Skip to content

Try to force cgroup v2 with systemd-nspawn to support RPi OS bookworm… #125

Try to force cgroup v2 with systemd-nspawn to support RPi OS bookworm…

Try to force cgroup v2 with systemd-nspawn to support RPi OS bookworm… #125

Workflow file for this run

name: build-os
on:
pull_request:
branches:
- main
paths-ignore:
- '**/README.md'
push:
branches:
- main
paths-ignore:
- '**/README.md'
merge_group:
workflow_dispatch:
jobs:
build:
name: Test containers
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Download and cache base image
id: download-base
uses: ethanjli/[email protected]
with:
url: https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64-lite.img.xz
destination: /tmp/2024-03-15-raspios-bookworm-arm64-lite.img.xz
- name: Grow the image
id: grow-image
uses: ethanjli/[email protected]
with:
image: ${{ steps.download-base.outputs.destination }}
destination: rpi-os-image.img
mode: to
size: 8G
# Run shell commands as root
- name: Install and run cowsay
uses: ./
with:
image: rpi-os-image.img
run: |
apt-get update
apt-get install -y cowsay
/usr/games/cowsay 'I am running in a light-weight namespace container!'
# Run shell commands in a specific shell
- name: Run in Python
uses: ./
with:
image: rpi-os-image.img
shell: python
run: |
import platform
for word in reversed(['!', platform.python_version(), 'Python', 'in', 'running', 'am', 'I']):
print(word, end=' ')
# Run a shell with complicated quoting rules
- name: Run subshell with complicated quoting rules
uses: ./
with:
image: rpi-os-image.img
shell: >
sh -c "bash -c \"bash -c 'sh -c {0}'\""
run: |
/usr/games/cowsay "I am $USER!"
# Run shell commands as the pi user
- name: Run script without root permissions
uses: ./
with:
image: rpi-os-image.img
user: pi
shell: sh
run: |
sudo apt-get update
sudo apt-get install -y figlet
figlet -f bubble "I am $USER!"
# Run an external script directly, with the shell selected by the shebang line
- name: Make a script on the host
uses: 1arp/[email protected]
with:
file: figlet.sh
content: |
#!/usr/bin/env -S bash -eux
figlet -f digital "I am $USER in $SHELL!"
- name: Make the script executable
run: chmod a+x figlet.sh
- name: Run script directly
uses: ./
with:
image: rpi-os-image.img
args: --bind "$(pwd)":/run/external
user: pi
shell: /run/external/figlet.sh
# Run shell commands with one or more bind mounts from the host OS
- name: Make a bootloader configuration snippet
uses: 1arp/[email protected]
with:
file: boot-config.snippet
content: |
# Enable support for the RV3028 RTC
dtoverlay=i2c-rtc,rv3028,trickle-resistor-ohms=3000,backup-switchover-mode=1
- name: Modify bootloader configuration
uses: ./
with:
image: rpi-os-image.img
args: --bind "$(pwd)":/run/external
run: |
cat /run/external/boot-config.snippet >> /boot/config.txt
cp /boot/config.txt /run/external/boot.config
- name: Print the bootloader config
run: cat boot.config
- name: Query installed packages
uses: ./
with:
image: rpi-os-image.img
args: --bind "$(pwd)":/run/external
run: |
#/usr/bin/env bash -x
dpkg-query -l | tee > /run/external/installed-packages.txt
- name: Upload the bootup timeline to Job Artifacts
uses: actions/upload-artifact@v4
with:
name: installed-packages
path: installed-packages.txt
if-no-files-found: error
overwrite: true
# Run shell commands in a booted container
- name: Analyze systemd boot process
uses: ./
with:
image: rpi-os-image.img
args: --bind "$(pwd)":/run/external
boot: true
run: |
while ! systemd-analyze 2>/dev/null; do
echo "Waiting for boot to finish..."
sleep 5
done
systemd-analyze critical-chain | cat
systemd-analyze blame | cat
systemd-analyze plot > /run/external/bootup-timeline.svg
echo "Done!"
- name: Upload the bootup timeline to Job Artifacts
uses: actions/upload-artifact@v4
with:
name: bootup-timeline
path: bootup-timeline.svg
if-no-files-found: error
overwrite: true
# Run shell commands as the pi user in a booted container
- name: Run as user in booted container
uses: ./
with:
image: rpi-os-image.img
user: pi
boot: true
run: |
/usr/games/cowsay "I am $USER!"
if [ "$USER" != "pi" ]; then
exit 666
fi
# Check cgroup version
- name: Confirm use of cgroup v2
uses: ./
with:
# Note: this test should be run on a bookworm image to exercise the required functionality
image: rpi-os-image.img
boot: true
run: |
#!/bin/sh -e
echo "cgroup v2 mount:"
mount | grep cgroup2