Cirrus-CI only sets `$CIRRUS_BASE_SHA` when testing PRs since the
destination and it's state is easy to discover. However, when
post-merge and/or tag-push testing, the previous state is not
easily discoverable (changes have already merged). The
`upload_release_archive` script incorrectly assumed this
variable was always set, causing a constant stream of post-merge
testing failures.
Tweak the `is_release()` function to properly handle an empty
`$CIRRUS_BASE_SHA` whether or not `$CIRRUS_TAG` is also set. Also
update the unit-tests to check for this. Also account for a
corner case where hack/get_ci_vm.sh is running on a VM w/o git.
Signed-off-by: Chris Evich <cevich@redhat.com>
Move to containers/image v5 and containers/buildah to v1.11.4.
Replace an equality check with a type assertion when checking for a
docker.ErrUnauthorizedForCredentials in `podman login`.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Prior to this commit, every push to master had it's builds packaged and
uploaded to google storage. This is a waste, since potential users
are only ever concerned about tagged releases.
Unfortunately because the release process involves humans with
potentially multiple human and automation steps happening in parallel,
it's easy for automation to not detect a tagged release, or trigger on
development|pre-release tags.
Fix this in `upload_release_archive.sh` using a new unit-tested
function `is_release()`. This acts as the definitive authority
on whether or not a specific commit rage or `$CIRRUS_TAG` value
constitutes something worthy of upload.
Signed-off-by: Chris Evich <cevich@redhat.com>
When executing 'make remotesystem' testing, a varlink process is started
up but it's stdio is dumped due to the production of excessive data.
However, this also means if the process has a problem, any errors will
not be accessible.
Instead, grab only the last 100 lines and direct them into a file. Also
update automation's log collection to retrieve this file when the
`$REMOTE_CLIENT` env. var. is `true`.
Signed-off-by: Chris Evich <cevich@redhat.com>
Using `Also=` means that the target unit will also be
installed/uninstalled together with our unit. Doing
`Also=multi-user.target` essentially says: disable `multi-user.target`
if `io.podman.socket` is disabled, which sounds... not at all like
what we want.
In practice, systemd thankfully ignores this (likely because it's the
default target). I think having `Also=io.podman.socket` in the
`io.podman.service` already does what we want here: it gets installed
under `sockets.target` whenever the service is. (And the fact that
systemd ignored this means that it wasn't actually playing a role in
resolving #3998.)
This was causing `systemctl preset-all` to dump core in Fedora CoreOS:
https://github.com/coreos/fedora-coreos-tracker/issues/290
(Likely there's a systemd bug around here too.)
Signed-off-by: Jonathan Lebon <jonathan@jlebon.com>
This is needed because older versions of podman (1.5.1) do not
automatically install the new conmon package.
Also, include removal of `/usr/libexec/podman/conmon` when preparing to
install and test podman built from source.
Signed-off-by: Chris Evich <cevich@redhat.com>
This requires updating all import paths throughout, and a matching
buildah update to interoperate.
I can't figure out the reason for go.mod tracking
github.com/containers/image v3.0.2+incompatible // indirect
((go mod graph) lists it as a direct dependency of libpod, but
(go list -json -m all) lists it as an indirect dependency),
but at least looking at the vendor subdirectory, it doesn't seem
to be actually used in the built binaries.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Adds an output to all testing tasks which lists the names/versions of
critical/essential packages present on the VM.
Signed-off-by: Chris Evich <cevich@redhat.com>
A true result from reexec.Init() isn't an error, but it indicates that
main() should exit with a success exit status.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This is fairly standard thing to have on a user's workstation, supported
by podman. When installed in a VM image, then it's useful for debugging
with `hack/get_ci_vm.sh` at the cost of a minor increase in disk-space.
Signed-off-by: Chris Evich <cevich@redhat.com>
Instead of unconditionally pulling the x86 binary, clone the repository
and build the binary to make it independent of the architecture.
Fixes: #2699
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add the latest Ubuntu version into the testing matrix
and image-build workflow. This is also needed to support
other containers projects which share use of VM images
from this one.
Update package lists to include needs for contianers/storage
use of images.
Signed-off-by: Chris Evich <cevich@redhat.com>
* Fix one disused and two missing required env. vars.
* Slightly optomize processing of commit-author names
* Fix problem of printing duplicate author names when there are multiple
commits.
* Fix bot's IRC connection timeout too short.
