From 285d5daa23584feb92c3a580f1769941e29cf2e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 3 Jun 2026 12:57:53 +0200 Subject: [PATCH] tests: install latest cri-tools dynamically MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolve the cri-tools release at install time instead of pinning a version in versions.yaml: install_cri_tools now queries the GitHub releases API for the absolute latest stable tag, and the kata-monitor, cri-containerd and nydus jobs call it directly. Also write /etc/crictl.yaml during containerd setup so crictl stops emitting deprecation warnings about the legacy default endpoints. Signed-off-by: Fabiano Fidêncio Assisted-by: OpenAI Codex --- tests/common.bash | 33 +++++++++++++++++++-- tests/functional/kata-monitor/gha-run.sh | 13 ++++---- tests/integration/cri-containerd/gha-run.sh | 10 ++++--- tests/integration/nydus/gha-run.sh | 14 +++++---- versions.yaml | 8 ----- 5 files changed, 51 insertions(+), 27 deletions(-) diff --git a/tests/common.bash b/tests/common.bash index 0df6f58a52..15c132e72e 100644 --- a/tests/common.bash +++ b/tests/common.bash @@ -1089,6 +1089,19 @@ function install_cri_containerd() { | sudo tee /etc/containerd/config.toml > /dev/null ensure_containerd_conf_d_rootful_api_sockets + # Drop a default /etc/crictl.yaml pointing at the freshly-installed + # containerd socket so crictl does not probe — and warn loudly about + # — the legacy default endpoints (dockershim, CRI-O, cri-dockerd) on + # every invocation. cri-tools v1.30+ deprecated the implicit default + # endpoint discovery, which means every crictl call without this + # config emits noisy validation errors for sockets that do not exist + # on the runner. + sudo tee /etc/crictl.yaml > /dev/null <<-EOF + runtime-endpoint: unix:///run/containerd/containerd.sock + image-endpoint: unix:///run/containerd/containerd.sock + timeout: 10 + EOF + # Always write the service file pointing at the just-installed binary and # reload systemd so the correct binary is used on the next start. # The runner image may have a pre-installed containerd unit pointing at a @@ -1129,12 +1142,26 @@ EOF sudo systemctl daemon-reload } -# base_version: The version to be intalled in the ${major}.${minor} format +# Installs cri-tools (crictl). When a base_version (${major}.${minor}) is +# supplied the matching latest patch release is used; otherwise — and this is +# the default in CI — the absolute latest stable release published on GitHub +# is fetched. cri-tools is intentionally not pinned in versions.yaml so we +# always exercise a crictl that speaks current CRI protocol revisions. function install_cri_tools() { - base_version="${1}" + base_version="${1:-}" project="kubernetes-sigs/cri-tools" - version=$(get_latest_patch_release_from_a_github_project "${project}" "${base_version}") + if [[ -n "${base_version}" ]]; then + version=$(get_latest_patch_release_from_a_github_project "${project}" "${base_version}") + else + version=$(curl \ + ${GH_TOKEN:+--header "Authorization: Bearer ${GH_TOKEN}"} \ + --fail-with-body \ + --show-error \ + --silent \ + "https://api.github.com/repos/${project}/releases/latest" \ + | jq -r .tag_name) + fi tarball_name="crictl-${version}-linux-$("${repo_root_dir}"/tests/kata-arch.sh -g).tar.gz" diff --git a/tests/functional/kata-monitor/gha-run.sh b/tests/functional/kata-monitor/gha-run.sh index ec775e68fa..b1f697c9d5 100755 --- a/tests/functional/kata-monitor/gha-run.sh +++ b/tests/functional/kata-monitor/gha-run.sh @@ -35,23 +35,24 @@ function install_dependencies() { # Dependency list of projects that we can install # directly from their releases on GitHub: - # - cri-tools # - containerd # - cri-container-cni release tarball already includes CNI plugins # - runc # - cni-plugins - cri_tools_version=$(get_from_kata_deps ".externals.critools.latest") declare -a github_deps - github_deps[0]="cri_tools:${cri_tools_version}" # shellcheck disable=SC2154 - github_deps[1]="cri_containerd:$(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")" - github_deps[2]="runc:$(get_from_kata_deps ".externals.runc.latest")" - github_deps[3]="cni_plugins:$(get_from_kata_deps ".externals.cni-plugins.version")" + github_deps[0]="cri_containerd:$(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")" + github_deps[1]="runc:$(get_from_kata_deps ".externals.runc.latest")" + github_deps[2]="cni_plugins:$(get_from_kata_deps ".externals.cni-plugins.version")" for github_dep in "${github_deps[@]}"; do IFS=":" read -r -a dep <<< "${github_dep}" "install_${dep[0]}" "${dep[1]}" done + + # cri-tools is resolved at install time to the absolute latest + # release, so it is not pinned via versions.yaml. + install_cri_tools } function run() { diff --git a/tests/integration/cri-containerd/gha-run.sh b/tests/integration/cri-containerd/gha-run.sh index 155716ae95..7eefc1d720 100755 --- a/tests/integration/cri-containerd/gha-run.sh +++ b/tests/integration/cri-containerd/gha-run.sh @@ -51,19 +51,21 @@ function install_dependencies() { # directly from their releases on GitHub: # - containerd # - cri-container-cni release tarball already includes CNI plugins - # - cri-tools declare -a github_deps # shellcheck disable=SC2154 github_deps[0]="cri_containerd:$(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")" - github_deps[1]="cri_tools:$(get_from_kata_deps ".externals.critools.latest")" - github_deps[2]="runc:$(get_from_kata_deps ".externals.runc.latest")" - github_deps[3]="cni_plugins:$(get_from_kata_deps ".externals.cni-plugins.version")" + github_deps[1]="runc:$(get_from_kata_deps ".externals.runc.latest")" + github_deps[2]="cni_plugins:$(get_from_kata_deps ".externals.cni-plugins.version")" for github_dep in "${github_deps[@]}"; do IFS=":" read -r -a dep <<< "${github_dep}" "install_${dep[0]}" "${dep[1]}" done + # cri-tools is resolved at install time to the absolute latest + # release, so it is not pinned via versions.yaml. + install_cri_tools + # Clone containerd as we'll need to build it in order to run the tests # base_version: The version to be intalled in the ${major}.${minor} format clone_cri_containerd "$(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")" diff --git a/tests/integration/nydus/gha-run.sh b/tests/integration/nydus/gha-run.sh index 1f8b28c866..1e7d3aa8af 100755 --- a/tests/integration/nydus/gha-run.sh +++ b/tests/integration/nydus/gha-run.sh @@ -33,22 +33,24 @@ function install_dependencies() { # directly from their releases on GitHub: # - containerd # - cri-container-cni release tarball already includes CNI plugins - # - cri-tools # - nydus # - nydus-snapshotter declare -a github_deps # shellcheck disable=SC2154 github_deps[0]="cri_containerd:$(get_from_kata_deps ".externals.containerd.${CONTAINERD_VERSION}")" - github_deps[1]="cri_tools:$(get_from_kata_deps ".externals.critools.latest")" - github_deps[2]="nydus:$(get_from_kata_deps ".externals.nydus.version")" - github_deps[3]="nydus_snapshotter:$(get_from_kata_deps ".externals.nydus-snapshotter.version")" - github_deps[4]="runc:$(get_from_kata_deps ".externals.runc.latest")" - github_deps[5]="cni_plugins:$(get_from_kata_deps ".externals.cni-plugins.version")" + github_deps[1]="nydus:$(get_from_kata_deps ".externals.nydus.version")" + github_deps[2]="nydus_snapshotter:$(get_from_kata_deps ".externals.nydus-snapshotter.version")" + github_deps[3]="runc:$(get_from_kata_deps ".externals.runc.latest")" + github_deps[4]="cni_plugins:$(get_from_kata_deps ".externals.cni-plugins.version")" for github_dep in "${github_deps[@]}"; do IFS=":" read -r -a dep <<< "${github_dep}" "install_${dep[0]}" "${dep[1]}" done + + # cri-tools is resolved at install time to the absolute latest + # release, so it is not pinned via versions.yaml. + install_cri_tools } function run() { diff --git a/versions.yaml b/versions.yaml index d9317b13f6..765a46fe61 100644 --- a/versions.yaml +++ b/versions.yaml @@ -315,14 +315,6 @@ externals: minimum: "v1.7" latest: "v2.3" - critools: - description: "CLI tool for Container Runtime Interface (CRI)" - url: "https://github.com/kubernetes-sigs/cri-tools" - version: "1.23.0" - # As we don't want to disrupt what we have on the `tests` repo, let's - # create a "latest" entry and use that for the GitHub actions tests. - latest: "v1.29" - runc: description: "CLI tool for spawning and running containers" url: "https://github.com/opencontainers/runc"