Run various versions of kaniko against runc and various versions of gVisor

kaniko-gvisor-test.bash

#!/bin/bash
# test kaniko under gvisor

declare Pkg=kgtest
declare Version=0.1.0

set -o pipefail

# usage: msg MSG
function msg () {
    echo "$Pkg: $*"
}

# usage: err MSG
function err () {
    msg "$*" 1>&2
}

# usage: get-runsc URL [TAG]
function get-runsc () {
    local url=$1
    if [[ ! $url ]]; then
        err "get-runc: missing required argument: URL"
        return 10
    fi
    shift
    local tag=$1
    local target=runsc
    if [[ $tag ]]; then
        target=$target-$tag
    fi
    local tmp=/tmp/$target
    if ! curl --fail --silent --location --output "$tmp" "$url"; then
        err "failed to download runsc: $url"
        return 1
    fi
    if ! chmod 755 "$tmp"; then
        err "failed to chmod $tmp"
        rm -f "$tmp"
        return 1
    fi
    local version
    version=$("$tmp" --version | awk 'NR == 1 { v=$3; sub("^release-", "", v); print v }')
    if [[ $? -ne 0 || ! $version ]]; then
        err "failed to get version of $target: $version"
        rm -f "$tmp"
        return 1
    fi
    local bin=/usr/local/bin/runsc-$version
    if ! sudo install "$tmp" "$bin"; then
        err "failed to install $tmp as $bin"
        rm -f "$tmp"
        return 1
    fi
    if ! rm "$tmp"; then
        err "failed to remove temp file: $tmp"
        rm -f "$tmp"
    fi
    local link=/usr/local/bin/$target
    if [[ -L $link ]]; then
        if ! sudo rm "$link"; then
            err "failed to remove existing link: $link"
            return 1
        fi
    fi
    if ! sudo ln -s "$bin" "$link"; then
        err "failed to create symbolic link $link -> $bin"
        return 1
    fi
}

function main () {
    local channel url tag
    local channels="release nightly master"
    for channel in $channels; do
        url=https://storage.googleapis.com/gvisor/releases/$channel/latest/runsc
        tag=${channel##release}
        msg "downloading $url as runsc $tag"
        if ! get-runsc "$url" "$tag"; then
            return 1
        fi
    done
    
    local daemon_cfg='{
    "runtimes": {
        "runsc": {
            "path": "/usr/local/bin/runsc"
        },
        "runsc-nightly": {
            "path": "/usr/local/bin/runsc-nightly"
        },
        "runsc-master": {
            "path": "/usr/local/bin/runsc-master"
        }
    }
}'
    local daemon_file=/etc/docker/daemon.json
    if ! sudo bash -c "echo '$daemon_cfg' > '$daemon_file'"; then
        err "failed to create $daemon_file"
        return 1
    fi
    if ! sudo systemctl restart docker; then
        err "failed to restart docker daemon"
        return 1
    fi

    local runtime kaniko_version kaniko_image destination
    local runtime_versions="runc runsc runsc-nightly runsc-master"
    local kaniko_versions="v0.16.0 v0.17.1 16e60cd6d498231751818a83cf3f7cfc45345ca7 debug-16e60cd6d498231751818a83cf3f7cfc45345ca7"
    local registry=$DOCKER_REGISTRY
    local verbosity=info # debug
    for runtime in $runtime_versions; do
        for kaniko_version in $kaniko_versions; do
            kaniko_image=gcr.io/kaniko-project/executor:$kaniko_version
            echo "$kaniko_image"
            "$runtime" --version
            destination=$registry/kgtest:0.0.0-$(date -u +%Y%m%d%H%M%S)
            if ! docker run --runtime="$runtime" -it --rm \
                 -v /vagrant/.docker:/kaniko/.docker -v /vagrant:/workspace \
                 "$kaniko_image" --dockerfile=Dockerfile --context=/workspace \
                 --destination="$destination" --force -v="$verbosity"
            then
                err "FAILED: $runtime $kaniko_image"
            fi
            echo
        done
    done
}

main "$@"