* Add a single retry of IRC connection after 5-second delay.
Signed-off-by: Chris Evich <cevich@redhat.com>
Fixed a typo.
Also script was grabbing quotes and other non-email-address junk
while looping. Filter before and after to make sure we get 'em all.
Signed-off-by: Chris Evich <cevich@redhat.com>
* Update scipts to produce darwin and windows output
* Update batch file to re-direct help requests to browser
* Add pandoc filter for markdown to html links
Signed-off-by: Jhon Honce <jhonce@redhat.com>
When enabled, it's desired for the podman-varlink process to startup on
boot or upon socket-activation, whichever happens first. However,
with `KillMode=none` systemd will never kill any podman-varlink
processes. This makes it easily possible for multiple podman-varlink
processes to be running, and fight each other to service a single socket.
---
For example:
Prior to this commit, this will result in four podman-varlink processes
being run:
```
systemctl enable io.podman.socket
systemctl enable io.podman.service
systemctl start io.podman.socket
systemctl start io.podman.service
systemctl start io.podman.service
```
Fix this by setting `KillMode=process` and `TimeoutStopSec=30` (default
is 90). This results in podman-varlink exiting on its own after a minute
of being idle (--timeout=60000). Alternatively, systemd will manage the
service stop by sending a SIGTERM, then if podman-varlink has not exited
within `TimeoutStopSec`, a SIGKILL will be sent.
Signed-off-by: Chris Evich <cevich@redhat.com>
* Update Makefile to build msi
* Add podman.wxs to define podman.msi
* Version information provided by Makefile
* Add podman.bat wrapper for podman-remote-windows.exe to ensure environment
* Add wix xml schemas for reference
Signed-off-by: Jhon Honce <jhonce@redhat.com>
When constructing VM cache-images, the latest/greatest podman package is
installed to ensure all necessary dependencies are met. Prior to
testing source-built binaries, most of of the packaged files are removed.
However, if the `io.podman` service or socket is enabled/running, it
could cause the packaged podman and varlink binaries to be both resident
and cached. Since this condition would cause very difficult to diagnose
behaviors, add preventative measures to ensure these services are absent
prior to removing packaged podman files.
Signed-off-by: Chris Evich <cevich@redhat.com>
This is mostly used with Systemd, which really wants to manage
CGroups itself when managing containers via unit file.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
In the Dockerfiles that are used to build the podman images on
quay.io, we were changing the events_logger from journald to
file in libpod.conf, but we weren't enabling it as we didn't
remove the comment. This corrects that and addresses: #3464
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Also add fixes to help prevent 'fatal: Invalid revision range' error.
Should obtaining all authors from the range still fail, only grab the
HEAD commit author as a fallback.
Signed-off-by: Chris Evich <cevich@redhat.com>
Rather than spamming the podman channel with impersonal success
messages referring to PR numbers, mention the author by nick name
and include the PR title and link.
Also avoid needless logging of all bot-script interactions with
IRC when there is no error detected.
Signed-off-by: Chris Evich <cevich@redhat.com>
Rather than hard-coding all four base-image env. var name,
load the values based on the shared variable name suffix.
Thanks to Ed Santiago <santiago@redhat.com> for the suggestion.
Signed-off-by: Chris Evich <cevich@redhat.com>
The initial implementation was far more complicated than necessary.
Strip out the complexities in favor of a simpler and more direct
approach.
Signed-off-by: Chris Evich <cevich@redhat.com>
Specifically pertaining to executing tests in google cloud, there are
default, pre-allocated class-a subnetworks for each region (data-center).
Each includes a gateway using a `.1` LSB and all are routable from other
regions in google cloud via these gateways.
Because the default CNI configuration also utilizes class-a subnetworks,
this creates the possibility for IPv4 address-space clashes. Since the
default regional cloud subnets are pre-defined/known, preventing clashes
can be accomplished by seeding these subnets in a dummy CNI configuration.
The default behavior of podman is to grab the highest priority CNI
configuration. Name the dummy config. appropriate so it always loads
last. Also name the bridge itself with an obvious name `do-not-use`,
such that any related testing errors should be easier to debug.
Also:
* Minor cleanup of `install_test_configs()`
* Move install_test_configs in `setup_environment.sh` to after possible
run of `remove_packaged_podman_files()` because that also strips out
`/etc/cni/net.d/87-podman-bridge.conflist`.
Signed-off-by: Chris Evich <cevich@redhat.com>
This enables user to interact with varlink and create/manage rootless
containers through it.
