summaryrefslogtreecommitdiff
path: root/contrib/cirrus
Commit message (Collapse)AuthorAge
* Cirrus: use dnf instead of rpm to install packagesLokesh Mandvekar2022-08-02
| | | | Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* CI: new check for leftover skips/fixmesEd Santiago2022-07-28
| | | | | | | If a PR says "Fixes #123", make sure it removes skips and/or FIXME comments that reference issue 123. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: enable Fedora 36 aarch64 tasks on EC2Lokesh Mandvekar2022-07-27
| | | | | | | | | | | new file: test/e2e/config_arm64.go Tests that fail on aarch64 have been skipped with `skip_if_aarch64`. Co-authored-by: Chris Evich <cevich@redhat.com> Co-authored-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Bump VMs, to Ubuntu 2204 with cgroups v1Ed Santiago2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...and enable the at-test-time confirmation, the one that double-checks that if CI requests runc we actually use runc. This exposed a nasty surprise in our setup: there are steps to define $OCI_RUNTIME, but that's actually a total fakeout! OCI_RUNTIME is used only in e2e tests, it has no effect whatsoever on actual podman itself as invoked via command line such as in system tests. Solution: use containers.conf Given how fragile all this runtime stuff is, I've also added new tests (e2e and system) that will check $CI_DESIRED_RUNTIME. Image source: https://github.com/containers/automation_images/pull/146 Since we haven't actually been testing with runc, we need to fix a few tests: - handle an error-message change (make it work in both crun and runc) - skip one system test, "survive service stop", that doesn't work with runc and I don't think we care. ...and skip a bunch, filing issues for each: - #15013 pod create --share-parent - #15014 timeout in dd - #15015 checkpoint tests time out under $CONTAINER - #15017 networking timeout with registry - #15018 restore --pod gripes about missing --pod - #15025 run --uidmap broken - #15027 pod inspect cgrouppath broken - ...and a bunch more ("podman pause") that probably don't even merit filing an issue. Also, use /dev/urandom in one test (was: /dev/random) because the test is timing out and /dev/urandom does not block. (But the test is still timing out anyway, even with this change) Also, as part of the VM switch we are now using go 1.18 (up from 1.17) and this broke the gitlab tests. Thanks to @Luap99 for a quick fix. Also, slight tweak to #15021: include the timeout value, and reword message so command string is at end. Also, fixed a misspelling in a test name. Fixes: #14833 Signed-off-by: Ed Santiago <santiago@redhat.com>
* [CI:DOCS] Cirrus: Add prominent gitlab warningChris Evich2022-07-21
| | | | | | | It was not obvious enough in the scripts how much of a snowflake this environment is. Fix that with lots of capitalized words and asterisks. Signed-off-by: Chris Evich <cevich@redhat.com>
* Run codespellDaniel J Walsh2022-07-18
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* CI: sanity check for desired runtimeEd Santiago2022-07-12
| | | | | | | | | | | | | | | We're still not testing runc in CI (#14833), and it may be weeks or months before we can, due to criu/glibc nightmare, but one day we'll be back on track, then later on we'll update VMs again, and screw it up, and lose runc, and not notice, and RHEL will break, and oh noes headless chicken again, repeat repeat. We can do better. Use .cirrus.yml to explicitly define which VMs should use which runtimes, and enforce it early in the CI build step. This should never fail (uh huh) in a PR, only in one of the update-VM PRs. Signed-off-by: Ed Santiago <santiago@redhat.com>
* logformatter: link by *task ID*, not build IDEd Santiago2022-07-11
| | | | | | | | | Reason: task IDs are unique and permanent; linking by build ID and task name is non-unique, because Re-run. Fixes: #14863 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: Add podman-machine integration testChris Evich2022-07-01
| | | | | | | | | | | | | | | | | | | | | | | The podman-machine integration tests are designed to execute on bare-metal, since they perform significant work with virtual-machines. This test is costly to run at scale, so it is limited to being manually triggered by developers (for now). A 'trigger' button will appear in the task status page of the Github WebUI once all test dependencies are met. In the Cirrus-CI WebUI, there is also a 'pre-trigger' button that may be pressed if a developer doesn't wish to wait. Also: * Add a `localmachine` target in the `Makefile` on the off-chance developers wish to execute locally. Update the `ginkgo-run` target to accommodate re-use by the new `localmachine` target. * Exclude `podman_machine` task from `success` dependency verification. This also involves adding an exception to `cirrus_yaml_test.py` otherwise it will complain loudly. * ***NOTE*** Inclusion of `ec2_instance` in *any* task will cause `hack/get_ci_vm.sh` to barf and be non-functional. Future updates will be made to restore functionality. Before then, simply comment out the `ec2_instance` section as a temporarily workaround. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Fix elevator workaround multi-cloud supportChris Evich2022-07-01
