Skip to content

Add AppArmor profile setup for rootlesskit on Ubuntu 23.10+ #2024

Add AppArmor profile setup for rootlesskit on Ubuntu 23.10+

Add AppArmor profile setup for rootlesskit on Ubuntu 23.10+ #2024

Workflow file for this run

# This pipeline purpose is solely meant to run a subset of our test suites against upcoming or unreleased dependencies versions
name: canary
on:
push:
branches:
- main
- 'release/**'
pull_request:
paths-ignore:
- '**.md'
env:
UBUNTU_VERSION: "24.04"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
linux:
runs-on: "ubuntu-24.04"
timeout-minutes: 40
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: "Prepare integration test environment"
run: |
. ./hack/build-integration-canary.sh
canary::build::integration
- name: "Remove snap loopback devices (conflicts with our loopback devices in TestRunDevice)"
run: |
sudo systemctl disable --now snapd.service snapd.socket
sudo apt-get purge -y snapd
sudo losetup -Dv
sudo losetup -lv
- name: "Register QEMU (tonistiigi/binfmt)"
run: |
# `--install all` will only install emulation for architectures that cannot be natively executed
# Since some arm64 platforms do provide native fallback execution for 32 bits,
# armv7 emulation may or may not be installed, causing variance in the result of `uname -m`.
# To avoid that, we explicitly list the architectures we do want emulation for.
docker run --privileged --rm tonistiigi/binfmt --install linux/amd64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm64
docker run --privileged --rm tonistiigi/binfmt --install linux/arm/v7
- name: "Run unit tests"
run: go test -v ./pkg/...
- name: "Run integration tests"
run: docker run -t --rm --privileged test-integration ./hack/test-integration.sh -test.only-flaky=false
- name: "Run integration tests (flaky)"
run: docker run -t --rm --privileged test-integration ./hack/test-integration.sh -test.only-flaky=true
windows:
timeout-minutes: 30
runs-on: windows-latest
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Set GO env
run: |
# Get latest containerd
args=(curl --proto '=https' --tlsv1.2 -fsSL -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28")
[ "${GITHUB_TOKEN:-}" == "" ] && {
>&2 printf "GITHUB_TOKEN is not set - you might face rate limitations with the Github API\n"
} || args+=(-H "Authorization: Bearer $GITHUB_TOKEN")
ctd_v="$("${args[@]}" https://api.github.com/repos/containerd/containerd/tags | jq -rc .[0].name)"
echo "CONTAINERD_VERSION=${ctd_v:1}" >> "$GITHUB_ENV"
. ./hack/build-integration-canary.sh
canary::golang::latest
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- run: go install ./cmd/nerdctl
- run: go install -v gotest.tools/gotestsum@v1
# This here is solely to get the cni install script, which has not been modified in 3+ years.
# There is little to no reason to update this to latest containerd
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: containerd/containerd
ref: "v1.7.25"
path: containerd
fetch-depth: 1
- name: "Set up CNI"
working-directory: containerd
run: GOPATH=$(go env GOPATH) script/setup/install-cni-windows
# Windows setup script can only use released versions
- name: "Set up containerd"
env:
ctrdVersion: ${{ env.CONTAINERD_VERSION }}
run: powershell hack/configure-windows-ci.ps1
- name: "Run integration tests"
run: ./hack/test-integration.sh -test.only-flaky=false
- name: "Run integration tests (flaky)"
run: ./hack/test-integration.sh -test.only-flaky=true