```bash
curl -s https://mirror.gcr.io//v2/library/busybox/tags/list | jq '[.tags ]'
[
[
"1.26.2",
"1.27.2",
"1.28",
"1.29",
"1.29.2",
"1.30",
"1.30.1",
"1.31",
"1.31.0",
"1.31.1",
"1.32.0"
]
]
```
The latest is gone. I think we should setup image in github container
registry for CI if possible.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
The shim.SetScore() utility was no longer used since 7dfc605fc6.
Checking for uses outside of this repository, I found only one external use of
this in gVisor; a9441aea27/pkg/shim/service.go (L262-L264)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
SetOOMScore requires both privileged (root) and non-user namespace,
for negative values, so adjust the pre-conditions accordingly.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These are currently only used inside this package, so we might
as well un-export them until we need them elsewhere.
Also updated SetOOMScore() to first check for privileged; check for privileged
looks to be the "faster" path, and checking it first could (in case of non-
privileged) save having to read and parse /proc/self/uid_map.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Move `pkg/cri/opts.WithoutRunMount` function to `oci.WithoutRunMount`
so that it can be used without dependency on CRI.
Also add `oci.WithoutMounts(dests ...string)` for generality.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The `(dockerPusher).Push` method uses a `StatusTracker` to check if an
upload already happened, before repeating the upload. However, there is
no provision for failure handling. If a PUT request returns an error,
the `StatusTracker` will still see the upload as if it happened
successfully. Add a status boolean so that only successful uploads
short-circuit `Push`.
Signed-off-by: Aaron Lehmann <alehmann@netflix.com>
cri-tools is hardcoded to use images which are broken
within their registry. Disable the tests to unblock
CI until fixed.
Signed-off-by: Derek McGowan <derek@mcg.dev>
This allows a pusher to be used for more than one tag without creating a
new resolver/pusher. The current implementation checks the ref key
tracker status based on type and hash and will skip the push even if the
repository reference is unique.
Signed-off-by: Phil Estes <estesp@amazon.com>
This allows us to dig more details out of test runs and maintain a
better history.
For this we can use `gotestsum`, which is a utility that wraps `go test`
so that it outputs test2json (go's format) and output junit (a format
more easily imported into other systems).
The PR makes it possible to override the Makefile's use of `go test` to
use any other command tto executet the test. For CI we'll use `gotestsum
--`, where `gotestsum` expects everything after the `--` to be flags for
`go test`.
We then use environment variables to configure `gotestsum` (e.g.
`GOTESTSUM_JUNITFILE` is an env var accepted by `gotestsum`).
For cri tests, the test suite supports outputing test results to a
directory, these are in junit format already. The file is not named
properly just because the code that creates it (in ginkgo) is not
configured well. We can fix that upstream to give us a better name...
until then I'm keeping those results in a separate dir.
A second workflow is also added so the test results can be summed up and
a report added to the workflow run. The 2nd workflow is required for
this since PR runs do not have access to do some of this due to safety
reasons
(https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Currently, `image.GetDiffID` cannot calculate DiffID of zstd layers because it
directly uses `compress/gzip` decompressor.
This commit fixes this issue by using the generic decompressor.
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
