diff options
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/cirrus/lib.sh | 17 | ||||
| -rwxr-xr-x | contrib/cirrus/pr-should-include-tests | 1 | ||||
| -rw-r--r-- | contrib/cirrus/required_host_ports.txt | 1 | ||||
| -rwxr-xr-x | contrib/cirrus/runner.sh | 98 | ||||
| -rwxr-xr-x | contrib/cirrus/setup_environment.sh | 3 | ||||
| -rw-r--r-- | contrib/rootless-cni-infra/Containerfile | 4 | ||||
| -rwxr-xr-x | contrib/rootless-cni-infra/rootless-cni-infra | 20 |
7 files changed, 101 insertions, 43 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index bc9a95310..451a267b3 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -80,10 +80,19 @@ CIRRUS_CI="${CIRRUS_CI:-false}" DEST_BRANCH="${DEST_BRANCH:-master}" CONTINUOUS_INTEGRATION="${CONTINUOUS_INTEGRATION:-false}" CIRRUS_REPO_NAME=${CIRRUS_REPO_NAME:-podman} -# N/B: CIRRUS_BASE_SHA is empty on branch and tag push. -CIRRUS_BASE_SHA=${CIRRUS_BASE_SHA:-${CIRRUS_LAST_GREEN_CHANGE:-YOU_FOUND_A_BUG}} -CIRRUS_BUILD_ID=${CIRRUS_BUILD_ID:-$RANDOM$(date +%s)} # must be short and unique - +# Cirrus only sets $CIRRUS_BASE_SHA properly for PRs, but $EPOCH_TEST_COMMIT +# needs to be set from this value in order for `make validate` to run properly. +# When running get_ci_vm.sh, most $CIRRUS_xyz variables are empty. Attempt +# to accomidate both branch and get_ci_vm.sh testing by discovering the base +# branch SHA value. +# shellcheck disable=SC2154 +if [[ -z "$CIRRUS_BASE_SHA" ]] && [[ -z "$CIRRUS_TAG" ]] +then # Operating on a branch, or under `get_ci_vm.sh` + CIRRUS_BASE_SHA=$(git rev-parse ${UPSTREAM_REMOTE:-origin}/$DEST_BRANCH) +elif [[ -z "$CIRRUS_BASE_SHA" ]] +then # Operating on a tag + CIRRUS_BASE_SHA=$(git rev-parse HEAD) +fi # The starting place for linting and code validation EPOCH_TEST_COMMIT="$CIRRUS_BASE_SHA" diff --git a/contrib/cirrus/pr-should-include-tests b/contrib/cirrus/pr-should-include-tests index caf27cf83..a3b4847a7 100755 --- a/contrib/cirrus/pr-should-include-tests +++ b/contrib/cirrus/pr-should-include-tests @@ -39,6 +39,7 @@ filtered_changes=$(git diff --name-status $base $head | egrep -v '^contrib/' | egrep -v '^docs/' | egrep -v '^hack/' | + egrep -v '^nix/' | egrep -v '^vendor/' | egrep -v '^version/') if [[ -z "$filtered_changes" ]]; then diff --git a/contrib/cirrus/required_host_ports.txt b/contrib/cirrus/required_host_ports.txt index 9248e497a..5f066e059 100644 --- a/contrib/cirrus/required_host_ports.txt +++ b/contrib/cirrus/required_host_ports.txt @@ -2,3 +2,4 @@ github.com 22 docker.io 443 quay.io 443 registry.fedoraproject.org 443 +podman.cachix.org 443 diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh index d9f91c7af..ccbdb63b6 100755 --- a/contrib/cirrus/runner.sh +++ b/contrib/cirrus/runner.sh @@ -23,22 +23,6 @@ function _run_ext_svc() { $SCRIPT_BASE/ext_svc_check.sh } -function _run_smoke() { - make gofmt - - # There is little value to validating commits after tag-push - # and it's very difficult to automatically determine a starting commit. - # $CIRRUS_TAG is only non-empty when executing due to a tag-push - # shellcheck disable=SC2154 - if [[ -z "$CIRRUS_TAG" ]]; then - # If PR consists of multiple commits, test that each compiles cleanly - make .gitvalidation - - # PRs should include some way to test. - $SCRIPT_BASE/pr-should-include-tests - fi -} - function _run_automation() { $SCRIPT_BASE/cirrus_yaml_test.py @@ -51,11 +35,14 @@ function _run_automation() { } function _run_validate() { - # Confirm compile via prior task + cache - bin/podman --version - bin/podman-remote --version + # git-validation tool fails if $EPOCH_TEST_COMMIT is empty + # shellcheck disable=SC2154 + if [[ -n "$EPOCH_TEST_COMMIT" ]]; then + make validate + else + warn "Skipping git-validation since \$EPOCH_TEST_COMMIT is empty" + fi - make validate # Some items require a build } function _run_unit() { @@ -130,20 +117,70 @@ exec_container() { } function _run_swagger() { + local upload_filename + local upload_bucket local download_url + local envvarsfile + req_env_vars GCPJSON GCPNAME GCPPROJECT CTR_FQIN + # Building this is a PITA, just grab binary for use in automation # Ref: https://goswagger.io/install.html#static-binary download_url=$(\ curl -s https://api.github.com/repos/go-swagger/go-swagger/releases/latest | \ jq -r '.assets[] | select(.name | contains("linux_amd64")) | .browser_download_url') - curl -o /usr/local/bin/swagger -L'#' "$download_url" + + # The filename and bucket depend on the automation context + #shellcheck disable=SC2154,SC2153 + if [[ -n "$CIRRUS_PR" ]]; then + upload_bucket="libpod-pr-releases" + upload_filename="swagger-pr$CIRRUS_PR.yaml" + elif [[ -n "$CIRRUS_TAG" ]]; then + upload_bucket="libpod-master-releases" + upload_filename="swagger-$CIRRUS_TAG.yaml" + elif [[ "$CIRRUS_BRANCH" == "master" ]]; then + upload_bucket="libpod-master-releases" + # readthedocs versioning uses "latest" for "master" (default) branch + upload_filename="swagger-latest.yaml" + elif [[ -n "$CIRRUS_BRANCH" ]]; then + upload_bucket="libpod-master-releases" + upload_filename="swagger-$CIRRUS_BRANCH.yaml" + else + die "Unknown execution context, expected a non-empty value for \$CIRRUS_TAG, \$CIRRUS_BRANCH, or \$CIRRUS_PR" + fi + + curl -s -o /usr/local/bin/swagger -L'#' "$download_url" chmod +x /usr/local/bin/swagger + # Swagger validation takes a significant amount of time + msg "Pulling \$CTR_FQIN '$CTR_FQIN' (background process)" + podman pull --quiet $CTR_FQIN & + cd $GOSRC make swagger # Cirrus-CI Artifact instruction expects file here - cp -v $GOSRC/pkg/api/swagger.yaml $GOSRC/ + cp -v $GOSRC/pkg/api/swagger.yaml ./ + + envvarsfile=$(mktemp -p '' .tmp_$(basename $0)_XXXXXXXX) + trap "rm -f $envvarsfile" EXIT # contains secrets + # Warning: These values must _not_ be quoted, podman will not remove them. + #shellcheck disable=SC2154 + cat <<eof>>$envvarsfile +GCPJSON=$GCPJSON +GCPNAME=$GCPNAME +GCPPROJECT=$GCPPROJECT +FROM_FILEPATH=$GOSRC/swagger.yaml +TO_GCSURI=gs://$upload_bucket/$upload_filename +eof + + msg "Waiting for backgrounded podman pull to complete..." + wait %% + podman run -it --rm --security-opt label=disable \ + --env-file=$envvarsfile \ + -v $GOSRC:$GOSRC:ro \ + --workdir $GOSRC \ + $CTR_FQIN + rm -f $envvarsfile } function _run_consistency() { @@ -191,15 +228,14 @@ function _run_altbuild() { req_env_vars CTR_FQIN [[ "$UID" -eq 0 ]] || \ die "Static build must execute nixos container as root on host" - mkdir -p /var/cache/nix - podman run -i --rm -v /var/cache/nix:/mnt/nix:Z \ - $CTR_FQIN cp -rfT /nix /mnt/nix - podman run -i --rm -v /var/cache/nix:/nix:Z \ - -v $PWD:$PWD:Z -w $PWD $CTR_FQIN \ - nix --print-build-logs --option cores 4 --option max-jobs 4 \ - build --file ./nix/ - # result symlink is absolute from container perspective :( - cp /var/cache/$(readlink result)/bin/podman ./ # for cirrus-ci artifact + podman run -i --rm \ + -e CACHIX_AUTH_TOKEN \ + -v $PWD:$PWD:Z -w $PWD $CTR_FQIN sh -c \ + "nix-env -iA cachix -f https://cachix.org/api/v1/install && \ + cachix use podman && \ + nix-build nix && \ + nix-store -qR --include-outputs \$(nix-instantiate nix/default.nix) | grep -v podman | cachix push podman && \ + cp -R result/bin ." rm result # makes cirrus puke ;; *) diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 7b49caba0..4c95d0254 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -181,7 +181,6 @@ esac # shellcheck disable=SC2154 case "$TEST_FLAVOR" in ext_svc) ;; - smoke) ;& validate) # For some reason, this is also needed for validation make .install.pre-commit @@ -202,7 +201,6 @@ case "$TEST_FLAVOR" in int) ;& sys) ;& bindings) ;& - swagger) ;& endpoint) # Use existing host bits when testing is to happen inside a container # since this script will run again in that environment. @@ -214,6 +212,7 @@ case "$TEST_FLAVOR" in install_test_configs ;; + swagger) ;& # use next item consistency) make clean ;; release) ;; *) die_unknown TEST_FLAVOR diff --git a/contrib/rootless-cni-infra/Containerfile b/contrib/rootless-cni-infra/Containerfile index 871e06a6c..4324f39d2 100644 --- a/contrib/rootless-cni-infra/Containerfile +++ b/contrib/rootless-cni-infra/Containerfile @@ -2,7 +2,7 @@ ARG GOLANG_VERSION=1.15 ARG ALPINE_VERSION=3.12 ARG CNI_VERSION=v0.8.0 ARG CNI_PLUGINS_VERSION=v0.8.7 -ARG DNSNAME_VERSION=v1.0.0 +ARG DNSNAME_VERSION=v1.1.1 FROM golang:${GOLANG_VERSION}-alpine${ALPINE_VERSION} AS golang-base RUN apk add --no-cache git @@ -33,4 +33,4 @@ COPY rootless-cni-infra /usr/local/bin ENV CNI_PATH=/opt/cni/bin CMD ["sleep", "infinity"] -ENV ROOTLESS_CNI_INFRA_VERSION=3 +ENV ROOTLESS_CNI_INFRA_VERSION=5 diff --git a/contrib/rootless-cni-infra/rootless-cni-infra b/contrib/rootless-cni-infra/rootless-cni-infra index 463254c7f..cceb8d817 100755 --- a/contrib/rootless-cni-infra/rootless-cni-infra +++ b/contrib/rootless-cni-infra/rootless-cni-infra @@ -21,16 +21,19 @@ wait_unshare_net() { done } -# CLI subcommand: "alloc $CONTAINER_ID $NETWORK_NAME $POD_NAME" +# CLI subcommand: "alloc $CONTAINER_ID $NETWORK_NAME $POD_NAME $IP $MAC $CAP_ARGS" cmd_entrypoint_alloc() { - if [ "$#" -ne 3 ]; then - echo >&2 "Usage: $ARG0 alloc CONTAINER_ID NETWORK_NAME POD_NAME" + if [ "$#" -ne 6 ]; then + echo >&2 "Usage: $ARG0 alloc CONTAINER_ID NETWORK_NAME POD_NAME IP MAC CAP_ARGS" exit 1 fi ID="$1" NET="$2" K8S_POD_NAME="$3" + IP="$4" + MAC="$5" + CAP_ARGS="$6" dir="${BASE}/${ID}" mkdir -p "${dir}/attached" "${dir}/attached-args" @@ -46,9 +49,18 @@ cmd_entrypoint_alloc() { nsenter -t "${pid}" -n ip link set lo up fi CNI_ARGS="IgnoreUnknown=1;K8S_POD_NAME=${K8S_POD_NAME}" + if [ "$IP" ]; then + CNI_ARGS="$CNI_ARGS;IP=${IP}" + fi + if [ "$MAC" ]; then + CNI_ARGS="$CNI_ARGS;MAC=${MAC}" + fi + if [ "$CAP_ARGS" ]; then + CAP_ARGS="$CAP_ARGS" + fi nwcount=$(find "${dir}/attached" -type f | wc -l) CNI_IFNAME="eth${nwcount}" - export CNI_ARGS CNI_IFNAME + export CNI_ARGS CNI_IFNAME CAP_ARGS cnitool add "${NET}" "/proc/${pid}/ns/net" >"${dir}/attached/${NET}" echo "${CNI_ARGS}" >"${dir}/attached-args/${NET}" |