mirror of
https://github.com/NVIDIA/nvidia-container-toolkit
synced 2024-11-22 00:08:11 +00:00
Add common CI tests for things like golint, gofmt, unit tests, etc
This commit also fixes the minor issues uncovered while running these tests locally. Signed-off-by: Kevin Klues <kklues@nvidia.com>
This commit is contained in:
Kevin Klues
parent
a7fb33301c
commit
fe65573bdf
@ -1,9 +1,20 @@
|
|||||||
# Build packages for all supported OS / ARCH combinations
|
# Build packages for all supported OS / ARCH combinations
|
||||||
|
|
||||||
stages:
|
stages:
|
||||||
|
- tests
|
||||||
- build-one
|
- build-one
|
||||||
- build-all
|
- build-all
|
||||||
|
|
||||||
|
.tests-setup: &tests-setup
|
||||||
|
image: golang:1.14.4
|
||||||
|
|
||||||
|
rules:
|
||||||
|
- when: always
|
||||||
|
|
||||||
|
before_script:
|
||||||
|
- mkdir -p ${GOPATH}/src/github.com/NVIDIA/
|
||||||
|
- ln -s ${CI_PROJECT_DIR} ${GOPATH}/src/github.com/NVIDIA/${CI_PROJECT_NAME}
|
||||||
|
|
||||||
.build-setup: &build-setup
|
.build-setup: &build-setup
|
||||||
image: docker:19.03.8
|
image: docker:19.03.8
|
||||||
|
|
||||||
@ -17,6 +28,48 @@ stages:
|
|||||||
- apk add coreutils build-base sed git bash make
|
- apk add coreutils build-base sed git bash make
|
||||||
- docker run --rm --privileged multiarch/qemu-user-static --reset -p yes -c yes
|
- docker run --rm --privileged multiarch/qemu-user-static --reset -p yes -c yes
|
||||||
|
|
||||||
|
# Run a series of sanity-check tests over the code
|
||||||
|
lint:
|
||||||
|
<<: *tests-setup
|
||||||
|
stage: tests
|
||||||
|
script:
|
||||||
|
- go get -u golang.org/x/lint/golint
|
||||||
|
- golint -set_exit_status github.com/NVIDIA/${CI_PROJECT_NAME}/pkg
|
||||||
|
|
||||||
|
vet:
|
||||||
|
<<: *tests-setup
|
||||||
|
stage: tests
|
||||||
|
script:
|
||||||
|
- go vet github.com/NVIDIA/${CI_PROJECT_NAME}/pkg
|
||||||
|
|
||||||
|
unit_test:
|
||||||
|
<<: *tests-setup
|
||||||
|
stage: tests
|
||||||
|
script:
|
||||||
|
- go test github.com/NVIDIA/${CI_PROJECT_NAME}/pkg
|
||||||
|
|
||||||
|
fmt:
|
||||||
|
<<: *tests-setup
|
||||||
|
stage: tests
|
||||||
|
script:
|
||||||
|
- res=$(gofmt -l *.go)
|
||||||
|
- echo "$res"
|
||||||
|
- test -z "$res"
|
||||||
|
|
||||||
|
ineffassign:
|
||||||
|
<<: *tests-setup
|
||||||
|
stage: tests
|
||||||
|
script:
|
||||||
|
- go get -u github.com/gordonklaus/ineffassign
|
||||||
|
- ineffassign pkg/*.go
|
||||||
|
|
||||||
|
misspell:
|
||||||
|
<<: *tests-setup
|
||||||
|
stage: tests
|
||||||
|
script:
