Try to force cgroup v2 with systemd-nspawn to support RPi OS bookworm… #125
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build-os | |
on: | |
pull_request: | |
branches: | |
- main | |
paths-ignore: | |
- '**/README.md' | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- '**/README.md' | |
merge_group: | |
workflow_dispatch: | |
jobs: | |
build: | |
name: Test containers | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Download and cache base image | |
id: download-base | |
uses: ethanjli/[email protected] | |
with: | |
url: https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64-lite.img.xz | |
destination: /tmp/2024-03-15-raspios-bookworm-arm64-lite.img.xz | |
- name: Grow the image | |
id: grow-image | |
uses: ethanjli/[email protected] | |
with: | |
image: ${{ steps.download-base.outputs.destination }} | |
destination: rpi-os-image.img | |
mode: to | |
size: 8G | |
# Run shell commands as root | |
- name: Install and run cowsay | |
uses: ./ | |
with: | |
image: rpi-os-image.img | |
run: | | |
apt-get update | |
apt-get install -y cowsay | |
/usr/games/cowsay 'I am running in a light-weight namespace container!' | |
# Run shell commands in a specific shell | |
- name: Run in Python | |
uses: ./ | |
with: | |
image: rpi-os-image.img | |
shell: python | |
run: | | |
import platform | |
for word in reversed(['!', platform.python_version(), 'Python', 'in', 'running', 'am', 'I']): | |
print(word, end=' ') | |
# Run a shell with complicated quoting rules | |
- name: Run subshell with complicated quoting rules | |
uses: ./ | |
with: | |
image: rpi-os-image.img | |
shell: > | |
sh -c "bash -c \"bash -c 'sh -c {0}'\"" | |
run: | | |
/usr/games/cowsay "I am $USER!" | |
# Run shell commands as the pi user | |
- name: Run script without root permissions | |
uses: ./ | |
with: | |
image: rpi-os-image.img | |
user: pi | |
shell: sh | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y figlet | |
figlet -f bubble "I am $USER!" | |
# Run an external script directly, with the shell selected by the shebang line | |
- name: Make a script on the host | |
uses: 1arp/[email protected] | |
with: | |
file: figlet.sh | |
content: | | |
#!/usr/bin/env -S bash -eux | |
figlet -f digital "I am $USER in $SHELL!" | |
- name: Make the script executable | |
run: chmod a+x figlet.sh | |
- name: Run script directly | |
uses: ./ | |
with: | |
image: rpi-os-image.img | |
args: --bind "$(pwd)":/run/external | |
user: pi | |
shell: /run/external/figlet.sh | |
# Run shell commands with one or more bind mounts from the host OS | |
- name: Make a bootloader configuration snippet | |
uses: 1arp/[email protected] | |
with: | |
file: boot-config.snippet | |
content: | | |
# Enable support for the RV3028 RTC | |
dtoverlay=i2c-rtc,rv3028,trickle-resistor-ohms=3000,backup-switchover-mode=1 | |
- name: Modify bootloader configuration | |
uses: ./ | |
with: | |
image: rpi-os-image.img | |
args: --bind "$(pwd)":/run/external | |
run: | | |
cat /run/external/boot-config.snippet >> /boot/config.txt | |
cp /boot/config.txt /run/external/boot.config | |
- name: Print the bootloader config | |
run: cat boot.config | |
- name: Query installed packages | |
uses: ./ | |
with: | |
image: rpi-os-image.img | |
args: --bind "$(pwd)":/run/external | |
run: | | |
#/usr/bin/env bash -x | |
dpkg-query -l | tee > /run/external/installed-packages.txt | |
- name: Upload the bootup timeline to Job Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: installed-packages | |
path: installed-packages.txt | |
if-no-files-found: error | |
overwrite: true | |
# Run shell commands in a booted container | |
- name: Analyze systemd boot process | |
uses: ./ | |
with: | |
image: rpi-os-image.img | |
args: --bind "$(pwd)":/run/external | |
boot: true | |
run: | | |
while ! systemd-analyze 2>/dev/null; do | |
echo "Waiting for boot to finish..." | |
sleep 5 | |
done | |
systemd-analyze critical-chain | cat | |
systemd-analyze blame | cat | |
systemd-analyze plot > /run/external/bootup-timeline.svg | |
echo "Done!" | |
- name: Upload the bootup timeline to Job Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: bootup-timeline | |
path: bootup-timeline.svg | |
if-no-files-found: error | |
overwrite: true | |
# Run shell commands as the pi user in a booted container | |
- name: Run as user in booted container | |
uses: ./ | |
with: | |
image: rpi-os-image.img | |
user: pi | |
boot: true | |
run: | | |
/usr/games/cowsay "I am $USER!" | |
if [ "$USER" != "pi" ]; then | |
exit 666 | |
fi | |
# Check cgroup version | |
- name: Confirm use of cgroup v2 | |
uses: ./ | |
with: | |
# Note: this test should be run on a bookworm image to exercise the required functionality | |
image: rpi-os-image.img | |
boot: true | |
run: | | |
#!/bin/sh -e | |
echo "cgroup v2 mount:" | |
mount | grep cgroup2 |