Merge pull request #1318 from jluebbe/container

build multiarch CI containers, use podman and run user-level tests

.github/workflows/container.yml

@@ -6,27 +6,55 @@ on:
       - 'master'
       - 'container'
     paths:
+      - '.github/workflows/container.yml'
       - 'test/Dockerfile'
   workflow_dispatch: {}
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
+    - name: Install QEMU
+      run: |
+        sudo apt-get update
+        DEBIAN_FRONTEND='noninteractive' sudo apt-get install -qy qemu-user-static
+    # remove this when Ubuntu 24.04 is available on GitHub Actions
+    - name: Enable Ubuntu noble and update buildah
+      run: |
+        echo 'deb http://archive.ubuntu.com/ubuntu/ noble main restricted universe' | sudo tee -a /etc/apt/sources.list.d/lunar.list
+        echo 'deb http://archive.ubuntu.com/ubuntu/ noble-updates main restricted universe' | sudo tee -a /etc/apt/sources.list.d/lunar.list
+        sudo apt-get update
+        DEBIAN_FRONTEND='noninteractive' sudo apt-get install -qy buildah
+        buildah version
     - uses: actions/checkout@v3
-    - id: build-image
+    - name: Build Images
+      id: build-image
       uses: redhat-actions/buildah-build@v2
       with:
         image: rauc-ci
         tags: latest
-        dockerfiles: |
+        platforms: linux/amd64, linux/386, linux/arm/v5, linux/arm/v7, linux/arm64/v8
+        containerfiles: |
           ./test/Dockerfile
-    - id: push-to-github
+    - name: Echo Outputs for Build
+      run: |
+        echo "Image: ${{ steps.build-image.outputs.image }}"
+        echo "Tags: ${{ steps.build-image.outputs.tags }}"
+        echo "Tagged Image: ${{ steps.build-image.outputs.image-with-tag }}"
+    - name: List Images
+      run: |
+        buildah images
+    - name: Inspect Manifest
+      run: |
+        buildah manifest inspect "${{ steps.build-image.outputs.image-with-tag }}"
+    - name: Push Images
+      id: push-to-github
       uses: redhat-actions/push-to-registry@v2
       with:
         image: ${{ steps.build-image.outputs.image }}
         tags: ${{ steps.build-image.outputs.tags }}
         registry: ghcr.io/${{ github.repository }}
         username: ${{ github.actor }}
         password: ${{ github.token }}
-    - run: echo "Image pushed to ${{ steps.push-to-github.outputs.registry-paths }}"
+    - name: Echo Output for Push
+      run: echo "Image pushed to ${{ steps.push-to-github.outputs.registry-paths }}"

.github/workflows/style.yml

@@ -0,0 +1,23 @@
+name: style check
+
+on: [push, pull_request]
+
+jobs:
+  style:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Install codespell
+      run: |
+        sudo apt-get update
+        sudo DEBIAN_FRONTEND='noninteractive' apt-get install -qy codespell
+
+    - name: Run uncrustify check
+      run: |
+        ./uncrustify.sh
+        git diff --exit-code
+
+    - name: Run codespell check
+      run: |
+        codespell -L parms,cas -S 'openssl-ca,build,*.log' src include test docs

.github/workflows/tests.yml

@@ -14,8 +14,7 @@ jobs:
       run: |
         whoami
         gcc --version
-        apt-get update
-        DEBIAN_FRONTEND='noninteractive' apt-get install -qy meson
+        ls -l /dev/kvm || true
 
     - uses: actions/checkout@v3
 
@@ -84,6 +83,7 @@ jobs:
   cross:
     runs-on: ubuntu-latest
     strategy:
+      fail-fast: false
       matrix:
         architecture:
         - "arm/v5"
@@ -93,22 +93,35 @@ jobs:
     steps:
     - uses: actions/checkout@v3
 
