aboutsummaryrefslogtreecommitdiff
path: root/.github
Commit message (Collapse)AuthorAge
* GHA: Fix dumb error checkChris Evich2022-07-14
| | | | | | | | | | | | Previously the reply JSON was examined for the literal presence of the string 'error'. This was intended to catch server or query errors and the like. However it's not a sound design as valid/legitimate contents could potentially contain the string. Fix this by using the `-e` option to `jq`, with a filter that should always result in a non-empty/null match. If this fails or returns null for some reason, then it's safe to throw a real error code & message. Signed-off-by: Chris Evich <cevich@redhat.com>
* [CI:DOCS] PodmanImage Readme touchuptomsweeneyredhat2022-06-04
| | | | | | | | | | @cevich recently renamed all the files named Dockerfile to Containerfile in this directory. Touching up the README.md to reflect that. Also, as I was doing the submit, I noticed a couple of nits in the PR request template and cleaned those up. Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
* dependabot: add release-note-none labelEd Santiago2022-05-17
| | | | | | | | | | | | Followup to https://github.com/openshift/release/pull/28686 in which we ask openshift-ci-bot to enforce a release-note label on new PRs. Dependabot PRs do not need release notes. Add a config setting (copied from cri-o) that tells dependabot to set release-note-none on new PRs. Signed-off-by: Ed Santiago <santiago@redhat.com>
* add dependabot config for test/tools go.modPaul Holzinger2022-05-04
| | | | | | dependabot should update out test dependencies as well. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Github PR template: add release-note blockEd Santiago2022-04-27
| | | | | | | | | | | | Initial step toward automating the collection & generation of release notes: add a markdown release-note block to our PR template. This will be reaped by an existing Kubernetes tool and gathered into a document that can be used as a starting point for future releases. Many more followup steps to come. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Set permissions for GitHub actionsnaveensrinivasan2022-03-30
| | | | | | | | - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* Cirrus: Build multi-arch images + manifestsChris Evich2022-03-28
| | | | | | | | | | | Github-actions for large/complex tasks is hard to read and maintain. Reimplement the multi-arch image build workflow into a set of bash scripts that use all native contrainer-org tooling. This requires a special VM image setup with emulation to build foreign architectures. It also requires renaming the `helloimage` directory, because the build script uses the directory name in the image FQIN. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #13564 from naveensrinivasan/naveen/feat/pin-actionsOpenShift Merge Robot2022-03-28
|\ | | | | [CI:DOCS] Pin actions to a full length commit SHA
| * Pin actions to a full length commit SHAnaveensrinivasan2022-03-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Pinned actions by SHA https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions >Pin actions to a full length commit SHA >Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions Also dependabot supports upgrades based on SHA. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* | Updated dependabot to GitHub actionsnaveensrinivasan2022-03-19
|/ | | | | | | | | | | | | | | - Updated dependabot to get updates for GitHub actions. GitHub sends Dependabot alerts when we detect vulnerabilities affecting your repository as well as when there are new updates to the dependency. https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts A vulnerability is a problem in a project's code that could be exploited to damage the confidentiality, integrity, or availability of the project or other projects that use its code. Vulnerabilities vary in type, severity, and method of attack. When your code depends on a package that has a security vulnerability, this vulnerable dependency can cause a range of problems for your project or the people who use it. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* github: label issues based on os fix regexPaul Holzinger2022-01-27
| | | | | | | | | Good news the github action works, however I noticed that we cannot use a multiline regex so we have to use serviceIsRemote to detect if this is a remote client. Also change the os regex so that it matches both the output of podman version and podman info. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* github: label issues based on osPaul Holzinger2022-01-27
| | | | | | | | | We get a lot of issues for podman-remote on macos. Since the fact that this is a remote client is often overlooked by us lets add windows, macos and remote label automatically based on a regex which should match the output of podman version. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Github workflow: Fix parsing of GraphQL response JSONChris Evich2022-01-25
