ci: add integration tests

.github/.tool-versions

@@ -0,0 +1,3 @@
+golang 1.25.5
+kernel 6.12.46
+containerd 2.2.0

.github/actions/build-kernel/action.yml

@@ -0,0 +1,120 @@
+name: "Build Kernel"
+description: "Reusable workflow to build Linux kernels"
+inputs:
+  kernel_version:
+    description: 'Kernel version to build'
+    required: true
+    default: '6.12.46'
+  kernel_arch:
+    description: 'Kernel architecture to build'
+    required: true
+    default: 'x86_64'
+  kernel_nproc:
+    description: 'Number of parallel build processes'
+    required: false
+    # Public runners provide 4 cores; default to that to avoid overloading
+    # https://docs.github.com/en/actions/reference/runners/github-hosted-runners#standard-github-hosted-runners-for-public-repositories
+    default: '4'
+
+runs:
+  using: composite
+  steps:
+    - name: Checkout code
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435  # v3.11.1
+
+    - name: Calculate kernel cache key
+      id: cache-key
+      shell: bash
+      run: |
+          # Hash the kernel config and patches to create a unique cache key
+          CONFIG_FILE="kernel/config-${{ inputs.kernel_version }}-${{ inputs.kernel_arch }}"
+
+          if [ ! -f "$CONFIG_FILE" ]; then
+            echo "Error: Kernel config file $CONFIG_FILE not found"
+            exit 1
+          fi
+
+          # Calculate hash of config file and all patches
+          CONFIG_HASH=$(sha256sum "$CONFIG_FILE" | cut -d' ' -f1)
+          PATCHES_HASH=$(find kernel/patches -type f -name "*.patch" -exec sha256sum {} \; | sort | sha256sum | cut -d' ' -f1)
+
+          # Combine version, arch, config hash, and patches hash
+          CACHE_KEY="kernel-${{ inputs.kernel_version }}-${{ inputs.kernel_arch }}-${CONFIG_HASH:0:8}-${PATCHES_HASH:0:8}"
+
+          echo "cache-key=${CACHE_KEY}" >> $GITHUB_OUTPUT
+          echo "config-hash=${CONFIG_HASH:0:8}" >> $GITHUB_OUTPUT
+          echo "patches-hash=${PATCHES_HASH:0:8}" >> $GITHUB_OUTPUT
+
+          echo "Kernel cache key: ${CACHE_KEY}"
+          echo "Config hash: ${CONFIG_HASH:0:8}"
+          echo "Patches hash: ${PATCHES_HASH:0:8}"
+
+    - name: Check cache for existing kernel
+      id: cache-kernel
+      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57  # v4.2.0
+      with:
+        path: _output/nerdbox-kernel-${{ inputs.kernel_arch }}
+        key: ${{ steps.cache-key.outputs.cache-key }}
+        lookup-only: true
+
+    - name: Build kernel
+      if: steps.cache-kernel.outputs.cache-hit != 'true'
+      shell: bash
+      run: |
+        docker buildx bake kernel \
+          --set kernel.args.KERNEL_VERSION=${{ inputs.kernel_version }} \
+          --set kernel.args.KERNEL_ARCH=${{ inputs.kernel_arch }} \
+          --set kernel.args.KERNEL_NPROC=${{ inputs.kernel_nproc }}
+
+    - name: Verify kernel artifact
+      if: steps.cache-kernel.outputs.cache-hit != 'true'
+      shell: bash
+      run: |
+        kernel_file="_output/nerdbox-kernel-${{ inputs.kernel_arch }}"
+        if [ ! -f "$kernel_file" ]; then
+          echo "Error: Kernel file $kernel_file not found after build"
+          exit 1
+        fi
+
+        echo "Kernel built successfully:"
+        ls -lh "$kernel_file"
+        file "$kernel_file"
+
+    - name: Save kernel to cache
+      if: steps.cache-kernel.outputs.cache-hit != 'true'
+      uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57  # v4.2.0
+      with:
+        path: _output/nerdbox-kernel-${{ inputs.kernel_arch }}
+        key: ${{ steps.cache-key.outputs.cache-key }}
+
+    - name: Upload kernel artifact
+      if: steps.cache-kernel.outputs.cache-hit != 'true'
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
+      with:
+        name: nerdbox-kernel-${{ inputs.kernel_version }}-${{ inputs.kernel_arch }}
+        path: _output/nerdbox-kernel-${{ inputs.kernel_arch }}
+        retention-days: 90
+        if-no-files-found: error
+
+    - name: Cache summary
+      shell: bash
+      run: |
+        echo "## Kernel Build Summary" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "- **Version**: ${{ inputs.kernel_version }}" >> $GITHUB_STEP_SUMMARY
+        echo "- **Architecture**: ${{ inputs.kernel_arch }}" >> $GITHUB_STEP_SUMMARY
+        echo "- **Cache Key**: \`${{ steps.cache-key.outputs.cache-key }}\`" >> $GITHUB_STEP_SUMMARY
+        echo "- **Config Hash**: ${{ steps.cache-key.outputs.config-hash }}" >> $GITHUB_STEP_SUMMARY
+        echo "- **Patches Hash**: ${{ steps.cache-key.outputs.patches-hash }}" >> $GITHUB_STEP_SUMMARY
+        echo "- **Cache Hit**: ${{ steps.cache-kernel.outputs.cache-hit == 'true' && '✅ Yes (reused existing)' || '❌ No (built from scratch)' }}" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        if [ -f "_output/nerdbox-kernel-${{ inputs.kernel_arch }}" ]; then
+          echo "### Kernel Details" >> $GITHUB_STEP_SUMMARY
+          echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+          ls -lh "_output/nerdbox-kernel-${{ inputs.kernel_arch }}" >> $GITHUB_STEP_SUMMARY
+          file "_output/nerdbox-kernel-${{ inputs.kernel_arch }}" >> $GITHUB_STEP_SUMMARY
+          echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+        fi

