backport of commit cfaad7f700 (#22956)

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2025-10-30 02:02:43 +00:00 · 2023-09-12 10:23:42 -04:00
parent b3ca25ea3d
commit 1425c89f3f
1 changed files with 30 additions and 0 deletions
--- a/.github/workflows/test-go.yml
+++ b/.github/workflows/test-go.yml
@@ -255,6 +255,36 @@ jobs:
          GOPRIVATE: github.com/hashicorp/*
        run: time make ci-bootstrap dev
      - uses: ./.github/actions/set-up-gotestsum
+      - name: Install gVisor
+        # Enterprise repo runners do not allow sudo, so can't install gVisor there yet.
+        if: ${{ !inputs.enterprise }}
+        run: |
+          (
+            set -e
+            ARCH="$(uname -m)"
+            URL="https://storage.googleapis.com/gvisor/releases/release/latest/${ARCH}"
+            wget --quiet "${URL}/runsc" "${URL}/runsc.sha512" \
+              "${URL}/containerd-shim-runsc-v1" "${URL}/containerd-shim-runsc-v1.sha512"
+            sha512sum -c runsc.sha512 \
+              -c containerd-shim-runsc-v1.sha512
+            rm -f -- *.sha512
+            chmod a+rx runsc containerd-shim-runsc-v1
+            sudo mv runsc containerd-shim-runsc-v1 /usr/local/bin
+          )
+          sudo tee /etc/docker/daemon.json <<EOF
+          {
+            "runtimes": {
+              "runsc": {
+                "path": "/usr/local/bin/runsc",
+                "runtimeArgs": [
+                  "--host-uds=all",
+                  "--host-fifo=open"
+                ]
+              }
+            }
+          }
+          EOF
+          sudo systemctl reload docker
      - id: run-go-tests
        name: Run Go tests
        timeout-minutes: ${{ fromJSON(env.TIMEOUT_IN_MINUTES) }}