mirror of https://github.com/containers/conmon.git
189 lines
5.9 KiB
YAML
189 lines
5.9 KiB
YAML
---
|
|
|
|
# Main collection of env. vars to set for all tasks and scripts.
|
|
env:
|
|
####
|
|
#### Global variables used for all tasks
|
|
####
|
|
CONMON_SLUG: "github.com/containers/conmon"
|
|
|
|
# Overrides default location (/tmp/cirrus) for repo clone (will become $SRC)
|
|
CIRRUS_WORKING_DIR: "/var/tmp/src/${CONMON_SLUG}"
|
|
# Required so $ENVLIB gets loaded and /bin/sh is not used
|
|
CIRRUS_SHELL: "/bin/bash"
|
|
# Save a little typing (path relative to $CIRRUS_WORKING_DIR)
|
|
SCRIPT_BASE: "./contrib/cirrus"
|
|
# Spoof self as travis, as cirrus has the same test issues as travis does
|
|
TRAVIS: "true"
|
|
|
|
# VM Image built in containers/automation_images
|
|
IMAGE_SUFFIX: "c20250721t181111z-f42f41d13"
|
|
FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
|
|
|
|
# Container FQIN's
|
|
FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}"
|
|
PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}"
|
|
|
|
|
|
# Only github users with write-access can define or use encrypted variables
|
|
# This credential represents a service account with access to manage both VMs
|
|
# and storage.
|
|
gcp_credentials: ENCRYPTED[13e51806369f650e6ccc326338deeb3c24052fc0a7be29beef2b96da551aed3200abbb6c6406a936bb4388fb2758405c]
|
|
|
|
|
|
# Default VM to use unless set or modified by task
|
|
gce_instance:
|
|
image_project: "libpod-218412"
|
|
zone: "us-central1-f" # Required by Cirrus for the time being
|
|
cpu: 2
|
|
memory: "4Gb"
|
|
disk: 200 # Required for performance reasons
|
|
image_name: "${FEDORA_CACHE_IMAGE_NAME}"
|
|
|
|
|
|
# Default timeout for each task
|
|
timeout_in: '120m'
|
|
|
|
# Verify conmon package can be built and installed on Fedora
|
|
fedora_packaging_task:
|
|
alias: fedora_packaging
|
|
|
|
# Runs within Cirrus's "community cluster"
|
|
container:
|
|
cpu: 1
|
|
memory: 4
|
|
|
|
matrix:
|
|
- name: "Packaging for Fedora"
|
|
container:
|
|
image: "${FEDORA_CONTAINER_FQIN}"
|
|
- name: "Packaging for Fedora N-1"
|
|
container:
|
|
image: "${PRIOR_FEDORA_CONTAINER_FQIN}"
|
|
|
|
script:
|
|
- dnf install -y rpm-build libseccomp-devel
|
|
- cd $CIRRUS_WORKING_DIR
|
|
- make
|
|
- make -f .rpmbuild/Makefile
|
|
- rpmbuild --rebuild conmon-*.src.rpm
|
|
- dnf remove -y conmon
|
|
- dnf -y install ~/rpmbuild/RPMS/x86_64/conmon*.x86_64.rpm
|
|
- ls -l /usr/bin/conmon
|
|
|
|
timeout_in: '20m'
|
|
|
|
|
|
# Verify build completes successfully
|
|
build_task:
|
|
# Runs within Cirrus's "community cluster"
|
|
container:
|
|
image: "${FEDORA_CONTAINER_FQIN}"
|
|
cpu: 1
|
|
memory: 4
|
|
|
|
script:
|
|
- dnf install -y make glib2-devel git gcc pkg-config systemd-devel libseccomp-devel
|
|
- cd $CIRRUS_WORKING_DIR
|
|
- make
|
|
- make test
|
|
|
|
|
|
# Verify code was fmt'ed properly
|
|
fmt_task:
|
|
# Runs within Cirrus's "community cluster"
|
|
container:
|
|
image: "${FEDORA_CONTAINER_FQIN}"
|
|
cpu: 1
|
|
memory: 4
|
|
|
|
script:
|
|
- dnf install -y clang clang-tools-extra
|
|
- cd $CIRRUS_WORKING_DIR
|
|
- make fmt
|
|
- git diff --exit-code
|
|
|
|
|
|
# Build the static binary
|
|
static_binary_task:
