summaryrefslogtreecommitdiff
path: root/contrib/cirrus
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/cirrus')
-rw-r--r--contrib/cirrus/README.md45
-rwxr-xr-xcontrib/cirrus/build_release.sh24
-rwxr-xr-xcontrib/cirrus/build_vm_images.sh2
-rwxr-xr-xcontrib/cirrus/check_image.sh7
-rwxr-xr-xcontrib/cirrus/integration_test.sh5
-rw-r--r--contrib/cirrus/lib.sh63
-rw-r--r--contrib/cirrus/packer/Makefile32
-rw-r--r--contrib/cirrus/packer/fedora_base-setup.sh2
-rw-r--r--contrib/cirrus/packer/fedora_setup.sh12
-rw-r--r--contrib/cirrus/packer/libpod_base_images.yml51
-rw-r--r--contrib/cirrus/packer/libpod_images.yml26
l---------contrib/cirrus/packer/prior-fedora_base-setup.sh (renamed from contrib/cirrus/packer/prior_fedora_base-setup.sh)0
-rwxr-xr-xcontrib/cirrus/packer/systemd_banish.sh28
-rw-r--r--contrib/cirrus/packer/ubuntu_setup.sh50
-rwxr-xr-xcontrib/cirrus/podbot.py15
-rwxr-xr-xcontrib/cirrus/setup_environment.sh17
-rwxr-xr-xcontrib/cirrus/success.sh18
-rwxr-xr-xcontrib/cirrus/upload_release_archive.sh62
18 files changed, 319 insertions, 140 deletions
diff --git a/contrib/cirrus/README.md b/contrib/cirrus/README.md
index 7aa8881d6..779f95d95 100644
--- a/contrib/cirrus/README.md
+++ b/contrib/cirrus/README.md
@@ -124,35 +124,46 @@ you'll find the new image names displayed at the end of the
```
...cut...
-==> Builds finished. The artifacts of successful builds are:
---> ubuntu-18: A disk image was created: ubuntu-18-libpod-5699523102900224
---> ubuntu-18:
---> fedora-29: A disk image was created: fedora-29-libpod-5699523102900224
---> fedora-29:
---> fedora-28: A disk image was created: fedora-28-libpod-5699523102900224
+
+[+0747s] ==> Builds finished. The artifacts of successful builds are:
+[+0747s] --> ubuntu-18: A disk image was created: ubuntu-18-libpod-5664838702858240
+[+0747s] --> fedora-29: A disk image was created: fedora-29-libpod-5664838702858240
+[+0747s] --> fedora-30: A disk image was created: fedora-30-libpod-5664838702858240
+[+0747s] --> ubuntu-19: A disk image was created: ubuntu-19-libpod-5664838702858240
```
-Now edit `.cirrus.yml`, updating the `*_IMAGE_NAME` lines to reflect the
-images from above:
+Notice the suffix on all the image names comes from the env. var. set in
+*.cirrus.yml*: `BUILT_IMAGE_SUFFIX: "-${CIRRUS_REPO_NAME}-${CIRRUS_BUILD_ID}"`.
+Edit `.cirrus.yml`, in the top-level `env` section, update the suffix variable
+used at runtime to launch VMs for testing:
```yaml
env:
...cut...
####
- #### Cache-image names to test with
+ #### Cache-image names to test with (double-quotes around names are critical)
###
- FEDORA_CACHE_IMAGE_NAME: "fedora-29-libpod-5699523102900224"
- PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-28-libpod-5699523102900224"
- UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-libpod-5699523102900224"
+ _BUILT_IMAGE_SUFFIX: "libpod-5664838702858240"
+ FEDORA_CACHE_IMAGE_NAME: "fedora-30-${_BUILT_IMAGE_SUFFIX}"
+ PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-29-${_BUILT_IMAGE_SUFFIX}"
...cut...
```
-***NOTE:*** If re-using the same PR with new images in `.cirrus.yml`,
-take care to also *update the PR description* to remove
-the magic ``***CIRRUS: TEST IMAGES***`` string. Keeping it and
-`--force` pushing would needlessly cause Cirrus-CI to build
-and test images again.
+***NOTES:***
+* If re-using the same PR with new images in `.cirrus.yml`,
+ take care to also *update the PR description* to remove
+ the magic ``***CIRRUS: TEST IMAGES***`` string. Keeping it and
+ `--force` pushing would needlessly cause Cirrus-CI to build
+ and test images again.
+* In the future, if you need to review the log from the build that produced
+ the referenced image:
+
+ * Note the Build ID from the image name (for example `5664838702858240`).
+ * Go to that build in the Cirrus-CI WebUI, using the build ID in the URL.
+ (For example `https://cirrus-ci.com/build/5664838702858240`.
+ * Choose the *test_build_cache_images* task.
+ * Open the *build_vm_images* script section.
### `release` Task
diff --git a/contrib/cirrus/build_release.sh b/contrib/cirrus/build_release.sh
index 287643f47..07db88f81 100755
--- a/contrib/cirrus/build_release.sh
+++ b/contrib/cirrus/build_release.sh
@@ -1,5 +1,7 @@
#!/bin/bash
+set -e
+
source $(dirname $0)/lib.sh
req_env_var TEST_REMOTE_CLIENT OS_RELEASE_ID GOSRC
@@ -13,18 +15,20 @@ fi
if [[ -n "$CROSS_PLATFORM" ]]
then
+ # Will fail if $CROSS_PLATFORM is unsupported cross-compile $GOOS value
+ make podman-remote-${CROSS_PLATFORM}-release
+
echo "Compiling podman-remote release archive for ${CROSS_PLATFORM}"
- case "$CROSS_PLATFORM" in
- linux) ;&
- windows) ;&
- darwin)
- make podman-remote-${CROSS_PLATFORM}-release
- ;;
- *)
- die 1 "Unknown/unsupported cross-compile platform '$CROSS_PLATFORM'"
- ;;
- esac
+ if [[ "$CROSS_PLATFORM" == "windows" ]]
+ then
+ # TODO: Remove next line, part of VM images next time they're built.
