summaryrefslogtreecommitdiff
path: root/contrib/cirrus
Commit message (Collapse)AuthorAge
* Enable detached exec for remoteMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | The biggest obstacle here was cleanup - we needed a way to remove detached exec sessions after they exited, but there's no way to tell if an exec session will be attached or detached when it's created, and that's when we must add the exit command that would do the removal. The solution was adding a delay to the exit command (5 minutes), which gives sufficient time for attached exec sessions to retrieve the exit code of the session after it exits, but still guarantees that they will be removed, even for detached sessions. This requires Conmon 2.0.17, which has the new `--exit-delay` flag. As part of the exit command rework, we can drop the hack we were using to clean up exec sessions (remove them as part of inspect). This is a lot cleaner, and I'm a lot happier about it. Otherwise, this is just plumbing - we need a bindings call for detached exec, and that needed to be added to the tunnel mode backend for entities. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Cirrus: Fix image-name hintsChris Evich2020-05-14
| | | | | | | | | This properly prints out image-name hints when executing the hack script without any arguments. It is required due to changes made by Ed for test-name beatification. An identical change was made and reviewed by Ed in the containers/storage repo. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Update Ubuntu 18 to 20Chris Evich2020-05-14
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Remove libpod.conf from repoMatthew Heon2020-05-12
| | | | | | | | | | | Now that we're shipping containers.conf, we don't want to provide a libpod.conf anymore. This removes libpod.conf from the repo and as many direct uses as I can find. There are a few more mentions in the documentation, but someone more familiar with containers.conf should make those edits. Signed-off-by: Matthew Heon <mheon@redhat.com>
* set binding tests to requiredBrent Baude2020-05-08
| | | | | | | | | | | | | | | | | some small fix ups for binding tests and then make them required. update containers-common V2 bindings tests were failing because of changes introduced in commit a2ad5bb. Fix some typos. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> in the case where the specgen attribute for Env and Labels are nil, we should should then make the map IF we have labels and envs that need to be added. Signed-off-by: Brent Baude <bbaude@redhat.com>
* CI:DOCS: Document API docs + CORS maintenanceChris Evich2020-05-06
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Utilize new base imagesChris Evich2020-04-30
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* cirrus: Update to Fedora 32 properChris Evich2020-04-30
| | | | | | | | Now that it's officially released, update to it from the beta. Also (and significant), adjust the SELinux context of the GCP metadata service. Add a comment to the code explaining why this is necessary. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Unify package installationChris Evich2020-04-24
| | | | | | | Also, test-build critical container images depended upon for CI-purposes. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Add support for Fedora 32Chris Evich2020-04-20
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: More Ubuntu 19 + Fedora 31Chris Evich2020-04-20
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Log formatter: add BATS summary lineEd Santiago2020-04-17
| | | | | | | | | | | | | | | | | BATS emits a summary line (number of tests passed/failed)... but only on a tty or when run with --pretty! In our CI context, with TAP output, it gives no end summary. Fix that. Keep track of 'ok', 'not ok', and 'skipped', and display the counts at the end. Also: add a regression test. You don't need to review or even read it: it's stark, and I'm not even enabling it for CI because it almost certainly won't run due to missing Perl library modules. It's just something I need on my end. Signed-off-by: Ed Santiago <santiago@redhat.com>
* logformat: handle apiv2 results, add anchor linksEd Santiago2020-04-08
| | | | | | | | | | | | | | apiv2 tests emit TAP-compliant output; recognize it and highlight it the same way we do BATS tests. Add anchor links to TAP output, so other tools (e.g. cirrus-flake-summarize) can link to particular lines And, remove a "-f" from "wait" in test-apiv2; looks like there's some version of bash used in some CI VM that doesn't grok it. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: Minor docs updateChris Evich2020-03-30
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #5368 from cevich/opensuse_ubuntu_packagesOpenShift Merge Robot2020-03-28
|\ | | | | Opensuse openbuild ubuntu + buildah packages
| * Cirrus: Enable future installing buildah packagesChris Evich2020-03-19
| | | | | | | | | | | | | | | | | | Many of the packages required for CI in buildah overlap with libpod. When building new VM images, attempt to source a package list from the buildah repository. If found, also install the listed packages on the VM. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Include packages for buildah CIChris Evich2020-03-19
