CI #773
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
merge_group: | |
jobs: | |
clippy: | |
name: Clippy | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: clippy | |
- run: cargo clippy --locked -- -D warnings | |
fmt: | |
name: Format check | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: rustfmt | |
- run: cargo fmt -- --check | |
test: | |
name: Setup, build and test | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Install CRI-O | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
run: | | |
export DEBIAN_FRONTEND=noninteractive | |
apt update --fix-missing | |
apt-get install -y curl gnupg tree conntrack | |
export OS=xUbuntu_20.04 | |
export VERSION=1.25 | |
echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list | |
echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list | |
mkdir -p /usr/share/keyrings | |
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg | |
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg | |
apt update --fix-missing | |
apt-get install -f -y cri-o cri-o-runc | |
crio config --default 1> /etc/crio/crio.conf | |
systemctl start crio.service | |
cat << END > /etc/crictl.yaml | |
runtime-endpoint: "unix:///var/run/crio/crio.sock" | |
image-endpoint: "unix:///var/run/crio/crio.sock" | |
timeout: 2 | |
debug: false | |
END | |
- name: Install crictl | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
run: apt-get install cri-tools | |
- name: Check CRI-O status | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
run: | | |
systemctl status crio | |
sudo crictl version | |
- name: Pull images | |
run: | | |
docker pull ghcr.io/hermit-os/hermit_env:latest | |
docker pull ghcr.io/hermit-os/rusty_demo:latest | |
sudo crictl pull ghcr.io/hermit-os/rusty_demo:latest | |
- name: Setup Hermit environment | |
run: | | |
docker export $(docker create ghcr.io/hermit-os/hermit_env:latest) > hermit-env.tar | |
sudo mkdir -p /run/runh/hermit | |
sudo tar -xf hermit-env.tar -C /run/runh/hermit | |
- name: Setup rootfs | |
run: | | |
docker export $(docker create ghcr.io/hermit-os/rusty_demo:latest) > runh-image.tar | |
mkdir -p /home/runner/runh-image/rootfs | |
tar -xf runh-image.tar -C /home/runner/runh-image/rootfs | |
- name: Create CRI configurations | |
run: | | |
echo '{ "metadata": { "name": "hermit-sandbox", "namespace": "default", "attempt": 1, "uid": "hdishd83djaidwnduwk28bcsb" }, "log_directory": "/tmp", "linux": { } }' \ | |
> /home/runner/pod.json | |
echo '{ "metadata": { "name": "rusty_demo" }, "image":{ "image": "ghcr.io/hermit-os/rusty_demo:latest" }, "log_path":"rusty_demo.log", "linux": { } }' \ | |
> /home/runner/container.json | |
- uses: actions/checkout@v4 | |
with: | |
lfs: true | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: Swatinem/rust-cache@v2 | |
- name: Build runh | |
run: | | |
cargo install --locked --path . | |
sudo cp /home/runner/.cargo/bin/runh /usr/sbin/runh | |
sudo chown root:root /usr/sbin/runh | |
sudo chmod a+rx /usr/sbin/runh | |
- name: Setup runh with Docker | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
run: | | |
sed -i 's/{/{ "default-runtime": "runc", "runtimes": { "runh": { "path": "\/home\/runner\/.cargo\/bin\/runh", "runtimeArgs": ["-l", "debug", "--hermit-env", "\/run\/runh\/hermit"] } },/g' /etc/docker/daemon.json | |
>&2 cat /etc/docker/daemon.json | |
systemctl restart docker || systemctl status docker | |
- name: Check Docker runtime | |
run: docker info|grep -i runtime | |
- name: Set up runh with CRI-O | |
id: runh-crio-setup | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
run: | | |
sed -i 's/\[crio.runtime.runtimes.runc\]/\[crio.runtime.runtimes.runh\]\nruntime_path = ""\nruntime_type = "oci"\nruntime_root = "\/run\/runh"\nprivileged_without_host_devices = false\n\n\[crio.runtime.runtimes.runc\]/g' /etc/crio/crio.conf | |
systemctl restart crio || systemctl status crio | |
>&2 cat /etc/crio/crio.conf | |
- name: Test runh standalone | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
if: ${{ always() && steps.runh-crio-setup.outcome == 'success' }} | |
run: | | |
cd /home/runner/runh-image | |
tree . | |
runh --root /run/runh spec --bundle . --args /hermit/rusty_demo | |
runh --root /run/runh -l debug create --bundle . runh-container | |
runh --root /run/runh -l debug start runh-container | |
sleep 10 | |
runh --root /run/runh -l debug delete runh-container | |
- name: Test runh with CRIO | |
if: ${{ always() && steps.runh-crio-setup.outcome == 'success' }} | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
run: | | |
crictl runp --runtime=runh /home/runner/pod.json > pod.id | |
export PODID=$(cat pod.id) | |
crictl inspectp $PODID | |
crictl create $PODID /home/runner/container.json /home/runner/pod.json > container.id | |
export CONTAINERID=$(cat container.id) | |
crictl start $CONTAINERID | |
crictl ps -a | |
sleep 5 | |
crictl logs $CONTAINERID | |
crictl stop $CONTAINERID | |
crictl rm $CONTAINERID | |
crictl stopp $PODID | |
crictl rmp $PODID | |
- name: Test runh with Docker | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
if: ${{ always() && steps.runh-crio-setup.outcome == 'success' }} | |
run: | | |
docker run --runtime=runh -it -d -p 9975:9975 ghcr.io/hermit-os/rusty_demo:latest > container.id | |
export CONTAINERID=$(cat container.id) | |
sleep 2 | |
docker logs $CONTAINERID | |
docker stop $CONTAINERID |