Merge branch 'runfinch:main' into dockercompat

.github/workflows/ci-docs.yaml

@@ -15,15 +15,20 @@ on:
     paths:
       - '**.md'
       - 'contrib/**'
-      - '.github/CODEOWNERS'
+      - '!contrib/packaging/**'
+      - '.github/**'
+      - '!.github/workflows/ci.yaml'
+      - '!.github/workflows/e2e-*.yaml'
   pull_request:
     branches:
       - main
     paths:
       - '**.md'
       - 'contrib/**'
       - '!contrib/packaging/**'
-      - '.github/CODEOWNERS'
+      - '.github/**'
+      - '!.github/workflows/ci.yaml'
+      - '!.github/workflows/e2e-*.yaml'
 
 jobs:
   git-secrets:
@@ -32,10 +37,10 @@ jobs:
       - name: Pull latest awslabs/git-secrets repo
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
-           repository: awslabs/git-secrets
-           ref: 1.3.0
-           fetch-tags: true
-           path: git-secrets
+          repository: awslabs/git-secrets
+          ref: 1.3.0
+          fetch-tags: true
+          path: git-secrets
       - name: Install git secrets from source
         run: sudo make install
         working-directory: git-secrets
@@ -72,28 +77,44 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - run: echo "Skipping CI for docs & contrib files"
-  e2e-tests:
+  macos-e2e-tests:
     strategy:
       matrix:
         os:
           [
-            [self-hosted, macos, amd64, 13, test],
-            [self-hosted, macos, amd64, 14, test],
-            [self-hosted, macos, arm64, 13, test],
-            [self-hosted, macos, arm64, 14, test],
+            [13, test-e2e-container, X64, test],
+            [13, test-e2e-container, arm64, test],
+            [13, test-e2e-vm-serial, X64, test],
+            [13, test-e2e-vm-serial, arm64, test],
+            [14, test-e2e-container, X64, test],
+            [14, test-e2e-container, arm64, test],
+            [14, test-e2e-vm-serial, X64, test],
+            [14, test-e2e-vm-serial, arm64, test],
           ]
-        test-command: ['test-e2e-vm-serial', 'test-e2e-container']
-    runs-on: ${{ matrix.os }}
-    steps:
-      - run: echo "Skipping CI for docs & contrib files"
+    uses: ./.github/workflows/e2e-docs.yaml
+    with:
+      os: ${{ matrix.os }}
   windows-e2e-tests:
     strategy:
       matrix:
-        os: [[self-hosted, windows, amd64, test]]
-        test-command: ['test-e2e-vm-serial', 'test-e2e-container']
-    runs-on: ${{ matrix.os }}
-    steps:
-      - run: echo "Skipping CI for docs & contrib files"
+        os:
+          [[test-e2e-container, amd64, test], [test-e2e-vm-serial, amd64, test]]
+    uses: ./.github/workflows/e2e-docs.yaml
+    with:
+      os: ${{ matrix.os }}
+  linux-e2e-tests:
+    strategy:
+      matrix:
+        os:
+          [
+            [amazonlinux, X64, 2, test],
+            [amazonlinux, X64, 2023, test],
+            [amazonlinux, arm64, 2, test],
+            [amazonlinux, arm64, 2023, test],
+          ]
+    uses: ./.github/workflows/e2e-docs.yaml
+    with:
+      os: ${{ matrix.os }}
   mdlint:
     runs-on: ubuntu-latest
     steps:

.github/workflows/ci.yaml

@@ -5,18 +5,25 @@ on:
   push:
     branches:
       - main
-    paths-ignore:
-      - "**.md"
-      - "contrib/**"
-      - ".github/CODEOWNERS"
+    paths:
+      - '**.go'
+      - 'go.mod'
+      - 'go.sum'
+      - '.github/workflows/ci.yaml'
+      - '.github/workflows/e2e-*.yaml'
+      - 'contrib/packaging/**'
+      - '!contrib/hello-finch/**'
   pull_request:
     branches:
       - main
     paths:
-      - "**.go"
-      - "contrib/packaging/**"
-      - "!contrib/hello-finch/**"
-      - "!.github/CODEOWNERS"
+      - '**.go'
+      - 'go.mod'
+      - 'go.sum'
+      - '.github/workflows/ci.yaml'
+      - '.github/workflows/e2e-*.yaml'
+      - 'contrib/packaging/**'
+      - '!contrib/hello-finch/**'
   workflow_dispatch:
 permissions:
   id-token: write
@@ -147,10 +154,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        version: ["13", "14"]
-        test-command: ["test-e2e-vm-serial", "test-e2e-container"]
-        arch: ["X64", "arm64"]
-        runner-type: ["test"]
+        version: ['13', '14']
+        test-command: ['test-e2e-vm-serial', 'test-e2e-container']
+        arch: ['X64', 'arm64']
+        runner-type: ['test']
     uses: ./.github/workflows/e2e-macos.yaml
     secrets: inherit
     with:
@@ -162,9 +169,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        test-command: ["test-e2e-vm-serial", "test-e2e-container"]
-        arch: ["amd64"]
-        runner-type: ["test"]
+        test-command: ['test-e2e-vm-serial', 'test-e2e-container']
+        arch: ['amd64']
+        runner-type: ['test']
     uses: ./.github/workflows/e2e-windows.yaml
     secrets: inherit
     with:
@@ -175,26 +182,24 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: ["amazonlinux"]
-        arch: ["X64", "arm64"]
-        version: ["2023", "2"]
-        test-command: ["test-e2e-container"]
-        runner-type: ["test"]
+        os: ['amazonlinux']
+        arch: ['X64', 'arm64']
+        version: ['2023', '2']
+        runner-type: ['test']
     uses: ./.github/workflows/e2e-linux.yaml
     secrets: inherit
     with:
       os: ${{ matrix.os }}
       arch: ${{ matrix.arch }}
       version: ${{ matrix.version }}
       runner-type: ${{ matrix.runner-type }}
-      test-command: ${{ matrix.test-command }}
 
   mdlint:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0
         with:
-          args: "**/*.md"
+          args: '**/*.md'
           # CHANGELOG.md is only updated by release-please bot.
-          ignore: "CHANGELOG.md"
+          ignore: 'CHANGELOG.md'