+ dnf install -y libmsi1 msitools pandoc
+ make podman.msi
+ fi
else
echo "Compiling release archive for $OS_RELEASE_ID"
make podman-release
fi
+
+echo "Preserving build details for later use."
+mv -v release.txt actual_release.txt # Another 'make' during testing could overwrite it
diff --git a/contrib/cirrus/build_vm_images.sh b/contrib/cirrus/build_vm_images.sh
index 6230610cb..543f83a14 100755
--- a/contrib/cirrus/build_vm_images.sh
+++ b/contrib/cirrus/build_vm_images.sh
@@ -3,7 +3,7 @@
set -e
source $(dirname $0)/lib.sh
-BASE_IMAGE_VARS='FEDORA_BASE_IMAGE PRIOR_FEDORA_BASE_IMAGE UBUNTU_BASE_IMAGE'
+BASE_IMAGE_VARS='FEDORA_BASE_IMAGE PRIOR_FEDORA_BASE_IMAGE UBUNTU_BASE_IMAGE PRIOR_UBUNTU_BASE_IMAGE'
ENV_VARS="PACKER_BUILDS BUILT_IMAGE_SUFFIX $BASE_IMAGE_VARS SERVICE_ACCOUNT GCE_SSH_USERNAME GCP_PROJECT_ID PACKER_VER SCRIPT_BASE PACKER_BASE CIRRUS_BUILD_ID CIRRUS_CHANGE_IN_REPO"
req_env_var $ENV_VARS
# Must also be made available through make, into packer process
diff --git a/contrib/cirrus/check_image.sh b/contrib/cirrus/check_image.sh
index ad9a12f49..5423f67d6 100755
--- a/contrib/cirrus/check_image.sh
+++ b/contrib/cirrus/check_image.sh
@@ -4,6 +4,8 @@ set -eo pipefail
source $(dirname $0)/lib.sh
+EVIL_UNITS="$($CIRRUS_WORKING_DIR/$PACKER_BASE/systemd_banish.sh --list)"
+
req_env_var PACKER_BUILDER_NAME TEST_REMOTE_CLIENT EVIL_UNITS OS_RELEASE_ID
NFAILS=0
@@ -54,6 +56,11 @@ then
item_test "On ubuntu /usr/bin/runc is /usr/lib/cri-o-runc/sbin/runc" "$SAMESAME" -eq "0" || let "NFAILS+=1"
fi
+if [[ "$OS_RELEASE_ID" == "ubuntu" ]]
+then
+ item_test "On ubuntu, no periodic apt crap is enabled" -z "$(egrep $PERIODIC_APT_RE /etc/apt/apt.conf.d/*)"
+fi
+
echo "Checking items specific to ${PACKER_BUILDER_NAME}${BUILT_IMAGE_SUFFIX}"
case "$PACKER_BUILDER_NAME" in
xfedora*)
diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh
index 00c3b0ec3..110066ea7 100755
--- a/contrib/cirrus/integration_test.sh
+++ b/contrib/cirrus/integration_test.sh
@@ -37,11 +37,8 @@ case "$SPECIALMODE" in
-o CheckHostIP=no $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE}
;;
cgroupv2)
- # FIXME: use the package once all the fixes are in a release
- # yum install -y crun
setenforce 0
- yum builddep -y crun
- (git clone --depth=1 https://github.com/containers/crun && cd crun && ./autogen.sh && ./configure --prefix=/usr && make -j4 && make install)
+ dnf install -y crun
export OCI_RUNTIME=/usr/bin/crun
make
make install PREFIX=/usr ETCDIR=/etc
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index cd8b2ef61..fe4c25e73 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -36,7 +36,7 @@ SETUP_MARKER_FILEPATH="${SETUP_MARKER_FILEPATH:-/var/tmp/.setup_environment_sh_c
AUTHOR_NICKS_FILEPATH="${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/git_authors_to_irc_nicks.csv"
cd $GOSRC
-if type -P git &> /dev/null
+if type -P git &> /dev/null && [[ -d "$GOSRC/.git" ]]
then
CIRRUS_CHANGE_IN_REPO=${CIRRUS_CHANGE_IN_REPO:-$(git show-ref --hash=8 HEAD || date +%s)}
else # pick something unique and obviously not from Cirrus
@@ -52,16 +52,17 @@ CIRRUS_REPO_NAME=${CIRRUS_REPO_NAME:-libpod}
CIRRUS_BASE_SHA=${CIRRUS_BASE_SHA:-unknown$(date +%s)} # difficult to reliably discover
CIRRUS_BUILD_ID=${CIRRUS_BUILD_ID:-$RANDOM$(date +%s)} # must be short and unique
# Vars. for image-building
-PACKER_VER="1.3.5"
+PACKER_VER="1.4.2"
# CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json)
# Base-images rarely change, define them here so they're out of the way.
-export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,fedora-30,xfedora-30,fedora-29}"
+export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-30,xfedora-30,fedora-29}"
# Google-maintained base-image names
-export UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a"
+export UBUNTU_BASE_IMAGE="ubuntu-1904-disco-v20190724"
+export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a"
# Manually produced base-image names (see $SCRIPT_BASE/README.md)
-export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1559164849"
-export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1559164849"
+export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1565360543"
+export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1565360543"
export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}"
# IN_PODMAN container image
IN_PODMAN_IMAGE="quay.io/libpod/in_podman:latest"
@@ -72,6 +73,8 @@ UPLDREL_IMAGE="quay.io/libpod/upldrel:latest"
export DEBIAN_FRONTEND="noninteractive"
SUDOAPTGET="ooe.sh sudo -E apt-get -qq --yes"
SUDOAPTADD="ooe.sh sudo -E add-apt-repository --yes"
+# Regex that finds enabled periodic apt configuration items
+PERIODIC_APT_RE='^(APT::Periodic::.+")1"\;'
# Short-cuts for retrying/timeout calls
LILTO="timeout_attempt_delay_command 24s 5 30s"
BIGTO="timeout_attempt_delay_command 300s 5 30s"
@@ -81,9 +84,6 @@ ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(.
