Skip to content

Commit 2521b0a

Browse files
ChengyuZhu6ChengyuZhu6
authored
Merge pull request #4867 from AkihiroSuda/split-containerd-version
CI: Windows: downgrade containerd to v2.2
2 parents d39281d + d60d859 commit 2521b0a

3 files changed

Lines changed: 68 additions & 16 deletions

File tree

.github/workflows/job-test-in-host.yml

Lines changed: 40 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,10 @@ on:
1515
required: false
1616
default: false
1717
type: boolean
18+
no-hyperv:
19+
required: false
20+
default: false
21+
type: boolean
1822
binary:
1923
required: false
2024
default: nerdctl
@@ -25,13 +29,19 @@ on:
2529
docker-version:
2630
required: true
2731
type: string
28-
containerd-version:
32+
windows-containerd-version:
33+
required: true
34+
type: string
35+
windows-containerd-sha:
36+
required: true
37+
type: string
38+
linux-containerd-version:
2939
required: true
3040
type: string
31-
containerd-sha:
41+
linux-containerd-sha:
3242
required: true
3343
type: string
34-
containerd-service-sha:
44+
linux-containerd-service-sha:
3545
required: true
3646
type: string
3747
windows-cni-version:
@@ -66,15 +76,22 @@ jobs:
6676
GO_VERSION: ${{ inputs.go-version }}
6777
# Both Docker and nerdctl on linux need rootful right now
6878
WITH_SUDO: ${{ contains(inputs.runner, 'ubuntu') }}
69-
CONTAINERD_VERSION: ${{ inputs.containerd-version }}
70-
CONTAINERD_SHA: ${{ inputs.containerd-sha }}
79+
WINDOWS_CONTAINERD_VERSION: ${{ inputs.windows-containerd-version }}
80+
WINDOWS_CONTAINERD_SHA: ${{ inputs.windows-containerd-sha }}
81+
LINUX_CONTAINERD_VERSION: ${{ inputs.linux-containerd-version }}
82+
LINUX_CONTAINERD_SHA: ${{ inputs.linux-containerd-sha }}
7183

7284
steps:
7385
- name: "Init: checkout"
7486
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
7587
with:
7688
fetch-depth: 1
7789

90+
- if: ${{ inputs.no-hyperv }}
91+
name: "Init (no-hyperv): Disable Hyper-V"
92+
run: |
93+
printf "NO_HYPERV=1\n" >> "$GITHUB_ENV"
94+
7895
- if: ${{ inputs.canary }}
7996
name: "Init (canary): retrieve latest go and containerd"
8097
env:
@@ -85,11 +102,22 @@ jobs:
85102
86103
[ "$latest_go" == "" ] || \
87104
printf "GO_VERSION=%s\n" "$latest_go" >> "$GITHUB_ENV"
88-
[ "${latest_containerd:1}" == "$CONTAINERD_VERSION" ] || {
89-
printf "CONTAINERD_VERSION=%s\n" "${latest_containerd:1}" >> "$GITHUB_ENV"
90-
printf "CONTAINERD_SHA=canary is volatile and I accept the risk\n" >> "$GITHUB_ENV"
105+
106+
if [[ "${{ inputs.runner }}" == *windows* ]]; then
107+
containerd_version="$WINDOWS_CONTAINERD_VERSION"
108+
else
109+
containerd_version="$LINUX_CONTAINERD_VERSION"
110+
fi
111+
[ "${latest_containerd:1}" == "$containerd_version" ] || {
112+
if [[ "${{ inputs.runner }}" == *windows* ]]; then
113+
printf "WINDOWS_CONTAINERD_VERSION=%s\n" "${latest_containerd:1}" >> "$GITHUB_ENV"
114+
printf "WINDOWS_CONTAINERD_SHA=canary is volatile and I accept the risk\n" >> "$GITHUB_ENV"
115+
else
116+
printf "LINUX_CONTAINERD_VERSION=%s\n" "${latest_containerd:1}" >> "$GITHUB_ENV"
117+
printf "LINUX_CONTAINERD_SHA=canary is volatile and I accept the risk\n" >> "$GITHUB_ENV"
118+
fi
91119
}
92-
if [ "$latest_go" == "" ] && [ "${latest_containerd:1}" == "$CONTAINERD_VERSION" ]; then
120+
if [ "$latest_go" == "" ] && [ "${latest_containerd:1}" == "$containerd_version" ]; then
93121
echo "::warning title=No canary::There is currently no canary versions to test. Steps will not run.";
94122
printf "SHOULD_RUN=no\n" >> "$GITHUB_ENV"
95123
fi
@@ -128,7 +156,7 @@ jobs:
128156
# FIXME: this is missing runc (see top level workflow note about the state of this)
129157
echo "::group:: install dependencies"
130158
sudo ./hack/provisioning/linux/containerd.sh uninstall
131-
./hack/provisioning/linux/containerd.sh rootful "$CONTAINERD_VERSION" "amd64" "$CONTAINERD_SHA" "${{ inputs.containerd-service-sha }}"
159+
./hack/provisioning/linux/containerd.sh rootful "$LINUX_CONTAINERD_VERSION" "amd64" "$LINUX_CONTAINERD_SHA" "${{ inputs.linux-containerd-service-sha }}"
132160
sudo ./hack/provisioning/linux/cni.sh uninstall
133161
./hack/provisioning/linux/cni.sh install "${{ inputs.linux-cni-version }}" "amd64" "${{ inputs.linux-cni-sha }}"
134162
echo "::endgroup::"
@@ -164,7 +192,8 @@ jobs:
164192
- if: ${{ contains(inputs.runner, 'windows') && env.SHOULD_RUN == 'yes' }}
165193
name: "Init (windows): prepare host"
166194
env:
167-
ctrdVersion: ${{ env.CONTAINERD_VERSION }}
195+
ctrdVersion: ${{ env.WINDOWS_CONTAINERD_VERSION }}
196+
ctrdSha: ${{ env.WINDOWS_CONTAINERD_SHA }}
168197
run: |
169198
# Install WinCNI
170199
echo "::group:: install wincni"

