diff options
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/cirrus/lib.sh | 34 | ||||
| -rwxr-xr-x | contrib/cirrus/pr-should-include-tests | 27 | ||||
| -rwxr-xr-x | contrib/cirrus/runner.sh | 19 | ||||
| -rwxr-xr-x | contrib/cirrus/setup_environment.sh | 29 |
4 files changed, 60 insertions, 49 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 46b245a45..5d3e43c50 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -36,11 +36,6 @@ fi # Managed by setup_environment.sh; holds task-specific definitions. if [[ -r "/etc/ci_environment" ]]; then source /etc/ci_environment; fi -OS_RELEASE_ID="$(source /etc/os-release; echo $ID)" -# GCE image-name compatible string representation of distribution _major_ version -OS_RELEASE_VER="$(source /etc/os-release; echo $VERSION_ID | tr -d '.')" -# Combined to ease some usage -OS_REL_VER="${OS_RELEASE_ID}-${OS_RELEASE_VER}" # This is normally set from .cirrus.yml but default is necessary when # running under hack/get_ci_vm.sh since it cannot infer the value. DISTRO_NV="${DISTRO_NV:-$OS_REL_VER}" @@ -96,7 +91,7 @@ EPOCH_TEST_COMMIT="$CIRRUS_BASE_SHA" # testing operations on all platforms and versions. This is necessary # to avoid needlessly passing through global/system values across # contexts, such as host->container or root->rootless user -PASSTHROUGH_ENV_RE='(^CI.*)|(^CIRRUS)|(^DISTRO_NV)|(^GOPATH)|(^GOCACHE)|(^GOSRC)|(^SCRIPT_BASE)|(CGROUP_MANAGER)|(OCI_RUNTIME)|(^TEST.*)|(^PODBIN_NAME)|(^PRIV_NAME)|(^ALT_NAME)|(^ROOTLESS_USER)|(SKIP_USERNS)|(.*_NAME)|(.*_FQIN)|(NETWORK_BACKEND)' +PASSTHROUGH_ENV_RE='(^CI.*)|(^CIRRUS)|(^DISTRO_NV)|(^GOPATH)|(^GOCACHE)|(^GOSRC)|(^SCRIPT_BASE)|(CGROUP_MANAGER)|(OCI_RUNTIME)|(^TEST.*)|(^PODBIN_NAME)|(^PRIV_NAME)|(^ALT_NAME)|(^ROOTLESS_USER)|(SKIP_USERNS)|(.*_NAME)|(.*_FQIN)|(NETWORK_BACKEND)|(DEST_BRANCH)' # Unsafe env. vars for display SECRET_ENV_RE='(ACCOUNT)|(GC[EP]..+)|(SSH)|(PASSWORD)|(TOKEN)' @@ -182,30 +177,21 @@ setup_rootless() { cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> $HOME/.ssh/authorized_keys cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys - msg "Ensure the ssh daemon is up and running within 5 minutes" - systemctl start sshd - lilto systemctl is-active sshd - msg "Configure ssh file permissions" chmod -R 700 "$HOME/.ssh" chmod -R 700 "/home/$ROOTLESS_USER/.ssh" chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh" + # N/B: We're clobbering the known_hosts here on purpose. There should + # never be any non-localhost connections made from tests (using strict-mode). + # If there are, it's either a security problem or a broken test, both of which + # we want to lead to test failures. msg " setup known_hosts for $USER" - ssh -q root@localhost \ - -o UserKnownHostsFile=/root/.ssh/known_hosts \ - -o UpdateHostKeys=yes \ - -o StrictHostKeyChecking=no \ - -o CheckHostIP=no \ - true - + ssh-keyscan localhost > /root/.ssh/known_hosts msg " setup known_hosts for $ROOTLESS_USER" - su $ROOTLESS_USER -c "ssh -q $ROOTLESS_USER@localhost \ - -o UserKnownHostsFile=/home/$ROOTLESS_USER/.ssh/known_hosts \ - -o UpdateHostKeys=yes \ - -o StrictHostKeyChecking=no \ - -o CheckHostIP=no \ - true" + # Maintain access-permission consistency with all other .ssh files. + install -Z -m 700 -o $ROOTLESS_USER -g $ROOTLESS_USER \ + /root/.ssh/known_hosts /home/$ROOTLESS_USER/.ssh/known_hosts } install_test_configs() { @@ -270,6 +256,8 @@ remove_packaged_podman_files() { done done + # OS_RELEASE_ID is defined by automation-library + # shellcheck disable=SC2154 if [[ "$OS_RELEASE_ID" =~ "ubuntu" ]] then LISTING_CMD="dpkg-query -L podman" diff --git a/contrib/cirrus/pr-should-include-tests b/contrib/cirrus/pr-should-include-tests index 0d39047a6..57ca39d9b 100755 --- a/contrib/cirrus/pr-should-include-tests +++ b/contrib/cirrus/pr-should-include-tests @@ -30,19 +30,20 @@ fi # Nothing changed under test subdirectory. # # This is OK if the only files being touched are "safe" ones. -filtered_changes=$(git diff --name-only $base $head | - fgrep -vx .cirrus.yml | - fgrep -vx .gitignore | - fgrep -vx Makefile | - fgrep -vx go.mod | - fgrep -vx go.sum | - egrep -v '^[^/]+\.md$' | - egrep -v '^.github' | - egrep -v '^contrib/' | - egrep -v '^docs/' | - egrep -v '^hack/' | - egrep -v '^nix/' | - egrep -v '^vendor/' | +filtered_changes=$(git diff --name-only $base $head | + fgrep -vx .cirrus.yml | + fgrep -vx .pre-commit-config.yaml | + fgrep -vx .gitignore | + fgrep -vx Makefile | + fgrep -vx go.mod | + fgrep -vx go.sum | + egrep -v '^[^/]+\.md$' | + egrep -v '^.github' | + egrep -v '^contrib/' | + egrep -v '^docs/' | + egrep -v '^hack/' | + egrep -v '^nix/' | + egrep -v '^vendor/' | egrep -v '^version/') if [[ -z "$filtered_changes" ]]; then exit 0 diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh index c4a714691..1ec18c861 100755 --- a/contrib/cirrus/runner.sh +++ b/contrib/cirrus/runner.sh @@ -250,16 +250,23 @@ function _run_altbuild() { case "$ALT_NAME" in *Each*) git fetch origin - # The check-size script, introduced 2022-03-22 in #13518, + # The make-and-check-size script, introduced 2022-03-22 in #13518, # runs 'make' (the original purpose of this check) against # each commit, then checks image sizes to make sure that # none have grown beyond a given limit. That of course - # requires a baseline, which is why we use '^' to start - # with the *parent* commit of this PR, not the first commit. + # requires a baseline, so our first step is to build the + # branch point of the PR. + local context_dir savedhead pr_base context_dir=$(mktemp -d --tmpdir make-size-check.XXXXXXX) - make build-all-new-commits \ - GIT_BASE_BRANCH=origin/"${DEST_BRANCH}^" \ - MAKE="hack/make-and-check-size $context_dir" + savedhead=$(git rev-parse HEAD) + # Push to PR base. First run of the script will write size files + pr_base=$(git merge-base --fork-point origin/$DEST_BRANCH) + git checkout $pr_base + hack/make-and-check-size $context_dir + # pop back to PR, and run incremental makes. Subsequent script + # invocations will compare against original size. + git checkout $savedhead + git rebase $pr_base -x "hack/make-and-check-size $context_dir" rm -rf $context_dir ;; *Windows*) diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index e3eb46783..f31cd6eeb 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -25,7 +25,7 @@ msg "************************************************************" show_env_vars req_env_vars USER HOME GOSRC SCRIPT_BASE TEST_FLAVOR TEST_ENVIRON \ - PODBIN_NAME PRIV_NAME DISTRO_NV + PODBIN_NAME PRIV_NAME DISTRO_NV