Merge pull request #4942 from lifubang/backport-1.3-4934-4917-4937

[1.3] ci: backport #4934 #4917 #4937
This commit is contained in:
Kir Kolyshkin
2025-10-15 23:16:29 -07:00
committed by GitHub
10 changed files with 14 additions and 16 deletions
-2
View File
@@ -217,8 +217,6 @@ jobs:
# NOTE the execution environment lacks a terminal, needed for
# some integration tests. So we use `ssh -tt` command to fake a terminal.
- uses: lima-vm/lima-actions/ssh@v1
- name: "Run unit tests"
run: ssh -tt lima-default sudo -i make -C /tmp/runc localunittest
+3 -3
View File
@@ -41,10 +41,10 @@ jobs:
sudo apt -qy install libseccomp-dev
- uses: golangci/golangci-lint-action@v7
with:
version: v2.1
# Extra linters, only checking new code from a pull request.
version: v2.5
# Extra linters, only checking new code from a pull request to main.
- name: lint-extra
if: github.event_name == 'pull_request'
if: github.event_name == 'pull_request' && github.base_ref == 'main'
run: |
golangci-lint run --config .golangci-extra.yml --new-from-rev=HEAD~1
+3 -3
View File
@@ -125,7 +125,7 @@ func getSealableFile(comment, tmpDir string) (file *os.File, sealFn SealFunc, er
// First, try an executable memfd (supported since Linux 3.17).
file, sealFn, err = Memfd(comment)
if err == nil {
return
return file, sealFn, err
}
logrus.Debugf("memfd cloned binary failed, falling back to O_TMPFILE: %v", err)
@@ -154,7 +154,7 @@ func getSealableFile(comment, tmpDir string) (file *os.File, sealFn SealFunc, er
file.Close()
continue
}
return
return file, sealFn, err
}
logrus.Debugf("O_TMPFILE cloned binary failed, falling back to mktemp(): %v", err)
// Finally, try a classic unlinked temporary file.
@@ -168,7 +168,7 @@ func getSealableFile(comment, tmpDir string) (file *os.File, sealFn SealFunc, er
file.Close()
continue
}
return
return file, sealFn, err
}
return nil, nil, fmt.Errorf("could not create sealable file for cloned binary: %w", err)
}
+1 -1
View File
@@ -209,7 +209,7 @@ func runContainer(t testing.TB, config *configs.Config, args ...string) (buffers
} else {
return buffers, -1, err
}
return
return buffers, exitCode, err
}
// runContainerOk is a wrapper for runContainer, simplifying its use for cases
@@ -34,7 +34,7 @@ func (m Mapping) toSys() (uids, gids []syscall.SysProcIDMap) {
Size: int(gid.Size),
})
}
return
return uids, gids
}
// id returns a unique identifier for this mapping, agnostic of the order of
+1 -1
View File
@@ -236,7 +236,7 @@ func syscallMode(i fs.FileMode) (o uint32) {
o |= unix.S_ISVTX
}
// No mapping for Go's ModeTemporary (plan9 only).
return
return o
}
// mountFd creates a "mount source fd" (either through open_tree(2) or just
+1 -1
View File
@@ -199,7 +199,7 @@ func newPipe(t *testing.T) (parent *os.File, child *os.File) {
parent.Close()
child.Close()
})
return
return parent, child
}
func reapChildren(t *testing.T, parent *os.File) {
+1 -1
View File
@@ -1158,7 +1158,7 @@ func msMoveRoot(rootfs string) error {
strings.HasPrefix(info.Mountpoint, rootfs) {
skip = true
}
return
return skip, stop
})
if err != nil {
return err
@@ -665,7 +665,7 @@ func filterFlags(config *configs.Seccomp, filter *libseccomp.ScmpFilter) (flags
}
}
return
return flags, noNewPrivs, err
}
func sysSeccompSetFilter(flags uint, filter []unix.SockFilter) (fd int, err error) {
@@ -695,7 +695,7 @@ func sysSeccompSetFilter(flags uint, filter []unix.SockFilter) (fd int, err erro
}
runtime.KeepAlive(filter)
runtime.KeepAlive(fprog)
return
return fd, err
}
// PatchAndLoad takes a seccomp configuration and a libseccomp filter which has
+1 -1
View File
@@ -111,5 +111,5 @@ func Annotations(labels []string) (bundle string, userAnnotations map[string]str
userAnnotations[name] = value
}
}
return
return bundle, userAnnotations
}