
ME=$(basename $0)

# BEGIN user-customizable section

# Buildah main repository; unlikely to change often

# Tag name used to identify the base checkout

# END   user-customizable section

usage="Usage: $ME [--help] [--no-checkout] [--no-test] [--filter=TESTNAME]

Flags, useful for manual debugging:

  --no-checkout   Skip checkout step, go directly to running tests
  --no-test       Do checkout only, but do not run tests
  --filter=NAME   Passed on to bats; runs only tests that match NAME

# Parse command-line options (used in development only, not in CI)
declare -a bats_filter=()
for i; do
    value=$(expr "$i" : '[^=]*=\(.*\)')
    case "$i" in
        --no-checkout)  do_checkout= ; shift;;
        --no-test)      do_test=     ; shift;;
        --filter=*)     bats_filter=("--filter" "$value"); shift;;
        -h|--help)      echo "$usage"; exit 0;;
        *)              echo "$ME: Unrecognized option '$i'" >&2; exit 1;;

# Patches helpers.bash and potentially other files (bud.bats? Dockerfiles?)
# The patch file is horrible to generate:
#    1) cd to the checked-out buildah/tests directory
#    2) make your edits
#    3) git commit -asm 'blah blah blah'
#       3a) if checked-out directory already includes earlier patches,
#           you may need to 'git commit --amend' instead
#    4) git format-patch HEAD^
#    5) sed -e 's/ \+$//' 0001* >../PATCH-FILE-PATH
#    6) vim that file, remove trailing empty newlines
#    7) cd back out of buildah directory, and git-commit this new patch file
# FIXME: this makes me nervous. The diff will probably need tweaking
#        over time. I don't think we need to version it, because we
#        *have* to be in lockstep with a specific buildah version,
#        so problems should only arise when we re-vendor.
#        But I'm still nervous and can't put my finger on the reason.
# Complicated invocation needed because we 'cd' down below.
BUD_TEST_DIR=$(realpath $(dirname ${BASH_SOURCE[0]}))

# Friendlier relative path to our buildah-tests dir
BUD_TEST_DIR_REL=$(dirname $(git ls-files --full-name ${BASH_SOURCE[0]}))
# Path to podman binary; again, do it before we cd
# If remote, start server & change path
if [[ "${PODBIN_NAME:-}" = "remote" ]]; then

function die() {
    echo "$ME: $*" >&2
    exit 1

# From here on out, any unexpected abort will try to offer helpful hints
trap 'if [[ $? != 0 ]]; then if [[ -n $failhint ]]; then echo;echo "***************************************";echo "$failhint";echo;echo "Please see $BUD_TEST_DIR_REL/README.md for advice";fi;fi' 0

# Find the version of buildah we've vendored in, so we can run the right tests
buildah_version=$(awk "\$1 == \"$BUILDAH_REPO\" { print \$2 }" <go.mod)

if [[ -z "$buildah_version" ]]; then
    # This should not happen
    die "Did not find '$BUILDAH_REPO' in go.mod"

# From here on out, any error is fatal
set -e

# Run sudo early, to refresh the credentials cache. This is a NOP under CI,
# but might be appreciated by developers who run this script, step away
# during the git-checkout-buildah step, then come back twenty minutes later
# to an expired sudo prompt and no tests have run. (No need to do this
# for checkout; only when running tests)
if [[ -n $do_test ]]; then
    sudo --validate

# Before pulling buildah (while still cd'ed to podman repo), try to determine
# if this is a PR, and if so if it's a revendoring of buildah. We use this to
# try to offer a helpful hint on failure.
if [[ -n $CIRRUS_CHANGE_IN_REPO ]]; then
    if [[ -n $DEST_BRANCH ]]; then
        # Base of this PR.
        base=$(set -x;git merge-base ${DEST_BRANCH} $head)
        changes=$(set -x;git diff --name-status $base $head)
        if [[ -n $changes ]]; then
            if [[ $changes =~ vendor/$BUILDAH_REPO ]]; then

# Pull buildah, including tests
if [[ -n $do_checkout ]]; then
    if [[ -d $buildah_dir ]]; then
        die "Directory already exists: $buildah_dir"

    # buildah_version should usually be vX.Y, but sometimes a PR under test
    # will need a special unreleased version (go calls then "pseudoversions").
    # In the usual case, we can do a shallow git clone:
    shallow_checkout="--branch $buildah_version"
    if [[ $buildah_version =~ .*-.*\.[0-9]{14}-.* ]]; then
        # ...but with a pseudoversion, we must git-clone the entire repo,
        # then do a git checkout within it

    failhint="'git clone' failed - this should never happen!"
    (set -x;git clone -q $shallow_checkout https://$BUILDAH_REPO $buildah_dir)

    cd $buildah_dir
    if [[ -z $shallow_checkout ]]; then
        # extract the SHA (rightmost field) from, e.g., v1.2-YYYMMDD-<sha>

        failhint="'git checkout $sha' failed - this should never happen!"
        (set -x;git checkout -q $sha)

    # Give it a recognizable tag; this will be useful if we need to update
    # the set of patches
    (set -x;git tag $BASE_TAG)

    # Build buildah and the copy helper
    failhint="error building buildah. This should never happen."
    (set -x;make bin/buildah)
    failhint="error building buildah's copy helper. This should never happen."
    (set -x;make bin/copy)

    # The upcoming patch may fail. Before we try it, create a helper script
    # for a developer to push a new set of diffs to podman-land.
    sed -e "s,\[BASETAG\],${BASE_TAG},g" \
        -e "s,\[BUILDAHREPO\],${BUILDAH_REPO},g" \
        < ${BUD_TEST_DIR}/make-new-buildah-diffs \
        > make-new-buildah-diffs
    chmod 755 make-new-buildah-diffs

    # Apply custom patches. We do this _after_ building, although it shouldn't
    # matter because these patches should only apply to test scripts and not
    # to any buildah sources.
Error applying patch file. This can happen when you vendor in a new buildah.
You will want to:

  - look for 'test/*.rej'
  - resolve conflicts manually
  - git add test/helpers.bash
  - git am --continue
  - ./make-new-buildah-diffs
    (set -x;git am --reject <$PATCHES)

    # Now apply our custom skips and error-message changes. This is maintained
    # in a custom script, not a .diff file, because diffs are WAY too hard for
    # humans to read and update.
Error applying podman-specific deltas. This sometimes happens when you
vendor in a new buildah. You will want to:

  - inspect the errors shown above
  - find the corresponding lines in $BUD_TEST_DIR_REL/$APPLY
  - edit/delete them as necessary
    (set -x;$BUD_TEST_DIR/$APPLY)
    # Called with --no-checkout
    test -d $buildah_dir || die "Called with --no-checkout, but $buildah_dir does not exist"

    cd $buildah_dir

if [[ -n $do_test ]]; then
    failhint="Error running buildah bud tests under podman."
    if [[ -n $is_revendor ]]; then

It looks like you're vendoring in a new buildah. The likely failure
here is that there's a new test in bud.bats that uses functionality
not (yet) in podman build. You will likely need to 'skip' that test.

Is it possible that your PR breaks podman build in some way? Please
review the test failure and double-check your changes.

    (set -x;sudo env TMPDIR=/var/tmp \
                 REMOTE=$REMOTE \
                 BUILDAH_BINARY=$(pwd)/bin/buildah \
                 COPY_BINARY=$(pwd)/bin/copy \
                 bats "${bats_filter[@]}" tests/bud.bats)