From fe2e0764ac600fe19a3d87069a58d7463a5223ab Mon Sep 17 00:00:00 2001 From: Adin Scannell Date: Thu, 31 Oct 2019 12:51:50 -0700 Subject: Add LICENSE and AUTHORS to the go branch. Also, construct the README directly so that edits can be made. PiperOrigin-RevId: 277782095 --- tools/go_branch.sh | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) (limited to 'tools/go_branch.sh') diff --git a/tools/go_branch.sh b/tools/go_branch.sh index ddb9b6e7b..0ac16e266 100755 --- a/tools/go_branch.sh +++ b/tools/go_branch.sh @@ -17,9 +17,9 @@ set -eo pipefail # Discovery the package name from the go.mod file. -declare -r gomod="$(pwd)/go.mod" -declare -r module=$(cat "${gomod}" | grep -E "^module" | cut -d' ' -f2) -declare -r gosum="$(pwd)/go.sum" +declare -r module=$(cat go.mod | grep -E "^module" | cut -d' ' -f2) +declare -r origpwd=$(pwd) +declare -r othersrc=("go.mod" "go.sum" "AUTHORS" "LICENSE") # Check that gopath has been built. declare -r gopath_dir="$(pwd)/bazel-bin/gopath/src/${module}" @@ -65,10 +65,22 @@ git checkout -b go "${go_branch}" git merge --no-commit --strategy ours ${head} || \ git merge --allow-unrelated-histories --no-commit --strategy ours ${head} -# Sync the entire gopath_dir and go.mod. -rsync --recursive --verbose --delete --exclude .git --exclude README.md -L "${gopath_dir}/" . -cp "${gomod}" . -cp "${gosum}" . +# Sync the entire gopath_dir. +rsync --recursive --verbose --delete --exclude .git -L "${gopath_dir}/" . + +# Add additional files. +for file in "${othersrc[@]}"; do + cp "${origpwd}"/"${file}" . +done + +# Construct a new README.md. +cat > README.md < Date: Mon, 25 Nov 2019 13:51:13 -0800 Subject: Fix typo in go_branch.sh script. With the ticks, the command `master` is actually be run and the output included (which is nothing). This is confusing, as we actually mean to say "master" in the description of the Go branch. PiperOrigin-RevId: 282426081 --- tools/go_branch.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tools/go_branch.sh') diff --git a/tools/go_branch.sh b/tools/go_branch.sh index 0ac16e266..f97a74aaf 100755 --- a/tools/go_branch.sh +++ b/tools/go_branch.sh @@ -78,7 +78,7 @@ cat > README.md < Date: Mon, 18 May 2020 14:34:49 -0700 Subject: Implement Go branch updater with GitHub actions. PiperOrigin-RevId: 312155686 --- .github/workflows/go.yml | 63 ++++++++++++++++++++++++++++++++++++++++++++++++ tools/go_branch.sh | 5 ++-- 2 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/go.yml (limited to 'tools/go_branch.sh') diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml new file mode 100644 index 000000000..60704f144 --- /dev/null +++ b/.github/workflows/go.yml @@ -0,0 +1,63 @@ +name: "Go" +on: + push: + branches: + - master + pull_request: + branches: + - master + +jobs: + generate: + runs-on: ubuntu-latest + steps: + - run: | + jq -nc '{"state": "pending", "context": "go tests"}' | \ + curl -sL -X POST -d @- \ + -H "Content-Type: application/json" \ + -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + "${{ github.event.pull_request.statuses_url }}" + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - uses: actions/setup-go@v2 + with: + go-version: 1.14 + - uses: actions/cache@v1 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + - uses: actions/cache@v1 + with: + path: ~/.cache/bazel + key: ${{ runner.os }}-bazel-${{ hashFiles('WORKSPACE') }} + restore-keys: | + ${{ runner.os }}-bazel- + - run: make build TARGETS="//:gopath" + - run: tools/go_branch.sh + - run: git checkout go && git clean -f + - run: go build ./... + - if: github.event_name == 'push' + run: | + # Required dedicated credentials for the Go branch, due to the way + # branch protection rules are configured. + git config --global credential.helper cache + echo -e "protocol=https\nhost=github.com\nusername=${{ secrets.GO_TOKEN }}\npassword=x-oauth-basic" | git credential approve + git remote add upstream "https://github.com/${{ github.repository }}" + git push upstream go:go + - if: ${{ success() }} + run: | + jq -nc '{"state": "success", "context": "go tests"}' | \ + curl -sL -X POST -d @- \ + -H "Content-Type: application/json" \ + -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + "${{ github.event.pull_request.statuses_url }}" + - if: ${{ failure() }} + run: | + jq -nc '{"state": "failure", "context": "go tests"}' | \ + curl -sL -X POST -d @- \ + -H "Content-Type: application/json" \ + -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + "${{ github.event.pull_request.statuses_url }}" diff --git a/tools/go_branch.sh b/tools/go_branch.sh index f97a74aaf..e568a0a76 100755 --- a/tools/go_branch.sh +++ b/tools/go_branch.sh @@ -14,7 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -eo pipefail +set -xeo pipefail # Discovery the package name from the go.mod file. declare -r module=$(cat go.mod | grep -E "^module" | cut -d' ' -f2) @@ -42,7 +42,8 @@ declare -r head=$(git describe --always) # We expect to have an existing go branch that we will use as the basis for # this commit. That branch may be empty, but it must exist. -declare -r go_branch=$(git show-ref --hash origin/go) +git fetch --all +declare -r go_branch=$(git show-ref --hash go) # Clone the current repository to the temporary directory, and check out the # current go_branch directory. We move to the new repository for convenience. -- cgit v1.2.3 From 8437ef752d3c8e90327edad0164f3e4d003821c8 Mon Sep 17 00:00:00 2001 From: Adin Scannell Date: Wed, 20 May 2020 22:22:00 -0700 Subject: Normalize permissions in the go branch. Fixes #2722 --- .github/workflows/go.yml | 5 +++-- tools/go_branch.sh | 6 ++++++ 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'tools/go_branch.sh') diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 60704f144..744d25c92 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -17,6 +17,7 @@ jobs: -H "Content-Type: application/json" \ -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ "${{ github.event.pull_request.statuses_url }}" + if: github.event_name == 'pull_request' - uses: actions/checkout@v2 with: fetch-depth: 0 @@ -47,14 +48,14 @@ jobs: echo -e "protocol=https\nhost=github.com\nusername=${{ secrets.GO_TOKEN }}\npassword=x-oauth-basic" | git credential approve git remote add upstream "https://github.com/${{ github.repository }}" git push upstream go:go - - if: ${{ success() }} + - if: ${{ success() && github.event_name == 'pull_request' }} run: | jq -nc '{"state": "success", "context": "go tests"}' | \ curl -sL -X POST -d @- \ -H "Content-Type: application/json" \ -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ "${{ github.event.pull_request.statuses_url }}" - - if: ${{ failure() }} + - if: ${{ failure() && github.event_name == 'pull_request' }} run: | jq -nc '{"state": "failure", "context": "go tests"}' | \ curl -sL -X POST -d @- \ diff --git a/tools/go_branch.sh b/tools/go_branch.sh index e568a0a76..093de89b4 100755 --- a/tools/go_branch.sh +++ b/tools/go_branch.sh @@ -88,6 +88,12 @@ EOF # because they may correspond to unused templates, etc. cp "${repo_orig}"/runsc/*.go runsc/ +# Normalize all permissions. The way bazel constructs the :gopath tree may leave +# some strange permissions on files. We don't have anything in this tree that +# should be execution, only the Go source files, README.md, and ${othersrc}. +find . -type f -exec chmod 0644 {} \; +find . -type d -exec chmod 0755 {} \; + # Update the current working set and commit. git add . && git commit -m "Merge ${head} (automated)" -- cgit v1.2.3 From 10f6c41bbd5dbc84c57aedb4cb86e7dfd59a8114 Mon Sep 17 00:00:00 2001 From: Adin Scannell Date: Mon, 3 Aug 2020 09:07:43 -0700 Subject: Include shim binaries in the Go branch. PiperOrigin-RevId: 324615016 --- .github/workflows/go.yml | 4 +++- README.md | 19 +++++++++++++------ tools/go_branch.sh | 22 ++++++++++++++++++---- 3 files changed, 34 insertions(+), 11 deletions(-) (limited to 'tools/go_branch.sh') diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 0869fb8db..4da3853b2 