Commit Graph

1106 Commits

Author SHA1 Message Date
Valentin Rothberg 4408072108 contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor
To avoid false positives if dependencies get bumped in test/tools.

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2022-11-10 10:39:27 +01:00
Chris Evich 0334d8d611
Cirrus: Add tests for GHA scripts
Also, fix the rerun_cirrus_cron workflow.  Thanks @ygalblum for spotting
the error.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-11-07 11:47:30 -05:00
Chris Evich d17b7d852a
Cirrus: Shellcheck github-action scripts
Signed-off-by: Chris Evich <cevich@redhat.com>
2022-11-07 11:46:34 -05:00
Chris Evich 2ee40287e0
Cirrus: shellcheck support for github-action scripts
This should help catch some obvious gaffs and/or style/lint type
problems.  Maybe.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-11-07 11:46:34 -05:00
Daniel J Walsh efbad590d7
Run codespell on code
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-11-04 10:57:41 -04:00
Chris Evich f3195c930b
Cirrus: Never skip running Windows Cross task
All the other Windows tasks depend on access to a podman-remote build
from the Alt. Arch. `Windows Cross` task.  Re-arrange the test-skipping
call to never skip here only.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-11-03 16:17:24 -04:00
Ed Santiago d7e70c7489 CI: set and verify DESIRED_NETWORK (netavark, cni)
We have CI tests running in netavark mode when CNI is desired.
Add a new .cirrus.yml envariable, CI_DESIRED_NETWORK, which
we then force-check in e2e and system tests. Simple copy/paste
of #14912 (the RUNTIME check) with manual s/RUNTIME/NETWORK/
and other minor changes.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-11-03 04:40:42 -06:00
Chris Evich 8530724555
Cirrus: Guarantee CNI testing w/o nv/av present
Comments added to code for clarity.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-11-02 13:42:06 -04:00
Chris Evich ecd1927b4c
Cirrus: Update to F37beta
Signed-off-by: Chris Evich <cevich@redhat.com>
2022-11-02 13:38:28 -04:00
Jason T. Greene 884350d999 Add Windows Smoke Testing
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2022-11-02 00:52:09 -05:00
Ed Santiago f0f12658de Test runners: nuke podman from $PATH before tests
We've had some oopsies in system tests:

    podman foo bar
    run podman foo bar

...all of which should be run_podman with underscore. Those
have been passing because /usr/bin/podman is the fallback
from $PATH. In those (few) cases, we haven't actually been
testing the podman we should be testing.

Solution: nuke /usr/bin/podman and podman-remote before
invoking system and unit tests. As an extra level of
paranoia, check for other podmans in $PATH - if any
exist, bail out with a fatal error.

Also: in a few cases where runner.sh invokes podman for
containerized something-something, run bin/podman instead
of podman from $PATH.

Also: fix existing dependencies on /usr/bin/podman

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-26 19:07:20 -06:00
Ed Santiago 4966f509bd logcollector: include aardvark-dns
(minor correction to package name)

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-24 06:16:33 -06:00
Urvashi Mohnani 30e66d6003 Set up minikube for k8s testing
Install and set up minikube so that we can
create a k8s cluster for testing.

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
2022-10-18 10:51:27 -04:00
Joakim Nohlgård 02bb7c2cf3 Podman image: Set default_sysctls to empty for rootless containers
Avoids the error "Error: error preparing container xyz... for attach:
crun: open /proc/sys/net/ipv4/ping_group_range: Read-only file system:
OCI runtime error" when using `podman run --net bridge` inside rootful
Podman running without --security-opt unmask=ALL (or 'unmask=/proc/*')

Signed-off-by: Joakim Nohlgård <joakim@nohlgard.se>
2022-10-18 09:27:20 +02:00
Chris Evich bb2b47dc70
Add swagger install + allow version updates in CI
Support swagger testing and optional runtime updates similar to
the current golangci-lint tool.  This allows developers to update the
version of swagger at runtime if needed.  Otherwise new CI VM images
will pick up the prescribed version at image build-time via
`make install.tools`.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-10-14 08:18:52 -04:00
Chris Evich 62bc8e3a18
Cirrus: Fix tag & branch go checks failing
When running on a branch or tag, `req_env_vars()` will call `exit(1)`
because `$CIRRUS_PR` is empty (as expected).  The original intention was
to simply skip language checks on non-PRs.  Fix the condition to match.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-10-03 12:23:46 -04:00
OpenShift Merge Robot 226977fafb
Merge pull request #16001 from cevich/image_readme
[CI:DOCS] Add quay-description update reminder
2022-09-30 15:28:15 +02:00
Chris Evich 66747351f0
[CI:DOCS] Add quay-description update reminder
Signed-off-by: Chris Evich <cevich@redhat.com>
2022-09-29 14:32:01 -04:00
Chris Evich 0660f5b7a4
Cirrus: Combine build and code consistency tasks
It's conceivable for CI to spend a lot of time testing code which
otherwise should be rejected due to quality problems.  Previously this
was validated in a dedicated task, however a failure would still fail
the CI run.  Simplify the number of CI tasks by combining the consistency
check at the tail-end of the build task.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-09-29 13:06:01 -04:00
Chris Evich 6c8a11b746
Cirrus: Combine pre-test checks into build task
Previously, two tasks always ran first, prior to anything else.  One to
verify network and external-service connectivity.  Another to verify
certain important `.cirrus.yml` standards are met.  However, as the
total number of tasks continues to grow, the need to keep these basic
checks as dedicated prerequisites is of decreasing value/importance.
Fold these two checks into a new `pretesting_script` component of the
Fedora `build` task, on both `x86_64` and `aarch64`.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-09-29 12:59:48 -04:00
OpenShift Merge Robot b7eee0b2ce
Merge pull request #15917 from cevich/check_new_go_code
[CI:BUILD] Check new go code
2022-09-29 01:12:03 +02:00
Ed Santiago 0fb95f95d2 CI: only make install.tools when needed
Reintroduce .install.foo targets into Makefile, and invoke
only the bare-minimum ones needed for each individual CI
step in setup_environment.sh.

Also add a retry to the golangci-lint curl, in hopes of
dealing with network flakes. And remove the -f (fail)
because it produces unhelpful logs.

Reason: saw about 25% CI flakes yesterday due to the golangci-lint
fetch, something about a timeout, and this was especially frustrating
because none of the steps actually needed lint. Quick reminder:
avoid network fetches unless absolutely necessary.

Fixes: #15892

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-27 05:52:34 -06:00
Chris Evich 527fc409e5
Cirrus: Add golang code consistency check script
Depends on #15893

Fixes: #15913

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-09-26 11:57:20 -04:00
OpenShift Merge Robot cf6136ffa5
Merge pull request #15813 from praveenkumar/podman-remote-container-file
[CI:BUILD] Contrib: Add containerfile to create podman-remote binary image
2022-09-26 16:32:30 +02:00
Praveen Kumar 8c627dfb57 Contrib: Add containerfile to create podman-remote binary image
Try to partial address #14664

Signed-off-by: Praveen Kumar <kumarpraveen.nitdgp@gmail.com>
2022-09-26 10:34:13 +05:30
Chris Evich 69ac1e36c4
Cirrus: Catch use of deprecated io/ioutil package
At the time of this commit, there's no easier way to detect this using
`golangci-lint` or the go tool (that I could find).  A future update
to the `go list` command may support detection, for now use a CI script.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-09-23 10:53:42 -04:00
Anjan Nath 23195646dc pkginstaller: use path_helper to add podman and helpers to path
path_helper(8) appends the contents of /etc/paths.d/podman-pkg to the
PATH env

[NO NEW TESTS NEEDED]

Signed-off-by: Anjan Nath <kaludios@gmail.com>
2022-09-19 12:08:01 +05:30
Jason T. Greene 744878a71c Add win-installer build/verify workflows to CI
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2022-09-06 16:17:31 -05:00
Jason T. Greene ecb9f99b88 Add new windows installer and build
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2022-09-06 16:12:09 -05:00
Ed Santiago 5faf4eff10 Cirrus: pick UIDs/GIDs starting at 1500, not 1000
Reason: looks like UIDs 1001, 1003, 1006 are already taken
in the CI VMs.

Fixes: #15573

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-08-31 13:47:05 -06:00
OpenShift Merge Robot 36cf6f572a
Merge pull request #15489 from ashley-cui/makepkg
[CI:DOCS] Automatically set podman version in pkginstaller
2022-08-25 16:58:17 -04:00
Ashley Cui b27bfbc71e [CI:DOCS] Automatically set podman version in pkginstaller
Allow the pkginstaller makefile target to take advantage of Podman's version binary, alleviating the need to manually set Podman's version (and inevitably forgetting to do so). This means the pkginstaller Makefile will automatically detect what version of Podman we're packaging.

