From 132bf68de47569e761227de9fd6177e8b32f6c38 Mon Sep 17 00:00:00 2001 From: Adin Scannell Date: Fri, 31 May 2019 15:42:08 -0700 Subject: Switch to new dedicated RBE project. PiperOrigin-RevId: 250970783 --- kokoro/common.cfg | 2 +- kokoro/run_tests.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'kokoro') diff --git a/kokoro/common.cfg b/kokoro/common.cfg index f6776ae84..cad873fe1 100644 --- a/kokoro/common.cfg +++ b/kokoro/common.cfg @@ -11,7 +11,7 @@ before_action { # Configure bazel to access RBE. bazel_setting { # Our GCP project name - project_id: "copybara-shentu" + project_id: "gvisor-rbe" # Use RBE for execution as well as caching. local_execution: false diff --git a/kokoro/run_tests.sh b/kokoro/run_tests.sh index 6a7c1fdb6..d6656fe4f 100755 --- a/kokoro/run_tests.sh +++ b/kokoro/run_tests.sh @@ -25,7 +25,7 @@ set -eux readonly WORKSPACE_DIR="${PWD}/git/repo" # Used to configure RBE. -readonly CLOUD_PROJECT_ID="copybara-shentu" +readonly CLOUD_PROJECT_ID="gvisor-rbe" readonly RBE_PROJECT_ID="projects/${CLOUD_PROJECT_ID}/instances/default_instance" # Random runtime name to avoid collisions. -- cgit v1.2.3 From 216da0b733dbed9aad9b2ab92ac75bcb906fd7ee Mon Sep 17 00:00:00 2001 From: Adin Scannell Date: Sat, 1 Jun 2019 23:09:26 -0700 Subject: Add tooling for Go-compatible branch. The WORKSPACE go_repositories can be generated from a standard go.mod file. Add the necessary gazelle hooks to do so, and include a test that sanity checks there are no changes. This go.mod file will be used in a subsequent commit to generate a go gettable branch of the repository. This commit also adds a tools/go_branch.sh script, which given an existing go branch in the repository, will add an additional synthetic change to the branch bringing it up-to-date with HEAD. As a final step, a cloudbuild script is included, which can be used to automate the process for every change pushed to the repository. This may be used after an initial go branch is pushed, but this is manual process. PiperOrigin-RevId: 251095016 --- BUILD | 7 +++++ WORKSPACE | 59 ++++++++++++++++++++++++++++--------- cloudbuild/go.Dockerfile | 2 ++ cloudbuild/go.yaml | 20 +++++++++++++ go.mod | 20 +++++++++++++ kokoro/run_tests.sh | 7 +++++ tools/go_branch.sh | 76 ++++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 177 insertions(+), 14 deletions(-) create mode 100644 cloudbuild/go.Dockerfile create mode 100644 cloudbuild/go.yaml create mode 100644 go.mod create mode 100755 tools/go_branch.sh (limited to 'kokoro') diff --git a/BUILD b/BUILD index 391791ca9..6d5e800ca 100644 --- a/BUILD +++ b/BUILD @@ -1,6 +1,7 @@ package(licenses = ["notice"]) # Apache 2.0 load("@io_bazel_rules_go//go:def.bzl", "go_path") +load("@bazel_gazelle//:def.bzl", "gazelle") # The sandbox filegroup is used for sandbox-internal dependencies. package_group( @@ -22,3 +23,9 @@ go_path( "//runsc", ], ) + +# gazelle is a set of build tools. +# +# To update the WORKSPACE from go.mod, use: +# bazel run //:gazelle -- update-repos -from_file=go.mod +gazelle(name = "gazelle") diff --git a/WORKSPACE b/WORKSPACE index 5da06317f..89e4b5175 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -6,6 +6,7 @@ http_archive( sha256 = "a82a352bffae6bee4e95f68a8d80a70e87f42c4741e6a448bec11998fcc82329", url = "https://github.com/bazelbuild/rules_go/releases/download/0.18.5/rules_go-0.18.5.tar.gz", ) + http_archive( name = "bazel_gazelle", sha256 = "3c681998538231a2d24d0c07ed5a7658cb72bfb5fd4bf9911157c0e9ac6a2687", @@ -37,86 +38,116 @@ http_archive( # External repositories, in sorted order. go_repository( name = "com_github_cenkalti_backoff", - commit = "66e726b43552c0bab0539b28e640b89fd6862115", importpath = "github.com/cenkalti/backoff", + tag = "v2.1.1", ) go_repository( name = "com_github_gofrs_flock", - commit = "886344bea0798d02ff3fae16a922be5f6b26cee0", + commit = "886344bea079", importpath = "github.com/gofrs/flock", ) go_repository( name = "com_github_golang_mock", - commit = "600781dde9cca80734169b9e969d9054ccc57937", importpath = "github.com/golang/mock", + tag = "v1.3.1", ) go_repository( name = "com_github_google_go-cmp", - commit = "3af367b6b30c263d47e8895973edcca9a49cf029", importpath = "github.com/google/go-cmp", + tag = "v0.2.0", ) go_repository( name = "com_github_google_subcommands", - commit = "ce3d4cfc062faac7115d44e5befec8b5a08c3faa", + commit = "ce3d4cfc062f", importpath = "github.com/google/subcommands", ) go_repository( name = "com_github_google_uuid", - commit = "dec09d789f3dba190787f8b4454c7d3c936fed9e", + commit = "dec09d789f3d", importpath = "github.com/google/uuid", ) go_repository( name = "com_github_kr_pty", - commit = "282ce0e5322c82529687d609ee670fac7c7d917c", importpath = "github.com/kr/pty", + tag = "v1.1.1", ) go_repository( name = "com_github_opencontainers_runtime-spec", - commit = "b2d941ef6a780da2d9982c1fb28d77ad97f54fc7", + commit = "b2d941ef6a78", importpath = "github.com/opencontainers/runtime-spec", ) go_repository( name = "com_github_syndtr_gocapability", - commit = "d98352740cb2c55f81556b63d4a1ec64c5a319c2", + commit = "d98352740cb2", importpath = "github.com/syndtr/gocapability", ) go_repository( name = "com_github_vishvananda_netlink", - commit = "adb577d4a45e341da53c4d9196ad4222c9a23e69", + commit = "adb577d4a45e", importpath = "github.com/vishvananda/netlink", ) go_repository( name = "com_github_vishvananda_netns", - commit = "be1fbeda19366dea804f00efff2dd73a1642fdcc", + commit = "be1fbeda1936", importpath = "github.com/vishvananda/netns", ) +go_repository( + name = "org_golang_x_crypto", + commit = "c2843e01d9a2", + importpath = "golang.org/x/crypto", +) + go_repository( name = "org_golang_x_net", - commit = "b3c676e531a6dc479fa1b35ac961c13f5e2b4d2e", + commit = "d8887717615a", importpath = "golang.org/x/net", ) +go_repository( + name = "org_golang_x_text", + importpath = "golang.org/x/text", + tag = "v0.3.0", +) + +go_repository( + name = "org_golang_x_tools", + commit = "36563e24a262", + importpath = "golang.org/x/tools", +) + +go_repository( + name = "org_golang_x_sync", + commit = "112230192c58", + importpath = "golang.org/x/sync", +) + go_repository( name = "org_golang_x_sys", - commit = "0dd5e194bbf5eb84a39666eb4c98a4d007e4203a", + commit = "d0b11bdaac8a", importpath = "golang.org/x/sys", ) go_repository( name = "com_github_google_btree", - commit = "4030bb1f1f0c35b30ca7009e9ebd06849dd45306", importpath = "github.com/google/btree", + tag = "v1.0.0", +) + +go_repository( + name = "com_github_golang_protobuf", + importpath = "github.com/golang/protobuf", + tag = "v1.3.1", ) # System Call test dependencies. diff --git a/cloudbuild/go.Dockerfile b/cloudbuild/go.Dockerfile new file mode 100644 index 000000000..226442fd2 --- /dev/null +++ b/cloudbuild/go.Dockerfile @@ -0,0 +1,2 @@ +FROM ubuntu +RUN apt-get -q update && apt-get install -qqy git rsync diff --git a/cloudbuild/go.yaml b/cloudbuild/go.yaml new file mode 100644 index 000000000..23dbf524e --- /dev/null +++ b/cloudbuild/go.yaml @@ -0,0 +1,20 @@ +steps: +- name: 'gcr.io/cloud-builders/git' + args: ['fetch', '--all', '--unshallow'] +- name: 'gcr.io/cloud-builders/bazel' + args: ['build', ':gopath'] +- name: 'gcr.io/cloud-builders/docker' + args: ['build', '-t', 'gcr.io/$PROJECT_ID/go-branch', '-f', 'cloudbuild/go.Dockerfile', '.'] +- name: 'gcr.io/$PROJECT_ID/go-branch' + args: ['tools/go_branch.sh'] +- name: 'gcr.io/cloud-builders/git' + args: ['checkout', 'go'] +- name: 'gcr.io/cloud-builders/git' + args: ['clean', '-f'] +- name: 'golang' + args: ['go', 'build', './...'] +- name: 'gcr.io/cloud-builders/git' + entrypoint: 'bash' + args: + - '-c' + - 'if [[ "$BRANCH_NAME" == "master" ]]; then git push origin go:go; fi' diff --git a/go.mod b/go.mod new file mode 100644 index 000000000..f10b56e7f --- /dev/null +++ b/go.mod @@ -0,0 +1,20 @@ +module gvisor.googlesource.com/gvisor +go 1.12 + +require ( + github.com/cenkalti/backoff v2.1.1 + github.com/gofrs/flock v0.6.1-0.20180915234121-886344bea079 + github.com/golang/mock v1.3.1 + github.com/golang/protobuf v1.3.1 + github.com/google/btree v1.0.0 + github.com/google/go-cmp v0.2.0 + github.com/google/subcommands v0.0.0-20170224175846-ce3d4cfc062f + github.com/google/uuid v0.0.0-20171129191014-dec09d789f3d + github.com/kr/pty v1.1.1 + github.com/opencontainers/runtime-spec v0.1.2-0.20171211145439-b2d941ef6a78 + github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 + github.com/vishvananda/netlink v1.0.1-0.20190318003149-adb577d4a45e + github.com/vishvananda/netns v0.0.0-20171111001504-be1fbeda1936 + golang.org/x/net v0.0.0-20180404174746-b3c676e531a6 + golang.org/x/sys v0.0.0-20171117071000-0dd5e194bbf5 +) diff --git a/kokoro/run_tests.sh b/kokoro/run_tests.sh index d6656fe4f..6ff72ce1d 100755 --- a/kokoro/run_tests.sh +++ b/kokoro/run_tests.sh @@ -68,6 +68,12 @@ BAZEL_BUILD_RBE_FLAGS=( # Helper Functions # #################### +sanity_checks() { + cd ${WORKSPACE_DIR} + bazel run //:gazelle -- update-repos -from_file=go.mod + git diff --exit-code WORKSPACE +} + build_everything() { FLAVOR="${1}" @@ -235,6 +241,7 @@ main() { trap finish EXIT # Build and run the simple tests. + sanity_checks build_everything opt run_simple_tests diff --git a/tools/go_branch.sh b/tools/go_branch.sh new file mode 100755 index 000000000..8ea6a6d8d --- /dev/null +++ b/tools/go_branch.sh @@ -0,0 +1,76 @@ +#!/bin/bash + +# Copyright 2019 The gVisor Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -eo pipefail + +# Discovery the package name from the go.mod file. +declare -r gomod="$(pwd)/go.mod" +declare -r module=$(cat "${gomod}" | grep -E "^module" | cut -d' ' -f2) + +# Check that gopath has been built. +declare -r gopath_dir="$(pwd)/bazel-bin/gopath/src/${module}" +if ! [ -d "${gopath_dir}" ]; then + echo "No gopath directory found; build the :gopath target." >&2 + exit 1 +fi + +# Create a temporary working directory, and ensure that this directory and all +# subdirectories are cleaned up upon exit. +declare -r tmp_dir=$(mktemp -d) +finish() { + cd # Leave tmp_dir. + rm -rf "${tmp_dir}" +} +trap finish EXIT + +# Record the current working commit. +declare -r head=$(git describe --always) + +# We expect to have an existing go branch that we will use as the basis for +# this commit. That branch may be empty, but it must exist. +declare -r go_branch=$(git show-ref --hash origin/go) + +# Clone the current repository to the temporary directory, and check out the +# current go_branch directory. We move to the new repository for convenience. +declare -r repo_orig="$(pwd)" +declare -r repo_new="${tmp_dir}/repository" +git clone . "${repo_new}" +cd "${repo_new}" + +# Setup the repository and checkout the branch. +git config user.email "gvisor-bot@google.com" +git config user.name "gVisor bot" +git fetch origin "${go_branch}" +git checkout -b go "${go_branch}" + +# Start working on a merge commit that combines the previous history with the +# current history. Note that we don't actually want any changes yet. +git merge --allow-unrelated-histories --no-commit --strategy ours ${head} + +# Sync the entire gopath_dir and go.mod. +rsync --recursive --verbose --delete --exclude .git --exclude README.md -L "${gopath_dir}/" . +cp "${gomod}" . + +# There are a few solitary files that can get left behind due to