summaryrefslogtreecommitdiff
path: root/contrib/cirrus
Commit message (Collapse)AuthorAge
* rootlessport: reduce memory usage of the processPaul Holzinger2021-10-12
| | | | | | | | | | | | | | | | | | | | | | Don't use reexec for the rootlessport process, instead make it a separate binary to reduce the memory usage. The problem with reexec is that it will import all packages that podman uses and therefore loads a lot of stuff into the heap. The rootlessport process however only needs the rootlesskit library. The memory usage is a concern since the rootlessport process will spawn two process per container which has ports forwarded. The processes stay until the container dies. On my laptop the current reexec version uses 47800 KB RSS. The new separate binary only uses 4540 KB RSS. This is more than a 90% improvement. The Makefile has been updated to compile the new binary and install it to the libexec directory. Fixes #10790 [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* It really should be no **NEW** tests neededEd Santiago2021-10-04
| | | | | | | | | | | | Accept both "NO TESTS NEEDED" and "NO NEW TESTS NEEDED". That was a usability mistake I made on Day One. Fixed it in Buildah but oops never got around to fixing it here. Also, fix the test suite script: remove a no-longer-working test case (changelog.txt, removed in #11467) and add a new test for commits that include the magic string. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: Fix defunct package metadata breaking cacheChris Evich2021-10-01
| | | | | | | | | | | | | | | | | | | | | Original workaround https://github.com/containers/podman/pull/11821 During VM image build, a number of packages are downloaded but not installed, since they may interfere with some testing. Then at runtime, where required, the packages are installed from cache and used. However, between image build and runtime it's possible the repository contents change, which will invalidate the package cache. Since the `--no-download --ignore-missing` options were used, the install will fail. Ref: https://github.com/containers/automation_images/issues/95 Fortunately, when it comes to the docker packages, no other dependencies are required and so `apt-get` isn't required. Switch to using a simple dpkg install command on the necessary files. If this ever breaks due to new dependencies, the list of files may simply be updated. Signed-off-by: Chris Evich <cevich@redhat.com>
* cirrus: gitlab: download packagesValentin Rothberg2021-10-01
| | | | | | | | | | It looks like the containerd.io package is not present anymore in the package cache which ultimately breaks CI since it's a requirement for docker. Hence, download the few packages instead of relying on the cache. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Cirrus: Add gitlab podman runner testChris Evich2021-09-27
| | | | | | | | | | Add execution of the downstream gitlab-runner tests using rootless podman through the magic of socket-level docker compatibility. Include a comment suggesting how to temporarily disable the test in case it fails beyond podman code scope. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cross-build release-archives w/ arch in filenameChris Evich2021-09-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #11417 Cross-building the podman-remote documentation requires a functional native architecture executable. However `make` only deals with files/timestamps, it doesn't understand if an existing binary will function on the system or not. This makes building cross-platform releases incredibly accident-prone and fragile. A practical way to deal with this, is via multiple conditional (nested) `make` calls along with careful manipulation of `$GOOS` and `$GOARCH`. Also, when cross-building releases be kind to humans and cleanup any non-native binaries left behind. Update the `Alt Arch. Cross` Cirrus-CI task to build release archives for all Linux architectures supported by golang and podman. Update the `OSX Cross` task to additionally build for the M1 (arm64) architecture. Finally, update the release process documentation to reflect the new locations (Cirrus-CI task names) for the release archives. Include a note about additional manual work being required to produce the signed `.dmg` file for MacOS. Signed-off-by: Chris Evich <cevich@redhat.com>
* CI: load ipv6 kernel modules for rootless testsPaul Holzinger2021-09-15