Signed-off-by: Ashley Cui <acui@redhat.com>
2022-08-25 16:07:18 -04:00
SeongChan Lee 0e6a421ca6 Use tmpfiles.d specifiers instead of fixed path
Rootless Docker daemon exposes its API socket on
`$XDG_RUNTIME_DIR/docker.sock`. On tmpfiles.d, `%t` is same as
`$XDG_RUNTIME_DIR` in `--user` mode, and `/run` otherwise.
We can reuse the same config file for both mode with this change.

Signed-off-by: SeongChan Lee <foriequal@gmail.com>
2022-08-24 15:45:50 +09:00
Lokesh Mandvekar 2a6daa1e31
Cirrus: add podman_machine_aarch64
Run machine tests on every PR as label-driven machine test
triggering is currently hard to predict and debug.

Co-authored-by: Ed Santiago <santiago@redhat.com>
Co-authored-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2022-08-17 09:11:06 -04:00
Chris Evich a6af67ca90
Cirrus: Update podman-machine comment
Replace TODO comment with helpful hint for future maintainers.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-08-15 15:48:45 -04:00
Andrew Gunnerson d7f6d355b0
podman-kube@.service.in: Remove Restart=never option with typo
systemd expects the value of the option to be `no` instead, but this is
already the default behavior. This fixes the following warning when
running `systemctl status` on the unit:

    Failed to parse service restart specifier, ignoring: never

Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
2022-08-13 18:13:03 -04:00
William Entriken f26a5246e3
Fix updated link to install instructions
Signed-off-by: William Entriken <github.com@phor.net>
2022-08-11 20:34:59 -04:00
OpenShift Merge Robot 097cc6eb6d
Merge pull request #15225 from unknowndevQwQ/update_logo
[CI:DOCS]: update the podman logo
2022-08-09 14:28:59 +00:00
Anjan Nath 771a35e4b5 pkginstaller: use correct GOARCH value in case of arm build
to compile arm bits the GOARCH should be set to amd64 script
was wrongly using aarch64 instead

[NO NEW TESTS NEEDED]

Signed-off-by: Anjan Nath <kaludios@gmail.com>
2022-08-08 12:39:15 +05:30
unknowndevQwQ f4c53a41cf docs: update the podman logo
for podman/#15222

Signed-off-by: unknowndevQwQ <unknowndevQwQ@pm.me>
2022-08-07 09:11:53 +08:00
Lokesh Mandvekar 7ebaabb930
[CI:COPR] podman.spec.rpkg: add python3 dependency for el8
EL8 builds are failing because hack/markdown-preprocess needs python3
which AFAICT isn't included by default in EL8 build environments.

This commit also includes an additional `[CI:COPR]` mode which is
currently runs the same tests as `[CI:DOCS]` but could differ in future.

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2022-08-05 16:11:17 -04:00
Anjan Nath 623b0c57f6 pkginstaller: use correct GOARCH while building podman binaries
we were not using the correct GOARCH to build the podman remote
and podman-mac-helper binaries, this uses the ARCH value passed
to the make invocation to set the GORACH

[NO NEW TESTS NEEDED]

Signed-off-by: Anjan Nath <kaludios@gmail.com>
2022-08-04 16:54:11 +05:30
openshift-ci[bot] 0f002c1600
Merge pull request #15105 from anjannath/sign-qemu
Add steps to sign included qemu and notarize the built pkg
2022-08-03 17:55:57 +00:00
Anjan Nath 44212b90bb pkginstaller: makefile improvements to avoid redownloading
this updates downloading of gvproxy and qemu using a standard
makefile rule which will avoid downloading them again if  its
already downloaded

[NO NEW TESTS NEEDED]

Signed-off-by: Anjan Nath <kaludios@gmail.com>
2022-08-03 21:20:10 +05:30
Anjan Nath e6670cd297 pkginstaller: add makefile target to notarize the built pkg
[NO NEW TESTS NEEDED]

Signed-off-by: Anjan Nath <kaludios@gmail.com>
2022-08-03 21:20:10 +05:30
Anjan Nath c5029d2eea pkginstaller: sign qemu-system-* binary for the pkg
add file hvf.entitlements which has the com.apple.security.hypervisor
entitlement needed for qemu

[NO NEW TESTS NEEDED]

Signed-off-by: Anjan Nath <kaludios@gmail.com>
2022-08-03 21:20:10 +05:30
Lokesh Mandvekar 3a7a275c34
Cirrus: use dnf instead of rpm to install packages
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2022-08-02 14:19:48 -04:00
Ed Santiago 6764fe03d0 CI: new check for leftover skips/fixmes
If a PR says "Fixes #123", make sure it removes skips and/or
FIXME comments that reference issue 123.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-07-28 09:00:31 -06:00
Lokesh Mandvekar da98c88778
Cirrus: enable Fedora 36 aarch64 tasks on EC2
new file:   test/e2e/config_arm64.go

Tests that fail on aarch64 have been skipped with
`skip_if_aarch64`.

Co-authored-by: Chris Evich <cevich@redhat.com>
Co-authored-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2022-07-27 15:27:52 -04:00
OpenShift Merge Robot 5397a00a1c
Merge pull request #14540 from anjannath/pkginstaller
Add support for building macOS pkg installer
2022-07-27 02:02:44 +02:00
Anjan Nath c35ae7640c Add support for building macOS pkg installer
it installs podman and supporting binaries along with
qemu to have a functioning podman install using a pkg

podman and podman-mac-helper  is compiled from source

gvproxy binary is downloaded from its github releases
and qemu from github release of containers/podman-machine-qemu

[NO NEW TESTS NEEDED]

Signed-off-by: Anjan Nath <kaludios@gmail.com>
2022-07-26 21:05:17 +05:30
Ed Santiago 0a160fed77 Bump VMs, to Ubuntu 2204 with cgroups v1
...and enable the at-test-time confirmation, the one that
double-checks that if CI requests runc we actually use runc.
This exposed a nasty surprise in our setup: there are steps to
define $OCI_RUNTIME, but that's actually a total fakeout!
OCI_RUNTIME is used only in e2e tests, it has no effect
whatsoever on actual podman itself as invoked via command
line such as in system tests. Solution: use containers.conf

Given how fragile all this runtime stuff is, I've also added
new tests (e2e and system) that will check $CI_DESIRED_RUNTIME.

Image source: https://github.com/containers/automation_images/pull/146

Since we haven't actually been testing with runc, we need
to fix a few tests:

  - handle an error-message change (make it work in both crun and runc)
  - skip one system test, "survive service stop", that doesn't
    work with runc and I don't think we care.

...and skip a bunch, filing issues for each:

  - #15013 pod create --share-parent
  - #15014 timeout in dd
  - #15015 checkpoint tests time out under $CONTAINER
  - #15017 networking timeout with registry
  - #15018 restore --pod gripes about missing --pod
  - #15025 run --uidmap broken
  - #15027 pod inspect cgrouppath broken
  - ...and a bunch more ("podman pause") that probably don't
    even merit filing an issue.

Also, use /dev/urandom in one test (was: /dev/random) because
the test is timing out and /dev/urandom does not block. (But
the test is still timing out anyway, even with this change)

Also, as part of the VM switch we are now using go 1.18 (up
from 1.17) and this broke the gitlab tests. Thanks to @Luap99
for a quick fix.

Also, slight tweak to #15021: include the timeout value, and
reword message so command string is at end.

Also, fixed a misspelling in a test name.

Fixes: #14833

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-07-21 20:08:32 -06:00
Chris Evich bc6a48eebb
[CI:DOCS] Cirrus: Add prominent gitlab warning
It was not obvious enough in the scripts how much of a snowflake this
environment is.  Fix that with lots of capitalized words and asterisks.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-07-21 13:51:01 -04:00
Daniel J Walsh 5f848d89ed
Run codespell
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-07-18 10:42:04 -04:00
Ed Santiago da8c6a8eaf CI: sanity check for desired runtime
We're still not testing runc in CI (#14833), and it may be weeks
or months before we can, due to criu/glibc nightmare, but one day
we'll be back on track, then later on we'll update VMs again,
and screw it up, and lose runc, and not notice, and RHEL will
break, and oh noes headless chicken again, repeat repeat.

We can do better. Use .cirrus.yml to explicitly define which
VMs should use which runtimes, and enforce it early in the
CI build step. This should never fail (uh huh) in a PR,
only in one of the update-VM PRs.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-07-12 08:47:09 -06:00
openshift-ci[bot] a51a63023c
Merge pull request #14896 from edsantiago/logformatter_by_task
logformatter: link by *task ID*, not build ID
2022-07-12 13:54:11 +00:00
Erik Sjölund 377057b400 [CI:DOCS] Improve language. Fix spelling and typos.
* Correct spelling and typos.