the way bazel +# constructs the gopath target. Note that we don't find all Go files here +# because they may correspond to unused templates, etc. +cp "${repo_orig}"/runsc/*.go runsc/ + +# Update the current working set and commit. +git add . && git commit -m "Merge ${head} (automated)" + +# Push the branch back to the original repository. +git remote add orig "${repo_orig}" && git push -f orig go:go -- cgit v1.2.3 From 7436ea247bc946b36a7e5e6ca6019796ef76d85c Mon Sep 17 00:00:00 2001 From: Adin Scannell Date: Tue, 4 Jun 2019 11:06:13 -0700 Subject: Fix Kokoro revision and 'go get usage' As a convenience for debugging, also factor the scripts such that can be run without Kokoro. In the future, this may be used to add additional presubmit hooks that run without Kokoro. PiperOrigin-RevId: 251474868 --- kokoro/run_build.sh | 43 +-------- kokoro/run_tests.sh | 266 +------------------------------------------------- tools/run_build.sh | 44 +++++++++ tools/run_tests.sh | 273 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 319 insertions(+), 307 deletions(-) mode change 100755 => 120000 kokoro/run_build.sh mode change 100755 => 120000 kokoro/run_tests.sh create mode 100755 tools/run_build.sh create mode 100755 tools/run_tests.sh (limited to 'kokoro') diff --git a/kokoro/run_build.sh b/kokoro/run_build.sh deleted file mode 100755 index 63fffda48..000000000 --- a/kokoro/run_build.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -# Copyright 2018 The gVisor Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Fail on any error. -set -e -# Display commands to stderr. -set -x - -# Install the latest version of Bazel. -use_bazel.sh latest - -# Log the bazel path and version. -which bazel -bazel version - -cd git/repo - -# Build runsc. -bazel build //runsc - -# Move the runsc binary into "latest" directory, and also a directory with the -# current date. -latest_dir="${KOKORO_ARTIFACTS_DIR}"/latest -today_dir="${KOKORO_ARTIFACTS_DIR}"/"$(date -Idate)" -mkdir -p "${latest_dir}" "${today_dir}" -cp bazel-bin/runsc/linux_amd64_pure_stripped/runsc "${latest_dir}" -sha512sum "${latest_dir}"/runsc | awk '{print $1 " runsc"}' > "${latest_dir}"/runsc.sha512 -cp bazel-bin/runsc/linux_amd64_pure_stripped/runsc "${today_dir}" -sha512sum "${today_dir}"/runsc | awk '{print $1 " runsc"}' > "${today_dir}"/runsc.sha512 diff --git a/kokoro/run_build.sh b/kokoro/run_build.sh new file mode 120000 index 000000000..9deafe9bb --- /dev/null +++ b/kokoro/run_build.sh @@ -0,0 +1 @@ +../tools/run_build.sh \ No newline at end of file diff --git a/kokoro/run_tests.sh b/kokoro/run_tests.sh deleted file mode 100755 index 6ff72ce1d..000000000 --- a/kokoro/run_tests.sh +++ /dev/null @@ -1,265 +0,0 @@ -#!/bin/bash - -# Copyright 2018 The gVisor Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Fail on any error. Treat unset variables as error. Print commands as executed. -set -eux - - -################### -# GLOBAL ENV VARS # -################### - -readonly WORKSPACE_DIR="${PWD}/git/repo" - -# Used to configure RBE. -readonly CLOUD_PROJECT_ID="gvisor-rbe" -readonly RBE_PROJECT_ID="projects/${CLOUD_PROJECT_ID}/instances/default_instance" - -# Random runtime name to avoid collisions. -readonly RUNTIME="runsc_test_$((RANDOM))" - -# Packages that will be built and tested. -readonly BUILD_PACKAGES=("//...") -readonly TEST_PACKAGES=("//pkg/..." "//runsc/..." "//tools/...") - -####################### -# BAZEL CONFIGURATION # -####################### - -# Install the latest version of Bazel, and log the location and version. -use_bazel.sh latest -which bazel -bazel version - -# Load the kvm module -sudo -n -E modprobe kvm - -# General Bazel build/test flags. -BAZEL_BUILD_FLAGS=( - "--show_timestamps" - "--test_output=errors" - "--keep_going" - "--verbose_failures=true" -) - -# Bazel