# Unsafe env. vars for display
SECRET_ENV_RE='(IRCID)|(ACCOUNT)|(GC[EP]..+)|(SSH)'
-# Names of systemd units which should never be running
-EVIL_UNITS="cron crond atd apt-daily-upgrade apt-daily fstrim motd-news systemd-tmpfiles-clean"
-
SPECIALMODE="${SPECIALMODE:-none}"
TEST_REMOTE_CLIENT="${TEST_REMOTE_CLIENT:-false}"
export CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-podman}
@@ -322,7 +322,7 @@ EOF
sudo chmod 755 /usr/bin/git
}
-install_test_configs(){
+install_test_configs() {
echo "Installing cni config, policy and registry config"
req_env_var GOSRC SCRIPT_BASE
cd $GOSRC
@@ -342,9 +342,24 @@ install_test_configs(){
# of pulling in necessary prerequisites packages as the set can change over time.
# For general CI testing however, calling this function makes sure the system
# can only run the compiled source version.
-remove_packaged_podman_files(){
+remove_packaged_podman_files() {
echo "Removing packaged podman files to prevent conflicts with source build and testing."
req_env_var OS_RELEASE_ID
+
+ # If any binaries are resident they could cause unexpected pollution
+ for unit in io.podman.service io.podman.socket
+ do
+ for state in enabled active
+ do
+ if systemctl --quiet is-$state $unit
+ then
+ echo "Warning: $unit found $state prior to packaged-file removal"
+ systemctl --quiet disable $unit || true
+ systemctl --quiet stop $unit || true
+ fi
+ done
+ done
+
if [[ "$OS_RELEASE_ID" =~ "ubuntu" ]]
then
LISTING_CMD="sudo -E dpkg-query -L podman"
@@ -359,26 +374,16 @@ remove_packaged_podman_files(){
if [[ -d "$fullpath" ]] || [[ $(basename "$fullpath") == "conmon" ]] ; then continue; fi
ooe.sh sudo rm -vf "$fullpath"
done
+
+ # Be super extra sure and careful vs performant and completely safe
+ sync && echo 3 > /proc/sys/vm/drop_caches
}
-systemd_banish(){
- echo "Disabling periodic services that could destabilize testing (ignoring errors):"
- set +e # Not all of these exist on every platform
- for unit in $EVIL_UNITS
- do
- echo "Banishing $unit (ignoring errors)"
- (
- sudo systemctl stop $unit
- sudo systemctl disable $unit
- sudo systemctl disable $unit.timer
- sudo systemctl mask $unit
- sudo systemctl mask $unit.timer
- ) &> /dev/null
- done
- set -e
+systemd_banish() {
+ $GOSRC/$PACKER_BASE/systemd_banish.sh
}
-_finalize(){
+_finalize() {
set +e # Don't fail at the very end
if [[ -d "$CUSTOM_CLOUD_CONFIG_DEFAULTS" ]]
then
@@ -401,7 +406,7 @@ _finalize(){
sudo fstrim -av
}
-rh_finalize(){
+rh_finalize() {
set +e # Don't fail at the very end
echo "Resetting to fresh-state for usage as cloud-image."
PKG=$(type -P dnf || type -P yum || echo "")
@@ -412,7 +417,7 @@ rh_finalize(){
_finalize
}
-ubuntu_finalize(){
+ubuntu_finalize() {
set +e # Don't fail at the very end
echo "Resetting to fresh-state for usage as cloud-image."
$LILTO $SUDOAPTGET autoremove
diff --git a/contrib/cirrus/packer/Makefile b/contrib/cirrus/packer/Makefile
index d03d22abe..947a2a1e9 100644
--- a/contrib/cirrus/packer/Makefile
+++ b/contrib/cirrus/packer/Makefile
@@ -3,7 +3,7 @@
# builder name(s) from applicable YAML file,
# e.g for names see libpod_images.yml
-PACKER_VER ?= 1.3.5
+PACKER_VER ?= 1.4.2
GOARCH=$(shell go env GOARCH)
ARCH=$(uname -m)
PACKER_DIST_FILENAME := packer_${PACKER_VER}_linux_${GOARCH}.zip
@@ -15,6 +15,9 @@ PACKER_BASE ?= contrib/cirrus/packer
SCRIPT_BASE ?= contrib/cirrus
POST_MERGE_BUCKET_SUFFIX ?=
+UBUNTU_BASE_IMAGE = $(shell source ../lib.sh && echo "$$UBUNTU_BASE_IMAGE")
+PRIOR_UBUNTU_BASE_IMAGE = $(shell source ../lib.sh && echo "$$PRIOR_UBUNTU_BASE_IMAGE")
+
# For debugging nested-virt, use
#TTYDEV := $(shell tty)
TTYDEV := /dev/null
@@ -22,6 +25,14 @@ TTYDEV := /dev/null
.PHONY: all
all: libpod_images
+# Utility target for checking required parameters
+.PHONY: guard-%
+guard-%:
+ @if [[ -z "$($*)" ]]; then \
+ echo "Missing or empty required make variable '$*'."; \
+ exit 1; \
+ fi;
+
%.json: %.yml
@python3 -c 'import json,yaml; json.dump( yaml.load(open("$<").read()), open("$@","w"), indent=2);'
@@ -44,10 +55,7 @@ test: libpod_base_images.json libpod_images.json packer
@echo "All good"
.PHONY: libpod_images
-libpod_images: libpod_images.json packer
-ifndef PACKER_BUILDS
- $(error PACKER_BUILDS is undefined, expected builder-names CSV)