.github/actions/setup-containerd/action.yml

@@ -0,0 +1,134 @@
+name: "Setup containerd"
+description: "Downloads and installs containerd for use in the workflow"
+inputs:
+  containerd_version:
+    description: 'Version of containerd to install'
+    required: false
+    default: '2.0.2'
+  architecture:
+    description: 'Architecture for containerd binary (amd64, arm64)'
+    required: false
+    default: 'amd64'
+
+runs:
+  using: "composite"
+  steps:
+    - name: Download containerd
+      shell: bash
+      run: |
+        VERSION="${{ inputs.containerd_version }}"
+        ARCH="${{ inputs.architecture }}"
+
+        echo "Downloading containerd v${VERSION} for ${ARCH}..."
+
+        # Construct download URL
+        TARBALL="containerd-${VERSION}-linux-${ARCH}.tar.gz"
+        URL="https://github.com/containerd/containerd/releases/download/v${VERSION}/${TARBALL}"
+
+        # Download containerd
+        curl -fsSL -o "/tmp/${TARBALL}" "${URL}"
+
+        echo "Downloaded containerd tarball to /tmp/${TARBALL}"
+        ls -lh "/tmp/${TARBALL}"
+
+    - name: Install containerd
+      shell: bash
+      run: |
+        VERSION="${{ inputs.containerd_version }}"
+        ARCH="${{ inputs.architecture }}"
+        TARBALL="containerd-${VERSION}-linux-${ARCH}.tar.gz"
+
+        echo "Installing containerd..."
+
+        # Extract binaries to /usr/local
+        sudo tar -C /usr/local -xzf "/tmp/${TARBALL}"
+
+        # Verify installation
+        echo "Verifying containerd installation..."
+        containerd --version
+        ctr --version
+
+        echo "Containerd installed successfully at:"
+        which containerd
+        which ctr
+
+    - name: Setup containerd config
+      shell: bash
+      run: |
+        echo "Creating containerd config directory..."
+        sudo mkdir -p /etc/containerd
+
+        # Generate default config
+        echo "Generating default containerd config..."
+        sudo containerd config default | sudo tee /etc/containerd/config.toml
+
+        echo "Containerd config created at /etc/containerd/config.toml"
+
+    - name: Create containerd log directory
+      shell: bash
+      run: |
+        echo "Creating log directory for containerd..."
+        sudo mkdir -p /var/log/containerd
+        sudo chmod 755 /var/log/containerd
+
+    - name: Start containerd
+      shell: bash
+      run: |
+        echo "Starting containerd..."
+
+        # Start containerd in background with logging
+        sudo nohup containerd > /var/log/containerd/containerd.log 2>&1 &
+        CONTAINERD_PID=$!
+
+        echo "Containerd started with PID: $CONTAINERD_PID"
+
+        # Save PID for cleanup
+        echo "$CONTAINERD_PID" | sudo tee /var/run/containerd.pid
+
+        # Wait for containerd to be ready
+        echo "Waiting for containerd to be ready..."
+        for i in {1..30}; do
+          if sudo ctr version >/dev/null 2>&1; then
+            echo "Containerd is ready!"
+            break
