Skip to content

[release/1.7] Update runc binary to v1.2.5#11395

Merged
estesp merged 1 commit intocontainerd:release/1.7from
k8s-infra-cherrypick-robot:cherry-pick-11388-to-release/1.7
Feb 19, 2025
Merged

[release/1.7] Update runc binary to v1.2.5#11395
estesp merged 1 commit intocontainerd:release/1.7from
k8s-infra-cherrypick-robot:cherry-pick-11388-to-release/1.7

Conversation

@k8s-infra-cherrypick-robot
Copy link

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot commented Feb 17, 2025

This is an automated cherry-pick of #11388

/assign thaJeztah

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Feb 17, 2025
Merged
@k8s-ci-robot
Copy link

k8s-ci-robot commented Feb 17, 2025

Hi @k8s-infra-cherrypick-robot. Thanks for your PR.

I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

thaJeztah
thaJeztah approved these changes Feb 17, 2025
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thaJeztah
Copy link
Member

thaJeztah commented Feb 17, 2025

Looks like golangci-lint config is borked in this branch 😢

cc @austinvazquez in case you're near a computer to have a peek

Error: Failed to run: Error: Command failed: /home/runner/golangci-lint-1.60.3-linux-arm64/golangci-lint config verify
jsonschema: "run" does not validate with "/properties/run/additionalProperties": additionalProperties 'skip-dirs' not allowed
Failed executing command with error: the configuration contains invalid elements
, Error: Command failed: /home/runner/golangci-lint-1.60.3-linux-arm64/golangci-lint config verify
jsonschema: "run" does not validate with "/properties/run/additionalProperties": additionalProperties 'skip-dirs' not allowed
Failed executing command with error: the configuration contains invalid elements

@thaJeztah
Copy link
Member

thaJeztah commented Feb 17, 2025

Maybe it needs an updated version, as it looks to be quite behind

@austinvazquez
Copy link
Member

austinvazquez commented Feb 17, 2025

That's an odd error. My instinct is this is related to a golang-lint-action release over the past few days because release/1.7 and release/1.6 are using floating tag syntax in CI. i.e.

containerd/.github/workflows/ci.yml

Line 36 in 12f214a

- uses: golangci/golangci-lint-action@v6

@thaJeztah
Copy link
Member

thaJeztah commented Feb 17, 2025

Hmm, possibly? I was looking at the version of the linter itself, but perhaps it's the action yes;

containerd/.github/workflows/ci.yml

Line 39 in 12f214a

version: v1.60.3

@djdongjin
Copy link
Member

djdongjin commented Feb 18, 2025

Made #11400 which should fix this on 1.7 branch. The issuse is because the latest golangci-lint action version (v6.5.0) enabled json schema check, which exposed a deprecated field that has been removed in the golangci-lint version (v1.60.3) we use. cc @thaJeztah @austinvazquez

The 1.6 branch doesn't have this issue because we're using a pretty old golangci-lint version which hasn't removed this deprecated field.

@klihub klihub mentioned this pull request Feb 18, 2025
Merged
@thaJeztah thaJeztah closed this Feb 18, 2025
@thaJeztah thaJeztah reopened this Feb 18, 2025
@klihub
Copy link
Member

klihub commented Feb 19, 2025

@thaJeztah Rebasing this on latest release/1.7/HEAD should fix those CI lint errors. If we can't force the bot to do it, maybe we should just close this and file a new one with the same cherry-picked commit.

@austinvazquez @estesp
Update runc binary to v1.2.5
27c472a 
This is the fifth patch release in the 1.2.z series of runc. It
primarily fixes an issue caused by an upstream systemd bug.

There was a regression in systemd v230 which made the way we define device
rule restrictions require a systemctl daemon-reload for our transient
units. This caused issues for workloads using NVIDIA GPUs. Workaround the
upstream regression by re-arranging how the unit properties are defined.
Dependency github.com/cyphar/filepath-securejoin is updated to v0.4.1,
to allow projects that vendor runc to bump it as well.
CI: fixed criu-dev compilation.
Dependency golang.org/x/net is updated to 0.33.0.

diff: opencontainers/runc@v1.2.4...v1.2.5

Signed-off-by: Austin Vazquez <macedonv@amazon.com>
@estesp estesp force-pushed the cherry-pick-11388-to-release/1.7 branch from 4fd59b0 to 27c472a Compare February 19, 2025 15:47
@estesp estesp merged commit e9ea1c5 into containerd:release/1.7 Feb 19, 2025
57 checks passed
@thaJeztah
Copy link
Member

thaJeztah commented Feb 19, 2025

Thanks for bringing this in; sorry, had a busy day 🙈

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@estesp estesp estesp approved these changes

@thaJeztah thaJeztah thaJeztah approved these changes

Assignees

@thaJeztah thaJeztah

Labels

impact/changelog ok-to-test size/XS

Projects

Pull Request Review
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@k8s-infra-cherrypick-robot @k8s-ci-robot @thaJeztah @austinvazquez @djdongjin @klihub @estesp