* Improve language.

Co-authored-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
2022-07-11 21:59:32 +02:00
Ed Santiago 3ed323e1bb logformatter: link by *task ID*, not build ID
Reason: task IDs are unique and permanent; linking by
build ID and task name is non-unique, because Re-run.

Fixes: #14863

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-07-11 12:54:16 -06:00
Chris Evich 8cff1c2bf8
Cirrus: Add podman-machine integration test
The podman-machine integration tests are designed to execute on
bare-metal, since they perform significant work with virtual-machines.
This test is costly to run at scale, so it is limited to being manually
triggered by developers (for now).  A 'trigger' button will appear in the
task status page of the Github WebUI once all test dependencies are met.
In the Cirrus-CI WebUI, there is also a 'pre-trigger' button that may be
pressed if a developer doesn't wish to wait. Also:

* Add a `localmachine` target in the `Makefile` on the off-chance
  developers wish to execute locally.  Update the `ginkgo-run` target
  to accommodate re-use by the new `localmachine` target.
* Exclude `podman_machine` task from `success` dependency verification.
  This also involves adding an exception to `cirrus_yaml_test.py`
  otherwise it will complain loudly.
* ***NOTE*** Inclusion of `ec2_instance` in *any* task will cause
  `hack/get_ci_vm.sh` to barf and be non-functional.  Future updates will
  be made to restore functionality.  Before then, simply comment out
  the `ec2_instance` section as a temporarily workaround.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-07-01 11:25:47 -04:00
Chris Evich f58d7dbdab
Cirrus: Fix elevator workaround multi-cloud support
In order to support execution on various non-GCP cloud environments, the
BFQ scheduler workaround needs updating.  Previously it assumed the root
disk was always `/dev/sda`.  With the addition of new clouds (AWS) and
different environment types, the assumption is not always valid.  Update
the workaround to take care in looking up the block device where '/'
comes from.

Also update the scheduler to 'none', as all modern clouds already have
highly optimized underlying storage configurations.  There's no reason
to complicate I/O paths further by hard-coding specific scheduler(s) for
all environment types.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-07-01 11:25:47 -04:00
Valentin Rothberg c6fb533ca6 podman-play-kube template: rename to podman-kube
With the upcoming plans of introducing a podman-kube command with
various subcommands, rename the podman-play-kube systemd template
to podman-kube before releasing it.

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2022-06-30 17:09:51 +02:00
Chris Evich 64ec894c51
[CI:DOCS] Update podmanimage comment.
Drop a reference as to why the `rpm --setcaps...` line is needed, along
with a `TODO` reminder to check if it's still needed.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-06-29 11:35:56 -04:00
cdoern 6d3520e8b7 podman image scp remote support & podman image scp tagging
add support for podman-remote image scp as well as direct access via the API. This entailed
a full rework of the layering of image scp functions as well as the usual API plugging and type creation

also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image
they are loading to the local/remote machine:

allow users to pass a "new name" for the image they are transferring
`podman tag` as implemented creates a new image im `image list` when tagging, so this does the same
meaning that when transferring images with tags, podman on the remote machine/user will load two images
ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host

implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify
`podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check
which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process

Signed-off-by: Charlie Doern <cdoern@redhat.com>
2022-06-28 08:54:19 -04:00
Chris Evich 09754d21d0
[CI:DOCS] Minor update to podmanimage upstream docs
Add a reference to where/how podman is compiled for the 'upstream'
flavored image.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-06-24 10:52:06 -04:00
openshift-ci[bot] 8e88abda85
Merge pull request #14608 from edsantiago/logformatter_new_url
logformatter: link to logs using Cirrus API
2022-06-22 21:20:31 +00:00
Ed Santiago ef563c5a1e logformatter: link to logs using Cirrus API
One day we may use AWS for part of CI. Do you want to maintain
two separate code paths in this script for linking to artifacts
in multiple cloud providers? Can you say no? I knew you could.

Cirrus already knows the location of the artifacts and provides
a transparent mechanism for accessing them. Use it.

This PR exposed a nasty bug in our environment-variable handling:
envariables passed through to the containerized environment were
being double-space-escaped, so "FOO=a b" ended up as "FOO=a\ b"
(with a backslash), with one consequence being invalid URLs.
The solution is simple: run 'podman -e FOO', not '-e FOO=value'.

Finally, reinstate the environment-variable dump (in comments).
I had removed this in a moment of panic over leaking secrets,
but no, that doesn't happen. Exclude scary-sounding vars anyway.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-06-22 11:26:15 -06:00
Erik Sjölund aa4279ae15 Fix spelling "setup" -> "set up" and similar
* Replace "setup", "lookup", "cleanup", "backup" with
  "set up", "look up", "clean up", "back up"
  when used as verbs. Replace also variations of those.

* Improve language in a few places.

Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
2022-06-22 18:39:21 +02:00
Jason T. Greene ce3d0954a5 Open Windows tutorial after MSI installation
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2022-06-16 23:46:24 -05:00
OpenShift Merge Robot dfdc95754e
Merge pull request #14519 from rhatdan/Dockerfile
[CI:DOCS] Podman images generated with empty /etc/containers/storage.conf
2022-06-07 16:00:46 -04:00
OpenShift Merge Robot 496677925a
Merge pull request #14516 from cevich/podmanimage_docs
[CI:DOCS] Minor: Fix podmanimage README links
2022-06-07 15:58:34 -04:00
Daniel J Walsh 126686f3d7
Podman images generated with empty /etc/containers/storage.conf
The Containerfiles were built with sed -i, which is leading to empty
storage.conf files. This will cause Podman in a container to print
warning information about storage.driver not being set to something.

[NO NEW TESTS REQUIRED]

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-06-07 14:43:01 -04:00
Chris Evich 20aaaa382c
Minor: Fix podmanimage README links
Signed-off-by: Chris Evich <cevich@redhat.com>
2022-06-07 13:48:51 -04:00
Chris Evich 5fc3d871ad
Cirrus: Simplify only_if/skip + optimize multiarch
Using both the 'skip' and 'only_if' features at the same time may be
hard for maintainers to decipher.  Consolidate them into `only_if` since
that bypasses creation of the task all together - meaning there are
potentially fewer tasks for a developer to scroll through.

Since the `multiarch` Cirrus-Cron build no-longer depends on the direct
"build-ability" from the current repo. state, it can be further
optimized.  When operating in this context, avoid running many/most
other tasks, depending instead only on `ext_svc_check`.

Finally, add a simple document describing the various runtime contexts
along with the list of expected tasks.  Reference this prominently right
in front of every `only_if` so it's impossible for a maintainer to miss.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-06-07 11:39:26 -04:00
Chris Evich 335925f47f
Minor: Remove useless addition of storage.conf
This was an accidental leftover from an in-development implementation.
The `sed` command further down entirely replaces the file in the image.
Strip out the unnecessary 'storage.conf' ADD instruction.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-06-06 11:46:33 -04:00
tomsweeneyredhat 1fc5a107a0 [CI:DOCS] PodmanImage Readme touchup
@cevich recently renamed all the files named Dockerfile to Containerfile
in this directory.  Touching up the README.md to reflect that.

Also, as I was doing the submit, I noticed a couple of nits in the PR
request template and cleaned those up.

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2022-06-04 15:19:09 -04:00
OpenShift Merge Robot 0dda468192
Merge pull request #14437 from cevich/fix_podmanimage
[CI:BUILD] Podman image: Mass cleanup + fix missing storage.conf
2022-06-03 13:17:14 -04:00
OpenShift Merge Robot 2777ecd53e
Merge pull request #14435 from cevich/makefile_empty
Makefile: Handle unexpected empty var. values
2022-06-02 14:40:22 -04:00
Chris Evich 3fa09e9dba
Makefile: Handle unexpected empty var. values
Fixes #14021

Substitution values built from `$(shell ...)` output can easily be empty
due to the shell's default `pipefail` behavior.  This can also hide
non-zero exit codes, similarly resulting in empty values being set.
While not a perfect fix, the situation is improved by using the
`err_if_empty` function in all cases where empty values would be
unexpected.  Remove the definitions for `GIT_BRANCH` and
`GIT_BRANCH_CLEAN` which don't seem to actually be used anywhere
(including in code).

Add a simple release-test to verify `podman info` outputs a non-empty
value for "GitCommit".

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-06-01 17:42:11 -04:00
Chris Evich fc95f832a5
Podman image: Mass cleanup + fix missing storage.conf
As of Fedora 36, `/etc/containers/storage.conf` with defaults is
installed under `/usr/share/containers/`.  This was causing builds
to fail in the necessary `sed` command that enables fuse-overlayfs.
Fix this by using sed on the new location with an output redirect
into the `etc` location.

