1 files changed, 67 insertions, 31 deletions

diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh
index d9f91c7af..ccbdb63b6 100755
--- a/contrib/cirrus/runner.sh
+++ b/contrib/cirrus/runner.sh
@@ -23,22 +23,6 @@ function _run_ext_svc() {
     $SCRIPT_BASE/ext_svc_check.sh
 }
 
-function _run_smoke() {
-    make gofmt
-
-    # There is little value to validating commits after tag-push
-    # and it's very difficult to automatically determine a starting commit.
-    # $CIRRUS_TAG is only non-empty when executing due to a tag-push
-    # shellcheck disable=SC2154
-    if [[ -z "$CIRRUS_TAG" ]]; then
-        # If PR consists of multiple commits, test that each compiles cleanly
-        make .gitvalidation
-
-        # PRs should include some way to test.
-        $SCRIPT_BASE/pr-should-include-tests
-    fi
-}
-
 function _run_automation() {
     $SCRIPT_BASE/cirrus_yaml_test.py
 
@@ -51,11 +35,14 @@ function _run_automation() {
 }
 
 function _run_validate() {
-    # Confirm compile via prior task + cache
-    bin/podman --version
-    bin/podman-remote --version
+    # git-validation tool fails if $EPOCH_TEST_COMMIT is empty
+    # shellcheck disable=SC2154
+    if [[ -n "$EPOCH_TEST_COMMIT" ]]; then
+        make validate
+    else
+        warn "Skipping git-validation since \$EPOCH_TEST_COMMIT is empty"
+    fi
 
-    make validate  # Some items require a build
 }
 
 function _run_unit() {
@@ -130,20 +117,70 @@ exec_container() {
 }
 
 function _run_swagger() {
+    local upload_filename
+    local upload_bucket
     local download_url
+    local envvarsfile
+    req_env_vars GCPJSON GCPNAME GCPPROJECT CTR_FQIN
+
     # Building this is a PITA, just grab binary for use in automation
     # Ref: https://goswagger.io/install.html#static-binary
     download_url=$(\
         curl -s https://api.github.com/repos/go-swagger/go-swagger/releases/latest | \
         jq -r '.assets[] | select(.name | contains("linux_amd64")) | .browser_download_url')
-    curl -o /usr/local/bin/swagger -L'#' "$download_url"
+
+    # The filename and bucket depend on the automation context
+    #shellcheck disable=SC2154,SC2153
+    if [[ -n "$CIRRUS_PR" ]]; then
+        upload_bucket="libpod-pr-releases"
+        upload_filename="swagger-pr$CIRRUS_PR.yaml"
+    elif [[ -n "$CIRRUS_TAG" ]]; then
+        upload_bucket="libpod-master-releases"
+        upload_filename="swagger-$CIRRUS_TAG.yaml"
+    elif [[ "$CIRRUS_BRANCH" == "master" ]]; then
+        upload_bucket="libpod-master-releases"
+        # readthedocs versioning uses "latest" for "master" (default) branch
+        upload_filename="swagger-latest.yaml"
+    elif [[ -n "$CIRRUS_BRANCH" ]]; then
+        upload_bucket="libpod-master-releases"
+        upload_filename="swagger-$CIRRUS_BRANCH.yaml"
+    else
+        die "Unknown execution context, expected a non-empty value for \$CIRRUS_TAG, \$CIRRUS_BRANCH, or \$CIRRUS_PR"
+    fi
+
+    curl -s -o /usr/local/bin/swagger -L'#' "$download_url"
     chmod +x /usr/local/bin/swagger
 
+    # Swagger validation takes a significant amount of time
+    msg "Pulling \$CTR_FQIN '$CTR_FQIN' (background process)"
+    podman pull --quiet $CTR_FQIN &
+
     cd $GOSRC
     make swagger
 
     # Cirrus-CI Artifact instruction expects file here
-    cp -v $GOSRC/pkg/api/swagger.yaml $GOSRC/
+    cp -v $GOSRC/pkg/api/swagger.yaml ./
+
+    envvarsfile=$(mktemp -p '' .tmp_$(basename $0)_XXXXXXXX)
+    trap "rm -f $envvarsfile" EXIT  # contains secrets
+    # Warning: These values must _not_ be quoted, podman will not remove them.
+    #shellcheck disable=SC2154
+    cat <<eof>>$envvarsfile
+GCPJSON=$GCPJSON
+GCPNAME=$GCPNAME
+GCPPROJECT=$GCPPROJECT
+FROM_FILEPATH=$GOSRC/swagger.yaml
+TO_GCSURI=gs://$upload_bucket/$upload_filename
+eof
+
+    msg "Waiting for backgrounded podman pull to complete..."
+    wait %%
+    podman run -it --rm --security-opt label=disable \
+        --env-file=$envvarsfile \
+        -v $GOSRC:$GOSRC:ro \
+        --workdir $GOSRC \
+        $CTR_FQIN
+    rm -f $envvarsfile
 }
 
 function _run_consistency() {
@@ -191,15 +228,14 @@ function _run_altbuild() {
             req_env_vars CTR_FQIN
             [[ "$UID" -eq 0 ]] || \
                 die "Static build must execute nixos container as root on host"
-            mkdir -p /var/cache/nix
-            podman run -i --rm -v /var/cache/nix:/mnt/nix:Z \
-                $CTR_FQIN cp -rfT /nix /mnt/nix
-            podman run -i --rm -v /var/cache/nix:/nix:Z \
-                -v $PWD:$PWD:Z -w $PWD $CTR_FQIN \
-                nix --print-build-logs --option cores 4 --option max-jobs 4 \
-                    build --file ./nix/
-            # result symlink is absolute from container perspective :(
-            cp /var/cache/$(readlink result)/bin/podman ./  # for cirrus-ci artifact
+            podman run -i --rm \
+                -e CACHIX_AUTH_TOKEN \
+                -v $PWD:$PWD:Z -w $PWD $CTR_FQIN sh -c \
+                "nix-env -iA cachix -f https://cachix.org/api/v1/install && \
+                 cachix use podman && \
+                 nix-build nix && \
+                 nix-store -qR --include-outputs \$(nix-instantiate nix/default.nix) | grep -v podman | cachix push podman && \
+                 cp -R result/bin ."
             rm result  # makes cirrus puke
             ;;
         *)