name: gvisor variant: scratch shell: /bin/bash dependencies: - stage: base steps: - sources: # gvisor repo 'master' branch is Bazel-bazed, so we need to find matching commit in the "go" branch # find the go-branch specific merge commit ("Merge release-... (automated)") which has the release-tagged commit as a parent - url: https://github.com/google/gvisor/archive/2f1ef2228e0ca861ced3ecc562f2629d6b2aa45a.tar.gz destination: gvisor.tar.gz sha256: 63419d6c5744f17f8f8229919ed2399e5e8d567735379b22f34acba2cfc8ab34 sha512: 567f72bbf701176e394ca5ad6ba1be8432e56d8f48344dc9561dba668536ca3132c7f9b8a19485b9518d35783b32426318def14e7ca9cc7c682ab26f1db9e293 env: GOPATH: /tmp/go cachePaths: - /.cache/go-build - /tmp/go/pkg - network: default prepare: - | sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml - | mkdir -p ${GOPATH}/src/github.com/google/gvisor tar -xzf gvisor.tar.gz --strip-components=1 -C ${GOPATH}/src/github.com/google/gvisor - | cd ${GOPATH}/src/github.com/google/gvisor go mod download - network: none build: - | cd ${GOPATH}/src/github.com/google/gvisor mkdir ./bin CGO_ENABLED=0 go build -o ./bin/runsc ./runsc CGO_ENABLED=0 go build -o ./bin/containerd-shim-runsc-v1 ./shim install: - | mkdir -p /rootfs/usr/local/bin cd ${GOPATH}/src/github.com/google/gvisor cp ./bin/runsc /rootfs/usr/local/bin/runsc chmod +x /rootfs/usr/local/bin/runsc cp ./bin/containerd-shim-runsc-v1 /rootfs/usr/local/bin/containerd-shim-runsc-v1 chmod +x /rootfs/usr/local/bin/containerd-shim-runsc-v1 - | mkdir -p /rootfs/etc/cri/conf.d cp /pkg/10-gvisor.part /pkg/runsc.toml /pkg/10-gvisor-kvm.part /pkg/runsc-kvm.toml /rootfs/etc/cri/conf.d/ test: - | mkdir -p /extensions-validator-rootfs cp -r /rootfs/ /extensions-validator-rootfs/rootfs cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" finalize: - from: /rootfs to: /rootfs - from: /pkg/manifest.yaml to: /