diff options
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/cirrus/README.md | 42 | ||||
| -rw-r--r-- | contrib/cirrus/lib.sh | 4 | ||||
| -rw-r--r-- | contrib/cirrus/packer/fedora_base-setup.sh | 21 | ||||
| -rw-r--r-- | contrib/cirrus/packer/libpod_base_images.yml | 6 | ||||
| -rwxr-xr-x | contrib/cirrus/setup_environment.sh | 2 | ||||
| -rw-r--r-- | contrib/podmanimage/stable/Dockerfile | 2 | ||||
| -rw-r--r-- | contrib/podmanimage/stable/manual/Containerfile | 2 | ||||
| -rw-r--r-- | contrib/podmanimage/testing/Dockerfile | 2 | ||||
| -rw-r--r-- | contrib/podmanimage/upstream/Dockerfile | 2 |
9 files changed, 54 insertions, 29 deletions
diff --git a/contrib/cirrus/README.md b/contrib/cirrus/README.md index 709985b5b..541cf2f54 100644 --- a/contrib/cirrus/README.md +++ b/contrib/cirrus/README.md @@ -165,20 +165,34 @@ env: * Choose the *test_build_cache_images* task. * Open the *build_vm_images* script section. -### `release` Task - -Gathers up zip files uploaded by other tasks, from the local Cirrus-CI caching service. -Depending on the execution context (a PR or a branch), this task uploads the files -found to storage buckets at: - -* [https://storage.cloud.google.com/libpod-pr-releases](https://storage.cloud.google.com/libpod-pr-releases) -* [https://storage.cloud.google.com/libpod-master-releases](https://storage.cloud.google.com/libpod-master-releases) - -***Note:*** Repeated builds from the same PR or branch, will clobber previous archives - *by design*. This is intended so that the "latest" archive is always - available at a consistent URL. The precise details regarding a particular - build is encoded within the zip-archive comment. - +### `docs` Task + +Builds swagger API documentation YAML and uploads to google storage for both +PR's (for testing the process) and after a merge into any branch. For PR's +the YAML is uploaded into a [dedicated short-pruning cycle +bucket.](https://storage.googleapis.com/libpod-pr-releases/) For branches, +a [separate bucket is +used.](https://storage.googleapis.com/libpod-master-releases) +In both cases the filename includes the source +PR number or branch name. + +***Note***: [The online documentation](http://docs.podman.io/en/latest/_static/api.html) +is presented through javascript on the client-side. This requires CORS to be properly +configured on the bucket, for the `http://docs.podman.io` origin. Please see +[Configuring CORS on a bucket](https://cloud.google.com/storage/docs/configuring-cors#configure-cors-bucket) +for details. This may be performed by anybody with admin access to the google storage bucket, +using the following JSON: + +```JSON +[ + { + "origin": ["http://docs.podman.io"], + "responseHeader": ["Content-Type"], + "method": ["GET"], + "maxAgeSeconds": 600 + } +] +``` ## Base-images diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index dd4f66f56..750aec3b6 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -69,8 +69,8 @@ export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-32,fedora-31}" export UBUNTU_BASE_IMAGE="ubuntu-1910-eoan-v20200211" export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20200218" # Manually produced base-image names (see $SCRIPT_BASE/README.md) -export FEDORA_BASE_IMAGE="fedora-cloud-base-32-n-0-1586202964" -export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-31-1-9-1586202964" +export FEDORA_BASE_IMAGE="fedora-cloud-base-32-1-6-1588257430" +export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-31-1-9-1588257430" export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}" # IN_PODMAN container image IN_PODMAN_IMAGE="quay.io/libpod/in_podman:$DEST_BRANCH" diff --git a/contrib/cirrus/packer/fedora_base-setup.sh b/contrib/cirrus/packer/fedora_base-setup.sh index 29c23117f..f271abee0 100644 --- a/contrib/cirrus/packer/fedora_base-setup.sh +++ b/contrib/cirrus/packer/fedora_base-setup.sh @@ -8,16 +8,14 @@ set -e # Load in library (copied by packer, before this script was run) source $GOSRC/$SCRIPT_BASE/lib.sh -install_ooe - echo "Updating packages" -ooe.sh dnf -y update +dnf -y update echo "Installing necessary packages and google services" -ooe.sh dnf -y install rng-tools google-compute-engine-tools google-compute-engine-oslogin ethtool +dnf -y install rng-tools google-compute-engine-tools google-compute-engine-oslogin ethtool echo "Enabling services" -ooe.sh systemctl enable rngd +systemctl enable rngd # There is a race that can happen on boot between the GCE services configuring # the VM, and cloud-init trying to do similar activities. Use a