aboutsummaryrefslogtreecommitdiff
path: root/.cirrus.yml
Commit message (Collapse)AuthorAge
* Cirrus: add podman_machine_aarch64Lokesh Mandvekar2022-08-17
| | | | | | | | | Run machine tests on every PR as label-driven machine test triggering is currently hard to predict and debug. Co-authored-by: Ed Santiago <santiago@redhat.com> Co-authored-by: Miloslav Trmač <mitr@redhat.com> Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Cirrus: Improve CI VM image updates for EC2Chris Evich2022-08-09
| | | | | | | | | | | | | | | | | | | | AWS EC2 keys VM images by an utterly unreadable, horrible to use, generated "AMI ID" value. This is very error prone for humans in practice, since it's impossible to tell one image from the next by eye. Worse, EC2 permits duplicate name-tag values, complicating image specification further. However fortunately, Cirrus-CI recently implemented a feature by which AMI's may be referenced by a name-tag search - choosing the most recent AMI found. Since the `containers/automation_images` build workflow always assigns a unique name + `$IMAGE_SUFFIX` value, we can simply re-use it for both AWS and GCP image specification. In other words as of this commit, specifying new CI VM images can be done by simply updating the `$IMAGE_SUFFIX` value as we've always done. No need to call out a specific AMI ID just for EC2 tasks. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #15182 from cevich/remove_disused_envaropenshift-ci[bot]2022-08-07
|\ | | | | Cirrus: Remove disused env. var.
| * Cirrus: Remove disused env. var.Chris Evich2022-08-03
| | | | | | | | | | | | Hasn't been used for quite a while. Remove it and associated comments. Signed-off-by: Chris Evich <cevich@redhat.com>
* | [CI:COPR] podman.spec.rpkg: add python3 dependency for el8Lokesh Mandvekar2022-08-05
| | | | | | | | | | | | | | | | | | | | EL8 builds are failing because hack/markdown-preprocess needs python3 which AFAICT isn't included by default in EL8 build environments. This commit also includes an additional `[CI:COPR]` mode which is currently runs the same tests as `[CI:DOCS]` but could differ in future. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | Cirrus: Run Cross builds in [CI:DOCS] modeChris Evich2022-08-04
| | | | | | | | | | | | | | | | | | | | | | Fixes: #15189 A while ago I updated the only_if/skip options and forgot that several "cross build" tasks also build documentation in addition to binaries. Re-enable them to execute all the time, except when Cirrus-cron is making our multi-arch images. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Support EC2 instances in hack/get_ci_vm.shChris Evich2022-08-03
|/ | | | | | | ***Depends on:*** https://github.com/containers/automation_images/pull/160 Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Minor YAML cleanupChris Evich2022-07-28
| | | | | | | | | A prior change added extra whitespace when commenting out several sections to temporarily disable F35 testing. This restores the sections to proper indentation, so (in the future) only the `#` character needs to be removed. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: enable Fedora 36 aarch64 tasks on EC2Lokesh Mandvekar2022-07-27
| | | | | | | | | | | new file: test/e2e/config_arm64.go Tests that fail on aarch64 have been skipped with `skip_if_aarch64`. Co-authored-by: Chris Evich <cevich@redhat.com> Co-authored-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Cirrus: Use the latest imgts containerChris Evich2022-07-26
| | | | | | | Contains important updates re: preserving release-branch CI VM images. Ref: https://github.com/containers/automation_images/pull/157 Signed-off-by: Chris Evich <cevich@redhat.com>
* Bump VMs, to Ubuntu 2204 with cgroups v1Ed Santiago2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...and enable the at-test-time confirmation, the one that double-checks that if CI requests runc we actually use runc. This exposed a nasty surprise in our setup: there are steps to define $OCI_RUNTIME, but that's actually a total fakeout! OCI_RUNTIME is used only in e2e tests, it has no effect whatsoever on actual podman itself as invoked via command line such as in system tests. Solution: use containers.conf Given how fragile all this runtime stuff is, I've also added new tests (e2e and system) that will check $CI_DESIRED_RUNTIME. Image source: https://github.com/containers/automation_images/pull/146 Since we haven't actually been testing with runc, we need to fix a few tests: - handle an error-message change (make it work in both crun and runc) - skip one system test, "survive service stop", that doesn't work with runc and I don't think we care. ...and skip a bunch, filing issues for each: - #15013 pod create --share-parent - #15014 timeout in dd - #15015 checkpoint tests time out under $CONTAINER - #15017 networking timeout with registry - #15018 restore --pod gripes about missing --pod - #15025 run --uidmap broken - #15027 pod inspect cgrouppath broken - ...and a bunch more ("podman pause") that probably don't even merit filing an issue. Also, use /dev/urandom in one test (was: /dev/random) because the test is timing out and /dev/urandom does not block. (But the test is still timing out anyway, even with this change) Also, as part of the VM switch we are now using go 1.18 (up from 1.17) and this broke the gitlab tests. Thanks to @Luap99 for a quick fix. Also, slight tweak to #15021: include the timeout value, and reword message so command string is at end. Also, fixed a misspelling in a test name. Fixes: #14833 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: comment out f35 for podman4Lokesh Mandvekar2022-07-18
| | | | | | | We are not shipping podman4 on f35, so it's not worth CI time at this point. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Cirrus: Trigger podman-machine task by labelChris Evich2022-07-14
| | | | | | | | Instead of requiring developers to search for a magic button, make the task trigger at the time a special PR label is added. Update comments accordingly. Signed-off-by: Chris Evich <cevich@redhat.com>
* CI: sanity check for desired runtimeEd Santiago2022-07-12
| | | | | | | | | | | | | | | We're still not testing runc in CI (#14833), and it may be weeks or months before we can, due to criu/glibc nightmare, but one day we'll be back on track, then later on we'll update VMs again, and screw it up, and lose runc, and not notice, and RHEL will break, and oh noes headless chicken again, repeat repeat. We can do better. Use .cirrus.yml to explicitly define which VMs should use which runtimes, and enforce it early in the CI build step. This should never fail (uh huh) in a PR, only in one of the update-VM PRs. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: Add podman-machine integration testChris Evich2022-07-01
| | | | | | | | | | | | | | | | | | | | | | | The podman-machine integration tests are designed to execute on bare-metal, since they perform significant work with virtual-machines. This test is costly to run at scale, so it is limited to being manually triggered by developers (for now). A 'trigger' button will appear in the task status page of the Github WebUI once all test dependencies are met. In the Cirrus-CI WebUI, there is also a 'pre-trigger' button that may be pressed if a developer doesn't wish to wait. Also: * Add a `localmachine` target in the `Makefile` on the off-chance developers wish to execute locally. Update the `ginkgo-run` target to accommodate re-use by the new `localmachine` target. * Exclude `podman_machine` task from `success` dependency verification. This also involves adding an exception to `cirrus_yaml_test.py` otherwise it will complain loudly. * ***NOTE*** Inclusion of `ec2_instance` in *any* task will cause `hack/get_ci_vm.sh` to barf and be non-functional. Future updates will be made to restore functionality. Before then, simply comment out the `ec2_instance` section as a temporarily workaround. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #14637 from edigaryev/fix-matrix-expansionopenshift-ci[bot]2022-06-17
|\ | | | | .cirrus.yml: fix matrix expansion by properly merging YAML mappings
| * .cirrus.yml: fix matrix expansion by properly merging YAML mappingsNikolay Edigaryev2022-06-17
| | | | | | | | Signed-off-by: Nikolay Edigaryev <edigaryev@gmail.com>
* | Cirrus: Fix build. dep. missed in #14521Chris Evich2022-06-16
|/ | | | | | This is causing the remote system tests to fail when run on on `main`. Signed-off-by: Chris Evich <cevich@redhat.com>
* CI: APIv2 tests: add rootlessEd Santiago2022-06-14
| | | | | | | | | | | | | | | | | | | This would've caught a regression that #14549 had to fix. Let's try to prevent the next regression. This requires some hackery to get namespaces initialized before the service is started; otherwise the service itself initializes namespaces, which basically ends up with a server process that runs forever. Also: in stop_service(), reset service_pid, because that's the correct thing to do. Also: add some debug statements to try to figure out a CI failure. (And leave them in place, because they might be useful for future problems). Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: Fix artifact passing when dep. skippedChris Evich2022-06-08
