Commit Graph

87 Commits

Author SHA1 Message Date
dependabot[bot] cfb22c9a0f build(deps): bump actions/checkout from 4 to 5
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-08-15 16:40:45 +00:00
Kir Kolyshkin 105674844e ci: use criu built from source on gha arm
Currently, criu package from opensuse build farm times out on GHA arm,
so let's only use criu-dev (i.e. compiled from source on CI machine).

Once this is fixed, this patch can be reverted.

Related to criu issue 2709.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-08-12 14:48:05 -07:00
Kir Kolyshkin 1cf096803a CI: switch to GHA for arm
Since GHA now provides ARM, we can switch away from actuated.

Many thanks to @alexellis (@self-actuated) for being the sponsor of this
project.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-08-12 14:00:13 -07:00
Kir Kolyshkin 1a26cf3a23 ci: speed up criu-dev install
Employ shallow git clone and parallel build, speeding up build.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-07-25 20:45:15 -07:00
Kir Kolyshkin 74209b739d ci/gha: allow to run jobs manually
... or from another job.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-05-14 16:12:37 -07:00
Kir Kolyshkin b39bd10590 ci/gha: fix exclusion rules
Commit 874207492 neglects to update the exclusion rules when bumping Go
releases, and so we no longer exclude running on actuated with older Go
release, or running with criu-dev with older Go release.

Fixes: 874207492 ("CI: add Go 1.24, drop go1.22")

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-05-14 15:57:10 -07:00
Kir Kolyshkin 8e3ee502c8 ci/cross-i386: retry adding ppa
For some reason, launchpad.net is frequently giving us Gateway Timeout.
Let's retry adding the ppa once to mitigate that.

(The alternative is not to install criu and thus run criu-related unit
tests on i386 -- this might actually be better).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-04-23 14:01:02 -07:00
Kir Kolyshkin 87ae2f8466 Unify and fix rootless key setup
For some reason, ssh-keygen is unable to write to /root even as root on
AlmaLinux 8:

	# id
	uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0
	# id -Z
	ls -ld /root
	# ssh-keygen -t ecdsa -N "" -f /root/rootless.key || cat /var/log/audit/audit.log
	Saving key "/root/rootless.key" failed: Permission denied

The audit.log shows:

> type=AVC msg=audit(1744834995.352:546): avc:  denied  { dac_override } for  pid=13471 comm="ssh-keygen" capability=1  scontext=system_u:system_r:ssh_keygen_t:s0 tcontext=system_u:system_r:ssh_keygen_t:s0 tclass=capability permissive=0
> type=SYSCALL msg=audit(1744834995.352:546): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5641c7587520 a2=241 a3=180 items=0 ppid=4978 pid=13471 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ssh-keygen" exe="/usr/bin/ssh-keygen" subj=system_u:system_r:ssh_keygen_t:s0 key=(null)␝ARCH=x86_64 SYSCALL=openat AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"

A workaround is to use /root/.ssh directory instead of just /root.

While at it, let's unify rootless user and key setup into a single place.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-04-17 16:16:31 -07:00
dependabot[bot] 5cfd1a62b3 build(deps): bump bats-core/bats-action from 3.0.0 to 3.0.1
Bumps [bats-core/bats-action](https://github.com/bats-core/bats-action) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/bats-core/bats-action/releases)
- [Commits](https://github.com/bats-core/bats-action/compare/3.0.0...3.0.1)

---
updated-dependencies:
- dependency-name: bats-core/bats-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-03-28 04:44:14 +00:00
Akihiro Suda 135552e5e4 CI: migrate Vagrant + Cirrus to Lima + GHA
- Unlike proprietary Vagrant, Lima remains to be an open source project
- GHA now natively supports nested virt on Linux runners

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2025-03-07 12:48:02 +09:00
Kir Kolyshkin 4244978687 CI: gha: rm ubuntu-20.04
There is an announce that Ubuntu 20.04 will be removed in April,
and in March there will be a few "brown-out" dates/times when
it won't work.

This leaves us with no other options than to remove ubuntu-20.04
from the testing matrix.

As a result, cgroup v1 testing will only be done on AlmaLinux 8
running on CirrusCI. It is probably going to be sufficient for
the time being (until we deprecate cgroup v1).

If not, our options are
 - run Ubuntu 20.04 (or other cgroup v1 distro) in a VM on GHA;
 - switch to cirrus-ci.

[1]: https://github.com/actions/runner-images/issues/11101

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-16 09:38:47 -08:00
Kir Kolyshkin 874207492e CI: add Go 1.24, drop go1.22
Also, bump golangci-lint to v1.64 (v1.64.2 added Go 1.24 support).