| | | | | | | | | | | | Also, move some setup steps at VM image build time to save runtime. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Update Ubuntu base imagesChris Evich2020-03-19
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Use opensuse open build Ubuntu packagesChris Evich2020-03-19
| | | | | | | | | | | | This is necessary as the projectatomic PPA is no longer maintained. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #4340 from cevich/libseccomp_updateOpenShift Merge Robot2020-03-28
|\ \ | | | | | | Log libseccomp package version
| * | Cirrus: Log libseccomp package versionChris Evich2020-02-26
| | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #5479 from cevich/auto_releaseOpenShift Merge Robot2020-03-23
|\ \ \ | |_|/ |/| | Cirrus: Disable non-docs release processing
| * | Cirrus: Disable non-docs release processingChris Evich2020-03-12
| | | | | | | | | | | | | | | | | | | | | | | | Detecting when it's time to upload a release inside Cirrus-CI is really difficult for many automation and human reasons. Disabling it for now until a more robust solution can be implemented Signed-off-by: Chris Evich <cevich@redhat.com>
* | | fix timeout file flakeBrent Baude2020-03-17
| | | | | | | | | | | | | | | | | | this is a temporary fix for the flake that has been troubling us. once conmon is in fedora 30 and 31 stable, we can remove this fix. the images will just need to be rebuilt. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Four small CI fixes:Ed Santiago2020-03-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) 'podman system info' (in logcollector): has been silently failing in special_testing_rootless, with: logcollector.sh: line 16: podman: command not found Use ./bin/podman instead of just podman; this is probably the right thing to do in the general case anyway 2) logformatter: highlight 'panic:', seen in bindings test: https://storage.googleapis.com/cirrus-ci-5385732420009984-fcae48/artifacts/containers/libpod/6693715108429824/html/integration_test.log.html 3) logformatter: handle Unicode bullet in front of 'Running', seen in bindings test. 4) logformatter: turn down contrast on BATS 'ok' results, for legibility Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | turn off color-mode for bindingsBrent Baude2020-03-12
|/ / | | | | | | | | | | the binding ginkgo tests were using color mode which throws in a bunch of ansi garbage that makes it hard to read the logs Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Fix spelling mistakes in code found by codespellDaniel J Walsh2020-03-07
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | add default network for apiv2 createBrent Baude2020-03-06
| | | | | | | | | | | | | | | | | | | | | | | | | | during container creation, if no network is provided, we need to add a default value so the container can be later started. use apiv2 container creation for RunTopContainer instead of an exec to the system podman. RunTopContainer now also returns the container id and an error. added a libpod commit endpoint. also, changed the use of the connections and bindings slightly to make it more convenient to write tests. Fixes: 5366 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #5039 from cevich/fix_gobin_exit_bugOpenShift Merge Robot2020-03-05
|\ \ | | | | | | Cirrus: Fix gate image & false-positive exits
| * | Cirrus: Fix gate image & false-positive exitsChris Evich2020-03-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A number of scripts relating to tooling used and the gate container image were not exiting upon errors as intended. Coupled with external service unavailability (i.e. downloading golangci-lint) was observed to cause difficult to debug failures. This change corrects the scripts inside/out of the gate container as well as fixes many golang related path consistency problems vs other CI jobs. After this change, all jobs use consistent path names reducing the number of special-case overrides needed. Lastly, I also made a documentation-pass, updating/correcting as needed, including documenting a likely local validation-failure mode, related to `$EPOCH_TEST_COMMIT`. This is dependent on the developers git environment, so documentation is the only possible "fix". Signed-off-by: Chris Evich <cevich@redhat.com>
* | | CI: format cirrus logsEd Santiago2020-03-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This introduces a new cirrus helper script, logformatter. Usage is: [commands...] | logformatter TEST-NAME It reformats its input into a readable, highlighed, linkable form. Some features: - boring stuff (timestamps, standard podman options) is deemphasized - important stuff (warnings, errors) is emphasized - in-page links to the actual failures - active links to source files - jumps to bottom of page on load, because that's where the errors are. (All errors are linked) Add it to select test commands (integration, system) and add a new artifacts_html, run in the 'always' block, which uploads generated *.log.html into Cirrus; from there we generate a live URL that can be viewed in browser. Unfortunately, due to security concerns in Cirrus, it is not currently possible to make the link a live one. Kludge: add a line of dashes after Restoring images; without this, the first test ("systemd PID 1") has no dashes before it, so logformatter doesn't see it. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | CI: add API v2 testsEd Santiago2020-03-02
