forgejo-runner-optimiser/test/docker/docker-compose.yaml

# Docker Compose test setup for cgroup grouping verification
# Run with: docker compose -f test/docker/docker-compose.yaml up
#
# NOTE: Docker Compose doesn't have a direct equivalent to K8s shareProcessNamespace.
# Options:
#   1. pid: "host" - sees ALL host processes (not container-specific)
#   2. pid: "service:<name>" - chains PID namespace to another service
#
# For proper testing, use Kubernetes or run containers manually with --pid=container:<id>

services:
  # Simulate a runner workload (this will be the "root" of the shared PID namespace)
  # Uses 'cat' reading from a fifo as a unique identifiable process
  runner:
    image: busybox:latest
    command:
      - /bin/sh
      - -c
      - |
        echo "Runner started (PID 1 in namespace)"
        mkfifo /tmp/runner_fifo
        # 'cat' will be our identifiable runner process (blocks on fifo)
        cat /tmp/runner_fifo &
        CAT_PID=$!
        # Generate CPU load with dd
        while true; do
          dd if=/dev/zero of=/dev/null bs=1M count=50 2>/dev/null
        done
    deploy:
      resources:
        limits:
          cpus: "0.5"
          memory: 256M
    # This container owns the PID namespace

  # Simulate a sidecar service - shares PID namespace with runner
  sidecar:
    image: busybox:latest
    command:
      - /bin/sh
      - -c
      - |
        echo "Sidecar started"
        # List processes to verify shared namespace
        ps aux
        while true; do
          sleep 10
        done
    deploy:
      resources:
        limits:
          cpus: "0.1"
          memory: 128M
    pid: "service:runner"  # Share PID namespace with runner
    depends_on:
      - runner

  # Resource collector - shares PID namespace with runner
  collector:
    build:
      context: ../..
      dockerfile: Dockerfile
      target: collector
    command:
      - --interval=3s
      - --top=5
      - --log-format=json
    environment:
      # Map unique process names to container names
      # 'cat' runs only in runner, 'sleep' runs only in sidecar
      CGROUP_PROCESS_MAP: '{"cat":"runner","sleep":"sidecar","resource-collec":"collector"}'
      CGROUP_LIMITS: '{"runner":{"cpu":"500m","memory":"256Mi"},"sidecar":{"cpu":"100m","memory":"128Mi"},"collector":{"cpu":"100m","memory":"64Mi"}}'
    deploy:
      resources:
        limits:
          cpus: "0.1"
          memory: 64M
    pid: "service:runner"  # Share PID namespace with runner
    depends_on:
      - runner
      - sidecar
feat(collector): group CPU and memory metrics by cgroup Add cgroup-based process grouping to the resource collector. Processes are grouped by their cgroup path, with container names resolved via configurable process-to-container mapping. New features: - Read cgroup info from /proc/[pid]/cgroup (supports v1 and v2) - Parse K8s resource notation (500m, 1Gi, etc.) for CPU/memory limits - Group metrics by container using CGROUP_PROCESS_MAP env var - Calculate usage percentages against limits from CGROUP_LIMITS env var - Output cgroup metrics with CPU cores used, memory RSS, and percentages Environment variables: - CGROUP_PROCESS_MAP: Map process names to container names for discovery - CGROUP_LIMITS: Define CPU/memory limits per container in K8s notation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-02-06 14:50:36 +01:00			`# Docker Compose test setup for cgroup grouping verification`
			`# Run with: docker compose -f test/docker/docker-compose.yaml up`
			`#`
			`# NOTE: Docker Compose doesn't have a direct equivalent to K8s shareProcessNamespace.`
			`# Options:`
			`# 1. pid: "host" - sees ALL host processes (not container-specific)`
			`# 2. pid: "service:<name>" - chains PID namespace to another service`
			`#`
			`# For proper testing, use Kubernetes or run containers manually with --pid=container:<id>`

			`services:`
			`# Simulate a runner workload (this will be the "root" of the shared PID namespace)`
			`# Uses 'cat' reading from a fifo as a unique identifiable process`
			`runner:`
			`image: busybox:latest`
			`command:`
			`- /bin/sh`
			`- -c`
			`- \|`
			`echo "Runner started (PID 1 in namespace)"`
			`mkfifo /tmp/runner_fifo`
			`# 'cat' will be our identifiable runner process (blocks on fifo)`
			`cat /tmp/runner_fifo &`
			`CAT_PID=$!`
			`# Generate CPU load with dd`
			`while true; do`
			`dd if=/dev/zero of=/dev/null bs=1M count=50 2>/dev/null`
			`done`
			`deploy:`
			`resources:`
			`limits:`
			`cpus: "0.5"`
			`memory: 256M`
			`# This container owns the PID namespace`

			`# Simulate a sidecar service - shares PID namespace with runner`
			`sidecar:`
			`image: busybox:latest`
			`command:`
			`- /bin/sh`
			`- -c`
			`- \|`
			`echo "Sidecar started"`
			`# List processes to verify shared namespace`
			`ps aux`
			`while true; do`
			`sleep 10`
			`done`
			`deploy:`
			`resources:`
			`limits:`
			`cpus: "0.1"`
			`memory: 128M`
			`pid: "service:runner" # Share PID namespace with runner`
			`depends_on:`
			`- runner`

			`# Resource collector - shares PID namespace with runner`
			`collector:`
			`build:`
			`context: ../..`
			`dockerfile: Dockerfile`
			`target: collector`
			`command:`
			`- --interval=3s`
			`- --top=5`
			`- --log-format=json`
			`environment:`
			`# Map unique process names to container names`
			`# 'cat' runs only in runner, 'sleep' runs only in sidecar`
			`CGROUP_PROCESS_MAP: '{"cat":"runner","sleep":"sidecar","resource-collec":"collector"}'`
			`CGROUP_LIMITS: '{"runner":{"cpu":"500m","memory":"256Mi"},"sidecar":{"cpu":"100m","memory":"128Mi"},"collector":{"cpu":"100m","memory":"64Mi"}}'`
			`deploy:`
			`resources:`
			`limits:`
			`cpus: "0.1"`
			`memory: 64M`
			`pid: "service:runner" # Share PID namespace with runner`
			`depends_on:`
			`- runner`
			`- sidecar`