| | | | | | | | | | | | | | | | In order to support execution on various non-GCP cloud environments, the BFQ scheduler workaround needs updating. Previously it assumed the root disk was always `/dev/sda`. With the addition of new clouds (AWS) and different environment types, the assumption is not always valid. Update the workaround to take care in looking up the block device where '/' comes from. Also update the scheduler to 'none', as all modern clouds already have highly optimized underlying storage configurations. There's no reason to complicate I/O paths further by hard-coding specific scheduler(s) for all environment types. Signed-off-by: Chris Evich <cevich@redhat.com>
* podman image scp remote support & podman image scp taggingcdoern2022-06-28
| | | | | | | | | | | | | | | | | | | add support for podman-remote image scp as well as direct access via the API. This entailed a full rework of the layering of image scp functions as well as the usual API plugging and type creation also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image they are loading to the local/remote machine: allow users to pass a "new name" for the image they are transferring `podman tag` as implemented creates a new image im `image list` when tagging, so this does the same meaning that when transferring images with tags, podman on the remote machine/user will load two images ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify `podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process Signed-off-by: Charlie Doern <cdoern@redhat.com>
* Merge pull request #14608 from edsantiago/logformatter_new_urlopenshift-ci[bot]2022-06-22
|\ | | | | logformatter: link to logs using Cirrus API
| * logformatter: link to logs using Cirrus APIEd Santiago2022-06-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One day we may use AWS for part of CI. Do you want to maintain two separate code paths in this script for linking to artifacts in multiple cloud providers? Can you say no? I knew you could. Cirrus already knows the location of the artifacts and provides a transparent mechanism for accessing them. Use it. This PR exposed a nasty bug in our environment-variable handling: envariables passed through to the containerized environment were being double-space-escaped, so "FOO=a b" ended up as "FOO=a\ b" (with a backslash), with one consequence being invalid URLs. The solution is simple: run 'podman -e FOO', not '-e FOO=value'. Finally, reinstate the environment-variable dump (in comments). I had removed this in a moment of panic over leaking secrets, but no, that doesn't happen. Exclude scary-sounding vars anyway. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Fix spelling "setup" -> "set up" and similarErik Sjölund2022-06-22
|/ | | | | | | | | | * Replace "setup", "lookup", "cleanup", "backup" with "set up", "look up", "clean up", "back up" when used as verbs. Replace also variations of those. * Improve language in a few places. Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Cirrus: Simplify only_if/skip + optimize multiarchChris Evich2022-06-07
| | | | | | | | | | | | | | | | | | Using both the 'skip' and 'only_if' features at the same time may be hard for maintainers to decipher. Consolidate them into `only_if` since that bypasses creation of the task all together - meaning there are potentially fewer tasks for a developer to scroll through. Since the `multiarch` Cirrus-Cron build no-longer depends on the direct "build-ability" from the current repo. state, it can be further optimized. When operating in this context, avoid running many/most other tasks, depending instead only on `ext_svc_check`. Finally, add a simple document describing the various runtime contexts along with the list of expected tasks. Reference this prominently right in front of every `only_if` so it's impossible for a maintainer to miss. Signed-off-by: Chris Evich <cevich@redhat.com>
* Makefile: Handle unexpected empty var. valuesChris Evich2022-06-01
| | | | | | | | | | | | | | | | | | Fixes #14021 Substitution values built from `$(shell ...)` output can easily be empty due to the shell's default `pipefail` behavior. This can also hide non-zero exit codes, similarly resulting in empty values being set. While not a perfect fix, the situation is improved by using the `err_if_empty` function in all cases where empty values would be unexpected. Remove the definitions for `GIT_BRANCH` and `GIT_BRANCH_CLEAN` which don't seem to actually be used anywhere (including in code). Add a simple release-test to verify `podman info` outputs a non-empty value for "GitCommit". Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Fix several TODOsChris Evich2022-05-26
