summaryrefslogtreecommitdiff
path: root/contrib/cirrus
Commit message (Collapse)AuthorAge
* Merge pull request #3985 from cevich/verify_no_podmanOpenShift Merge Robot2019-09-19
|\ | | | | Cirrus: Prevent resident pollution
| * Cirrus: Prevent resident pollutionChris Evich2019-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | When constructing VM cache-images, the latest/greatest podman package is installed to ensure all necessary dependencies are met. Prior to testing source-built binaries, most of of the packaged files are removed. However, if the `io.podman` service or socket is enabled/running, it could cause the packaged podman and varlink binaries to be both resident and cached. Since this condition would cause very difficult to diagnose behaviors, add preventative measures to ensure these services are absent prior to removing packaged podman files. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Fix unnecessary setseboolChris Evich2019-09-11
| | | | | | | | | | | | | | By mistake this was added to run for the image-building-VM and is not supported. Kill it. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #3581 from mheon/no_cgroupsOpenShift Merge Robot2019-09-11
|\ \ | |/ |/| Support running containers without CGroups
| * Add support for launching containers without CGroupsMatthew Heon2019-09-10
| | | | | | | | | | | | | | This is mostly used with Systemd, which really wants to manage CGroups itself when managing containers via unit file. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Replace "podman" with "Podman"xcffl2019-09-07
|/ | | | Signed-off-by: xcffl <xcffl@outlook.com>
* Cirrus: Update e-mail -> IRC Nick tableChris Evich2019-09-03
| | | | | | | | Also add fixes to help prevent 'fatal: Invalid revision range' error. Should obtaining all authors from the range still fail, only grab the HEAD commit author as a fallback. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: On success, add IRC nick mention to msgChris Evich2019-08-30
| | | | | | | | | | | Rather than spamming the podman channel with impersonal success messages referring to PR numbers, mention the author by nick name and include the PR title and link. Also avoid needless logging of all bot-script interactions with IRC when there is no error detected. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #3710 from cevich/release_redoOpenShift Merge Robot2019-08-29
|\ | | | | Release redo
| * Cirrus: Reimplement release archive + uploadChris Evich2019-08-28
| | | | | | | | | | | | | | | | The initial implementation was far more complicated than necessary. Strip out the complexities in favor of a simpler and more direct approach. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #3892 from cevich/google_vpcOpenShift Merge Robot2019-08-28
|\ \ | | | | | | Cirrus: Block CNI use of google VPCs
| * | Cirrus: Block CNI use of google VPCsChris Evich2019-08-28
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specifically pertaining to executing tests in google cloud, there are default, pre-allocated class-a subnetworks for each region (data-center). Each includes a gateway using a `.1` LSB and all are routable from other regions in google cloud via these gateways. Because the default CNI configuration also utilizes class-a subnetworks, this creates the possibility for IPv4 address-space clashes. Since the default regional cloud subnets are pre-defined/known, preventing clashes can be accomplished by seeding these subnets in a dummy CNI configuration. The default behavior of podman is to grab the highest priority CNI configuration. Name the dummy config. appropriate so it always loads last. Also name the bridge itself with an obvious name `do-not-use`, such that any related testing errors should be easier to debug. Also: * Minor cleanup of `install_test_configs()` * Move install_test_configs in `setup_environment.sh` to after possible run of `remove_packaged_podman_files()` because that also strips out `/etc/cni/net.d/87-podman-bridge.conflist`. Signed-off-by: Chris Evich <cevich@redhat.com>
* / Add an integration test for systemd in a containerMatthew Heon2019-08-28
|/ | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #3824 from baude/varlinkendpointtestOpenShift Merge Robot2019-08-26
|\ | | | | Create framework for varlink endpoint integration tests
| * Create framework for varlink endpoint integration testsbaude2019-08-16
| | | | | | | | | | | | | | add the ability to write integration tests similar to our e2e tests for the varlink endpoints. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #3822 from cevich/simplify_crun_taskOpenShift Merge Robot2019-08-17
|\ \ | | | | | | Cirrus: Minor: Simplify crun test task
| * | Cirrus: Minor: Simplify crun test taskChris Evich2019-08-16
| |/ | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Confirm networking moreChris Evich2019-08-16
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | cirrus: enable cgroups v2 tests with crunGiuseppe Scrivano2019-08-13
