From 2d3360ec71d01c877cda15a532ee605bc4181b24 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Sat, 5 Aug 2023 17:12:43 +0900 Subject: [PATCH] CI: move Vagrant tests to GitHub Actions (larger runners) We have been using Cirrus CI for running vagrant workloads as the standard runners of GHA lacks nested virtualization, but it looks like GHA with the "larger" runners support nested virtualization. Signed-off-by: Akihiro Suda --- .cirrus.yml | 82 ---------------------------------------- .github/workflows/ci.yml | 69 +++++++++++++++++++++++++++++++++ Vagrantfile | 25 ------------ 3 files changed, 69 insertions(+), 107 deletions(-) delete mode 100644 .cirrus.yml diff --git a/.cirrus.yml b/.cirrus.yml deleted file mode 100644 index db7d2dd91..000000000 --- a/.cirrus.yml +++ /dev/null @@ -1,82 +0,0 @@ -# Cirrus CI gives open-source projects free 16.0 CPUs, -# we use 4 CPUs x 3 tasks = 12 CPUs. -# https://cirrus-ci.org/faq/#are-there-any-limits -# -# Undocumented constraints; -# - The maximum memory limit is 4G times the number of CPUs. -# - The number of CPUs should be multiple of 2. - -task: - name: Vagrant - - compute_engine_instance: - image_project: cirrus-images - image: family/docker-kvm - platform: linux - nested_virtualization: true - cpu: 4 - memory: 16G - - env: - GOTEST: gotestsum -- - # By default, Cirrus CI doesn't have HOME defined - HOME: /root - matrix: - BOX: fedora/37-cloud-base - # v7.0.0 does not boot. v6.0.0 was not released. - BOX: rockylinux/8@5.0.0 - install_libvirt_vagrant_script: | - # if another process is keeping a lock, wait for 60 seconds for it to release the lock. - apt-get -o DPkg::Lock::Timeout=60 update - apt-get -o DPkg::Lock::Timeout=60 install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt - systemctl enable --now libvirtd - - vagrant_cache: - folder: /root/.vagrant.d - fingerprint_script: uname --kernel-release --kernel-version && cat Vagrantfile - - vagrant_up_script: | - vagrant up --no-tty - - integration_script: | - vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-integration - - cri_integration_script: | - vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri-integration - - cri_test_script: | - vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri - -task: - name: CGroupsV2 - rootless CRI test - - env: - HOME: /root - - compute_engine_instance: - image_project: cirrus-images - image: family/docker-kvm - platform: linux - nested_virtualization: true - cpu: 4 - memory: 16G - - install_libvirt_vagrant_script: | - # if another process is keeping a lock, wait for 60 seconds for it to release the lock. - apt-get -o DPkg::Lock::Timeout=60 update - apt-get -o DPkg::Lock::Timeout=60 install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt - systemctl enable --now libvirtd - - vagrant_cache: - folder: /root/.vagrant.d - fingerprint_script: uname -a; cat Vagrantfile - - vagrant_up_script: | - vagrant up --provision-with=install-rootless-podman --no-tty - - podman_build_script: | - # Execute rootless podman to create the UserNS env - vagrant ssh -- podman build --target cri-in-userns -t cri-in-userns -f /vagrant/contrib/Dockerfile.test /vagrant - - test_script: | - vagrant ssh -- podman run --rm --privileged cri-in-userns diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 043caab57..714bbeeea 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -518,6 +518,75 @@ jobs: ${{github.workspace}}/report/*.xml ${{github.workspace}}/report/*.log + integration-vagrant: + name: Vagrant integration + # "Larger" runner is needed for nested virtualization + # https://github.com/organizations/containerd/settings/actions/runners + runs-on: ubuntu-latest-4-cores + timeout-minutes: 60 + needs: [project, linters, protos, man] + + strategy: + fail-fast: false + matrix: + box: + - fedora/37-cloud-base + # v7.0.0 does not boot. v6.0.0 was not released. + - rockylinux/8@5.0.0 + env: + BOX: ${{ matrix.box }} + + steps: + - name: Show the host info + run: | + set -x + uname -a + cat /etc/os-release + cat /proc/cpuinfo + free -mt + - uses: actions/checkout@v3 + - uses: actions/cache@v3 + with: + path: /root/.vagrant.d + key: vagrant-${{ matrix.box }} + - name: Set up vagrant + run: | + sudo apt-get update + sudo apt-get install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt + sudo systemctl enable --now libvirtd + - name: Boot VM + run: sudo BOX=$BOX vagrant up --no-tty + - name: test-integration + run: sudo BOX=$BOX vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-integration + - name: test-cri-integration + run: sudo BOX=$BOX vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri-integration + - name: test-cri + run: sudo BOX=$BOX vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri + + tests-cri-in-userns: + name: "CRI-in-UserNS" + + runs-on: ubuntu-22.04 + timeout-minutes: 40 + needs: [project, linters, protos, man] + + steps: + - uses: actions/checkout@v3 + - name: Set up cgroup v2 delegation + run: | + sudo mkdir -p /etc/systemd/system/user@.service.d + cat < /etc/systemd/system/user@.service.d/delegate.conf << EOF -[Service] -Delegate=yes -EOF - systemctl daemon-reload - # Install Podman - dnf install -y podman - # Configure Podman to resolve `golang` to `docker.io/library/golang` - mkdir -p /etc/containers - cat > /etc/containers/registries.conf <