Add CRI release build

Add installation scripts needed to generate CRI + CNI tar package on
release.
Update Github action release script to generate CRI release tarballs for
Linux and Windows.

Signed-off-by: Derek McGowan <derek@mcg.dev>

script/setup/install-cni

@@ -22,8 +22,8 @@
 set -eu -o pipefail
 
 CNI_COMMIT=$(grep containernetworking/plugins "$GOPATH"/src/github.com/containerd/containerd/vendor.conf | awk '{print $2}')
-CNI_DIR=/opt/cni
-CNI_CONFIG_DIR=/etc/cni/net.d
+CNI_DIR=${DESTDIR:=''}/opt/cni
+CNI_CONFIG_DIR=${DESTDIR}/etc/cni/net.d
 
 go get -d github.com/containernetworking/plugins/...
 cd "$GOPATH"/src/github.com/containernetworking/plugins
@@ -32,7 +32,7 @@ FASTBUILD=true ./build.sh
 sudo mkdir -p $CNI_DIR
 sudo cp -r ./bin $CNI_DIR
 sudo mkdir -p $CNI_CONFIG_DIR
-cat <<EOF | sudo tee $CNI_CONFIG_DIR/10-containerd-net.conflist
+cat << EOF | sudo tee $CNI_CONFIG_DIR/10-containerd-net.conflist
 {
   "cniVersion": "0.3.1",
   "name": "containerd-net",
@@ -45,9 +45,17 @@ cat <<EOF | sudo tee $CNI_CONFIG_DIR/10-containerd-net.conflist
       "promiscMode": true,
       "ipam": {
         "type": "host-local",
-        "subnet": "10.88.0.0/16",
+        "ranges": [
+          [{
+            "subnet": "10.88.0.0/16"
+          }],
+          [{
+            "subnet": "2001:4860:4860::8888/32"
+          }]
+        ],
         "routes": [
-          { "dst": "0.0.0.0/0" }
+          { "dst": "0.0.0.0/0" },
+          { "dst": "::/0" }
         ]
       }
     },

script/setup/install-cni-windows

@@ -0,0 +1,97 @@
+#!/bin/bash
+
+#   Copyright The containerd Authors.
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+set -eu -o pipefail
+
+destdir="${destdir:-"C:\\Program Files\\containerd"}"
+WINCNI_BIN_DIR="${destdir}/cni"
+WINCNI_PKG=github.com/Microsoft/windows-container-networking
+WINCNI_VERSION=aa10a0b31e9f72937063436454def1760b858ee2
+
+go get -d "${WINCNI_PKG}/..."
+cd "${GOPATH}/src/${WINCNI_PKG}"
+git checkout "${WINCNI_VERSION}"
+make all
+install -D -m 755 "out/nat.exe" "${WINCNI_BIN_DIR}/nat.exe"
+install -D -m 755 "out/sdnbridge.exe" "${WINCNI_BIN_DIR}/sdnbridge.exe"
+install -D -m 755 "out/sdnoverlay.exe" "${WINCNI_BIN_DIR}/sdnoverlay.exe"
+
+CNI_CONFIG_DIR="${destdir}/cni/conf"
+mkdir -p "${CNI_CONFIG_DIR}"
+
+# split_ip splits ip into a 4-element array.
+split_ip() {
+  local -r varname="$1"
+  local -r ip="$2"
+  for i in {0..3}; do
+    eval "$varname"[$i]=$( echo "$ip" | cut -d '.' -f $((i + 1)) )
+  done
+}
+
+# subnet gets subnet for a gateway, e.g. 192.168.100.0/24.
+calculate_subnet() {
+  local -r gateway="$1"
+  local -r prefix_len="$2"
+  split_ip gateway_array "$gateway"
+  local len=$prefix_len
+  for i in {0..3}; do
+    if (( len >= 8 )); then
+      mask=255
+    elif (( len > 0 )); then
+      mask=$(( 256 - 2 ** ( 8 - len ) ))
+    else
+      mask=0
+    fi
+    (( len -= 8 ))
+    result_array[i]=$(( gateway_array[i] & mask ))
+  done
+  result="$(printf ".%s" "${result_array[@]}")"
+  result="${result:1}"
+  echo "$result/$((32 - prefix_len))"
+}
+
+# nat already exists on the Windows VM, the subnet and gateway
+# we specify should match that.
+gateway="$(powershell -c "(Get-NetIPAddress -InterfaceAlias 'vEthernet (nat)' -AddressFamily IPv4).IPAddress")"
+prefix_len="$(powershell -c "(Get-NetIPAddress -InterfaceAlias 'vEthernet (nat)' -AddressFamily IPv4).PrefixLength")"
+
+subnet="$(calculate_subnet "$gateway" "$prefix_len")"
+
+# The "name" field in the config is used as the underlying
+# network type right now (see
+# https://github.com/microsoft/windows-container-networking/pull/45),
+# so it must match a network type in:
+# https://docs.microsoft.com/en-us/windows-server/networking/technologies/hcn/hcn-json-document-schemas
+bash -c 'cat >"'"${CNI_CONFIG_DIR}"'"/0-containerd-nat.conf <<EOF
+{
+    "cniVersion": "0.2.0",
+    "name": "nat",
+    "type": "nat",
+    "master": "Ethernet",
+    "ipam": {
+        "subnet": "'$subnet'",
+        "routes": [
+            {
+                "GW": "'$gateway'"
+            }
+        ]
+    },
+    "capabilities": {
+        "portMappings": true,
+        "dns": true
+    }
+}
+EOF'

script/setup/install-critools

@@ -26,7 +26,7 @@ go get -d github.com/kubernetes-sigs/cri-tools/...
 cd "$GOPATH"/src/github.com/kubernetes-sigs/cri-tools
 git checkout $CRITEST_COMMIT
 make
-sudo make install
-cat << EOF | sudo tee /etc/crictl.yaml
+sudo make install -e BINDIR=${DESTDIR:=''}/usr/local/bin
+cat << EOF | sudo tee ${DESTDIR}/etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 EOF

script/setup/install-runc

@@ -27,7 +27,14 @@ function install_runc() {
 	cd "$GOPATH"/src/github.com/opencontainers/runc
 	git checkout $RUNC_COMMIT
 	make BUILDTAGS='apparmor seccomp selinux' runc
-	make install
+
+	USESUDO=${USESUDO:-false}
+	if ${USESUDO}; then
+	  SUDO='sudo -E'
+	else
+	  SUDO=''
+	fi
+	${SUDO} make install
 }
 
 function install_crun() {