| | | | | | | | Most were simply deleted, the main one addressed is in the "pre-testing" `ext_svc_check.sh` script. It will now verify accessibility of several key test images we maintain in `quay.io`. Signed-off-by: Chris Evich <cevich@redhat.com>
* ci: pr-should-include-tests: add more exceptionsKir Kolyshkin2022-05-17
| | | | | | Add .golangci.yml, podman.spec.rpkg, and non top-level Makefiles. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* Fix hang in build-each-commit testEd Santiago2022-05-11
| | | | | | | | | | Followup to #14178: I broke CI. "--fork-point" does not do what I thought it did, so remove it. Also, add 'set -x' to help us debug the next time something like this happens. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #14179 from cevich/ensure_dest_branchOpenShift Merge Robot2022-05-10
|\ | | | | Cirrus: Guarantee $DEST_BRANCH is passed through
| * Cirrus: Guarantee $DEST_BRANCH is passed throughChris Evich2022-05-10
| | | | | | | | | | | | | | | | | | | | | | | | | | There are several runtime contexts (rootless and container) where `$DEST_BRANCH` is needed but was not supplied. A prior commit (c4865767171b) removed the default value, `main` which was being set incorrectly when CI ran on release branches. Fix this by ensuring the variable is non-empty upon entry to `setup_environment.sh`, then ensure it gets passed through to child environments by way of the `/etc/ci_environment` file. This will maintain compatibility with both CI and `hack/get_ci_vm.sh` use. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Update images + new automation libraryChris Evich2022-05-10
| | | | | | | | | | | | | | | | Add support for new automation library version w/ `$DEBUG` fix (ref: containers/automation_images#128) and added definitions for commonly used Distro/version variables. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Simplify use of cache in automationChris Evich2022-05-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the increasingly complex `.cirrus.yml` task relationships, build cache wasn't always working as intended. Recently, non-build tasks were observed assuming authority over `gopath_cache`. Ref.: https://github.com/containers/podman/pull/13998#issuecomment-1108834538 Address this by an overall simplification using artifacts instead of cache. Using artifacts allows establishing concrete authorship/authority over cached repo. content. In this way, dependent tasks may simply consume the artifact with `curl` instead of relying on complex caching algorithms. Also/Minor: Add YAML checking to the pre-commit configuration. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Simplify rootless ssh setupChris Evich2022-05-10
|/ | | | | | | | | | | | | The sshd service is guaranteed to be running by the VM image build process - it's required by the packer tool for access. Remove the startup and check on the sshd service. For many tests, man ssh connections to/from $ROOTLESS_USER on the host are needed. To facilitate this, the localhost key is added to `known_hosts` for root and `$ROOTLESS_USER`. Simplify this setup using the `ssh-keyscan` tool. Signed-off-by: Chris Evich <cevich@redhat.com>
* bloat check: make more robustEd Santiago2022-05-10
| | | | | | | | | | | | | | | | | | | The use of 'C^' (parent) in 'git rebase' is counterintuitive, at least to me: when C is a merge of multiple commits, rebase picks each of those commits. That probably makes good sense to a git expert, which I'm not. Solution: forget using '^', just calculate the baseline sizes by doing a checkout of the PR's parent. Also: compute PR parent using git-merge-base instead of blindly trusting $DEST_BRANCH (which may be volatile as other PRs are merged). Also: run git-rebase directly, not via make rule. That indirection is too confusing here. Signed-off-by: Ed Santiago <santiago@redhat.com>
* test skipper: check for $DEST_BRANCHEd Santiago2022-05-09
| | | | | | | | | | | | | | The test-skipping optimization is failing as rootless on non-main, because $DEST_BRANCH is not set. Solution: check for envariable, skip test if missing. (This was part of my original PR, but was accidentally removed in #14013) Also: DEST_BRANCH was silently being defaulted to 'main' in lib.sh. Remove that: per @cevich, it is no longer necessary. Fixes: #14131 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: Fix ownership of repos. to keep git happyChris Evich2022-04-27
