Limit the scope of GITHUB_TOKEN to only have write access to packages
and read access to metadata. By default it seems to be granted access
equal to that of the github.actor that triggered the workflow, which
may include access to more than the workflow needs.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
This will help to reduce the amount of runc/libcontainer code that's used in
Moby / Docker Engine (in favor of using the containerd implementation).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This change adds a login step that authenticates the runner to
ghcr.io. This allows whomever triggers the action to use github
packages as a destination for the container images.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
This change skips the TestExportAndImportMultiLayer in integration/client
for the time being. It seems the image was updated recently and no longer
has a Windows entry in the manifest so the test will always fail. This should
be reverted when we figure out what happened to the image, but this is to
unblock PRs for the time being.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
This ports the changes of 95a59bf206
to this repository.
From that PR:
(mode&S_IFCHR == S_IFCHR) is the wrong way of checking the type of an
inode because the S_IF* bits are actually not a bitmask and instead must
be checked using S_IF*. This bug was neatly hidden behind a (major == 0)
sanity-check but that was removed by [1].
In addition, add a test that makes sure that HostDevices() doesn't give
rubbish results -- because we broke this and fixed this before[2].
[1]: 24388be71e ("configs: use different types for .Devices and .Resources.Devices")
[2]: 3ed492ad33 ("Handle non-devices correctly in DeviceFromPath")
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`dockerPusher` provides `pushWriter` which implements `content.Writer`.
However, even if `pushWriter` become abort status (i.e. `Close()` is called
before `Commit()`), `dockerPusher` doesn't recognise that status and treats that
writer as on-going.
This behaviour doesn't allow the client to retry an aborted push.
This commit fixes this issue.
This commit also adds an test to ensure that the issue is fixed.
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
* Adds Windows dockerfile for volume-ownership image
* Build volume-copy-up on Windows
* Adds a helper tool that fetches the owner username and SID of
a file or folder
* Adds README
* Remove 2004 from Windows versions
* Add ltsc2022 to Windows versions
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
This change adds a new workflow that builds the volume test images
and pushes them to a remote registry.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Following PR #6284, the Windows Periodic Workflow is prevented from
running on any repository outside of the original.
While this achieves the goal of preventing senseless Windows workflow
failures in contributors' forks, it makes running the workflow for
contributors (even manually) impossible.
This PR adds a separate workflow file which triggers the Windows
Integration workflow iff it is being run off of the original repository,
thus maintaining the upstream scheduling, while allowing contributors to
manually trigger the workflow on their forks if they so desire.
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
In the Windows CI's periodic runs the `azure/CLI` GitHub action library
is leveraged to run various Azure-related commands.
To avoid possible desyncing between the auth libraries of `azure/Login`
and `azure/CLI` as described
[here](https://github.com/Azure/cli/issues/56#issuecomment-958705517),
this patch neglects to pass an explicit `azcliversion` to `azure/CLI` in
order to have it default to the Azure CLI version set up by `azure/Login`.
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
When containerd use this config:
```
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5000"]
endpoint = ["http://localhost:5000"]
```
Due to the `newTransport` function does not initialize the `TLSClientConfig` field.
Then use `TLSClientConfig` to cause nil pointer dereference
Signed-off-by: wanglei <wllenyj@linux.alibaba.com>
