ci/gha: add go 1.16; run as root; fix some tests; add fedora #65
Conversation
kolyshkin
changed the title
|
@cpuguy83 @thaJeztah PTAL. No change in package functionality, just CI infra and a bit of tests. |
|
We should probably also switch to
|
|
CI shows passing but:
|
This is OK, the kernel is not that new on GHA so some tests are skipped (unless inside a vagrant vm with fedora -- which is why I am adding it. Now, I'm not sure why skipping is reported as error (I use Update: this is how it looks if run from CLI on an older kernel kir@ubu2004:~/git/moby/sys/mountinfo$ sudo go test -v -run MountedBy
=== RUN TestMountedBy
--- SKIP: TestMountedBy (0.00s)
mounted_linux_test.go:190: openat2: function not implemented (old kernel? need Linux 5.6+)
=== RUN TestMountedByOpenat2VsMountinfo
--- SKIP: TestMountedByOpenat2VsMountinfo (0.00s)
mounted_linux_test.go:237: openat2: function not implemented (old kernel? need Linux 5.6+)
PASS
ok github.com/moby/sys/mountinfo 0.002sUpdate2: I think this is some unfortunate GHA cleverness (highlighting the |
added; PTAL @cpuguy83 @thaJeztah |
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Otherwise GHA complains: > Ubuntu-latest workflows will use Ubuntu-20.04 soon. For more details, > see actions/runner-images#1816 Apparently, despite the wording, it is already using 20.04, but it is nice to silence the warning regardless. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Changes: https://github.com/actions/setup-go/tree/v2.1.3#v2 Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The idea is not to run any tests if the linter fails. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
kolyshkin
force-pushed
the
go116
branch
4 times, most recently
from
8d9c48a
to
256ee02
Compare
Could it be it prepends |
.github/workflows/test.yml
Outdated
| # fixup go cache screwed by sudo | ||
| sudo chown -R $(id -u):$(id -g) $HOME/.cache |
There was a problem hiding this comment.
Some questions;
-
Is the cache actually used (or "useful"), assuming these nodes are cleaned between runs?
-
Did this cause a problem in CI, or only on your local machine (testing
sudo -E PATH=..., after which the files were owned byroot)? (if so, it may not be needed in CI, as state would be cleared after this completes, correct?) -
Alternatively, we can set
GOCACHEso that thesudovariant writes to it's own home directory, not the home directory of the non-privileged user, e.g.sudo -E PATH=$PATH GOCACHE=/root/.cache make test
There was a problem hiding this comment.
Is the cache actually used (or "useful"), assuming these nodes are cleaned between runs?
It is used (based by the errors in CI I saw), and I guess it is mildly useful. Surely, we're not compiling docker here, so the savings are not that big.
I am fixing the .cache ownership not because the cache is useful, but for the sake of future contributors who might add some commands after that one, and discover that it fails.
Actually, the proper way would be to compile the tests as a user and run them as root, but I'm not sure how to do it in an elegant way.
Did this cause a problem in CI
Yes it did, as "make lint" and "make cross" were before "sudo make test" and they failed because they could not write to ~/.cache. So I mitigated it with two things -- (1) moved all non-sudo commands to before sudo ones (2) added this fixup.
we can set
GOCACHE
Good idea, let me try. Judging by the amount of code to compile (our packages plus a bits of x/sys/unix), caching should not result in any dramatic improvements.
There was a problem hiding this comment.
Ended up implementing decent make sudotest via Makefile, which compiles tests as a user and runs them as root. This way we don't have to care about gocache and other similar things (like re-downloading modules).
There was a problem hiding this comment.
Scratch that bloody sudotest, I found a much better way, see the last commit.
.ci/Vagrantfile.fedora33
Outdated
| @@ -20,8 +20,7 @@ Vagrant.configure("2") do |config| | |||
| cat << EOF | dnf -y shell && break | |||
| config exclude kernel,kernel-core | |||
There was a problem hiding this comment.
Wondering if this line was related to the update line you removed (i.e.; "update, but don't install kernel updates")?
There was a problem hiding this comment.
Yes it is, but I'd like to keep this line, which basically says "no matter what we do below, exclude kernel from it".
Some Fedora version needed update in the past, and this need might re-surface, so there's a chance someone will add update later, and they will definitely forget about excluding the kernel, which is a big package for which there's almost always an update available.
So yes, the line does not make sense per se currently, but it might come handy later, and since it does not add any overhead or something, I'd rather keep it.
Alternatively, we can re-add update and comment it out, together with the exclude. Let me know if you prefer it this way.
There was a problem hiding this comment.
(given that the comments are available in that context -- I'm not entirely sure)
Both tests need (1) root (2) openat2. Do skip if those are not available. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
I am seeing the following failures on my machine (running):
=== RUN TestMount/none-remount,size=128k
mounter_linux_test.go:203: unexpected vfs option "inode64", expected "rw,size=128k"
=== RUN TestMount/none-remount,ro,size=128k
mounter_linux_test.go:203: unexpected vfs option "inode64", expected "ro,size=128k"
--- FAIL: TestMount (0.06s)
Looking into /proc/self/mountinfo, I see that all tmpfs mounts have this
option. Looking into the kernel, it was added by commit ea3271f7196c6
("tmpfs: support 64-bit inums per-sb", 2020-08-06), which made its way
into v5.9-rc1.
Ignore the option, as well as "inode32".
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
I am using So I stll think there's some special cleverness in GHA to highlight a line containing 'function not implemented'. The only way to check is to remove this message, I'll try that (but I don't want to remove message forever). |
Some recently added features require openat2 support to be tested. We used Travis for that, but it's not available now, so let's use a GHA VM. Code mostly copied from github.com/opencontainers/runc. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
kolyshkin
force-pushed
the
go116
branch
2 times, most recently
from
8c753ef
to
89b55da
Compare
|
Scratch that, I found a better way to run go test via sudo |
Some tests (those that do mounts etc.) require root. Amend the Makefile to check if sudo -n (non-interactive) works, and if yes, add -exec sudo to "go test" arguments. This trick makes test compile as normal user but run as root, eliminating the need to preserve environment (-E) and path (PATH=$PATH) when using sudo, as well as avoiding potential ownership problems after running something like compiling test binaries under sudo. With this, tests are run as root in GHA. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
|
@thaJeztah PTAL |
| } | ||
|
|
||
| func TestMountedBy(t *testing.T) { | ||
| requireOpenat2(t) |
There was a problem hiding this comment.
Do you think it would make sense to only skip the parts that require openat2, instead of the whole test? #67
There was a problem hiding this comment.
I definitely had openat2 way in mind when writing this, mostly added mountinfo to test my test :)
But yeah, when I look at it, it makes some sense.
There was a problem hiding this comment.
But as we already test in on an openat2-capable system that should be sufficient.
IOW it's up to you whether you want to update #67 to run this test partially or just close it.
A few tiny improvements to GHA CI:
ubuntu-20.04(rather thanubuntu-latest);openat2(2));The last item revealed that tests that require
openat2do not check for it 🙈 :, so add the check.