This patch makes the Windows Integration GitHub workflow conditionally
execute the CI artifact upload to GCP on successful runs iff the GitHub
secrets containing the GCP access info are defined.
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
This change adds the following:
* Default paths to REPORT_DIR, CONTAINERD_STATE and
CONTAINERD_ROOT for Windows
* Removes the need for nssm on Windows. The nssm service
has issues dealing with paths that contain spaces. Also, the
containerd binary is perfectly capable of registering itself
as a service in Windows, and Windows itself can take care of
any failure handling of the service. NSSM is useful for binaries
that do not have any kind of Windows service logic built into
them. That is not the case of containerd.
* Use wrapper functions that run containerd, ctr and criclt
with properly quoted paths to pipes, sockets, state and root dirs.
Currently, if the state and root dirs contain spaces in them, the
command line flags on both Windows and Linux are not properly set.
The wrapper functions will allow us to use the readiness_check
and keepalive functions to retry the commands, while properly
quoting the paths and avoiding eval.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Considering Windows 2004's EoL on the 14th of December, 2021,
this PR removes all periodic integration testing for 2004.
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
As like other integration tests, Windows integration tests should not
fail-fast. So developers can see whether an issue is platform-specific
or not.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
GA for ws2022 github actions VMs launched a couple weeks ago so seems like
it's time to try out the CI on this new SKU.
This involved adding new ws2022 runs for the OS matrices in the CI, fixing up
a test in the platforms package and adding a mapping for the ws2022 container image in
integration/client.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
With the ghcr images now built and working, switch over to
use these new images and update the default name.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Limit the scope of GITHUB_TOKEN to only have write access to packages
and read access to metadata. By default it seems to be granted access
equal to that of the github.actor that triggered the workflow, which
may include access to more than the workflow needs.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
This change adds a login step that authenticates the runner to
ghcr.io. This allows whomever triggers the action to use github
packages as a destination for the container images.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
This change adds a new workflow that builds the volume test images
and pushes them to a remote registry.
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
Following PR #6284, the Windows Periodic Workflow is prevented from
running on any repository outside of the original.
While this achieves the goal of preventing senseless Windows workflow
failures in contributors' forks, it makes running the workflow for
contributors (even manually) impossible.
This PR adds a separate workflow file which triggers the Windows
Integration workflow iff it is being run off of the original repository,
thus maintaining the upstream scheduling, while allowing contributors to
manually trigger the workflow on their forks if they so desire.
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
In the Windows CI's periodic runs the `azure/CLI` GitHub action library
is leveraged to run various Azure-related commands.
To avoid possible desyncing between the auth libraries of `azure/Login`
and `azure/CLI` as described
[here](https://github.com/Azure/cli/issues/56#issuecomment-958705517),
this patch neglects to pass an explicit `azcliversion` to `azure/CLI` in
order to have it default to the Azure CLI version set up by `azure/Login`.
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
This moves all the release builds into a Dockerfile which is a bit
cleaner for setting up our build environment.
Non-linux/amd64 builds are cross-compiled.
Currently onlinux linux/amd64, linux/arm64, and windows/amd64 are
supported, but is easy to add more, provided their is a cross-compile
toolchain available for it.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
go1.17.3 (released 2021-11-04) includes security fixes to the archive/zip and
debug/macho packages, as well as bug fixes to the compiler, linker, runtime, the
go command, the misc/wasm directory, and to the net/http and syscall packages.
See the Go 1.17.3 milestone on our issue tracker for details.
From the announcement e-mail:
[security] Go 1.17.3 and Go 1.16.10 are released
We have just released Go versions 1.17.3 and 1.16.10, minor point releases.
These minor releases include two security fixes following the security policy:
- archive/zip: don't panic on (*Reader).Open
Reader.Open (the API implementing io/fs.FS introduced in Go 1.16) can be made
to panic by an attacker providing either a crafted ZIP archive containing
completely invalid names or an empty filename argument.
Thank you to Colin Arnott, SiteHost and Noah Santschi-Cooney, Sourcegraph Code
Intelligence Team for reporting this issue. This is CVE-2021-41772 and Go issue
golang.org/issue/48085.
- debug/macho: invalid dynamic symbol table command can cause panic
Malformed binaries parsed using Open or OpenFat can cause a panic when calling
ImportedSymbols, due to an out-of-bounds slice operation.
Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this
issue. This is CVE-2021-41771 and Go issue golang.org/issue/48990.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The latest version of AZ CLI breaks the windows-periodic workflow.
See:
https://github.com/Azure/cli/issues/56
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
go1.17.2 (released 2021-10-07) includes a security fix to the linker and misc/wasm
directory, as well as bug fixes to the compiler, the runtime, the go command, and
to the time and text/template packages. See the Go 1.17.2 milestone on our issue
tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.17.2+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Allow overwriting the target tag to support mirror images from multiple
sources under our single namespace.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Some extra steps were added for WS2022 in accordance with
the published image on Azure:
- Install Container Feature & reboot VM
- Create NAT network
Temporarily we skip critest steps for WS2022 until all test images
are updated in that project.
Signed-off-by: Adelina Tuvenie <atuvenie@cloudbasesolutions.com>
Go 1.17 go mod download step (used to handle the separate integration
go.mod) seems to do a lot more work/validation than prior Go releases,
requiring more time for integration runs.
Signed-off-by: Phil Estes <estesp@amazon.com>
go1.16.7 (released 2021-08-05) includes a security fix to the net/http/httputil
package, as well as bug fixes to the compiler, the linker, the runtime, the go
command, and the net/http package. See the Go 1.16.7 milestone on the issue
tracker for details:
https://github.com/golang/go/issues?q=milestone%3AGo1.16.7+label%3ACherryPickApproved
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
