diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7f4cf69f50..e7ce3559ea 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,162 +3,162 @@ on: pull_request: jobs: - check_go_mod: - name: check_go_mod - runs-on: ubuntu-22.04 - container: golang:1.21.9 - steps: - - uses: actions/checkout@v2 - - - name: Check go.mod - run: | - git config --global --add safe.directory $(pwd) - ./scripts/check-go.mod - - lint_markdown: - name: lint_markdown - runs-on: ubuntu-22.04 - container: node:18-slim - steps: - - uses: actions/checkout@v2 - - - name: Install markdownlint - run: npm install -g markdownlint-cli - - - name: Check for Lint - run: markdownlint . - - check_source: - name: check_source - runs-on: ubuntu-22.04 - container: golangci/golangci-lint:v1.59.1 - steps: - - uses: actions/checkout@v2 - - - name: Check apptainer source - run: | - git config --global --add safe.directory $(pwd) - ./mconfig -v -p /usr/local --with-suid - make -C ./builddir check - - shellcheck: - name: shellcheck - runs-on: ubuntu-22.04 - container: koalaman/shellcheck-alpine - steps: - - uses: actions/checkout@v2 - - name: shellcheck files that appear to be sh or bash scripts (or some cousin thereof) - run: | - shellcheck $( ./scripts/get-shell-files.sh ) - - alpine: - name: alpine - runs-on: ubuntu-22.04 - container: golang:1.22-alpine - steps: - - name: Fetch deps - run: apk add -q --no-cache git bash alpine-sdk automake libtool linux-headers libarchive-dev util-linux-dev libuuid openssl-dev gawk sed cryptsetup - - - uses: actions/checkout@v2 - - - name: Build Apptainer - run: | - git config --global --add safe.directory $(pwd) - ./mconfig -v -p /usr/local --with-suid - make -C ./builddir all - - oldgo: - name: oldgo - runs-on: ubuntu-22.04 - # match the minimum version required by mconfig - container: golang:1.21-alpine - steps: - - name: Fetch deps - run: apk add -q --no-cache git bash alpine-sdk automake libtool linux-headers libarchive-dev util-linux-dev libuuid openssl-dev gawk sed cryptsetup - - - uses: actions/checkout@v2 - - - name: Build Apptainer - run: | - git config --global --add safe.directory $(pwd) - ./mconfig -v -p /usr/local --with-suid - make -C ./builddir all - - check_test_corpus: - name: check_test_corpus - runs-on: ubuntu-22.04 - container: golang:1.21.9 - steps: - - uses: actions/checkout@v2 - - - name: Generate Certificates - run: | - git config --global --add safe.directory $(pwd) - cd test/certs/ && go run ./gen_certs.go && cd ../.. - - - name: Check Test Corpus Tidiness - run: git diff --exit-code -- - - check_license_dependencies: - name: check_license_dependencies - runs-on: ubuntu-22.04 - container: golang:1.21.9 - steps: - - uses: actions/checkout@v2 - - - name: Update LICENSE_DEPENDENCIES.md - run: | - git config --global --add safe.directory $(pwd) - ./scripts/update-license-dependencies.sh - - - name: Check License Changes - run: git diff --exit-code -- LICENSE_DEPENDENCIES.md - - debian: - name: debian - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v2 - # fetch tags as checkout@v2 doesn't do that by default - - run: git fetch --prune --unshallow --tags --force - - - name: Build and test deb under docker - env: - OS_TYPE: debian - OS_VERSION: 11 - # setting GO_ARCH speeds things by using go binaries instead of source - GO_ARCH: linux-amd64 - run: ./scripts/ci-docker-run - - ubuntu-2310: - name: debbuild-ubuntu23 - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v2 - # fetch tags as checkout@v2 doesn't do that by default - - run: git fetch --prune --unshallow --tags --force - - - name: Build and test deb under docker - env: - OS_TYPE: ubuntu - OS_VERSION: '23.10' - GO_ARCH: linux-amd64 - run: ./scripts/ci-docker-run + # check_go_mod: + # name: check_go_mod + # runs-on: ubuntu-22.04 + # container: golang:1.21.9 + # steps: + # - uses: actions/checkout@v2 + + # - name: Check go.mod + # run: | + # git config --global --add safe.directory $(pwd) + # ./scripts/check-go.mod + + # lint_markdown: + # name: lint_markdown + # runs-on: ubuntu-22.04 + # container: node:18-slim + # steps: + # - uses: actions/checkout@v2 + + # - name: Install markdownlint + # run: npm install -g markdownlint-cli + + # - name: Check for Lint + # run: markdownlint . + + # check_source: + # name: check_source + # runs-on: ubuntu-22.04 + # container: golangci/golangci-lint:v1.59.1 + # steps: + # - uses: actions/checkout@v2 + + # - name: Check apptainer source + # run: | + # git config --global --add safe.directory $(pwd) + # ./mconfig -v -p /usr/local --with-suid + # make -C ./builddir check + + # shellcheck: + # name: shellcheck + # runs-on: ubuntu-22.04 + # container: koalaman/shellcheck-alpine + # steps: + # - uses: actions/checkout@v2 + # - name: shellcheck files that appear to be sh or bash scripts (or some cousin thereof) + # run: | + # shellcheck $( ./scripts/get-shell-files.sh ) + + # alpine: + # name: alpine + # runs-on: ubuntu-22.04 + # container: golang:1.22-alpine + # steps: + # - name: Fetch deps + # run: apk add -q --no-cache git bash alpine-sdk automake libtool linux-headers libarchive-dev util-linux-dev libuuid openssl-dev gawk sed cryptsetup + + # - uses: actions/checkout@v2 + + # - name: Build Apptainer + # run: | + # git config --global --add safe.directory $(pwd) + # ./mconfig -v -p /usr/local --with-suid + # make -C ./builddir all + + # oldgo: + # name: oldgo + # runs-on: ubuntu-22.04 + # # match the minimum version required by mconfig + # container: golang:1.21-alpine + # steps: + # - name: Fetch deps + # run: apk add -q --no-cache git bash alpine-sdk automake libtool linux-headers libarchive-dev util-linux-dev libuuid openssl-dev gawk sed cryptsetup + + # - uses: actions/checkout@v2 + + # - name: Build Apptainer + # run: | + # git config --global --add safe.directory $(pwd) + # ./mconfig -v -p /usr/local --with-suid + # make -C ./builddir all + + # check_test_corpus: + # name: check_test_corpus + # runs-on: ubuntu-22.04 + # container: golang:1.21.9 + # steps: + # - uses: actions/checkout@v2 + + # - name: Generate Certificates + # run: | + # git config --global --add safe.directory $(pwd) + # cd test/certs/ && go run ./gen_certs.go && cd ../.. + + # - name: Check Test Corpus Tidiness + # run: git diff --exit-code -- + + # check_license_dependencies: + # name: check_license_dependencies + # runs-on: ubuntu-22.04 + # container: golang:1.21.9 + # steps: + # - uses: actions/checkout@v2 + + # - name: Update LICENSE_DEPENDENCIES.md + # run: | + # git config --global --add safe.directory $(pwd) + # ./scripts/update-license-dependencies.sh + + # - name: Check License Changes + # run: git diff --exit-code -- LICENSE_DEPENDENCIES.md + + # debian: + # name: debian + # runs-on: ubuntu-22.04 + # steps: + # - uses: actions/checkout@v2 + # # fetch tags as checkout@v2 doesn't do that by default + # - run: git fetch --prune --unshallow --tags --force + + # - name: Build and test deb under docker + # env: + # OS_TYPE: debian + # OS_VERSION: 11 + # # setting GO_ARCH speeds things by using go binaries instead of source + # GO_ARCH: linux-amd64 + # run: ./scripts/ci-docker-run + + # ubuntu-2310: + # name: debbuild-ubuntu23 + # runs-on: ubuntu-22.04 + # steps: + # - uses: actions/checkout@v2 + # # fetch tags as checkout@v2 doesn't do that by default + # - run: git fetch --prune --unshallow --tags --force + + # - name: Build and test deb under docker + # env: + # OS_TYPE: ubuntu + # OS_VERSION: '23.10' + # GO_ARCH: linux-amd64 + # run: ./scripts/ci-docker-run - ubuntu-2404: - name: debbuild-ubuntu24 - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v2 - # fetch tags as checkout@v2 doesn't do that by default - - run: git fetch --prune --unshallow --tags --force - - - name: Build and test deb under docker - env: - OS_TYPE: ubuntu - OS_VERSION: 24.04 - GO_ARCH: linux-amd64 - run: ./scripts/ci-docker-run + # ubuntu-2404: + # name: debbuild-ubuntu24 + # runs-on: ubuntu-22.04 + # steps: + # - uses: actions/checkout@v2 + # # fetch tags as checkout@v2 doesn't do that by default + # - run: git fetch --prune --unshallow --tags --force + + # - name: Build and test deb under docker + # env: + # OS_TYPE: ubuntu + # OS_VERSION: 24.04 + # GO_ARCH: linux-amd64 + # run: ./scripts/ci-docker-run rpmbuild-rocky8: runs-on: ubuntu-22.04 @@ -190,10 +190,10 @@ jobs: TEST_TYPE: unpriv run: ./scripts/ci-docker-run - - name: Install and test unprivileged for ubuntu 20.04 + - name: Install and test unprivileged for ubuntu 21.04 env: OS_TYPE: ubuntu - OS_VERSION: 20.04 + OS_VERSION: 21.04 TEST_TYPE: unpriv run: ./scripts/ci-docker-run @@ -240,174 +240,174 @@ jobs: TEST_TYPE: unpriv run: ./scripts/ci-docker-run - short_unit_tests: - name: short_unit_tests - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v2 - # fetch tags as checkout@v2 doesn't do that by default - - run: git fetch --prune --unshallow --tags --force - - - name: Setup Go - uses: actions/setup-go@v2 - with: - go-version: 1.21.9 - - - name: Fetch deps - run: sudo apt-get -q update && sudo DEBIAN_FRONTEND=noninteractive apt-get install -y build-essential squashfs-tools squashfuse fuse-overlayfs fakeroot fuse2fs libseccomp-dev cryptsetup dbus-user-session - - - name: Build and install Apptainer - run: | - ./mconfig -v -p /usr/local --with-suid - make -C ./builddir all && sudo make -C ./builddir install - - - name: Run unit tests - run: make -C ./builddir short-unit-test - - - name: Check NFPM - run: | - go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.10.0 - go run ./dist/nfpm/generate.go -version $(./scripts/get-version) -prefix /usr/local | \ - $HOME/go/bin/nfpm package -f /dev/stdin -p deb -t ./builddir - - integration_tests: - name: integration_tests - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v2 - # fetch tags as checkout@v2 doesn't do that by default - - run: git fetch --prune --unshallow --tags --force - - - name: Setup Go - uses: actions/setup-go@v2 - with: - go-version: 1.21.9 - - - name: Fetch deps - run: sudo apt-get -q update && sudo DEBIAN_FRONTEND=noninteractive apt-get install -y build-essential squashfs-tools libseccomp-dev cryptsetup dbus-user-session - - - name: Build and install Apptainer - run: | - ./mconfig -v -p /usr/local --with-suid - make -C ./builddir all && sudo make -C ./builddir install - - - name: Run integration tests - run: make -C ./builddir integration-test - - e2e_tests: - name: e2e_tests - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v2 - # fetch tags as checkout@v2 doesn't do that by default - - run: git fetch --prune --unshallow --tags --force - - - name: Check changes - env: - PROJECT_REF: ${{ github.ref }} - PROJECT_REPOSITORY: ${{ github.repository }} - PROJECT_PR_NUMBER: ${{ github.event.pull_request.number }} - run: | - git config --global --add safe.directory $(pwd) - rc=0 - ./scripts/should-e2e-run "${PROJECT_REPOSITORY}" "${PROJECT_REF##*/}" "${PROJECT_PR_NUMBER}" || rc=$? - case $rc in - 0) - echo "Verifying critical changes" - echo "run_tests=true" >> $GITHUB_ENV ;; - 1) - echo "No critical