.github/workflows/workflow-test.yml

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -143,14 +143,23 @@ jobs:
143143
runner: ${{ matrix.runner }}
144144
binary: ${{ matrix.binary != '' && matrix.binary || 'nerdctl' }}
145145
canary: ${{ matrix.canary && true || false }}
146+
# Hyper-V is broken on canary.
147+
# [v2.3.0-beta.2 regression] The virtual machine or container JSON document is invalid. (Hyper-V container)
148+
# https://github.com/containerd/containerd/issues/13254
149+
no-hyperv: ${{ matrix.canary && true || false }}
146150
go-version: 1.26
147151
windows-cni-version: v0.3.1
148152
docker-version: 5:28.0.4-1~ubuntu.24.04~noble
149-
containerd-version: 2.3.0-beta.2
150-
# FIXME: containerd-sha is not verified (only affects tests)
153+
# Windows CI still requires containerd v2.2.
154+
# [v2.3.0-beta.2 regression] The virtual machine or container JSON document is invalid. (Hyper-V container)
155+
# https://github.com/containerd/containerd/issues/13254
156+
windows-containerd-version: 2.2.3
157+
windows-containerd-sha: 81314dd5e3baad958acae0e4d1ff21eb27b7c8f8809232ab06c9f397cd221e02
158+
linux-containerd-version: 2.3.0-beta.2
159+
# FIXME: containerd SHAs are not verified for authenticity (only affects tests)
151160
# https://github.com/containerd/nerdctl/issues/4666
152-
# Note: these as for amd64
153-
containerd-sha: sha256:feabdaf784298c5389972a93bf670b80abf7e674cd20a9d629fe133552046d0e
154-
containerd-service-sha: 1941362cbaa89dd591b99c32b050d82c583d3cd2e5fa63085d7017457ec5fca8
161+
# Note: these are for amd64
162+
linux-containerd-sha: feabdaf784298c5389972a93bf670b80abf7e674cd20a9d629fe133552046d0e
163+
linux-containerd-service-sha: 1941362cbaa89dd591b99c32b050d82c583d3cd2e5fa63085d7017457ec5fca8
155164
linux-cni-version: v1.9.1
156165
linux-cni-sha: b98f74a0f8522f0a83867178729c1aa70f2158f90c45a2ca8fa791db1c76b303

hack/provisioning/windows/containerd.ps1

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,22 @@ $ErrorActionPreference = "Stop"
22

33
#install containerd
44
$version=$env:ctrdVersion
5+
$expectedSha=$env:ctrdSha
56
echo "Installing containerd $version"
67
curl.exe -L https://github.com/containerd/containerd/releases/download/v$version/containerd-$version-windows-amd64.tar.gz -o containerd-windows-amd64.tar.gz
8+
9+
if ($expectedSha -eq "canary is volatile and I accept the risk") {
10+
echo "Skipping SHA256 verification (canary)"
11+
} else {
12+
$expected = $expectedSha.ToLower()
13+
$actual = (Get-FileHash -Algorithm SHA256 containerd-windows-amd64.tar.gz).Hash.ToLower()
14+
if ($actual -ne $expected) {
15+
Write-Error "SHA256 mismatch for containerd-windows-amd64.tar.gz: expected $expected, got $actual"
16+
exit 1
17+
}
18+
echo "SHA256 verified: $actual"
19+
}
20+
721
tar.exe xvf containerd-windows-amd64.tar.gz
822
mkdir -force "$Env:ProgramFiles\containerd"
923
cp ./bin/* "$Env:ProgramFiles\containerd"

0 commit comments

Comments
 (0)