Skip to content

restore: add lsm-profile and lsm-mount-context options #2869

restore: add lsm-profile and lsm-mount-context options

restore: add lsm-profile and lsm-mount-context options #2869

Workflow file for this run

name: Test
on: [push, pull_request]
jobs:
build_job:
runs-on: ubuntu-latest
name: Build on ${{ matrix.arch }}
strategy:
matrix:
include:
- arch: armv7
distro: ubuntu_latest
- arch: aarch64
distro: ubuntu_latest
- arch: s390x
distro: ubuntu_latest
- arch: ppc64le
distro: ubuntu_latest
- arch: riscv64
distro: ubuntu_latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
set-safe-directory: true
- uses: uraimo/[email protected]
name: Build
id: build
with:
arch: ${{ matrix.arch }}
distro: ${{ matrix.distro }}
githubToken: ${{ github.token }}
install: |
apt-get update -q -y
apt-get install -q -y automake libtool autotools-dev libseccomp-dev git make libcap-dev cmake pkg-config gcc wget go-md2man libsystemd-dev gperf clang-format libyajl-dev libprotobuf-c-dev
run: |
find $(pwd) -name '.git' -exec bash -c 'git config --global --add safe.directory ${0%/.git}' {} \;
./autogen.sh
./configure CFLAGS='-Wall -Werror'
make -j $(nproc) -C libocispec libocispec.la
make git-version.h
make -j $(nproc) libcrun.la
make -j $(nproc) crun
make -j $(nproc) clean
if ./configure CFLAGS='-Wall -Werror --enable-shared'; then
make -j $(nproc) -C libocispec libocispec.la
make git-version.h
make -j $(nproc) libcrun.la
make -j $(nproc) crun
fi
Test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- test: disable-systemd
- test: check
- test: podman
#- test: cri-o
- test: containerd
- test: oci-validation
- test: alpine-build
- test: centos8-build
- test: centos9-build
#- test: centos10-build
- test: clang-format
- test: clang-check
- test: checkpoint-restore
- test: fuzzing
- test: codespell
- test: wasmedge-build
steps:
- name: checkout
uses: actions/checkout@v4
- name: install dependencies
run: |
# If Dockerfile is present in test directory, the test is run
# inside container, so these dependencies won't be needed.
test -f "tests/${{ matrix.test }}/Dockerfile" && exit 0
sudo add-apt-repository -y ppa:criu/ppa
# add-apt-repository runs apt-get update so we don't have to.
sudo apt-get install -q -y criu automake libtool autotools-dev libseccomp-dev git make libcap-dev cmake pkg-config gcc wget go-md2man libsystemd-dev gperf clang-format libyajl-dev containerd runc libasan6 libprotobuf-c-dev
- name: run autogen.sh
run: |
git clean -fdx .
find $(pwd) -name '.git' -exec bash -c 'git config --global --add safe.directory ${0%/.git}' {} \;
./autogen.sh
- name: run test
run: |
case "${{ matrix.test }}" in
disable-systemd)
./configure --disable-systemd
make -j $(nproc)
;;
check)
./configure --disable-dl
make
make syntax-check
echo run tests as root
sudo make check ASAN_OPTIONS=detect_leaks=false || cat test-suite.log
echo run tests as rootless
make check ASAN_OPTIONS=detect_leaks=false || (cat test-suite.log; exit 1)
echo run tests as rootless in a user namespace
unshare -r make check ASAN_OPTIONS=detect_leaks=false || (cat test-suite.log; exit 1)
# check that the working dir is clean
git describe --broken --dirty --all | grep -qv dirty
;;
podman)
sudo mkdir -p /var/lib/containers /var/tmp
sudo docker build -t crun-podman tests/podman
sudo docker run --cgroupns=host --privileged --rm -v /var/tmp:/var/tmp:rw -v /var/lib/containers:/var/lib/containers:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-podman
;;
#cri-o)