.github/workflows/e2e-docs.yaml

@@ -0,0 +1,14 @@
+name: e2e-docs
+on:
+  workflow_call:
+    inputs:
+      os:
+        type: string
+        required: true
+jobs:
+  test:
+    runs-on: ['self-hosted', '${{ fromJson(inputs.os) }}']
+    steps:
+      - name: Skip
+        run: |
+          echo "Skipping CI for docs & contrib files"

.github/workflows/e2e-linux.yaml

@@ -14,9 +14,6 @@ on:
       runner-type:
         type: string
         required: true
-      test-command:
-        type: string
-        required: true
 
 permissions:
   # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
@@ -96,7 +93,7 @@ jobs:
           git clean -f -d
           # required by one of the tests which uses SSH_AUTH_SOCK
           eval "$(ssh-agent -s)"
-          INSTALLED=true REGISTRY=${{ steps.vars.outputs.has_creds == true && env.REGISTRY || '' }} sudo -E make ${{ inputs.test-command }}
+          INSTALLED=true REGISTRY=${{ steps.vars.outputs.has_creds == true && env.REGISTRY || '' }} sudo -E make test-e2e-container
       - name: Clean up repo AL2
         if: ${{ (startsWith(inputs.os, 'amazon') && inputs.version == '2' && always() ) }}
         run: |

e2e/vm/version_remote_test.go

@@ -19,10 +19,10 @@ import (
 )
 
 const (
-	nerdctlVersion    = "v1.7.6"
-	buildKitVersion   = "v0.12.5"
-	containerdVersion = "v1.7.16"
-	runcVersion       = "1.1.12"
+	nerdctlVersion    = "v1.7.7"
+	buildKitVersion   = "v0.15.2"
+	containerdVersion = "v1.7.22"
+	runcVersion       = "1.1.14"
 )
 
 type Versions struct {

finch.yaml.d/common.yaml

@@ -8,13 +8,13 @@ containerd:
   user: false
   # Override containerd archive
   # 🟢 Builtin default: hard-coded URL with hard-coded digest (see the output of `limactl info | jq .defaultTemplate.containerd.archives`)
-  #   archives:
-  #   - location: "https://deps.runfinch.com/x86-64/nerdctl-full-1.7.2-1-linux-amd64.tar.gz"
-  #     arch: "x86_64"
-  #     digest: "sha256:90851068e58417551384dafb3fced8165cbfa2799b51849f85f44c0ebef2c37a"
-  #   - location: "https://deps.runfinch.com/aarch64/nerdctl-full-1.7.2-1-linux-arm64.tar.gz"
-  #     arch: "aarch64"
-  #     digest: "sha256:f354541e6234235f2ea32d6ed64e9d59a7cc4e0b7f15e63deef9cd5e90a298ef"
+  archives:
+  - location: "https://deps.runfinch.com/x86-64/nerdctl-full-1.7.7-linux-amd64.tar.gz"
+    arch: "x86_64"
+    digest: "sha256:a731eac93e8e9dda1a0d76dc1606438deb0668ea7d6bd5c5af436353ed9f65c5"
+  - location: "https://deps.runfinch.com/aarch64/nerdctl-full-1.7.7-linux-arm64.tar.gz"
+    arch: "aarch64"
+    digest: "sha256:b161a20c0e41f9ad999e8411e23c58ece4b3e584ae90b4252b76a39eee4a0c31"
 
 provision:
   - mode: system

pkg/config/lima_config_applier.go

@@ -20,9 +20,9 @@ import (
 )
 
 const (
-	sociVersion                              = "0.5.0"
-	sociAMD64Sha256Sum                       = "768f73dbd2c772386df1d12d0a371e9cbcefebea4856623335a2e8ea5170691c"
-	sociARM64Sha256Sum                       = "9238e00426ec67a725d511e232476248f2379d66a4ccab224a50ad4c56a0292e"
+	sociVersion                              = "0.7.0"
+	sociAMD64Sha256Sum                       = "8766cdd479272dcc86299e70a0f7a9343f940c98285c1491bb3c3cdc05b26f47"
+	sociARM64Sha256Sum                       = "731d846b0884840feeba5dcc0f10d0b326d843d991b2ba1bee7ad2c90c225032"
 	snapshotterProvisioningScriptHeader      = "# snapshotter provisioning script"
 	sociInstallationProvisioningScriptHeader = snapshotterProvisioningScriptHeader + ": soci"
 	sociFileNameFormat                       = "soci-snapshotter-%s-linux-%s.tar.gz"
@@ -43,7 +43,7 @@ if [ ! -f /usr/local/bin/soci ]; then
 	  (echo "error: shasum verification failed for SOCI release tarball" && rm -f "${release_tarball}" && exit 1)
 
 	# move to usr/local/bin
-	tar -C /usr/local/bin -xvf ${release_tarball} ./soci ./soci-snapshotter-grpc
+	tar -C /usr/local/bin -xvf ${release_tarball} soci soci-snapshotter-grpc
 
 	# install as a systemd service
 	curl --retry 2 --retry-max-time 120 -OL "%s"