summaryrefslogtreecommitdiff
path: root/.cirrus.yml
diff options
context:
space:
mode:
Diffstat (limited to '.cirrus.yml')
-rw-r--r--.cirrus.yml104
1 files changed, 48 insertions, 56 deletions
diff --git a/.cirrus.yml b/.cirrus.yml
index 6071a6fa7..eda03bf23 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -46,7 +46,7 @@ env:
#### Control variables that determine what to run and how to run it.
#### N/B: Required ALL of these are set for every single task.
####
- TEST_FLAVOR: # int, sys, ext_svc, smoke, automation, etc.
+ TEST_FLAVOR: # int, sys, ext_svc, validate, automation, etc.
TEST_ENVIRON: host # 'host' or 'container'
PODBIN_NAME: podman # 'podman' or 'remote'
PRIV_NAME: root # 'root' or 'rootless'
@@ -78,6 +78,25 @@ ext_svc_check_task:
env:
TEST_FLAVOR: ext_svc
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
+ # NOTE: The default way Cirrus-CI clones is *NOT* compatible with
+ # environment expectations in contrib/cirrus/lib.sh. Specifically
+ # the 'origin' remote must be defined, and all remote branches/tags
+ # must be available for reference from CI scripts.
+ clone_script: &full_clone |
+ cd /
+ rm -rf $CIRRUS_WORKING_DIR
+ mkdir -p $CIRRUS_WORKING_DIR
+ git clone --recursive --branch=$DEST_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR
+ cd $CIRRUS_WORKING_DIR
+ git remote update origin
+ if [[ -n "$CIRRUS_PR" ]]; then # running for a PR
+ git fetch origin pull/$CIRRUS_PR/head:pull/$CIRRUS_PR
+ git checkout pull/$CIRRUS_PR
+ else
+ git reset --hard $CIRRUS_CHANGE_IN_REPO
+ fi
+ make install.tools
+
setup_script: &setup '$GOSRC/$SCRIPT_BASE/setup_environment.sh'
main_script: &main '/usr/bin/time --verbose --output="$STATS_LOGFILE" $GOSRC/$SCRIPT_BASE/runner.sh'
always: &runner_stats
@@ -97,43 +116,7 @@ automation_task:
TEST_FLAVOR: automation
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
TEST_ENVIRON: container
- setup_script: *setup
- main_script: *main
- always: *runner_stats
-
-
-# This task use to be called 'gating', however that name is being
-# used downstream for release testing. Renamed this to avoid confusion.
-# All it does is run basic golang formatting and commit validation checks.
-smoke_task:
- alias: 'smoke'
- name: "Smoke Test"
- skip: *branches_and_tags
- container: &bigcontainer
- image: ${CTR_FQIN}
- # Leave some resources for smallcontainer
- cpu: 6
- memory: 22
- env:
- TEST_FLAVOR: 'smoke'
- CTR_FQIN: "${FEDORA_CONTAINER_FQIN}"
- TEST_ENVIRON: container
- # This clone script is also used to initially populate gopath_cache (below)
- clone_script: &full_clone |
- cd /
- rm -rf $CIRRUS_WORKING_DIR
- mkdir -p $CIRRUS_WORKING_DIR
- git clone --recursive --branch=$DEST_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR
- cd $CIRRUS_WORKING_DIR
- git remote update origin
- if [[ -n "$CIRRUS_PR" ]]; then # running for a PR
- git fetch origin pull/$CIRRUS_PR/head:pull/$CIRRUS_PR
- git checkout pull/$CIRRUS_PR
- else
- git reset --hard $CIRRUS_CHANGE_IN_REPO
- fi
- cd $CIRRUS_WORKING_DIR
- make install.tools
+ clone_script: *full_clone
setup_script: *setup
main_script: *main
always: *runner_stats
@@ -211,11 +194,15 @@ build_task:
validate_task:
name: "Validate $DISTRO_NV Build"
alias: validate
- skip: *tags
+ # This task is primarily intended to catch human-errors early on, in a
+ # PR. Skip it for branch-push, branch-create, and tag-push to improve
+ # automation reliability/speed in those contexts. Any missed errors due
+ # to nonsequential PR merging practices, will be caught on a future PR,
+ # build or test task failures.
