diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index 4b25c05b1e..40b082c294 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -18,19 +18,19 @@ on: jobs: build: - name: Auto-testing Framework / ${{ matrix.os }} + name: Auto-testing Framework / ${{ matrix.os }} / ${{ matrix.runtime }} runs-on: ${{ matrix.os }} + env: + RUNTIME: ${{ matrix.runtime }} strategy: fail-fast: false matrix: os: [ubuntu-latest, ubuntu-18.04] + runtime: ["containerd", "docker", "crio"] steps: - name: Kernel version run: uname -r - - name: Check Docker Version - run: docker --version - - uses: actions/checkout@v2 - name: Set up Go @@ -54,14 +54,17 @@ jobs: - name: Setup Enviroment run: | - ./contribution/self-managed-k8s/crio/install-crio.sh - ./contribution/k3s/install_k3s.sh + if [ $RUNTIME == "crio" ]; then + ./contribution/self-managed-k8s/crio/install-crio.sh + RUNTIME=$RUNTIME crio --version + fi + RUNTIME=$RUNTIME ./contribution/k3s/install_k3s.sh - name: Run kubectl proxy run: kubectl proxy & - name: Test KubeArmor - run: ./tests/test-scenarios-github.sh + run: RUNTIME=$RUNTIME ./tests/test-scenarios-github.sh timeout-minutes: 15 - name: Archive log artifacts diff --git a/contribution/k3s/install_k3s.sh b/contribution/k3s/install_k3s.sh index 951bccbdf8..09db971978 100755 --- a/contribution/k3s/install_k3s.sh +++ b/contribution/k3s/install_k3s.sh @@ -3,7 +3,7 @@ # Copyright 2021 Authors of KubeArmor # create a single-node K3s cluster -if [ -x "$(command -v docker)" ]; then # docker +if [ "$RUNTIME" == "docker" ]; then # docker CGROUP_SYSTEMD=$(docker info 2> /dev/null | grep -i cgroup | grep systemd | wc -l) if [ $CGROUP_SYSTEMD == 1 ]; then curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable=traefik --docker --kubelet-arg cgroup-driver=systemd" sh - @@ -12,14 +12,14 @@ if [ -x "$(command -v docker)" ]; then # docker curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable=traefik --docker" sh - [[ $? != 0 ]] && echo "Failed to install k3s" && exit 1 fi -else # containerd +elif [ "$RUNTIME" == "containerd" ]; then # containerd curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable=traefik" sh - [[ $? != 0 ]] && echo "Failed to install k3s" && exit 1 +else #cri-o + curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable=traefik --container-runtime-endpoint unix:///var/run/crio/crio.sock --kubelet-arg cgroup-driver=systemd" sh - + [[ $? != 0 ]] && echo "Failed to install k3s" && exit 1 fi -#curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--disable=traefik --container-runtime-endpoint unix:///var/run/crio/crio.sock --kubelet-arg cgroup-driver=systemd" sh - -[[ $? != 0 ]] && echo "Failed to install k3s" && exit 1 - if [[ $(hostname) = kubearmor-dev* ]]; then mkdir -p /home/vagrant/.kube sudo cp /etc/rancher/k3s/k3s.yaml /home/vagrant/.kube/config diff --git a/tests/test-scenarios-github.sh b/tests/test-scenarios-github.sh index 209e922029..f9e488c51e 100755 --- a/tests/test-scenarios-github.sh +++ b/tests/test-scenarios-github.sh @@ -22,6 +22,13 @@ realpath() { TEST_HOME=`dirname $(realpath "$0")` CRD_HOME=`dirname $(realpath "$0")`/../deployments/CRD ARMOR_HOME=`dirname $(realpath "$0")`/../KubeArmor +IGN_FILE=$TEST_HOME/tests.ignore + +# skip tests that don't work with some runtimes +if [ "$RUNTIME" == "crio" ]; then + # see #697 + echo "github_test_13" | tee -a $IGN_FILE +fi LSM="none" @@ -590,6 +597,16 @@ INFO "Started KubeArmor" res_microservice=0 +is_test_ignored() +{ + [[ ! -f $IGN_FILE ]] && return 0 + for line in `grep "^[a-zA-Z].*" $IGN_FILE`; do + echo $testcase | grep $line >/dev/null + [[ $? -eq 0 ]] && echo "matched ignore pattern [$line]" && return 1 + done + return 0 +} + if [[ $SKIP_CONTAINER_POLICY -eq 0 || $SKIP_NATIVE_POLICY -eq 0 ]]; then INFO "Running Container Scenarios" @@ -612,6 +629,9 @@ if [[ $SKIP_CONTAINER_POLICY -eq 0 || $SKIP_NATIVE_POLICY -eq 0 ]]; then for testcase in $(find -maxdepth 1 -mindepth 1 -type d -name "${microservice}_*") do + is_test_ignored + [[ $? -eq 1 ]] && WARN "Testcase $testcase ignored" && continue + res_case=0 INFO "Testing $testcase"