| | | | | | | | Rootless cni with ipv6 needs the `ip6_tables` module loaded, normally the cni plugins will load this module but as rootless it does not have the necessary permission to do so. Therefore we load it manually. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Remove changelog.txt from the repositoryjesperpedersen2021-09-07
| | | | | | | | | | | The changelog.txt file hasn't been kept in sync with release tags, especially on main, so remove it. The release notes will be featured in RELEASE_NOTES.md. Signed-off-by: jesperpedersen <jesper.pedersen@redhat.com> [NO TESTS NEEDED]
* Cirrus: Confirm CGv1 / CGv2 VM expectationsChris Evich2021-08-18
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Fix AVC denials in tests of volume mountsChris Evich2021-08-18
| | | | | | | | | This becomes a problem on hosts with upgraded policies. Ref: https://github.com/containers/podman/issues/10522 Also, made a small change to compose-test setup to reduce runtime. Signed-off-by: Chris Evich <cevich@redhat.com>
* Enable docker-py compat. testing w/ ignored resultChris Evich2021-08-09
| | | | | | | | | | Significant bitrot results in almost immediate test failure. This commit adds only the very basic, bare-minimum needed to get them started. ***TESTING RESULTS ARE IGNORED*** Signed-off-by: Chris Evich <cevich@redhat.com>
* Make rootless-cni setup more robustPaul Holzinger2021-07-06
| | | | | | | | | | | | | | | | | | | The rootless cni namespace needs a valid /etc/resolv.conf file. On some distros is a symlink to somewhere under /run. Because the kernel will follow the symlink before mounting, it is not possible to mount a file at exactly /etc/resolv.conf. We have to ensure that the link target will be available in the rootless cni mount ns. Fixes #10855 Also fixed a bug in the /var/lib/cni directory lookup logic. It used `filepath.Base` instead of `filepath.Dir` and thus looping infinitely. Fixes #10857 [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* update shell completion scriptsPaul Holzinger2021-07-02
| | | | | | | | | | | | | The new cobra v1.2.0 release brings a number of bug fixes for shell completion scripts. Regenerate the scripts with `make completions` to sync them with the upstream version, currently we have some custom ones to avoid some upstream bugs. Because the new cobra version has all fixes we should use the upstream scripts. Add a check to CI to ensure we always use the up to date scripts. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Cirrus: Fixes due to master->main renameChris Evich2021-06-30
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Don't require tests for github-actions & metadataChris Evich2021-04-30
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Update Ubuntu images to 21.04Chris Evich2021-04-27
| | | | | | | | | | | | | Also simplify `lib.sh` after supporting changes incorporated into automation library 2.x+ (present in all VM and container images). * No need to force-load `/etc/profile` and handle it's expectation to **not** being in `errexit` mode. * Slightly re-arrange loading of automation library files for clarity. * Update comments. Signed-off-by: Chris Evich <cevich@redhat.com>
* Fixes from make codespellDaniel J Walsh2021-04-21
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* compose test: try to get useful data from flakesEd Santiago2021-04-13
| | | | | | | | | | | | | | | | | | | | docker-compose test continues to flake even after #9961. Let's try to get some useful data from the failures, by: * adding -S (--show-error) to curl. With just -s (--silent), curl is completely quiet. With -S, it displays errors. (Not in TAP form, but I'm OK with that) * oops, adding safety checks to the fix from #9961 (it was inadvertently clobbering the curl exit status) And, as long as I'm in this code: logformatter was not highlighting these results, because the '1..N' TAP line needs to be spit out at the end. Have test-compose emit a 'TAP' header <http://testanything.org/> and make logformatter recognize it. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Overhaul Makefile binary and release worflowsChris Evich2021-04-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Incorporate changes from abandoned #9918: Use dedicated `bin` sub-directories for `windows` and `darwin` when building `podman-remote`. The linux flavor remains under `bin` as before. * Fix MacOS Documentation-generation for release-packaging. The `install-podman-remote-%-docs` target requires local execution of `podman-remote`, but it was assuming GOOS=linux. Fix this by dynamically discovering the local OS/architecture type while still permitting cross-building of MacOS binaries under Linux. * Unify temporary directory/file behavior to use a common template. In case of left-over temporary items left in the repository, update the `clean` target accordingly to remove them. * Fix broken podman-remote-static and MacOS release archive targets mismatching the `podman-remote-%` target. Disambiguate this target for all platforms by spelling each out in full, instead of using a wild-card recipe. * Fix Windows-installer target to properly recognize existing output files and not constantly rebuild every time. * Include the podman version number in the Windows-installer target in case a user downloads multiple releases. * Include a subdirectory containing the podman version number for both `tar.gz` and `zip` targets. This prevents users clobbering existing directories when un-archiving from releases. Signed-off-by: Chris Evich <cevich@redhat.com>
* Exclude .gitignore from test req.Chris Evich2021-04-12
| | | | | | Also sort the explicit files by name, since the list is growing. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Use Fedora 34beta imagesChris Evich2021-04-07
| | | | | | Also, revert 4875a8fb Signed-off-by: Chris Evich <cevich@redhat.com>
* Exempt Makefile changes from test requirementsChris Evich2021-04-07
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Make use of shared get_ci_vm containerChris Evich2021-04-05
| | | | | | | | | | | Depends on: https://github.com/containers/automation_images/pull/57 https://github.com/containers/automation/pull/64 https://github.com/containers/automation/pull/66 https://github.com/containers/automation/pull/67 https://github.com/containers/automation/pull/68 Signed-off-by: Chris Evich <cevich@redhat.com>
* Add rootless docker-compose test to the CIPaul Holzinger2021-04-01
| | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* [NO TESTS NEEDED] Turn on podman-remote build --isolationDaniel J Walsh2021-03-26
| | | | | | | | | | Currently podman only works with --isolation chroot. This PR fixes this by allowing the isolation mode to default to OCI and to also allow users to pass the isolation mode into the containers. The current tests for --isolation should cause this code to be tested. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* WIP: run buildah bud tests using podmanEd Santiago2021-03-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set of scripts to run buildah's bud.bats test using podman build in podman CI. podman build is not 100% compatible with buildah bud. In particular: * podman defaults to --layers=true; buildah to false * podman defaults to --force-rm=true; buildah to false * podman error exit status is 125; buildah is 2 * differences in error messages, command-line arguments Some of the above can be dealt with programmatically, by tweaking the buildah helpers.bash (BATS helpers). Some need to be tweaked by patching bud.bats itself. This PR includes a patch that will, I fear, need to be periodically maintained over time. There will likely be failures when vendoring in a new buildah, possibly because new tests were added for new features that don't exist in podman, possibly (I hope unlikely) if existing tests are changed in ways that make the patch file fail to apply. I've tried to write good instructions and to write the run script in such a way that it will offer helpful hints on failure. My instructions and code will be imperfect; I hope they will be good enough to merit continued use of this test (possibly with improvements to the instructions as we learn more about real-world failures). Signed-off-by: Ed Santiago <santiago@redhat.com>
* podman upgrade testsEd Santiago2021-02-23
| | | | | | | | Initial validation of using podman-in-podman to create an old-podman root, then use new-podman to play with the containers created therein. Signed-off-by: Ed Santiago <santiago@redhat.com>
* pr-should-include-tests: recognized "renamed" testsEd Santiago2021-02-22
| | | | | | | | git tries to recognize renamed files. This isn't always as helpful as intended. Turn it off, so we'll always see files as 'A'dded. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: Send cirrus-cron report e-mail to list.Chris Evich2021-02-08
| | | | | | | | | This mailing-list was established to allow people to sub/unsub from automated notifications. Add it to the list of destinations picked up by the Github Actions workflow `.github/workflows/check_cirrus_cron.yml`. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Collect ginkgo node logs artifactsChris Evich2021-02-03
