Skip to content

Commit

Permalink
add CI for podman
Browse files Browse the repository at this point in the history
  • Loading branch information
SoMuchForSubtlety committed Jul 29, 2023
1 parent c9c3f33 commit 82be2f7
Show file tree
Hide file tree
Showing 11 changed files with 125 additions and 13 deletions.
51 changes: 51 additions & 0 deletions .github/workflows/ci-rootless-podman.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: CI-Podman-Rootless

on:
pull_request: {}
push: { branches: [ main ] }

permissions:
contents: read

jobs:
test:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- name: Uninstall unwanted packages
run: sudo apt-get -q -y --purge remove podman moby-engine moby-buildx && sudo rm -rf /var/run/docker.sock
- name: Set XDG_RUNTIME_DIR
run: echo "XDG_RUNTIME_DIR=/run/user/$UID" >> $GITHUB_ENV
- name: Create registries.conf
# allow pulling images without a registry specified and allow pulling from insecure local registry
run: |
mkdir -p $HOME/.config/containers
echo 'unqualified-search-registries = ["docker.io"]' > $HOME/.config/containers/registries.conf
echo '' >> $HOME/.config/containers/registries.conf
echo '[[registry]]' >> $HOME/.config/containers/registries.conf
echo 'location = "localhost:50001"' >> $HOME/.config/containers/registries.conf
echo 'insecure = true' >> $HOME/.config/containers/registries.conf
- name: Istall latest podman release
# see https://podman.io/getting-started/installation#ubuntu
run: |
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/Release.key \
| gpg --dearmor \
| sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\
https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/ /" \
| sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null
sudo apt-get update -qq
sudo apt-get -qq -y install podman
- name: Print podman environment information
run: podman info
- name: Enable podman socket
run: systemctl --user enable --now podman.socket
- name: Build with Gradle
run: ./gradlew --no-daemon --scan -Dtest.profile=podman testcontainers:test
- uses: actions/upload-artifact@v3
if: failure()
with:
name: test report
path: ~/work/testcontainers-java/testcontainers-java/core/build/reports/tests/**
5 changes: 5 additions & 0 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,11 @@ subprojects {
failOnPassedAfterRetry = false
}
}

// podman does not support compose
if (System.properties['test.profile'] == 'podman') {
exclude '**/*DockerCompose*'
}
}

tasks.withType(Test).all {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import org.apache.commons.lang3.SystemUtils;
import org.testcontainers.dockerclient.DockerClientProviderStrategy;
import org.testcontainers.dockerclient.DockerMachineClientProviderStrategy;
import org.testcontainers.dockerclient.RootlessPodmanClientProviderStrategy;
import org.testcontainers.dockerclient.TransportConfig;
import org.testcontainers.images.RemoteDockerImage;
import org.testcontainers.images.TimeLimitedLoggedPullImageResultCallback;
Expand Down Expand Up @@ -386,4 +387,9 @@ public boolean isUsing(Class<? extends DockerClientProviderStrategy> providerStr
public Info getInfo() {
return getOrInitializeStrategy().getInfo();
}

public boolean supportsCompose() {
// podman does not support compose
return !(getOrInitializeStrategy() instanceof RootlessPodmanClientProviderStrategy);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ public static boolean dockerApiAtLeast(String minimumVersion) {
return current.compareTo(min) >= 0;
}

public static boolean clientSupportsCompose() {
return DockerClientFactory.instance().supportsCompose();
}

public static boolean dockerExecutionDriverSupportsExec() {
String executionDriver = DockerClientFactory.instance().getActiveExecutionDriver();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ public DockerRegistryContainer(@NonNull Future<String> image) {
@Override
protected void configure() {
super.configure();
withEnv("REGISTRY_HTTP_ADDR", "127.0.0.1:0");
withEnv("REGISTRY_HTTP_ADDR", "127.0.0.1:50001");
withCreateContainerCmdModifier(cmd -> {
cmd.getHostConfig().withNetworkMode("host");
});
Expand Down Expand Up @@ -77,7 +77,7 @@ protected void containerIsStarting(InspectContainerResponse containerInfo) {
);
}

endpoint = getHost() + ":" + port.get();
endpoint = "http://" + getHost() + ":" + port.get();
}

public DockerImageName createImage() {
Expand All @@ -96,7 +96,7 @@ public DockerImageName createImage(String originalImage, String tag) {
String dummyImageId = client.inspectImageCmd(originalImage).exec().getId();

DockerImageName imageName = DockerImageName
.parse(getEndpoint() + "/" + Base58.randomString(6).toLowerCase())
.parse(getEndpoint().replaceFirst("http://", "") + "/" + Base58.randomString(6).toLowerCase())
.withTag(tag);

// push the image to the registry
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import java.util.function.Predicate;
import java.util.stream.Collectors;
Expand All @@ -43,6 +44,8 @@ public void shouldReportOOMAfterWait() {
Info info = DockerClientFactory.instance().client().infoCmd().exec();
// Poor man's rootless Docker detection :D
Assumptions.assumeThat(info.getSecurityOptions()).doesNotContain("rootless");
// setting swappiness is not allowed for cgroups v2
Assumptions.assumeThat(info.getRawValues().get("CgroupVersion")).isNotEqualTo("2");
try (
GenericContainer<?> container = new GenericContainer<>(TestImages.TINY_IMAGE)
.withStartupCheckStrategy(new NoopStartupCheckStrategy())
Expand Down Expand Up @@ -150,7 +153,13 @@ public void shouldOnlyPublishExposedPorts() {
.getHostConfig()
.getPortBindings()
.getBindings();
assertThat(hostBindings).as("only 1 port is bound on the host (published)").hasSize(1);
// podman also returns unbound ports, but sets the binding value to null
List<Ports.Binding[]> boundPorts = hostBindings
.values()
.stream()
.filter(Objects::nonNull)
.collect(Collectors.toList());
assertThat(boundPorts).as("only 1 port is bound on the host (published)").hasSize(1);

Integer mappedPort = container.getMappedPort(8080);
assertThat(mappedPort != 8080).as("port 8080 is bound to a different port on the host").isTrue();
Expand Down
29 changes: 27 additions & 2 deletions core/src/test/java/org/testcontainers/containers/NetworkTest.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package org.testcontainers.containers;

import com.github.dockerjava.api.model.Network.Ipam;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.runners.Enclosed;
Expand Down Expand Up @@ -65,7 +66,19 @@ public void testNetworkSupport() throws Exception {

@Test
public void testBuilder() {
try (Network network = Network.builder().driver("macvlan").build()) {
try (
Network network = Network
.builder()
.driver("macvlan")
.createNetworkCmdModifier(cmd -> {
cmd.withIpam(
// mcvlan needs a subnet or podman will refuse to create the network
// https://docs.podman.io/en/latest/markdown/podman-network-create.1.html#driver-d
new Ipam().withConfig(new Ipam.Config().withSubnet("192.168.100.1/25"))
);
})
.build()
) {
String id = network.getId();
assertThat(
DockerClientFactory.instance().client().inspectNetworkCmd().withNetworkId(id).exec().getDriver()
Expand All @@ -78,7 +91,19 @@ public void testBuilder() {
@Test
public void testModifiers() {
try (
Network network = Network.builder().createNetworkCmdModifier(cmd -> cmd.withDriver("macvlan")).build()
Network network = Network
.builder()
.createNetworkCmdModifier(cmd -> {
cmd
.withDriver("macvlan")
.withIpam(
new Ipam()
// mcvlan needs a subnet or podman will refuse to create the network
// https://docs.podman.io/en/latest/markdown/podman-network-create.1.html#driver-d
.withConfig(new Ipam.Config().withSubnet("192.168.100.1/25"))
);
})
.build()
) {
String id = network.getId();
assertThat(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ public void setUp() {
)
.withFileFromClasspath("Dockerfile", "health-wait-strategy-dockerfile/Dockerfile")
)
.waitingFor(Wait.forHealthcheck().withStartupTimeout(Duration.ofSeconds(3)));
.waitingFor(Wait.forHealthcheck().withStartupTimeout(Duration.ofSeconds(5)));
}

@Test
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,11 @@ public void testNoNetworkContainer() {
container.start();
NetworkSettings networkSettings = container.getContainerInfo().getNetworkSettings();

assertThat(networkSettings.getNetworks()).as("only one network is set").hasSize(1);
assertThat(networkSettings.getNetworks()).as("network is 'none'").containsKey("none");
assertThat(networkSettings.getNetworks())
.as("only one network is set")
.allSatisfy((name, containerNetwork) -> {
assertThat(name).as("network is 'none'").isEqualTo("none");
});
}
}

Expand All @@ -43,8 +46,11 @@ public void testHostNetworkContainer() {
container.start();
NetworkSettings networkSettings = container.getContainerInfo().getNetworkSettings();

assertThat(networkSettings.getNetworks()).as("only one network is set").hasSize(1);
assertThat(networkSettings.getNetworks()).as("network is 'host'").containsKey("host");
assertThat(networkSettings.getNetworks())
.as("only one network is set")
.allSatisfy((name, containerNetwork) -> {
assertThat(networkSettings.getNetworks()).as("network is 'host'").containsKey("host");
});
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import com.github.dockerjava.api.model.AuthConfig;
import org.intellij.lang.annotations.Language;
import org.junit.AfterClass;
import org.junit.Assume;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
Expand Down Expand Up @@ -63,14 +64,14 @@ public static void beforeClass() throws Exception {
final AuthConfig authConfig = new AuthConfig()
.withUsername("testuser")
.withPassword("notasecret")
.withRegistryAddress("http://" + testRegistryAddress);
.withRegistryAddress(testRegistryAddress);

// Replace the RegistryAuthLocator singleton with our mock, for the duration of this test
final RegistryAuthLocator mockAuthLocator = Mockito.mock(RegistryAuthLocator.class);
RegistryAuthLocator.setInstance(mockAuthLocator);
when(
mockAuthLocator.lookupAuthConfig(
argThat(argument -> testRegistryAddress.equals(argument.getRegistry())),
argThat(argument -> testRegistryAddress.replaceFirst("http://", "").equals(argument.getRegistry())),
any()
)
)
Expand Down Expand Up @@ -117,6 +118,7 @@ public void testThatAuthLocatorIsUsedForDockerfileBuild() throws IOException {

@Test
public void testThatAuthLocatorIsUsedForDockerComposePull() throws IOException {
Assume.assumeTrue(TestEnvironment.clientSupportsCompose());
// Prepare a simple temporary Docker Compose manifest which requires our custom private image
Path tempFile = getLocalTempFile(".docker-compose.yml");
@Language("yaml")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import com.github.dockerjava.api.DockerClient;
import com.github.dockerjava.api.model.Info;
import org.assertj.core.api.Assumptions;
import org.junit.Rule;
import org.junit.Test;
import org.testcontainers.DockerClientFactory;
Expand Down Expand Up @@ -48,6 +49,9 @@ public void testHostnameModified() throws IOException, InterruptedException {

@Test
public void testMemoryLimitModified() throws IOException, InterruptedException {
Info info = DockerClientFactory.instance().client().infoCmd().exec();
// setting swap is not allowed for cgroups v2
Assumptions.assumeThat(info.getRawValues().get("CgroupVersion")).isNotEqualTo("2");
final Container.ExecResult execResult = memoryLimitedRedis.execInContainer("cat", getMemoryLimitFilePath());
assertThat(execResult.getStdout().trim()).isEqualTo(String.valueOf(memoryInBytes));
}
Expand Down

0 comments on commit 82be2f7

Please sign in to comment.