diff options
Diffstat (limited to 'contrib/cirrus')
| -rw-r--r-- | contrib/cirrus/lib.sh | 8 | ||||
| -rwxr-xr-x | contrib/cirrus/logformatter | 53 | ||||
| -rwxr-xr-x | contrib/cirrus/runner.sh | 5 | ||||
| -rwxr-xr-x | contrib/cirrus/setup_environment.sh | 4 |
4 files changed, 45 insertions, 25 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 724f7c3d5..e7ea05867 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -135,6 +135,7 @@ setup_rootless() { req_env_vars GOPATH GOSRC SECRET_ENV_RE ROOTLESS_USER="${ROOTLESS_USER:-some${RANDOM}dude}" + ROOTLESS_UID="" local rootless_uid local rootless_gid @@ -158,6 +159,7 @@ setup_rootless() { cd $GOSRC || exit 1 # Guarantee independence from specific values rootless_uid=$[RANDOM+1000] + ROOTLESS_UID=$rootless_uid rootless_gid=$[RANDOM+1000] msg "creating $rootless_uid:$rootless_gid $ROOTLESS_USER user" groupadd -g $rootless_gid $ROOTLESS_USER @@ -173,7 +175,7 @@ setup_rootless() { ssh-keygen -t ed25519 -P "" -f "/home/$ROOTLESS_USER/.ssh/id_ed25519" ssh-keygen -t rsa -P "" -f "/home/$ROOTLESS_USER/.ssh/id_rsa" - msg "Setup authorized_keys" + msg "Set up authorized_keys" cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> $HOME/.ssh/authorized_keys cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys @@ -186,9 +188,9 @@ setup_rootless() { # never be any non-localhost connections made from tests (using strict-mode). # If there are, it's either a security problem or a broken test, both of which # we want to lead to test failures. - msg " setup known_hosts for $USER" + msg " set up known_hosts for $USER" ssh-keyscan localhost > /root/.ssh/known_hosts - msg " setup known_hosts for $ROOTLESS_USER" + msg " set up known_hosts for $ROOTLESS_USER" # Maintain access-permission consistency with all other .ssh files. install -Z -m 700 -o $ROOTLESS_USER -g $ROOTLESS_USER \ /root/.ssh/known_hosts /home/$ROOTLESS_USER/.ssh/known_hosts diff --git a/contrib/cirrus/logformatter b/contrib/cirrus/logformatter index e45f03df9..59969c3e7 100755 --- a/contrib/cirrus/logformatter +++ b/contrib/cirrus/logformatter @@ -190,6 +190,22 @@ END_HTML print { $out_fh } "<h2>Synopsis</h2>\n<hr/>\n", job_synopsis($test_name), "<hr/>\n"; + # FOR DEBUGGING: dump environment, but in HTML comments to not clutter + # This is safe. There is a TOKEN envariable, but it's not sensitive. + # There are no sensitive/secret values in our execution environment, + # but we're careful anyway. $SECRET_ENV_RE is set in lib.sh + my $filter_re = $ENV{SECRET_ENV_RE} || 'ACCOUNT|GC[EP]|PASSW|SECRET|TOKEN'; + $filter_re .= '|BASH_FUNC'; # These are long and un-useful + + print { $out_fh } "<!-- Environment: -->\n"; + for my $e (sort keys %ENV) { + next if $e =~ /$filter_re/; + + my $val = escapeHTML($ENV{$e}); + $val =~ s/--/--/g; # double dash not valid in comments + printf { $out_fh } "<!-- %-20s %s -->\n", $e, $val; + } + # State variables my $previous_timestamp = ''; # timestamp of previous line my $cirrus_task; # Cirrus task number, used for linking @@ -538,27 +554,24 @@ END_HTML # If Cirrus magic envariables are available, write a link to results. # FIXME: it'd be so nice to make this a clickable live link. # - # STATIC_MAGIC_BLOB is the name of a google-storage bucket. It is - # unlikely to change often, but if it does you will suddenly start - # seeing errors when trying to view formatted logs: - # - # AccessDeniedAccess