Merge pull request #4023 from AkihiroSuda/ci-cgroup1

CI: add AlmaLinux 8 VM for cgroup v1 testing
2025-11-30 23:16:04 +07:00 · 2025-10-01 05:44:19 -07:00
parent 9aaab982a4 051af130e1
commit 2445fd0b0a
3 changed files with 76 additions and 29 deletions
--- a/.github/workflows/vm.yaml
+++ b/.github/workflows/vm.yaml
@@ -13,20 +13,36 @@ permissions:
 jobs:
  vm:
-    # Fedora is different from Ubuntu in LSM (SELinux), filesystem (btrfs), kernel version, etc.
+    name: "VM"
    name: "CGroupv2 (Fedora)"
    runs-on: ubuntu-24.04
    timeout-minutes: 30
    strategy:
      fail-fast: false
      matrix:
-        provider: [docker, podman]
+        include:
-        rootless: ["rootful", "rootless"]
+          # Fedora is different from Ubuntu in LSM (SELinux), filesystem (btrfs), kernel version, etc.
          - template: fedora
            provider: docker
            rootless: rootful
          - template: fedora
            provider: docker
            rootless: rootless
          - template: fedora
            provider: podman
            rootless: rootful
          - template: fedora
            provider: podman
            rootless: rootless
          # AlmaLinux 8 is used for testing kind with cgroup v1.
          # Do not upgrade this to AlmaLinux 9 until dropping cgroup v1 support.
          - template: almalinux-8
            provider: docker
            rootless: rootful
    env:
      KIND_EXPERIMENTAL_PROVIDER: "${{ matrix.provider }}"
      ROOTLESS: "${{ matrix.rootless }}"
      HELPER: "./hack/ci/lima-helper.sh"
-      JOB_NAME: "cgroup2-${{ matrix.provider }}-${{ matrix.rootless }}"
+      JOB_NAME: "vm-${{ matrix.template }}-${{ matrix.provider }}-${{ matrix.rootless }}"
    steps:
      - name: Check out code
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -51,24 +67,24 @@ jobs:
        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
        with:
          path: ~/.cache/lima
-          key: lima-${{ steps.lima-actions-setup.outputs.version }}
+          key: lima-${{ steps.lima-actions-setup.outputs.version }}-${{ matrix.template }}
-      - name: "Start Fedora"
+      - name: "Start VM"
        # --plain is set to disable file sharing, port forwarding, built-in containerd, etc.
-        run: limactl start --name=default --plain template://fedora
+        run: limactl start --name=default --plain template://${{ matrix.template }}
-      - name: "Initialize Fedora"
+      - name: "Initialize VM"
        run: |
          set -eux -o pipefail
          # Sync the current directory to /tmp/kind in the guest
          limactl cp -r . default:/tmp/kind
          # Install packages
-          lima sudo /tmp/kind/hack/ci/init-fedora.sh
+          lima sudo /tmp/kind/hack/ci/init-vm.sh
          # Enable systemd lingering for rootless
          lima sudo loginctl enable-linger "$USER"
          # Install kind
          lima sudo git config --global --add safe.directory /tmp/kind
-          lima sudo make -C /tmp/kind install INSTALL_DIR=/usr/local/bin
+          lima sudo make -C /tmp/kind install INSTALL_DIR=/usr/bin
      - name: Set up Rootless Docker
        if: ${{ matrix.provider == 'docker' && matrix.rootless == 'rootless' }}
--- a/hack/ci/init-fedora.sh
+++ b/hack/ci/init-fedora.sh
@@ -1,18 +0,0 @@
 #!/bin/bash
 set -eux -o pipefail
 # Ensure network-related modules to be loaded
 modprobe tap ip_tables iptable_nat ip6_tables ip6table_nat
 # The moby-engine package included in Fedora lacks support for rootless,
 # So we need to install docker-ce and docker-ce-rootless-extras from the upstream.
 curl -fsSL https://get.docker.com | sh
 dnf install -y golang-go make kubernetes-client podman docker-ce-rootless-extras
 systemctl enable --now docker
 # Configuration for rootless: https://kind.sigs.k8s.io/docs/user/rootless/
 mkdir -p "/etc/systemd/system/user@.service.d"
 cat <<EOF >"/etc/systemd/system/user@.service.d/delegate.conf"
 [Service]
 Delegate=yes
 EOF
 systemctl daemon-reload
--- a/hack/ci/init-vm.sh
+++ b/hack/ci/init-vm.sh
@@ -0,0 +1,49 @@
 #!/bin/bash
 set -eux -o pipefail
 # Ensure network-related modules to be loaded
 modprobe tap ip_tables iptable_nat ip6_tables ip6table_nat
 # The moby-engine package included in Fedora lacks support for rootless,
 # So we need to install docker-ce and docker-ce-rootless-extras from the upstream.
 DNF_REPO=""
 INSTALL_PODMAN="1"
 if grep -q centos /etc/os-release; then
 	# Works with Rocky and Alma too
 	DNF_REPO="https://download.docker.com/linux/centos/docker-ce.repo"
 	if grep -q el8 /etc/os-release; then
 		# podman seems to conflict with docker-ce on EL8
 		INSTALL_PODMAN=""
 	fi
 elif grep -q fedora /etc/os-release; then
 	DNF_REPO="https://download.docker.com/linux/fedora/docker-ce.repo"
 else
 	echo >&2 "Unsupported OS"
 	exit 1
 fi
 DNF="dnf"
 if command -v dnf5 &>/dev/null; then
 	# DNF 5 (Fedora 41 or later)
 	DNF="dnf5"
 	"$DNF" config-manager addrepo --from-repofile="${DNF_REPO}"
 else
 	# DNF 4
 	"$DNF" config-manager --add-repo="${DNF_REPO}"
 fi
 "$DNF" install -y git golang make docker-ce docker-ce-rootless-extras
 systemctl enable --now docker
 if [ -n "${INSTALL_PODMAN}" ]; then
 	"$DNF" install -y podman
 fi
 # Install kubectl
 GOARCH="$(uname -m | sed -e 's/aarch64/arm64/' -e 's/x86_64/amd64/')"
 curl -L -o /usr/bin/kubectl "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${GOARCH}/kubectl"
 chmod +x /usr/bin/kubectl
 # Configuration for rootless: https://kind.sigs.k8s.io/docs/user/rootless/
 mkdir -p "/etc/systemd/system/user@.service.d"
 cat <<EOF >"/etc/systemd/system/user@.service.d/delegate.conf"
 [Service]
 Delegate=yes
 EOF
 systemctl daemon-reload