Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: rootless ci cd, sudo less github-runner #9633

Closed
wants to merge 1 commit into from
Closed

ci: rootless ci cd, sudo less github-runner #9633

wants to merge 1 commit into from

Conversation

zvonkok
Copy link
Contributor

@zvonkok zvonkok commented May 14, 2024
edited

We need updates on the github actions as well. We need/can eliminate most of the sudo commands.

The main issue is that all targets are built with sudo privileges aka root and builddir and destdir may have a mix of $USER and root owned files. That's why we have sudo sprinkled all around.

Additionally the kata-static-$(target-build).xz are also owned by root and that's why we're doing sudo oras.

With these patches all build files in builddir and destdir are owned by the $USER and not root anymore.

I have a github-runner without sudo privileges running. Here is an example of a simplified run: https://github.com/zvonkok/kata-containers/actions/runs/9082982416/job/24961219629?pr=14

@zvonkok zvonkok marked this pull request as draft May 14, 2024 16:59
@zvonkok zvonkok force-pushed the rootless-ci-cd branch 2 times, most recently from 37b486e to 28a11b1 Compare May 14, 2024 17:22
@zvonkok zvonkok changed the title WIP: rootless ci cd, sudo less github-runner ci: rootless ci cd, sudo less github-runner May 14, 2024
@zvonkok zvonkok force-pushed the rootless-ci-cd branch 3 times, most recently from 2a27605 to 60090dc Compare May 14, 2024 17:33
@zvonkok zvonkok marked this pull request as ready for review May 14, 2024 17:34
@katacontainersbot katacontainersbot added the size/large Task of significant size label May 14, 2024
@zvonkok
gpu: Add rootless ci cd, sudo less github-runner
ea7c056 
Add all modifications to do rootless ci/cd, sudo less github-runner

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
fidencio
fidencio reviewed May 14, 2024
View reviewed changes
tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -1148,7 +1148,9 @@ silent_mode_error_trap() {
}

main() {
git config --global --add safe.directory ${repo_root_dir}
#git config --global --add safe.directory ${repo_root_dir}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

leftover? :-)

fidencio
fidencio reviewed May 14, 2024
View reviewed changes
tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh
@@ -25,7 +25,7 @@ arch=$(uname -m)
[ "$arch" = "x86_64" ] && arch="amd64"
IMAGE_TAG="${REGISTRY}:kata-containers-$(git rev-parse HEAD)-${arch}"

sudo chown -R $USER $HOME/.docker
#chown -R $USER $HOME/.docker
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

leftover?

@zvonkok zvonkok closed this May 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fidencio fidencio fidencio left review comments

Assignees
No one assigned
Labels
ok-to-test size/large Task of significant size
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@zvonkok @fidencio @katacontainersbot