Also, perform a mass-cleanup of the three files to make them easier
to read/maintain.  Including renaming them to `Containerfile`,
since all native build tooling is now used to produce them.

Lastly, take advantage of the `podman-next` copr repository to install
the latest/greatest podman from `main`, rather than building it from
scratch.  This will greatly speed up the image build speed.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-06-01 17:25:38 -04:00
Andrin Brunner 1933972909
Add ExecStop and dependencies to fix shutdown
Signed-off-by: Andrin Brunner <andrin@acloud.one>
2022-06-01 16:02:18 +02:00
Chris Evich 8c1128db4b
Cirrus: Fix several TODOs
Most were simply deleted, the main one addressed is in the
"pre-testing" `ext_svc_check.sh` script.  It will now verify
accessibility of several key test images we maintain in `quay.io`.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-05-26 11:23:53 -04:00
OpenShift Merge Robot 948c5e915a
Merge pull request #13870 from kolyshkin/makefile-cleanups
Makefile: simplify for modern Go
2022-05-19 08:08:45 -04:00
Kir Kolyshkin 653117087f ci: pr-should-include-tests: add more exceptions
Add .golangci.yml, podman.spec.rpkg, and non top-level Makefiles.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-17 14:05:07 -07:00
Valentin Rothberg 8684d41e38 k8systemd: run k8s workloads in systemd
Support running `podman play kube` in systemd by exploiting the
previously added "service containers".  During `play kube`, a service
container is started before all the pods and containers, and is stopped
last.  The service container communicates its conmon PID via sdnotify.

Add a new systemd template to dispatch such k8s workloads.  The argument
of the template is the path to the k8s file.  Note that the path must be
escaped for systemd not to bark:

Let's assume we have a `top.yaml` file in the home directory:
```
$ escaped=$(systemd-escape ~/top.yaml)
$ systemctl --user start podman-play-kube@$escaped.service
```

Closes: https://issues.redhat.com/browse/RUN-1287
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2022-05-17 10:18:58 +02:00
Ed Santiago 37e30bcb27 Fix hang in build-each-commit test
Followup to #14178: I broke CI. "--fork-point" does not do
what I thought it did, so remove it.

Also, add 'set -x' to help us debug the next time something
like this happens.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-05-11 18:45:13 -06:00
OpenShift Merge Robot 32021ebc70
Merge pull request #14179 from cevich/ensure_dest_branch
Cirrus: Guarantee $DEST_BRANCH is passed through
2022-05-10 13:53:57 -04:00
Chris Evich 2b5778d416
Cirrus: Update images + new automation library
Add support for new automation library version w/ `$DEBUG` fix
(ref: containers/automation_images#128) and added definitions
for commonly used Distro/version variables.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-05-10 10:49:32 -04:00
Chris Evich abf4f77bc7
Cirrus: Simplify use of cache in automation
With the increasingly complex `.cirrus.yml` task relationships, build
cache wasn't always working as intended.  Recently, non-build tasks were
observed assuming authority over `gopath_cache`.  Ref.:
https://github.com/containers/podman/pull/13998#issuecomment-1108834538

Address this by an overall simplification using artifacts instead of
cache.  Using artifacts allows establishing concrete
authorship/authority over cached repo. content.  In this way, dependent
tasks may simply consume the artifact with `curl` instead of relying on
complex caching algorithms.

Also/Minor: Add YAML checking to the pre-commit configuration.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-05-10 10:49:32 -04:00
Chris Evich 237f761262
Cirrus: Simplify rootless ssh setup
The sshd service is guaranteed to be running by the VM image build
process - it's required by the packer tool for access.  Remove the
startup and check on the sshd service.

For many tests, man ssh connections to/from $ROOTLESS_USER on the
host are needed.  To facilitate this, the localhost key is added to
`known_hosts` for root and `$ROOTLESS_USER`.  Simplify this setup using
the `ssh-keyscan` tool.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-05-10 10:49:32 -04:00
Chris Evich c1656e2ee5
Cirrus: Guarantee $DEST_BRANCH is passed through
There are several runtime contexts (rootless and container) where
`$DEST_BRANCH` is needed but was not supplied.  A prior commit
(c486576717) removed the default value, `main` which was being
set incorrectly when CI ran on release branches.  Fix this by ensuring
the variable is non-empty upon entry to `setup_environment.sh`, then
ensure it gets passed through to child environments by way of the
`/etc/ci_environment` file.  This will maintain compatibility with
both CI and `hack/get_ci_vm.sh` use.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-05-10 10:22:01 -04:00
Ed Santiago 82f2b3edbc bloat check: make more robust
The use of 'C^' (parent) in 'git rebase' is counterintuitive,
at least to me: when C is a merge of multiple commits, rebase
picks each of those commits. That probably makes good sense
to a git expert, which I'm not.

Solution: forget using '^', just calculate the baseline sizes
by doing a checkout of the PR's parent.

Also: compute PR parent using git-merge-base instead of
blindly trusting $DEST_BRANCH (which may be volatile as
other PRs are merged).

Also: run git-rebase directly, not via make rule. That
indirection is too confusing here.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-05-10 05:44:55 -06:00
Ed Santiago c486576717 test skipper: check for $DEST_BRANCH
The test-skipping optimization is failing as rootless on non-main,
because $DEST_BRANCH is not set. Solution: check for envariable,
skip test if missing. (This was part of my original PR, but was
accidentally removed in #14013)

Also: DEST_BRANCH was silently being defaulted to 'main' in lib.sh.
Remove that: per @cevich, it is no longer necessary.

Fixes: #14131

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-05-09 13:14:25 -06:00
Chris Evich 9c0c29f086
Cirrus: Fix ownership of repos. to keep git happy
Newer versions of git are much more pedantic about who owns the
repository files.  When setting up to run rootless, prior to this
commit, the repo. ownership was changed from root.  This causes
all subsequent git-operations as root to fail:

    ```
    fatal: unsafe repository ('<$GOSRC>' is owned by someone else)
    ```

Fix this by re-ordering operations, such that the change in ownership is
done immediately before executing as a user.  Also disable the
git-ownership check on the source repository assuming the CI environment
is disposable.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-04-27 12:13:54 -04:00
Chris Evich cf449e81ab
Cirrus: Temporarily update netavark/aardvark-dns
Normally installing/updating packages at test runtime is highly
discouraged for reliability and efficiency reasons.  However, in this
specific case, development work of these packages is still fairly hot.
As a compromise to support podman test development, temporarily update
these two specific packages at runtime.  At a future date, when updates
are less frequent, this commit can/should be safely reverted.  At that
point, the versions installed at VM image build time will persist.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-04-27 12:13:54 -04:00
Chris Evich cd7cff6bb5
Cirrus: Test w/ netavark/aardvark-dns in F36+
Now that netavark and aardvark are packaged and default in F36, support
CNI-based testing in F35 and Ubuntu.

* Remove the temporary/special `$TEST_ENVIRON=host-netavark` construct.
* Remove dedicated/special integration and system testing tasks.
* Update test-config setup to properly handle CNI vs netavark/aardvark
  environments.
* Update package-version logging to operate based on installed packages
  (along with some other minor script cleanups).
* Update global environment setup to force `$NETWORK_BACKEND=netavark`
  in F36 and later.  Except when `upgrade_test` task runs.
* Discontinue installing netavark and aardvark-dns binaries from
  upstream build artifacts.
* Drop CGV1-vs-2 policy check.  Ubuntu VMs now exclusively test CGv1,
  Fedora VMs test CGv2, with F35 testing CNI and F36 testing Netavark.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-04-27 12:13:54 -04:00
Chris Evich 1a9f110b59
Cirrus: Fix skipping all/most tests
The originally intent for skipping tests based on change-content was to
optimize the PR workflow.  However, a mistake in a conditional is
causing almost all tasks running for Cron and branches to be skipped.
Fix this by checking for an empty '$CIRRUS_PR' variable.  This value is
always empty when operating outside of PRs.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-04-26 11:04:53 -04:00
Chris Evich c5e48f12ec
Cirrus: Re-fix build-cache miss on main
After merging #13998 it was observed that the `docker-py` task was still
failing with the same error on `main`.  The original quick-fix had
placed the full-build (`make`) call too late in the process.  This
commit moves it up to right before the `make install` call which was
resulting in an error.

