Skip to content

CI

CI #774

Workflow file for this run

name: CI
on:
pull_request:
merge_group:
jobs:
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy
- run: cargo clippy --locked -- -D warnings
fmt:
name: Format check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- run: cargo fmt -- --check
test:
name: Setup, build and test
runs-on: ubuntu-20.04
steps:
- name: Install CRI-O
shell: sudo bash --noprofile --norc -eo pipefail {0}
run: |
export DEBIAN_FRONTEND=noninteractive
apt update --fix-missing
apt-get install -y curl gnupg tree conntrack
export OS=xUbuntu_20.04
export VERSION=1.25
echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list
mkdir -p /usr/share/keyrings
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg
apt update --fix-missing
apt-get install -f -y cri-o cri-o-runc
crio config --default 1> /etc/crio/crio.conf
systemctl start crio.service
cat << END > /etc/crictl.yaml
runtime-endpoint: "unix:///var/run/crio/crio.sock"
image-endpoint: "unix:///var/run/crio/crio.sock"
timeout: 2
debug: false
END
- name: Install crictl
shell: sudo bash --noprofile --norc -eo pipefail {0}
run: apt-get install cri-tools
- name: Check CRI-O status
shell: sudo bash --noprofile --norc -eo pipefail {0}
run: |
systemctl status crio
sudo crictl version
- name: Pull images
run: |
docker pull ghcr.io/hermit-os/hermit_env:latest
docker pull ghcr.io/hermit-os/rusty_demo:latest
sudo crictl pull ghcr.io/hermit-os/rusty_demo:latest
- name: Setup Hermit environment
run: |
docker export $(docker create ghcr.io/hermit-os/hermit_env:latest) > hermit-env.tar
sudo mkdir -p /run/runh/hermit
sudo tar -xf hermit-env.tar -C /run/runh/hermit
- name: Setup rootfs
run: |
docker export $(docker create ghcr.io/hermit-os/rusty_demo:latest) > runh-image.tar
mkdir -p /home/runner/runh-image/rootfs
tar -xf runh-image.tar -C /home/runner/runh-image/rootfs
- name: Create CRI configurations
run: |
echo '{ "metadata": { "name": "hermit-sandbox", "namespace": "default", "attempt": 1, "uid": "hdishd83djaidwnduwk28bcsb" }, "log_directory": "/tmp", "linux": { } }' \
> /home/runner/pod.json
echo '{ "metadata": { "name": "rusty_demo" }, "image":{ "image": "ghcr.io/hermit-os/rusty_demo:latest" }, "log_path":"rusty_demo.log", "linux": { } }' \
> /home/runner/container.json
- uses: actions/checkout@v4
with:
lfs: true
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- name: Build runh
run: |
cargo install --locked --path .
sudo cp /home/runner/.cargo/bin/runh /usr/sbin/runh
sudo chown root:root /usr/sbin/runh
sudo chmod a+rx /usr/sbin/runh
- name: Setup runh with Docker
shell: sudo bash --noprofile --norc -eo pipefail {0}
run: |
sed -i 's/{/{ "default-runtime": "runc", "runtimes": { "runh": { "path": "\/home\/runner\/.cargo\/bin\/runh", "runtimeArgs": ["-l", "debug", "--hermit-env", "\/run\/runh\/hermit"] } },/g' /etc/docker/daemon.json
>&2 cat /etc/docker/daemon.json
systemctl restart docker || systemctl status docker
- name: Check Docker runtime
run: docker info|grep -i runtime
- name: Set up runh with CRI-O
id: runh-crio-setup
shell: sudo bash --noprofile --norc -eo pipefail {0}
run: |
sed -i 's/\[crio.runtime.runtimes.runc\]/\[crio.runtime.runtimes.runh\]\nruntime_path = ""\nruntime_type = "oci"\nruntime_root = "\/run\/runh"\nprivileged_without_host_devices = false\n\n\[crio.runtime.runtimes.runc\]/g' /etc/crio/crio.conf
systemctl restart crio || systemctl status crio
>&2 cat /etc/crio/crio.conf
- name: Test runh standalone
shell: sudo bash --noprofile --norc -eo pipefail {0}
if: ${{ always() && steps.runh-crio-setup.outcome == 'success' }}
run: |
cd /home/runner/runh-image
tree .
runh --root /run/runh spec --bundle . --args /hermit/rusty_demo
runh --root /run/runh -l debug create --bundle . runh-container
runh --root /run/runh -l debug start runh-container
sleep 10
runh --root /run/runh -l debug delete runh-container
- name: Test runh with CRIO
if: ${{ always() && steps.runh-crio-setup.outcome == 'success' }}
shell: sudo bash --noprofile --norc -eo pipefail {0}
run: |
crictl runp --runtime=runh /home/runner/pod.json > pod.id
export PODID=$(cat pod.id)
crictl inspectp $PODID
crictl create $PODID /home/runner/container.json /home/runner/pod.json > container.id
export CONTAINERID=$(cat container.id)
crictl start $CONTAINERID
crictl ps -a
sleep 5
crictl logs $CONTAINERID
crictl stop $CONTAINERID
crictl rm $CONTAINERID
crictl stopp $PODID
crictl rmp $PODID
- name: Test runh with Docker
shell: sudo bash --noprofile --norc -eo pipefail {0}
if: ${{ always() && steps.runh-crio-setup.outcome == 'success' }}
run: |
docker run --runtime=runh -it -d -p 9975:9975 ghcr.io/hermit-os/rusty_demo:latest > container.id
export CONTAINERID=$(cat container.id)
sleep 2
docker logs $CONTAINERID
docker stop $CONTAINERID