Fix high CVEs #424
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Integration Tests | |
on: | |
push: | |
branches: [ master ] | |
pull_request: | |
branches: [ master ] | |
workflow_call: | |
jobs: | |
integration: | |
runs-on: ubuntu-20.04 | |
timeout-minutes: 60 | |
steps: | |
- name: Set up Go 1.21.3 | |
uses: actions/setup-go@v1 | |
with: | |
go-version: 1.21.3 | |
id: go | |
- name: Setup environment | |
shell: bash | |
run: | | |
echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV | |
echo "${{ github.workspace }}/bin" >> $GITHUB_PATH | |
sudo sysctl net.ipv6.conf.all.disable_ipv6=0 | |
- name: Install docker | |
shell: bash | |
run: | | |
arch=$(dpkg --print-architecture) | |
# Workarounds for error "Failed to fetch https://packagecloud.io/github/git-lfs/ubuntu/dists/trusty/InRelease" | |
# TODO: remove it after the issue fixed in git-lfs. | |
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6B05F25D762E3157 | |
sudo apt-get update | |
# Install prereqs | |
sudo apt-get install -y \ | |
conntrack iptables iproute2 ethtool socat util-linux mount ebtables udev kmod \ | |
libseccomp2 | |
# Install docker. | |
sudo apt-get install -y \ | |
apt-transport-https \ | |
ca-certificates \ | |
curl socat \ | |
gnupg-agent \ | |
software-properties-common | |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - | |
sudo add-apt-repository \ | |
"deb [arch=$arch] https://download.docker.com/linux/ubuntu \ | |
$(lsb_release -cs) \ | |
stable" | |
sudo apt-get update | |
sudo apt-cache madison docker-ce | |
sudo apt-get install docker-ce docker-ce-cli containerd.io | |
# Restart docker daemon. | |
sudo service docker restart | |
- name: Install ginkgo | |
run: | | |
go install github.com/onsi/ginkgo/v2/ginkgo@latest | |
ginkgo version | |
sudo cp $(command -v ginkgo) /usr/local/bin | |
- name: Check out cri-tools | |
uses: actions/checkout@v2 | |
with: | |
repository: kubernetes-sigs/cri-tools | |
path: src/sigs.k8s.io/cri-tools | |
ref: 5fd98895f3bbf8a3ba2d25e93fa95ba1e2ae0923 | |
- name: Build cri-tools | |
working-directory: src/sigs.k8s.io/cri-tools | |
run: | | |
make critest crictl | |
find $(pwd)/build/bin -type f -exec mv {} /usr/local/bin \; | |
- name: Checkout cri-dockerd | |
uses: actions/checkout@v2 | |
with: | |
repository: ${{ github.repository }} | |
path: src/github.com/Mirantis/cri-dockerd | |
- name: Build cri-dockerd | |
working-directory: src/github.com/Mirantis/cri-dockerd | |
run: | | |
go build | |
sudo mv ./cri-dockerd /usr/local/bin | |
- name: Start cri-dockerd and run critest | |
working-directory: src/sigs.k8s.io/cri-tools | |
shell: bash | |
run: | | |
set -x | |
export LANG=C | |
export LC_ALL=C | |
# Install nsenter | |
docker run --rm -v /usr/local/bin:/target jpetazzo/nsenter | |
# Start cri-dockerd first | |
logs_dir="${{ github.workspace }}/logs" | |
mkdir -p $logs_dir | |
sudo /usr/local/bin/cri-dockerd --log-level warn --network-plugin="" >$logs_dir/cri-dockerd.log 2>&1 & | |
# Wait a while for cri-dockerd starting. | |
sleep 10 | |
# Run e2e test cases | |
# Skip reopen container log test because docker doesn't support it. | |
# Skip runtime should support execSync with timeout because docker doesn't | |
# support it. | |
# Skip apparmor test as we don't enable apparmor yet in this CI job, or selinux | |
sudo /usr/local/bin/critest -runtime-endpoint=unix:///var/run/cri-dockerd.sock -ginkgo.skip="runtime should support apparmor|runtime should support reopening container log|runtime should support execSync with timeout|runtime should support selinux|.*should support propagation.*" | |
- name: Run benchmark | |
working-directory: src/sigs.k8s.io/cri-tools | |
shell: bash | |
run: | | |
set -o errexit | |
set -o nounset | |
set -o pipefail | |
set -x | |
export LANG=C | |
export LC_ALL=C | |
# Run benchmark test cases | |
sudo /usr/local/bin/critest -runtime-endpoint=unix:///var/run/cri-dockerd.sock -benchmark | |
- name: Dump docker logs | |
if: always() | |
run: | | |
mkdir -p ${{ github.workspace }}/logs | |
sudo journalctl -eu docker | sudo tee ${{ github.workspace }}/logs/docker.log | |
ls -atrl ${{ github.workspace }}/logs | |
- name: Upload logs | |
if: always() | |
uses: actions/upload-artifact@v1 | |
with: | |
name: logs | |
path: logs |