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Cirrus: Install varlink on UbuntuChris Evich2019-08-13
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Install varlink on FedoraChris Evich2019-08-13
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #3607 from cevich/cgroup2_vmOpenShift Merge Robot2019-08-12
|\ | | | | Add another Fedora VM with cgroups v2 enabled
| * Cirrus: Add verification for cgroupv2 imageChris Evich2019-08-12
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Add experimental fedora VM image & testChris Evich2019-08-12
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Minor, use newer Ubuntu base imageChris Evich2019-08-12
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | cirrus: install crunGiuseppe Scrivano2019-08-12
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #3594 from cevich/second_partitionOpenShift Merge Robot2019-08-10
|\ | | | | Add Second partition for storage-drive testing
| * Cirrus: Add Second partition for storage testingChris Evich2019-08-01
| | | | | | | | | | | | | | | | | | | | This is mainly/initially to support use of Cirrus-CI in https://github.com/containers/buildah since that setup re-uses the VM images from this project. However, it also opens doors here, if libpod ever needs/wants to do things with a dedicated storage device and/or storage-drivers. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Enable updates-testing repo for FedoraChris Evich2019-08-09
|/ | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Fix release dependenciesChris Evich2019-07-31
| | | | | | | | | | | | | | | | | | | | | The release-task ***must*** always execute last, in order to guarantee a consistent cache of release archives from dependent tasks. It accomplishes this by verifying it's task-number matches one-less than the total number of tasks. Previous to this commit, a YAML anchor/alias was used to avoid duplication of the dependency list between 'success' and 'release' However, it's been observed that this opens the possibility for 'release' and 'success' tasks to race when running on a PR. Because YAML anchor/aliases cannot be used to modify lists, duplication is required to make 'release' actually depend upon 'success'. This duplication will introduce an additional maintenance burden. Though when adding a new task, it's already very easy to forget to update the 'depends_on' list. Assist both cases by the addition unit-tests to verify ``.cirrus.yml`` dependency contents and structure. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Fix re-run of release task into no-op.Chris Evich2019-07-31
| | | | | | | | | | This task depends upon other tasks caching their binaries. If for whatever reason the `release` task is re-run and/or is out-of-order with it's dependents, the state of cache will be undefined. Previously this would result in an error, and failing of the release task. This commit alters this behavior to issue a warning instead. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Ubuntu: Set + Test for $RUNC_BINARYChris Evich2019-07-25
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Simplify evil-unit check in imageChris Evich2019-07-25
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Silence systemd-banish noiseChris Evich2019-07-25
| | | | | | | | | | It's somewhat hard to predict which units are certinly present for any given base-image. Therefore, at image-build time, it's distracting and unhelpful to see all the errors about units that don't exist, on every platform. Simply ignore them and rely on the `check_image.sh` test to confirm none are enabled. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Fix image build metadata updateChris Evich2019-07-25
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Fix missing -n on CentOSChris Evich2019-07-25
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Minor scripting typo fixChris Evich2019-07-18
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #3335 from cevich/imgpruneOpenShift Merge Robot2019-07-17
|\ | | | | Cirrus: Print images that should be pruned
| * Cirrus: Print images that should be prunedChris Evich2019-07-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Over time unless they're removed, the project could grow quite a large collection of VM images. While generally cheap (less than a penny each, per month), these will become a significant cost item if not kept in-check. Add a specialized container for handling image-pruning, but limit it to only finding and printing (not actually deleting) images. Also update the image-building workflow so that base-images used to compose cache-images are also labeled with metadata. N/B: As an additional safeguard, the service account which executes the new container in production *DOES NOT* have access to delete images. This can be enabled by adding the GCE IAM role: CustomComputeImagePrune Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Add image-test for locked dpkgChris Evich2019-07-16