-endif
+libpod_images: guard-PACKER_BUILDS libpod_images.json packer
./packer build -only=${PACKER_BUILDS} \
-force \
-var GOSRC=$(GOSRC) \
@@ -72,16 +80,7 @@ cidata.iso: user-data meta-data
# This is intended to be run by a human, with admin access to the libpod GCE project.
.PHONY: libpod_base_images
-libpod_base_images: libpod_base_images.json cidata.iso cidata.ssh packer
-ifndef GCP_PROJECT_ID
- $(error GCP_PROJECT_ID is undefined, expected complete GCP project ID string e.g. foobar-12345)
-endif
-ifndef GOOGLE_APPLICATION_CREDENTIALS
- $(error GOOGLE_APPLICATION_CREDENTIALS is undefined, expected absolute path to JSON file, like $HOME/.config/gcloud/legacy_credentials/*/adc.json)
-endif
-ifndef PACKER_BUILDS
- $(error PACKER_BUILDS is undefined, expected builder-names CSV)
-endif
+libpod_base_images: guard-GCP_PROJECT_ID guard-GOOGLE_APPLICATION_CREDENTIALS libpod_base_images.json cidata.iso cidata.ssh packer
PACKER_CACHE_DIR=/tmp ./packer build \
-force \
-var TIMESTAMP=$(TIMESTAMP) \
@@ -91,5 +90,6 @@ endif
-var GOSRC=$(GOSRC) \
-var PACKER_BASE=$(PACKER_BASE) \
-var SCRIPT_BASE=$(SCRIPT_BASE) \
- -only $(PACKER_BUILDS) \
+ -var UBUNTU_BASE_IMAGE=$(UBUNTU_BASE_IMAGE) \
+ -var PRIOR_UBUNTU_BASE_IMAGE=$(PRIOR_UBUNTU_BASE_IMAGE) \
libpod_base_images.json
diff --git a/contrib/cirrus/packer/fedora_base-setup.sh b/contrib/cirrus/packer/fedora_base-setup.sh
index 788a54c34..29c23117f 100644
--- a/contrib/cirrus/packer/fedora_base-setup.sh
+++ b/contrib/cirrus/packer/fedora_base-setup.sh
@@ -8,8 +8,6 @@ set -e
# Load in library (copied by packer, before this script was run)
source $GOSRC/$SCRIPT_BASE/lib.sh
-[[ "$1" == "post" ]] || exit 0 # nothing to do
-
install_ooe
echo "Updating packages"
diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh
index 0e1a82cc0..8e0a2b2ee 100644
--- a/contrib/cirrus/packer/fedora_setup.sh
+++ b/contrib/cirrus/packer/fedora_setup.sh
@@ -24,6 +24,9 @@ ooe.sh sudo dnf config-manager --set-enabled updates-testing
echo "Installing general build/test dependencies"
ooe.sh sudo dnf install -y \
atomic-registries \
+ autoconf \
+ automake \
+ bash-completion \
bats \
bridge-utils \
btrfs-progs-devel \
@@ -35,10 +38,14 @@ ooe.sh sudo dnf install -y \
device-mapper-devel \
emacs-nox \
findutils \
+ fuse3 \
+ fuse3-devel \
+ gcc \
git \
glib2-devel \
glibc-static \
gnupg \
+ go-md2man \
golang \
golang-github-cpuguy83-go-md2man \
gpgme-devel \
@@ -47,6 +54,7 @@ ooe.sh sudo dnf install -y \
jq \
libassuan-devel \
libcap-devel \
+ libmsi1 \
libnet \
libnet-devel \
libnl3-devel \
@@ -56,9 +64,11 @@ ooe.sh sudo dnf install -y \
libvarlink-util \
lsof \
make \
+ msitools \
nmap-ncat \
ostree \
ostree-devel \
+ pandoc \
podman \
procps-ng \
protobuf \
@@ -81,6 +91,7 @@ ooe.sh sudo dnf install -y \
xz \
zip
+
# Ensure there are no disruptive periodic services enabled by default in image
systemd_banish
@@ -91,6 +102,7 @@ case "$PACKER_BUILDER_NAME" in
xfedora*)
echo "Configuring CGroups v2 enabled on next boot"
sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=1"
+ sudo dnf install -y crun
;& # continue to next matching item
*)
echo "Finalizing $PACKER_BUILDER_NAME VM image"
diff --git a/contrib/cirrus/packer/libpod_base_images.yml b/contrib/cirrus/packer/libpod_base_images.yml
index e519d2fba..bcca440ae 100644
--- a/contrib/cirrus/packer/libpod_base_images.yml
+++ b/contrib/cirrus/packer/libpod_base_images.yml
@@ -12,6 +12,10 @@ variables:
# Required for output from qemu builders
TTYDEV:
+ # Ubuntu releases are mearly copied to this project for control purposes
+ UBUNTU_BASE_IMAGE:
+ PRIOR_UBUNTU_BASE_IMAGE:
+
# Latest Fedora release
FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2"
FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-30-1.2-x86_64-CHECKSUM"
@@ -78,50 +82,67 @@ builders:
ssh_username: 'root'
- <<: *nested_virt
- name: 'prior_fedora'
+ name: 'prior-fedora'
iso_url: '{{user `PRIOR_FEDORA_IMAGE_URL`}}'
iso_checksum_url: '{{user `PRIOR_FEDORA_CSUM_URL`}}'
+ - &imgcopy
+ name: 'ubuntu'
+ type: 'googlecompute'
+ image_name: '{{user `UBUNTU_BASE_IMAGE`}}'
+ image_family: '{{build_name}}-base'
+ source_image: '{{user `UBUNTU_BASE_IMAGE`}}'
+ source_image_project_id: 'ubuntu-os-cloud'
+ project_id: '{{user `GCP_PROJECT_ID`}}'
+ account_file: '{{user `GOOGLE_APPLICATION_CREDENTIALS`}}'
+ startup_script_file: "systemd_banish.sh"
+ zone: 'us-central1-a'
+ disk_size: 20
+ communicator: 'none'
+
+ - <<: *imgcopy
+ name: 'prior-ubuntu'
+ image_name: '{{user `PRIOR_UBUNTU_BASE_IMAGE`}}'
+ source_image: '{{user `PRIOR_UBUNTU_BASE_IMAGE`}}'
+
provisioners:
- type: 'shell'
+ only: ['fedora', 'prior-fedora']
inline:
