summaryrefslogtreecommitdiff
path: root/contrib/cirrus
Commit message (Collapse)AuthorAge
* Cirrus: Fix obtaining a CI VMChris Evich2020-10-07
| | | | | | | | | Also removed automatic exection of setup_environment.sh since most people using this script are podman developers (not automation/CI folks). If executing the automation scripts is necessary, manual attendance to required variables like `$TEST_FLAVOR` is mandatory. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Fix running shellcheck locallyChris Evich2020-10-06
| | | | | | Also, check the contents of hack/get_ci_vm.sh Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus CI runner: refactorEd Santiago2020-10-06
| | | | | | | | | | | | | | | While reviewing #6784 I found myself having a lot of trouble with this script: it was a complicated mix of case statement and helper functions, requiring a reader to jump back and forth between the two. This PR defines a convention such that a given TEST_FLAVOR=foo must have a corresponding _run_foo() handler function. The goal is to have all TEST_FLAVOR-related code in one place, or at least less scattered (integration and system tests still rely on other helper functions). Signed-off-by: Ed Santiago <santiago@redhat.com>
* logformatter: run on system tests & bindingsEd Santiago2020-10-05
| | | | | | | | | | | | (that got accidentally dropped in the new Cirrus makeover). Note that 'dotest' does not actually 'do tests', it's only used for a small subset of tests. Also, make logformatter work better in the new Cirrus setup. Remove duplicate test/subtest, remove no-longer-used SPECIALMODE, and make the Cirrus build/task display a little cleaner. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: Fix branch-validation failureChris Evich2020-10-05
| | | | | | | | | | | When validating code on a branch, determining a starting commit to check from isn't as straightforward as it would seem. Default to using the SHA from last time CI was green. If for some reason that isn't available, use an obviously wrong value to cause an intentional failure. Entirely skip this check on tag-push, since determining a starting point is incredibly difficult to do automatically. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Implement podman automation 2.0Chris Evich2020-10-02
| | | | | | | | | | | | | | | | | | Reimplement CI-automation to remove accumulated technical-debt and optimize workflow. The task-dependency graph designed goal was to shorten it's depth and increase width (i.e. more parallelism). A reduction in redundant building (and 3rd party module download) was also realized by caching `$GOPATH` and `$GOCACHE` early on. This cache is then reused in favor of a fresh clone of the repository (when possible). Note: The system tests typically execute MUCH faster than the integration tests. However, contrary to a fail-fast/fail-early principal, they are executed last. This was implemented due to debug-ability related concerns/preferences of the primary (golang-centric) project developers. Signed-off-by: Chris Evich <cevich@redhat.com>
* logformatter: add Synopsis at top of each pageEd Santiago2020-10-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At the top of each generated page, add a Synopsis table with: PR number/name, and link to github Author name(s) Test name (fedora/ubuntu, rootless, etc) Cirrus build ID (usually uninteresting) Cirrus task ID (usu. important), with link to Cirrus The value of $SPECIALMODE This is all we can get from the Cirrus environment in which logformatter runs; we can't get things like cgroup manager or username that the test runs under. Note that the table is at the top, which is usually unseen because we autoscroll to the bottom on page load. I tentatively think that top is a more natural place for this info than bottom, but am willing to listen to arguments against. Also, one minor tweak: highlight podman commands in the BATS output. The idea is to make it easier for the eye to spot those, then copy/paste them to find a reproducer. And, sigh, disable the new 'podman network create' system test. It is flaking much too much. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Fix up errors found by codespellDaniel J Walsh2020-09-11
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Cirrus: Obsolete CI:IMG process & related filesChris Evich2020-09-09
| | | | | | | | | | | All VM-building functionality has been migrated to https://github.com/containers/automation_images Some container-build functions are still maintained here but are on a very-short list to also be migrated to the repository linked above. Signed-off-by: Chris Evich <cevich@redhat.com>
* WIP: update VM imagesEd Santiago2020-09-03
| | | | | | | | | | | | | | | | (This is an adoption of #7533 because Brent is on PTO). Pick up new crun and crio-runc. Also: renames from useful fedora-32 and -31 to less-useful names; presumably this is needed by something-something in the new VM setup. Also: tweak two e2e tests to more properly handle a kernel (5.8.4) with a greater set of capabilities than what we or crun can yet handle. Signed-off-by: Ed Santiago <santiago@redhat.com>