-    - name: Prepare ${{ matrix.architecture }} container
+    - name: Install QEMU
+      run: |
+        sudo apt-get update
+        DEBIAN_FRONTEND='noninteractive' sudo apt-get install -qy qemu-user-static
+
+    # remove this when Ubuntu 24.04 is available on GitHub Actions
+    - name: Enable Ubuntu noble and update podman
       run: |
+        echo 'deb http://archive.ubuntu.com/ubuntu/ noble main restricted universe' | sudo tee -a /etc/apt/sources.list.d/lunar.list
+        echo 'deb http://archive.ubuntu.com/ubuntu/ noble-updates main restricted universe' | sudo tee -a /etc/apt/sources.list.d/lunar.list
         sudo apt-get update
-        sudo DEBIAN_FRONTEND='noninteractive' apt-get install -qy qemu-user-static
-        docker run --name cross -di --platform linux/${{ matrix.architecture }} -v "$PWD":/home -w /home debian:bookworm bash
-        docker logs cross
-        docker exec -i cross uname -a
-        docker exec -i cross apt-get update
-        docker exec -e DEBIAN_FRONTEND='noninteractive' -i cross apt-get install -qy build-essential meson libtool libglib2.0-dev libcurl3-dev libssl-dev libjson-glib-dev libdbus-1-dev libfdisk-dev libnl-genl-3-dev squashfs-tools
+        DEBIAN_FRONTEND='noninteractive' sudo apt-get install -qy podman
+        podman version
+
+    - name: Prepare ${{ matrix.architecture }} container
+      run: |
+        podman run --name cross -di --platform linux/${{ matrix.architecture }} --userns=keep-id:uid=1000,gid=1000 -v "$PWD":/home -w /home ghcr.io/rauc/rauc/rauc-ci:latest bash
+        podman logs cross
+        podman exec -i cross uname -a
+        podman exec -i cross id
 
     - name: Build
       run: |
-        docker exec -i cross whoami
-        docker exec -i cross meson setup -Dgpt=enabled -Dwerror=true build
-        docker exec -i cross meson compile -C build
-        # don't run 'meson test' here, as we don't have full access to the kernel (mount, loopback, dm)
+        podman exec -i cross meson setup -Dgpt=enabled -Dwerror=true build
+        podman exec -i cross meson compile -C build
+
+    - name: Test
+      run: |
+        podman exec -i cross meson test -C build --timeout-multiplier 3
 
     - name: Show logs
       if: ${{ failure() }}
@@ -118,6 +131,7 @@ jobs:
   stable:
     runs-on: ubuntu-latest
     strategy:
+      fail-fast: false
       matrix:
         release:
         - "ubuntu:20.04"
@@ -127,26 +141,35 @@ jobs:
     steps:
     - uses: actions/checkout@v3
 
+    # remove this when Ubuntu 24.04 is available on GitHub Actions
+    - name: Enable Ubuntu noble and update podman
+      run: |
+        echo 'deb http://archive.ubuntu.com/ubuntu/ noble main restricted universe' | sudo tee -a /etc/apt/sources.list.d/lunar.list
+        echo 'deb http://archive.ubuntu.com/ubuntu/ noble-updates main restricted universe' | sudo tee -a /etc/apt/sources.list.d/lunar.list
+        sudo apt-get update
+        DEBIAN_FRONTEND='noninteractive' sudo apt-get install -qy podman
+        podman version
+
     - name: Prepare ${{ matrix.release }} container for meson build
       run: |
-        docker run --name stable -di -v "$PWD":/home -w /home ${{ matrix.release }} bash
-        docker exec -i stable uname -a
-        docker exec -i stable apt-get update
-        docker exec -e DEBIAN_FRONTEND='noninteractive' -i stable apt-get install -qy build-essential meson libtool libglib2.0-dev libcurl3-dev libssl-dev libjson-glib-dev libdbus-1-dev libfdisk-dev libnl-genl-3-dev squashfs-tools
+        podman version
+        podman run --name stable -di --userns=keep-id:uid=1000,gid=1000 -v "$PWD":/home -w /home ${{ matrix.release }} bash
+        podman exec -i stable uname -a
+        podman exec -i stable id
+        podman exec -i -u root stable apt-get update
+        podman exec -e DEBIAN_FRONTEND='noninteractive' -i -u root stable apt-get install -qy build-essential meson libtool libglib2.0-dev libcurl3-dev libssl-dev libjson-glib-dev libdbus-1-dev libfdisk-dev libnl-genl-3-dev squashfs-tools
 
     - name: Patch & prepare
       run: |
-        docker exec -i stable whoami
-        docker exec -i stable uname -a
-        docker exec -i stable find .github/workflows/patches/${{ matrix.release }}/ -type f -name "*.patch" -print0 | sort -z | xargs -t -n 1 -r -0 patch -p1 -f -i
+        podman exec -i stable find .github/workflows/patches/${{ matrix.release }}/ -type f -name "*.patch" -print0 | sort -z | xargs -t -n 1 -r -0 patch -p1 -f -i
 
     - name: Configure
       run: |
-        docker exec -i stable meson setup -Dgpt=disabled -Dwerror=true build
+        podman exec -i stable meson setup -Dgpt=disabled -Dwerror=true build
 