| | | | | | | | | | | | | | | | | | | | In rare cases, it's possible for one of the ginkgo processes to "hang". When this occurs, the main output will contain this message: ``Ginkgo timed out waiting for all parallel nodes to report`` The only way to debug this was to look through concatenated printing of the ginkgo node logs. This is a tedious and daunting task, requiring special search knowledge, facing a "wall of text". Simplify the situation by collecting the node logs separately, as individual files in a cirrus-artifact. In this way, it's faster to figure out which test "hung" by examining each log individually. The log file which does not have a pass/fail summary at the end, indicates the last test hung (for whatever reason), and includes it's output (if any). Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #9063 from cevich/master_fix_validateOpenShift Merge Robot2021-01-30
|\ | | | | Cirrus: Fix running Validate task on branches
| * Cirrus: Fix running Validate task on branchesChris Evich2021-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to dbb9943 Despite skipping the `Smoke` check, it was observed on a *new* branch, the `validate` task (specifically `git-validation`) will fail. This is because: * `$CIRRUS_LAST_GREEN_CHANGE` will be empty on a new branch. * `$CIRRUS_BASE_SHA` is always empty for runs triggered by branch-push * `$EPOCH_TEST_COMMIT` will be set to `YOU_FOUND_A_BUG`. Fix this by eliminating the `Smoke` task entirely, simplifying all the `make validate` operations into the `validate` cirrus task. Ensure this task does not run when a new branch or tag is pushed. Also, eliminate the `$CIRRUS_BUILD_ID` value as it's confusing and not actually used anywhere. It was formerly used for building VM images, but this has moved to another repo entirely. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Build static podman-remoteChris Evich2021-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this commit, the "Static Build" task only produced a `bin/podman`. Update this to also include a `bin/podman-remote` binary. Update the pr-should-include-tests checker to ignore the `nix` directory, which isn't applicable. Lastly, restore the static build task to 'required' for CI success. Leaving the comment inplace in case it needs to be bypassed in the future on short notice. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #9082 from saschagrunert/static-buildOpenShift Merge Robot2021-01-27
|\ \ | |/ |/| Fix static build cache by using cachix
| * Fix static build cache by using cachixSascha Grunert2021-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It looks like we always hit the caching issue in Cirrus CI described within #8313. A solution around that is to use cachix, which has been pre-populated from my local machine. To push all (runtime and build) dependencies, we can leverage a pre-populated store by: ``` > nix-store -qR --include-outputs $(nix-instantiate nix/default.nix) | cachix push podman ``` The cache can be re-used by everybody to rapidly build static Podman binaries: https://app.cachix.org/cache/podman [NO TESTS NEEDED] Signed-off-by: Sascha Grunert <mail@saschagrunert.de>
* | Cirrus: Upload swagger YAML in every contextChris Evich2021-01-21
|/ | | | | | | | | | | | | | | | | | | The podman documentation site uses javascript to display API documentation at: http://docs.podman.io/en/latest/Reference.html As input, the javascript sources from a CORS-enabled Google Cloud Storage object. This commit ensures the storage object is present and updated for every Cirrus-CI execution context: Tags, Branches, and PRs. As of this commit, the documentation site only utilizes the object uploaded by the Cirrus-CI run on the `master` branch: `swagger-master.yaml`. The file produced and uploaded due to a PR is intended for testing purposes: Confirm it's generation and uploading are both functional. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: add bindings checksValentin Rothberg2021-01-20
| | | | | | | | | Make sure that bindings are in sync with the code. The check is similar to what's already being done with `make vendor`, so integrate the two. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #8911 from edsantiago/prs_must_include_testsOpenShift Merge Robot2021-01-20
|\ | | | | CI: smoke test: insist on adding tests on PRs