* use crio runc on CICID ubuntuBrent Baude2020-08-31
| | | | | | | when running CICD on Ubuntu where no cgroups v2, we need to use a newer runc for things like seccomp and the default ubuntu runc is not new enough. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Use `bash` binary from env instead of /bin/bash for scriptsSascha Grunert2020-08-17
| | | | | | | | It's not possible to run any of the scripts on distributions which do have `bash` not in `/bin`. This is being fixed by using `/usr/bin/env bash` instead. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Remove TEST_REMOTE_CLIENT from RCLIDaniel J Walsh2020-08-10
| | | | | | | | We know these are TEST_, hoping this makes the display in cirrus easier for users to see true|false, since this is the valuable information is. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Cirrus: Install golang 1.14 on UbuntuChris Evich2020-07-31
| | | | | | | This more/less reverts efd142214 + updates to 1.13 on all Ubuntus for all `containers` projects. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Add python packages to imagesChris Evich2020-07-31
| | | | | | | | | They are needed in support of future testing additions. Also reduce unnecessary output by not printing the downloaded package list. The set can be examined using other tooling if/when necessary. Signed-off-by: Chris Evich <cevich@redhat.com>
* System tests: new system-df and passwd testsEd Santiago2020-07-30
| | | | | | | | | | | | | | | | | | | | | | - New test for #6991 - passwd file is writable even when run with --userns=keep-id - Enable another keep-id test, commented out due to #6593 - New test for podman system df Also, independently, removed this line: apt-get -y upgrade conmon ...because it's causing CI failures, probably because of the boothole CVE, probably because the Ubuntu grub update was rushed out. I believe it is safe to remove this, because both Ubuntu 19 and 20 report: conmon is already the newest version (2.0.18~1). Signed-off-by: Ed Santiago <santiago@redhat.com>
* logformatter: more libpod-podman falloutEd Santiago2020-07-29
| | | | | | | | | | | Problem: formatted logs no longer have live links to sources in error-report lines. Cause: script was searching for '/libpod'. Solution: make it more flexible. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* CI - various fixesEd Santiago2020-07-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Primary purpose: upgrade crun to 0.14 on f31, in hopes of eliminating the 'cgroups.freeze' flake that is plaguing CI. While I'm at it: - remove a no-longer-needed dnf upgrade that was running in CI itself (not image building, in each actual CI run). The purpose was to upgrade conmon, but that was added a long time ago and the required conmon is now in stable. The effect of this dnf upgrade today was simply to cause flakes when fedora repos were offline. - remove a no-longer-needed check for varlink. - networking.sh : add a timeout! 'openssl s_client' will happily hang forever if a host is unreachable, which means we waste two hours waiting for Cirrus to time out. - timestamp.awk : include date (not just time) in START/END msgs. There are times when I'm looking at a CI log and it is ultra important to know if it is from yesterday or today. - add progress messages in some places where I've previously struggled to understand context in logs; and improve some unlikely error messages to include script name. ...then, after all that, wrote a new README about how to to all this. Hope it helps someone. Signed-off-by: Ed Santiago <santiago@redhat.com>
* CI: fix rootless permission errorEd Santiago2020-07-23
| | | | | | | | | | | | | CI runs are failing in special_testing_rootless: mkdir /var/tmp/go/pkg: permission denied Probable cause: #6822, which universally set GOPATH. Solution: in rootless setup, chown -R GOPATH as well as GOSRC (the latter was already being chowned). Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7050 from edsantiago/logformat_trim_remoteOpenShift Merge Robot2020-07-22
|\ | | | | logformatter: handle podman-remote
| * logformatter: handle podman-remoteEd Santiago2020-07-22
| | | | | | | | | | | | | | | | | | | | Oops! Logs of podman-remote tests are unreadable, they have multiple (useless) --remote options plus '--url /something/long' that makes it impossible to read the actual command being run. This commit strips off '--remote' entirely, and hides '--url' and its arg in the only-on-mouse-hover '[options]' text. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Cirrus: Add packages that provide htpasswdChris Evich2020-07-22
| | | | | | | | | | | | | | | | | | Mainly needed for buildah testing: the htpasswd command was removed from the upstream registry container image. Making it available on the host-side enables configuring details needed by the registry during it's initial setup. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Ensure GOPATH is properly set during image-buildsChris Evich2020-07-22
