaultProfile.a(000021.o): in function `_cgo_9c8efe9babca_Cfunc_res_search':
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master # >cgo_unix_cgo_res.cgo2.c:(.text+0x81): undefined reference to `__res_search'
with: # >clang-15: error: linker command failed with exit code 1 (use -v to see invocation)
oss-fuzz-project-name: 'containerd' # >2023-08-11 14:25:45,433 - root - ERROR - Building fuzzers failed.
language: go # >2023-08-11 14:25:45,433 - root - ERROR - Error building fuzzers for (commit: 432d86b87f75cc8ddf8f8101a5540eb206ffc894, pr_ref: refs/pull/8957/merge).
- name: Run Fuzzers #####
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master #
with: # # Run all fuzzing tests. Some of them use Go 1.18's testing.F.
oss-fuzz-project-name: 'containerd' # # Others use https://github.com/AdaLogics/go-fuzz-headers.
fuzz-seconds: 300 # ci_fuzz:
language: go # name: CI Fuzz
continue-on-error: true # if: github.repository == 'containerd/containerd'
- name: Upload Crash # runs-on: ubuntu-latest
uses: actions/upload-artifact@v1 # timeout-minutes: 60
if: failure() && steps.build.outcome == 'success' # steps:
with: # - name: Build Fuzzers
name: artifacts # id: build
path: ./out/artifacts # uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
# with:
# oss-fuzz-project-name: 'containerd'
# language: go
# - name: Run Fuzzers
# uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
# with:
# oss-fuzz-project-name: 'containerd'
# fuzz-seconds: 300
# language: go
# continue-on-error: true
# - name: Upload Crash
# uses: actions/upload-artifact@v1
# if: failure() && steps.build.outcome == 'success'
# with:
# name: artifacts
# path: ./out/artifacts
# Make sure all fuzzing tests which use Go 1.18's testing.F are # Make sure all fuzzing tests which use Go 1.18's testing.F are
# runnable with go test -fuzz. # runnable with go test -fuzz.
@ -42,8 +58,6 @@ jobs:
steps: steps:
- uses: actions/setup-go@v3 - uses: actions/setup-go@v3
with: with:
# FIXME: go-fuzz fails with Go 1.20: `cgo_unix_cgo_res.cgo2.c:(.text+0x32): undefined reference to `__res_search'` go-version: 1.21.x
# https://github.com/containerd/containerd/pull/8103#issuecomment-1429256152
go-version: 1.18
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- run: script/go-test-fuzz.sh - run: script/go-test-fuzz.sh

2
.github/workflows/images.yml vendored
View File

@ -28,7 +28,7 @@ jobs:
steps: steps:
- uses: actions/setup-go@v3 - uses: actions/setup-go@v3
with: with:
go-version: "1.20.7" go-version: "1.21.0"
- uses: actions/checkout@v3 - uses: actions/checkout@v3
with: with:

2
.github/workflows/nightly.yml vendored
View File

@ -7,7 +7,7 @@ on:
- ".github/workflows/nightly.yml" - ".github/workflows/nightly.yml"
env: env:
GO_VERSION: "1.20.7" GO_VERSION: "1.21.0"
permissions: # added using https://github.com/step-security/secure-workflows permissions: # added using https://github.com/step-security/secure-workflows
contents: read contents: read

2
.github/workflows/release.yml vendored
View File

@ -13,7 +13,7 @@ on:
name: Release name: Release
env: env:
GO_VERSION: "1.20.7" GO_VERSION: "1.21.0"
permissions: # added using https://github.com/step-security/secure-workflows permissions: # added using https://github.com/step-security/secure-workflows
contents: read contents: read

2
BUILDING.md
View File

@ -25,7 +25,7 @@ A codespace will open in a web-based version of Visual Studio Code. The [dev con
To build the `containerd` daemon, and the `ctr` simple test client, the following build system dependencies are required: To build the `containerd` daemon, and the `ctr` simple test client, the following build system dependencies are required:
* Go 1.19.x or above * Go 1.20.x or above
* Protoc 3.x compiler and headers (download at the [Google protobuf releases page](https://github.com/protocolbuffers/protobuf/releases)) * Protoc 3.x compiler and headers (download at the [Google protobuf releases page](https://github.com/protocolbuffers/protobuf/releases))
* Btrfs headers and libraries for your distribution. Note that building the btrfs driver can be disabled via the build tag `no_btrfs`, removing this dependency. * Btrfs headers and libraries for your distribution. Note that building the btrfs driver can be disabled via the build tag `no_btrfs`, removing this dependency.

