Merge pull request #9647 from bitoku/exec-cpu-affinity #17013
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: integration | |
| on: | |
| workflow_dispatch: | |
| push: | |
| tags: | |
| - v* | |
| branches: | |
| - main | |
| - release-* | |
| - update-nixpkgs-* | |
| pull_request: | |
| env: | |
| CONMON_BINARY: /usr/local/bin/conmon # from: scripts/github-actions-setup | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test-binaries: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| run: | |
| - runner: ubuntu-latest | |
| arch: amd64 | |
| - runner: ubuntu-24.04-arm | |
| arch: arm64 | |
| name: binaries / ${{ matrix.run.arch }} | |
| runs-on: ${{ matrix.run.runner }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
| with: | |
| go-version-file: go.mod | |
| - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: go-test-binaries-${{ matrix.run.arch }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('test') }} | |
| - run: scripts/github-actions-packages | |
| - run: GO_BUILDFLAGS="-cover" make all test-binaries | |
| - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: test-binaries-${{ matrix.run.arch }} | |
| path: | | |
| bin/crio | |
| bin/pinns | |
| test/checkcriu/checkcriu | |
| test/checkseccomp/checkseccomp | |
| test/copyimg/copyimg | |
| test/nri/nri.test | |
| integration: | |
| needs: test-binaries | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| run: | |
| # TODO: Re-enable runc integration tests when mitigation is found | |
| # Disabled due to AppArmor issue in nested environments | |
| # See: https://github.com/cri-o/cri-o/issues/9573 | |
| # See: https://github.com/opencontainers/runc/issues/4968 | |
| # - name: critest / conmon / runc / amd64 | |
| # arch: amd64 | |
| # runner: ubuntu-latest | |
| # defaultRuntime: runc | |
| # runtimeType: oci | |
| # critest: 1 | |
| # userns: 0 | |
| # jobs: 1 | |
| # timeout: 20 | |
| - name: critest / conmon / crun / amd64 | |
| arch: amd64 | |
| runner: ubuntu-latest | |
| defaultRuntime: crun | |
| runtimeType: oci | |
| critest: 1 | |
| userns: 0 | |
| jobs: 1 | |
| timeout: 20 | |
| # - name: critest / conmon-rs / runc / amd64 | |
| # arch: amd64 | |
| # runner: ubuntu-latest | |
| # defaultRuntime: runc | |
| # runtimeType: pod | |
| # critest: 1 | |
| # userns: 0 | |
| # jobs: 1 | |
| # timeout: 20 | |
| - name: critest / conmon-rs / crun / amd64 | |
| arch: amd64 | |
| runner: ubuntu-latest | |
| defaultRuntime: crun | |
| runtimeType: pod | |
| critest: 1 | |
| userns: 0 | |
| jobs: 1 | |
| timeout: 20 | |
| # - name: critest / conmon / runc / arm64 | |
| # arch: arm64 | |
| # runner: ubuntu-24.04-arm | |
| # defaultRuntime: runc | |
| # runtimeType: oci | |
| # critest: 1 | |
| # userns: 0 | |
| # jobs: 1 | |
| # timeout: 20 | |
| - name: critest / conmon / crun / arm64 | |
| arch: arm64 | |
| runner: ubuntu-24.04-arm | |
| defaultRuntime: crun | |
| runtimeType: oci | |
| critest: 1 | |
| userns: 0 | |
| jobs: 1 | |
| timeout: 20 | |
| # - name: critest / conmon-rs / runc / arm64 | |
| # arch: arm64 | |
| # runner: ubuntu-24.04-arm | |
| # defaultRuntime: runc | |
| # runtimeType: pod | |
| # critest: 1 | |
| # userns: 0 | |
| # jobs: 1 | |
| # timeout: 20 | |
| - name: critest / conmon-rs / crun / arm64 | |
| arch: arm64 | |
| runner: ubuntu-24.04-arm | |
| defaultRuntime: crun | |
| runtimeType: pod | |
| critest: 1 | |
| userns: 0 | |
| jobs: 1 | |
| timeout: 20 | |
| # - name: integration / conmon / runc / amd64 | |
| # arch: amd64 | |
| # runner: ubuntu-latest | |
| # defaultRuntime: runc | |
| # runtimeType: oci | |
| # critest: 0 | |
| # userns: 0 | |
| # jobs: 2 | |
| # timeout: 120 | |
| - name: integration / conmon / crun / amd64 | |
| arch: amd64 | |
| runner: ubuntu-latest | |
| defaultRuntime: crun | |
| runtimeType: oci | |
| critest: 0 | |
| userns: 0 | |
| jobs: 2 | |
| timeout: 120 | |
| - name: integration / conmon / crun / arm64 | |
| arch: arm64 | |
| runner: ubuntu-24.04-arm | |
| defaultRuntime: crun | |
| runtimeType: oci | |
| critest: 0 | |
| userns: 0 | |
| jobs: 2 | |
| timeout: 120 | |
| - name: integration / conmon-rs / crun / amd64 | |
| arch: amd64 | |
| runner: ubuntu-latest | |
| defaultRuntime: crun | |
| runtimeType: pod | |
| critest: 0 | |
| userns: 0 | |
| jobs: 2 | |
| timeout: 120 | |
| - name: integration / userns / crun / amd64 | |
| arch: amd64 | |
| runner: ubuntu-latest | |
| defaultRuntime: crun | |
| runtimeType: oci | |
| critest: 0 | |
| userns: 1 | |
| jobs: 2 | |
| timeout: 120 | |
| env: | |
| GOCOVERDIR: ${{ github.workspace }}/build/coverage/bats # It's used to make coverage profiles. https://go.dev/doc/build-cover | |
| name: ${{ matrix.run.name }} | |
| runs-on: ${{ matrix.run.runner }} | |
| timeout-minutes: ${{ matrix.run.timeout }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
| with: | |
| go-version-file: go.mod | |
| - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: go-${{ matrix.run.name }}-${{ matrix.run.arch }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('scripts/versions') }} | |
| - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: test-binaries-${{ matrix.run.arch }} | |
| - name: Fix artifact permissions | |
| run: | | |
| chmod +x \ | |
| bin/crio \ | |
| bin/pinns \ | |
| test/checkcriu/checkcriu \ | |
| test/checkseccomp/checkseccomp \ | |
| test/copyimg/copyimg \ | |
| test/nri/nri.test | |
| - run: scripts/github-actions-packages | |
| - run: scripts/github-actions-setup | |
| - name: Switch to runc instead of crun | |
| if: ${{ matrix.run.defaultRuntime == 'runc' }} | |
| run: | | |
| sudo ln -sf $(command -v runc) $(command -v crun) | |
| crun --version | |
| - name: Run the test suite | |
| run: sudo -E test/test_runner.sh | |
| env: | |
| JOBS: ${{ matrix.run.jobs }} | |
| RUN_CRITEST: ${{ matrix.run.critest }} | |
| RUNTIME_TYPE: ${{ matrix.run.runtimeType }} | |
| TEST_USERNS: ${{ matrix.run.userns }} | |
| CONTAINER_DEFAULT_RUNTIME: ${{ matrix.run.defaultRuntime }} | |
| # Codecov | |
| - run: | | |
| sudo chown -R $(id -u):$(id -g) build | |
| go tool covdata textfmt -i="$GOCOVERDIR" -o build/coverage/coverprofile | |
| - uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 | |
| with: | |
| files: build/coverage/coverprofile | |
| verbose: true | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} |