[release/1.7] Use Github Actions to run Vagrant CI

.github/workflows/ci.yml

@@ -528,6 +528,85 @@ jobs:
             ${{github.workspace}}/report/*.xml
             ${{github.workspace}}/report/*.log
 
+  integration-vagrant:
+    name: Vagrant integration
+    runs-on: ubuntu-22.04
+    timeout-minutes: 60
+    needs: [project, linters, protos, man]
+
+    strategy:
+      fail-fast: false
+      matrix:
+        box:
+          - fedora/39-cloud-base
+          # We have to keep EL8 to test old glibc, cgroup, kernel, etc.
+          # The image was changed from rockylinux/8 to almalinux/8,
+          # as the former one no longer works:
+          # https://github.com/containerd/containerd/pull/10297
+          - almalinux/8
+          - rockylinux/[email protected]
+    env:
+      BOX: ${{ matrix.box }}
+
+    steps:
+      - name: Show the host info
+        run: |
+          set -x
+          uname -a
+          cat /etc/os-release
+          cat /proc/cpuinfo
+          free -mt
+      - uses: actions/checkout@v4
+      - uses: actions/cache@v4
+        with:
+          path: /root/.vagrant.d
+          key: vagrant-${{ matrix.box }}
+      - name: Set up vagrant
+        run: |
+          # Canonical's Vagrant 2.2.19 dpkg cannot download Fedora 38 image: https://bugs.launchpad.net/vagrant/+bug/2017828
+          # So we have to install Vagrant >= 2.3.1 from the upstream: https://github.com/opencontainers/runc/blob/v1.1.8/.cirrus.yml#L41-L49
+          curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
+          echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
+          sudo sed -i 's/^# deb-src/deb-src/' /etc/apt/sources.list
+          sudo apt-get update
+          sudo apt-get install -y libvirt-daemon libvirt-daemon-system vagrant
+          sudo systemctl enable --now libvirtd
+          sudo apt-get build-dep -y vagrant ruby-libvirt
+          sudo apt-get install -y --no-install-recommends libxslt-dev libxml2-dev libvirt-dev ruby-bundler ruby-dev zlib1g-dev
+          sudo vagrant plugin install vagrant-libvirt
+      - name: Boot VM
+        run: sudo BOX=$BOX vagrant up --no-tty
+      - name: test-integration
+        run: sudo BOX=$BOX vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-integration
+      - name: test-cri-integration
+        run: sudo BOX=$BOX vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri-integration
+      - name: test-cri
+        run: sudo BOX=$BOX vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri
+
+  tests-cri-in-userns:
+    name: "CRI-in-UserNS"
+
+    runs-on: ubuntu-22.04
+    timeout-minutes: 40
+    needs: [project, linters, protos, man]
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up cgroup v2 delegation
+        run: |
+          sudo mkdir -p /etc/systemd/system/[email protected]
+          cat <<EOF | sudo tee /etc/systemd/system/[email protected]/delegate.conf
+          [Service]
+          Delegate=cpu cpuset io memory pids
+          EOF
+          sudo systemctl daemon-reload
+      - name: Build cri-in-userns image
+        run: podman build --target cri-in-userns -t cri-in-userns -f ./contrib/Dockerfile.test .
+      - name: Run cri-in-userns image
+        # Rootless Podman is used for testing CRI-in-UserNS
+        # (We could use rootless Docker or rootless nerdctl, but we are using Podman here because it is preinstalled)
+        run: podman run --rm --privileged cri-in-userns
+
   tests-mac-os:
     name: MacOS unit tests
     runs-on: macos-12

Vagrantfile

@@ -17,7 +17,7 @@
 
 # Vagrantfile for Fedora and EL
 Vagrant.configure("2") do |config|
-  config.vm.box = ENV["BOX"] ? ENV["BOX"].split("@")[0] : "fedora/37-cloud-base"
+  config.vm.box = ENV["BOX"] ? ENV["BOX"].split("@")[0] : "fedora/39-cloud-base"
   # BOX_VERSION is deprecated. Use "BOX=<BOX>@<BOX_VERSION>".
   config.vm.box_version = ENV["BOX_VERSION"] || (ENV["BOX"].split("@")[1] if ENV["BOX"])
 
@@ -29,11 +29,13 @@ Vagrant.configure("2") do |config|
     v.cpus = cpus
     # Needs env var VAGRANT_EXPERIMENTAL="disks"
     o.vm.disk :disk, size: "#{disk_size}GB", primary: true
+    v.customize ["modifyvm", :id, "--firmware", "efi"]
   end
   config.vm.provider :libvirt do |v|
     v.memory = memory
     v.cpus = cpus
     v.machine_virtual_size = disk_size
+    v.loader = "/usr/share/OVMF/OVMF_CODE.fd"
   end
 
   config.vm.synced_folder ".", "/vagrant", type: "rsync"
@@ -326,29 +328,4 @@ EOF
     SHELL
   end
 
-  # Rootless Podman is used for testing CRI-in-UserNS
-  # (We could use rootless nerdctl, but we are using Podman here because it is available in dnf)
-  config.vm.provision "install-rootless-podman", type: "shell", run: "never" do |sh|
-    sh.upload_path = "/tmp/vagrant-install-rootless-podman"
-    sh.inline = <<~SHELL
-        #!/usr/bin/env bash
-        set -eux -o pipefail
-        # Delegate cgroup v2 controllers to rootless
-        mkdir -p /etc/systemd/system/[email protected]
-        cat > /etc/systemd/system/[email protected]/delegate.conf << EOF
-[Service]
-Delegate=yes
-EOF
-        systemctl daemon-reload
-        # Install Podman
-        dnf install -y podman
-        # Configure Podman to resolve `golang` to `docker.io/library/golang`
-        mkdir -p /etc/containers
-        cat > /etc/containers/registries.conf <<EOF
-[registries.search]
-registries = ['docker.io']
-EOF
-    SHELL
-  end
-
 end