NOTE we still use Go 1.23.x for official builds.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-11 18:02:48 -08:00
Kir Kolyshkin f414b5349a CI: fix criu-dev compile
As of [1], criu requires uuid library.

[1]: https://github.com/checkpoint-restore/criu/pull/2550/commits/9a2b7d6b3baa2b3183489ed9cebece039f9f488f

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-01 13:27:41 -08:00
lifubang 871057d863 drop runc-dmz solution according to overlay solution
Because we have the overlay solution, we can drop runc-dmz binary
solution since it has too many limitations.

Signed-off-by: lifubang <lifubang@acmcoder.com>
2024-10-28 15:18:07 +00:00
dependabot[bot] f55957de35 build(deps): bump bats-core/bats-action from 2.1.1 to 3.0.0
Bumps [bats-core/bats-action](https://github.com/bats-core/bats-action) from 2.1.1 to 3.0.0.
- [Release notes](https://github.com/bats-core/bats-action/releases)
- [Commits](https://github.com/bats-core/bats-action/compare/2.1.1...3.0.0)

---
updated-dependencies:
- dependency-name: bats-core/bats-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-09-30 04:20:03 +00:00
Akhil Mohan 5b161e04ae update bats-action to 2.1.1
bats-action@2.1.1 supports:
- ubuntu 20.04
- cache key with multiple arch

Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
2024-09-25 20:39:36 +05:30
Akhil Mohan 35f999dded remove installation of unused bats support libs
bats-core/bats-action installs a few support libraries by default which are not used by
runc. Disable the installation, which will remove /usr/bin/tar: Permission denied errors.

Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
2024-09-25 11:31:44 +05:30
Akhil Mohan 8671a7dba9 ci: update to setup bats action from bats-core
mig4/setup-bats is now unmaintained(last commit in Sep 2021).
bats-core/bats-action can be used as a replacement maintained
by the bats-core team.

Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
2024-09-22 23:00:59 +05:30
Kir Kolyshkin 2cd24a4dae ci/gha: add all-done jobs
The sole reason is to simplify branch protection rules,
requiring just these to be passed.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-08-21 17:00:59 -07:00
Kir Kolyshkin adedeb993a ci/gha: add Go 1.23, drop 1.21
- drop Go 1.21;
- add Go 1.23;
- for a few jobs that were using Go 1.21, switch to 1.22;

Also, bump go to 1.22 in go.mod.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-08-14 20:39:15 +08:00
Kir Kolyshkin a3302f2054 ci: switch to go 1.22 as main version
Now when Go 1.22.4 is out it should no longer be a problem.

Leave Go 1.21 for CentOS testing (CentOS 7 and 8 have older glibc)
and Dockerfile (Debian 11 have older glibc).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 10:18:59 -07:00
Kir Kolyshkin 67f6c37bc2 ci/gha: switch to ubuntu 24.04
Let's replace ubuntu-22.04 with ubuntu-24.04 where we can, and keep
ubuntu-20.04 to test cgroup v1 stuff.

Leave ubuntu-22.04 for ci/cross-i386 (issue with systemctl restart hang
after apt install). This can be addressed separately later.

The only kludge we have to add is enable userns for runc binary being
tested (as userns is disabled by apparmor system-wide by default now,
see [1]).

[1] https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#unprivileged-user-namespace-restrictions-15

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-04 23:43:12 -07:00
Kir Kolyshkin baba55e278 ci/actuated: re-enable CRIU tests
They were failing earlier but are working now.

This includes a fix to criu repo path assignment so it works for actuated case.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-04-24 19:40:45 -07:00
Akihiro Suda 00238f5d2b CI: add actuated-arm64
See <https://actuated.dev/blog/arm-ci-cncf-ampere>.
Thanks to Alex Ellis, Ampere Computing, and Equinix.

Host information:
* CPU: aarch64 (ARMv8)
* Kernel: 5.10.201
  * Lacks ~CONFIG_CHECKPOINT_RESTORE~, CONFIG_BLK_CGROUP_IOCOST, etc.
* Cgroup: v2
* OS: Ubuntu 22.04
  * Lacks newuidmap, newgidmap, etc. (still apt-gettable)
  * sshd is not running

vmmeter is added from:
https://gist.github.com/alexellis/1f33e581c75e11e161fe613c46180771#file-metering-gha-md

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-04-24 17:22:33 +09:00
Akihiro Suda 30dc98f577 CI: run apt with -y
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-04-23 09:10:09 +09:00
Kir Kolyshkin 851e3882b7 ci/test: exclude some runc_nodmz jobs
1. Sort the list of matrix excludes in the order of matrix,
   add comments explaining why we disable some jobs.

