Skip to content

[WIP] Test rework permanent next-target #11078

[WIP] Test rework permanent next-target

[WIP] Test rework permanent next-target #11078

Workflow file for this run

name: test
on:
push:
branches:
- main
- 'release/**'
pull_request:
paths-ignore:
- '**.md'
env:
GO_VERSION: 1.23.x
jobs:
test-unit:
timeout-minutes: 5
name: unit | ${{ matrix.goos }}
runs-on: "${{ matrix.os }}"
defaults:
run:
shell: bash
strategy:
matrix:
include:
- os: windows-2022
goos: windows
- os: ubuntu-24.04
goos: linux
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
cache: true
- if: ${{ matrix.goos=='windows' }}
uses: actions/[email protected]
with:
repository: containerd/containerd
ref: v1.7.23
path: containerd
fetch-depth: 1
- if: ${{ matrix.goos=='windows' }}
name: "Set up CNI"
working-directory: containerd
run: GOPATH=$(go env GOPATH) script/setup/install-cni-windows
- name: "Run unit tests"
run: go test -v ./pkg/...
test-integration:
runs-on: "${{ matrix.runner }}"
timeout-minutes: 40
strategy:
fail-fast: false
matrix:
# ubuntu-20.04: cgroup v1, ubuntu-22.04 and later: cgroup v2
include:
- ubuntu: 20.04
containerd: v1.6.36
runner: "ubuntu-20.04"
- ubuntu: 22.04
containerd: v1.7.23
runner: "ubuntu-22.04"
- ubuntu: 24.04
containerd: v2.0.0-rc.5
runner: "ubuntu-24.04"
- ubuntu: 24.04
containerd: v2.0.0-rc.5
runner: github-arm64-2c-8gb
env:
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
CONTAINERD_VERSION: "${{ matrix.containerd }}"
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- name: "Prepare integration test environment"
run: docker build -t test-integration --target test-integration --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} .
- name: "Remove snap loopback devices (conflicts with our loopback devices in TestRunDevice)"
run: |
sudo systemctl disable --now snapd.service snapd.socket
sudo apt-get purge -y snapd
sudo losetup -Dv
sudo losetup -lv
- name: "Register QEMU (tonistiigi/binfmt)"
run: |
# `--install all` will only install emulation for architectures that cannot be natively executed
# Since some arm64 platforms do provide native fallback execution for 32 bits,
# armv7 emulation may or may not be installed, causing variance in the result of `uname -m`.
# To avoid that, we explicitly list the architectures we do want emulation for.
docker run --privileged --rm tonistiigi/binfmt --install linux/amd64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
- name: "Run integration tests"
uses: nick-fields/retry@v3
with:
timeout_minutes: 30
max_attempts: 2
retry_on: error
command: docker run -t --rm --privileged test-integration
test-integration-ipv6:
runs-on: "ubuntu-${{ matrix.ubuntu }}"
timeout-minutes: 40
strategy:
fail-fast: false
matrix:
# ubuntu-20.04: cgroup v1, ubuntu-22.04 and later: cgroup v2
include:
- ubuntu: 24.04
containerd: v1.7.23
env:
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
CONTAINERD_VERSION: "${{ matrix.containerd }}"
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- name: Enable ipv4 and ipv6 forwarding
run: |
sudo sysctl -w net.ipv6.conf.all.forwarding=1
sudo sysctl -w net.ipv4.ip_forward=1
- name: Enable IPv6 for Docker
run: |
sudo mkdir -p /etc/docker
echo '{"ipv6": true, "fixed-cidr-v6": "2001:db8:1::/64", "experimental": true, "ip6tables": true}' | sudo tee /etc/docker/daemon.json
sudo systemctl restart docker
- name: "Prepare integration test environment"
run: docker build -t test-integration-ipv6 --target test-integration-ipv6 --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} .
