1name: CI
2on:
3 - push
4 - pull_request
5
6env:
7 GO_VERSION: "1.19.x"
8 GOTESTSUM_VERSION: "latest"
9
10jobs:
11
12 lint:
13 runs-on: "windows-2022"
14 strategy:
15 fail-fast: false
16 matrix:
17 goos: [windows, linux]
18 root: ["", test] # cannot specify "./... ./test/..." unless in go workspace
19 include:
20 - goos: linux
21 root: ""
22 dirs: >-
23 ./cmd/gcs/...
24 ./cmd/gcstools/...
25 ./internal/guest...
26 ./internal/tools/...
27 ./pkg/...
28 ./ext4/...
29
30 steps:
31 - name: Checkout
32 uses: actions/checkout@v3
33
34 - name: Install go
35 uses: actions/setup-go@v4
36 with:
37 go-version: ${{ env.GO_VERSION }}
38 # sometimes go cache causes issues with lint
39 cache: false
40
41 - uses: golangci/golangci-lint-action@v3
42 with:
43 version: v1.52
44 args: >-
45 --verbose
46 --max-issues-per-linter=0
47 --max-same-issues=0
48 --modules-download-mode=readonly
49 --timeout=10m
50 ${{ matrix.dirs }}
51 working-directory: ${{ matrix.root }}
52 env:
53 GOOS: ${{ matrix.goos }}
54
55 protos:
56 runs-on: "windows-2022"
57
58 env:
59 # translating from github.com/Microsoft/hcsshim/<path> (via `go list`) to <path> is easier if hcsshim is in GOPATH/src
60 GOPATH: '${{ github.workspace }}\go'
61
62 steps:
63 - name: Checkout hcsshim
64 uses: actions/checkout@v3
65 with:
66 path: go/src/github.com/Microsoft/hcsshim
67
68 - name: Install go
69 uses: actions/setup-go@v4
70 with:
71 go-version: ${{ env.GO_VERSION }}
72 cache-dependency-path: go/src/github.com/Microsoft/hcsshim/go.sum
73
74 - name: Get containerd ref
75 shell: powershell
76 run: |
77 $v = go list -m -f '{{ .Version }}' 'github.com/containerd/containerd' 2>&1
78 if ( $LASTEXITCODE ) {
79 Write-Output '::error::Could not retrieve containerd version.'
80 exit $LASTEXITCODE
81 }
82 Write-Output "containerd ref is: $v"
83 "containerd_ref=$v" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
84 working-directory: go/src/github.com/Microsoft/hcsshim
85
86 - name: Checkout containerd
87 uses: actions/checkout@v3
88 with:
89 repository: containerd/containerd
90 path: "containerd"
91 ref: "${{ env.containerd_ref }}"
92
93 - name: Install protobuild and protoc-gen-gogoctrd
94 shell: powershell
95 run: |
96 # not actually GOBIN
97 $goBin = Join-Path (go env GOPATH) 'bin'
98 mkdir -f $goBin
99 $goBin | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
100
101 go install github.com/containerd/protobuild@v0.2.0
102
103 cd containerd
104 go build -o $goBin ./cmd/protoc-gen-gogoctrd
105
106 - name: Install protoc
107 shell: powershell
108 run: |
109 gh release download -R protocolbuffers/protobuf -p 'protoc-*-win32.zip' -O protoc.zip 'v23.2'
110 if ( $LASTEXITCODE ) {
111 Write-Output '::error::Could not download protoc.'
112 exit $LASTEXITCODE
113 }
114
115 tar.exe xf protoc.zip
116 if ( $LASTEXITCODE ) {
117 Write-Output '::error::Could not install protoc.'
118 exit $LASTEXITCODE
119 }
120
121 mkdir -f ${{ github.workspace }}/go/src/github.com/Microsoft/hcsshim/protobuf
122 mv include/* ${{ github.workspace }}/go/src/github.com/Microsoft/hcsshim/protobuf
123
124 # put protoc in GOPATH to make things easier
125 mv bin\protoc.exe (Join-Path (go env GOPATH) 'bin')
126 env:
127 GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
128
129 - name: Run Protobuild
130 shell: powershell
131 run: |
132 Write-Output "::group::protobuild"
133 protobuild $(go list ./... | grep -v /vendor/)
134 Write-Output "::endgroup::"
135 if ( $LASTEXITCODE ) {
136 Write-Output '::error::Failed to run protobuild.'
137 exit $LASTEXITCODE
138 }
139
140 Write-Output "::group::git diff"
141 # look for any new files not previously tracked
142 git add --all --intent-to-add .
