Move Vagrant-based tests from GitHub Actions to Cirrus CI

Cirrus CI supports nested virtualization and free to use from open
source projects. runc has been using the service since
opencontainers/runc#3088.

Signed-off-by: Kazuyoshi Kato <[email protected]>

.cirrus.yml

@@ -0,0 +1,79 @@
+# Cirrus CI gives free 16.0 CPUs for open-source projects. We split that to 4:4:4.
+# https://cirrus-ci.org/faq/#are-there-any-limits
+#
+# Undocumented constraints;
+# - The maximum memory limit is 4G times the number of CPUs.
+# - The number of CPUs should be mutiple of 2.
+
+task:
+  name: Vagrant
+
+  compute_engine_instance:
+    image_project: cirrus-images
+    image: family/docker-kvm
+    platform: linux
+    nested_virtualization: true
+    cpu: 2
+    memory: 8G
+
+  env:
+    VAGRANT_EXPERIMENTAL: disks # https://www.vagrantup.com/docs/disks/usage
+    HOME: /root
+    matrix:
+      BOX: fedora/35-cloud-base
+      BOX: rockylinux/8
+
+  install_libvirt_vagrant_script: |
+    apt-get update
+    apt-get install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt
+    systemctl enable --now libvirtd
+
+  vagrant_cache:
+    folder: /root/.vagrant.d
+    fingerprint_script: uname -a; cat Vagrantfile
+
+  vagrant_up_script: |
+    vagrant up --no-tty
+
+  integration_script: |
+    vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-integration
+
+  cri_test_script: |
+    vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri
+
+  env_script: |
+    uname -a
+    df -h
+
+task:
+  name: CGroupsV2 - rootless CRI test
+
+  env:
+    HOME: /root
+
+  compute_engine_instance:
+    image_project: cirrus-images
+    image: family/docker-kvm
+    platform: linux
+    nested_virtualization: true
+    cpu: 2
+    memory: 8G
+
+  install_libvirt_vagrant_script: |
+    apt-get update
+    apt-get install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt
+    systemctl enable --now libvirtd
+
+  vagrant_cache:
+    folder: /root/.vagrant.d
+    fingerprint_script: uname -a; cat Vagrantfile
+
+  vagrant_up_script: |
+    vagrant up --provision-with=install-rootless-podman --no-tty
+
+  podman_build_script: |
+    # Execute rootless podman to create the UserNS env
+    vagrant ssh -- podman build --target cri-in-userns -t cri-in-userns -f /vagrant/contrib/Dockerfile.test /vagrant
+
+  test_script: |
+    vagrant ssh -- podman run --rm --privileged cri-in-userns

.github/workflows/ci.yml

@@ -579,35 +579,3 @@ jobs:
           path: |
             ${{github.workspace}}/*-junit.xml
             ${{github.workspace}}/critestreport/*
-
-  cgroup2-misc:
-    name: CGroupsV2 - rootless CRI test
-    # nested virtualization is only available on macOS hosts
-    runs-on: macos-10.15
-    timeout-minutes: 45
-    needs: [project, linters, protos, man]
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: "Cache ~/.vagrant.d/boxes"
-        uses: actions/cache@v2
-        with:
-          path: ~/.vagrant.d/boxes
-          key: vagrant-${{ hashFiles('Vagrantfile*') }}
-
-      - name: Vagrant start
-        run: |
-          # Retry if it fails (download.fedoraproject.org returns 404 sometimes)
-          vagrant up || vagrant up
-
-      # slow, so separated from the regular cgroup2 task
-      - name: CRI-in-UserNS test with Rootless Podman
-        run: |
-          vagrant up --provision-with=install-rootless-podman
-          # Execute rootless podman to create the UserNS env
-          vagrant ssh -- podman build --target cri-in-userns -t cri-in-userns -f /vagrant/contrib/Dockerfile.test /vagrant
-          vagrant ssh -- podman run --rm --privileged cri-in-userns
-
-      - name: Collect the VM's IP address for Docker Hub's throttling issue
-        if: failure()
-        run: vagrant ssh -- curl https://api64.ipify.org/

Vagrantfile

@@ -19,6 +19,8 @@
 Vagrant.configure("2") do |config|
   config.vm.box = ENV["BOX"] || "fedora/35-cloud-base"
   config.vm.box_version = ENV["BOX_VERSION"]
+  config.vm.provision 'shell', path: 'script/resize-vagrant-root.sh'
+
   memory = 4096
   cpus = 2
   config.vm.provider :virtualbox do |v|
@@ -28,6 +30,7 @@ Vagrant.configure("2") do |config|
   config.vm.provider :libvirt do |v|
     v.memory = memory
     v.cpus = cpus
+    v.machine_virtual_size = 60
   end
 
   # Disabled by default. To run:
@@ -43,7 +46,10 @@ Vagrant.configure("2") do |config|
     sh.inline = <<~SHELL
         #!/usr/bin/env bash
         set -eux -o pipefail
+        df -hT
+        lsblk
         dnf -y upgrade ${UPGRADE_PACKAGES}
+        dnf clean all
     SHELL
   end
 
@@ -58,6 +64,8 @@ Vagrant.configure("2") do |config|
     sh.inline = <<~SHELL
         #!/usr/bin/env bash
         set -eux -o pipefail
+        df -hT
+        lsblk
         dnf -y install \
             container-selinux \
             curl \
@@ -69,6 +77,7 @@ Vagrant.configure("2") do |config|
             lsof \
             make \
             ${INSTALL_PACKAGES}
+        dnf clean all
     SHELL
   end
 

script/resize-vagrant-root.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+#   Copyright The containerd Authors.
+
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+
+#       http://www.apache.org/licenses/LICENSE-2.0
+
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+set -eu -o pipefail
+
+df_line=$(df / | grep '^/dev/')
+if [[ df_line =~ '/dev/([a-z]+)([0-9]+)' ]]; then
+    dev="${BASH_REMATCH[1]}"
+    part="${BASH_REMATCH[2]}"
+    growpart "/dev/$dev" "$part"
+    xfs_growfs -d "/dev/$dev$part"
+else
+    echo "Failed to parse $df_line"
+    exit 1
+fi