Skip to content

CI

CI #884

Workflow file for this run

name: CI
on:
pull_request:
merge_group:
jobs:
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy
- run: cargo clippy --locked -- -D warnings
fmt:
name: Format check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- run: cargo fmt -- --check
test:
name: Setup, build and test
runs-on: ubuntu-latest
env:
KUBERNETES_VERSION: v1.30
CRIO_VERSION: v1.30
steps:
- name: Install CRI-O
run: |
# Already present on GitHub runners
# curl -fsSL https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/deb/Release.key |
# sudo gpg --batch --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/deb/ /" |
sudo tee /etc/apt/sources.list.d/kubernetes.list
curl -fsSL https://pkgs.k8s.io/addons:/cri-o:/stable:/$CRIO_VERSION/deb/Release.key |
sudo gpg --batch --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://pkgs.k8s.io/addons:/cri-o:/stable:/$CRIO_VERSION/deb/ /" |
sudo tee /etc/apt/sources.list.d/cri-o.list
sudo apt-get remove conmon
sudo apt-get update
sudo apt-get install -y cri-o docker
sudo systemctl start crio.service
- name: Install crictl
shell: sudo bash --noprofile --norc -eo pipefail {0}
run: apt-get install cri-tools
- name: Check CRI-O status
shell: sudo bash --noprofile --norc -eo pipefail {0}
run: |
systemctl status crio
sudo crictl version
- name: Pull images
run: |
docker pull ghcr.io/hermit-os/rusty_demo:latest
sudo crictl pull ghcr.io/hermit-os/rusty_demo:latest
- name: Setup rootfs
run: |
docker export $(docker create ghcr.io/hermit-os/rusty_demo:latest) > runh-image.tar
mkdir -p /home/runner/runh-image/rootfs
tar -xf runh-image.tar -C /home/runner/runh-image/rootfs
- name: Create CRI configurations
run: |
echo '{ "metadata": { "name": "hermit-sandbox", "namespace": "default", "attempt": 1, "uid": "hdishd83djaidwnduwk28bcsb" }, "log_directory": "/tmp", "linux": { } }' \
> /home/runner/pod.json
echo '{ "metadata": { "name": "rusty_demo" }, "image":{ "image": "ghcr.io/hermit-os/rusty_demo:latest" }, "log_path":"rusty_demo.log", "linux": { } }' \
> /home/runner/container.json
- uses: actions/checkout@v4
with:
lfs: true
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- name: Build runh
run: |
cargo install --locked --path .
sudo cp /home/runner/.cargo/bin/runh /usr/sbin/runh
sudo chown root:root /usr/sbin/runh
sudo chmod a+rx /usr/sbin/runh
- name: Setup runh with Docker
shell: sudo bash --noprofile --norc -eo pipefail {0}
run: |
sed -i 's/{/{ "default-runtime": "runc", "runtimes": { "runh": { "path": "\/home\/runner\/.cargo\/bin\/runh", "runtimeArgs": ["-l", "debug"] } },/g' /etc/docker/daemon.json
>&2 cat /etc/docker/daemon.json
systemctl restart docker || systemctl status docker
- name: Check Docker runtime
run: docker info|grep -i runtime
- name: Set up runh with CRI-O
id: runh-crio-setup
shell: sudo bash --noprofile --norc -eo pipefail {0}
run: |
sudo tee /etc/crio/crio.conf.d/00-runh.conf << EOF
[crio.runtime.runtimes.runh]
runtime_path = ""
runtime_type = "oci"
runtime_root = "/run/runh"
monitor_path = "/usr/libexec/crio/conmon"
privileged_without_host_devices = false
EOF
systemctl restart crio || systemctl status crio
- name: Test runh standalone
shell: sudo bash --noprofile --norc -eo pipefail {0}
if: ${{ always() && steps.runh-crio-setup.outcome == 'success' }}
run: |
cd /home/runner/runh-image
tree .
runh --root /run/runh spec --bundle . --args /hermit/rusty_demo
runh --root /run/runh -l debug create --bundle . runh-container
runh --root /run/runh -l debug start runh-container
sleep 10
runh --root /run/runh -l debug delete runh-container
- name: Test runh with CRIO
if: ${{ always() && steps.runh-crio-setup.outcome == 'success' }}
shell: sudo bash --noprofile --norc -eo pipefail {0}
run: |
crictl runp --runtime=runh /home/runner/pod.json > pod.id
export PODID=$(cat pod.id)
crictl inspectp $PODID
crictl create $PODID /home/runner/container.json /home/runner/pod.json > container.id
export CONTAINERID=$(cat container.id)
crictl start $CONTAINERID
crictl ps -a
sleep 5
crictl logs $CONTAINERID
crictl stop $CONTAINERID
crictl rm $CONTAINERID
crictl stopp $PODID
crictl rmp $PODID
- name: Test runh with Docker
shell: sudo bash --noprofile --norc -eo pipefail {0}
if: ${{ always() && steps.runh-crio-setup.outcome == 'success' }}
run: |
docker run --runtime=runh -it -d -p 9975:9975 ghcr.io/hermit-os/rusty_demo:latest > container.id
export CONTAINERID=$(cat container.id)
sleep 2
docker logs $CONTAINERID
docker stop $CONTAINERID