From 8b248b66312eeded57f1e08378c44b581198fd5e Mon Sep 17 00:00:00 2001 From: Kevin Klues Date: Fri, 24 Jul 2020 11:40:24 +0000 Subject: [PATCH 1/3] Rename github.com/NVIDIA/container-toolkit to nvidia-container-toolkit The repo name on github recently changed, so all references here should as well. Signed-off-by: Kevin Klues --- Makefile | 2 +- go.mod | 2 +- packaging/debian/copyright | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 060fe412..5911cf99 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ LIB_NAME := nvidia-container-toolkit LIB_VERSION := 1.2.1 GOLANG_VERSION := 1.14.2 -GOLANG_PKG_PATH := github.com/NVIDIA/container-toolkit/pkg +GOLANG_PKG_PATH := github.com/NVIDIA/nvidia-container-toolkit/pkg # By default run all native docker-based targets docker-native: diff --git a/go.mod b/go.mod index 870f5076..831b2f99 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/NVIDIA/container-toolkit +module github.com/NVIDIA/nvidia-container-toolkit go 1.14 diff --git a/packaging/debian/copyright b/packaging/debian/copyright index 175d9db3..1c11f87a 100644 --- a/packaging/debian/copyright +++ b/packaging/debian/copyright @@ -1,6 +1,6 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: nvidia-container-toolkit -Source: https://github.com/NVIDIA/container-toolkit +Source: https://github.com/NVIDIA/nvidia-container-toolkit Files: * Copyright: 2017-2020 NVIDIA CORPORATION From a7fb33301c48a6f8e9331dc9ad873891cbc3cf75 Mon Sep 17 00:00:00 2001 From: Kevin Klues Date: Fri, 24 Jul 2020 12:13:51 +0000 Subject: [PATCH 2/3] Flip build-all targets to run automatically on merge requests Signed-off-by: Kevin Klues --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6cdc18c3..b4bcbe97 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -47,7 +47,7 @@ stages: - if: $CI_COMMIT_TAG when: always - if: $CI_MERGE_REQUEST_ID - when: manual + when: always variables: ARTIFACTS_NAME: "${CI_PROJECT_NAME}-${CI_COMMIT_REF_SLUG}-${CI_JOB_NAME}-artifacts-${CI_PIPELINE_ID}" From fe65573bdfa0e84bcd712c756cea992873fdd287 Mon Sep 17 00:00:00 2001 From: Kevin Klues Date: Fri, 24 Jul 2020 11:41:38 +0000 Subject: [PATCH 3/3] Add common CI tests for things like golint, gofmt, unit tests, etc This commit also fixes the minor issues uncovered while running these tests locally. Signed-off-by: Kevin Klues --- .gitlab-ci.yml | 53 +++++++++++++++++++++++++++++++++++++++++ pkg/container_config.go | 17 +++++++++---- pkg/hook_config.go | 3 ++- 3 files changed, 67 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b4bcbe97..abe4f11d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,9 +1,20 @@ # Build packages for all supported OS / ARCH combinations stages: + - tests - build-one - build-all +.tests-setup: &tests-setup + image: golang:1.14.4 + + rules: + - when: always + + before_script: + - mkdir -p ${GOPATH}/src/github.com/NVIDIA/ + - ln -s ${CI_PROJECT_DIR} ${GOPATH}/src/github.com/NVIDIA/${CI_PROJECT_NAME} + .build-setup: &build-setup image: docker:19.03.8 @@ -17,6 +28,48 @@ stages: - apk add coreutils build-base sed git bash make - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes -c yes +# Run a series of sanity-check tests over the code +lint: + <<: *tests-setup + stage: tests + script: + - go get -u golang.org/x/lint/golint + - golint -set_exit_status github.com/NVIDIA/${CI_PROJECT_NAME}/pkg + +vet: + <<: *tests-setup + stage: tests + script: + - go vet github.com/NVIDIA/${CI_PROJECT_NAME}/pkg + +unit_test: + <<: *tests-setup + stage: tests + script: + - go test github.com/NVIDIA/${CI_PROJECT_NAME}/pkg + +fmt: + <<: *tests-setup + stage: tests + script: + - res=$(gofmt -l *.go) + - echo "$res" + - test -z "$res" + +ineffassign: + <<: *tests-setup + stage: tests + script: + - go get -u github.com/gordonklaus/ineffassign + - ineffassign pkg/*.go + +misspell: + <<: *tests-setup + stage: tests + script: + - go get -u github.com/client9/misspell/cmd/misspell + - misspell pkg/*.go + # build-one jobs build packages for a single OS / ARCH combination. # # They are run during the first stage of the pipeline as a smoke test to ensure diff --git a/pkg/container_config.go b/pkg/container_config.go index c20a55e6..172a9a46 100644 --- a/pkg/container_config.go +++ b/pkg/container_config.go @@ -50,17 +50,20 @@ type containerConfig struct { Nvidia *nvidiaConfig } +// Root from OCI runtime spec // github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L94-L100 type Root struct { Path string `json:"path"` } +// Process from OCI runtime spec // github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L30-L57 type Process struct { Env []string `json:"env,omitempty"` Capabilities *json.RawMessage `json:"capabilities,omitempty" platform:"linux"` } +// LinuxCapabilities from OCI runtime spec // https://github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L61 type LinuxCapabilities struct { Bounding []string `json:"bounding,omitempty" platform:"linux"` @@ -70,6 +73,7 @@ type LinuxCapabilities struct { Ambient []string `json:"ambient,omitempty" platform:"linux"` } +// Spec from OCI runtime spec // We use pointers to structs, similarly to the latest version of runtime-spec: // https://github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L5-L28 type Spec struct { @@ -78,6 +82,7 @@ type Spec struct { Root *Root `json:"root,omitempty"` } +// HookState holds state information about the hook type HookState struct { Pid int `json:"pid,omitempty"` // After 17.06, runc is using the runtime spec: @@ -174,7 +179,7 @@ func isPrivileged(s *Spec) bool { // We only make sure that the bounding capabibility set has // CAP_SYS_ADMIN. This allows us to make sure that the container was // actually started as '--privileged', but also allow non-root users to - // access the priviliged NVIDIA capabilities. + // access the privileged NVIDIA capabilities. caps = lc.Bounding } @@ -316,13 +321,15 @@ func getNvidiaConfig(env map[string]string, privileged bool) *nvidiaConfig { } var devices string - if d := getDevices(env); d == nil || len(*d) == 0 || *d == "void" { + d := getDevices(env) + if d == nil || len(*d) == 0 || *d == "void" { // Environment variable unset or empty or "void": not a GPU container. return nil - } else { - // Environment variable non-empty and not "void". - devices = *d } + + // Environment variable non-empty and not "void". + devices = *d + if devices == "none" { devices = "" } diff --git a/pkg/hook_config.go b/pkg/hook_config.go index eff2f3f4..3790fc46 100644 --- a/pkg/hook_config.go +++ b/pkg/hook_config.go @@ -18,7 +18,7 @@ var defaultPaths = [...]string{ configPath, } -// CLIConfig: options for nvidia-container-cli. +// CLIConfig : options for nvidia-container-cli. type CLIConfig struct { Root *string `toml:"root"` Path *string `toml:"path"` @@ -33,6 +33,7 @@ type CLIConfig struct { AlphaMergeVisibleDevicesEnvvars bool `toml:"alpha-merge-visible-devices-envvars"` } +// HookConfig : options for the nvidia-container-toolkit. type HookConfig struct { DisableRequire bool `toml:"disable-require"` SwarmResource *string `toml:"swarm-resource"`