For some reason the Linux CI runs end up using go 1.15.14 instead of 1.16.6 for
the Windows runs, or any of the other CI steps. Not sure if this is due to
the linter installing it's own version of go or something else.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
We no longer would need go 1.13.x for moby/containerd compatibility with
containerd moving to 1.16.x
Signed-off-by: Alakesh Haloi <alakeshh@amazon.com>
The current latest version of CRIU is 3.15 and soon will be released
3.16. If CRIU is installed from PPA it would always test with the
latest released version.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
- ensure that the root go.mod and the module specific go.mod have the
same `require` and `replace` directives for different dependencies.
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
In containerd 1.5.x, we introduced support for go modules by adding a
go.mod file in the root directory. This go.mod lists all the things
needed across the whole code base (with the exception of
integration/client which has its own go.mod). So when projects that
need to make calls to containerd API will pull in some code from
containerd/containerd, the `go mod` commands will add all the things
listed in the root go.mod to the projects go.mod file. This causes
some problems as the list of things needed to make a simple API call
is enormous. in effect, making a API call will pull everything that a
typical server needs as well as the root go.mod is all encompassing.
In general if we had smaller things folks could use, that will make it
easier by reducing the number of things that will end up in a consumers
go.mod file.
Now coming to a specific problem, the root containerd go.mod has various
k8s.io/* modules listed. Also kubernetes depends on containerd indirectly
via both moby/moby (working with docker maintainers seperately) and via
google/cadvisor. So when the kubernetes maintainers try to use latest
1.5.x containerd, they will see the kubernetes go.mod ending up depending
on the older version of kubernetes!
So if we can expose just the minimum things needed to make a client API
call then projects like cadvisor can adopt that instead of pulling in
the entire go.mod from containerd. Looking at the existing code in
cadvisor the minimum things needed would be the api/ directory from
containerd. Please see proof of concept here:
github.com/google/cadvisor/pull/2908
To enable that, in this PR, we add a go.mod file in api/ directory. we
split the Protobuild.yaml into two, one for just the things in api/
directory and the rest in the root directory. We adjust various targets
to build things correctly using `protobuild` and also ensure that we
end up with the same generated code as before as well. To ensure we
better take care of the various go.mod/go.sum files, we update the
existing `make vendor` and also add a new `make verify-vendor` that one
can run locally as well in the CI.
Ideally, we would have a `containerd/client` either as a standalone repo
or within `containerd/containerd` as a separate go module. but we will
start here to experiment with a standalone api go module first.
Also there are various follow ups we can do, for example @thaJeztah has
identified two tasks we could do after this PR lands:
github.com/containerd/containerd/pull/5716#discussion_r668821396
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.0...v2.0.1
- Fix handling multiple definition descriptions
- Fix inline markup causing table cells to split
- Remove escaping tilde character (prevents tildes (`~`) from disappearing).
- Do not escape dash, underscore, and ampersand (prevents ampersands (`&`) from disappearing).
- Ignore unknown HTML tags to prevent noisy warnings
Note that this only updates the binaries we install. The vendor code also
includes go-md2man (as indirect dependency of urfave/cli). I don't think we use that
feature, so I did not add it to our go.mod
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `cri-in-userns` stage is for testing "CRI-in-UserNS", which should be used in conjunction with "Kubelet-in-UserNS":
https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2033-kubelet-in-userns-aka-rootless
This feature is mostly expected to be used for `kind` and `minikube`.
Requires Rootless Docker/Podman/nerdctl with cgroup v2 delegation: https://rootlesscontaine.rs/getting-started/common/cgroup2/
(Rootless Docker/Podman/nerdctl prepares the UserNS, so we do not need to create UserNS by ourselves)
Usage:
```
podman build --target cri-in-userns -t cri-in-userns -f contrib/Dockerfile.test .
podman run -it --rm --privileged cri-in-userns
```
The stage is tested on CI with Rootless Podman on Fedora 34 on Vagrant.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Due to a change in Go, the go.mod file cannot declare a version of Go
above the installed `go version`; until the default Go version in GitHub
actions virt environments is 1.16, we have to install 1.16 before
running the project checks now.
Signed-off-by: Phil Estes <estesp@amazon.com>
Using `-E` preserves environment variables, except for PATH, so PATH has to be
manually set to match the current environment.
I removed env-vars that were redundant (such as `GOPATH=$GOPATH`), which should
be handled by `-E`.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
cri-tools is hardcoded to use images which are broken
within their registry. Disable the tests to unblock
CI until fixed.
Signed-off-by: Derek McGowan <derek@mcg.dev>
This allows us to dig more details out of test runs and maintain a
better history.
For this we can use `gotestsum`, which is a utility that wraps `go test`
so that it outputs test2json (go's format) and output junit (a format
more easily imported into other systems).
The PR makes it possible to override the Makefile's use of `go test` to
use any other command tto executet the test. For CI we'll use `gotestsum
--`, where `gotestsum` expects everything after the `--` to be flags for
`go test`.
We then use environment variables to configure `gotestsum` (e.g.
`GOTESTSUM_JUNITFILE` is an env var accepted by `gotestsum`).
For cri tests, the test suite supports outputing test results to a
directory, these are in junit format already. The file is not named
properly just because the code that creates it (in ginkgo) is not
configured well. We can fix that upstream to give us a better name...
until then I'm keeping those results in a separate dir.
A second workflow is also added so the test results can be summed up and
a report added to the workflow run. The 2nd workflow is required for
this since PR runs do not have access to do some of this due to safety
reasons
(https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Though we don't officially support Apple platform, we should
at least run unit tests to make sure things are not broken.
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
The integration test times have slightly increased and are often
hitting the 25 minutes timeout. This increases to give more room
but still keeps it low enough to catch regressions in tests
causing longer than expected execution.
Signed-off-by: Derek McGowan <derek@mcg.dev>
While the issue hasn't been fixed in the kernel yet, we can workaround
the issue by not using overlayfs snapshotter.
The newly added step runs all tests that match /TestCheckpoint/.
So, TestCRWithImagePath has been renamed to match the regexp.
Fixes#3930.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
To investigate issues like #4969, it would be helpful to understand
the status of the VM at the end.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
Without a name the logs use a carriage return followed by the long
comment as the name of the job step which is messy when working with the
actions API/logs.
Signed-off-by: Phil Estes <estesp@amazon.com>
Since both cri-containerd and runC runtime are widely used, the relevent
information should include runC and CRI configuration when file bug.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
The CI host was probably updated recently and the permission bits of the
directory was changed.
Fix 5077
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
We have enough failures these days; getting timed out when tests are
almost done is the last thing we need :)
On avg. the Linux integration tests are taking 15-17 min, but sometimes
they end up at 20 or a bit over and get canceled. I've seen rare cases
where the Vagrant setup+build+test runs gets very close to 40 min as
well.
Signed-off-by: Phil Estes <estesp@amazon.com>
https://github.com/actions/setup-go/tree/v2.1.3#v2
The V2 offers:
- Adds GOBIN to the PATH
- Proxy Support
- stable input
- Bug Fixes (including issues around version matching and semver)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
download.fedoraproject.org gives HTTP 404 at times,
breaking the CI. Let's give it another chance.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add `.github/ISSUE_TEMPLATE/config.yml` to clarify where is the right place (in the most cases) to ask questions.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
CI was timing out after 15 minutes on the crun tests; extending
the timeout to 20 minutes (we can make it shorter again if we know
the exact time it takes to run)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Noticed this in the CI output:
Requested golangci-lint 'v1.29', using 'v1.29.0', calculation took 7969ms
Installing golangci-lint v1.29.0...
Downloading https://github.com/golangci/golangci-lint/releases/download/v1.29.0/golangci-lint-1.29.0-darwin-amd64.tar.gz ...
Using nearly 8 seconds to convert v1.29 to v1.29.0 seems a bit long,
so hard-coding to the full version to speedup CI somewhat.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
With container-selinux policy updated to 2.145+ (the default for Fedora 32+) we
can enable SELinux=Enforcing mode in the CI workflow and pass all integration
and CRI tests except one, see https://github.com/containerd/containerd/issues/4460,
which has been marked as skipped.
Tested locally with:
- SELINUX=Enforcing vagrant up --provision-with=shell,selinux,test-integration
- SELINUX=Enforcing vagrant up --provision-with=shell,selinux,test-cri
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
These checks had to be disabled to get the CRI merge completed.
Now these should be added back.
After CRI merge, more time for lint is needed on mac.
Signed-off-by: Derek McGowan <derek@mcg.dev>
