CI #842
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
merge_group: | |
jobs: | |
clippy: | |
name: Clippy | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: clippy | |
- run: cargo clippy --locked -- -D warnings | |
fmt: | |
name: Format check | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: rustfmt | |
- run: cargo fmt -- --check | |
test: | |
name: Setup, build and test | |
runs-on: ubuntu-latest | |
env: | |
KUBERNETES_VERSION: v1.30 | |
CRIO_VERSION: v1.30 | |
steps: | |
- name: Install CRI-O | |
run: | | |
# Already present on GitHub runners | |
# curl -fsSL https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/deb/Release.key | | |
# sudo gpg --batch --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg | |
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/deb/ /" | | |
sudo tee /etc/apt/sources.list.d/kubernetes.list | |
curl -fsSL https://pkgs.k8s.io/addons:/cri-o:/stable:/$CRIO_VERSION/deb/Release.key | | |
sudo gpg --batch --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg | |
echo "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://pkgs.k8s.io/addons:/cri-o:/stable:/$CRIO_VERSION/deb/ /" | | |
sudo tee /etc/apt/sources.list.d/cri-o.list | |
sudo apt-get remove conmon | |
sudo apt-get update | |
sudo apt-get install -y cri-o docker | |
sudo systemctl start crio.service | |
- name: Install crictl | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
run: apt-get install cri-tools | |
- name: Check CRI-O status | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
run: | | |
systemctl status crio | |
sudo crictl version | |
- name: Pull images | |
run: | | |
docker pull ghcr.io/hermit-os/hermit_env:latest | |
docker pull ghcr.io/hermit-os/rusty_demo:latest | |
sudo crictl pull ghcr.io/hermit-os/rusty_demo:latest | |
- name: Setup Hermit environment | |
run: | | |
docker export $(docker create ghcr.io/hermit-os/hermit_env:latest) > hermit-env.tar | |
sudo mkdir -p /run/runh/hermit | |
sudo tar -xf hermit-env.tar -C /run/runh/hermit | |
- name: Setup rootfs | |
run: | | |
docker export $(docker create ghcr.io/hermit-os/rusty_demo:latest) > runh-image.tar | |
mkdir -p /home/runner/runh-image/rootfs | |
tar -xf runh-image.tar -C /home/runner/runh-image/rootfs | |
- name: Create CRI configurations | |
run: | | |
echo '{ "metadata": { "name": "hermit-sandbox", "namespace": "default", "attempt": 1, "uid": "hdishd83djaidwnduwk28bcsb" }, "log_directory": "/tmp", "linux": { } }' \ | |
> /home/runner/pod.json | |
echo '{ "metadata": { "name": "rusty_demo" }, "image":{ "image": "ghcr.io/hermit-os/rusty_demo:latest" }, "log_path":"rusty_demo.log", "linux": { } }' \ | |
> /home/runner/container.json | |
- uses: actions/checkout@v4 | |
with: | |
lfs: true | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: Swatinem/rust-cache@v2 | |
- name: Build runh | |
run: | | |
cargo install --locked --path . | |
sudo cp /home/runner/.cargo/bin/runh /usr/sbin/runh | |
sudo chown root:root /usr/sbin/runh | |
sudo chmod a+rx /usr/sbin/runh | |
- name: Setup runh with Docker | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
run: | | |
sed -i 's/{/{ "default-runtime": "runc", "runtimes": { "runh": { "path": "\/home\/runner\/.cargo\/bin\/runh", "runtimeArgs": ["-l", "debug", "--hermit-env", "\/run\/runh\/hermit"] } },/g' /etc/docker/daemon.json | |
>&2 cat /etc/docker/daemon.json | |
systemctl restart docker || systemctl status docker | |
- name: Check Docker runtime | |
run: docker info|grep -i runtime | |
- name: Set up runh with CRI-O | |
id: runh-crio-setup | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
run: | | |
sudo tee /etc/crio/crio.conf.d/00-runh.conf << EOF | |
[crio.runtime.runtimes.runh] | |
runtime_path = "" | |
runtime_type = "oci" | |
runtime_root = "/run/runh" | |
monitor_path = "/usr/libexec/crio/conmon" | |
privileged_without_host_devices = false | |
EOF | |
systemctl restart crio || systemctl status crio | |
- name: Test runh standalone | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
if: ${{ always() && steps.runh-crio-setup.outcome == 'success' }} | |
run: | | |
cd /home/runner/runh-image | |
tree . | |
runh --root /run/runh spec --bundle . --args /hermit/rusty_demo | |
runh --root /run/runh -l debug create --bundle . runh-container | |
runh --root /run/runh -l debug start runh-container | |
sleep 10 | |
runh --root /run/runh -l debug delete runh-container | |
- name: Test runh with CRIO | |
if: ${{ always() && steps.runh-crio-setup.outcome == 'success' }} | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
run: | | |
crictl runp --runtime=runh /home/runner/pod.json > pod.id | |
export PODID=$(cat pod.id) | |
crictl inspectp $PODID | |
crictl create $PODID /home/runner/container.json /home/runner/pod.json > container.id | |
export CONTAINERID=$(cat container.id) | |
crictl start $CONTAINERID | |
crictl ps -a | |
sleep 5 | |
crictl logs $CONTAINERID | |
crictl stop $CONTAINERID | |
crictl rm $CONTAINERID | |
crictl stopp $PODID | |
crictl rmp $PODID | |
- name: Test runh with Docker | |
shell: sudo bash --noprofile --norc -eo pipefail {0} | |
if: ${{ always() && steps.runh-crio-setup.outcome == 'success' }} | |
run: | | |
docker run --runtime=runh -it -d -p 9975:9975 ghcr.io/hermit-os/rusty_demo:latest > container.id | |
export CONTAINERID=$(cat container.id) | |
sleep 2 | |
docker logs $CONTAINERID | |
docker stop $CONTAINERID |