2. Exclude some jobs:
 - runc_nodmz && go 1.20.x
 - runc_nodmz && -race

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-04-01 17:06:40 -07:00
Kir Kolyshkin ac31da6b80 ci/cross-i386: pin Go to 1.21.x
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-04-02 01:55:50 +11:00
dependabot[bot] e66ba70f50 build(deps): bump actions/setup-go from 4 to 5
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-07 04:18:24 +00:00
Kir Kolyshkin f944d7b653 ci/gha: fix downloading Release.key
Since today, the URL from download.opensuse.org started returning a
HTTP 302 redirect, so -L option for curl is needed to follow it.

While at it, remove apt-key as per its man page recommendation:

> Note: Instead of using this command a keyring should be placed
> directly in the /etc/apt/trusted.gpg.d/ directory with a descriptive
> name and either "gpg" or "asc" as file extension.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-10-19 21:12:30 -07:00
lifubang dac4171746 runc-dmz: reduce memfd binary cloning cost with small C binary
The idea is to remove the need for cloning the entire runc binary by
replacing the final execve() call of the container process with an
execve() call to a clone of a small C binary which just does an execve()
of its arguments.

This provides similar protection against CVE-2019-5736 but without
requiring a >10MB binary copy for each "runc init". When compiled with
musl, runc-dmz is 13kB (though unfortunately with glibc, it is 1.1MB
which is still quite large).

It should be noted that there is still a window where the container
processes could get access to the host runc binary, but because we set
ourselves as non-dumpable the container would need CAP_SYS_PTRACE (which
is not enabled by default in Docker) in order to get around the
proc_fd_access_allowed() checks. In addition, since Linux 4.10[1] the
kernel blocks access entirely for user namespaced containers in this
scenario. For those cases we cannot use runc-dmz, but most containers
won't have this issue.

This new runc-dmz binary can be opted out of at compile time by setting
the "runc_nodmz" buildtag, and at runtime by setting the RUNC_DMZ=legacy
environment variable. In both cases, runc will fall back to the classic
/proc/self/exe-based cloning trick. If /proc/self/exe is already a
sealed memfd (namely if the user is using contrib/cmd/memfd-bind to
create a persistent sealed memfd for runc), neither runc-dmz nor
/proc/self/exe cloning will be used because they are not necessary.

[1]: https://github.com/torvalds/linux/commit/bfedb589252c01fa505ac9f6f2a3d5d68d707ef4

Co-authored-by: lifubang <lifubang@acmcoder.com>
Signed-off-by: lifubang <lifubang@acmcoder.com>
[cyphar: address various review nits]
[cyphar: fix runc-dmz cross-compilation]
[cyphar: embed runc-dmz into runc binary and clone in Go code]
[cyphar: make runc-dmz optional, with fallback to /proc/self/exe cloning]
[cyphar: do not use runc-dmz when the container has certain privs]
Co-authored-by: Aleksa Sarai <cyphar@cyphar.com>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-09-22 15:38:19 +10:00
dependabot[bot] 2d0cd0b381 build(deps): bump actions/checkout from 3 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-05 04:50:22 +00:00
Kir Kolyshkin b22073c5fe ci/gha: add job timeouts
The default timeout is 360 minutes, which is way long for these jobs.
If the CI (or a test) has stuck, we'd better know about it earlier than
in 6 hours.

Set the timeouts for some [relatively] long running jobs conservatively:
 - test and release jobs usually take ~10 minutes;
 - lint job takes 1 minute (but can be a few times slower when we switch
   Go or golangci-lint version);
 - cross-386 job takes about 2 minutes;
 - the rest is seconds (and I am lazy to set timeouts everywhere).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-08-16 16:08:35 -07:00
Kir Kolyshkin 46d6089fb5 ci/gha: re-enable go caching
Since https://github.com/actions/setup-go/issues/368 is now fixed
(in https://github.com/actions/setup-go/releases/tag/v4.1.0), there
is no need to disable caching when using different distros.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-08-08 15:18:21 -07:00
Kir Kolyshkin 5741ea230a ci: add go 1.21, remove go 1.19
Go 1.21 is out, and go 1.19 is no longer supported.

This also fixes cirrus-ci failure.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-08-08 12:34:55 -07:00
Kir Kolyshkin c9209fd223 ci/gha: don't skip rootless+systemd on ubuntu 22.04
We used to skip testing rootless integration tests for systemd, because
in case of cgroup v1 it does not support user delegation.

Since we added ubuntu 22.04 to the testing matrix, we can actually test
rootless+systemd there (with the proper systemd setup).

