From 18aa37cddefa80f7adf54e0a0fe68575e58e8bc8 Mon Sep 17 00:00:00 2001 From: Michal Rostecki Date: Thu, 10 Oct 2024 09:47:47 +0200 Subject: [PATCH] ci: Run integration tests on Alpine This way we are making sure that the integration tests infra doesn't regress on musl environments. --- .github/workflows/ci.yml | 80 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 79 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7704179b9..1be516461 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,6 +13,7 @@ on: - cron: 00 4 * * * env: + ALPINE_VERSION: 3.20 CARGO_TERM_COLOR: always jobs: @@ -178,7 +179,55 @@ jobs: --package aya-log-ebpf \ --feature-powerset + # Build a container image based on Alpine which: + # - Has a regular user in the `wheel` group, so we don't have to run all + # commands as root. + # - Has git installed, so the `checkout` action works. + build-container-image: + strategy: + fail-fast: false + env: + IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/alpine:${{ env.ALPINE_VERSION }} + runs-on: ubuntu-22.04 + steps: + - name: Log in to GHCR + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + + - name: Check if Docker image already exists + id: check_image + run: | + if docker pull $IMAGE_NAME; then + echo "exists=true" >> $GITHUB_ENV + else + echo "exists=false" >> $GITHUB_ENV + fi + + - name: Build Alpine container image (with a regular user) + if: env.exists == 'false' + run: | + cat << 'EOF' > Dockerfile + FROM alpine:3.20 + + RUN apk update && apk add --no-cache git sudo \ + && adduser -D aya \ + && echo "aya ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers + + USER aya + WORKDIR /home/aya + EOF + + # Build the Docker image + docker build -t $IMAGE_NAME . + + - name: Push Docker image to GHCR + if: env.exists == 'false' + run: | + IMAGE_NAME=ghcr.io/${{ github.repository_owner }}/alpine:${{ env.ALPINE_VERSION }} + docker push $IMAGE_NAME + run-integration-test: + needs: + - build-container-image strategy: fail-fast: false matrix: @@ -194,14 +243,24 @@ jobs: - target: x86_64-unknown-linux-gnu # We don't use ubuntu-latest because we care about the apt packages available. os: ubuntu-22.04 + - target: x86_64-unknown-linux-musl + os: ubuntu-22.04 + container: ghcr.io/${{ github.repository_owner }}/alpine:${{ env.ALPINE_VERSION }} runs-on: ${{ matrix.os }} + container: ${{ matrix.container }} steps: + - name: Install git + if: runner.os == 'Linux' && contains(matrix.container, 'alpine') + run: | + set -euxo pipefail + apk add git + - uses: actions/checkout@v4 with: submodules: recursive - name: Install prerequisites - if: runner.os == 'Linux' + if: runner.os == 'Linux' && matrix.container == '' # ubuntu-22.04 comes with clang 13-15[0]; support for signed and 64bit # enum values was added in clang 15[1] which isn't in `$PATH`. # @@ -216,6 +275,24 @@ jobs: sudo apt -y install gcc-multilib locate qemu-system-{arm,x86} echo /usr/lib/llvm-15/bin >> $GITHUB_PATH + - name: Install prerequisites + if: runner.os == 'Linux' && contains(matrix.container, 'alpine') + # Use clang for building the C eBPF programs for integration tests. + # Use gcc with binutils as the linker and libgcc_s as the runtime + # library. + run: | + set -euxo pipefail + apk add \ + bash \ + clang \ + curl \ + dpkg \ + gcc \ + jq \ + qemu-system-arm \ + qemu-system-x86_64 \ + wget + - name: Install prerequisites if: runner.os == 'macOS' # The xargs shipped on macOS always exits 0 with -P0, so we need GNU findutils. @@ -317,6 +394,7 @@ jobs: - lint - build-test-aya - build-test-aya-ebpf + - build-container-image - run-integration-test runs-on: ubuntu-latest steps: