update ci to test all runtimes

Signed-off-by: Rudraksh Pareek <[email protected]>

.github/workflows/ci-test.yml

@@ -18,19 +18,19 @@ on:
 
 jobs:
   build:
-    name: Auto-testing Framework / ${{ matrix.os }}
+    name: Auto-testing Framework / ${{ matrix.os }} / ${{ matrix.runtime }}
     runs-on: ${{ matrix.os }}
+    env:
+      RUNTIME: ${{ matrix.runtime }}
     strategy:
       fail-fast: false
       matrix:
         os: [ubuntu-latest, ubuntu-18.04]
+        runtime: ["containerd", "docker", "crio"]
     steps:
       - name: Kernel version
         run: uname -r
 
-      - name: Check Docker Version
-        run: docker --version
-
       - uses: actions/checkout@v2
 
       - name: Set up Go
@@ -54,14 +54,17 @@ jobs:
 
       - name: Setup Enviroment
         run: |
-          ./contribution/self-managed-k8s/crio/install-crio.sh
-          ./contribution/k3s/install_k3s.sh
+          if [ $RUNTIME == "crio" ]; then
+            ./contribution/self-managed-k8s/crio/install-crio.sh
+            RUNTIME=$RUNTIME crio --version
+          fi
+          RUNTIME=$RUNTIME ./contribution/k3s/install_k3s.sh
 
       - name: Run kubectl proxy
         run: kubectl proxy &
 
       - name: Test KubeArmor
-        run: ./tests/test-scenarios-github.sh
+        run: RUNTIME=$RUNTIME ./tests/test-scenarios-github.sh
         timeout-minutes: 15
 
       - name: Archive log artifacts

contribution/k3s/install_k3s.sh

@@ -3,7 +3,7 @@
 # Copyright 2021 Authors of KubeArmor
 
 # create a single-node K3s cluster
-if [ -x "$(command -v docker)" ]; then # docker
+if [ "$RUNTIME" == "docker" ]; then # docker
     CGROUP_SYSTEMD=$(docker info 2> /dev/null | grep -i cgroup | grep systemd | wc -l)
     if [ $CGROUP_SYSTEMD == 1 ]; then
         curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable=traefik --docker --kubelet-arg cgroup-driver=systemd" sh -
@@ -12,14 +12,14 @@ if [ -x "$(command -v docker)" ]; then # docker
         curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable=traefik --docker" sh -
         [[ $? != 0 ]] && echo "Failed to install k3s" && exit 1
     fi
-else # containerd
+elif [ "$RUNTIME" == "containerd" ]; then # containerd
     curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable=traefik" sh -
     [[ $? != 0 ]] && echo "Failed to install k3s" && exit 1
+else #cri-o
+  curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable=traefik --container-runtime-endpoint unix:///var/run/crio/crio.sock --kubelet-arg cgroup-driver=systemd" sh -
+  [[ $? != 0 ]] && echo "Failed to install k3s" && exit 1
 fi
 
-#curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable=traefik --container-runtime-endpoint unix:///var/run/crio/crio.sock --kubelet-arg cgroup-driver=systemd" sh -
-[[ $? != 0 ]] && echo "Failed to install k3s" && exit 1
-
 if [[ $(hostname) = kubearmor-dev* ]]; then
     mkdir -p /home/vagrant/.kube
     sudo cp /etc/rancher/k3s/k3s.yaml /home/vagrant/.kube/config

tests/test-scenarios-github.sh

@@ -22,6 +22,13 @@ realpath() {
 TEST_HOME=`dirname $(realpath "$0")`
 CRD_HOME=`dirname $(realpath "$0")`/../deployments/CRD
 ARMOR_HOME=`dirname $(realpath "$0")`/../KubeArmor
+IGN_FILE=$TEST_HOME/tests.ignore
+
+# skip tests that don't work with some runtimes
+if [ "$RUNTIME" == "crio" ]; then
+	# see #697
+	echo "github_test_13" | tee -a $IGN_FILE
+fi
 
 LSM="none"
 
@@ -590,6 +597,16 @@ INFO "Started KubeArmor"
 
 res_microservice=0
 
+is_test_ignored()
+{
+    [[ ! -f $IGN_FILE ]] && return 0
+    for line in `grep "^[a-zA-Z].*" $IGN_FILE`; do
+        echo $testcase | grep $line >/dev/null
+        [[ $? -eq 0 ]] && echo "matched ignore pattern [$line]" && return 1
+    done
+    return 0
+}
+
 if [[ $SKIP_CONTAINER_POLICY -eq 0 || $SKIP_NATIVE_POLICY -eq 0 ]]; then
     INFO "Running Container Scenarios"
 
@@ -612,6 +629,9 @@ if [[ $SKIP_CONTAINER_POLICY -eq 0 || $SKIP_NATIVE_POLICY -eq 0 ]]; then
 
     for testcase in $(find -maxdepth 1 -mindepth 1 -type d  -name "${microservice}_*")
     do
+        is_test_ignored
+        [[ $? -eq 1 ]] && WARN "Testcase $testcase ignored" && continue
+
         res_case=0
 
         INFO "Testing $testcase"