DEST_BRANCH # Verify basic dependencies for depbin in go rsync unzip sha256sum curl make python3 git @@ -121,6 +121,9 @@ case "$OS_RELEASE_ID" in # CNI networking available. Upgrading from one to the other is # not supported at this time. Support execution of the upgrade # tests in F36 and later, by disabling Netavark and enabling CNI. + # + # OS_RELEASE_VER is defined by automation-library + # shellcheck disable=SC2154 if [[ "$OS_RELEASE_VER" -ge 36 ]] && \ [[ "$TEST_FLAVOR" != "upgrade_test" ]]; then @@ -217,6 +220,7 @@ case "$TEST_FLAVOR" in validate) dnf install -y $PACKAGE_DOWNLOAD_DIR/python3*.rpm # For some reason, this is also needed for validation + make install.tools make .install.pre-commit ;; automation) ;; @@ -226,10 +230,12 @@ case "$TEST_FLAVOR" in if [[ "$ALT_NAME" =~ RPM ]]; then bigto dnf install -y glibc-minimal-langpack go-rpm-macros rpkg rpm-build shadow-utils-subid-devel fi + make install.tools ;; docker-py) remove_packaged_podman_files - make && make install PREFIX=/usr ETCDIR=/etc + make install.tools + make install PREFIX=/usr ETCDIR=/etc msg "Installing previously downloaded/cached packages" dnf install -y $PACKAGE_DOWNLOAD_DIR/python3*.rpm @@ -239,13 +245,17 @@ case "$TEST_FLAVOR" in pip install --requirement $GOSRC/test/python/requirements.txt ;; build) make clean ;; - unit) ;; + unit) + make install.tools + ;; compose_v2) + make install.tools dnf -y remove docker-compose curl -SL https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose ;& # Continue with next item apiv2) + make install.tools msg "Installing previously downloaded/cached packages" dnf install -y $PACKAGE_DOWNLOAD_DIR/python3*.rpm virtualenv .venv/requests @@ -254,6 +264,7 @@ case "$TEST_FLAVOR" in pip install --requirement $GOSRC/test/apiv2/python/requirements.txt ;& # continue with next item compose) + make install.tools rpm -ivh $PACKAGE_DOWNLOAD_DIR/podman-docker* ;& # continue with next item int) ;& @@ -262,6 +273,7 @@ case "$TEST_FLAVOR" in bud) ;& bindings) ;& endpoint) + make install.tools # Use existing host bits when testing is to happen inside a container # since this script will run again in that environment. # shellcheck disable=SC2154 @@ -270,11 +282,11 @@ case "$TEST_FLAVOR" in die "Refusing to config. host-test in container"; fi remove_packaged_podman_files - make && make install PREFIX=/usr ETCDIR=/etc + make install PREFIX=/usr ETCDIR=/etc elif [[ "$TEST_ENVIRON" == "container" ]]; then if ((CONTAINER)); then remove_packaged_podman_files - make && make install PREFIX=/usr ETCDIR=/etc + make install PREFIX=/usr ETCDIR=/etc fi else die "Invalid value for \$TEST_ENVIRON=$TEST_ENVIRON" @@ -291,7 +303,7 @@ case "$TEST_FLAVOR" in # Ref: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27270#note_499585550 remove_packaged_podman_files - make && make install PREFIX=/usr ETCDIR=/etc + make install PREFIX=/usr ETCDIR=/etc msg "Installing docker and containerd" # N/B: Tests check/expect `docker info` output, and this `!= podman info` @@ -324,7 +336,10 @@ case "$TEST_FLAVOR" in docker.io/gitlab/gitlab-runner-helper:x86_64-latest-pwsh ;; swagger) ;& # use next item - consistency) make clean ;; + consistency) + make clean + make install.tools + ;; release) ;; *) die_unknown TEST_FLAVOR esac |