Using as:
`varlink call unix:/run/user/1000/podman/io.podman/io.podman.ListContainers`
Signed-off-by: Matej Marusak <mmarusak@redhat.com>
Requirement from https://github.com/containers/libpod/issues/3575#issuecomment-512238393
Added --pull for podman create and pull to match the newly added flag in docker CLI.
`missing`: default value, podman will pull the image if it does not exist in the local.
`always`: podman will always pull the image.
`never`: podman will never pull the image.
Signed-off-by: Qi Wang <qiwan@redhat.com>
as issue #2702 describes, we want to make podman and podman-remote as
part of make install.
Fixes: #2702
Signed-off-by: baude <bbaude@redhat.com>
avoid `make` in `make install` in the rpmbuild process.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
This is mainly/initially to support use of Cirrus-CI
in https://github.com/containers/buildah since that setup
re-uses the VM images from this project. However, it also
opens doors here, if libpod ever needs/wants to do things
with a dedicated storage device and/or storage-drivers.
Signed-off-by: Chris Evich <cevich@redhat.com>
The release-task ***must*** always execute last, in order to guarantee a
consistent cache of release archives from dependent tasks. It
accomplishes this by verifying it's task-number matches one-less than
the total number of tasks. Previous to this commit, a YAML anchor/alias
was used to avoid duplication of the dependency list between 'success'
and 'release'
However, it's been observed that this opens the possibility for
'release' and 'success' tasks to race when running on a PR. Because
YAML anchor/aliases cannot be used to modify lists, duplication is
required to make 'release' actually depend upon 'success'.
This duplication will introduce an additional maintenance burden.
Though when adding a new task, it's already very easy to forget to
update the 'depends_on' list. Assist both cases by the addition
unit-tests to verify ``.cirrus.yml`` dependency contents and structure.
Signed-off-by: Chris Evich <cevich@redhat.com>
This task depends upon other tasks caching their binaries. If for
whatever reason the `release` task is re-run and/or is out-of-order
with it's dependents, the state of cache will be undefined. Previously
this would result in an error, and failing of the release task.
This commit alters this behavior to issue a warning instead.
Signed-off-by: Chris Evich <cevich@redhat.com>
It's somewhat hard to predict which units are certinly present
for any given base-image. Therefore, at image-build time, it's
distracting and unhelpful to see all the errors about units that
don't exist, on every platform. Simply ignore them and rely on
the `check_image.sh` test to confirm none are enabled.
Signed-off-by: Chris Evich <cevich@redhat.com>
For CI testing, it's important to remove as much variability from the
overall system as possible. This permits focusing just on problems
closely related to code-changes. To this end, and because VMs are very
short-lived (2 hours at most), disable all systemd services and timers
which perform periodic activities.
Signed-off-by: Chris Evich <cevich@redhat.com>
Various tasks and scripts behave differently depending on whether or not
the build is running against a PR or on a branch, post-merge. However,
a great number of them are hard-coded to the string 'master' as the
destination. Since this is not always the case (there are other
relevant branches), it makes sense to abstract the references with a
single definition.
Add a top-level `$DEST_BRANCH` variable to CI, and otherwise
default to 'master' when unset. This enables running CI builds on
additional branches without the overhead of updating all the static
references to 'master'. Simply update `$DEST_BRANCH` at the top-level
and all branch-conditional logic will function as intended.
Signed-off-by: Chris Evich <cevich@redhat.com>
Over time unless they're removed, the project could grow quite a large
collection of VM images. While generally cheap (less than a penny each,
per month), these will become a significant cost item if not kept
in-check.
Add a specialized container for handling image-pruning, but limit
it to only finding and printing (not actually deleting) images.
Also update the image-building workflow so that base-images used to
compose cache-images are also labeled with metadata.
N/B: As an additional safeguard, the service account which
executes the new container in production *DOES NOT*
have access to delete images. This can be enabled
by adding the GCE IAM role: CustomComputeImagePrune
Signed-off-by: Chris Evich <cevich@redhat.com>
It's desirable to make archives available of builds containing actual
tested content. While not official distro-releases, these will enable
third-party testing, experimentation, and development for both branches
(e.g. "master") and pull requests (e.g. "pr3106").
* Add a Makefile targets for archiving both regular podman binaries
and the remote-client. Encode release metadata within these
archives so that their exact source can be identified.