Again, a further future commit is planned to re-work and simplify the
entire cache setup.  This is only a quick fix to make branch-builds
pass.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-04-25 15:33:11 -04:00
Chris Evich eb4e53087e
Revert "Cirrus: Fix cirrus cache race on bin/podman"
This reverts commit 2f53259a8d.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-04-25 15:31:36 -04:00
OpenShift Merge Robot 23d2bf5188
Merge pull request #13998 from cevich/fix_docker-py_test
Cirrus: Fix cirrus cache race on bin/podman
2022-04-25 13:40:01 -04:00
Chris Evich 2f53259a8d
Cirrus: Fix cirrus cache race on bin/podman
A suspected race on uploading gopath cache is causing the docker-py (and
possibly other) tasks to fail unpredictably with an error from `make`
regarding missing `bin/podman`.  Since this failure is affecting all
development activity, apply a quick/dirty fix to the failing task, by
simply rebuilding the binary.  A more comprehensive/long-term fix will
be worked in a future PR.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-04-25 11:30:14 -04:00
Ashley Cui 1260bf631f Revert "Switch all rootful to rootfull"
This reverts commit cc3790f332.

We can't change rootful to rootfull because `rootful` is written into the machine config. Changing this will break json unmarshalling, which will break existing machines.

[NO NEW TESTS NEEDED]

Signed-off-by: Ashley Cui <acui@redhat.com>
2022-04-25 09:14:04 -04:00
Chris Evich cafb76b635
Increase verbosity and sequencing of APIv2 testing
The default verbosity level does not show the classes or function names.
This makes it difficult to debug problems like hangs.  Also, separate
the bats and python-based tests into two sections.  This allows for
easier debugging, since isolation can be done in `runner.sh` rather than
mucking with the `Makefile`.  Lastly, update the logformatter script
to `autoflush stdout` (thanks @edsantiago).

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-04-22 16:16:17 -04:00
OpenShift Merge Robot 0d6af14387
Merge pull request #13964 from rhatdan/rootfull
Switch all rootful to rootfull
2022-04-22 06:56:33 -04:00
OpenShift Merge Robot 67a1b520e3
Merge pull request #13956 from cevich/fix_git_id
Cirrus: Fix missing git-enforced runtime identity
2022-04-22 06:22:50 -04:00
Daniel J Walsh cc3790f332
Switch all rootful to rootfull
We are inconsistent on the name, we should stick with rootfull.

[NO NEW TESTS NEEDED] Existing tests should handle this and no tests for
machines exists yet.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-04-21 17:05:16 -04:00
Chris Evich 566b6071d4
Cirrus: Fix missing git-enforced runtime identity
Newer versions of git (like `2.35`) fail on certain operations (like
`rebase` and `am`) without a local identity.  Add a fake one from the
start, with a clearly identifiable test-value to avoid problems at
runtime.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-04-21 16:23:36 -04:00
Ed Santiago 55a5bd8a00 Optimization: skip tests in some circumstances
A common pattern is to submit PRs that update only tests or docs.

When the only changes are to test/e2e, there is no point in running
test/system or test/upgrade or test/buildah-bud. Likewise, reciprocally,
and similarly for a bunch of other tests (alt, cross, apiv2, ...)

And when the only changes are under docs/ , there is no point in
running any of the above.

Exception: if $CIRRUS_<mumble> are undefined (e.g., cron), never skip

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-04-21 11:02:57 -06:00
Chris Evich a95f7f9ca1
Cirrus: Multi-arch build auto-update + tagging update
This new VM image brings in two important updates to multi-arch
image build operations:

1. Future operational changes will no-longer require also updating VM
   images.  Updates to build-push made in `containers/automation_images`
   will automatically be picked up at runtime.
   ref: https://github.com/containers/automation_images/pull/123

2. On the next run, both `vX` and `vX.Y` tagged manifest-lists will be
   pushed.  This is now also reflected in the README.
   ref: https://github.com/containers/automation_images/pull/125

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-04-07 15:58:13 -04:00
Chris Evich d55c46f8c6
Cirrus: Allow manually running image-build task
Building multi-arch images in a standardized way is complex.  Some
of the builds themselves can take a really long time to run (over
an hour).  Make changes easier to test inside a PR by adding
manually-triggered image-build tasks.  These mirror most of the real
cron-triggered task, without actually pushing the final images.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-03-31 17:07:33 -04:00
Giuseppe Scrivano 81632722ea
systemd: enable all cgroups when running as a service
enable cgroup delegation when running as a systemd service so all the
available controllers are correctly detected.

Closes: https://github.com/containers/podman/issues/13710

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2022-03-30 15:49:06 +02:00
Chris Evich f6963cea13
Cirrus: Build multi-arch images + manifests
Github-actions for large/complex tasks is hard to read and maintain.
Reimplement the multi-arch image build workflow into a set of bash
scripts that use all native contrainer-org tooling.  This requires
a special VM image setup with emulation to build foreign architectures.
It also requires renaming the `helloimage` directory, because the build
script uses the directory name in the image FQIN.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-03-28 16:56:28 -04:00
OpenShift Merge Robot 56b2937f87
Merge pull request #13653 from jmontleon/fix-manifest-push-header
Resolves #13629 Add RegistryAuthHeader to manifest push
2022-03-27 13:13:42 +02:00
jason 3cc1739373 Resolves #13629 Add RegistryAuthHeader to manifest push
Signed-off-by: Jason Montleon <jmontleo@redhat.com>
2022-03-26 16:39:11 -04:00
Daniel J Walsh ffbab30d7b
Run codespell to cleanup typos
[NO NEW TESTS NEEDED]

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-03-25 15:34:41 -04:00
OpenShift Merge Robot 4d271912e8
Merge pull request #13602 from edsantiago/size_check_part2
Binary growth check, part 2 of 2
2022-03-24 18:47:51 +01:00
OpenShift Merge Robot f049cba47c
Merge pull request #13559 from cevich/success_artifacts
[CI:BUILD] Cirrus: Publish binary artifacts on success
2022-03-23 14:03:46 +01:00
OpenShift Merge Robot ad123687d0
Merge pull request #13567 from n1hility/upgrades
Add Windows installer support for upgrades
2022-03-23 01:35:15 +01:00
Ed Santiago 88d4db009e Binary growth check, part 2 of 2
Add a CI check to prevent unwanted bloat in binary images,
by building a baseline (pre-PR) binary then comparing file
sizes post-PR.

Part 1 (#13518) added a new script that runs multiple 'make's,
comparing image sizes against an original, and failing loudly
if growth is too big. An override mechanism is defined.

This is part 2 of 2: adding the CI rule. We couldn't do that
in part 1, because the rule would call a script that didn't
exist in the pre-PR commit.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-03-22 13:17:10 -06:00
Chris Evich 1a7f5b3d51
Cirrus: Publish binary artifacts on success
In general continuous-delivery (CD) tends to pair well with CI.  More
specifically, there is a need for some reverse-dependency CI testing in
netavark/aardvark-dns.  In all cases, the download URL needs to remain
consistent, without elements like `Build%20for%20fedora-35`.

The 'Total Success' task only ever executes when all dependencies are
successful.  When a non `[CI:DOCS]` build is successful, gather all
binary/release artifacts in a new task which depends on 'Total Success'.
This will provide a uniform name (`artifacts`) and URL for downstream
users to use.  For example:

https://api.cirrus-ci.com/v1/artifact/github/containers/podman/artifacts/binary.zip

or

https://api.cirrus-ci.com/v1/artifact/github/containers/podman/artifacts/binary/FILENAME

Where ***FILENAME*** is one of:

* `podman`
* `podman-remote`
* `rootlessport`
* `podman-release-386.tar.gz`
* `podman-release-amd64.tar.gz`
* `podman-release-arm64.tar.gz`
* `podman-release-arm.tar.gz`
* `podman-release-mips64le.tar.gz`
* `podman-release-mips64.tar.gz`
* `podman-release-mipsle.tar.gz`
* `podman-release-mips.tar.gz`
* `podman-release-ppc64le.tar.gz`
* `podman-release-s390x.tar.gz`
* `podman-remote-release-darwin_amd64.zip`
* `podman-remote-release-darwin_arm64.zip`
* `podman-remote-release-windows_amd64.zip`
* `podman-v4.0.0-dev.msi`

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-03-22 11:01:45 -04:00
Ed Santiago 501355d4a5 Fix unreadable netavark logs
ginkgo netavark logs (and, to a lesser extent, cni logs)
are unreadable because the hide-boring-opts code did not
know about --network-backend. Now it does.

Manually filtered an existing netavark log to confirm there
are no other new options we should know about.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-03-22 08:56:36 -06:00
Jason T. Greene 36ff8f2b38 Add Windows installer support for upgrades
Fixes duplicate installer entries after multiple installs

Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2022-03-19 19:37:24 -05:00
OpenShift Merge Robot 3853ef9b59
Merge pull request #13540 from mheon/fix_11822
Deduplicate between Volumes and Mounts in compat API
2022-03-18 12:48:41 +01:00
Ed Santiago d3e3ea843e logformatter: link to bats sources on error
We already link to ginkgo sources, now add links to bats.
Ugly, because we need to hardcode containers/podman (git
repo) and test/system (test file path): those can't be
determined from the log results like they can in ginkgo.