| | | | | | | | | | | | | | | | While #12998 fixed the query string, it neglected to address presence of the old `githubRepository` field name in the reply. This resulted in the job throwing an error: `jq: error (at ./artifacts/reply.json:0): Cannot iterate over null` However, the job did preserve an artifacts archive containing the new response data. As a test for the fix in this commit, I ran the raw response data through the corrected jq command-line. This confirmed the change by properly parsing the data as expected by the workflow. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #12998 from cevich/fix_queryOpenShift Merge Robot2022-01-25
|\ | | | | [CI:DOCS] Github workflow: Update Cirrus-cron GraphQL query
| * Github workflow: Update Cirrus-cron GraphQL queryChris Evich2022-01-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sometime on Jan. 14th the GraphQL schema for Cirrus-CI changed, leading to the following error: `Validation error of type FieldUndefined: Field 'githubRepository' in type 'Root' is undefined @ 'githubRepository'` After some exploration, it was determined the field had been replaced with a new root-level field `ownerRepository`. Manual experimentation revealed the scalar value `LINUX` was appropriate to use for the new `platform` parameter. The query reply appears to remain compatible. Update the script which performs this query to use the new field name and parameter. ***NOTE*** This script is shared across multiple containers-org repos. All of which are/were affected by the schema change. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Github-workflow: Fix YAML syntaxChris Evich2022-01-25
| | | | | | | | | | | | | | | | | | | | | | | | The `body` string value must be quoted because it contains a colon. Also fix an incorrect URL substitution reference in error-notice e-mail body text. (In my defense...testing this workflow is basically impractical without merging it) Signed-off-by: Chris Evich <cevich@redhat.com>
* | Github workflow: Send e-mail on job errorChris Evich2022-01-24
|/ | | | | | | | | | | | | | | This job is designed to be silent when Cirrus-cron executions pass. Unless specifically instructed, the workflow itself will also remain silent if there's an error. Fix this by catching workflow errors and sending a notification e-mail containing a link to the failed run. This also requires listing the recipient addresses directly in the workflow. Otherwise (as previouslly implemented) the value would not be retrieved if/when any previous step raised an error. **Note**: Due to the way this workflow is implemented, there is no way easy way to test it other than directly on the `main` repo. branch. Signed-off-by: Chris Evich <cevich@redhat.com>
* troubleshooting links to main branchfredr2022-01-14
| | | | Signed-off-by: fredr <fredrik@enestad.com>
* .github: revert to the old templateGiuseppe Scrivano2021-12-16
| | | | | | | | | we are not using any of the metadata in the new format, so we have only the downside that is more annoying to fill. [CI:DOCS] no need to run the CI Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Implement PR template to assist review & releaseChris Evich2021-09-28
| | | | | | | | | | | | This duplicates the template used for buildah. The intention is to make it immediately clear to reviewers: * The intended/basic purpose of the PR (also machine readable) * Why are changes being proposed * If there are any specific items need additional checking or scrutiny * What should go into the release-notes (if anything). Signed-off-by: Chris Evich <cevich@redhat.com>
* Multi-arch image build: Daily version-tag pushChris Evich2021-07-27
| | | | | | | This mirrors changes from https://github.com/containers/buildah/pull/3381 Signed-off-by: Chris Evich <cevich@redhat.com>
* [CI:DOCS] Multi-arch image workflow: Make steps genericChris Evich2021-07-20
| | | | | | | | | | | | | | | | | | | | | | This duplicates the change from https://github.com/containers/skopeo/pull/1379 Since this workflow is duplicated across three repositories, maintaining changes becomes onerous if the item contents vary between implementations in any way. Improve this situation by encoding the repository-specific details into env. vars. then referencing those vars throughout. This way, a meaningful diff can be worked with to compare the contents across repositories. Also included are abstractions for the specific command used to obtain the project version, and needed details for filtering the output. Both of these vary across the Buildah, Skopeo, and Podman repos. NOTE: This change requires the names of two github action secrets to be updated: PODMAN_QUAY_USERNAME -> REPONAME_QUAY_USERNAME (and *PASSWORD). Signed-off-by: Chris Evich <cevich@redhat.com>
* Fix cirrus-cron failure notification GH workflowChris Evich2021-07-12