build/test for RBE, a super-set of BAZEL_BUILD_FLAGS. -BAZEL_BUILD_RBE_FLAGS=( - "${BAZEL_BUILD_FLAGS[@]}" - "--config=remote" - "--project_id=${CLOUD_PROJECT_ID}" - "--remote_instance_name=${RBE_PROJECT_ID}" - "--auth_credentials=${KOKORO_BAZEL_AUTH_CREDENTIAL}" -) - -#################### -# Helper Functions # -#################### - -sanity_checks() { - cd ${WORKSPACE_DIR} - bazel run //:gazelle -- update-repos -from_file=go.mod - git diff --exit-code WORKSPACE -} - -build_everything() { - FLAVOR="${1}" - - cd ${WORKSPACE_DIR} - bazel build \ - -c "${FLAVOR}" "${BAZEL_BUILD_RBE_FLAGS[@]}" \ - "${BUILD_PACKAGES[@]}" -} - -# Run simple tests runs the tests that require no special setup or -# configuration. -run_simple_tests() { - cd ${WORKSPACE_DIR} - bazel test \ - "${BAZEL_BUILD_FLAGS[@]}" \ - "${TEST_PACKAGES[@]}" -} - -install_runtime() { - cd ${WORKSPACE_DIR} - sudo -n ${WORKSPACE_DIR}/runsc/test/install.sh --runtime ${RUNTIME} -} - -# Install dependencies for the crictl tests. -install_crictl_test_deps() { - # Install containerd. - sudo -n -E apt-get update - sudo -n -E apt-get install -y btrfs-tools libseccomp-dev - # go get will exit with a status of 1 despite succeeding, so ignore errors. - go get -d github.com/containerd/containerd || true - cd ${GOPATH}/src/github.com/containerd/containerd - git checkout v1.2.2 - make - sudo -n -E make install - - # Install crictl. - # go get will exit with a status of 1 despite succeeding, so ignore errors. - go get -d github.com/kubernetes-sigs/cri-tools || true - cd ${GOPATH}/src/github.com/kubernetes-sigs/cri-tools - git checkout tags/v1.11.0 - make - sudo -n -E make install - - # Install gvisor-containerd-shim. - local latest=/tmp/gvisor-containerd-shim-latest - local shim_path=/tmp/gvisor-containerd-shim - wget --no-verbose https://storage.googleapis.com/cri-containerd-staging/gvisor-containerd-shim/latest -O ${latest} - wget --no-verbose https://storage.googleapis.com/cri-containerd-staging/gvisor-containerd-shim/gvisor-containerd-shim-$(cat ${latest}) -O ${shim_path} - chmod +x ${shim_path} - sudo -n -E mv ${shim_path} /usr/local/bin - - # Configure containerd-shim. - local shim_config_path=/etc/containerd - local shim_config_tmp_path=/tmp/gvisor-containerd-shim.toml - sudo -n -E mkdir -p ${shim_config_path} - cat > ${shim_config_tmp_path} <<-EOF - runc_shim = "/usr/local/bin/containerd-shim" - - [runsc_config] - debug = "true" - debug-log = "/tmp/runsc-logs/" - strace = "true" - file-access = "shared" -EOF - sudo mv ${shim_config_tmp_path} ${shim_config_path} - - # Configure CNI. - sudo -n -E env PATH=${PATH} ${GOPATH}/src/github.com/containerd/containerd/script/setup/install-cni -} - -# Run the tests that require docker. -run_docker_tests() { - cd ${WORKSPACE_DIR} - - # Run tests with a default runtime (runc). - bazel test \ - "${BAZEL_BUILD_FLAGS[@]}" \ - --test_env=RUNSC_RUNTIME="" \ - --test_output=all \ - //runsc/test/image:image_test - - # These names are used to exclude tests not supported in certain - # configuration, e.g. save/restore not supported with hostnet. - declare -a variations=("" "-kvm" "-hostnet" "-overlay") - for v in "${variations[@]}"; do - # Run runsc tests with docker that are tagged manual. - bazel test \ - "${BAZEL_BUILD_FLAGS[@]}" \ - --test_env=RUNSC_RUNTIME="${RUNTIME}${v}" \ - --test_output=all \ - //runsc/test/image:image_test \ - //runsc/test/integration:integration_test - done -} - -# Run the tests that require root. -run_root_tests() { - cd ${WORKSPACE_DIR} - bazel build //runsc/test/root:root_test - local root_test=$(find -L ./bazel-bin/ -executable -type f -name root_test | grep __main__) - if [[ ! -f "${root_test}" ]]; then - echo "root_test