Also, great suggestion from @Luap99: in addition to the
'Annotated results' link which we append to the basic log,
include a short summary of failures. This should help a
viewer see exactly which test(s) failed, which in turn
can be helpful for diagnosing known-flake or real-problem.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-03-17 14:25:09 -06:00
Matthew Heon bde3ca8c36 Add tests with Docker Compose v2
Add a pair of new Cirrus test suites using Compose v2 instead of
Compose v1 (as is currently packaged in Fedora). They work
identically, and run the same tests, as the Compose v1 tests, but
with the new v2 binary instead.

[NO NEW TESTS NEEDED] This adds an entire Cirrus suite...

Signed-off-by: Matthew Heon <mheon@redhat.com>
2022-03-17 14:29:48 -04:00
Jhon Honce dca2e7924b Move all python tests to pytest
* Add configuration to add report header for python client used in tests
* Move report headers into the individual test runners vs runner.sh

Signed-off-by: Jhon Honce <jhonce@redhat.com>
2022-03-04 10:35:29 -07:00
Chris Evich dbf34bfe70
Clarify v2 API testing for podman vs docker clients
Fixes: #13273

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-02-28 13:15:07 -05:00
Paul Holzinger eab5a4cfb7
Load ip_tables modules at boot
Rootless users cannot load the ip_tables module, in fedora 36 this
module is no longer loaded by default so we have to add it manually.
This is needed because rootless network setup tries to use iptables
and if iptables-legacy is used instead of iptables-nft it will fail.

To provide a better user experience we will load the module at boot.

Note that this is not needed for RHEL because iptables-legacy is not
supported on RHEL 8 and newer.

[NO NEW TESTS NEEDED]

Fixes #12661

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-02-23 16:11:19 +01:00
Daniel J Walsh 80c5962dba
Add containers-common spec and command to podman
Since containers-common package is tied to specific versions
of Podman, add tools to build the package into the contrib directory
This should help other distributions to figure out which commont
package to ship.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-02-22 14:38:57 -05:00
Chris Evich 632c089cc6
Cirrus: Use updated VM images
Mainly this is to confirm some changes needed for the podman-py CI setup
don't disrupt operations here. Ref:

https://github.com/containers/automation_images/pull/111

Also includes a minor steup fix WRT setting up for test-rpm build.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-02-17 16:38:42 -05:00
OpenShift Merge Robot a429dcd2ab
Merge pull request #13241 from edsantiago/logformatter_do_python
[CI:DOCS] logformatter: handle python logs
2022-02-17 11:56:37 -05:00
Chmouel Boudjnah 13f6261f84
increase subuid and subgid in image
increase the number of ids available to the podman users when running as
rootless.

Signed-off-by: Chmouel Boudjnah <chmouel@redhat.com>
2022-02-16 20:00:47 +01:00
Ed Santiago 7a83d16f95 [CI:DOCS] logformatter: handle python logs
We've got some python tests running in CI, and they're really hard
to troubleshoot. This PR:

  1) colorizes python unittest lines (ok / skipped / fail), and
  2) links to source files

The color is nice for skimming, but it's the linking that might
make it much easier to diagnose future failures.

(Context: failure today in test/python/docker/compat/test_images.py)

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-02-16 06:31:05 -07:00
tomsweeneyredhat 40ba9f10e5 Make the hello image leaner
[NO TESTS NEEDED]

Change from using a bash script to a c file
for running the image.  With thanks to discussions
with @afbjorklund, the Containerfile was rigged
up to make the final image be only KB's in size.

Also add USER 1000 to make the image test/run as
non-root, and update the README.md

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2022-02-10 15:45:04 -05:00
Valentin Rothberg 411fca0b3d helloimage: header symmetry
Make the header symmetric by adding a whitespace before the `!` on the
righthand side.

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2022-02-09 14:57:16 +01:00
Chris Evich 642a691cbb
Cirrus: Add netavark/aardvark system test task
Also add a system-test that verifies netavark driver is in use when
magic env. var. is set.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-02-03 13:07:56 -05:00
Chris Evich ebbf10ae8c
Cirrus: Log netavark/aardvark binary build info.
Enabled by:
* https://github.com/containers/netavark/pull/191
* https://github.com/containers/aardvark-dns/pull/36

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-02-03 11:03:20 -05:00
tomsweeneyredhat 012e24b791 [CI:DOCS] Add a hello world image to quay.io
[NO NEW TESTS NEEDED]

This commit describes how to run the quay.io/podman/hello
image.  It also contains the files necessary to build that
image localy, and a README.md explaining the image and how
to build it.

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2022-02-01 16:35:33 -05:00
OpenShift Merge Robot ef9a734d6e
Merge pull request #12814 from cevich/netavark
Cirrus: Add e2e task w/ upstream netavark
2022-02-01 14:55:36 -05:00
Lokesh Mandvekar e7bdd1260b
CI: fix nightly builds
Nightly builds were failing on CI ever since the Makefile change to have
install target independent of build targets.
See: e4636ebdc8

This commit ensures everything is built before installation.

[NO NEW TESTS NEEDED]

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2022-01-31 11:47:39 -05:00
Lokesh Mandvekar e4636ebdc8 Makefile: install targets independent of build
Building from source would involve separate `make` and `make install`
steps.

This removes a lot of unnecessary `-nobuild` targets which were
otherwise needed for packaging.

This commit also removes spec files for unused copr jobs.

[NO NEW TESTS NEEDED]

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2022-01-25 08:27:44 -05:00
Chris Evich 29e89da1a2
Github workflow: Send e-mail on job error
This job is designed to be silent when Cirrus-cron executions pass.
Unless specifically instructed, the workflow itself will also remain
silent if there's an error.  Fix this by catching workflow errors and
sending a notification e-mail containing a link to the failed run.  This
also requires listing the recipient addresses directly in the workflow.
Otherwise (as previouslly implemented) the value would not be retrieved
if/when any previous step raised an error.

**Note**: Due to the way this workflow is implemented, there is no way
easy way to test it other than directly on the `main` repo. branch.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-01-24 15:41:50 -05:00
Chris Evich 8842dab686
Cirrus: Also download aardvark-dns binary
This involves a minor code-change so the download/install can run in a
loop for the two different repositories and binaries.  Given everything
is exactly the same except the URLs and names.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-01-24 11:06:55 -05:00
Chris Evich b381d7565a
Cirrus: Add e2e task w/ upstream netavark
This PR adds the CI mechanisms to obtain the latest upstream netavark
binary, and set a magic env-var to indicate e2e tests should execute
podman with `--network-driver=netavark`.  A future commit implement
this functionality within the e2e tests.

Due to the way the new environment is enabled, the standard task name
is too long for github to display without adding ellipsis.  Force the
custom task name `Netavark Integration` to workaround this.  At some
future point, when netavark is more mainstream/widely supported, this
custom task and upstream binary install can simply be removed - i.e.
netavark will simply be used by default in the normal e2e tasks.

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-01-24 11:06:55 -05:00
Jason T. Greene 2d0b5ebb5b Implement API forwarding for podman machine on Windows
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2022-01-19 13:03:49 -06:00
OpenShift Merge Robot 094b11cbcb
Merge pull request #12908 from Luap99/network-conf-dir
rename --cni-config-dir to --network-config-dir
2022-01-18 15:42:06 -05:00
Paul Holzinger c0e0723463
rename --cni-config-dir to --network-config-dir
Since this option will also be used for netavark we should rename it to
something more generic. It is important that --cni-config-dir still
works otherwise we could break existing container cleanup commands.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-01-18 19:28:25 +01:00
Ed Santiago 471a4356bf CI: rootless user: also create in some root tests
viz, rootful system tests. The rootless account will be
used by image-scp tests.

Unfortunately, having ssh available means the system-connection
tests will start running, which is very bad because they will
fail, because system connection doesn't actually work (long story).
Add a few more checks to prevent this test from running.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-01-17 14:40:30 -07:00
OpenShift Merge Robot ea2656dc86
Merge pull request #12880 from eriksjolund/replace_master_branch_links_with_main_branch_links_in_docs
[CI:DOCS] fix default branch links
2022-01-17 12:45:18 +01:00
Erik Sjölund 3c2a5947c2 fix default branch links
* Replace https://github.com/containers/podman/blob/master
  with https://github.com/containers/podman/blob/main
  to match the new default branch "main". Previously
  the default branch was "master". This is the only
  occurence found in the code.

* Replace https://raw.githubusercontent.com/containers/libpod/master
  with https://raw.githubusercontent.com/containers/podman/main

Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
2022-01-15 22:08:42 +01:00
Erik Sjölund d6e55577cf [CI:DOCS] fix default branch links
* Replace https://github.com/containers/podman/blob/master
  with https://github.com/containers/podman/blob/main
  to match the new default branch "main". Previously
  the default branch was "master". The substitutions were
  made in the documentation but not the code.

Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
2022-01-15 20:56:19 +01:00
Chris Evich 799078216b
Cirrus: Freshen VM images
Specifically, this brings in `crun 1.4-1` allowing removal of a
temporary workaround.  Ref:

https://github.com/containers/podman/pull/12759

Signed-off-by: Chris Evich <cevich@redhat.com>
2022-01-10 14:50:17 -05:00
Jason T. Greene a8a3e8bc99 Fix type-o in podman.wxs
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2022-01-09 21:00:02 -06:00
Daniel J Walsh 7a24be6ad9
Fix CI
crun should be available in f35.

[ NO NEW TESTS NEEDED]

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-01-06 09:21:28 -05:00
OpenShift Merge Robot cbb2b68fc9
Merge pull request #12429 from cdoern/scp
podman image scp never enter podman user NS
2022-01-05 17:50:37 +01:00
cdoern f6d00ea6ef podman image scp never enter podman user NS
Podman image scp should never enter the Podman UserNS unless it needs to. This allows for
a sudo exec.Command to transfer images to and from rootful storage. If this command is run using sudo,
the simple sudo podman save/load does not work, machinectl/su is necessary here.

This modification allows for both rootful and rootless transfers, and an overall change of scp to be
more of a wrapper function for different load and save calls as well as the ssh component

Signed-off-by: cdoern <cdoern@redhat.com>
2021-12-23 10:10:51 -05:00
Jason T. Greene 3ac5999f85 Switch to a new installer approach using a path manipulation helper
Fixes #11089 - cleanup PATH on MSI uninstall
Additionally fixes scenarios where the path can be overwritten by setx
Also removes the console flash, since the helper is built as a silent gui
Helper executable can be rerun by user to repair PATHs broken by other tools
Utilizes executable location instead of passed parameters to remove delicate escaping requirements

[NO NEW TESTS NEEDED]

Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2021-12-23 00:29:10 -06:00
Giuseppe Scrivano fca66b6cb5
ci: force scratch build for crun
force a version with this fix: https://github.com/containers/crun/pull/819

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2021-12-21 15:49:32 +01:00
Chris Evich a63035be20
Cirrus: Use cached swagger binary
An error was observed in another PR while downloading the swagger
binary.  The error was relating to the upstream egress quota.  Obviously
our downloading it every time for each CI run isn't helping.  Fix this
by moving the download into the image-build process, and simply re-use
the already present binary here.

Ref: https://github.com/containers/automation_images/pull/103

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-12-09 12:14:44 -05:00
Chris Evich 851349345b
Cirrus: Remove remnants of nix-based static build
Simply a readme update and dead-code cleanup.

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-12-06 16:00:17 -05:00
Jason T. Greene 527fd3c0fa Escape trailing slash in install directory location so the closing quote is not escaped
Fixes #11416 [NO NEW TESTS NEEDED]

Signed-off-by: Jason Greene <jason.greene@redhat.com>
2021-12-05 17:59:50 -06:00
Ed Santiago aafbaa4975 [CI:DOCS] logformatter: fix corner case with links
A test name beginning with non-alpha, e.g., "--build should ...",
was not being recognized and linkified:

   https://storage.googleapis.com/cirrus-ci-6707778565701632-fcae48/artifacts/containers/podman/6500723916537856/html/int-podman-fedora-34-rootless-host.log.html

Fix that. Also fix two other cases (single/double quotes) that were
resulting in weird unreliable links.

While I'm at it, add a few usability enhancements:

  * Colorize [SKIPPING] and [SLOW TEST]
  * Deemphasize '[It] testname' when it appears mid-test
  * Replace 'Running:' with a (deemphasized) '#' or '$' prompt

Add regression tests

Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-12-02 12:28:13 -07:00
Valentin Rothberg 9a10e2124b systemd: replace multi-user with default.target
Replace `multi-user.target` with `default.target` across the code base.
It seems like the multi-user one is not available for (rootless) users
on F35 anymore is causing issues in all kinds of ways, for instance,
enabling the podman.service or generated systemd units.

Fixes: #12438
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-11-30 14:37:25 +01:00
OpenShift Merge Robot 5f7e3c939c
Merge pull request #12407 from edsantiago/bindings_test_add_gitcommit
Bindings test: emit GIT_COMMIT, for links in logs
2021-11-29 22:44:18 +01:00
Daniel J Walsh 2e50514ade
Move the chown to after the ADDs
I have noticed that the containers.conf file in the /home/podman
directory is owned by root and not Podman. This change fixes the
ownership.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-11-29 09:35:32 -05:00
Ed Santiago d5c3cc9496 Bindings test: emit GIT_COMMIT, for links in logs
Add a magic 'echo' to runner.sh, displaying $GIT_COMMIT in
a special syntax. The logformatter script, seeing this,
will hyperlink error messages to the failing source file.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-11-24 07:42:11 -07:00
Chris Evich 7f52bd8437
Cirrus: Bump Fedora to release 35
The Fedora 35 cloud images have switched to UEFI boot with a GPT
partition. Formerly, all Fedora images included support for runtime
re-partitioning. However, the requirement to test alternate storage
has since been dropped/removed.  Rather than maintain a disused
feature, and supporting scripts, these Fedora VM images have reverted
to the default: Automatically resize to 100% on boot.

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-11-18 13:50:11 -05:00
Chris Evich 3ee2d2367a
Cirrus: Partially revert catatonit --force install
VM Images created as of this commit contain the new/required version.
Remove the `--force` install, but retain the hack script's ability to
support this in the future.

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-11-18 13:50:11 -05:00
Chris Evich 5bd43fbea7
Cirrus: Workaround log_driver=journald setting
In F35 the hard-coded default (from
containers-common-1-32.fc35.noarch) is 'journald' despite
the upstream repository having this line commented-out.
Containerized integration tests cannot run with 'journald'
as there is no daemon/process there to receive them.

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-11-18 13:50:11 -05:00
Chris Evich 155a443a91
Cirrus: Timeout bindings test after 30m
During initial testing of Fedora 35beta VM images in CI, the bindings
task was timing out.  In order to allow time for collection of system
details (logs), execution needs to timeout earlier than the task.
Under normal conditions, the bindings test finishes in about 10-minutes.
Use the ginkgo timeout option to limit execution, so it times out after
30 minutes.

Also add the `-progress` option so the output more closely resembles how
ginkgo runs the integration tests.

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-11-18 13:50:11 -05:00
Valentin Rothberg 6f6a6925b2 fix CI
Our fedora-minimal image on Quay bases on fedora-minimal:latest which
starting with F35 removed a number of binaries that our CI depends on.
Fix that by pulling `fedora-minimal:34` from the Fedora registry
directly.

Once the build bot on Quay has been disabled, we move the image over
there to make sure that it will not change over time.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-11-18 15:19:14 +01:00
Valentin Rothberg c8790bfbbb cirrus: force-install catatonit
A temporary workaround until the CI images are updated.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-11-15 12:53:25 +01:00
Valentin Rothberg 5934e4c9b5 infra container: replace pause with catatonit
Podman has been using catatonit for a number of years already.
Thanks to @giuseppe, catatonit is now able to run as a pause
process which allows us to replace the pause binary entirely.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-11-15 12:53:25 +01:00
Valentin Rothberg 58cf0d4622 Revert "add kubernetes pause"
This reverts commit 9d2b8d2791 since
catatonit's new pause functionality can replace the `pause` binary
entirely.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-11-15 12:53:25 +01:00
José Guilherme Vanz 6762d5e238
--authfile command line argument for image sign command.
Adds the --authfile command line argument to allow users to use
alternative authfile paths when signing images.

Replaces: https://github.com/containers/podman/pull/10975
Fixes: https://github.com/containers/podman/issues/10866

Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-11-11 15:11:19 -05:00
Jindrich Novy 980c47aaa2
VOLUME must be declared after RUN chown command
Podman and Docker will not commit changes via RUN command
of a VOLUME directory, so we need to chown path first.

Not doing do will cause: https://bugzilla.redhat.com/show_bug.cgi?id=2009266

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-11-10 17:15:58 -05:00
Ed Santiago 2ed31f9f1d Minor test tweaks
- remove 'NO TESTS NEEDED' as a valid bypass string. Henceforth
  only 'NO NEW TESTS NEEDED' will work.

- add a debugging aid for #11871, in which bodhi tests time out
  in nslookup.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-11-08 14:23:55 -07:00
Jhon Honce e907f095b2 test connection add
* Fix connection JSON encoding
* Add custom ginkgo matchers for connection testing
* Cleanup code

Fixes #11984

Signed-off-by: Jhon Honce <jhonce@redhat.com>
2021-11-08 09:20:58 -07:00
Chris Evich 9c34bd52fd
Cirrus: Authorize rootless user self-ssh
Future testing needs dictate rootless (in addition to root) users are
able to ssh to localhost.  Add ssh-key generation commands for the
rootless user, and authorize their public key.