143 git diff --exit-code
144 Write-Output "::endgroup::"
145 working-directory: "${{ github.workspace }}/go/src/github.com/Microsoft/hcsshim"
146
147 verify-vendor:
148 runs-on: "windows-2022"
149 env:
150 GOPROXY: "https://proxy.golang.org,direct"
151 steps:
152 - name: Checkout
153 uses: actions/checkout@v3
154
155 - name: Install go
156 uses: actions/setup-go@v4
157 with:
158 go-version: ${{ env.GO_VERSION }}
159
160 - name: Validate go.mod and vendoring
161 shell: powershell
162 run: |
163 $currentPath = (Get-Location).Path
164 $process = Start-Process powershell.exe -PassThru -Verb runAs -Wait -ArgumentList $currentPath/scripts/Verify-GoModules.ps1, $currentPath
165 if ($process.ExitCode -ne 0) {
166 Write-Error "Main modules are not up to date. Please validate your go version >= this job's and run `go mod vendor` followed by `go mod tidy` in the repo root path."
167 }
168 exit $process.ExitCode
169
170 - name: Validate test/go.mod
171 shell: powershell
172 working-directory: test
173 run: |
174 Write-Output "::group::go mod tidy"
175 go mod tidy
176 Write-Output "::endgroup::"
177
178 git add --all --intent-to-add .
179 Write-Output "::group::git diff"
180 git diff --stat --exit-code
181 Write-Output "::endgroup::"
182
183 if ($LASTEXITCODE -ne 0) {
184 Write-Output "::error ::./test/go.mod is not up to date. Please run ``go mod tidy`` from within ``./test``"
185 exit $LASTEXITCODE
186 }
187
188 go-gen:
189 name: Go Generate
190 runs-on: "windows-2022"
191 steps:
192 - name: Checkout
193 uses: actions/checkout@v3
194
195 - name: Install go
196 uses: actions/setup-go@v4
197 with:
198 go-version: ${{ env.GO_VERSION }}
199
200 - name: Validate go generate
201 shell: powershell
202 run: |
203 Write-Output "::group::go generate"
204 go generate -x .\...
205 Write-Output "::endgroup::"
206 if ($LASTEXITCODE -ne 0) {
207 Write-Output "::error title=Go Generate::Error running go generate."
208 exit $LASTEXITCODE
209 }
210
211 git add --all --intent-to-add .
212 Write-Output "::group::git diff"
213 git diff --stat --exit-code
214 Write-Output "::endgroup::"
215 if ($LASTEXITCODE -ne 0) {
216 Write-Output "::error ::Generated files are not up to date. Please run ``go generate .\...``."
217 exit $LASTEXITCODE
218 }
219
220 test-linux:
221 needs: [lint, protos, verify-vendor, go-gen]
222 runs-on: ubuntu-latest
223 steps:
224 - name: Checkout
225 uses: actions/checkout@v3
226
227 - name: Install go
228 uses: actions/setup-go@v4
229 with:
230 go-version: ${{ env.GO_VERSION }}
231
232 - name: Install gotestsum
233 run: go install gotest.tools/gotestsum@${{ env.GOTESTSUM_VERSION }}
234
235 - name: Test standard security policy
236 run: gotestsum --format standard-verbose --debug -- -timeout=30m -mod=mod -gcflags=all=-d=checkptr ./pkg/securitypolicy
237
238 - name: Test rego security policy
239 run: gotestsum --format standard-verbose --debug -- -tags=rego -timeout=30m -mod=mod -gcflags=all=-d=checkptr ./pkg/securitypolicy
240
241 - name: Test rego policy interpreter
242 run: gotestsum --format standard-verbose --debug -- -mod=mod -gcflags=all=-d=checkptr ./internal/regopolicyinterpreter
243
244 - name: Run guest code unit tests
245 run: gotestsum --format standard-verbose --debug -- -mod=mod -gcflags=all=-d=checkptr ./internal/guest/...
