Since both cri-containerd and runC runtime are widely used, the relevent
information should include runC and CRI configuration when file bug.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
The CI host was probably updated recently and the permission bits of the
directory was changed.
Fix 5077
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
We have enough failures these days; getting timed out when tests are
almost done is the last thing we need :)
On avg. the Linux integration tests are taking 15-17 min, but sometimes
they end up at 20 or a bit over and get canceled. I've seen rare cases
where the Vagrant setup+build+test runs gets very close to 40 min as
well.
Signed-off-by: Phil Estes <estesp@amazon.com>
https://github.com/actions/setup-go/tree/v2.1.3#v2
The V2 offers:
- Adds GOBIN to the PATH
- Proxy Support
- stable input
- Bug Fixes (including issues around version matching and semver)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
download.fedoraproject.org gives HTTP 404 at times,
breaking the CI. Let's give it another chance.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add `.github/ISSUE_TEMPLATE/config.yml` to clarify where is the right place (in the most cases) to ask questions.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
CI was timing out after 15 minutes on the crun tests; extending
the timeout to 20 minutes (we can make it shorter again if we know
the exact time it takes to run)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Noticed this in the CI output:
Requested golangci-lint 'v1.29', using 'v1.29.0', calculation took 7969ms
Installing golangci-lint v1.29.0...
Downloading https://github.com/golangci/golangci-lint/releases/download/v1.29.0/golangci-lint-1.29.0-darwin-amd64.tar.gz ...
Using nearly 8 seconds to convert v1.29 to v1.29.0 seems a bit long,
so hard-coding to the full version to speedup CI somewhat.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
With container-selinux policy updated to 2.145+ (the default for Fedora 32+) we
can enable SELinux=Enforcing mode in the CI workflow and pass all integration
and CRI tests except one, see https://github.com/containerd/containerd/issues/4460,
which has been marked as skipped.
Tested locally with:
- SELINUX=Enforcing vagrant up --provision-with=shell,selinux,test-integration
- SELINUX=Enforcing vagrant up --provision-with=shell,selinux,test-cri
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
These checks had to be disabled to get the CRI merge completed.
Now these should be added back.
After CRI merge, more time for lint is needed on mac.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Add installation scripts needed to generate CRI + CNI tar package on
release.
Update Github action release script to generate CRI release tarballs for
Linux and Windows.
Signed-off-by: Derek McGowan <derek@mcg.dev>
`vagrant up` will build and install containerd and all dependencies,
setting up proper SELinux contexts on the runc and containerd binaries.
The VM is configured to be SELinux Enforcing by default but this gets
changed during various CI passes via a matrix param to Disabled and
Permissive before running tests. I have an open PR to fix the
container-selinux policy for containerd at
https://github.com/containers/container-selinux/pull/98 which once
accepted we will want to update the CI matrix to use Enforcing mode
instead of Permissive.
All tests currently pass in SELinux permissive mode with containerd
configured with `enable_selinux=true`. To see which tests are failing
with SELinux enforcing and an already spun up VM:
`SELINUX=Enforcing vagrant up --provision-with=selinux,test-cri`
To test SELinux enforcing in a new VM:
`vagrant destroy -force; SELINUX=Enforcing vagrant up --provision-with=shell,selinux,test-cri`
The `selinux` shell provisioner, parameterized by the SELINUX envvar,
will configure the system as you would expect, with the side effect that
containerd is configured with `enable_selinux=true` via
`/etc/containerd/config.toml` for Permissive or Enforcing modes and
`enable_selinux=false` when SELINUX=Disabled.
Provided that virtualization is suported, this Vagrantfile and provisioners
make it easy to test containerd/cri for conformance under SELinux on
non-SELinux systems.
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