executable not found" - exit 1 - fi - sudo -n -E RUNSC_RUNTIME="${RUNTIME}" RUNSC_EXEC=/tmp/"${RUNTIME}"/runsc ${root_test} -} - -# Run syscall unit tests. -run_syscall_tests() { - cd ${WORKSPACE_DIR} - bazel test "${BAZEL_BUILD_RBE_FLAGS[@]}" \ - --test_tag_filters=runsc_ptrace //test/syscalls/... -} - -run_runsc_do_tests() { - local runsc=$(find bazel-bin/runsc -type f -executable -name "runsc" | head -n1) - - # run runsc do without root privileges. - unshare -Ur ${runsc} --network=none --TESTONLY-unsafe-nonroot do true - unshare -Ur ${runsc} --TESTONLY-unsafe-nonroot --network=host do --netns=false true - - # run runsc do with root privileges. - sudo -n -E ${runsc} do true -} - -# Find and rename all test xml and log files so that Sponge can pick them up. -# XML files must be named sponge_log.xml, and log files must be named -# sponge_log.log. We move all such files into KOKORO_ARTIFACTS_DIR, in a -# subdirectory named with the test name. -upload_test_artifacts() { - cd ${WORKSPACE_DIR} - find -L "bazel-testlogs" -name "test.xml" -o -name "test.log" -o -name "outputs.zip" | - tar --create --files-from - --transform 's/test\./sponge_log./' | - tar --extract --directory ${KOKORO_ARTIFACTS_DIR} - if [[ -d "/tmp/${RUNTIME}/logs" ]]; then - tar --create --gzip "--file=${KOKORO_ARTIFACTS_DIR}/runsc-logs.tar.gz" -C /tmp/ ${RUNTIME}/logs - fi -} - -# Finish runs at exit, even in the event of an error, and uploads all test -# artifacts. -finish() { - # Grab the last exit code, we will return it. - local exit_code=${?} - upload_test_artifacts - exit ${exit_code} -} - -# Run bazel in a docker container -build_in_docker() { - cd ${WORKSPACE_DIR} - bazel clean - bazel shutdown - make - make runsc - make bazel-shutdown -} - -######## -# MAIN # -######## - -main() { - # Register finish to run at exit. - trap finish EXIT - - # Build and run the simple tests. - sanity_checks - build_everything opt - run_simple_tests - - # So far so good. Install more deps and run the integration tests. - install_runtime - install_crictl_test_deps - run_docker_tests - run_root_tests - - run_syscall_tests - run_runsc_do_tests - - # Build other flavors too. - build_everything dbg - - build_in_docker - # No need to call "finish" here, it will happen at exit. -} - -# Kick it off. -main diff --git a/kokoro/run_tests.sh b/kokoro/run_tests.sh new file mode 120000 index 000000000..931cd2622 --- /dev/null +++ b/kokoro/run_tests.sh @@ -0,0 +1 @@ +../tools/run_tests.sh \ No newline at end of file diff --git a/tools/run_build.sh b/tools/run_build.sh new file mode 100755 index 000000000..b6b446690 --- /dev/null +++ b/tools/run_build.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# Copyright 2018 The gVisor Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Fail on any error. +set -e +# Display commands to stderr. +set -x + +# Install the latest version of Bazel and log the version. +(which use_bazel.sh && use_bazel.sh latest) || which bazel +bazel version + +# Switch into the workspace and checkout the appropriate commit. +if [[ -v KOKORO_GIT_COMMIT ]]; then + cd git/repo && git checkout "${KOKORO_GIT_COMMIT}" +fi + +# Build runsc. +bazel build //runsc + +# Move the runsc binary into "latest" directory, and also a directory with the +# current date. +if [[ -v KOKORO_ARTIFACTS_DIR ]]; then + latest_dir="${KOKORO_ARTIFACTS_DIR}"/latest + today_dir="${KOKORO_ARTIFACTS_DIR}"/"$(date -Idate)" + mkdir -p "${latest_dir}" "${today_dir}" + cp bazel-bin/runsc/linux_amd64_pure_stripped/runsc "${latest_dir}" + sha512sum "${latest_dir}"/runsc | awk '{print $1 " runsc"}' > "${latest_dir}"/runsc.sha512 + cp bazel-bin/runsc/linux_amd64_pure_stripped/runsc "${today_dir}" + sha512sum "${today_dir}"/runsc | awk '{print $1 " runsc"}' > "${today_dir}"/runsc.sha512 +fi diff --git a/tools/run_tests.sh b/tools/run_tests.sh new file mode 100755 index 000000000..c6e97dc95 --- /dev/null +++ b/tools/run_tests.sh @@ -0,0 +1,273 @@ +#!