246
247 - name: Build gcs Testing Binary
248 run: go test -mod=mod -gcflags=all=-d=checkptr -c -tags functional ./gcs
249 working-directory: test
250
251 test-windows:
252 needs: [lint, protos, verify-vendor, go-gen]
253 runs-on: ${{ matrix.os }}
254 strategy:
255 matrix:
256 os: [windows-2019, windows-2022]
257 steps:
258 - name: Checkout
259 uses: actions/checkout@v3
260
261 - name: Install go
262 uses: actions/setup-go@v4
263 with:
264 go-version: ${{ env.GO_VERSION }}
265
266 - name: Install gotestsum
267 run: go install gotest.tools/gotestsum@${{ env.GOTESTSUM_VERSION }}
268
269 # run tests
270 - name: Test repo
271 run: gotestsum --format standard-verbose --debug -- -gcflags=all=-d=checkptr -tags admin ./...
272 - name: Test schema version
273 run: gotestsum --format standard-verbose --debug -- -mod=mod -gcflags=all=-d=checkptr -tags admin ./internal
274 working-directory: test
275 - name: Test rego policy interpreter
276 run: gotestsum --format standard-verbose --debug -- -mod=mod -gcflags=all=-d=checkptr ./internal/regopolicyinterpreter
277
278 # build testing binaries
279 - name: Build containerd-shim-runhcs-v1 Testing Binary
280 run: go test -mod=mod -gcflags=all=-d=checkptr -c -tags functional ./containerd-shim-runhcs-v1
281 working-directory: test
282 - name: Build cri-containerd Testing Binary
283 run: go test -mod=mod -gcflags=all=-d=checkptr -c -tags functional ./cri-containerd
284 working-directory: test
285 - name: Build functional Testing Binary
286 run: go test -mod=mod -gcflags=all=-d=checkptr -c -tags functional ./functional
287 working-directory: test
288 - name: Build runhcs Testing Binary
289 run: go test -mod=mod -gcflags=all=-d=checkptr -c -tags functional ./runhcs
290 working-directory: test
291 - name: Build logging-driver Binary
292 run: go build -mod=mod -o sample-logging-driver.exe ./cri-containerd/helpers/log.go
293 working-directory: test
294
295 - uses: actions/upload-artifact@v3
296 if: ${{ github.event_name == 'pull_request' }}
297 with:
298 name: test_binaries_${{ matrix.os }}
299 path: |
300 test/containerd-shim-runhcs-v1.test.exe
301 test/cri-containerd.test.exe
302 test/functional.test.exe
303 test/runhcs.test.exe
304 test/sample-logging-driver.exe
305
306 integration-tests:
307 needs: [lint, protos, verify-vendor, go-gen]
308 runs-on: ${{ matrix.os }}
309 strategy:
310 fail-fast: false
311 matrix:
312 os: [windows-2019, windows-2022]
313
314 steps:
315 - name: Checkout hcsshim
316 uses: actions/checkout@v3
317 with:
318 path: src/github.com/Microsoft/hcsshim
319
320 - name: Install go
321 uses: actions/setup-go@v4
322 with:
323 go-version: ${{ env.GO_VERSION }}
324 check-latest: true
325 cache-dependency-path: src/github.com/Microsoft/hcsshim/go.sum
326
327 - name: Set env
328 shell: bash
329 run: |
330 mkdir -p "${{ github.workspace }}/bin"
331 echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
332 echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
333 echo "${{ github.workspace }}/src/github.com/containerd/containerd/bin" >> $GITHUB_PATH
334
335 - name: Get containerd ref
336 shell: powershell
337 run: |
338 $v = go list -m -f '{{ .Version }}' 'github.com/containerd/containerd' 2>&1
339 if ( $LASTEXITCODE ) {
340 Write-Output '::error::Could not retrieve containerd version.'
341 exit $LASTEXITCODE
342 }
343 Write-Output "containerd ref is: $v"
344 "containerd_ref=$v" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
345 working-directory: src/github.com/Microsoft/hcsshim
346
347 - uses: actions/checkout@v3
348 with:
349 path: src/github.com/containerd/containerd
350 repository: "containerd/containerd"
351 ref: "${{ env.containerd_ref }}"
352 name: Checkout containerd
353
354 - name: Install crictl
355 shell: powershell
356 run: |
357 gh release download -R kubernetes-sigs/cri-tools -p 'crictl-*-windows-amd64.tar.gz' -O c:\crictl.tar.gz 'v1.24.2'
358 tar.exe xf c:\crictl.tar.gz -C '${{ github.workspace }}/bin'
359
360 if ( $LASTEXITCODE ) {
361 Write-Output '::error::Could not install crictl.'
362 exit $LASTEXITCODE
363 }
364 env:
365 GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
366
367 # needs to be a separate step since terminal reload is required to bring in new env variables and PATH
368 - name: Upgrade Chocolaty
369 shell: powershell
370 run: |
371 choco upgrade -y chocolatey 2>&1
372
373 - name: Install mingw
374 shell: powershell
375 run: |
376 $VerbosePreference = 'Continue'
377 # dont set $ErrorActionPreference since we want to allow choco install to fail later on
378
379 Write-Output 'Install mingw'
380 # Install sometimes fails when downloading mingw zip from source-forge with:
381 # "ERROR: The remote file either doesn't exist, is unauthorized, or is forbidden for url"
382 # Issue is with accessing from source-forge, which version 10.3+ do not use, but cannot upgrade versions.