     - name: Build
       run: |
-        docker exec -i stable ninja -C build
+        podman exec -i stable ninja -C build
 
     - name: Show logs
       if: ${{ failure() }}
@@ -156,22 +179,3 @@ jobs:
         cat test/*.log || true
         cat test-suite.log || true
         cat rauc-*/_build/sub/test-suite.log || true
-
-  uncrustify:
-    runs-on: ubuntu-20.04
-    steps:
-    - uses: actions/checkout@v3
-
-    - name: Install codespell
-      run: |
-        sudo apt-get update
-        sudo DEBIAN_FRONTEND='noninteractive' apt-get install -qy codespell
-
-    - name: Run uncrustify check
-      run: |
-        ./uncrustify.sh
-        git diff --exit-code
-
-    - name: Run codespell check
-      run: |
-        codespell -L parms,cas -S 'openssl-ca,build,*.log' src include test docs

test/Dockerfile

@@ -1,7 +1,9 @@
-FROM debian:bullseye
+FROM debian:bookworm
 
 # Required for building
-RUN apt-get update && apt-get install -y \
+RUN apt-get update -q && apt-get install -q -y --no-install-recommends \
+  gcc \
+  g++ \
   meson \
   libtool \
   libglib2.0-dev \
@@ -12,22 +14,30 @@ RUN apt-get update && apt-get install -y \
   libfdisk-dev \
   libnl-genl-3-dev
 
+# Required for building the cgi example
+RUN apt-get update -q && apt-get install -q -y --no-install-recommends \
+  autoconf \
+  automake \
+  make \
+  xz-utils
+
 # Required for testing
-RUN apt-get update && apt-get install -y \
+RUN apt-get install -q -y --no-install-recommends \
   squashfs-tools \
   dosfstools \
   lcov \
   slirp \
   python3-sphinx \
   python3-sphinx-rtd-theme \
+  dbus \
   dbus-x11 \
-  user-mode-linux \
   grub-common \
-  softhsm2 \
   opensc \
   opensc-pkcs11 \
   libengine-pkcs11-openssl \
+  fakeroot \
   faketime \
+  pseudo \
   time \
   kmod \
   uncrustify \
@@ -37,38 +47,39 @@ RUN apt-get update && apt-get install -y \
   mtd-utils \
   python3-aiohttp \
   nginx-light \
-  fdisk \
-  golang
+  fdisk
 
 # Required for test environment setup
-RUN apt-get update && apt-get install -y \
+RUN apt-get install -q -y --no-install-recommends \
+  sudo \
   python3-pip \
   git \
-  gcc-10 \
   curl && \
-  rm -rf /var/lib/apt/lists/* && \
   curl -sLo /usr/bin/codecov https://codecov.io/bash && \
   chmod +x /usr/bin/codecov
 
-# Install the optional desync (pinned to version 0.9.3)
+# Install softhsm2 only on working architectures (32 bit arm seems broken)
+RUN test "$(uname -m)" = "armv7l" && exit 0; \
+    apt-get install -q -y --no-install-recommends softhsm2
+
+# Build and install the optional desync (pinned to version 0.9.3) only on x86_64
 ENV GOPATH=/go
-RUN git clone https://github.com/folbricht/desync.git /tmp/desync && \
+RUN test "$(uname -m)" != "x86_64" && exit 0; \
+    apt-get install -q -y --no-install-recommends golang && \
+    git clone https://github.com/folbricht/desync.git /tmp/desync && \
     cd /tmp/desync/cmd/desync && \
     git checkout c508eeb0865a5a7c2c9b1158a5f0414265d869df && \
     go install && \
     cp /go/bin/desync /usr/bin/desync && \
-    rm -rf /tmp/desync
+    rm -rf /tmp/desync /go
 
 # Create required directories for bind mounts
-RUN mkdir -p /lib/modules && \
-    mkdir -p /var/run/dbus
-
-RUN pip3 install --upgrade cpp-coveralls
+RUN mkdir -p /lib/modules /var/run/dbus
 
-# We want to run as non-root user equaling uid of Travis' user 'travis' (2000)
-ENV user travis
+# Remove apt lists
+RUN rm -rf /var/lib/apt/lists/*
 
-RUN useradd -u 2000 -m -d /home/${user} ${user} \
- && chown -R ${user} /home/${user}
+RUN adduser --disabled-password --comment "" rauc-ci && \
+    echo "rauc-ci ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/rauc-ci
 
-USER ${user}
+USER rauc-ci