/bin/bash + +# Copyright 2018 The gVisor Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Fail on any error. Treat unset variables as error. Print commands as executed. +set -eux + +################### +# GLOBAL ENV VARS # +################### + +if [[ -v KOKORO_GIT_COMMIT ]]; then + readonly WORKSPACE_DIR="${PWD}/git/repo" +else + readonly WORKSPACE_DIR="${PWD}" +fi + +# Used to configure RBE. +readonly CLOUD_PROJECT_ID="gvisor-rbe" +readonly RBE_PROJECT_ID="projects/${CLOUD_PROJECT_ID}/instances/default_instance" + +# Random runtime name to avoid collisions. +readonly RUNTIME="runsc_test_$((RANDOM))" + +# Packages that will be built and tested. +readonly BUILD_PACKAGES=("//...") +readonly TEST_PACKAGES=("//pkg/..." "//runsc/..." "//tools/...") + +####################### +# BAZEL CONFIGURATION # +####################### + +# Install the latest version of Bazel and log the version. +(which use_bazel.sh && use_bazel.sh latest) || which bazel +bazel version + +# Checkout the appropriate commit. +if [[ -v KOKORO_GIT_COMMIT ]]; then + (cd "${WORKSPACE_DIR}" && git checkout "${KOKORO_GIT_COMMIT}") +fi + +# Load the kvm module. +sudo -n -E modprobe kvm + +# General Bazel build/test flags. +BAZEL_BUILD_FLAGS=( + "--show_timestamps" + "--test_output=errors" + "--keep_going" + "--verbose_failures=true" +) + +# Bazel build/test for RBE, a super-set of BAZEL_BUILD_FLAGS. +BAZEL_BUILD_RBE_FLAGS=( + "${BAZEL_BUILD_FLAGS[@]}" + "--config=remote" + "--project_id=${CLOUD_PROJECT_ID}" + "--remote_instance_name=${RBE_PROJECT_ID}" +) +if [[ -v KOKORO_BAZEL_AUTH_CREDENTIAL ]]; then + BAZEL_BUILD_RBE_FLAGS=( + "${BAZEL_BUILD_RBE_FLAGS[@]}" + "--auth_credentials=${KOKORO_BAZEL_AUTH_CREDENTIAL}" + ) +fi + +#################### +# Helper Functions # +#################### + +sanity_checks() { + cd ${WORKSPACE_DIR} + bazel run //:gazelle -- update-repos -from_file=go.mod + git diff --exit-code WORKSPACE +} + +build_everything() { + FLAVOR="${1}" + + cd ${WORKSPACE_DIR} + bazel build \ + -c "${FLAVOR}" "${BAZEL_BUILD_RBE_FLAGS[@]}" \ + "${BUILD_PACKAGES[@]}" +} + +# Run simple tests runs the tests that require no special setup or +# configuration. +run_simple_tests() { + cd ${WORKSPACE_DIR} + bazel test \ + "${BAZEL_BUILD_FLAGS[@]}" \ + "${TEST_PACKAGES[@]}" +} + +install_runtime() { + cd ${WORKSPACE_DIR} + sudo -n ${WORKSPACE_DIR}/runsc/test/install.sh --runtime ${RUNTIME} +} + +# Install dependencies for the crictl tests. +install_crictl_test_deps() { + sudo -n -E apt-get update + sudo -n -E apt-get install -y btrfs-tools libseccomp-dev + + # Install containerd. + [[ -d containerd ]] || git clone https://github.com/containerd/containerd + (cd containerd && git checkout v1.2.2 && make && sudo -n -E make install) + + # Install crictl. + [[ -d cri-tools ]] || git clone https://github.com/kubernetes-sigs/cri-tools + (cd cri-tools && git checkout tags/v1.11.0 && make && sudo -n -E make install) + + # Install gvisor-containerd-shim. + local latest=/tmp/gvisor-containerd-shim-latest + local shim_path=/tmp/gvisor-containerd-shim + wget --no-verbose https://storage.googleapis.com/cri-containerd-staging/gvisor-containerd-shim/latest -O ${latest} + wget --no-verbose https://storage.googleapis.com/cri-containerd-staging/gvisor-containerd-shim/gvisor-containerd-shim-$(cat ${latest}) -O ${shim_path} + chmod +x ${shim_path} + sudo -n -E mv ${shim_path} /usr/local/bin + + # Configure containerd-shim. + local shim_config_path=/etc/containerd + local shim_config_tmp_path=/tmp/gvisor-containerd-shim.toml + sudo -n -E mkdir -p ${shim_config_path} + cat > ${shim_config_tmp_path} <<-EOF + runc_shim = "/usr/local/bin/containerd-shim" + + [runsc_config] + debug = "true" + debug-log = "/tmp/runsc-logs/" + strace = "true" + file-access = "shared" +EOF + sudo mv ${shim_config_tmp_path} ${shim_config_path} + + # Configure CNI. + sudo -n -E env PATH=${PATH} containerd/script/setup/install-cni +} + +# Run the tests that require docker. +run_docker_tests() { + cd ${WORKSPACE_DIR} + + # Run tests with a default runtime (runc). + bazel test \ + "${BAZEL_BUILD_FLAGS[@]}" \ + --test_env=RUNSC_RUNTIME="" \ + --test_output=all \ + //runsc/test/image:image_test + + # These names are used to exclude tests not supported in certain + # configuration, e.g. save/restore not supported with hostnet. + declare -a variations=("" "-kvm" "-hostnet" "-overlay") + for v in "${variations[@]}"; do + # Run runsc tests with docker that are tagged manual. + bazel test \ + "${BAZEL_BUILD_FLAGS[@]}" \ + --test_env=RUNSC_RUNTIME="${RUNTIME}${v}" \ + --test_output=all \ + //runsc/test/image:image_test \ + //runsc/test/integration:integration_test + done +} + +# Run the tests that require root. +run_root_tests() { + cd ${WORKSPACE_DIR} + bazel build //runsc/test/root:root_test + local root_test=$(find -L ./bazel-bin/ -executable -type f -name root_test | grep __main__) + if [[ ! -f "${root_test}" ]]; then + echo "root_test executable not found" + exit 1 + fi + sudo -n -E RUNSC_RUNTIME="${RUNTIME}" RUNSC_EXEC=/tmp/"${RUNTIME}"/runsc ${root_test} +} + +# Run syscall unit tests. +run_syscall_tests() { + cd ${WORKSPACE_DIR} + bazel test "${BAZEL_BUILD_RBE_FLAGS[@]}" \ + --test_tag_filters=runsc_ptrace //test/syscalls/... +} + +run_runsc_do_tests() { + local runsc=$(find bazel-bin/runsc -type f -executable -name "runsc" | head -n1) + + # run runsc do without root privileges. + unshare -Ur ${runsc} --network=none --TESTONLY-unsafe-nonroot do true + unshare -Ur ${runsc} --TESTONLY-unsafe-nonroot --network=host do --netns=false true + + # run runsc do with root privileges. + sudo -n -E ${runsc} do true +} + +# Find and rename all test xml and log files so that Sponge can pick them up. +# XML files must be named sponge_log.xml, and log files must be named +# sponge_log.log. We move all such files into KOKORO_ARTIFACTS_DIR, in a +# subdirectory named with the test name. +upload_test_artifacts() { + # Skip if no kokoro directory. + [[ -v KOKORO_ARTIFACTS_DIR ]] || return + + cd ${WORKSPACE_DIR} + find -L "bazel-testlogs" -name "test.xml" -o -name "test.log" -o -name "outputs.zip" | + tar --create --files-from - --transform 's/test\./sponge_log./' | + tar --extract --directory ${KOKORO_ARTIFACTS_DIR} + if [[ -d "/tmp/${RUNTIME}/logs" ]]; then + tar --create --gzip "--file=${KOKORO_ARTIFACTS_DIR}/runsc-logs.tar.gz" -C /tmp/ ${RUNTIME}/logs + fi +} + +# Finish runs at exit, even in the event of an error, and uploads all test +# artifacts. +finish() { + # Grab the last exit code, we will return it. + local exit_code=${?} + upload_test_artifacts + exit ${exit_code} +} + +# Run bazel in a docker container +build_in_docker() { + cd ${WORKSPACE_DIR} + bazel clean + bazel shutdown + make + make runsc + make bazel-shutdown +} + +######## +# MAIN # +######## + +main() { + # Register finish to run at exit. + trap finish EXIT + + # Build and run the simple tests. + sanity_checks + build_everything opt + run_simple_tests + + # So far so good. Install more deps and run the integration tests. + install_runtime + install_crictl_test_deps + run_docker_tests + run_root_tests + + run_syscall_tests + run_runsc_do_tests + + # Build other flavors too. + build_everything dbg + + build_in_docker + # No need to call "finish" here, it will happen at exit. +} + +# Kick it off. +main -- cgit v1.2.3