|/ | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #6992 from rhatdan/apparmorOpenShift Merge Robot2020-07-22
|\ | | | | Support default profile for apparmor
| * Support default profile for apparmorDaniel J Walsh2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently you can not apply an ApparmorProfile if you specify --privileged. This patch will allow both to be specified simultaniosly. By default Apparmor should be disabled if the user specifies --privileged, but if the user specifies --security apparmor:PROFILE, with --privileged, we should do both. Added e2e run_apparmor_test.go Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | logformatter: update MAGIC BLOB stringEd Santiago2020-07-20
|/ | | | | | | | | | | | | | | | | | | | | Fallout from libpod->podman repo name move: the HTML logs created by logformatter are no longer accessible. They render as: https://storage.googleapis.com/SECRET-5385732420009984-fcae48/artifacts/containers/podman/6313596734930944/html/integration_test.log.html (yes, "SECRET" instead of "cirrus-ci". Possibly because the GCE_SSH_USERNAME key, "cirrus-ci", was overzealously encrypted, making Cirrus censor any instances of the string in output. Let's see if this fixes it. But anyway this is a secondary unrelated bug). Reason: it looks like Cirrus "generated a new magic blob" when we renamed libpod -> podman. Chris was kind enough to locate the new magic blob and to give me a link to where we can discover it ourselves. I added that as a code comment. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Fix systemd pid 1 testBrent Baude2020-07-13
| | | | | | | | | | fedora removed the systemd package from its standard container image causing our systemd pid1 test to fail. Replacing usage of fedora to ubi-init. adding ubi images to the cache for local tests. also, remove installation of test/policy.json to the system wide /etc/containers Signed-off-by: Brent Baude <bbaude@redhat.com>
* system tests: invoke with abs path to podmanEd Santiago2020-06-23
| | | | | | | | | | | | | | | | | | | | | | Reversion of one part of #6679: my handling of 'realpath' would not work when $PODMAN is 'podman-remote --url etc'. Trying to handle that case got unmaintainable; so instead let's just force 'make {local,remote}system' to invoke with a full PODMAN path. This breaks down if someone runs the tests with a manual 'bats' invocation, but I think I'm the only one who ever does that. Since podman path will now be very long in the logs, add code to logformatter to abbreviate it like we do for the ginkgo logs. And, one thing that has bugged me for a long time: in the error logs, show a different prompt ('#' vs '$') to distinguish root vs rootless. This should make it much easier to see at-a-glance whether a log file is root or not. Add tests for it. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Do not share container log driver for execMatthew Heon2020-06-17
| | | | | | | | | | | | | | | | | | | | | When the container uses journald logging, we don't want to automatically use the same driver for its exec sessions. If we do we will pollute the journal (particularly in the case of healthchecks) with large amounts of undesired logs. Instead, force exec sessions logs to file for now; we can add a log-driver flag later (we'll probably want to add a `podman logs` command that reads exec session logs at the same time). As part of this, add support for the new 'none' logs driver in Conmon. It will be the default log driver for exec sessions, and can be optionally selected for containers. Great thanks to Joe Gooch (mrwizard@dok.org) for adding support to Conmon for a null log driver, and wiring it in here. Fixes #6555 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6530 from edsantiago/test_podman_remoteOpenShift Merge Robot2020-06-10
|\ | | | | Enable, then partially disable, podman-remote testing
| * WIP: Enable (and disable) remote testingEd Santiago2020-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-remote has not been tested. A principal part of the problem was #5387 - the YAML I wrote did not have the intended effect, it did not set TEST_REMOTE_CLIENT=true and because of my multiple iterations I did not catch this during testing. Part 1 of this PR is to fix .cirrus.yml to enable remote tests. Part 2 -- what I had first noticed and tried to fix -- is that rootless_test.sh was never running remote because, of course, envariables are not sent via ssh. I reworked integration_test.sh and rootless_test.sh to use a command-line decision instead. Part 3, sigh, is to disable one failing integration test and *all* system tests, because so many of the latter are failing. Addressing those failures needs to be done in subsequent PRs. Issues #6538, #6539, #6540 are filed for some of the problems I isolated. There will be more. Also, minor, fixed some stale references to varlink. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #6193 from cevich/conmon_ci_packagesOpenShift Merge Robot2020-06-09
