name: CI on: push: branches: - main - 'release/**' pull_request: branches: - main - 'release/**' jobs: # # golangci-lint # linters: name: Linters runs-on: ${{ matrix.os }} timeout-minutes: 10 strategy: matrix: go-version: [1.17.3] os: [ubuntu-18.04, macos-10.15, windows-2019] steps: - uses: actions/setup-go@v2 with: go-version: ${{ matrix.go-version }} - uses: actions/checkout@v2 - uses: golangci/golangci-lint-action@v2 with: version: v1.42.0 args: --timeout=5m skip-go-installation: true # # Project checks # project: name: Project Checks runs-on: ubuntu-18.04 timeout-minutes: 5 steps: - uses: actions/setup-go@v2 with: go-version: '1.17.3' - uses: actions/checkout@v2 with: path: src/github.com/containerd/containerd fetch-depth: 100 - uses: containerd/project-checks@v1 with: working-directory: src/github.com/containerd/containerd - name: verify go modules and vendor directory run: | sudo apt-get install -y jq make verify-vendor working-directory: src/github.com/containerd/containerd # # Protobuf checks # protos: name: Protobuf runs-on: ubuntu-18.04 timeout-minutes: 5 defaults: run: working-directory: src/github.com/containerd/containerd steps: - uses: actions/setup-go@v2 with: go-version: '1.17.3' - uses: actions/checkout@v2 with: path: src/github.com/containerd/containerd - name: Set env shell: bash run: | echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV echo "GO111MODULE=off" >> $GITHUB_ENV echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - name: Install protobuf run: | sudo -E PATH=$PATH script/setup/install-protobuf sudo chmod +x /usr/local/bin/protoc sudo chmod og+rx /usr/local/include/google /usr/local/include/google/protobuf /usr/local/include/google/protobuf/compiler sudo chmod -R og+r /usr/local/include/google/protobuf/ protoc --version - run: script/setup/install-dev-tools - run: make proto-fmt - run: make check-protos check-api-descriptors man: name: Manpages runs-on: ubuntu-18.04 timeout-minutes: 5 steps: - uses: actions/setup-go@v2 with: go-version: '1.17.3' - uses: actions/checkout@v2 - run: go get github.com/cpuguy83/go-md2man/v2@v2.0.1 - run: make man # Make sure binaries compile with other platforms crossbuild: name: Crossbuild Binaries needs: [project, linters, protos, man] runs-on: ubuntu-18.04 timeout-minutes: 10 strategy: fail-fast: false matrix: include: - goos: linux goarch: arm64 - goos: linux goarch: arm goarm: "7" - goos: linux goarch: arm goarm: "5" - goos: freebsd goarch: amd64 - goos: freebsd goarch: arm64 - goos: windows goarch: arm goarm: "7" steps: - uses: actions/setup-go@v2 with: go-version: '1.17.3' - uses: actions/checkout@v2 - run: | set -e -x packages="" platform="${{matrix.goos}}/${{matrix.goarch}}" if [ -n "${{matrix.goarm}}" ]; then platform+="/v${{matrix.goarm}}" fi case "${platform}" in linux/arm/v5) packages+=" crossbuild-essential-armel" echo "CGO_ENABLED=1" >> $GITHUB_ENV echo "CC=arm-linux-gnueabi-gcc" >> $GITHUB_ENV ;; linux/arm/v7) packages+=" crossbuild-essential-armhf" echo "CGO_ENABLED=1" >> $GITHUB_ENV echo "CC=arm-linux-gnueabihf-gcc" >> $GITHUB_ENV ;; linux/arm64) packages+=" crossbuild-essential-arm64" echo "CGO_ENABLED=1" >> $GITHUB_ENV echo "CC=aarch64-linux-gnu-gcc" >> $GITHUB_ENV ;; windows/arm/v7) echo "CGO_ENABLED=0" >> $GITHUB_ENV ;; esac if [ -n "${packages}" ]; then sudo apt-get update && sudo apt-get install -y ${packages} fi name: Install deps - name: Build env: GOOS: ${{matrix.goos}} GOARCH: ${{matrix.goarch}} GOARM: ${{matrix.goarm}} run: | make build make binaries # # Build containerd binaries # binaries: name: Binaries runs-on: ${{ matrix.os }} timeout-minutes: 10 needs: [project, linters, protos, man] strategy: matrix: os: [ubuntu-18.04, macos-10.15, windows-2019] go-version: ['1.17.3'] steps: - uses: actions/setup-go@v2 with: go-version: ${{ matrix.go-version }} - name: Set env shell: bash run: | echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - uses: actions/checkout@v2 with: path: src/github.com/containerd/containerd - name: Make run: | make build make binaries working-directory: src/github.com/containerd/containerd # # Integration and CRI tests # integration-windows: name: Windows Integration runs-on: windows-2019 timeout-minutes: 35 needs: [project, linters, protos, man] env: GOTEST: gotestsum -- defaults: run: shell: bash working-directory: src/github.com/containerd/containerd steps: - uses: actions/setup-go@v2 with: go-version: '1.17.3' - uses: actions/checkout@v2 with: path: src/github.com/containerd/containerd - uses: actions/checkout@v2 with: repository: Microsoft/hcsshim path: src/github.com/Microsoft/hcsshim - name: Set env run: | echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV echo "${{ github.workspace }}/bin" >> $GITHUB_PATH echo "${{ github.workspace }}/src/github.com/containerd/containerd/bin" >> $GITHUB_PATH - run: script/setup/install-dev-tools - name: Binaries env: CGO_ENABLED: 1 run: | set -o xtrace mingw32-make.exe binaries bindir="$(pwd)" SHIM_COMMIT=$(grep 'Microsoft/hcsshim ' go.mod | awk '{print $2}') cd ../../Microsoft/hcsshim git fetch --tags origin "${SHIM_COMMIT}" git checkout "${SHIM_COMMIT}" GO111MODULE=on go build -mod=vendor -o "${bindir}/integration/client/containerd-shim-runhcs-v1.exe" ./cmd/containerd-shim-runhcs-v1 - run: script/setup/install-gotestsum - name: Tests env: CGO_ENABLED: 1 GOTESTSUM_JUNITFILE: ${{github.workspace}}/test-unit-root.xml run: mingw32-make.exe test root-test - name: Integration 1 env: CGO_ENABLED: 1 GOTESTSUM_JUNITFILE: ${{github.workspace}}/test-integration-serial-junit.xml run: mingw32-make.exe integration # Run the integration suite a second time. See discussion in github.com/containerd/containerd/pull/1759 - name: Integration 2 env: TESTFLAGS_PARALLEL: 1 CGO_ENABLED: 1 GOTESTSUM_JUNITFILE: ${{github.workspace}}/test-integration-parallel-junit.xml run: mingw32-make.exe integration - uses: actions/upload-artifact@v2 if: always() with: name: TestResults Windows path: | ${{github.workspace}}/*-junit.xml integration-linux: name: Linux Integration runs-on: ubuntu-18.04 timeout-minutes: 40 needs: [project, linters, protos, man] strategy: fail-fast: false matrix: runtime: [io.containerd.runtime.v1.linux, io.containerd.runc.v1, io.containerd.runc.v2] runc: [runc, crun] exclude: - runtime: io.containerd.runc.v1 runc: crun - runtime: io.containerd.runtime.v1.linux runc: crun env: GOTEST: gotestsum -- steps: - uses: actions/setup-go@v2 with: go-version: '1.17.3' - uses: actions/checkout@v2 - name: Install containerd dependencies env: RUNC_FLAVOR: ${{ matrix.runc }} GOFLAGS: -modcacherw run: | sudo apt-get install -y gperf sudo -E PATH=$PATH script/setup/install-seccomp sudo -E PATH=$PATH script/setup/install-runc sudo -E PATH=$PATH script/setup/install-cni $(grep containernetworking/plugins go.mod | awk '{print $2}') sudo -E PATH=$PATH script/setup/install-critools - name: Install criu run: | sudo add-apt-repository ppa:criu/ppa sudo apt-get update sudo apt-get install -y criu - name: Install containerd env: CGO_ENABLED: 1 run: | make binaries GO_BUILD_FLAGS="-mod=vendor" sudo -E PATH=$PATH make install - run: sudo -E PATH=$PATH script/setup/install-gotestsum - name: Tests env: GOPROXY: direct GOTESTSUM_JUNITFILE: ${{github.workspace}}/test-unit-root-junit.xml run: | make test sudo -E PATH=$PATH make root-test - name: Integration 1 env: GOPROXY: direct TEST_RUNTIME: ${{ matrix.runtime }} RUNC_FLAVOR: ${{ matrix.runc }} GOTESTSUM_JUNITFILE: ${{github.workspace}}/test-integration-serial-junit.xml run: | extraflags="" [ "${RUNC_FLAVOR}" == "crun" ] && { extraflags="EXTRA_TESTFLAGS=-no-criu"; } sudo -E PATH=$PATH make integration ${extraflags} TESTFLAGS_RACE=-race # Run the integration suite a second time. See discussion in github.com/containerd/containerd/pull/1759 - name: Integration 2 env: GOPROXY: direct TEST_RUNTIME: ${{ matrix.runtime }} RUNC_FLAVOR: ${{ matrix.runc }} GOTESTSUM_JUNITFILE: ${{github.workspace}}/test-integration-parallel-junit.xml run: | extraflags="" [ "${RUNC_FLAVOR}" == "crun" ] && { extraflags="EXTRA_TESTFLAGS=-no-criu"; } sudo -E PATH=$PATH TESTFLAGS_PARALLEL=1 make integration ${extraflags} - name: CRI Integration Test env: TEST_RUNTIME: ${{ matrix.runtime }} run: | CONTAINERD_RUNTIME=$TEST_RUNTIME make cri-integration - name: cri-tools critest env: TEST_RUNTIME: ${{ matrix.runtime }} run: | BDIR="$(mktemp -d -p $PWD)" mkdir -p ${BDIR}/{root,state} cat > ${BDIR}/config.toml < ${BDIR}/containerd-cri.log & sudo -E PATH=$PATH /usr/local/bin/ctr -a ${BDIR}/c.sock version sudo -E PATH=$PATH critest --report-dir "${{github.workspace}}/critestreport" --runtime-endpoint=unix:///${BDIR}/c.sock --parallel=8 TEST_RC=$? test $TEST_RC -ne 0 && cat ${BDIR}/containerd-cri.log sudo pkill containerd sudo -E rm -rf ${BDIR} test $TEST_RC -eq 0 || /bin/false # Log the status of this VM to investigate issues like # https://github.com/containerd/containerd/issues/4969 - name: Host Status if: always() run: | set -x mount df losetup -l - uses: actions/upload-artifact@v2 if: always() with: name: TestResults ${{ matrix.runtime }} ${{matrix.runc}} path: | *-junit.xml ${{github.workspace}}/critestreport/*.xml tests-mac-os: name: MacOS unit tests runs-on: macos-10.15 timeout-minutes: 10 needs: [project, linters, protos, man] env: GOTEST: gotestsum -- steps: - uses: actions/setup-go@v2 with: go-version: '1.17.3' - uses: actions/checkout@v2 - run: sudo -E PATH=$PATH script/setup/install-gotestsum - name: Tests env: GOPROXY: direct GOTESTSUM_JUNITFILE: "${{ github.workspace }}/macos-test-junit.xml" run: make test - uses: actions/upload-artifact@v2 if: always() with: name: TestResults MacOS path: | *-junit.xml cgroup2: name: CGroupsV2 - SELinux enforced # nested virtualization is only available on macOS hosts runs-on: macos-10.15 timeout-minutes: 45 needs: [project, linters, protos, man] strategy: matrix: # Currently crun is disabled to decrease CI flakiness. # We can enable crun again when we get a better CI infra. runc: [runc] env: GOTEST: gotestsum -- steps: - uses: actions/checkout@v2 - name: "Cache ~/.vagrant.d/boxes" uses: actions/cache@v2 with: path: ~/.vagrant.d/boxes key: vagrant-${{ hashFiles('Vagrantfile*') }} - name: Vagrant start run: | # Retry if it fails (download.fedoraproject.org returns 404 sometimes) vagrant up || vagrant up - name: Integration env: RUNC_FLAVOR: ${{ matrix.runc }} SELINUX: Enforcing GOTESTSUM_JUNITFILE: /tmp/test-integration-junit.xml run: vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-integration - name: CRI test env: RUNC_FLAVOR: ${{ matrix.runc }} SELINUX: Enforcing REPORT_DIR: /tmp/critestreport run: vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri - name: Collect the VM's IP address for Docker Hub's throttling issue if: failure() run: vagrant ssh -- curl https://api64.ipify.org/ - name: Get test reports if: always() run: | set -e vagrant plugin install vagrant-vbguest vagrant plugin install vagrant-scp vagrant scp :/tmp/test-integration-junit.xml "${{ github.workspace }}/" vagrant scp :/tmp/critestreport "${{ github.workspace }}/critestreport" - uses: actions/upload-artifact@v2 if: always() with: name: TestResults cgroup2 ${{ matrix.runtime }} ${{matrix.runc}} path: | ${{github.workspace}}/*-junit.xml ${{github.workspace}}/critestreport/* cgroup2-misc: name: CGroupsV2 - rootless CRI test # nested virtualization is only available on macOS hosts runs-on: macos-10.15 timeout-minutes: 45 needs: [project, linters, protos, man] steps: - uses: actions/checkout@v2 - name: "Cache ~/.vagrant.d/boxes" uses: actions/cache@v2 with: path: ~/.vagrant.d/boxes key: vagrant-${{ hashFiles('Vagrantfile*') }} - name: Vagrant start run: | # Retry if it fails (download.fedoraproject.org returns 404 sometimes) vagrant up || vagrant up # slow, so separated from the regular cgroup2 task - name: CRI-in-UserNS test with Rootless Podman run: | vagrant up --provision-with=install-rootless-podman # Execute rootless podman to create the UserNS env vagrant ssh -- podman build --target cri-in-userns -t cri-in-userns -f /vagrant/contrib/Dockerfile.test /vagrant vagrant ssh -- podman run --rm --privileged cri-in-userns - name: Collect the VM's IP address for Docker Hub's throttling issue if: failure() run: vagrant ssh -- curl https://api64.ipify.org/