| | | | | | | | | | | | | | | | | | Newer versions of git are much more pedantic about who owns the repository files. When setting up to run rootless, prior to this commit, the repo. ownership was changed from root. This causes all subsequent git-operations as root to fail: ``` fatal: unsafe repository ('<$GOSRC>' is owned by someone else) ``` Fix this by re-ordering operations, such that the change in ownership is done immediately before executing as a user. Also disable the git-ownership check on the source repository assuming the CI environment is disposable. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Temporarily update netavark/aardvark-dnsChris Evich2022-04-27
| | | | | | | | | | | | Normally installing/updating packages at test runtime is highly discouraged for reliability and efficiency reasons. However, in this specific case, development work of these packages is still fairly hot. As a compromise to support podman test development, temporarily update these two specific packages at runtime. At a future date, when updates are less frequent, this commit can/should be safely reverted. At that point, the versions installed at VM image build time will persist. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Test w/ netavark/aardvark-dns in F36+Chris Evich2022-04-27
| | | | | | | | | | | | | | | | | | | | Now that netavark and aardvark are packaged and default in F36, support CNI-based testing in F35 and Ubuntu. * Remove the temporary/special `$TEST_ENVIRON=host-netavark` construct. * Remove dedicated/special integration and system testing tasks. * Update test-config setup to properly handle CNI vs netavark/aardvark environments. * Update package-version logging to operate based on installed packages (along with some other minor script cleanups). * Update global environment setup to force `$NETWORK_BACKEND=netavark` in F36 and later. Except when `upgrade_test` task runs. * Discontinue installing netavark and aardvark-dns binaries from upstream build artifacts. * Drop CGV1-vs-2 policy check. Ubuntu VMs now exclusively test CGv1, Fedora VMs test CGv2, with F35 testing CNI and F36 testing Netavark. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Fix skipping all/most testsChris Evich2022-04-26
| | | | | | | | | | The originally intent for skipping tests based on change-content was to optimize the PR workflow. However, a mistake in a conditional is causing almost all tasks running for Cron and branches to be skipped. Fix this by checking for an empty '$CIRRUS_PR' variable. This value is always empty when operating outside of PRs. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Re-fix build-cache miss on mainChris Evich2022-04-25
| | | | | | | | | | | | | | After merging #13998 it was observed that the `docker-py` task was still failing with the same error on `main`. The original quick-fix had placed the full-build (`make`) call too late in the process. This commit moves it up to right before the `make install` call which was resulting in an error. Again, a further future commit is planned to re-work and simplify the entire cache setup. This is only a quick fix to make branch-builds pass. Signed-off-by: Chris Evich <cevich@redhat.com>
* Revert "Cirrus: Fix cirrus cache race on bin/podman"Chris Evich2022-04-25
| | | | | | This reverts commit 2f53259a8d5cd8022e797ea22a354a63bef1803a. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #13998 from cevich/fix_docker-py_testOpenShift Merge Robot2022-04-25
|\ | | | | Cirrus: Fix cirrus cache race on bin/podman
| * Cirrus: Fix cirrus cache race on bin/podmanChris Evich2022-04-25
| | | | | | | | | | | | | | | | | | | | | | A suspected race on uploading gopath cache is causing the docker-py (and possibly other) tasks to fail unpredictably with an error from `make` regarding missing `bin/podman`. Since this failure is affecting all development activity, apply a quick/dirty fix to the failing task, by simply rebuilding the binary. A more comprehensive/long-term fix will be worked in a future PR. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Revert "Switch all rootful to rootfull"Ashley Cui2022-04-25
|/ | | | | | | | | | This reverts commit cc3790f332d989440eb1720e24e3619fc97c74ee. We can't change rootful to rootfull because `rootful` is written into the machine config. Changing this will break json unmarshalling, which will break existing machines. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* Increase verbosity and sequencing of APIv2 testingChris Evich2022-04-22
| | | | | | | | | | | The default verbosity level does not show the classes or function names. This makes it difficult to debug problems like hangs. Also, separate the bats and python-based tests into two sections. This allows for easier debugging, since isolation can be done in `runner.sh` rather than mucking with the `Makefile`. Lastly, update the logformatter script to `autoflush stdout` (thanks @edsantiago). Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #13964 from rhatdan/rootfullOpenShift Merge Robot2022-04-22
|\ | | | | Switch all rootful to rootfull
| * Switch all rootful to rootfullDaniel J Walsh2022-04-21