- 'mkdir -p /tmp/libpod/{{user `SCRIPT_BASE`}}'
- 'mkdir -p /tmp/libpod/{{user `PACKER_BASE`}}'
- type: 'file'
+ only: ['fedora', 'prior-fedora']
source: '{{user `GOSRC`}}/.cirrus.yml'
destination: '/tmp/libpod/.cirrus.yml'
- type: 'file'
+ only: ['fedora', 'prior-fedora']
source: '{{user `GOSRC`}}/{{user `SCRIPT_BASE`}}/'
destination: '/tmp/libpod/{{user `SCRIPT_BASE`}}/'
- type: 'file'
+ only: ['fedora', 'prior-fedora']
source: '{{user `GOSRC`}}/{{user `PACKER_BASE`}}/'
destination: '/tmp/libpod/{{user `PACKER_BASE`}}/'
- &shell_script
+ only: ['fedora', 'prior-fedora']
type: 'shell'
inline:
- - 'chmod +x /tmp/libpod/{{user `PACKER_BASE`}}/{{build_name}}_base-setup.sh'
- - '/tmp/libpod/{{user `PACKER_BASE`}}/{{build_name}}_base-setup.sh pre'
- expect_disconnect: true # Allow this to reboot the VM
+ - 'chmod +x /tmp/libpod/{{user `PACKER_BASE`}}/*.sh'
+ - '/tmp/libpod/{{user `PACKER_BASE`}}/{{build_name}}_base-setup.sh'
+ expect_disconnect: true # Allow this to reboot the VM if needed
environment_vars:
- 'TIMESTAMP={{user `TIMESTAMP`}}'
- 'GOSRC=/tmp/libpod'
- 'SCRIPT_BASE={{user `SCRIPT_BASE`}}'
- 'PACKER_BASE={{user `PACKER_BASE`}}'
- - <<: *shell_script
- inline: ['{{user `GOSRC`}}/{{user `PACKER_BASE`}}/{{build_name}}_base-setup.sh']
- expect_disconnect: false
- pause_before: '10s'
- inline:
- - '/tmp/libpod/{{user `PACKER_BASE`}}/{{build_name}}_base-setup.sh post'
-
post-processors:
- - type: "compress"
- only: ['fedora', 'prior_fedora']
+ only: ['fedora', 'prior-fedora']
output: '/tmp/{{build_name}}/disk.raw.tar.gz'
format: '.tar.gz'
compression_level: 9
@@ -134,10 +155,10 @@ post-processors:
gcs_object_name: '{{build_name}}-{{user `TIMESTAMP`}}.tar.gz'
image_name: "{{user `FEDORA_BASE_IMAGE_NAME`}}-{{user `TIMESTAMP`}}"
image_description: 'Based on {{user `FEDORA_IMAGE_URL`}}'
- image_family: '{{user `FEDORA_BASE_IMAGE_NAME`}}'
+ image_family: '{{build_name}}-base'
- <<: *gcp_import
- only: ['prior_fedora']
+ only: ['prior-fedora']
image_name: "{{user `PRIOR_FEDORA_BASE_IMAGE_NAME`}}-{{user `TIMESTAMP`}}"
image_description: 'Based on {{user `PRIOR_FEDORA_IMAGE_URL`}}'
- image_family: '{{user `PRIOR_FEDORA_BASE_IMAGE_NAME`}}'
+ image_family: '{{build_name}}-base'
- type: 'manifest'
diff --git a/contrib/cirrus/packer/libpod_images.yml b/contrib/cirrus/packer/libpod_images.yml
index cae5d4138..01a65d867 100644
--- a/contrib/cirrus/packer/libpod_images.yml
+++ b/contrib/cirrus/packer/libpod_images.yml
@@ -2,16 +2,17 @@
# All of these are required
variables:
- # Names of GCE Base images to start from, in .cirrus.yml
- UBUNTU_BASE_IMAGE: '{{env `UBUNTU_BASE_IMAGE`}}'
- FEDORA_BASE_IMAGE: '{{env `FEDORA_BASE_IMAGE`}}'
- PRIOR_FEDORA_BASE_IMAGE: '{{env `PRIOR_FEDORA_BASE_IMAGE`}}'
-
BUILT_IMAGE_SUFFIX: '{{env `BUILT_IMAGE_SUFFIX`}}'
GOSRC: '{{env `GOSRC`}}'
PACKER_BASE: '{{env `PACKER_BASE`}}'
SCRIPT_BASE: '{{env `SCRIPT_BASE`}}'
+ # Base-image names are required. Using image family-names breaks parallelism
+ UBUNTU_BASE_IMAGE: '{{env `UBUNTU_BASE_IMAGE`}}'
+ PRIOR_UBUNTU_BASE_IMAGE: '{{env `PRIOR_UBUNTU_BASE_IMAGE`}}'
+ FEDORA_BASE_IMAGE: '{{env `FEDORA_BASE_IMAGE`}}'
+ PRIOR_FEDORA_BASE_IMAGE: '{{env `PRIOR_FEDORA_BASE_IMAGE`}}'
+
# Protected credentials, decrypted by Cirrus at runtime
GCE_SSH_USERNAME: '{{env `GCE_SSH_USERNAME`}}'
GCP_PROJECT_ID: '{{env `GCP_PROJECT_ID`}}'
@@ -28,11 +29,12 @@ sensitive-variables:
builders:
# v----- is a YAML anchor, allows referencing this object by name (below)
- &gce_hosted_image
- name: 'ubuntu-18'
+ name: 'ubuntu-19'
type: 'googlecompute'
image_name: '{{build_name}}{{user `BUILT_IMAGE_SUFFIX`}}'
- image_family: '{{build_name}}-libpod'
- source_image: '{{user `UBUNTU_BASE_IMAGE`}}'
+ image_family: '{{build_name}}-cache'
+ source_image: '{{user `UBUNTU_BASE_IMAGE`}}' # precedence over family
+ source_image_family: 'ubuntu-base' # for ref. only
disk_size: 20 # REQUIRED: Runtime allocation > this value
project_id: '{{user `GCP_PROJECT_ID`}}'
service_account_email: '{{user `SERVICE_ACCOUNT`}}'
@@ -44,16 +46,24 @@ builders:
# v----- is a YAML alias, allows partial re-use of the anchor object
- <<: *gce_hosted_image
+ name: 'ubuntu-18'
+ source_image: '{{user `PRIOR_UBUNTU_BASE_IMAGE`}}'
+ source_image_family: 'prior-ubuntu-base'
+
+ - <<: *gce_hosted_image
name: 'fedora-30'
source_image: '{{user `FEDORA_BASE_IMAGE`}}'
+ source_image_family: 'fedora-base'
- <<: *gce_hosted_image
name: 'xfedora-30'
source_image: '{{user `FEDORA_BASE_IMAGE`}}'
+ source_image_family: 'fedora-base'
- <<: *gce_hosted_image
name: 'fedora-29'
source_image: '{{user `PRIOR_FEDORA_BASE_IMAGE`}}'
+ source_image_family: 'prior-fedora-base'