# sudo mkdir -p /var/lib/var-crio/tmp /var/lib/tmp-crio /var/lib/var-tmp-crio
# sudo docker build -t crun-cri-o tests/cri-o
# sudo docker run --cgroupns=host --net host --privileged --rm -v /dev/zero:/sys/module/apparmor/parameters/enabled -v /var/lib/tmp-crio:/tmp:rw -v /var/lib/var-tmp-crio:/var/tmp -v /var/lib/var-crio:/var/lib/containers:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-cri-o
# ;;
containerd)
sudo mkdir -p /var/lib/var-containerd
sudo docker build -t crun-containerd tests/containerd
sudo docker run --cgroupns=host --privileged --net host --rm -v /tmp:/tmp:rw -v /var/lib/var-containerd:/var/lib:rw -v /sys:/sys:rw,rslave -v ${PWD}:/crun crun-containerd
;;
oci-validation)
sudo docker build -t crun-oci-validation tests/oci-validation
sudo docker run --cgroupns=host --privileged --rm -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-oci-validation
;;
alpine-build)
sudo docker build -t crun-alpine-build tests/alpine-build
sudo docker run --cgroupns=host --privileged --rm -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-alpine-build
;;
centos8-build)
sudo docker build -t crun-centos8-build tests/centos8-build
sudo docker run --cgroupns=host --privileged --rm -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-centos8-build
;;
centos9-build)
sudo docker build -t crun-centos9-build tests/centos9-build
sudo docker run --cgroupns=host --privileged --rm -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-centos9-build
;;
centos10-build)
sudo docker build -t crun-centos10-build tests/centos10-build
sudo docker run --cgroupns=host --privileged --rm -v /var/tmp:/var/tmp:rw -v /var/lib/containers:/var/lib/containers:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-centos10-build
;;
clang-format)
sudo docker build -t crun-clang-format tests/clang-format
sudo docker run --rm -w /crun -v ${PWD}:/crun crun-clang-format
;;
clang-check)
sudo docker build -t crun-clang-check tests/clang-check
sudo docker run --privileged --rm -w /crun -v ${PWD}:/crun crun-clang-check
;;
checkpoint-restore)
./configure
make -j $(nproc)
sudo python3 tests/test_checkpoint_restore.py
;;
fuzzing)
sudo docker build -t crun-fuzzing tests/fuzzing
sudo docker run --cgroupns=host -e RUN_TIME=300 --privileged --rm -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -v ${PWD}:/crun crun-fuzzing
;;
codespell)
sudo docker build -t crun-codespell tests/codespell
sudo docker run --rm -w /crun -v ${PWD}:/crun crun-codespell codespell -q 0
;;
wasmedge-build)
sudo docker build -t wasmedge tests/wasmedge-build
sudo docker run --privileged --cgroupns=host --rm -v containers:/var/lib/containers:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw,rslave -w /crun -v ${PWD}:/crun wasmedge
;;
esac
shellcheck:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
- name: vars
run: |
echo 'VERSION=v0.8.0' >> $GITHUB_ENV
echo 'BASEURL=https://github.com/koalaman/shellcheck/releases/download' >> $GITHUB_ENV
echo 'SHA256SUM=f4bce23c11c3919c1b20bcb0f206f6b44c44e26f2bc95f8aa708716095fa0651' >> $GITHUB_ENV
echo ~/bin >> $GITHUB_PATH
- name: install shellcheck
run: |
mkdir ~/bin
curl -sSfL --retry 5 $BASEURL/$VERSION/shellcheck-$VERSION.linux.x86_64.tar.xz |
tar xfJ - -C ~/bin --strip 1 shellcheck-$VERSION/shellcheck
sha256sum ~/bin/shellcheck | grep -q $SHA256SUM
# make sure to remove the old version
sudo rm -f /usr/bin/shellcheck
- name: install dependencies
run: |
sudo apt-get update -q -y
sudo apt-get install -q -y automake libtool autotools-dev libseccomp-dev git make libcap-dev cmake pkg-config gcc wget go-md2man libsystemd-dev gperf clang-format libyajl-dev libprotobuf-c-dev
- uses: lumaxis/shellcheck-problem-matchers@v2
- name: shellcheck
run: |
find $(pwd) -name '.git' -exec bash -c 'git config --global --add safe.directory ${0%/.git}' {} \;
./autogen.sh
./configure
make shellcheck