Minor: Also remove update of `/etc/sub{uid,gid}` files, since this is
now done automatically by `{user,group}add` commands.

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-11-01 12:05:05 -04:00
Valentin Rothberg 9d2b8d2791 add kubernetes pause
Add the k8s pause binary to `pause/pause.c` and do the plumbing in the
Makefile to install it in $libexec/podman/pause/pause.  It is intended to
replace the k8s pause image and hence the need for network connectivity
when creating pods.

[NO NEW TESTS NEEDED] since it will be tested in a following commit.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-10-26 13:51:45 +02:00
Valentin Rothberg e86549b18d cirrus: containers: mount directory in /var/tmp to /tmp
Mount a directory from /var/tmp to /tmp to make sure that /tmp is not on
an overlay mount.  This should make overlay mounts possible in the
containerized tests which we're currently skipping.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-10-26 13:51:45 +02:00
Easton Man 12d0a85091
systemd: compatible with rootless mode
- change the type to forking to allow fork.
- add default.target for user systemd service

Signed-off-by: Easton Man <manyang.me@outlook.com>
2021-10-20 10:31:13 +08:00
Paul Holzinger 3ba69dccf7
rootlessport: reduce memory usage of the process
Don't use reexec for the rootlessport process, instead make it a
separate binary to reduce the memory usage. The problem with reexec is
that it will import all packages that podman uses and therefore loads a
lot of stuff into the heap. The rootlessport process however only needs
the rootlesskit library.
The memory usage is a concern since the rootlessport process will spawn
two process per container which has ports forwarded. The processes stay
until the container dies. On my laptop the current reexec version uses
47800 KB RSS. The new separate binary only uses 4540 KB RSS. This is
more than a 90% improvement.

The Makefile has been updated to compile the new binary and install it
to the libexec directory.

Fixes #10790

[NO TESTS NEEDED]

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2021-10-12 21:43:11 +02:00
Ed Santiago 69b6659960 Unit files: Use actual installed path for podman
Don't hardcode /usr/bin/podman in unit files: instead, use
template files with a path replaced at install time.

Because 'make' can be invoked repeatedly, with different
PREFIX, do not leave the generated files behind in our
work directory: wipe them immediately after install.

To get this to work, fix a longstanding bug in podman.spec.in,
a PREFIX that should've been DESTDIR.

Side note: #7023 made contrib/systemd/user a symlink
to .../system but did not update paths in Makefile.
The unrelated-looking path change you see here is
a belated correction for that.

Fixes: #10787

Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-10-12 07:57:26 -06:00
OpenShift Merge Robot bfb904bb23
Merge pull request #11855 from rhatdan/Dockerfile
Add podman-plugins to upstream image
2021-10-06 20:35:03 +02:00
Ed Santiago 521c0cbd1c It really should be no **NEW** tests needed
Accept both "NO TESTS NEEDED" and "NO NEW TESTS NEEDED".
That was a usability mistake I made on Day One. Fixed it
in Buildah but oops never got around to fixing it here.

Also, fix the test suite script: remove a no-longer-working
test case (changelog.txt, removed in #11467) and add a new
test for commits that include the magic string.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-10-04 19:23:38 -06:00
Matthew Mosesohn 8e80f4d248
Add podman-plugins to upstream image
Fixes #11380
Replaces https://github.com/containers/podman/pull/11385

Originally subbmitted by @mattymo
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-10-04 15:01:49 -04:00
Chris Evich d6b9451b49
Cirrus: Fix defunct package metadata breaking cache
Original workaround https://github.com/containers/podman/pull/11821

During VM image build, a number of packages are downloaded but not
installed, since they may interfere with some testing.  Then at runtime,
where required, the packages are installed from cache and used.
However, between image build and runtime it's possible the repository
contents change, which will invalidate the package cache.  Since the
`--no-download --ignore-missing` options were used, the install will
fail.

Ref: https://github.com/containers/automation_images/issues/95

Fortunately, when it comes to the docker packages, no other dependencies
are required and so `apt-get` isn't required.  Switch to using a simple
dpkg install command on the necessary files.  If this ever breaks due
to new dependencies, the list of files may simply be updated.

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-10-01 15:45:51 -04:00
Valentin Rothberg 0b5a2b7468 cirrus: gitlab: download packages
It looks like the containerd.io package is not present anymore in the
package cache which ultimately breaks CI since it's a requirement for
docker.

Hence, download the few packages instead of relying on the cache.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-10-01 10:34:44 +02:00
OpenShift Merge Robot 340166876e
Merge pull request #11759 from jedieaston/msi-fix
Set MSI to be 64-bit only.
2021-09-27 15:35:58 -04:00
Easton Pillay 87559b0209 Set MSI to be 64-bit only.
Hi there! I noticed that the MSI file built for Windows was building in 32-bit mode, even though Podman is 64-bit only. I added a flag to wixl in the Makefile to tell it to build a 64-bit MSI, and I adjusted the podman.wxs file to use the right settings for 64-bit programs.

Signed-off-by: GitHub <noreply@github.com>
2021-09-27 17:45:50 +00:00
Chris Evich f76fa3475d
Cirrus: Add gitlab podman runner test
Add execution of the downstream gitlab-runner tests using
rootless podman through the magic of socket-level
docker compatibility.  Include a comment suggesting how
to temporarily disable the test in case it fails beyond
podman code scope.

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-09-27 10:37:31 -04:00
TomSweeneyRedHat 2d5d98c047 [CI:DOCS] Add link to running ctrimage on enablesysadm
Add a link to the podman images readme.md to Dan's recent post
on Enable Sysadm about running containers inside of Podman

Fixes: https://github.com/containers/buildah/issues/3119

Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2021-09-22 16:54:21 -04:00
Chris Evich 319fcf52fc
Cross-build release-archives w/ arch in filename
Fixes #11417

Cross-building the podman-remote documentation requires a functional
native architecture executable.  However `make` only deals with
files/timestamps, it doesn't understand if an existing binary will
function on the system or not.  This makes building cross-platform
releases incredibly accident-prone and fragile.

A practical way to deal with this, is via multiple conditional (nested)
`make` calls along with careful manipulation of `$GOOS` and `$GOARCH`.
Also, when cross-building releases be kind to humans and cleanup
any non-native binaries left behind.

Update the `Alt Arch. Cross` Cirrus-CI task to build release archives
for all Linux architectures supported by golang and podman.  Update
the `OSX Cross` task to additionally build for the M1 (arm64)
architecture.

Finally, update the release process documentation to reflect the
new locations (Cirrus-CI task names) for the release archives.  Include
a note about additional manual work being required to produce the
signed `.dmg` file for MacOS.

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-09-21 14:34:30 -04:00
OpenShift Merge Robot 5f41ffdd19
Merge pull request #11322 from Luap99/network-libpod
Wire network interface into libpod
2021-09-15 16:11:14 -04:00
Paul Holzinger 1bcd006c5f
CI: load ipv6 kernel modules for rootless tests
Rootless cni with ipv6 needs the `ip6_tables` module loaded, normally
the cni plugins will load this module but as rootless it does not have
the necessary permission to do so. Therefore we load it manually.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2021-09-15 20:00:28 +02:00
Daniel J Walsh 3e77f960f6
Set default storage from containers.conf for temporary images
Fixes: https://github.com/containers/podman/issues/11107

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-09-15 10:43:51 -04:00
jesperpedersen 0d1ba0a58f Remove changelog.txt from the repository
The changelog.txt file hasn't been kept in sync with release tags,
especially on main, so remove it.

The release notes will be featured in RELEASE_NOTES.md.

Signed-off-by: jesperpedersen <jesper.pedersen@redhat.com>

[NO TESTS NEEDED]
2021-09-07 10:53:26 -04:00
Chris Evich 9dd088e555
Cirrus: Confirm CGv1 / CGv2 VM expectations
Signed-off-by: Chris Evich <cevich@redhat.com>
2021-08-18 12:04:07 -04:00
Chris Evich dc70382886
Fix AVC denials in tests of volume mounts
This becomes a problem on hosts with upgraded policies.  Ref:
https://github.com/containers/podman/issues/10522

Also, made a small change to compose-test setup to reduce runtime.

Signed-off-by: Chris Evich <cevich@redhat.com>
2021-08-18 12:04:06 -04:00
openshift-ci[bot] 26b1dddda7
Merge pull request #11169 from cevich/enable_docker_py_testing
Enable docker-py compat. testing w/ ignored result
2021-08-16 15:04:54 +00:00