| | | | | | | The master->main rename broke this. Also update the runtime along with a comment w/ link to the actual job definitions. Signed-off-by: Chris Evich <cevich@redhat.com>
* Fix multi-arch image build clone:failureChris Evich2021-06-16
| | | | | | | | | | | | | | A suspected recent change in docker (in github-actions Ubuntu environment) results in a error: ``` cannot clone: Operation not permitted Error: cannot re-exec process ``` Fix this by using podman to execute the container instead of docker. Signed-off-by: Chris Evich <cevich@redhat.com>
* Sync. workflow across skopeo, buildah, and podmanChris Evich2021-05-21
| | | | | | | | | Besides adding ***BIG FAT WARNING*** this commit updates the containers-repo. logic to only (and properly) handle the `stable` image (both version and `latest` tags). This change was already discussed at length with @TomSweeneyRedHat. Signed-off-by: Chris Evich <cevich@redhat.com>
* Use more recent `stale` release...Stuart Shelton2021-05-16
| | | | | | … as currently with `v1`, `remove-stale-when-updated` is set but isn't causing labels to be updated when comments are added. Signed-off-by: Stuart Shelton <stuart@shelton.me>
* Fix variable reference typo. in multi-arch image actionChris Evich2021-05-03
| | | | | | | | | | | | Bug introduced by #10150 Also, in case of failure of one matrix-leg, do not terminate execution of all others. There are many reasons why an item could fail (i.e. temporary networking problem). Since the job runs periodically, we can simply allow the subsequent run to cover for any missed images pushes due to sporadic job failures. Signed-off-by: Chris Evich <cevich@redhat.com>
* Fix multi-arch image workflow typoChris Evich2021-04-30
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Update container image docs + fix unstable executionChris Evich2021-04-29
| | | | | | | | | | | | | | | | Update the order of image documentation to be from most to least stable. Similarly, avoid depending on execution of upstream podman, when building/pushing. It's easily possible for this build to function but execution to fail due to some partially implemented feature. Also, ensure images tagged `latest` are pushed for every matrix item. For 'upstream' and 'testing', this replaces use of the 'master' tag. Lastly, update workflow comments and split the 'podman' and 'containers' FQIN steps and outputs to improve readability. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #10139 from rhatdan/troubleshootOpenShift Merge Robot2021-04-28
|\ | | | | [CI:DOCS] Add troubleshooting advice about the --userns option.
| * Add troubleshooting advice about the --userns option.Josh Berkus2021-04-26
| | | | | | | | | | | | | | | | | | Also a link to the troubleshooting guide into the issue template. Replaces: https://github.com/containers/podman/pull/9770 Signed-off-by: Josh Berkus <josh@agliodbs.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Fix logic for pushing stable multi-arch imagesChris Evich2021-04-26
|/ | | | | | | | | | The intention is to only push an image if there is ***NOT*** an existing tag. The original logic for this condition was inverted. Also, improve radability of the `{container,podman}_push=true` statements. Signed-off-by: Chris Evich <cevich@redhat.com>
* Several multi-arch image build/push fixesChris Evich2021-04-23
| | | | | | | | | | | | * Fix not setting `$VERSION` before reference * Reduce need for "syntax-hilighting workaround` comment. Simplify context-expressions -> simple env. var. referenmces * Fix pushing quay.io/containers/podman:master twice ('upstream' and 'testing' matrix items) * Throw error on unknown/unsupported matrix items * Improve readability of setting multi-line `$LABELS` value. Signed-off-by: Chris Evich <cevich@redhat.com>
* Add github-action workflow to build/push multi-archChris Evich2021-04-22
| | | | | | | | This borrows very heavily from the work done for buildah by @barthy1 - Yulia Gaponenko <yulia.gaponenko1@de.ibm.com>. Some changes to code and comments made for clarity and specificity. Signed-off-by: Chris Evich <cevich@redhat.com>
* add a dependabot config to automate vendoringValentin Rothberg2021-03-18
| | | | | | | | | | | | | | While dependabot has turned out great to automate updating dependencies, a major painpoint was that we had to manually run `make vendor` for each and every commit. It was causing noise. Adding the config file to `.github/dependabot.yml` will take of also updating the `./vendor` tree. `containers/common` is using this config for a while successfully. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Cirrus: Send cirrus-cron report e-mail to list.Chris Evich2021-02-08
| | | | | | | | | This mailing-list was established to allow people to sub/unsub from automated notifications. Add it to the list of destinations picked up by the Github Actions workflow `.github/workflows/check_cirrus_cron.yml`. Signed-off-by: Chris Evich <cevich@redhat.com>