- name: "Remove snap loopback devices (conflicts with our loopback devices in TestRunDevice)"
run: |
sudo systemctl disable --now snapd.service snapd.socket
sudo apt-get purge -y snapd
sudo losetup -Dv
sudo losetup -lv
- name: "Register QEMU (tonistiigi/binfmt)"
run: |
# `--install all` will only install emulation for architectures that cannot be natively executed
# Since some arm64 platforms do provide native fallback execution for 32 bits,
# armv7 emulation may or may not be installed, causing variance in the result of `uname -m`.
# To avoid that, we explicitly list the architectures we do want emulation for.
docker run --privileged --rm tonistiigi/binfmt --install linux/amd64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
- name: "Run integration tests"
# The nested IPv6 network inside docker and qemu is complex and needs a bunch of sysctl config.
# Therefore it's hard to debug why the IPv6 tests fail in such an isolation layer.
# On the other side, using the host network is easier at configuration.
# Besides, each job is running on a different instance, which means using host network here
# is safe and has no side effects on others.
uses: nick-fields/retry@v3
with:
timeout_minutes: 30
max_attempts: 2
retry_on: error
command: docker run --network host -t --rm --privileged test-integration-ipv6
test-integration-rootless:
runs-on: "ubuntu-${{ matrix.ubuntu }}"
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
# ubuntu-20.04: cgroup v1, ubuntu-22.04 and later: cgroup v2
include:
- ubuntu: 20.04
containerd: v1.6.36
rootlesskit: v1.1.1 # Deprecated
target: test-integration-rootless
- ubuntu: 22.04
containerd: v1.7.23
rootlesskit: v2.3.1
target: test-integration-rootless
- ubuntu: 24.04
containerd: v2.0.0-rc.5
rootlesskit: v2.3.1
target: test-integration-rootless
- ubuntu: 24.04
containerd: v1.7.23
rootlesskit: v2.3.1
target: test-integration-rootless-port-slirp4netns
env:
UBUNTU_VERSION: "${{ matrix.ubuntu }}"
CONTAINERD_VERSION: "${{ matrix.containerd }}"
ROOTLESSKIT_VERSION: "${{ matrix.rootlesskit }}"
TEST_TARGET: "${{ matrix.target }}"
steps:
- name: "Set up AppArmor"
if: matrix.ubuntu == '24.04'
run: |
cat <<EOT | sudo tee "/etc/apparmor.d/usr.local.bin.rootlesskit"
abi <abi/4.0>,
include <tunables/global>
/usr/local/bin/rootlesskit flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.local.bin.rootlesskit>
}
EOT
sudo systemctl restart apparmor.service
- uses: actions/[email protected]
with:
fetch-depth: 1
- name: "Register QEMU (tonistiigi/binfmt)"
run: |
# `--install all` will only install emulation for architectures that cannot be natively executed
# Since some arm64 platforms do provide native fallback execution for 32 bits,
# armv7 emulation may or may not be installed, causing variance in the result of `uname -m`.
# To avoid that, we explicitly list the architectures we do want emulation for.
docker run --privileged --rm tonistiigi/binfmt --install linux/amd64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
- name: "Prepare (network driver=slirp4netns, port driver=builtin)"
run: docker build -t ${TEST_TARGET} --target ${TEST_TARGET} --build-arg UBUNTU_VERSION=${UBUNTU_VERSION} --build-arg CONTAINERD_VERSION=${CONTAINERD_VERSION} --build-arg ROOTLESSKIT_VERSION=${ROOTLESSKIT_VERSION} .
- name: "Disable BuildKit for RootlessKit v1 (workaround for issue #622)"
run: |
# https://github.com/containerd/nerdctl/issues/622
WORKAROUND_ISSUE_622=
if echo "${ROOTLESSKIT_VERSION}" | grep -q v1; then
WORKAROUND_ISSUE_622=1
fi
echo "WORKAROUND_ISSUE_622=${WORKAROUND_ISSUE_622}" >> "$GITHUB_ENV"