| * CI: smoke test: insist on adding tests on PRsEd Santiago2021-01-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On each PR (with a few exceptions), check the list of git-touched files, and abort if no tests are added. Include instructions on how to bypass the check if tests really aren't needed. Include a hardcoded exception list for PRs that only touch a well-known subset of "safe" files: docs, .cirrus.yml, vendor, version, hack, contrib, or *.md. This list is likely to need tuning over time. Add a test suite, but not one recognized by the new script (because it's a "*.t" file), so: [NO TESTS NEEDED] Signed-off-by: Ed Santiago <santiago@redhat.com>
* | runner.sh : deal with bash 'set -e'Ed Santiago2021-01-18
|/ | | | | | | | | | | Release trigger script failed[1] because the entire script runs under 'set -e'; so a 'grep -- -dev' that finds no results will cause a nonzero exit status and hence the entire script to fail. Work around that. [1] https://cirrus-ci.com/task/4541290882793472 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: Upd. ext. service check host listChris Evich2021-01-14
| | | | | | | | Since CI doesn't depend heavily on installing packages at runtime (there is some minor use) there's no need to exhaustively check repository mirror hosts. Remove them from the list. Signed-off-by: Chris Evich <cevich@redhat.com>
* CI: fix broken diagnostic message for -dev checkEd Santiago2021-01-13
| | | | | | | | | | | | | | | | | There's a CI check for the presence of "-dev" in podman-info output (it should not appear). This test is unlikely to fail, but if it ever does, the diagnostic output is unhelpful. This makes it helpful. Tested via: $ ln -s /bin/echo ~/bin/msg $ ln -s /bin/echo ~/bin/die $ TEST_FLAVOR=release ./contrib/cirrus/runner.sh ... Releases must never contain '-dev' in output of 'podman info' ( buildahVersion: 1.19.0-dev Version: 3.0.0-dev) Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #8900 from cevich/no_tag_testingOpenShift Merge Robot2021-01-12
|\ | | | | Cirrus: Skip most tests on tag-push
| * Cirrus: Skip most tests on tag-pushChris Evich2021-01-07
| | | | | | | | | | | | | | | | | | | | | | | | | | Due to various reasons, CI results (esp. testing tasks) are completely ignored for builds triggered by a new tag-push. Additionally, since many of the automation scripts are in the repo., any related failures/flakes would require code changes (therefore a new tag). Resolve this by skipping every testing-type task for builds triggered by tag-push. Only retain tasks which build things intended for consumption associated with a possible official release. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Add cross-compile test for alternative archesChris Evich2021-01-11
|/ | | | | | | Followup to https://github.com/containers/podman/pull/8907 that simply ensures cross-compiling podman completes. Signed-off-by: Chris Evich <cevich@redhat.com>
* SpellingJosh Soref2020-12-22
| | | | Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* Cirrus: Add support for Ubuntu 20.xChris Evich2020-12-15
| | | | | | | | | | | | | | | | | | | | | | | | | Previously automation always dropped the minor version number for distributions. This was intended for presentation and conditional simplicity. Bash does not support non-integer comparison natively. With the release of version 20.10, supporting testing with it and the LTS release (20.04) requires scripts to consider minor version numbers for Ubuntu VMs. This is necessary because many times in the past, some behaviors needed to be conditional on the release version number. With this commit, the images and embedded scripts/tooling uses an altered format of `$UBUNTU_NAME', `$PRIOR_UBUNTU_NAME`, and (crucially) `$OS_RELEASE_VER` and `$OS_REL_VER`. Any `.` characters appearing in the official version (from `/etc/os-release`) are dropped, and the result is concatenated. For example the current Ubuntu LTS version is `20.04`. Prior to this commit, `$OS_RELEASE_VER` would have been `20`. With this change, `$OS_RELEASE_VER` will now show `2004`. Similarly `20.10` is shown as `2010`. Signed-off-by: Chris Evich <cevich@redhat.com>
* contrib: drop mirror.chpc.utah.edu:443Giuseppe Scrivano2020-12-15
| | | | | | | | remove unused mirror from list of required host/ports: the host is unreachable due to DNS misconfiguration, and it doesn't look like we need it for anything anyway. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* add compose regression to cibaude2020-12-11
| | | | | | | to prevent any regressions, we should be running regression tests using compose. Signed-off-by: baude <bbaude@redhat.com>
* Fix storage.conf to define driver in the VMDaniel J Walsh2020-12-09
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>