|
|
alias: static_binary
|
|
|
|
# Community-maintained task, may fail on occasion. If so, uncomment
|
|
# the next line and file an issue with details about the failure.
|
|
# allow_failures: true
|
|
|
|
timeout_in: '360m'
|
|
|
|
gce_instance:
|
|
image_name: "${FEDORA_CACHE_IMAGE_NAME}"
|
|
cpu: 8
|
|
memory: 12
|
|
disk: 200
|
|
|
|
env:
|
|
# Do not use 'latest', fixed-version tag for runtime stability.
|
|
CTR_FQIN: "docker.io/nixos/nix:2.15.0"
|
|
# Authentication token for pushing the build cache to cachix.
|
|
# This is critical, it helps to avoid a very lengthy process of
|
|
# statically building every dependency needed to build conmon.
|
|
# Assuming the pinned nix dependencies in nix/nixpkgs.json have not
|
|
# changed, this cache will ensure that only the static conmon binary is
|
|
# built.
|
|
CACHIX_AUTH_TOKEN: ENCRYPTED[4c3b8d82b0333abf048c56a71f2559ddb1c9ed38f0c28916eca13f79affa5904cf90c76a5bd8686680c89f41079ef341]
|
|
|
|
matrix:
|
|
- name: "Static amd64 binary"
|
|
env:
|
|
TARGET: default.nix
|
|
- name: "Static arm64 binary"
|
|
env:
|
|
TARGET: default-arm64.nix
|
|
- name: "Static ppc64le binary"
|
|
env:
|
|
TARGET: default-ppc64le.nix
|
|
- name: "Static riscv64 binary"
|
|
env:
|
|
TARGET: default-riscv64.nix
|
|
- name: "Static s390x binary"
|
|
env:
|
|
TARGET: default-s390x.nix
|
|
|
|
build_script: |
|
|
set -ex
|
|
podman run -i --rm \
|
|
-e CACHIX_AUTH_TOKEN \
|
|
-v $PWD:$PWD:Z \
|
|
-w $PWD \
|
|
$CTR_FQIN \
|
|
sh -c \
|
|
"nix-env -iA cachix -f https://cachix.org/api/v1/install && \
|
|
cachix use conmon && \
|
|
nix-build nix/$TARGET && \
|
|
nix-store -qR --include-outputs \$(nix-instantiate nix/$TARGET) | grep -v conmon | cachix push conmon && \
|
|
cp -R result/bin ."
|
|
|
|
binaries_artifacts:
|
|
path: "bin/conmon"
|
|
|
|
# This task is critical. It updates the "last-used by" timestamp stored
|
|
# in metadata for all VM images. This mechanism functions in tandem with
|
|
# an out-of-band pruning operation to remove disused VM images.
|
|
meta_task:
|
|
name: "VM img. keepalive"
|
|
alias: meta
|
|
container:
|
|
cpu: 2
|
|
memory: 2
|
|
image: quay.io/libpod/imgts:latest
|
|
env:
|
|
# Space-separated list of images used by this repository state
|
|
IMGNAMES: >-
|
|
${FEDORA_CACHE_IMAGE_NAME}
|
|
BUILDID: "${CIRRUS_BUILD_ID}"
|
|
REPOREF: "${CIRRUS_REPO_NAME}"
|
|
GCPJSON: ENCRYPTED[08de2c74178470b1bc85a107e9962f06dbd11d33c7adf024d3e48ae4399ca5383f9d3ad0e2fd65c3ce12750dd6ef8803]
|
|
GCPNAME: ENCRYPTED[561ce33a9357e5b8e3fb54739c3af31730c0c3b736792f16a67026a8544379d83ff3c27d6fea1c7797a6ae49b6e58115]
|
|
GCPPROJECT: libpod-218412
|
|
clone_script: &noop mkdir -p $CIRRUS_WORKING_DIR
|
|
script: /usr/local/bin/entrypoint.sh
|