383
384 # Add retry and backoff
385 foreach ( $i in 1..3 ) {
386 Write-Output "::group::Attempt $i"
387 if ( $i -gt 1 ) {
388 # remove any left-over state
389 choco uninstall -y --no-progress --force mingw
390
391 Write-Output 'Sleeping for 60 seconds'
392 Sleep -Seconds 60
393 }
394
395 choco install -y --no-progress --stop-on-first-failure --force mingw --allow-downgrade --version 10.3.0
396 Write-Output '::endgroup::'
397 if ( -not $LASTEXITCODE ) {
398 Write-Output "Attempt $i succeeded (exit code: $LASTEXITCODE)"
399 break
400 }
401 Write-Output "::warning title=mingw::Attempt $i failed (exit code: $LASTEXITCODE)"
402 }
403
404 if ( $LASTEXITCODE ) {
405 Write-Output "::error::Could not install mingw after $i attempts."
406 exit $LASTEXITCODE
407 }
408
409 # verify mingw32-make was installed
410 Get-Command -CommandType Application -ErrorAction Stop mingw32-make.exe
411
412 - name: Build binaries
413 shell: bash
414 working-directory: src/github.com/containerd/containerd
415 run: |
416 set -o xtrace
417 mingw32-make.exe binaries
418 script/setup/install-cni-windows
419
420 - name: Build the shim
421 working-directory: src/github.com/Microsoft/hcsshim
422 shell: powershell
423 run: |
424 go build -mod vendor -o "${{ github.workspace }}/src/github.com/containerd/containerd/bin/containerd-shim-runhcs-v1.exe" .\cmd\containerd-shim-runhcs-v1
425
426 - name: Install gotestsum
427 run: go install gotest.tools/gotestsum@${{ env.GOTESTSUM_VERSION }}
428
429 - name: Run containerd integration tests
430 shell: bash
431 working-directory: src/github.com/containerd/containerd
432 run: |
433 export EXTRA_TESTFLAGS='-timeout=20m'
434 export GOTEST='gotestsum --format=standard-verbose --debug --'
435 make integration
436
437 - name: Run containerd CRI integration tests
438 shell: bash
439 working-directory: src/github.com/containerd/containerd
440 env:
441 TEST_IMAGE_LIST: ${{github.workspace}}/repolist.toml
442 BUSYBOX_TESTING_IMAGE_REF: "k8s.gcr.io/e2e-test-images/busybox:1.29-2"
443 RESOURCE_CONSUMER_TESTING_IMAGE_REF: "k8s.gcr.io/e2e-test-images/resource-consumer:1.10"
444 CGO_ENABLED: 1
445 run: |
446 cat > "${{ env.TEST_IMAGE_LIST }}" << EOF
447 busybox = "${{ env.BUSYBOX_TESTING_IMAGE_REF }}"
448 ResourceConsumer = "${{ env.RESOURCE_CONSUMER_TESTING_IMAGE_REF }}"
449 EOF
450 # In the stable version of hcsshim that is used in containerd, killing a task
451 # that has already exited or a task that has not yet been started, yields a
452 # ErrNotFound. The master version of hcsshim returns nil, which is in line with
453 # how the linux runtime behaves. See:
454 # https://github.com/containerd/containerd/blob/f4f41296c2b0ac7d60aae3dd9c219a7636b0a07e/integration/restart_test.go#L152-L160
455 #
456 # We skip this test here, until a new release of hcsshim is cut and the one in
457 # containerd is updated. When the shim is updated in containerd, this test will
458 # also need to be updated and the special case for windows, removed.
459 FOCUS="[^(TestContainerdRestart|TestContainerSymlinkVolumes)]" make cri-integration
460
461 # Enable these tests once the required JobContainer images are updated.
