| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Cirrus: Collect audit log on success and failure
|
| |
| |
| |
| |
| |
| |
| | |
Also rename `master_script` -> `failed_master_script` to clarify it's
"place in the line" when viewing (Cirrus WebUI)
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|/
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The build_each_commit task builds each commit in a pull request
to verify that we have a (at least minimally) functional Podman
at every point, to aid in bisecting.
This task is, right now, extremely slow, taking around 1m40s to
build each commit - which quickly grows unreasonable as PRs grow
to 10+ commits.
Upping resources available to the task should decrease time spent
in CI and reduce the risk of hitting timeouts.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously libpod CI was fairly straight-forward, run unit and
integration tests in a standard set of 3 VMs. Off on the side was a
single special case of running tests as an ordinary user. There is a
desire to stop using the PAPR system to support testing inside of a
container.
Since having two special cases potentially invites more
down the road, make provisions to handle them more gracefully. This
commit introduces an environment variable: ``$SPECIALMODE``. It's
value has the following meanings within the CI scripts:
Mode 'none': Nothing special, business as usual (default)
Mode 'rootless': Rootless testing
Mode 'in_podman': Build container, run integration tests in it.
This will make adding additional special-cases later easier, as well as
extending the special cases in a Matrix across multiple OS's.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
| |
fixes #2630
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\
| |
| | |
Cirrus: Run vendor check in parallel
|
| |
| |
| |
| |
| |
| |
| |
| | |
This task is heavily network bound, and takes way too long to include
along with the gating task. Separate it out and run it in parallel
to everything else. Also add some reasonable timeouts.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
* Randomize the user's UID and GID
* Simplify `setup_environment.sh`
* Support new "-r" option for `hack/get_ci_vm.sh` setting up rootless
* Connect as $ROOTLESS_USER when using "-r" with `hack/get_ci_vm.sh`
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Since `on_failure` notification is working, and IRC activity
is picking up, these messages mostly just get in the way.
Leave the PR-testing success messages in place for now,
since they're helpful when someone's waiting.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
| |
Undo short-term slirp4netns workaround (#2660)
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Until recently it was very difficult to execute any scripts if part of a
task failed. A new feature in Cirrus-CI makes this easy. Use it to
post a notice on IRC when any task fails.
Also: Add quotes around yaml-string values for consistency and
syntax-highlighting correctness.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
to protect against regressions, we need to add a few gating tasks:
* build with varlink
* build podman-remote
* build podman-remote-darwin
we already have a gating task for building without varlink
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
Cirrus: Add dedicated rootless mode testing
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Certain integration tests require execution as a regular user.
This is acomplished by `PodmanTest.PodmanAsUserBase()` wrapping a
specialized execution environment, in `test/utils/utils.go`. However,
doing this requires passing through python, which vastly increases the
complexity of debugging low-level problems.
This commit introduces a new parallel task, run as a regular user on the
VM as set by three environment variables. All commands executed in the
``rootless_test.sh`` script, will occur as a real user with a name and
home directory, just as `$DIETY` intended. All env. vars established
during `environment_setup.sh` (for root) are available. The PR source
in `$GOSRC` and `$GOPATH` are owned by this user, and ready for use.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
| |
Make use of the built imgts container image to track
VM image usage statistics for every automation run.
Also update and add small check to the gate test
that verifies expected formatting/content of the
`.cirrus.yml` file WRT VM Image names.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was found that after updating the cache-image for RHEL 7.6,
unpredictable integration tests start failing with 'permission denied'
errors. Much effort was spent trying to diagnose this, as all other
platforms pass.
Since running the latest/greatest podman on RHEL, will never be
officially supported (by Red Hat - must use RPM podman) this matrix-item
is of questionable value. Therefor, this commit disables RHEL testing.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
| |
We had a regression on master where we broke the build for
non-Varlink builds. Catch this in CI in the future.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no native package for this, so the packaged version must also
be installed, otherwise all the support/dependencies would be removed
also (like go-md2man). Fix this by installing from the google released
tarball, into /usr/local/go and set $GOROOT to point there.
Also, include a small fix for hack/get_ci_vm.sh not installing
testing dependencies because of an old assumption.
***CIRRUS: REBUILD IMAGES***
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
* Make sure that all vendored dependencies are in sync with the code and
the vendor.conf by running `make vendor` with a follow-up status check
of the git tree.
* Vendor ginkgo and gomega to include the test dependencies.
Signed-off-by: Chris Evic <cevich@redhat.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
[skip ci] Cirrus: Container for tracking image use
|
| |
| |
| |
| |
| |
| |
| | |
Once built, this container can be utilized by automation to help keep
track of VM images. All parameters are passed in via env. vars.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add necessary tweaks to base-image build/import process so that image
can successfully boot with networking enabled. Build the base image and
update ``.cirrus.yml`` accordingly.
Also make a minor improvement to cache-image building to help save space in
GCP image storage. Namely, instead of storing every produced image, export
them into google storage buckets w/ life-cycle enabled. For production use,
they may be converted back into GCE images, otherwise they will expire after
a time.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|/
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously it was not possible to specify keys from the ``env`` section
in the various GCE sections. Now that features is added, consolidate
all the cache image definitions into a single place, reducing
maintenance burden.
This also results in the names passing through into the VMs. This is
useful, e.g. for future tracking of image usage statistics.
