Previously the project-checks action was failing sometimes due to
hitting GitHub API rate limits. Since no token was supplied, the rate
limits were only 60 requests/hour keyed off the IP address of the
runner.
Now, passing GITHUB_TOKEN secret through to project-checks, we have a
limit of 1000 requests/hour for the whole repo. This should alleviate
the rate limits that were being seen.
I believe it is safe to pass this secret as project-checks is also owned
by the containerd organization. The secret is also scoped to the actions
run, and is invalidated upon completion.
project-checks version is also updated to the version that supports
repo-access-token input.
Signed-off-by: Kevin Parsons <kevpar@microsoft.com>
This adds in a simple flag to control what platform the spec it generates
is for. Useful to easily get a glance at whats the default across platforms.
Signed-off-by: Danny Canter <danny@dcantah.dev>
Provides a couple helper functions that provide a background context for
running cleanup jobs while preserving the original context values.
The new contexts will not inherit the errors or cancellations.
Signed-off-by: Derek McGowan <derek@mcg.dev>
The name of the GID 65534 differs across distros.
("nogroup" on Debian derivatives, "nobody" on Red Hat derivatives)
Fix the following test failure:
```
=== RUN TestVolumeOwnership
volume_copy_up_test.go:103: Create a sandbox
main_test.go:667: Pull test image "ghcr.io/containerd/volume-ownership:2.1"
volume_copy_up_test.go:108: Create a container with volume-ownership test image
volume_copy_up_test.go:117: Start the container
volume_copy_up_test.go:125: Check ownership of test directory inside container
volume_copy_up_test.go:146: Check ownership of test directory on the host
volume_copy_up_test.go:153:
Error Trace: /root/go/src/github.com/containerd/containerd/volume_copy_up_test.go:153
Error: Not equal:
expected: "nobody:nogroup\n"
actual : "nobody:nobody\n"
Diff:
--- Expected
+++ Actual
@@ -1,2 +1,2 @@
-nobody:nogroup
+nobody:nobody
Test: TestVolumeOwnership
--- FAIL: TestVolumeOwnership (3.45s)
```
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
For ease of running the entire tests locally
```
cd contrib
docker build -t containerd-test -f Dockerfile.test --target integration ..
docker run --privileged containerd-test
docker build -t containerd-test -f Dockerfile.test --target cri-integration ..
docker run --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0 containerd-test
docker build -t containerd-test -f Dockerfile.test --target critest ..
docker run --privileged --sysctl net.ipv6.conf.all.disable_ipv6=0 containerd-test
```
Tested on Ubuntu 22.10 (amd64, cgroup v2).
Known issues:
- cri-integration and critest: require `--sysctl net.ipv6.conf.all.disable_ipv6=0` to avoid
errors like `failed to set bridge addr: could not add IP address to "cni0": permission denied`
- critest: Often fails due to Docker Hub rate limits. Fix is coming in kubernetes-sigs/cri-tools PR 1053
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Fix the following error with VirtualBox:
```
VirtualBox Provider:
* The following settings shouldn't exist: disk
```
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Comments in initPlatform for Windows states that the options were
Linux specific. Additionally properly wrap an error after trying
to setup CDI on Linux.
Signed-off-by: Danny Canter <danny@dcantah.dev>
The sandbox and container both have the userns config. Lets make sure
they are the same, therefore consistent.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Currently we require that c.containerSpec() does not return an error
if test.err is not set.
However, if the require fails (i.e. it indeed returned an error) the
rest of the code is executed anyways. The rest of the code assumes it
did not return an error (so code assumes spec is not nil). This fails
miserably if it indeed returned an error, as spec is nil and go crashes
while running the unit tests.
Let's require it is not an error, so code does not continue to execute
if that fails and go doesn't crash.
In the test.err case is not harmful the bug of using assert, but let's
switch it to require too as that is what we really want.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