+ skip: *branches_and_tags
depends_on:
- ext_svc_check
- automation
- - smoke
- build
# golangci-lint is a very, very hungry beast.
gce_instance: &bigvm
@@ -254,20 +241,27 @@ bindings_task:
always: *runner_stats
-# Build the "libpod" API documentation `swagger.yaml` for eventual
-# publishing along side the official podman documentation.
+# Build the "libpod" API documentation `swagger.yaml` and
+# publish it to google-cloud-storage (GCS).
swagger_task:
name: "Test Swagger"
alias: swagger
depends_on:
- build
- container: *smallcontainer
+ gce_instance: *standardvm
env:
<<: *stdenvars
TEST_FLAVOR: swagger
- TEST_ENVIRON: container
- CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
- clone_script: *full_clone # build-cache not available to container tasks
+ # TODO: Due to podman 3.0 activity (including new images), avoid
+ # disturbing the status-quo just to incorporate this one new
+ # container image. Uncomment line below when CI activities normalize.
+ #CTR_FQIN: 'quay.io/libpod/gcsupld:${IMAGE_SUFFIX}'
+ CTR_FQIN: 'quay.io/libpod/gcsupld:c4813063494828032'
+ GCPJSON: ENCRYPTED[927dc01e755eaddb4242b0845cf86c9098d1e3dffac38c70aefb1487fd8b4fe6dd6ae627b3bffafaba70e2c63172664e]
+ GCPNAME: ENCRYPTED[c145e9c16b6fb88d476944a454bf4c1ccc84bb4ecaca73bdd28bdacef0dfa7959ebc8171a27b2e4064d66093b2cdba49]
+ GCPPROJECT: 'libpod-218412'
+ gopath_cache: *ro_gopath_cache
+ clone_script: *noop # Comes from cache
setup_script: *setup
main_script: *main
always: *binary_artifacts
@@ -335,7 +329,7 @@ static_alt_build_task:
- build
# Community-maintained task, may fail on occasion. If so, uncomment
# the next line and file an issue with details about the failure.
- allow_failures: $CI == $CI
+ # allow_failures: $CI == $CI
gce_instance: *bigvm
env:
<<: *stdenvars
@@ -344,14 +338,13 @@ static_alt_build_task:
ALT_NAME: 'Static build'
# Do not use 'latest', fixed-version tag for runtime stability.
CTR_FQIN: "docker.io/nixos/nix:2.3.6"
- # This is critical, it helps to avoid a very lengthy process of
- # statically building every dependency needed to build podman.
- # Assuming the dependency and build description hasn't changed,
- # this cache ensures only the static podman binary is built.
- nix_cache:
- folder: '/var/cache/nix'
- # Cirrus will calculate/use sha of this output as the cache key
- fingerprint_script: echo "${IMAGE_SUFFIX}" && cat nix/*
+ # Authentication token for pushing the build cache to cachix.
+ # This is critical, it helps to avoid a very lengthy process of
+ # statically building every dependency needed to build podman.
+ # Assuming the pinned nix dependencies in nix/nixpkgs.json have not
+ # changed, this cache will ensure that only the static podman binary is
+ # built.
+ CACHIX_AUTH_TOKEN: ENCRYPTED[df0d4d0a67474e8ea49cc503221dcb912b7e2ba45c8ec4bf2e5fd9c49a18ac21c24bacee59b5393355ed9e4358d2baef]
setup_script: *setup
main_script: *main
always: *binary_artifacts
@@ -639,7 +632,6 @@ success_task:
depends_on:
- ext_svc_check
- automation
- - smoke
- build
- validate
- bindings