Fixes: 953e1cc485
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-13 18:01:09 -07:00
Kir Kolyshkin da5cdfed7c ci/gha: fix cross-i386
As of today, installing fails with

> libc6:i386 : Depends: libgcc-s1:i386 but it is not going to be installed

Add the package explicitly to work around that.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-05-15 16:19:39 -07:00
Kir Kolyshkin b32655d2bc ci/gha: rm kludges for cross-i386 job
The first kludge is not needed since the switch to Ubuntu 22.04 in
commit 953e1cc48.

The second one is not needed since Go 1.20.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-05-15 15:13:25 -07:00
Kir Kolyshkin 13091eeefa ci: bump bats 1.8.2 -> 1.9.0
As Fedora 38 uses bats 1.9.0, let's switch to this version in other
places.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-26 18:56:37 -07:00
Kir Kolyshkin 953e1cc485 ci/gha: switch to or add ubuntu 22.04
For test jobs, add ubuntu 22.04 into the matrix, so we can test of both
cgroup v1 and v2.

For validate jobs, just switch to ubuntu 22.04

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-10 10:32:02 -07:00
Kir Kolyshkin 9dbb9f90b9 ci: bump bats 1.3.0 -> 1.8.2
This version is already used by Cirrus CI Fedora 37 job, but other CI
jobs are still using 1.3.0.

Bump it everywhere so we can enjoy new version features and fixes.

For one thing, I noticed that new bats is reporting error location
correctly.

We will also be able to use "run !" and "run -N" commands.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 15:22:23 -07:00
dependabot[bot] e3cf217cf1 build(deps): bump actions/setup-go from 3 to 4
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-16 05:11:04 +00:00
Austin Vazquez 5ecd40b9bd Add Go 1.20, require Go 1.19, drop Go 1.18
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2023-02-02 19:56:26 +00:00
Kir Kolyshkin b7dcdcecb4 Add go 1.19, require go 1.18, drop go 1.17
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-08-16 09:53:54 -07:00
Kir Kolyshkin 589a9d5082 ci/gha: fix cross-386 job vs go 1.19
When golang 1.19 is used to build unit tests on 386, it fails like this:

 sudo -E PATH="$PATH" -- make GOARCH=386 CGO_ENABLED=1 localunittest
 <...>
 go test -timeout 3m -tags "seccomp"  -v ./...
 <...>
 # github.com/opencontainers/runc/libcontainer/capabilities.test
 runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel
 runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel
 runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel
 runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel
 runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel
 runtime/cgo(.text): relocation target __stack_chk_fail_local not defined
 runtime/cgo(.text): relocation target __stack_chk_fail_local not defined

The fix is to add CGO_CFLAGS=-fno-stack-protector.

See also:
 - https://github.com/docker-library/golang/pull/426
 - https://go.dev/issue/52919
 - https://go.dev/issue/54313
 - https://go-review.googlesource.com/c/go/+/421935

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-08-10 18:43:52 -07:00
Kir Kolyshkin dafcacb522 Makefile: set CGO_ENABLED=1 when needed
It doesn't matter whether static or dynamic linking is used, runc
always needs libcontainer/nsenter, which is written in C and thus
requires cgo. Same is true for libcontainer/integration.

In addition, contrib/pkg/seccompagent also needs cgo (if seccomp build
tag is set), as it need to be linked against libseccomp C library.

By default, cgo is disabled when cross-compiling, meaning that
CGO_ENABLED=1 has to be set explicitly in such cases.

In all other cases (e.g. other contrib binaries) we do not need cgo.

Remove CGO_ENABLED=1 from GO_BUILD_STATIC (as it does not have anything
to do with static linking), and add it to all targets that require it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-11 17:23:45 -07:00
Sebastiaan van Stijn 255fe4099e Merge pull request #3445 from kolyshkin/gha-ro
ci/gha: limit jobs permissions
2022-04-22 20:44:37 +02:00
Kir Kolyshkin 66be704d02 ci/gha: remove stable: when installing Go
Since the recent bump of actions/setup-go to v3 (commit
9d2268b9db), specifying "stable:" is no longer needed
when we want to try a beta or rc version of Go.

Remove it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-04-11 17:14:13 -07:00
dependabot[bot] 9d2268b9db build(deps): bump actions/setup-go from 2 to 3
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-11 04:16:41 +00:00
Kir Kolyshkin 67e06706ef ci/gha: limit jobs permissions
Most jobs only require to read the repo. Some require to read PRs as
well.

For details, see
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

Reported-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-04-06 14:25:22 -07:00
Kir Kolyshkin 01f30162d2 ci/gha: run on main branch
Since we have renamed our default branch, GHA CI is no longer testing
it (see https://github.com/opencontainers/runc/actions).

Fix this.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-30 11:06:25 -07:00