| | | | | | | | | | | When passing artifacts from one task to another, if a direct dependency was not created due to `only_if`, a race condition can occur: The descendent task may start running prior to the indirect (but required) dependency (`build` in this case) completing and uploading artifacts. Fix this by spamming a `build` dependency into all tasks which require it (basically everything). Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Simplify only_if/skip + optimize multiarchChris Evich2022-06-07
| | | | | | | | | | | | | | | | | | Using both the 'skip' and 'only_if' features at the same time may be hard for maintainers to decipher. Consolidate them into `only_if` since that bypasses creation of the task all together - meaning there are potentially fewer tasks for a developer to scroll through. Since the `multiarch` Cirrus-Cron build no-longer depends on the direct "build-ability" from the current repo. state, it can be further optimized. When operating in this context, avoid running many/most other tasks, depending instead only on `ext_svc_check`. Finally, add a simple document describing the various runtime contexts along with the list of expected tasks. Reference this prominently right in front of every `only_if` so it's impossible for a maintainer to miss. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #14240 from cevich/fix_multiarch_buildOpenShift Merge Robot2022-05-23
|\ | | | | [CI:BUILD] Cirrus: Fix building multiarch images
| * Cirrus: Fix building multiarch imagesChris Evich2022-05-23
| | | | | | | | | | | | | | | | | | | | | | | | The caching update made in https://github.com/containers/podman/pull/14016 neglected to attend to the "git repo." needs of this task. Fix this so images can build. Also, make this optional task only appear when the `[CI:BUILD]` magic string is used. No reason to tempt every PR author to press a mysterious button labeled 'trigger'. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Move GOPROXY from Makefile to cirrus.ymlKir Kolyshkin2022-05-17
| | | | | | | | | | | | | | | | | | | | | | GOPROXY's default value is "https://proxy.golang.org,direct" since go 1.13, so it is redundant to set it explicitly. For some reason though, GOPROXY in Cirrus CI is set to direct, which makes things such as go mod tidy very slow. So, set the proper (default) value for in in .cirrus.yml. Do the same for GOSUMDB. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* | Makefile, podman.spec.rpkg: rm GOBIN and GOPATHKir Kolyshkin2022-05-17
|/ | | | | | | | | | | | | | | | | | | Remove GOPATH setting as since Go 1.9 it defaults to $HOME/go (for earlier versions it had to be specified explicitly). Remove GOPATH-related code from the spec, using relative paths when compiling packages, and enable Go modules, simplifying the spec. Remove support for multiple paths in GOPATH (which is rarely used and doesn't really work with modules). Remove setting GOBIN, rely on $GOPATH/bin instead. In case GOBIN is explicitly set (which is highly unlikely), forcefully ignore by unsetting it. Remove GOBIN from tools invocation since we added GOPATH/bin to PATH. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* Cirrus: Update images + new automation libraryChris Evich2022-05-10
| | | | | | | | Add support for new automation library version w/ `$DEBUG` fix (ref: containers/automation_images#128) and added definitions for commonly used Distro/version variables. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Simplify use of cache in automationChris Evich2022-05-10
| | | | | | | | | | | | | | | | | With the increasingly complex `.cirrus.yml` task relationships, build cache wasn't always working as intended. Recently, non-build tasks were observed assuming authority over `gopath_cache`. Ref.: https://github.com/containers/podman/pull/13998#issuecomment-1108834538 Address this by an overall simplification using artifacts instead of cache. Using artifacts allows establishing concrete authorship/authority over cached repo. content. In this way, dependent tasks may simply consume the artifact with `curl` instead of relying on complex caching algorithms. Also/Minor: Add YAML checking to the pre-commit configuration. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Test w/ netavark/aardvark-dns in F36+Chris Evich2022-04-27
| | | | | | | | | | | | | | | | | | | | Now that netavark and aardvark are packaged and default in F36, support CNI-based testing in F35 and Ubuntu. * Remove the temporary/special `$TEST_ENVIRON=host-netavark` construct. * Remove dedicated/special integration and system testing tasks. * Update test-config setup to properly handle CNI vs netavark/aardvark environments. * Update package-version logging to operate based on installed packages (along with some other minor script cleanups). * Update global environment setup to force `$NETWORK_BACKEND=netavark` in F36 and later. Except when `upgrade_test` task runs. * Discontinue installing netavark and aardvark-dns binaries from upstream build artifacts. * Drop CGV1-vs-2 policy check. Ubuntu VMs now exclusively test CGv1, Fedora VMs test CGv2, with F35 testing CNI and F36 testing Netavark. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Update to F36 CI VM ImagesChris Evich2022-04-27