customized @@ -25,6 +23,19 @@ ooe.sh systemctl enable rngd echo "Setting cloud-init service to start after google-network-daemon.service" cp -v $GOSRC/$PACKER_BASE/cloud-init/fedora/cloud-init.service /etc/systemd/system/ +# ref: https://cloud.google.com/compute/docs/startupscript +# The mechanism used by Cirrus-CI to execute tasks on the system is through an +# "agent" process launched as a GCP startup-script (from the metadata service). +# This agent is responsible for cloning the repository and executing all task +# scripts and other operations. Therefor, on SELinux-enforcing systems, the +# service must be labeled properly to ensure it's child processes can +# run with the proper contexts. +METADATA_SERVICE_CTX=unconfined_u:unconfined_r:unconfined_t:s0 +METADATA_SERVICE_PATH=systemd/system/google-startup-scripts.service +sed -r -e \ + "s/Type=oneshot/Type=oneshot\nSELinuxContext=$METADATA_SERVICE_CTX/" \ + /lib/$METADATA_SERVICE_PATH > /etc/$METADATA_SERVICE_PATH + # Ensure there are no disruptive periodic services enabled by default in image systemd_banish diff --git a/contrib/cirrus/packer/libpod_base_images.yml b/contrib/cirrus/packer/libpod_base_images.yml index a66fac31c..f53bfafc5 100644 --- a/contrib/cirrus/packer/libpod_base_images.yml +++ b/contrib/cirrus/packer/libpod_base_images.yml @@ -17,9 +17,9 @@ variables: PRIOR_UBUNTU_BASE_IMAGE: # Latest Fedora release - FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/development/32/Cloud/x86_64/images/Fedora-Cloud-Base-32-20200406.n.0.x86_64.qcow2" - FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/development/32/Cloud/x86_64/images/Fedora-Cloud-32-x86_64-20200406.n.0-CHECKSUM" - FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-32-n-0' + FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/32/Cloud/x86_64/images/Fedora-Cloud-Base-32-1.6.x86_64.qcow2" + FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/32/Cloud/x86_64/images/Fedora-Cloud-32-1.6-x86_64-CHECKSUM" + FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-32-1-6' # Prior Fedora release PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-Base-31-1.9.x86_64.qcow2" diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 6bec9625e..756240444 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -87,7 +87,7 @@ case "$CG_FS_TYPE" in # Normally not something to do for stable testing # but crun is new, and late-breaking fixes may be required # on short notice - dnf update -y crun + dnf update -y crun containers-common fi ;; *) diff --git a/contrib/podmanimage/stable/Dockerfile b/contrib/podmanimage/stable/Dockerfile index 912d16e1c..fdf461f72 100644 --- a/contrib/podmanimage/stable/Dockerfile +++ b/contrib/podmanimage/stable/Dockerfile @@ -6,7 +6,7 @@ # This image can be used to create a secured container # that runs safely with privileges within the container. # -FROM fedora:latest +FROM registry.fedoraproject.org/fedora:latest # Don't include container-selinux and remove # directories used by yum that are just taking diff --git a/contrib/podmanimage/stable/manual/Containerfile b/contrib/podmanimage/stable/manual/Containerfile index 4375ea4f4..79ff95956 100644 --- a/contrib/podmanimage/stable/manual/Containerfile +++ b/contrib/podmanimage/stable/manual/Containerfile @@ -17,7 +17,7 @@ # `podman push quay.io/stable:v1.7.0 docker://quay.io/podman/stable:v1.7.0` # # Start Build Process using the latest Fedora -FROM fedora:latest +FROM registry.fedoraproject.org/fedora:latest # Don't include container-selinux and remove # directories used by dnf that are just taking diff --git a/contrib/podmanimage/testing/Dockerfile b/contrib/podmanimage/testing/Dockerfile index 31265a0ea..0124879e0 100644 --- a/contrib/podmanimage/testing/Dockerfile +++ b/contrib/podmanimage/testing/Dockerfile @@ -8,7 +8,7 @@ # This image can be used to create a secured container # that runs safely with privileges within the container. # -FROM fedora:latest +FROM registry.fedoraproject.org/fedora:latest # Don't include container-selinux and remove # directories used by yum that are just taking diff --git a/contrib/podmanimage/upstream/Dockerfile b/contrib/podmanimage/upstream/Dockerfile index 541670aa2..6787cfcc3 100644 --- a/contrib/podmanimage/upstream/Dockerfile +++ b/contrib/podmanimage/upstream/Dockerfile @@ -8,7 +8,7 @@ # The containers created by this image also come with a # Podman development environment in /root/podman. # -FROM fedora:latest +FROM registry.fedoraproject.org/fedora:latest ENV GOPATH=/root/podman # Install the software required to build Podman. |