Update get_ci_vm script hints for new image name definition format
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
| |
The limit of build_each_commit seems to be 17 commits - any more
and it times out. Give it a bit more time to work with.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
|
|
|
|
|
| |
Also add two minor tweaks which were preventing images from building
properly.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
git rebase origin/ -x make
fatal: Needed a single revision
invalid upstream 'origin/'
make: *** [Makefile:351: build-all-new-commits] Error 1
By not running this test post-merge.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
| |
it is very useful when using git bisect that at least the commit can
build.
got inspiration from: https://twitter.com/pid_eins/status/1072797993760423941
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The podbot messages are becoming obnoxious as more distributions are
tested. Only call the `success.sh` script once, after all testing was
successful. Also make update the message to include more helpful text
and url.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Frequently debugging of CI-related problems requires going hands-on
within the environment. However, reproducing the environment by hand is
very tedious and error prone. This script permits authorized users to
produce VM's based on any available cache-image, and automatically remove
them upon logout.
Also: Bump up VM disk sizes to 200GB due to performance reasons
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Since the most recent TWO versions of Fedora are officially supported
upstream, both need to be tested. Implement the concept of a 'prior'
Fedora release in both base-image and cache-image production. Utilize
the produced cache-image to test libpod. Remove F28 testing from PAPR.
Much thanks to @baude @giuseppe for help with this.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A number of images required for future testing are not present in GCE.
Importing them is a long proscribed process prone to errors and
complications.
Improve this situation by documenting, and encoding the majority of the
steps required. Due to the required complexity, these are clearly
identified as 'semi-automated'. This means a discerning eye is
sometimes needed to address unforeseen problems (networking issues,
format or packaging changes, etc).
Nevertheless, having these steps in writing, will reduce current and
future maintenance burden while supporting future testing needs of
RHEL, Fedora and Fedora Atomic Host.
Also:
* Add necessary configuration, scripts, and Makefile updates needed to
prepare RHEL, Fedora, & FAH cloud images for use in GCE. This
is a complex, multi-step process where the cloud image is booted
un a local user-mod qemu-kvm instance, where it can be modified.
From there, it's converted into a specific format, and imported into
GCE. Lastly, the imported raw disk data is made available as a GCE
VM image.
Note: As of this commit, the RHEL base-image builds (CentOS has native
image), however neither RHEL or CentOS cache-images build correctly.
* Left testing on FAH disabled, the GCE/Cirrus integration needs needs more
work. Specifically, the python3-based google startup script service
throws a permission-denied (as root) when trying to create a temp.
directory. Did not investigate further, though manually running the
startup script does allow the libpod tests to start running.
* Enabled Fedora 29 image to execute tests and general use.
* Utilize the standardized F28-based container image for gating
of more the intensive unit and integration testing. Update
documentation to reflect this as the standard platform for
these checks. Rename tasks with shorter names and to better
reflect their purpose.
* Cirrus: Trim unnecessary env vars before testing since the vast
majority are only required for orchestration purposes. Since most
are defined within `.cirrus.yml`, it's a good place to store the
list of undesirables. Since each of the cirrus-scripts runs in
it's own shell, unsetting these near the end will have no
consequence. Also trim down the number of calls to show_env_vars()
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The packer tool takes JSON as input for the details of producing VM
images to be used for PR CI-testing. JSON is not a very human-friendly
format, without support for comments and frequently containing lots of
duplicate data.
Fix this by using a Makefile + simple python one-liner to convert
from a human-friendly YAML format into packer-native JSON. This allows
use of anchors/aliases to reduce duplication, and allows inline comments
for easier maintainability. This also allows separating the 'test'
action from the 'build' action, for earlier and better syntax problem
detection.
Lastly, there are some minor ``lib.sh`` and ``integration_test.sh``
updates to support future work, and slightly improve the build and
test environments.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
the regression we noticed in runc was fixed upstream:
https://github.com/opencontainers/runc/pull/1943
so we can use again runc from master.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
we need to inherit this change from runc.
commit 869add33186caff4a22e3e11a7472a2d48d77889:
rootless: fix running with /proc/self/setgroups set to deny
This is a regression from 06f789cf26774dd64cb2a9cc0b3c6a6ff832733b
when the user namespace was configured without a privileged helper.
To allow a single mapping in an user namespace, it is necessary to set
/proc/self/setgroups to "deny".
For a simple reproducer, the user namespace can be created with
"unshare -r".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
| |
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
| |
The old commit points to the development branch and is not stable.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|
|
|
| |
Signed-off-by: Adrian Reber <areber@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously it was required to call the verify, unit, and integration
scripts in order to build/install dependencies, and libpod. This
wastes time during the (optional) system-testing, since the
actual unit/integration testing is also happening in parallel.
Consolidate only the distribution-specific build steps into the
system-testing script. This way, only the required steps are performed
in their respective (parallel) tasks.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, several magic strings were in place to affect cirrus-ci
operations. Two were buried within scripts. One to optionally
execute system-tests within a PR. Another to avoid re-building
cache-images upon every merge.
Move these magic strings out into the open, buy locating their
logic up-front in the ``.cirrus.yml`` file. This improves
readability and reduces surprise/astonishment at runtime.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\
| |
| | |
Cirrus-CI: Add option to run system-tests
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Normally, we would not run system-tests as part of PR-level CI, they're
simply too heavy-weight and complex. However, in some instances it may
be desirable to provide a quick feedback loop, prior to release packaging
and official testing. Enable this by executing the system-tests when
a magic string is present in the PR description:
``***CIRRUS: SYSTEM TEST***``
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|\ \
| | |
| | | |
Cirrus: Enable updating F28 image
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously this was disabled as some package was breaking networking on
GCE after updating + rebooting. This is fixed now, so we should update
packages when building the fedora test VM image.
https://pagure.io/cloud-sig/issue/292
Signed-off-by: Chris Evich <cevich@redhat.com>
|