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -49,7 +49,9 @@ jobs: key: ${{ runner.os }}-bazel-${{ hashFiles('WORKSPACE') }} restore-keys: | ${{ runner.os }}-bazel- - - run: make build TARGETS="//:gopath" + - run: | + rm -rf bazel-bin/gopath + make build TARGETS="//:gopath" - run: tools/go_branch.sh - run: git checkout go && git clean -f - run: go build ./... diff --git a/README.md b/README.md index 0e3d96b68..ed9e0e92b 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ Make sure the following dependencies are installed: Build and install the `runsc` binary: -``` +```sh make runsc sudo cp ./bazel-bin/runsc/linux_amd64_pure_stripped/runsc /usr/local/bin ``` @@ -67,14 +67,14 @@ sudo cp ./bazel-bin/runsc/linux_amd64_pure_stripped/runsc /usr/local/bin To run standard test suites, you can use: -``` +```sh make unit-tests make tests ``` To run specific tests, you can specify the target: -``` +```sh make test TARGETS="//runsc:version_test" ``` @@ -84,12 +84,19 @@ This project uses [bazel][bazel] to build and manage dependencies. A synthetic `go` branch is maintained that is compatible with standard `go` tooling for convenience. -For example, to build `runsc` directly from this branch: +For example, to build and install `runsc` directly from this branch: -``` +```sh echo "module runsc" > go.mod GO111MODULE=on go get gvisor.dev/gvisor/runsc@go -CGO_ENABLED=0 GO111MODULE=on go install gvisor.dev/gvisor/runsc +CGO_ENABLED=0 GO111MODULE=on sudo -E go build -o /usr/local/bin/runsc gvisor.dev/gvisor/runsc +``` + +Subsequently, you can build and install the shim binaries for `containerd`: + +```sh +GO111MODULE=on sudo -E go build -o /usr/local/bin/gvisor-containerd-shim gvisor.dev/gvisor/shim/v1 +GO111MODULE=on sudo -E go build -o /usr/local/bin/containerd-shim-runsc-v1 gvisor.dev/gvisor/shim/v2 ``` Note that this branch is supported in a best effort capacity, and direct diff --git a/tools/go_branch.sh b/tools/go_branch.sh index 093de89b4..e5c060024 100755 --- a/tools/go_branch.sh +++ b/tools/go_branch.sh @@ -40,10 +40,15 @@ trap finish EXIT # Record the current working commit. declare -r head=$(git describe --always) -# We expect to have an existing go branch that we will use as the basis for -# this commit. That branch may be empty, but it must exist. +# We expect to have an existing go branch that we will use as the basis for this +# commit. That branch may be empty, but it must exist. We search for this branch +# using the local branch, the "origin" branch, and other remotes, in order. git fetch --all -declare -r go_branch=$(git show-ref --hash go) +declare -r go_branch=$( \ + git show-ref --hash refs/heads/go || \ + git show-ref --hash refs/remotes/origin/go || \ + git show-ref --hash go | head -n 1 \ +) # Clone the current repository to the temporary directory, and check out the # current go_branch directory. We move to the new repository for convenience. @@ -66,6 +71,11 @@ git checkout -b go "${go_branch}" git merge --no-commit --strategy ours ${head} || \ git merge --allow-unrelated-histories --no-commit --strategy ours ${head} +# Normalize the permissions on the old branch. Note that they should be +# normalized if constructed by this tool, but we do so before the rsync. +find . -type f -exec chmod 0644 {} \; +find . -type d -exec chmod 0755 {} \; + # Sync the entire gopath_dir. rsync --recursive --verbose --delete --exclude .git -L "${gopath_dir}/" . @@ -86,7 +96,11 @@ EOF # There are a few solitary files that can get left behind due to the way bazel # constructs the gopath target. Note that we don't find all Go files here # because they may correspond to unused templates, etc. -cp "${repo_orig}"/runsc/*.go runsc/ +declare -ar binaries=( "runsc" "shim/v1" "shim/v2" ) +for target in "${binaries[@]}"; do + mkdir -p "${target}" + cp "${repo_orig}/${target}"/*.go "${target}/" +done # Normalize all permissions. The way bazel constructs the :gopath tree may leave # some strange permissions on files. We don't have anything in this tree that -- cgit v1.2.3