From 12d833d07d365becf5716d3bf22daa5d5e07bc52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 12 Sep 2023 10:35:54 +0200 Subject: [PATCH] ci: Add a very basic nerdctl sanity test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's add a very basic sanity test to check that we can spawn a containers using nerdctl + Kata Containers. This will ensure that, at least, we don't regress to the point where this feature doesn't work at all. In the future, we should also test all the VMMs with devmapper, but that's for a follow-up PR after this test is working as expected. Fixes: #7911 Signed-off-by: Fabiano FidĂȘncio --- .github/workflows/ci.yaml | 8 ++ .../workflows/run-nerdctl-tests-on-garm.yaml | 57 ++++++++++++++ tests/integration/nerdctl/gha-run.sh | 78 +++++++++++++++++++ 3 files changed, 143 insertions(+) create mode 100644 .github/workflows/run-nerdctl-tests-on-garm.yaml create mode 100644 tests/integration/nerdctl/gha-run.sh diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 4838344eee..8f7c90ffb2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -81,6 +81,14 @@ jobs: commit-hash: ${{ inputs.commit-hash }} target-branch: ${{ inputs.target-branch }} + run-nerdctl-tests-on-garm: + needs: build-kata-static-tarball-amd64 + uses: ./.github/workflows/run-nerdctl-tests-on-garm.yaml + with: + tarball-suffix: -${{ inputs.tag }} + commit-hash: ${{ inputs.commit-hash }} + target-branch: ${{ inputs.target-branch }} + run-kata-deploy-tests-on-aks: needs: publish-kata-deploy-payload-amd64 uses: ./.github/workflows/run-kata-deploy-tests-on-aks.yaml diff --git a/.github/workflows/run-nerdctl-tests-on-garm.yaml b/.github/workflows/run-nerdctl-tests-on-garm.yaml new file mode 100644 index 0000000000..a902d7cc5c --- /dev/null +++ b/.github/workflows/run-nerdctl-tests-on-garm.yaml @@ -0,0 +1,57 @@ +name: CI | Run nerdctl integration tests +on: + workflow_call: + inputs: + tarball-suffix: + required: false + type: string + commit-hash: + required: false + type: string + target-branch: + required: false + type: string + default: "" + +jobs: + run-nerdctl-tests: + strategy: + # We can set this to true whenever we're 100% sure that + # all the tests are not flaky, otherwise we'll fail them + # all due to a single flaky instance. + fail-fast: false + matrix: + vmm: + - clh + - dragonball + - qemu + runs-on: garm-ubuntu-2304 + env: + KATA_HYPERVISOR: ${{ matrix.vmm }} + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ inputs.commit-hash }} + fetch-depth: 0 + + - name: Rebase atop of the latest target branch + run: | + ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" + env: + TARGET_BRANCH: ${{ inputs.target-branch }} + + - name: Install dependencies + run: bash tests/integration/nerdctl/gha-run.sh install-dependencies + + - name: get-kata-tarball + uses: actions/download-artifact@v3 + with: + name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} + path: kata-artifacts + + - name: Install kata + run: bash tests/integration/nerdctl/gha-run.sh install-kata kata-artifacts + + - name: Run nerdctl smoke test + timeout-minutes: 5 + run: bash tests/integration/nerdctl/gha-run.sh run diff --git a/tests/integration/nerdctl/gha-run.sh b/tests/integration/nerdctl/gha-run.sh new file mode 100644 index 0000000000..dc15851564 --- /dev/null +++ b/tests/integration/nerdctl/gha-run.sh @@ -0,0 +1,78 @@ +#!/bin/bash +# +# Copyright (c) 2023 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# + +set -o errexit +set -o nounset +set -o pipefail + +kata_tarball_dir="${2:-kata-artifacts}" +nerdctl_dir="$(dirname "$(readlink -f "$0")")" +source "${nerdctl_dir}/../../common.bash" + +function install_dependencies() { + info "Installing the dependencies for running the nerdctl tests" + + # Dependency list of projects that we can rely on the system packages + # - wget + # - Used to download the nerdctl-full tarball + # - pip + # - Used to install lastversion, which will be used to get the latest + # release of the nerdctl + declare -a system_deps=( + wget + pip + ) + + sudo apt update + sudo apt -y install "${system_deps[@]}" + + # Install lastversion from pip + # + # --break-system-packages is, unfortunately, needed here as it'll also + # bring in some python3 dependencies on its own + pip install lastversion --break-system-packages + + # As the command above will install lastversion on $HOME/.local/bin, we + # need to add it to the PATH + export PATH=$PATH:${HOME}/.local/bin + + # Download the nerdctl-full tarball, as it comes with all the deps + # needed. + nerdctl_lastest_version=$(lastversion containerd/nerdctl) + wget https://github.com/containerd/nerdctl/releases/download/v${nerdctl_lastest_version}/nerdctl-full-${nerdctl_lastest_version}-linux-amd64.tar.gz + + # Unpack the latest nerdctl into /usr/local/ + sudo tar -xvf nerdctl-full-${nerdctl_lastest_version}-linux-amd64.tar.gz -C /usr/local/ + + # Start containerd service + sudo systemctl daemon-reload + sudo systemctl start containerd +} + +function run() { + info "Running nerdctl smoke test tests using ${KATA_HYPERVISOR} hypervisor" + + enabling_hypervisor + + info "Running nerdctl with runc" + sudo nerdctl run --rm alpine ping -c 2 www.github.com + + info "Running nerdctl with Kata Containers (${KATA_HYPERVISOR})" + sudo nerdctl run --rm --runtime io.containerd.kata.v2 alpine ping -c 2 www.github.com +} + +function main() { + action="${1:-}" + case "${action}" in + install-dependencies) install_dependencies ;; + install-kata) install_kata ;; + run) run ;; + *) >&2 die "Invalid argument" ;; + esac +} + +main "$@"