Skip to content

CRI-O

CRI-O #8

Workflow file for this run

name: CRI-O
on:
push:
tags:
- "*"
branches:
- master
pull_request:
jobs:
test:
strategy:
fail-fast: false
matrix:
suite:
- e2e
- critest
oci-runtime:
- crun
- runc
monitor:
- conmon
- conmon-rs
name: ${{matrix.suite}} / ${{matrix.oci-runtime}} / ${{matrix.monitor}}
runs-on: ubuntu-22.04
steps:
- name: Checkout cri-tools
uses: actions/checkout@v4
- name: Install go
uses: actions/setup-go@v5
with:
go-version: '1.22'
- name: Setup system
run: |
# enable necessary kernel modules
sudo ip6tables --list >/dev/null
# enable necessary sysctls
sudo sysctl -w net.ipv4.conf.all.route_localnet=1
sudo sysctl -w net.bridge.bridge-nf-call-iptables=1
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -I POSTROUTING -s 127.0.0.0/8 ! -d 127.0.0.0/8 -j MASQUERADE
- name: Install ginkgo
run: |
go install github.com/onsi/ginkgo/v2/ginkgo@latest
ginkgo version
sudo cp $(command -v ginkgo) /usr/local/bin
- name: Install CRI-O
run: |
curl https://raw.githubusercontent.com/cri-o/packaging/main/get | sudo bash
- name: Configure CRI-O
run: |
sudo mkdir -p /etc/crio/crio.conf.d
printf '[crio.runtime]\nlog_level = "debug"\n' | sudo tee /etc/crio/crio.conf.d/01-log-level.conf
- name: Configure CRI-O to use conmon-rs intead of the default conmon
if: ${{matrix.monitor == 'conmon-rs'}}
run: |
sudo sed -i -E 's;(monitor_path = ).*;\1"/usr/libexec/crio/conmonrs"\nruntime_type = "pod";g' /etc/crio/crio.conf.d/10-crio.conf
- name: Configure CRI-O to use runc instead of the default crun
if: ${{matrix.oci-runtime == 'runc'}}
run: |
sudo sed -i -E 's;(default_runtime = ).*;\1"runc";g' /etc/crio/crio.conf.d/10-crio.conf
- name: Show the CRI-O config drop-in
run: cat /etc/crio/crio.conf.d/10-crio.conf
- name: Start CRI-O
run: |
sudo systemctl daemon-reload
sudo systemctl start crio
sudo crio status config
- name: Build cri-tools
run: |
make
sudo -E PATH=$PATH make install
- name: Run critest
if: ${{matrix.suite == 'critest'}}
shell: bash
run: |
set -euox pipefail
ARGS=()
# TODO: check why these tests fail on that combination
if [[ "${{matrix.oci-runtime}}" == "crun" ]]; then
SKIP=rshared
if [[ "${{matrix.monitor}}" == "conmon-rs" ]]; then
SKIP="$SKIP|SupplementalGroups|AppArmor|RunAsUser"
fi
ARGS=(--ginkgo.skip "$SKIP")
fi
set +o errexit
sudo -E PATH=$PATH critest \
--runtime-endpoint=unix:///var/run/crio/crio.sock \
--parallel=$(nproc) \
--ginkgo.flake-attempts=3 \
--ginkgo.randomize-all \
--ginkgo.timeout=2m \
--ginkgo.trace \
--ginkgo.vv \
"${ARGS[@]}"
TEST_RC=$?
set -o errexit
sudo journalctl --no-pager > journal.log
test $TEST_RC -ne 0 && cat journal.log
exit $TEST_RC
- name: Run crictl e2e tests
if: ${{matrix.suite == 'e2e'}}
shell: bash
run: |
set -euox pipefail
set +o errexit
sudo -E PATH=$PATH make test-e2e \
TESTFLAGS="-crictl-runtime-endpoint=unix://var/run/crio/crio.sock"
TEST_RC=$?
set -o errexit
sudo journalctl --no-pager > journal.log
test $TEST_RC -ne 0 && cat journal.log
exit $TEST_RC
- name: Upload logs
uses: actions/upload-artifact@v4
with:
name: ${{matrix.suite}}-${{matrix.oci-runtime}}-${{matrix.monitor}}-${{github.sha}}.log
path: journal.log