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Revert "Cirrus: Disable F34 aka prior-fedora testing"Chris Evich2022-04-27
| | | | | | This reverts commit 7b55ab4426712277774da8bf31d78ca66beb2421. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Fix missing git-enforced runtime identityChris Evich2022-04-21
| | | | | | | | | Newer versions of git (like `2.35`) fail on certain operations (like `rebase` and `am`) without a local identity. Add a fake one from the start, with a clearly identifiable test-value to avoid problems at runtime. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #13828 from cevich/fix_cron_checkOpenShift Merge Robot2022-04-12
|\ | | | | [CI:BUILD] Cirrus: Fix unsupported cirrus-cron build status
| * Cirrus: Fix unsupported cirrus-cron build statusChris Evich2022-04-11
| | | | | | | | | | | | | | | | | | | | | | | | Every weekday when the `check_cirrus_cron` github-actions workflow runs. It checks the status of all cirrus-cron jobs. If a build is found with a 'FAILED' status, it triggers an alert e-mail to be sent. However, the `test_image_build` is marked as a manually-triggered, resulting in a perpetual status of 'EXECUTING', even if there were failures. Fix this by only allowing the problematic task to run in pull requests without the `[CI:DOCS]` magic keyword. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Multi-arch build auto-update + tagging updateChris Evich2022-04-07
|/ | | | | | | | | | | | | | | | This new VM image brings in two important updates to multi-arch image build operations: 1. Future operational changes will no-longer require also updating VM images. Updates to build-push made in `containers/automation_images` will automatically be picked up at runtime. ref: https://github.com/containers/automation_images/pull/123 2. On the next run, both `vX` and `vX.Y` tagged manifest-lists will be pushed. This is now also reflected in the README. ref: https://github.com/containers/automation_images/pull/125 Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Allow manually running image-build taskChris Evich2022-03-31
| | | | | | | | | | Building multi-arch images in a standardized way is complex. Some of the builds themselves can take a really long time to run (over an hour). Make changes easier to test inside a PR by adding manually-triggered image-build tasks. These mirror most of the real cron-triggered task, without actually pushing the final images. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Upd VM images to fix multi-arch build bugChris Evich2022-03-31
| | | | | | Ref: https://github.com/containers/automation_images/pull/122 Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #13697 from edsantiago/upgrade_test_matrixOpenShift Merge Robot2022-03-30
|\ | | | | Upgrade tests: reexamine cross-testing matrix
| * Upgrade tests: reexamine cross-testing matrixEd Santiago2022-03-29
| | | | | | | | | | | | | | | | | | | | | | | | - removed: v1.9.0, v2.0.6 + added: v3.4.0 (Cannot add v4 because there's no such image on quay. As soon as one appears, we should add it.) Add a workaround for a UTS namespace conflict new in v3.4 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Cirrus: Build multi-arch images + manifestsChris Evich2022-03-28
|/ | | | | | | | | | | Github-actions for large/complex tasks is hard to read and maintain. Reimplement the multi-arch image build workflow into a set of bash scripts that use all native contrainer-org tooling. This requires a special VM image setup with emulation to build foreign architectures. It also requires renaming the `helloimage` directory, because the build script uses the directory name in the image FQIN. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Publish binary artifacts on successChris Evich2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In general continuous-delivery (CD) tends to pair well with CI. More specifically, there is a need for some reverse-dependency CI testing in netavark/aardvark-dns. In all cases, the download URL needs to remain consistent, without elements like `Build%20for%20fedora-35`. The 'Total Success' task only ever executes when all dependencies are successful. When a non `[CI:DOCS]` build is successful, gather all binary/release artifacts in a new task which depends on 'Total Success'. This will provide a uniform name (`artifacts`) and URL for downstream users to use. For example: https://api.cirrus-ci.com/v1/artifact/github/containers/podman/artifacts/binary.zip or https://api.cirrus-ci.com/v1/artifact/github/containers/podman/artifacts/binary/FILENAME Where ***FILENAME*** is one of: * `podman` * `podman-remote` * `rootlessport` * `podman-release-386.tar.gz` * `podman-release-amd64.tar.gz` * `podman-release-arm64.tar.gz` * `podman-release-arm.tar.gz` * `podman-release-mips64le.tar.gz` * `podman-release-mips64.tar.gz` * `podman-release-mipsle.tar.gz` * `podman-release-mips.tar.gz` * `podman-release-ppc64le.tar.gz` * `podman-release-s390x.tar.gz` * `podman-remote-release-darwin_amd64.zip` * `podman-remote-release-darwin_arm64.zip` * `podman-remote-release-windows_amd64.zip` * `podman-v4.0.0-dev.msi` Signed-off-by: Chris Evich <cevich@redhat.com>
* Add tests with Docker Compose v2Matthew Heon2022-03-17
| | | | | | | | | | | Add a pair of new Cirrus test suites using Compose v2 instead of Compose v1 (as is currently packaged in Fedora). They work identically, and run the same tests, as the Compose v1 tests, but with the new v2 binary instead. [NO NEW TESTS NEEDED] This adds an entire Cirrus suite... Signed-off-by: Matthew Heon <mheon@redhat.com>
* Cirrus: Disable F34 aka prior-fedora testingChris Evich2022-02-17
| | | | | | | | | | Podman 4.0 will never be supported in F34, and the use of F35 in CI is temporary until F36 is brought up to speed. Rather than fight with testing issues that will never be fixed/supported, simply disable it. This commit may be reverted at a future date when F36 VM support is added. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Use updated VM imagesChris Evich2022-02-17
| | | | | | | | | | | Mainly this is to confirm some changes needed for the podman-py CI setup don't disrupt operations here. Ref: https://github.com/containers/automation_images/pull/111 Also includes a minor steup fix WRT setting up for test-rpm build. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Expand netavark testing to include rootlessChris Evich2022-02-04
| | | | | | | | | | The list of netavark/aardvark-dns tasks is likely to be ever-growing for the near-term. Consolidate them into a single task entry with a matrix attribute to make future expansions less YAML-duplicative. Also, re-arrange it to fall in-between the CNI integration and system task sections. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Add netavark/aardvark system test taskChris Evich2022-02-03
| | | | | | | Also add a system-test that verifies netavark driver is in use when magic env. var. is set. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Minor - limit release task applicabilityChris Evich2022-02-02
| | | | | | | | | | | | This task/test is guaranteed to fail on non-release PRs. Upon reviewing actual practice and the release docs, this task should be limited to PRs with a title containing `release` or `bump` keywords. Also fix a minor comment typo. Ref: https://github.com/containers/podman/pull/13106#pullrequestreview-869855449 Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Add [CI:BUILD] magic that only buildsChris Evich2022-02-01
| | | | | | | | This is intended for cases where no code changes were made in this repo. but something did change which could affect the toolchain. For example, `Makefile` or packaging changes. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #12814 from cevich/netavarkOpenShift Merge Robot2022-02-01
|\ | | | | Cirrus: Add e2e task w/ upstream netavark
| * Cirrus: Also download aardvark-dns binaryChris Evich2022-01-24
| | | | | | | | | | | | | | | | This involves a minor code-change so the download/install can run in a loop for the two different repositories and binaries. Given everything is exactly the same except the URLs and names. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Add e2e task w/ upstream netavarkChris Evich2022-01-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR adds the CI mechanisms to obtain the latest upstream netavark binary, and set a magic env-var to indicate e2e tests should execute podman with `--network-driver=netavark`. A future commit implement this functionality within the e2e tests. Due to the way the new environment is enabled, the standard task name is too long for github to display without adding ellipsis. Force the custom task name `Netavark Integration` to workaround this. At some future point, when netavark is more mainstream/widely supported, this custom task and upstream binary install can simply be removed - i.e. netavark will simply be used by default in the normal e2e tasks. Signed-off-by: Chris Evich <cevich@redhat.com>