* Fix bug with cross-compiling remote clients for the Windows and Darwin
platforms.
* Add unit-testing of cross-compiles for Windows and Darwin platforms.
* A few small CI-script typo-fixes
* Add a script which operates in two modes:
1. Call Makefile targets which produce release archives.
Upload the archive to Cirrus-CI's built-in caching system
using reproducible cache keys.
2. Utilize reproduced cache keys to attempt download of cache
from each tasks. When successful, parse the file's
release metadata, using it to name the archive file. Upload
all recovered archives to a publicly accessible storage bucket
for future reference.
* Update the main testing task to call the script in mode #1 for
all primary platforms.
* Add a new `$SPECIALMODE` task to call the script in mode #1 for
Windows and Darwin targets.
* Add a new 'release' task to the CI system, dependent upon all other
tasks. This new tasks executes the script in mode #2.
* Update CI documentation
Signed-off-by: Chris Evich <cevich@redhat.com>
Building/installing dependencies from fixed source-version ensures
testing is reliable, but introduces a maintenance burden and
risks testing far outside of a real-world environment. The
sensible alternative is to install dependencies from distro-packaging
systems.
Install all development and testing dependencies at VM cache-image build
time, to help ensure testing remains stable. The existing cache-image
build workflow can be utilized at any future time to build/test
with updated packages.
***N/B***: This does not update any dockerfiles used by testing, that is
left up to future efforts.
Signed-off-by: Chris Evich <cevich@redhat.com>
I'm running the BATS tests manually once in a while, and
catching several problems each week that make it past
the rest of CI. Since the BATS tests run at RPM gating
time, we need to catch problems earlier. Try running
the tests from Cirrus.
Tests will be skipped on Ubuntu due to a too-ancient
version of coreutils (8.28; the 'timeout -v' we use
requires 8.29).
Tests are run *after* integration tests, even though
these take three minutes and would be nice to have
fail quickly, because running before causes bizarre
CI failures. Shrug.
UPDATE: also fix run test, broken by #3311.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The original solution using --wait does not function on F30, waiting
forever. Replace it with a simple 5-minute timeout loop.
Signed-off-by: Chris Evich <cevich@redhat.com>
Remove disused `build_cache_images` task, and
update relevant dockerfiles for F30.
Fix problem of cloud-init failing to expand root-device on boot
(/var/lib/cloud/instance left in improper state).
Fix problem of cloud-init racing with google-network-daemon.service on
boot (looking for cloudconfig metadata too early). Causing
root-device to _sometimes_ fail to expand.
Fix problem of hack/get_ci_vm.sh argument passing.
Signed-off-by: Chris Evich <cevich@redhat.com>
The upstream/Dockerfile had a few issues that this
cleans up. A few files were misplaced, wrong installs
and removes. This corrects those issues.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
With multiple `containers` projects updating VM Image metadata,
it would be very difficult to discover which Cirrus-CI setup
was responsible. Add the GCE project name to the list
of metadata labels to update when this container runs. This
will give more context as to which images are currently in use.
Signed-off-by: Chris Evich <cevich@redhat.com>
...with the goal of (very soon) reusing this code, in #2947,
to run system tests in CI. This is the cleanest way I can
think of to do so without duplication or a large maintenance
burden.
Changes are:
- replace references to 'ginkgo' with 'integration'. That
target is already in Makefile, and is not only more
readable, it's also more abstract. There is no reason
for this level of code to know about ginkgo.
- allow rootless_test.sh to accept an argument,
that being the name of the test suite to run
(default: integration). #2947 will enable 'system'.
- allow integration_test.sh to serve multiple purposes,
by checking its filename. #2947 will add a symlink,
system_test.sh, which will then cascade down to
invoke system tests.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The Dockerfiles necessary to create the stable, testing and upstream container images
on quay.io/user/podman. Once this is commited, I will set up those images
such that they will be built with every git commit.
stable - Latest Fedora release image
testing - Latest release on bohdi Fedora testing
upstream - Latest version in upstream podman
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Occasionally, and seemingly only on F29 the root disk fails to expand
upon boot. When this happens, any number of failures could occur if
space runs out. Until there is time to investigate the actual cause,
workaround this problem by detecting it and acting accordingly.
Signed-off-by: Chris Evich <cevich@redhat.com>
New base-image boots, a cache-image builds, but more work is needed for
it to be prime-time ready. This commit just adds some updates to the
scafolding necessary to build the base-image. Future work will make F30
more of a reality.
