proctor is running in a sandbox and it executes tests. If it is able to
handle timeouts, we will know that a test sandbox is alive and proctor
will send SIGTERM to test processes and collect all logs.
In addition, these changes contains a few things:
* upload runsc logs with other test artifacts.
* increase log level for java tests.
* call Fatalf instead of Errorf when we want to terminate a test.
PiperOrigin-RevId: 437385756
make run-benchmark should not install a new runtime. Instead, just run the
benchmark with the given RUNTIME.
Move all of the logic to install the runtime to benchmark-platforms.
PiperOrigin-RevId: 434838884
- Generates a lisafs variant of all syscall tests.
- Adds Makefile targets to run runtime tests with lisafs. We run runtime tests
continuously (on every commit to master) and on presubmits iff the commit
message contains "lisafs".
- Updates the docker tests target to run the integration tests with lisafs too.
Fixes#5466
PiperOrigin-RevId: 433782954
This will make deadlocks more apparent in test results. Currently runtime tests
just timeout after 30 mins if there is some deadlock.
PiperOrigin-RevId: 433654750
First, this change moves the internal config API to use flag.FlagSet, which
allows more flexibility and fixes many test usages.
Second, the runtime flags are validated during install. The platform is opened
and a warning issued if this fails, but this is not fatal.
This change requires moving the Makefile to --test_env, since the attribute
is not properly supported by test targets. Therefore, the targets can use args
while the Makefile must pass in configuration via --test_env.
PiperOrigin-RevId: 428048274
A recent change stopped using the correct file (the export data, not the
archive) and checklocks started failing. Unfortunately, this was suppressed,
since the filter command was not failing with findings.
This change fixes that problem and adds a test to ensure that this cannot
happen again. If nogo starts failing to identify problems, the sanity_test in
nogo/sanity will also start to fail.
This change also requires updating the WORKSPACE to the latest rules_go and
Go version, in order to pick up the fixed go_tools. The latest rules_go in
turn required an updated bazel, which in turn required a minor change in the
coverdata implementation.
Fixing the fact propagation brought forward a number of problems with caching
for bazel workers. Its unclear whether this was a core worker issue or whether
some caching was broken, but the situation was basically undebugable. Instead,
the way facts are stored and loaded is optimized to be able to remove the use
of workers altogether and ideally make nogo debuggable.
PiperOrigin-RevId: 426327186
This adds a test to smoke-tests to ensure that the race build does not
break again. In debugging this issue, a race in the nogo tool itself
was discovered, and a related fix is included.
PiperOrigin-RevId: 424393624
This change makes the core nogo package less of a "catch all", and splits
functionality into multiple packages. Instead of separate binaries for each
function, a single "cli" package is added with subcommands, and the core
starlark wrappers are also refactored to minimize redundancy.
The new "cli" package also adds support for a "render" command, which
allows factors to be rendered via a Go text template. This is useful for
debugging, but also allows code generation to be updated to use this
mechanism. This eliminates the use of a QEMU wrapper for the older
arch_genrule, and allows the use of a native bazel transition to extract
facts for the appropriate generated file. In other words, the correct facts
will be rendered for generating XXX_arm64.s, even on amd64.
PiperOrigin-RevId: 422846459
We add a simple image that will generate certificates as a init container,
and refer to this directly use the Kubernetes yaml. Note that this also fixes
the issue of versioning within the yaml file, as this will now generate a
version of this file that refers to the precise local versions.
PiperOrigin-RevId: 421671040
containerd < 1.4 does not support cgroupv2, so we adjust the Make
targets and installer scripts to skip test run on those versions.
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
In some cases, it may be desirable to prebuild binaries and run all tests,
for example to run benchmarks with various experiments. Allow the top-level
Makefile to support this by checking for a STAGED_BINARIES variable.
PiperOrigin-RevId: 410673120
"cri.runtimeoptions.v1" moved to "runtimeoptions.v1" and containerd
configuration format version 2 is required.
Updates #6449
PiperOrigin-RevId: 405474653
Intermittenly, the connection between the client redis_benchmark container can be
flaky with the server, even if the server has been up for a long time. If this
happens, just re-run a client until we get a result.
Also, don't start a new server for each operation.
Also also, modify Makefile run-benchmark call to accept RUNTIME=runc correctly.
PiperOrigin-RevId: 378918886
We already have blocking nogo tests which show all findings. This job was
building all nogo targets, and posting all the findings to GitHub as a check
run. Building nogo takes a while so we actually end up wasting a lot of time
doing redundant work.
This is aligned with our goal of moving away from GitHub actions to BuildKite
only.
PiperOrigin-RevId: 370134875
Building nogo targets takes a very long time. This change extracts it into its
own BuildKite job.
This change also additionally speeds up other targets that were using the bazel
flag --test_tag_filters. Without --build_tag_filters, the filter is not
applied while building the specified targets and so we might end up building
targets that are not actually tested.
PiperOrigin-RevId: 368918211
By default, fusefs defers node permission checks to the server. The
default_permissions mount option enables the usual unix permission
checks based on the node owner and mode bits. Previously fusefs was
incorrectly checking permissions unconditionally.
Additionally, fusefs should restrict filesystem access to processes
started by the mount owner to prevent the fuse daemon from gaining
priviledge over other processes. The allow_other mount option
overrides this behaviour. Previously fusefs was incorrectly skipping
this check.
Updates #3229
PiperOrigin-RevId: 362419092
This is replaced with a straight call to bazel. Unfortunately,
the built gazelle target requires a bazel installation to run
anyways.
PiperOrigin-RevId: 355211990
gvisor-containerd-shim is not compatible with containerd 1.1 or earlier.
Starting from containerd 1.2, shim v2 is the preferred interface.
PiperOrigin-RevId: 351485556
This requires several changes:
* Templates must preserve relevant tags.
* Pagetables templates are split into two targets, each preserving tags.
* The binary VDSO is similarly split into two targets, with some juggling.
* The top level tools/go_branch.sh now does a crossbuild of ARM64 as well,
and checks and merges the results of the two branches together.
Fixes#5178
PiperOrigin-RevId: 351304330
This was not being tested as part of the unit test workflows, and thus was
not being hit normally. These tests are also added to the unit tests target.
PiperOrigin-RevId: 350766814
This allows us to link directly to profiling results from
the build results. The code uses the standard pprof http
server, exported from the Cloud Run instance.
PiperOrigin-RevId: 350440910
This includes minor fix-ups:
* Handle SIGTERM in runsc debug, to exit gracefully.
* Fix cmd.debug.go opening all profiles as RDONLY.
* Fix the test name in fio_test.go, and encode the block size in the test.
PiperOrigin-RevId: 350205718
This change cleans up some minor Makefile issues, and adds support for
BuildKite annotations on failure and on profiles being generated. These
annotations will make failures very clear and link to the artifacts.
This change is a stepping stone for aggregating coverage data from all
individual test jobs, as this will also happen in .buildkite/annotate.sh.
PiperOrigin-RevId: 349606598
Recursive make is difficult to follow and debug. Drop this by using
internal functions, which, while difficult, are easier than trying to
following recursive invokations.
Further simplify the Makefile by collapsing the image bits and removing
the tools/vm directory, which is effectively unused.
Fixes#4952
PiperOrigin-RevId: 346569133
Andrei Vagin
Lucas Manning
Zach Koopmans
Ayush Ranjan
Adin Scannell
Fabricio Voznika
Zeling Feng
Daniel Dao
Rahat Mahmood
Ian Lewis
Peter Johnston