- name: "Test (network driver=slirp4netns, port driver=builtin)"
uses: nick-fields/retry@v3
with:
timeout_minutes: 30
max_attempts: 2
retry_on: error
command: docker run -t --rm --privileged -e WORKAROUND_ISSUE_622=${WORKAROUND_ISSUE_622} ${TEST_TARGET}
cross:
runs-on: ubuntu-24.04
timeout-minutes: 40
strategy:
matrix:
go-version: ["1.22.x", "1.23.x"]
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
cache: true
check-latest: true
- name: "Cross"
run: GO_VERSION="$(echo ${{ matrix.go-version }} | sed -e s/.x//)" make binaries
test-integration-docker-compatibility:
runs-on: ubuntu-24.04
timeout-minutes: 45
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
check-latest: true
- name: "Print docker info"
run: |
set -eux -o pipefail
docker info
docker version
- name: "Register QEMU (tonistiigi/binfmt)"
run: |
# `--install all` will only install emulation for architectures that cannot be natively executed
# Since some arm64 platforms do provide native fallback execution for 32 bits,
# armv7 emulation may or may not be installed, causing variance in the result of `uname -m`.
# To avoid that, we explicitly list the architectures we do want emulation for.
docker run --privileged --rm tonistiigi/binfmt --install linux/amd64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
- name: "Prepare integration test environment"
run: |
sudo apt-get install -y expect
- name: "Ensure that the integration test suite is compatible with Docker"
uses: nick-fields/retry@v3
with:
timeout_minutes: 30
max_attempts: 2
retry_on: error
# See https://github.com/containerd/nerdctl/blob/main/docs/testing/README.md#about-parallelization
command: go test -p 1 -timeout 20m -v -exec sudo ./cmd/nerdctl/... -args -test.target=docker -test.allow-kill-daemon
- name: "Ensure that the IPv6 integration test suite is compatible with Docker"
uses: nick-fields/retry@v3
with:
timeout_minutes: 30
max_attempts: 2
retry_on: error
# See https://github.com/containerd/nerdctl/blob/main/docs/testing/README.md#about-parallelization
command: go test -p 1 -timeout 20m -v -exec sudo ./cmd/nerdctl/... -args -test.target=docker -test.allow-kill-daemon -test.only-ipv6
test-integration-windows:
runs-on: windows-2022
timeout-minutes: 30
defaults:
run:
shell: bash
steps:
- uses: actions/[email protected]
with:
fetch-depth: 1
- uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
check-latest: true
- run: go install ./cmd/nerdctl
- uses: actions/[email protected]
with:
repository: containerd/containerd
ref: v1.7.23
path: containerd
fetch-depth: 1
- name: "Set up CNI"
working-directory: containerd
run: GOPATH=$(go env GOPATH) script/setup/install-cni-windows
- name: "Set up containerd"
env:
ctrdVersion: 1.7.23
run: powershell hack/configure-windows-ci.ps1
# TODO: Run unit tests
- name: "Run integration tests"
# See https://github.com/containerd/nerdctl/blob/main/docs/testing/README.md#about-parallelization
run: go test -p 1 -v ./cmd/nerdctl/...
test-integration-freebsd:
name: FreeBSD
# ubuntu-24.04 lacks the vagrant package
runs-on: ubuntu-22.04
timeout-minutes: 20
steps:
- uses: actions/[email protected]
- uses: actions/cache@v4
with:
path: /root/.vagrant.d
key: vagrant-${{ matrix.box }}
- name: Set up vagrant
run: |
sudo apt-get update
sudo apt-get install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt
sudo systemctl enable --now libvirtd
- name: Boot VM
run: |
ln -sf Vagrantfile.freebsd Vagrantfile
sudo vagrant up --no-tty
- name: test-unit
run: sudo vagrant up --provision-with=test-unit
- name: test-integration
run: sudo vagrant up --provision-with=test-integration