| | | | | | | | | | | | | | | | | | We are inconsistent on the name, we should stick with rootfull. [NO NEW TESTS NEEDED] Existing tests should handle this and no tests for machines exists yet. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #13956 from cevich/fix_git_idOpenShift Merge Robot2022-04-22
|\ \ | |/ |/| Cirrus: Fix missing git-enforced runtime identity
| * Cirrus: Fix missing git-enforced runtime identityChris Evich2022-04-21
| | | | | | | | | | | | | | | | | | Newer versions of git (like `2.35`) fail on certain operations (like `rebase` and `am`) without a local identity. Add a fake one from the start, with a clearly identifiable test-value to avoid problems at runtime. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Optimization: skip tests in some circumstancesEd Santiago2022-04-21
|/ | | | | | | | | | | | | | | A common pattern is to submit PRs that update only tests or docs. When the only changes are to test/e2e, there is no point in running test/system or test/upgrade or test/buildah-bud. Likewise, reciprocally, and similarly for a bunch of other tests (alt, cross, apiv2, ...) And when the only changes are under docs/ , there is no point in running any of the above. Exception: if $CIRRUS_<mumble> are undefined (e.g., cron), never skip Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: Allow manually running image-build taskChris Evich2022-03-31
| | | | | | | | | | Building multi-arch images in a standardized way is complex. Some of the builds themselves can take a really long time to run (over an hour). Make changes easier to test inside a PR by adding manually-triggered image-build tasks. These mirror most of the real cron-triggered task, without actually pushing the final images. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #13653 from jmontleon/fix-manifest-push-headerOpenShift Merge Robot2022-03-27
|\ | | | | Resolves #13629 Add RegistryAuthHeader to manifest push
| * Resolves #13629 Add RegistryAuthHeader to manifest pushjason2022-03-26
| | | | | | | | Signed-off-by: Jason Montleon <jmontleo@redhat.com>
* | Merge pull request #13602 from edsantiago/size_check_part2OpenShift Merge Robot2022-03-24
|\ \ | |/ |/| Binary growth check, part 2 of 2
| * Binary growth check, part 2 of 2Ed Santiago2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a CI check to prevent unwanted bloat in binary images, by building a baseline (pre-PR) binary then comparing file sizes post-PR. Part 1 (#13518) added a new script that runs multiple 'make's, comparing image sizes against an original, and failing loudly if growth is too big. An override mechanism is defined. This is part 2 of 2: adding the CI rule. We couldn't do that in part 1, because the rule would call a script that didn't exist in the pre-PR commit. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #13559 from cevich/success_artifactsOpenShift Merge Robot2022-03-23
|\ \ | |/ |/| [CI:BUILD] Cirrus: Publish binary artifacts on success
| * Cirrus: Publish binary artifacts on successChris Evich2022-03-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In general continuous-delivery (CD) tends to pair well with CI. More specifically, there is a need for some reverse-dependency CI testing in netavark/aardvark-dns. In all cases, the download URL needs to remain consistent, without elements like `Build%20for%20fedora-35`. The 'Total Success' task only ever executes when all dependencies are successful. When a non `[CI:DOCS]` build is successful, gather all binary/release artifacts in a new task which depends on 'Total Success'. This will provide a uniform name (`artifacts`) and URL for downstream users to use. For example: https://api.cirrus-ci.com/v1/artifact/github/containers/podman/artifacts/binary.zip or https://api.cirrus-ci.com/v1/artifact/github/containers/podman/artifacts/binary/FILENAME Where ***FILENAME*** is one of: * `podman` * `podman-remote` * `rootlessport` * `podman-release-386.tar.gz` * `podman-release-amd64.tar.gz` * `podman-release-arm64.tar.gz` * `podman-release-arm.tar.gz` * `podman-release-mips64le.tar.gz` * `podman-release-mips64.tar.gz` * `podman-release-mipsle.tar.gz` * `podman-release-mips.tar.gz` * `podman-release-ppc64le.tar.gz` * `podman-release-s390x.tar.gz` * `podman-remote-release-darwin_amd64.zip` * `podman-remote-release-darwin_arm64.zip` * `podman-remote-release-windows_amd64.zip` * `podman-v4.0.0-dev.msi` Signed-off-by: Chris Evich <cevich@redhat.com>
* | Fix unreadable netavark logsEd Santiago2022-03-22
|/ | | | | | | | | | | ginkgo netavark logs (and, to a lesser extent, cni logs) are unreadable because the hide-boring-opts code did not know about --network-backend. Now it does. Manually filtered an existing netavark log to confirm there are no other new options we should know about. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #13540 from mheon/fix_11822OpenShift Merge Robot2022-03-18
|\ | | | | Deduplicate between Volumes and Mounts in compat API