Skip to content

CI: build crun/runc from source and bump bats/cni-plugins #641

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
giuseppe merged 1 commit into from
Mar 4, 2026
Merged

CI: build crun/runc from source and bump bats/cni-plugins #641

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .github/renovate.json5
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,4 +49,16 @@
/*************************************************
*** Repository-specific configuration options ***
*************************************************/

// Track dependency versions in hack/github-actions-setup
"customManagers": [
{
"customType": "regex",
"fileMatch": ["hack/github-actions-setup"],
"matchStrings": [
"# renovate: datasource=(?<datasource>\\S+) depName=(?<depName>\\S+)\\n\\s+\\[\"[^\"]+\"\\]=(?<currentValue>\\S+)"
],
"versioningTemplate": "semver"
}
]
}
3 changes: 2 additions & 1 deletion .github/workflows/integration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,8 @@ jobs:
CRIO_DIR=$(sudo go env GOPATH)/src/github.com/cri-o/cri-o
sudo make -C "$CRIO_DIR" all test-binaries
# skip seccomp tests because they have permission denied issues in a container and accept signed image as they don't use conmon
sudo rm -f "$CRIO_DIR"/test/seccomp*.bats "$CRIO_DIR"/test/image.bats "$CRIO_DIR"/test/policy.bats
# skip crio-wipe tests as they test cri-o's wipe functionality, not conmon
sudo rm -f "$CRIO_DIR"/test/seccomp*.bats "$CRIO_DIR"/test/image.bats "$CRIO_DIR"/test/policy.bats "$CRIO_DIR"/test/crio-wipe.bats
sudo sh -c "cd $CRIO_DIR; RUN_CRITEST=${{ matrix.critest }} ./test/test_runner.sh"
env:
JOBS: '2'
Expand Down
40 changes: 21 additions & 19 deletions hack/github-actions-setup
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,14 @@
set -euo pipefail

declare -A VERSIONS=(
["cni-plugins"]=v1.3.0
["runc"]=v1.1.14
["crun"]=1.17
["bats"]=v1.9.0
# renovate: datasource=github-releases depName=containernetworking/plugins
["cni-plugins"]=v1.9.0
# renovate: datasource=github-releases depName=bats-core/bats-core
["bats"]=v1.13.0
# renovate: datasource=github-releases depName=opencontainers/runc
["runc"]=v1.4.0
# renovate: datasource=github-releases depName=containers/crun
["crun"]=1.26
)

main() {
Expand Down Expand Up @@ -122,26 +126,24 @@ install_cni_plugins() {
}

install_runc() {
URL=https://github.com/opencontainers/runc/releases/download/"${VERSIONS["runc"]}"
BINARY=/usr/sbin/runc
sudo wget -O "$BINARY" "$URL"/runc.amd64
sudo chmod +x "$BINARY"

# Verify the SHA256
SUMFILE=runc.sha256sum
wget "$URL"/$SUMFILE
grep -qw "$(sha256sum "$BINARY" | awk '{ print $1 }')" $SUMFILE
rm $SUMFILE
git clone --depth 1 --branch "${VERSIONS["runc"]}" https://github.com/opencontainers/runc
pushd runc
make
sudo install -D -m0755 runc /usr/sbin/runc
popd
rm -rf runc

runc --version
}

install_crun() {
URL=https://github.com/containers/crun/releases/download/"${VERSIONS["crun"]}"/crun-"${VERSIONS["crun"]}"-linux-amd64

BINARY=/usr/bin/crun
sudo wget -O "$BINARY" "$URL"
sudo chmod +x "$BINARY"
git clone --depth 1 --branch "${VERSIONS["crun"]}" https://github.com/containers/crun
pushd crun
./autogen.sh
./configure
sudo make -j "$(nproc)" install prefix=/usr
popd
sudo rm -rf crun

crun --version
}
Expand Down