+          fi
+          if [ $i -eq 30 ]; then
+            echo "Error: Containerd failed to start within 30 seconds"
+            echo "Containerd logs:"
+            sudo cat /var/log/containerd/containerd.log
+            exit 1
+          fi
+          echo "Waiting... ($i/30)"
+          sleep 1
+        done
+
+        # Verify containerd is running
+        sudo ctr version
+        echo "Containerd is running successfully"
+
+    - name: Installation summary
+      shell: bash
+      run: |
+        echo "## Containerd Setup Summary" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "- **Version**: ${{ inputs.containerd_version }}" >> $GITHUB_STEP_SUMMARY
+        echo "- **Architecture**: ${{ inputs.architecture }}" >> $GITHUB_STEP_SUMMARY
+        echo "- **Status**: ✅ Running" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "### Installed Binaries" >> $GITHUB_STEP_SUMMARY
+        echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+        containerd --version >> $GITHUB_STEP_SUMMARY
+        ctr --version >> $GITHUB_STEP_SUMMARY
+        echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "### Binary Locations" >> $GITHUB_STEP_SUMMARY
+        echo "- containerd: \`$(which containerd)\`" >> $GITHUB_STEP_SUMMARY
+        echo "- ctr: \`$(which ctr)\`" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "### Process Info" >> $GITHUB_STEP_SUMMARY
+        echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+        ps aux | grep containerd | grep -v grep >> $GITHUB_STEP_SUMMARY || echo "No containerd processes found" >> $GITHUB_STEP_SUMMARY
+        echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
+        echo "### Logs" >> $GITHUB_STEP_SUMMARY
+        echo "Containerd logs are available at: \`/var/log/containerd/containerd.log\`" >> $GITHUB_STEP_SUMMARY

.github/workflows/build-kernel.yml

@@ -0,0 +1,42 @@
+name: Build Kernel
+
+on:
+  workflow_dispatch:
+    inputs:
+      kernel_version:
+        description: 'Kernel version to build'
+        required: true
+        default: '6.12.46'
+      kernel_nproc:
+        description: 'Number of parallel build processes'
+        required: false
+        # Public runners provide 4 cores; default to that to avoid overloading
+        # https://docs.github.com/en/actions/reference/runners/github-hosted-runners#standard-github-hosted-runners-for-public-repositories
+        default: '4'
+
+permissions:
+  contents: read
+
+jobs:
+  build-kernel:
+    name: Build Kernel ${{ inputs.kernel_version }}-${{ matrix.kernel_arch }}
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            kernel_arch: x86_64
+          - os: ubuntu-24.04-arm
+            kernel_arch: arm64
+
+    steps:
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
+
+      - uses: ./.github/actions/build-kernel
+        with:
+          kernel_version: ${{ inputs.kernel_version }}
+          kernel_arch: ${{ matrix.kernel_arch }}
+          kernel_nproc: ${{ inputs.kernel_nproc }}