denied.Anonymous caller does not have storage.objects.get access to the Google Cloud Storage object. - # - # This happened in July 2020 when github.com/containers/libpod was - # renamed to podman. If something like that ever happens again, you - # will need to get the new magic blob value from: - # - # https://console.cloud.google.com/storage/browser?project=libpod-218412 + # As of June 2022 we use the Cirrus API[1] as the source of our logs, + # instead of linking directly to googleapis.com. This will allow us + # to abstract cloud-specific details, so we can one day use Amazon cloud. + # See #14569 for more info. # - # You will also probably need to set the bucket Public by clicking on - # the bucket name, then the Permissions tab. This is safe, since this - # project is fully open-source. - if ($have_formatted_log && $ENV{CIRRUS_TASK_ID}) { - my $URL_BASE = "https://storage.googleapis.com"; - my $STATIC_MAGIC_BLOB = "cirrus-ci-6707778565701632-fcae48"; - my $ARTIFACT_NAME = "html"; - - my $URL = "${URL_BASE}/${STATIC_MAGIC_BLOB}/artifacts/$ENV{CIRRUS_REPO_FULL_NAME}/$ENV{CIRRUS_TASK_ID}/${ARTIFACT_NAME}/${outfile}"; + # [1] https://cirrus-ci.org/guide/writing-tasks/#latest-build-artifacts + if ($have_formatted_log && $ENV{CIRRUS_BUILD_ID} && $ENV{CIRRUS_TASK_NAME}) { + my $URL_BASE = "https://api.cirrus-ci.com"; + my $build_id = $ENV{CIRRUS_BUILD_ID}; + my $task_name = $ENV{CIRRUS_TASK_NAME}; + + # Escape spaces in task names ("int fedora 35 podman root etc") + $task_name =~ s/\s/%20/g; + + # URL is long and cumbersome and duplicaty. The task name cannot be + # reduced; the file name could, but I choose to leave it because I + # sometimes download HTML logs and oh how I hate "log.html" filenames. + my $URL = "${URL_BASE}/v1/artifact/build/$build_id/$task_name/html/${outfile}"; print "\n\nAnnotated results:\n $URL\n"; } diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh index b9f43f395..d49286ad3 100755 --- a/contrib/cirrus/runner.sh +++ b/contrib/cirrus/runner.sh @@ -142,7 +142,10 @@ exec_container() { # Line-separated arguments which include shell-escaped special characters declare -a envargs while read -r var_val; do - envargs+=("-e $var_val") + # Pass "-e VAR" on the command line, not "-e VAR=value". Podman can + # do a much better job of transmitting the value than we can, + # especially when value includes spaces. + envargs+=("-e" "$(awk -F= '{print $1}' <<<$var_val)") done <<<"$(passthrough_envars)" # VM Images and Container images are built using (nearly) identical operations. diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index f31cd6eeb..9bd35bd06 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -186,10 +186,11 @@ esac # Required to be defined by caller: Are we testing as root or a regular user case "$PRIV_NAME" in root) - if [[ "$TEST_FLAVOR" = "sys" ]]; then + if [[ "$TEST_FLAVOR" = "sys" || "$TEST_FLAVOR" = "apiv2" ]]; then # Used in local image-scp testing setup_rootless echo "PODMAN_ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment + echo "PODMAN_ROOTLESS_UID=$ROOTLESS_UID" >> /etc/ci_environment fi ;; rootless) @@ -203,6 +204,7 @@ esac if [[ -n "$ROOTLESS_USER" ]]; then echo "ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment + echo "ROOTLESS_UID=$ROOTLESS_UID" >> /etc/ci_environment fi # Required to be defined by caller: Are we testing podman or podman-remote client |