From dd99302e13ce6ff7e0399271d6e67d406e69d509 Mon Sep 17 00:00:00 2001 From: Sascha Grunert Date: Mon, 8 Mar 2021 16:04:28 +0100 Subject: [PATCH] Add CRI-O integration test GitHub action This adds a GitHub action for integration testing the latest CRI-O master against the conmon change to verify its impact. Signed-off-by: Sascha Grunert --- .github/workflows/integration.yml | 33 ++++++++ hack/github-actions-setup | 122 ++++++++++++++++++++++++++++++ 2 files changed, 155 insertions(+) create mode 100644 .github/workflows/integration.yml create mode 100755 hack/github-actions-setup diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml new file mode 100644 index 0000000..82b7177 --- /dev/null +++ b/.github/workflows/integration.yml @@ -0,0 +1,33 @@ +name: integration +on: + push: + tags: + - v* + branches: + - master + - ghactions # TODO: remove when it works + pull_request: +jobs: + cri-o: + runs-on: ubuntu-latest + steps: + - uses: actions/setup-go@v2 + with: + go-version: '1.16' + - uses: actions/checkout@v2 + - uses: actions/cache@v2 + with: + path: | + ~/go/pkg/mod + ~/.cache/go-build + key: go-build-${{ hashFiles('**/go.sum') }} + restore-keys: go-integration- + - run: hack/github-actions-setup + - run: sudo make install + - name: Run CRI-O integration tests + run: | + cd cri-o + make all test-binaries + sudo -E test/test_runner.sh + env: + JOBS: '2' diff --git a/hack/github-actions-setup b/hack/github-actions-setup new file mode 100755 index 0000000..8fce439 --- /dev/null +++ b/hack/github-actions-setup @@ -0,0 +1,122 @@ +#!/usr/bin/env bash +set -euo pipefail + +declare -A VERSIONS=( + ["cni-plugins"]=v0.8.7 + ["runc"]=v1.0.0-rc92 + ["bats"]=v1.2.1 +) + +main() { + set -x + prepare_system + + install_packages + install_bats + install_critools + install_runc + install_cni_plugins + install_testdeps +} + +prepare_system() { + sudo systemctl stop docker + sudo ufw disable + + # enable necessary kernel modules + sudo ip6tables --list >/dev/null + + # enable necessary sysctls + sudo sysctl -w net.ipv4.conf.all.route_localnet=1 + sudo sysctl -w net.ipv4.ip_forward=1 + # needed for crictl test + sudo sysctl -w net.bridge.bridge-nf-call-iptables=1 + sudo iptables -t nat -I POSTROUTING -s 127.0.0.0/8 ! -d 127.0.0.0/8 -j MASQUERADE +} + +install_packages() { + sudo apt update + sudo apt install -y \ + conntrack \ + libaio-dev \ + libapparmor-dev \ + libcap-dev \ + libdevmapper-dev \ + libfuse-dev \ + libgpgme11-dev \ + libnet1-dev \ + libnl-3-dev \ + libprotobuf-c-dev \ + libprotobuf-dev \ + libseccomp-dev \ + libsystemd-dev \ + libudev-dev \ + socat \ + uuid-dev +} + +install_bats() { + git clone https://github.com/bats-core/bats-core + pushd bats-core + git checkout "${VERSIONS["bats"]}" + sudo ./install.sh /usr/local + popd + rm -rf bats-core + mkdir -p ~/.parallel + touch ~/.parallel/will-cite +} + +install_critools() { + URL=https://github.com/kubernetes-sigs/cri-tools + + git clone $URL + pushd cri-tools + sudo -E PATH="$PATH" make BINDIR=/usr/bin install + popd + sudo rm -rf cri-tools + sudo critest --version + sudo crictl --version +} + +install_cni_plugins() { + URL=https://github.com/containernetworking/plugins/releases/download + TARBALL=cni-plugins-linux-amd64-${VERSIONS["cni-plugins"]}.tgz + CNI_DIR=/opt/cni/bin + sudo mkdir -p "$CNI_DIR" + wget -O "$TARBALL" $URL/"${VERSIONS["cni-plugins"]}"/"$TARBALL" + sudo tar xf "$TARBALL" -C "$CNI_DIR" + rm "$TARBALL" + ls -lah "$CNI_DIR" +} + +install_runc() { + URL=https://github.com/opencontainers/runc/releases/download/"${VERSIONS["runc"]}" + BINARY=/usr/sbin/runc + sudo wget -O "$BINARY" "$URL"/runc.amd64 + sudo chmod +x "$BINARY" + + # Verify the SHA256 + SUMFILE=runc.sha256sum + wget "$URL"/$SUMFILE + grep -qw "$(sha256sum "$BINARY" | awk '{ print $1 }')" $SUMFILE + rm $SUMFILE + + runc --version +} + +install_testdeps() { + URL=https://github.com/cri-o/cri-o + git clone $URL + pushd cri-o + make "$(pwd)"/build/bin/ginkgo + sudo cp build/bin/ginkgo /usr/bin + ginkgo version + + sudo mkdir -p /etc/containers/registries.d + sudo cp test/policy.json /etc/containers + sudo cp test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redhat.com.yaml + sudo cp test/registries.conf /etc/containers/registries.conf + popd +} + +main "$@"