# The brains of the operation, making actual modifications to the base-image.
provisioners:
diff --git a/contrib/cirrus/packer/prior_fedora_base-setup.sh b/contrib/cirrus/packer/prior-fedora_base-setup.sh
index 998a5d9fd..998a5d9fd 120000
--- a/contrib/cirrus/packer/prior_fedora_base-setup.sh
+++ b/contrib/cirrus/packer/prior-fedora_base-setup.sh
diff --git a/contrib/cirrus/packer/systemd_banish.sh b/contrib/cirrus/packer/systemd_banish.sh
new file mode 100755
index 000000000..396cf906c
--- /dev/null
+++ b/contrib/cirrus/packer/systemd_banish.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+set +e # Not all of these exist on every platform
+
+# This is intended to be executed on VMs as a startup script on initial-boot.
+# Alternativly, it may be executed with the '--list' option to return the list
+# of systemd units defined for disablement (useful for testing).
+
+EVIL_UNITS="cron crond atd apt-daily-upgrade apt-daily fstrim motd-news systemd-tmpfiles-clean"
+
+if [[ "$1" == "--list" ]]
+then
+ echo "$EVIL_UNITS"
+ exit 0
+fi
+
+echo "Disabling periodic services that could destabilize testing:"
+for unit in $EVIL_UNITS
+do
+ echo "Banishing $unit (ignoring errors)"
+ (
+ sudo systemctl stop $unit
+ sudo systemctl disable $unit
+ sudo systemctl disable $unit.timer
+ sudo systemctl mask $unit
+ sudo systemctl mask $unit.timer
+ ) &> /dev/null
+done
diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh
index 00d92570f..c94e74a08 100644
--- a/contrib/cirrus/packer/ubuntu_setup.sh
+++ b/contrib/cirrus/packer/ubuntu_setup.sh
@@ -18,22 +18,38 @@ trap "sudo rm -rf $GOPATH" EXIT
# Ensure there are no disruptive periodic services enabled by default in image
systemd_banish
+# Stop disruption upon boot ASAP after booting
+echo "Disabling all packaging activity on boot"
+# Don't let sed process sed's temporary files
+_FILEPATHS=$(sudo ls -1 /etc/apt/apt.conf.d)
+for filename in $_FILEPATHS; do \
+ echo "Checking/Patching $filename"
+ sudo sed -i -r -e "s/$PERIODIC_APT_RE/"'\10"\;/' "/etc/apt/apt.conf.d/$filename"; done
+
echo "Updating/configuring package repositories."
-$LILTO $SUDOAPTGET update
+$BIGTO $SUDOAPTGET update
+
+echo "Upgrading all packages"
+$BIGTO $SUDOAPTGET upgrade
+
+echo "Adding PPAs"
$LILTO $SUDOAPTGET install software-properties-common
-$LILTO $SUDOAPTADD ppa:longsleep/golang-backports
$LILTO $SUDOAPTADD ppa:projectatomic/ppa
$LILTO $SUDOAPTADD ppa:criu/ppa
+if [[ "$OS_RELEASE_VER" -eq "18" ]]
+then
+ $LILTO $SUDOAPTADD ppa:longsleep/golang-backports
+fi
-echo "Upgrading all packages"
$LILTO $SUDOAPTGET update
-$BIGTO $SUDOAPTGET upgrade
echo "Installing general testing and system dependencies"
$BIGTO $SUDOAPTGET install \
apparmor \
+ aufs-tools \
autoconf \
automake \
+ bash-completion \
bats \
bison \
btrfs-tools \
@@ -46,6 +62,7 @@ $BIGTO $SUDOAPTGET install \
e2fslibs-dev \
emacs-nox \
gawk \
+ gcc \
gettext \
go-md2man \
golang \
@@ -58,6 +75,7 @@ $BIGTO $SUDOAPTGET install \
libdevmapper-dev \
libdevmapper1.02.1 \
libfuse-dev \
+ libfuse2 \
libglib2.0-dev \
libgpgme11-dev \
liblzma-dev \
@@ -66,7 +84,7 @@ $BIGTO $SUDOAPTGET install \
libnl-3-dev \
libostree-dev \
libvarlink \
- libprotobuf-c0-dev \
+ libprotobuf-c-dev \
libprotobuf-dev \
libseccomp-dev \
libseccomp2 \
@@ -74,6 +92,7 @@ $BIGTO $SUDOAPTGET install \
libtool \
libudev-dev \
lsof \
+ make \
netcat \
pkg-config \
podman \
@@ -87,19 +106,28 @@ $BIGTO $SUDOAPTGET install \
python3-psutil \
python3-pytoml \
python3-setuptools \
- slirp4netns \
skopeo \
+ slirp4netns \
socat \
unzip \
vim \
xz-utils \
zip
-echo "Forced Ubuntu 18 kernel to enable cgroup swap accounting."
-SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1"/g'
-ooe.sh sudo sed -re "$SEDCMD" -i /etc/default/grub.d/*
-ooe.sh sudo sed -re "$SEDCMD" -i /etc/default/grub
-ooe.sh sudo update-grub
+if [[ "$OS_RELEASE_VER" -ge "19" ]]
+then
+ echo "Installing Ubuntu > 18 packages"
+ $LILTO $SUDOAPTGET install fuse3 libfuse3-dev libbtrfs-dev
+fi
+
+if [[ "$OS_RELEASE_VER" -eq "18" ]]
+then
+ echo "Forced Ubuntu 18 kernel to enable cgroup swap accounting."
+ SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1"/g'
+ ooe.sh sudo sed -re "$SEDCMD" -i /etc/default/grub.d/*
+ ooe.sh sudo sed -re "$SEDCMD" -i /etc/default/grub
+ ooe.sh sudo update-grub
+fi
sudo /tmp/libpod/hack/install_catatonit.sh
ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo
diff --git a/contrib/cirrus/podbot.py b/contrib/cirrus/podbot.py
index 1be41a8ed..9ca4915a7 100755
--- a/contrib/cirrus/podbot.py
+++ b/contrib/cirrus/podbot.py
@@ -12,7 +12,7 @@ import sys
class IRC:
- response_timeout = 10 # seconds
+ response_timeout = 30 # seconds
irc = socket.socket()
def __init__(self, server, nickname, channel):
@@ -90,9 +90,16 @@ class IRC:
if len(sys.argv) < 3:
print("Error: Must pass desired nick and message as parameters")
else:
- irc = IRC("irc.freenode.net", sys.argv[1], "#podman")
- err = irc.connect(*os.environ.get('IRCID', 'Big Bug').split(" ", 2))
- if not err:
+ for try_again in (True,False):
+ irc = IRC("irc.freenode.net", sys.argv[1], "#podman")
+ err = irc.connect(*os.environ.get('IRCID', 'Big Bug').split(" ", 2))
+ if err and try_again:
+ print("Trying again in 5 seconds...")
+ time.sleep(5)
+ continue
+ elif err:
+ break
irc.message(" ".join(sys.argv[2:]))
time.sleep(5.0) # avoid join/quit spam
irc.quit()
+ break
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index 7c7659169..df510deef 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -33,8 +33,8 @@ done
# contrib/cirrus/packer/*_setup.sh to be incorporated into VM cache-images
# (see docs).
cd "${GOSRC}/"
-case "${OS_REL_VER}" in
- ubuntu-18)
+case "${OS_RELEASE_ID}" in
+ ubuntu)
CRIO_RUNC_PATH="/usr/lib/cri-o-runc/sbin/runc"
if dpkg -L cri-o-runc | grep -m 1 -q "$CRIO_RUNC_PATH"
then
@@ -42,17 +42,14 @@ case "${OS_REL_VER}" in
ln -f "$CRIO_RUNC_PATH" "/usr/bin/runc"
fi
;;
- fedora-30) ;& # continue to next item
- fedora-29)
- # All SELinux distros need this for systemd-in-a-container
- setsebool container_manage_cgroup true
+ fedora)
+ # All SELinux distros need this for systemd-in-a-container
+ setsebool container_manage_cgroup true
if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then
bash "$SCRIPT_BASE/add_second_partition.sh"; fi
;;
- centos-7) # Current VM is an image-builder-image no local podman/testing
- echo "No further setup required for VM image building"
- # All SELinux distros need this for systemd-in-a-container
- setsebool container_manage_cgroup true
+ centos) # Current VM is an image-builder-image no local podman/testing
+ echo "No further setup required for VM image building"
exit 0
;;
*) bad_os_id_ver ;;
diff --git a/contrib/cirrus/success.sh b/contrib/cirrus/success.sh
index 30d375d95..3b171757f 100755
--- a/contrib/cirrus/success.sh
+++ b/contrib/cirrus/success.sh
@@ -4,7 +4,7 @@ set -e
source $(dirname $0)/lib.sh
-req_env_var CIRRUS_BRANCH CIRRUS_BUILD_ID CIRRUS_REPO_FULL_NAME CIRRUS_BASE_SHA CIRRUS_CHANGE_IN_REPO
+req_env_var CIRRUS_BRANCH CIRRUS_REPO_FULL_NAME CIRRUS_BASE_SHA CIRRUS_CHANGE_IN_REPO CIRRUS_CHANGE_MESSAGE
cd $CIRRUS_WORKING_DIR
@@ -18,18 +18,21 @@ then
then
SHARANGE="${CIRRUS_BASE_SHA}..${CIRRUS_CHANGE_IN_REPO}"
EXCLUDE_RE='merge-robot'
+ EMAILCSET='[:alnum:]-+_@.'
AUTHOR_NICKS=$(egrep -v '(^[[:space:]]*$)|(^[[:space:]]*#)' "$AUTHOR_NICKS_FILEPATH" | sort -u)
# Depending on branch-state, it's possible SHARANGE could be _WAY_ too big
MAX_NICKS=10
# newline separated
GITLOG="git log --format='%ae'"
- COMMIT_AUTHORS=$($GITLOGt $SHARANGE || $GITLOG -1 HEAD | \
- sort -u | \
+ COMMIT_AUTHORS=$($GITLOG $SHARANGE || $GITLOG -1 HEAD | \
+ tr --delete --complement "$EMAILCSET[:space:]" | \
egrep -v "$EXCLUDE_RE" | \
+ sort -u | \
tail -$MAX_NICKS)
for c_email in $COMMIT_AUTHORS
do
+ c_email=$(echo "$c_email" | tr --delete --complement "$EMAILCSET")
echo -e "\tExamining $c_email"
NICK=$(echo "$AUTHOR_NICKS" | grep -m 1 "$c_email" | \
awk --field-separator ',' '{print $2}' | tr -d '[[:blank:]]')
@@ -40,8 +43,13 @@ then
echo -e "\t\tNot found in $(basename $AUTHOR_NICKS_FILEPATH), using e-mail username."
