Create CI workflow and update/fix failing testcases

.github/workflows/test-pr.yml

@@ -0,0 +1,60 @@
+name: Sysbox Tests
+
+on:
+  pull_request:
+    branches:
+      - master
+      - main
+    paths-ignore:
+      - '**.md'
+      - 'docs/**'
+      - 'LICENSE'
+      - 'MAINTAINERS'
+      - 'OSS_DISCLOSURES.md'
+
+jobs:
+  test:
+    name: Run Sysbox Tests
+    runs-on: ubuntu-22.04
+    timeout-minutes: 120
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          fetch-depth: 0
+
+      - name: Free up disk space
+        run: |
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf /opt/ghc
+          sudo rm -rf /usr/local/share/boost
+          sudo docker system prune -af
+          df -h
+
+      - name: Build test container image
+        run: |
+          make test-img
+
+      - name: Prepare test volumes
+        run: |
+          sudo mkdir -p /var/tmp/sysbox-test-var-lib
+          sudo mkdir -p /var/tmp/sysbox-test-scratch
+          sudo mkdir -p /var/tmp/sysbox-test-run-sysbox
+
+      - name: Run Sysbox CI tests in container
+        run: |
+          make test-sysbox-ci
+
+      - name: Collect logs on failure
+        if: failure()
+        run: |
+          docker logs sysbox-test 2>&1 | tail -n 1000 || true
+          docker ps -a
+
+      - name: Cleanup
+        if: always()
+        run: |
+          make test-cleanup || true
+          docker system prune -a -f || true

tests/kind/kind-custom-net.bats

@@ -28,7 +28,7 @@ export num_workers=2
 export KUBECONFIG=${HOME}/.kube/${cluster}-config
 
 # Cluster's node image.
-export k8s_version="v1.21.12"
+export k8s_version="v1.32.9"
 export node_image="${CTR_IMG_REPO}/k8s-node-test:${k8s_version}"
 
 function teardown() {

tests/pods/k8s-in-pod.bats

@@ -50,7 +50,7 @@ function teardown() {
 	crictl exec $k8s_worker_syscont sh -c 'echo "127.0.0.1 localhost" > /etc/hosts'
 
 	# Initialize the K8s master pod
-	crictl exec $k8s_master_syscont sh -c "kubeadm init --kubernetes-version=v1.21.12 --pod-network-cidr=10.244.0.0/16"
+	crictl exec $k8s_master_syscont sh -c "kubeadm init --kubernetes-version=v1.32.9 --pod-network-cidr=10.244.0.0/16"
 
 	# Configure kubectl to talk to inner K8s cluster
 	crictl_kubectl_config $k8s_master_syscont "inner-cluster"

tests/pods/manifests/k8s-master-container.json

@@ -3,7 +3,7 @@
       "name": "k8s-master"
   },
   "image":{
-      "image": "ghcr.io/nestybox/k8s-node-test:v1.21.12"
+      "image": "ghcr.io/nestybox/k8s-node-test:v1.32.9"
   },
   "command": [
       "/sbin/init"

tests/pods/manifests/k8s-worker-container.json

@@ -3,7 +3,7 @@
       "name": "k8s-worker"
   },
   "image":{
-      "image": "ghcr.io/nestybox/k8s-node-test:v1.21.12"
+      "image": "ghcr.io/nestybox/k8s-node-test:v1.32.9"
   },
   "command": [
       "/sbin/init"

tests/scr/kindbox

@@ -173,6 +173,29 @@ function flannel_unconfig() {
   fi
 }
 
+function coredns_fix_loop() {
+  local node=$1
+  local output
+
+  # Fix CoreDNS loop detection issue by forwarding to external DNS (8.8.8.8) instead
+  # of /etc/resolv.conf. This is specific to running Kubernetes inside containers (like
+  # our kindbox setup) because the container's /etc/resolv.conf doesn't point to real
+  # external nameservers; instead, it points to Docker's internal DNS or localhost, which
+  # eventually loops back to CoreDNS itself.
+  output=$(sh -c "docker exec ${node} sh -c 'kubectl get configmap coredns -n kube-system -o yaml | sed \"s|forward . /etc/resolv.conf|forward . 8.8.8.8 8.8.4.4|g\" | kubectl apply -f -'" 2>&1)
+  if [[ $? -ne 0 ]]; then
+    echo "$output"
+    return 1
+  fi
+
+  # Restart CoreDNS pods to apply the new configuration.
+  output=$(sh -c "docker exec ${node} sh -c 'kubectl delete pods -n kube-system -l k8s-app=kube-dns'" 2>&1)
+  if [[ $? -ne 0 ]]; then
+    echo "$output"
+    return 1
+  fi
+}
+
 function weave_config() {
   local node=$1
   local output
@@ -339,6 +362,15 @@ function k8s_master_init() {
    return 1
   fi
 
+  [[ $VERBOSE ]] && printf "  - Fixing CoreDNS loop detection on $node ...\n"
+
+  # Required to fix DNS forwarding loop
+  output=$(coredns_fix_loop ${node})
+  if [[ $? -ne 0 ]]; then
+   ERR="coredns fix failed on ${node}: ${output}"
+   return 1
+  fi
+
   [[ $VERBOSE ]] && printf "  - Waiting for $node to be ready ...\n"
 
   output=$(wait_for_node_ready ${node})

tests/scr/testSysbox

@@ -89,7 +89,7 @@ function run_ci_tests() {
 	printf "\nExecuting multi-arch tests ... \n"
 	bats --tap tests/multi-arch
 	printf "\nExecuting buildx + buildkit tests ... \n"
-	bats --tap tests/buildx/basic.bats
+	bats --tap tests/buildx/build.bats
 	printf "\nExecuting xattr syscall tests ... \n"
 	bats --tap tests/syscall/xattr
 	printf "\nExecuting basic mount syscall-interception tests ... \n"
@@ -358,14 +358,19 @@ function main() {
 		fi
 
 		test_with_idmapped_and_shiftfs
-		test_with_idmapped_only
-		test_with_shiftfs_only
-		test_with_rootfs_cloning
-		test_with_containerd_image_store
-		test_with_docker_userns_remap
+
+		# Skip all this scenarios when running CI workflows to keep execution time
+		# under 1h.
+		if [ -z "$TEST_SYSBOX_CI" ]; then
+			test_with_idmapped_only
+			test_with_shiftfs_only
+			test_with_rootfs_cloning
+			test_with_containerd_image_store
+			test_with_docker_userns_remap
+		fi
+
 		test_sysbox_config
 		test_sysbox_lifecycle
-
 	fi
 }