|
||||||
|
- go get -u github.com/client9/misspell/cmd/misspell
|
||||||
|
- misspell pkg/*.go
|
||||||
|
|
||||||
# build-one jobs build packages for a single OS / ARCH combination.
|
# build-one jobs build packages for a single OS / ARCH combination.
|
||||||
#
|
#
|
||||||
# They are run during the first stage of the pipeline as a smoke test to ensure
|
# They are run during the first stage of the pipeline as a smoke test to ensure
|
||||||
|
|||||||
@ -50,17 +50,20 @@ type containerConfig struct {
|
|||||||
Nvidia *nvidiaConfig
|
Nvidia *nvidiaConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Root from OCI runtime spec
|
||||||
// github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L94-L100
|
// github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L94-L100
|
||||||
type Root struct {
|
type Root struct {
|
||||||
Path string `json:"path"`
|
Path string `json:"path"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Process from OCI runtime spec
|
||||||
// github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L30-L57
|
// github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L30-L57
|
||||||
type Process struct {
|
type Process struct {
|
||||||
Env []string `json:"env,omitempty"`
|
Env []string `json:"env,omitempty"`
|
||||||
Capabilities *json.RawMessage `json:"capabilities,omitempty" platform:"linux"`
|
Capabilities *json.RawMessage `json:"capabilities,omitempty" platform:"linux"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// LinuxCapabilities from OCI runtime spec
|
||||||
// https://github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L61
|
// https://github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L61
|
||||||
type LinuxCapabilities struct {
|
type LinuxCapabilities struct {
|
||||||
Bounding []string `json:"bounding,omitempty" platform:"linux"`
|
Bounding []string `json:"bounding,omitempty" platform:"linux"`
|
||||||
@ -70,6 +73,7 @@ type LinuxCapabilities struct {
|
|||||||
Ambient []string `json:"ambient,omitempty" platform:"linux"`
|
Ambient []string `json:"ambient,omitempty" platform:"linux"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Spec from OCI runtime spec
|
||||||
// We use pointers to structs, similarly to the latest version of runtime-spec:
|
// We use pointers to structs, similarly to the latest version of runtime-spec:
|
||||||
// https://github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L5-L28
|
// https://github.com/opencontainers/runtime-spec/blob/v1.0.0/specs-go/config.go#L5-L28
|
||||||
type Spec struct {
|
type Spec struct {
|
||||||
@ -78,6 +82,7 @@ type Spec struct {
|
|||||||
Root *Root `json:"root,omitempty"`
|
Root *Root `json:"root,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// HookState holds state information about the hook
|
||||||
type HookState struct {
|
type HookState struct {
|
||||||
Pid int `json:"pid,omitempty"`
|
Pid int `json:"pid,omitempty"`
|
||||||
// After 17.06, runc is using the runtime spec:
|
// After 17.06, runc is using the runtime spec:
|
||||||
@ -174,7 +179,7 @@ func isPrivileged(s *Spec) bool {
|
|||||||
// We only make sure that the bounding capabibility set has
|
// We only make sure that the bounding capabibility set has
|
||||||
// CAP_SYS_ADMIN. This allows us to make sure that the container was
|
// CAP_SYS_ADMIN. This allows us to make sure that the container was
|
||||||
// actually started as '--privileged', but also allow non-root users to
|
// actually started as '--privileged', but also allow non-root users to
|
||||||
// access the priviliged NVIDIA capabilities.
|
// access the privileged NVIDIA capabilities.
|
||||||
caps = lc.Bounding
|
caps = lc.Bounding
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -316,13 +321,15 @@ func getNvidiaConfig(env map[string]string, privileged bool) *nvidiaConfig {
|
|||||||
}
|
}
|
||||||
|
|
||||||
var devices string
|
var devices string
|
||||||
if d := getDevices(env); d == nil || len(*d) == 0 || *d == "void" {
|
d := getDevices(env)
|
||||||
|
if d == nil || len(*d) == 0 || *d == "void" {
|
||||||
// Environment variable unset or empty or "void": not a GPU container.
|
// Environment variable unset or empty or "void": not a GPU container.
|
||||||
return nil
|
return nil
|
||||||
} else {
|
|
||||||
// Environment variable non-empty and not "void".
|
|
||||||
devices = *d
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Environment variable non-empty and not "void".
|
||||||
|
devices = *d
|
||||||
|
|
||||||
if devices == "none" {
|
if devices == "none" {
|
||||||
devices = ""
|
devices = ""
|
||||||
}
|
}
|
||||||
|
|||||||
@ -18,7 +18,7 @@ var defaultPaths = [...]string{
|
|||||||
configPath,
|
configPath,
|
||||||
}
|
}
|
||||||
|
|
||||||
// CLIConfig: options for nvidia-container-cli.
|
// CLIConfig : options for nvidia-container-cli.
|
||||||
type CLIConfig struct {
|
type CLIConfig struct {
|
||||||
Root *string `toml:"root"`
|
Root *string `toml:"root"`
|
||||||
Path *string `toml:"path"`
|
Path *string `toml:"path"`
|
||||||
@ -33,6 +33,7 @@ type CLIConfig struct {
|
|||||||
AlphaMergeVisibleDevicesEnvvars bool `toml:"alpha-merge-visible-devices-envvars"`
|
AlphaMergeVisibleDevicesEnvvars bool `toml:"alpha-merge-visible-devices-envvars"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// HookConfig : options for the nvidia-container-toolkit.
|
||||||
type HookConfig struct {
|
type HookConfig struct {
|
||||||
DisableRequire bool `toml:"disable-require"`
|
DisableRequire bool `toml:"disable-require"`
|
||||||
SwarmResource *string `toml:"swarm-resource"`
|
SwarmResource *string `toml:"swarm-resource"`
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user