|\ \ | |/ |/| Cirrus: Include packages for containers/conmon CI
| * Cirrus: Include packages for containers/conmon CIChris Evich2020-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows the containers/conmon repository to share the same VM images produced by containers/libpod. Included are several packages which are downloaded only since they might otherwise interfere with testing for some repos. This allows stable versions to be at the ready at testing runtime, avoiding any version updates surprising developers. Also, re-enable running the VM-image check test which was not working due to a logic problem in Cirrus-CI configuration. Update the neglected tests so that they pass on all distros. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #6521 from cevich/update_cors_docsOpenShift Merge Robot2020-06-09
|\ \ | | | | | | [CI:DOCS] Improve swagger+CORS metadata docs
| * | Improve swagger+CORS metadata docsChris Evich2020-06-09
| |/ | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | force bats version to v1.1.0Valentin Rothberg2020-06-08
| | | | | | | | | | | | | | | | We experienced regression when using the latest `v1.2.0-dev` bats in Ubuntu 20.04 (see github.com/containers/libpod/pull/6418). Using bats v1.1.0 worked in the Ubuntu test VM. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Enable Ubuntu tests in CIBrent Baude2020-06-08
|/ | | | | | Add updates required for ubuntu and run integration tests Signed-off-by: Brent Baude <bbaude@redhat.com>
* Attempt to turn on special_testing_in_podman testsDaniel J Walsh2020-06-04
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Enable detached exec for remoteMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | The biggest obstacle here was cleanup - we needed a way to remove detached exec sessions after they exited, but there's no way to tell if an exec session will be attached or detached when it's created, and that's when we must add the exit command that would do the removal. The solution was adding a delay to the exit command (5 minutes), which gives sufficient time for attached exec sessions to retrieve the exit code of the session after it exits, but still guarantees that they will be removed, even for detached sessions. This requires Conmon 2.0.17, which has the new `--exit-delay` flag. As part of the exit command rework, we can drop the hack we were using to clean up exec sessions (remove them as part of inspect). This is a lot cleaner, and I'm a lot happier about it. Otherwise, this is just plumbing - we need a bindings call for detached exec, and that needed to be added to the tunnel mode backend for entities. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Cirrus: Fix image-name hintsChris Evich2020-05-14
| | | | | | | | | This properly prints out image-name hints when executing the hack script without any arguments. It is required due to changes made by Ed for test-name beatification. An identical change was made and reviewed by Ed in the containers/storage repo. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Update Ubuntu 18 to 20Chris Evich2020-05-14
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Remove libpod.conf from repoMatthew Heon2020-05-12
| | | | | | | | | | | Now that we're shipping containers.conf, we don't want to provide a libpod.conf anymore. This removes libpod.conf from the repo and as many direct uses as I can find. There are a few more mentions in the documentation, but someone more familiar with containers.conf should make those edits. Signed-off-by: Matthew Heon <mheon@redhat.com>
* set binding tests to requiredBrent Baude2020-05-08
| | | | | | | | | | | | | | | | | some small fix ups for binding tests and then make them required. update containers-common V2 bindings tests were failing because of changes introduced in commit a2ad5bb. Fix some typos. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> in the case where the specgen attribute for Env and Labels are nil, we should should then make the map IF we have labels and envs that need to be added. Signed-off-by: Brent Baude <bbaude@redhat.com>
* CI:DOCS: Document API docs + CORS maintenanceChris Evich2020-05-06
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Utilize new base imagesChris Evich2020-04-30
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* cirrus: Update to Fedora 32 properChris Evich2020-04-30
| | | | | | | | Now that it's officially released, update to it from the beta. Also (and significant), adjust the SELinux context of the GCP metadata service. Add a comment to the code explaining why this is necessary. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Unify package installationChris Evich2020-04-24
| | | | | | | Also, test-build critical container images depended upon for CI-purposes. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Add support for Fedora 32Chris Evich2020-04-20
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>