2
Vagrantfile vendored
View File

@ -104,7 +104,7 @@ EOF
config.vm.provision "install-golang", type: "shell", run: "once" do |sh| config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
sh.upload_path = "/tmp/vagrant-install-golang" sh.upload_path = "/tmp/vagrant-install-golang"
sh.env = { sh.env = {
'GO_VERSION': ENV['GO_VERSION'] || "1.20.7", 'GO_VERSION': ENV['GO_VERSION'] || "1.21.0",
} }
sh.inline = <<~SHELL sh.inline = <<~SHELL
#!/usr/bin/env bash #!/usr/bin/env bash

2
contrib/Dockerfile.test
View File

@ -29,7 +29,7 @@
# docker run --privileged containerd-test # docker run --privileged containerd-test
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
ARG GOLANG_VERSION=1.20.7 ARG GOLANG_VERSION=1.21.0
ARG GOLANG_IMAGE=golang ARG GOLANG_IMAGE=golang
FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang

5
contrib/apparmor/apparmor.go
View File

@ -39,6 +39,11 @@ func WithProfile(profile string) oci.SpecOpts {
// WithDefaultProfile will generate a default apparmor profile under the provided name // WithDefaultProfile will generate a default apparmor profile under the provided name
// for the container. It is only generated if a profile under that name does not exist. // for the container. It is only generated if a profile under that name does not exist.
//
// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
// since Go 1.21.
//
//go:noinline
func WithDefaultProfile(name string) oci.SpecOpts { func WithDefaultProfile(name string) oci.SpecOpts {
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error { return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
if err := LoadDefaultProfile(name); err != nil { if err := LoadDefaultProfile(name); err != nil {

4
contrib/fuzz/oss_fuzz_build.sh
View File

@ -43,11 +43,11 @@ go run main.go $SRC/containerd/images
apt-get update && apt-get install -y wget apt-get update && apt-get install -y wget
cd $SRC cd $SRC
wget --quiet https://go.dev/dl/go1.19.5.linux-amd64.tar.gz wget --quiet https://go.dev/dl/go1.21.0.linux-amd64.tar.gz
mkdir temp-go mkdir temp-go
rm -rf /root/.go/* rm -rf /root/.go/*
tar -C temp-go/ -xzf go1.19.5.linux-amd64.tar.gz tar -C temp-go/ -xzf go1.21.0.linux-amd64.tar.gz
mv temp-go/go/* /root/.go/ mv temp-go/go/* /root/.go/
cd $SRC/containerd cd $SRC/containerd

10
contrib/seccomp/seccomp.go
View File

@ -30,6 +30,11 @@ import (
// WithProfile receives the name of a file stored on disk comprising a json // WithProfile receives the name of a file stored on disk comprising a json
// formatted seccomp profile, as specified by the opencontainers/runtime-spec. // formatted seccomp profile, as specified by the opencontainers/runtime-spec.
// The profile is read from the file, unmarshaled, and set to the spec. // The profile is read from the file, unmarshaled, and set to the spec.
//
// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
// since Go 1.21.
//
//go:noinline
func WithProfile(profile string) oci.SpecOpts { func WithProfile(profile string) oci.SpecOpts {
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error { return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
s.Linux.Seccomp = &specs.LinuxSeccomp{} s.Linux.Seccomp = &specs.LinuxSeccomp{}
@ -46,6 +51,11 @@ func WithProfile(profile string) oci.SpecOpts {
// WithDefaultProfile sets the default seccomp profile to the spec. // WithDefaultProfile sets the default seccomp profile to the spec.
// Note: must follow the setting of process capabilities // Note: must follow the setting of process capabilities
//
// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
// since Go 1.21.
//
//go:noinline
func WithDefaultProfile() oci.SpecOpts { func WithDefaultProfile() oci.SpecOpts {
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error { return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
s.Linux.Seccomp = DefaultProfile(s) s.Linux.Seccomp = DefaultProfile(s)

2
go.mod
View File

@ -1,6 +1,6 @@
module github.com/containerd/containerd module github.com/containerd/containerd
go 1.19 go 1.20
require ( require (
dario.cat/mergo v1.0.0 dario.cat/mergo v1.0.0

2
script/setup/prepare_env_windows.ps1
View File

@ -5,7 +5,7 @@
# lived test environment. # lived test environment.
Set-MpPreference -DisableRealtimeMonitoring:$true Set-MpPreference -DisableRealtimeMonitoring:$true
$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.20.7"; make = ""; nssm = "" } $PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.21.0"; make = ""; nssm = "" }
Write-Host "Downloading chocolatey package" Write-Host "Downloading chocolatey package"
curl.exe -L "https://packages.chocolatey.org/chocolatey.0.10.15.nupkg" -o 'c:\choco.zip' curl.exe -L "https://packages.chocolatey.org/chocolatey.0.10.15.nupkg" -o 'c:\choco.zip'