Merge pull request #7916 from fidencio/topic/add-functional-nerdctl-tests

ci: Add a very basic nerdctl sanity test
2025-07-10 22:03:23 +00:00 · 2023-09-12 17:47:08 +02:00 · 2023-09-12 17:47:08 +02:00 · 2d8447fc6b
commit 2d8447fc6b
parent 7feb8de9dc f536ef5ce1
4 changed files with 148 additions and 1 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -74,13 +74,21 @@ jobs:
          file: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/Dockerfile

  run-docker-tests-on-garm:
-    needs: publish-kata-deploy-payload-amd64
+    needs: build-kata-static-tarball-amd64
    uses: ./.github/workflows/run-docker-tests-on-garm.yaml
    with:
      tarball-suffix: -${{ inputs.tag }}
      commit-hash: ${{ inputs.commit-hash }}
      target-branch: ${{ inputs.target-branch }}

+  run-nerdctl-tests-on-garm:
+    needs: build-kata-static-tarball-amd64
+    uses: ./.github/workflows/run-nerdctl-tests-on-garm.yaml
+    with:
+      tarball-suffix: -${{ inputs.tag }}
+      commit-hash: ${{ inputs.commit-hash }}
+      target-branch: ${{ inputs.target-branch }}
+
  run-kata-deploy-tests-on-aks:
    needs: publish-kata-deploy-payload-amd64
    uses: ./.github/workflows/run-kata-deploy-tests-on-aks.yaml
--- a/.github/workflows/run-nerdctl-tests-on-garm.yaml
+++ b/.github/workflows/run-nerdctl-tests-on-garm.yaml
@ -0,0 +1,57 @@
+name: CI | Run nerdctl integration tests
+on:
+  workflow_call:
+    inputs:
+      tarball-suffix:
+        required: false
+        type: string
+      commit-hash:
+        required: false
+        type: string
+      target-branch:
+        required: false
+        type: string
+        default: ""
+
+jobs:
+  run-nerdctl-tests:
+    strategy:
+      # We can set this to true whenever we're 100% sure that
+      # all the tests are not flaky, otherwise we'll fail them
+      # all due to a single flaky instance.
+      fail-fast: false
+      matrix:
+        vmm:
+          - clh
+          - dragonball
+          - qemu
+    runs-on: garm-ubuntu-2304
+    env:
+      KATA_HYPERVISOR: ${{ matrix.vmm }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ inputs.commit-hash }}
+          fetch-depth: 0
+
+      - name: Rebase atop of the latest target branch
+        run: |
+          ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
+        env:
+          TARGET_BRANCH: ${{ inputs.target-branch }}
+
+      - name: Install dependencies
+        run: bash tests/integration/nerdctl/gha-run.sh install-dependencies
+
+      - name: get-kata-tarball
+        uses: actions/download-artifact@v3
+        with:
+          name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
+          path: kata-artifacts
+
+      - name: Install kata
+        run: bash tests/integration/nerdctl/gha-run.sh install-kata kata-artifacts
+
+      - name: Run nerdctl smoke test
+        timeout-minutes: 5
+        run: bash tests/integration/nerdctl/gha-run.sh run
--- a/tests/integration/docker/gha-run.sh
+++ b/tests/integration/docker/gha-run.sh
@ -38,6 +38,10 @@ function run() {

 	enabling_hypervisor

+	info "Running docker with runc"
+	sudo docker run --rm alpine ping -c 2 www.github.com
+
+	info "Running docker with Kata Containers (${KATA_HYPERVISOR})"
 	sudo docker run --rm --runtime io.containerd.kata.v2 alpine ping -c 2 www.github.com
 }

--- a/tests/integration/nerdctl/gha-run.sh
+++ b/tests/integration/nerdctl/gha-run.sh
@ -0,0 +1,78 @@
+#!/bin/bash
+#
+# Copyright (c) 2023 Intel Corporation
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+kata_tarball_dir="${2:-kata-artifacts}"
+nerdctl_dir="$(dirname "$(readlink -f "$0")")"
+source "${nerdctl_dir}/../../common.bash"
+
+function install_dependencies() {
+	info "Installing the dependencies for running the nerdctl tests"
+
+	# Dependency list of projects that we can rely on the system packages
+	# - wget
+	#   - Used to download the nerdctl-full tarball
+	# - pip
+	#   - Used to install lastversion, which will be used to get the latest
+	#     release of the nerdctl
+        declare -a system_deps=(
+		wget
+		pip
+	)
+
+	sudo apt update
+	sudo apt -y install "${system_deps[@]}"
+
+	# Install lastversion from pip
+	#
+	# --break-system-packages is, unfortunately, needed here as it'll also
+	# bring in some python3 dependencies on its own
+	pip install lastversion --break-system-packages
+
+	# As the command above will install lastversion on $HOME/.local/bin, we
+	# need to add it to the PATH
+	export PATH=$PATH:${HOME}/.local/bin
+
+	# Download the nerdctl-full tarball, as it comes with all the deps
+	# needed.
+	nerdctl_lastest_version=$(lastversion containerd/nerdctl)
+	wget https://github.com/containerd/nerdctl/releases/download/v${nerdctl_lastest_version}/nerdctl-full-${nerdctl_lastest_version}-linux-amd64.tar.gz
+
+	# Unpack the latest nerdctl into /usr/local/
+	sudo tar -xvf nerdctl-full-${nerdctl_lastest_version}-linux-amd64.tar.gz -C /usr/local/
+
+	# Start containerd service
+	sudo systemctl daemon-reload
+	sudo systemctl start containerd
+}
+
+function run() {
+	info "Running nerdctl smoke test tests using ${KATA_HYPERVISOR} hypervisor"
+
+	enabling_hypervisor
+
+	info "Running nerdctl with runc"
+	sudo nerdctl run --rm alpine ping -c 2 www.github.com
+
+	info "Running nerdctl with Kata Containers (${KATA_HYPERVISOR})"
+	sudo nerdctl run --rm --runtime io.containerd.kata.v2 alpine ping -c 2 www.github.com
+}
+
+function main() {
+	action="${1:-}"
+	case "${action}" in
+		install-dependencies) install_dependencies ;;
+		install-kata) install_kata ;;
+		run) run ;;
+		*) >&2 die "Invalid argument" ;;
+	esac
+}
+
+main "$@"