changes, skipping tests" ;; - *) - echo "E: ./scripts/should-e2e-run returned with exit code $rc. Abort." - exit $rc ;; - esac - - - name: Setup Go - if: env.run_tests - uses: actions/setup-go@v2 - with: - go-version: 1.21.9 - - - name: Fetch deps - if: env.run_tests - run: | - set -e - sudo apt-get -q update - sudo DEBIAN_FRONTEND=noninteractive apt-get install -y build-essential uidmap squashfs-tools squashfuse fuse-overlayfs fakeroot fuse2fs libseccomp-dev cryptsetup dbus-user-session - sudo DEBIAN_FRONTEND=noninteractive apt-get install -y autoconf automake libtool pkg-config libfuse3-dev zlib1g-dev - - - name: Download, compile, and install dependent packages - if: env.run_tests - run: | - set -ex - ./scripts/download-dependencies - ./scripts/compile-dependencies - sudo mkdir -p /usr/local/libexec/apptainer/bin - sudo ./scripts/install-dependencies /usr/local/libexec - - # The fuse-overlayfs version from ubuntu-22.04, 1.7, is buggy, - # so update to version 1.9 - # See https://github.com/apptainer/apptainer/issues/796 - - name: Update fuse-overlayfs version - if: env.run_tests - run: | - sudo sh -c "echo 'deb http://old-releases.ubuntu.com/ubuntu kinetic universe' >/etc/apt/sources.list.d/kinetic.list" - sudo apt-get -q update && sudo DEBIAN_FRONTEND=noninteractive apt-get install -y fuse-overlayfs - - - name: Enable full cgroups v2 delegation - if: env.run_tests - run: | - sudo mkdir -p /etc/systemd/system/user@.service.d - cat <> $GITHUB_ENV ;; + # 1) + # echo "No critical changes, skipping tests" ;; + # *) + # echo "E: ./scripts/should-e2e-run returned with exit code $rc. Abort." + # exit $rc ;; + # esac + + # - name: Setup Go + # if: env.run_tests + # uses: actions/setup-go@v2 + # with: + # go-version: 1.21.9 + + # - name: Fetch deps + # if: env.run_tests + # run: | + # set -e + # sudo apt-get -q update + # sudo DEBIAN_FRONTEND=noninteractive apt-get install -y build-essential uidmap squashfs-tools squashfuse fuse-overlayfs fakeroot fuse2fs libseccomp-dev cryptsetup dbus-user-session + # sudo DEBIAN_FRONTEND=noninteractive apt-get install -y autoconf automake libtool pkg-config libfuse3-dev zlib1g-dev + + # - name: Download, compile, and install dependent packages + # if: env.run_tests + # run: | + # set -ex + # ./scripts/download-dependencies + # ./scripts/compile-dependencies + # sudo mkdir -p /usr/local/libexec/apptainer/bin + # sudo ./scripts/install-dependencies /usr/local/libexec + + # # The fuse-overlayfs version from ubuntu-22.04, 1.7, is buggy, + # # so update to version 1.9 + # # See https://github.com/apptainer/apptainer/issues/796 + # - name: Update fuse-overlayfs version + # if: env.run_tests + # run: | + # sudo sh -c "echo 'deb http://old-releases.ubuntu.com/ubuntu kinetic universe' >/etc/apt/sources.list.d/kinetic.list" + # sudo apt-get -q update && sudo DEBIAN_FRONTEND=noninteractive apt-get install -y fuse-overlayfs + + # - name: Enable full cgroups v2 delegation + # if: env.run_tests + # run: | + # sudo mkdir -p /etc/systemd/system/user@.service.d + # cat <>/etc/sudoers diff --git a/scripts/ci-rpm-build-test b/scripts/ci-rpm-build-test index a7d896d15d..7aeddb1538 100755 --- a/scripts/ci-rpm-build-test +++ b/scripts/ci-rpm-build-test @@ -18,6 +18,8 @@ dnf install -y autoconf automake libtool pkgconfig fuse3-devel zlib-devel # switch to an unprivileged user with sudo privileges dnf install -y sudo useradd -u 1000 --create-home -s /bin/bash testuser +usermod --add-subuids 10000-75535 testuser +usermod --add-subgids 10000-75535 testuser echo "Defaults:testuser env_keep=DOCKER_HOST" >>/etc/sudoers echo "testuser ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers mkdir -p /local