NICK=$(echo "$c_email" | cut -d '@' -f 1)
fi
- echo -e "\tUsing nick $NICK"
- NICKS="${NICKS:+$NICKS, }$NICK"
+ if ! echo "$NICKS" | grep -q "$NICK"
+ then
+ echo -e "\tUsing nick $NICK"
+ NICKS="${NICKS:+$NICKS, }$NICK"
+ else
+ echo -e "\tNot re-adding duplicate nick $NICK"
+ fi
done
fi
diff --git a/contrib/cirrus/upload_release_archive.sh b/contrib/cirrus/upload_release_archive.sh
index 942255821..25107f0ef 100755
--- a/contrib/cirrus/upload_release_archive.sh
+++ b/contrib/cirrus/upload_release_archive.sh
@@ -9,6 +9,7 @@ req_env_var CI UPLDREL_IMAGE CIRRUS_BUILD_ID GOSRC RELEASE_GCPJSON RELEASE_GCPNA
[[ "$CI" == "true" ]] || \
die 56 "$0 must be run under Cirrus-CI to function"
+# We store "releases" for each PR, mostly to validate the process is functional
unset PR_OR_BRANCH BUCKET
if [[ -n "$CIRRUS_PR" ]]
then
@@ -22,31 +23,76 @@ else
die 1 "Expecting either \$CIRRUS_PR or \$CIRRUS_BRANCH to be non-empty."
fi
-# Functional local podman required for uploading a release
+echo "Parsing actual_release.txt contents: $(< actual_release.txt)"
cd $GOSRC
+RELEASETXT=$(<actual_release.txt) # see build_release.sh
+[[ -n "$RELEASETXT" ]] || \
+ die 3 "Could not obtain metadata from actual_release.txt"
+RELEASE_INFO=$(echo "$RELEASETXT" | grep -m 1 'X-RELEASE-INFO:' | sed -r -e 's/X-RELEASE-INFO:\s*(.+)/\1/')
+if [[ "$?" -ne "0" ]] || [[ -z "$RELEASE_INFO" ]]
+then
+ die 4 "Metadata is empty or invalid: '$RELEASETXT'"
+fi
+# Format specified in Makefile
+# e.g. libpod v1.3.1-166-g60df124e fedora 29 amd64
+# or libpod-remote v1.3.1-166-g60df124e windows - amd64
+FIELDS="RELEASE_BASENAME RELEASE_VERSION RELEASE_DIST RELEASE_DIST_VER RELEASE_ARCH"
+read $FIELDS <<< $RELEASE_INFO
+req_env_var $FIELDS
+
+# Functional local podman required for uploading
+echo "Verifying a local, functional podman, building one if necessary."
[[ -n "$(type -P podman)" ]] || \
- make install || \
+ make install PREFIX=/usr || \
die 57 "$0 requires working podman binary on path to function"
TMPF=$(mktemp -p '' $(basename $0)_XXXX.json)
trap "rm -f $TMPF" EXIT
set +x
echo "$RELEASE_GCPJSON" > "$TMPF"
+[[ "$OS_RELEASE_ID" == "ubuntu" ]] || \
+ chcon -t container_file_t "$TMPF"
unset RELEASE_GCPJSON
cd $GOSRC
-for filename in $(ls -1 *.tar.gz *.zip)
+for filename in $(ls -1 *.tar.gz *.zip *.msi)
do
- echo "Running podman ... $UPLDREL_IMAGE $filename"
+ unset EXT
+ EXT=$(echo "$filename" | sed -r -e 's/.+\.(.+$)/\1/g')
+ if [[ -z "$EXT" ]] || [[ "$EXT" == "$filename" ]]
+ then
+ echo "Warning: Not processing $filename (invalid extension '$EXT')"
+ continue
+ fi
+
+ [[ "$OS_RELEASE_ID" == "ubuntu" ]] || \
+ chcon -t container_file_t "$filename"
+ # Form the generic "latest" file for this branch or pr
+ TO_PREFIX="${RELEASE_BASENAME}-latest-${PR_OR_BRANCH}-${RELEASE_DIST}"
+ # Form the fully-versioned filename for historical sake
+ ALSO_PREFIX="${RELEASE_BASENAME}-${RELEASE_VERSION}-${PR_OR_BRANCH}-${RELEASE_DIST}"
+ TO_SUFFIX="${RELEASE_ARCH}.${EXT}"
+ if [[ "$RELEASE_DIST" == "windows" ]] || [[ "$RELEASE_DIST" == "darwin" ]]
+ then
+ TO_FILENAME="${TO_PREFIX}-${TO_SUFFIX}"
+ ALSO_FILENAME="${ALSO_PREFIX}-${TO_SUFFIX}"
+ else
+ TO_FILENAME="${TO_PREFIX}-${RELEASE_DIST_VER}-${TO_SUFFIX}"
+ ALSO_FILENAME="${ALSO_PREFIX}-${TO_SUFFIX}"
+ fi
+
+ echo "Running podman ... $UPLDREL_IMAGE for $filename -> $TO_FILENAME"
+ echo "Warning: upload failures are completely ignored, avoiding any needless holdup of PRs."
podman run -i --rm \
-e "GCPNAME=$RELEASE_GCPNAME" \
-e "GCPPROJECT=$RELEASE_GCPROJECT" \
-e "GCPJSON_FILEPATH=$TMPF" \
- -e "REL_ARC_FILEPATH=/tmp/$filename" \
+ -e "FROM_FILEPATH=/tmp/$filename" \
+ -e "TO_FILENAME=$TO_FILENAME" \
+ -e "ALSO_FILENAME=$ALSO_FILENAME" \
-e "PR_OR_BRANCH=$PR_OR_BRANCH" \
-e "BUCKET=$BUCKET" \
- --security-opt label=disable \
-v "$TMPF:$TMPF:ro" \
- -v "$GOSRC/$filename:/tmp/$filename:ro" \
- $UPLDREL_IMAGE
+ -v "$(realpath $GOSRC/$filename):/tmp/$filename:ro" \
+ $UPLDREL_IMAGE || true
done