Also add log-collection scripts to test image verification task
Signed-off-by: Chris Evich <cevich@redhat.com>
Previously, it was quite difficult to affect changes to VM cache images
without lots of manual work. This commit adds a new optional testing
task which mirrors the official-image build task which only runs on
master. In contrast, the new task may be run at any time in a PR, but
including a magic phrase in the PR description.
Update documentation to describe the new task and inform on it's usage.
Signed-off-by: Chris Evich <cevich@redhat.com>
For people who want to install podman remote or podman
only we need to separate out the two install commands.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
There were some build issues updating cri-o to cri-o/cri-o. Since the only thing we need cri-o for is conmon, we should just build using conmon.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
We want the remote tests for our distributions to be tested in a
different VM than the local tests. This allows for faster CI runs and
easier debug as well as seperation of flakes.
Signed-off-by: baude <bbaude@redhat.com>
We want to start supporting the registries.conf format.
Also start showing blocked registries in podman info
Fix sorting so all registries are listed together in podman info.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Existing code was not working due to a bash gotcha ('exit'
from a pipeline). It also had unnecessary duplication.
New version is safer; also includes unit tests run under localunit.
Existing invocations of req_env_var replaced via:
$ [ edit setup_environment.sh, move one closing quote to its own line ]
$ perl -ni -e 's/(?<=req_env_var )"(\S+)\s+\$\1"/$1/; if (/req_env_var "$/ .. /^\s*"/) { chomp; s/(?<=\S)\s.*//; if (/^\s*"/) { print "\n" } else { unless (/req_env_var/) { s/^\s+//; print " ";} print;} } else { print }' $(ack -l req_env_var)
$ [ hand-massage an incorrect instance of '@' in lib.sh:ircmsg() ]
Signed-off-by: Ed Santiago <santiago@redhat.com>
add the ability for podman to read and write events to journald instead
of just a logfile. This can be controlled in libpod.conf with the
`events_logger` attribute of `journald` or `file`. The default will be
set to `journald`.
Signed-off-by: baude <bbaude@redhat.com>
Previously libpod CI was fairly straight-forward, run unit and
integration tests in a standard set of 3 VMs. Off on the side was a
single special case of running tests as an ordinary user. There is a
desire to stop using the PAPR system to support testing inside of a
container.
Since having two special cases potentially invites more
down the road, make provisions to handle them more gracefully. This
commit introduces an environment variable: ``$SPECIALMODE``. It's
value has the following meanings within the CI scripts:
Mode 'none': Nothing special, business as usual (default)
Mode 'rootless': Rootless testing
Mode 'in_podman': Build container, run integration tests in it.
This will make adding additional special-cases later easier, as well as
extending the special cases in a Matrix across multiple OS's.
Signed-off-by: Chris Evich <cevich@redhat.com>
We have a very high performance JSON library that doesn't need to
perform code generation. Let's use it instead of our questionably
performant, reflection-dependent deep copy library.
Most changes because some functions can now return errors.
Also converts cmd/podman to use jsoniter, instead of pkg/json,
for increased performance.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Randomize the user's UID and GID
* Simplify `setup_environment.sh`
* Support new "-r" option for `hack/get_ci_vm.sh` setting up rootless
* Connect as $ROOTLESS_USER when using "-r" with `hack/get_ci_vm.sh`
Signed-off-by: Chris Evich <cevich@redhat.com>
Likely caused by rebase typos after removing test-commit. This fixes
notifications to actually get sent. Also show env. vars after setting
up the environment - helps debugging.
Signed-off-by: Chris Evich <cevich@redhat.com>
Until recently it was very difficult to execute any scripts if part of a
task failed. A new feature in Cirrus-CI makes this easy. Use it to
post a notice on IRC when any task fails.
Also: Add quotes around yaml-string values for consistency and
syntax-highlighting correctness.
Signed-off-by: Chris Evich <cevich@redhat.com>
Sorin Sbarnea
Dmitry Smirnov
Daniel J Walsh
Matthew Heon
OpenShift Merge Robot
Chris Evich
Giuseppe Scrivano
Nalin Dahyabhai
Matthew Heon
Jonathan Lebon
Miloslav Trmač
Valentin Rothberg
Jhon Honce
xcffl
TomSweeneyRedHat
baude
Jindrich Novy
Peter Hunt
Matej Marusak
Qi Wang
Ed Santiago
Adrian Reber