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Disable most periodic services/timersChris Evich2019-07-16
| | | | | | | | | | | | | | | | | | | | For CI testing, it's important to remove as much variability from the overall system as possible. This permits focusing just on problems closely related to code-changes. To this end, and because VMs are very short-lived (2 hours at most), disable all systemd services and timers which perform periodic activities. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Abstract destination branch refs.Chris Evich2019-07-15
|/ | | | | | | | | | | | | | | | | Various tasks and scripts behave differently depending on whether or not the build is running against a PR or on a branch, post-merge. However, a great number of them are hard-coded to the string 'master' as the destination. Since this is not always the case (there are other relevant branches), it makes sense to abstract the references with a single definition. Add a top-level `$DEST_BRANCH` variable to CI, and otherwise default to 'master' when unset. This enables running CI builds on additional branches without the overhead of updating all the static references to 'master'. Simply update `$DEST_BRANCH` at the top-level and all branch-conditional logic will function as intended. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Fix missing removal of packaged podmanChris Evich2019-07-12
| | | | | | This was originally intended, but somehow omitted from #1936 Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #3106 from cevich/cirrus_releaseOpenShift Merge Robot2019-07-10
|\ | | | | Cirrus: Automate releasing of tested binaries
| * Cirrus: Automate releasing of tested binariesChris Evich2019-07-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's desirable to make archives available of builds containing actual tested content. While not official distro-releases, these will enable third-party testing, experimentation, and development for both branches (e.g. "master") and pull requests (e.g. "pr3106"). * Add a Makefile targets for archiving both regular podman binaries and the remote-client. Encode release metadata within these archives so that their exact source can be identified. * Fix bug with cross-compiling remote clients for the Windows and Darwin platforms. * Add unit-testing of cross-compiles for Windows and Darwin platforms. * A few small CI-script typo-fixes * Add a script which operates in two modes: 1. Call Makefile targets which produce release archives. Upload the archive to Cirrus-CI's built-in caching system using reproducible cache keys. 2. Utilize reproduced cache keys to attempt download of cache from each tasks. When successful, parse the file's release metadata, using it to name the archive file. Upload all recovered archives to a publicly accessible storage bucket for future reference. * Update the main testing task to call the script in mode #1 for all primary platforms. * Add a new `$SPECIALMODE` task to call the script in mode #1 for Windows and Darwin targets. * Add a new 'release' task to the CI system, dependent upon all other tasks. This new tasks executes the script in mode #2. * Update CI documentation Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Use packaged dependenciesChris Evich2019-06-27
|/ | | | | | | | | | | | | | | | | | Building/installing dependencies from fixed source-version ensures testing is reliable, but introduces a maintenance burden and risks testing far outside of a real-world environment. The sensible alternative is to install dependencies from distro-packaging systems. Install all development and testing dependencies at VM cache-image build time, to help ensure testing remains stable. The existing cache-image build workflow can be utilized at any future time to build/test with updated packages. ***N/B***: This does not update any dockerfiles used by testing, that is left up to future efforts. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: More tests to verify cache_imagesChris Evich2019-06-25
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #3078 from cevich/cirrus_f30OpenShift Merge Robot2019-06-19
|\ | | | | Cirrus F30
| * Cirrus: Fix F30 ssh guaranteeChris Evich2019-06-14
| | | | | | | | | | | | | | The original solution using --wait does not function on F30, waiting forever. Replace it with a simple 5-minute timeout loop. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Add support for testing F30Chris Evich2019-06-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove disused `build_cache_images` task, and update relevant dockerfiles for F30. Fix problem of cloud-init failing to expand root-device on boot (/var/lib/cloud/instance left in improper state). Fix problem of cloud-init racing with google-network-daemon.service on boot (looking for cloudconfig metadata too early). Causing root-device to _sometimes_ fail to expand. Fix problem of hack/get_ci_vm.sh argument passing. Signed-off-by: Chris Evich <cevich@redhat.com>