* Fix spelling mistakesDaniel J Walsh2020-12-09
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Github-Actions: Send e-mail on Cirrus cron failureChris Evich2020-11-18
| | | | | | | | | | | | | | | This repository has a number of automaticly triggered branch-level testing enabled. However, other than remembering to go look at a specific WebUI, there is no way for anybody to notice if/when these jobs fail. This commit introduces a github-action workflow which runs periodically, checking for failed cron-triggered Cirrus-CI jobs. When it finds any, it formats a simple report for e-mail delivery. The list of destination addresses is configurable at any time by merging changes to a simple CSV file. Signed-off-by: Chris Evich <cevich@redhat.com>
* add a PR templateValentin Rothberg2020-11-04
| | | | | | | | Add a pull-request template that points to the section in the contributing guidelines and to remind users to use the `[CI:DOCS]` prefix if applicable. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Yet another iteration on PR title pluginEd Santiago2020-10-26
| | | | | | | | | PR #8147 made things worse: it's not valid YAML. This at least is valid YAML. I have no idea if it yields the desired result, and we won't even know until it gets merged, but at least it won't cause fatal syntax errors. Signed-off-by: Ed Santiago <santiago@redhat.com>
* pr update action: fix errors on master branchValentin Rothberg2020-10-26
| | | | | | | | | | | | The action fails on the master branch as the regex does not match. The error in this scenario is unfortunate and not of much value as we do not want to change PR titles on the master branch. To fix it, entirely disable the action on the master branch which in restrospective may be a better approach as we do not fire off the action. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* add GitHub action to add non-main branch to PR titleValentin Rothberg2020-10-25
| | | | | | | | | | | | | | | | Add a GitHub action to add the name of the target branch as prefix to the title of a pull request. It is easy to miss the target of a given pull request which has already caused issues of commits going into non-main branches without intention. We have already used this action on the `v2.0.5-rhel` branch with limited success. Fortunately, the upstream implemented our feature request to support adding the _target_ branch name (rather than the source) to the PR title, which is what we need. Any non-main branch from this commit forward will now be clearly marked. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* update stale botValentin Rothberg2020-09-22
| | | | | | | | | | | | | | Update the GitHub action to mark issues and PRs as stale. There are a couple of useful features, most importantly, the bot will remove the stale label from issues as soon as there's either an activity or a comment. This reduces some manual overhead: the stale bot will only drop a comment on issues and PRs that are not marked as stale. Hence, as we appreciated the reminders, we had to manually remove the label which should now turn into campfire tales. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add pointer to troubleshooting in issue templateTomSweeneyRedHat2020-08-14
| | | | | | | | Add pointers to the Troubleshooting guide, including a new question that the reporter referenced it in the issue template that's displayed on GitHub. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* github stale workflow: rephrase and bump close timeValentin Rothberg2020-01-07
| | | | | | | | Rephrase the stale message to be friendlier and bump the closing time to 365 days. The docs of the stale workflow do not indicate whether we can not close, so a limit of 365 days seems fair. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* stale action: add exempt-issue-labelValentin Rothberg2019-10-30
| | | | | | | Without the label, issues would be closed regardless of the "do-not-close" label. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* GitHub stale actionValentin Rothberg2019-10-28
| | | | | | | Add a GitHub action to mark issues and PRs as stale and to eventually close them after a grace period. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Issue template update to include package infoLokesh Mandvekar2019-08-18
| | | | | | Fixes: #3839 Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* issue template: run `podman info --debug`Valentin Rothberg2019-02-25
| | | | | | | Ask users to run podman-info with `--debug` to the exact git commit, compiler and go version. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* .github/ISSUE_TEMPLATE: Suggest '/kind bug' and '/kind feature'W. Trevor King2019-01-08
| | | | | | | | So Prow's label plugin [1] can apply the appropriate label for us. [1] https://github.com/kubernetes/test-infra/tree/master/prow/plugins/label Signed-off-by: W. Trevor King <wking@tremily.us>