462 #
463 # - name: Install containerd service
464 # shell: powershell
465 # run: |
466 # mkdir C:\containerd
467 # Set-Content C:/containerd/containerd.toml @"
468 # version = 2
469 # [plugins]
470 # [plugins."io.containerd.grpc.v1.cri".containerd]
471 # default_runtime_name = "runhcs-wcow-process"
472 # disable_snapshot_annotations = false
473 # discard_unpacked_layers = false
474 # ignore_blockio_not_enabled_errors = false
475 # ignore_rdt_not_enabled_errors = false
476 # no_pivot = false
477 # snapshotter = "windows"
478 #
479 # [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
480 #
481 # [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runhcs-wcow-hypervisor]
482 # runtime_type = "io.containerd.runhcs.v1"
483 # [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runhcs-wcow-hypervisor.options]
484 # Debug = true
485 # DebugType = 2
486 # SandboxPlatform = "windows/amd64"
487 # SandboxIsolation = 1
488 #
489 # [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runhcs-wcow-process]
490 # runtime_type = "io.containerd.runhcs.v1"
491 # pod_annotations = ["microsoft.com/*", "io.microsoft.*" ]
492 # container_annotations = ["microsoft.com/*", "io.microsoft.*" ]
493 #
494 # [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runhcs-wcow-process.options]
495 # "@
496 #
497 # containerd.exe --register-service --log-level=debug --config C:/containerd/containerd.toml --service-name containerd --address //./pipe/containerd-containerd --state C:/ProgramData/containerd/state --root C:/ProgramData/containerd/root --log-file C:/containerd/containerd.log
498 # Set-Service containerd -StartupType Automatic
499 # Start-Service containerd
500 #
501 # - name: Build test binary
502 # working-directory: src/github.com/Microsoft/hcsshim/test
503 # shell: powershell
504 # run: |
505 # go test -mod=mod -o "${{ github.workspace }}/bin/cri-containerd.test.exe" -gcflags=all=-d=checkptr -c ./cri-containerd/ -tags functional
506 #
507 # - name: Run hcsshim integration tests
508 # shell: powershell
509 # run: |
510 # cri-containerd.test.exe -cri-endpoint="npipe://./pipe/containerd-containerd" -feature="WCOWProcess" -feature="HostProcess"
511
512 build:
513 needs: [test-windows, test-linux]
514 runs-on: "windows-2022"
515 steps:
516 - name: Checkout
517 uses: actions/checkout@v3
518
519 - name: Install go
520 uses: actions/setup-go@v4
521 with:
522 go-version: ${{ env.GO_VERSION }}
523
524 - run: go build ./cmd/containerd-shim-runhcs-v1
525 - run: go build ./cmd/runhcs
526 - run: go build ./cmd/tar2ext4
527 - run: go build ./cmd/wclayer
528 - run: go build ./cmd/device-util
529 - run: go build ./cmd/ncproxy
530 - run: go build ./cmd/dmverity-vhd
531 - run: go build ./cmd/dmverity-vhd
532 env:
533 GOOS: linux
534 GOARCH: amd64
535 - run: go build ./internal/tools/grantvmgroupaccess
536 - run: go build ./internal/tools/networkagent
537 - run: go build ./internal/tools/securitypolicy
538 - run: go build ./internal/tools/uvmboot
539 - run: go build ./internal/tools/zapdir
540
541 - uses: actions/upload-artifact@v3
542 if: ${{ github.event_name == 'pull_request' }}
543 with:
544 name: binaries
545 path: |
546 containerd-shim-runhcs-v1.exe
547 runhcs.exe
548 tar2ext4.exe
549 wclayer.exe
550 device-util.exe
551 ncproxy.exe
552 dmverity-vhd.exe
553 dmverity-vhd
554 grantvmgroupaccess.exe
555 networkagent.exe
556 securitypolicy.exe
557 uvmboot.exe
558 zapdir.exe
559
560 build_gcs:
561 needs: test-linux
562 runs-on: ubuntu-latest
563 steps:
564 - name: Checkout
565 uses: actions/checkout@v3
566
567 - name: Install go
568 uses: actions/setup-go@v4
569 with:
570 go-version: ${{ env.GO_VERSION }}
571
572 - name: Test
573 run: make test
574
575 - name: Pull busybox image
576 run: docker pull busybox
577
578 - name: Run Busybox Container
579 run: docker run --name base_image_container busybox
580
581 - name: Export container to tar file
582 run: |
583 docker export base_image_container | gzip > base.tar.gz
584
585 - name: Build
586 run: make BASE=./base.tar.gz all
View as plain text