|/ / | | | | | | | | | | | | | | | | | | API v2 has been quiet for a few days, and the test script is actually passing. Let's take advantage of this opportunity to get them running in CI. Requires adding a check for cgroupsv2 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Cirrus: Force runc use in F30Chris Evich2020-02-28
| | | | | | | | | | | | | | | | | | | | | | Suspect crun might be sneaking in during VM image build via podman RPM dependency. Add it to the removal list when building, then also force use of runc at runtime in F30. Also quote all true/false vars to force them as strings instead of booleans (which will become capitalized) Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Remove unnecessary handle_crun workaroundChris Evich2020-02-28
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Print env. vars at end of setup.Chris Evich2020-02-28
| | | | | | | | | | | | | | There are a number of env. vars set during the setup script. Therefore displaying them at end of the script is more helpful for debugging. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Fix not growing Fedora rootChris Evich2020-02-28
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | CI: package_versions: include hostinfo, kernelEd Santiago2020-02-27
|/ | | | | | | | | | | | | | In the package_versions CI step, include Fedora/Ubuntu version, uname -r, and cgroups version. Cgroups version is simply the FS type of /sys/fs/cgroup, which shows 'tmpfs' for v1 and 'cgroup2fs' for v2. I don't think it's worth the effort to prettify those into 'v1/v2' - I think our readers are sophisticated enough to figure it out from context - but am willing to add that feature if requested. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: SELinux Enforcing for F31 w/ CGv2Chris Evich2020-02-25
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: collect podman system infoChris Evich2020-02-25
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: F31: Force systemd cgroup mgrChris Evich2020-02-25
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Handle runc->crun when both are possibleChris Evich2020-02-25
| | | | | | | | | | In some distributions it's possible to have both runc and crun installed and/or for podman to be confused about which to use. In these instances, force the decision by adding `OCI_RUNTIME=/usr/bin/crun` into `/etc/environment`. Also in-place modify libpod.conf to use 'crun' instead of 'runc' Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Use deadline elevator in F31Chris Evich2020-02-25
| | | | | | | | | | | | The default scheduler is BFQ but integration tests run into https://bugzilla.redhat.com/show_bug.cgi?id=1767539 aka https://bugzilla.kernel.org/show_bug.cgi?id=205447 Using the deadline elevator as a workaround. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Support testing with F31Chris Evich2020-02-25
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* enable ci on go binding testsBrent Baude2020-02-22
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* [CI:DOCS]Connect API docs and RTDbaude2020-01-17
| | | | Signed-off-by: baude <bbaude@redhat.com>
* post-process swagger yaml for publishbaude2020-01-17
| | | | | Signed-off-by: baude <bbaude@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #4817 from rhatdan/codespellOpenShift Merge Robot2020-01-13
|\ | | | | Add codespell to validate spelling mistakes in code.
| * Add codespell to validate spelling mistakes in code.Daniel J Walsh2020-01-11
| | | | | | | | | | | | Fix all errors found by codespell Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Cirrus: Fix libpod base images going staleChris Evich2020-01-10
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | VM Base images are used as a starting point for runtime VM images. The in-use VM base images should never be pruned, which is an operation that potentially occurs periodically from automation running on the master branch of the libpod repo. However the only place which updates timestamps (blocking pruning) of base images, occurs during runtime VM image building. Therefor, if images are not regularly rebuilt, it's possible their base images go stale and are pruned. Changes: * Add freshly-produced base images (old ones got pruned) * Wrap the timestamp update script to include base image names in the update list. Notes: * Regularly updating base image timestamps only needs to happen on the libpod repo's meta task, since all base images live there. * Using a wrapper is needed to maintain compatibility with multiple versions of the imgts container image used by other repos / branchs. Signed-off-by: Chris Evich <cevich@redhat.com>