First of all this removes the need for a network connection, second
renovate can update the version as it is tracked in go.mod.
However the real important part is that the binary downloads are
broken[1]. For some reason the swagger created with them does not
include all the type information for the examples. However when building
from source the same thing works fine.
[1] https://github.com/go-swagger/go-swagger/issues/2842
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This PR is only a first step towards being able to validate developer
code locally prior to pushing a PR and using CI. Right now, we have a
prepared image in a temporary spot (will change when done). That image
can be used to exercise various podman builds, make validate, and DCO
check.
The idea here is we have a make target that spins a podman container (or
machine) and then execute a small script to perform the actual builds.
Note, these builds are to verify code, not make production binaries so
corners are cut. As of now, we choose to not build cross-arch binaries
because most of our problems thus far have been operating system builds
and not arch.
Of course this can be expanded in the future. This is just step one to
start getting some of it in place. The rest of the work is tracked in
JIRA under two cards.
Signed-off-by: Brent Baude <bbaude@redhat.com>
...to match the version in root dir, to get rid of the mismatch
warning on every ginkgo run.
The last bump was done by renovatebot; I don't know why bot didn't
do it this time.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Currently when we run make docs we will see 100+ lines of
`grep: docs/build/man/links: Is a directory` printed.
This makes no sense as we should only try to validate the man page.
The manpage target is structured in a way that it runs the generation
for each file individually. As such the current way of grep'ing the
entire directory for each page is wrong. It should only validate the on
page that was created by the command above.
To fix this first define a OUTFILE var for the target to not have to
call the substitution every time we use the path and then only grep this
one file and not everything in the dir.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This allows distros to easily add buildtags without patching the Makefile or
duplicating it in their build recipes
[NO NEW TESTS NEEDED]
Signed-off-by: Dan Čermák <dcermak@suse.com>
make validate should work locally, this check makes no sense in a local
context as it checks for a github label.
To fix this remove this check from the validate target and only use it
as part of the CI validate run.
While at it remove old dnf install step, the issue has been closed for a
long time and it should already be part of our base images.
Fixes#22031
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
we are having second thoughts about *requiring* a policy.json on podman
machine hosts. we are concerned that we need to work out some more use
cases to be sure we do not make choices now that limit us in the near
term future. for example, should the policy files be the same for
container images and machine images? And should one live on the host
machine and the other live in the machine?
therefore, if a policy.json *is* present in the correct location, we will use and honor it; however, if it does not, we will allow the machine image to be pulled without a policy.
Signed-off-by: Brent Baude <baude@redhat.com>
Co-authored-by: Paul Holzinger <45212748+Luap99@users.noreply.github.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
- Sets default search location to always be the peer directory
+ make podman-remote now creates binaries that work the same as release zips
- Updates release zip to match expected search location
- Updates win installer to include the file if present in the repo cross-build
archive
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
pasta only works when we run as container_runtime_exec_t, now that pasta
is the default this means that the current binary will not work when
doing local dev without manually fixing the label.
There are also other parts where the correct label is important. So as a
simple fix always set the proper label in the bin/podman target.
This also means we can drop this line from the hack/bats script.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Lots of small special-case tweaks to logformatter because Macs
have to be different.
Also fix:
- Wrong slash in printf-newline, leading to gray [It] blocks
- echo gitCommit, so we can link to sources
- --image-path is deprecated
Signed-off-by: Ed Santiago <santiago@redhat.com>
This config needs to be included for podman machine pulls to work and
set MACHINE_POLICY_JSON_DIR so that the file should be located next to
the binary.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Allow users to set MACHINE_POLICY_JSON_DIR to the policy.json directory
which is used for podman machine pulls.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Disable the `perfsprint` and `typecheck` linters as they are too noisy.
There are some good issues worthy of fixing but it's too time consuming
at the moment. Hence, let's unblock the PR.
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Rootless users should be defaulted to point DOCKER_HOST at
$XDG_RUNTIME_DIR/podman/podman.sock
When podman-docker package is installed.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Moving from Go module v4 to v5 prepares us for public releases.
Move done using gomove [1] as with the v3 and v4 moves.
[1] https://github.com/KSubedi/gomove
Signed-off-by: Matt Heon <mheon@redhat.com>
New CI validation check: all keys in quadlet.go must be
documented at least once in podman-systemd.unit.5.md.
Adding '// deprecated' next to an enum definition will
exclude said key from the documentation cross-checks.
And, because the md file lists keys in both table and block
form, make sure those all match.
And make sure everything is sorted in lexical order, in
both .go source and in man page.
And add a validation check to make sure it stays that way.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This updates the Windows installer and macOS installer to ship the newer
binaries, as well as the vendored gvisor-tap-vsock code.
[NO NEW TESTS NEEDED]
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Setup and execute podman machine testing on bare-metal M1 Macs
using a pool of shared and semi-persistent hosts. Automated
and manual processes outside this repository are responsible
for providing and maintaining all hosts. Ref.
https://github.com/containers/automation/tree/main/mac_pw_pool
Update the `localmachine` make target to standardize execution
across platforms. Update/simplify podman-machine e2e README to
reflect current reality.
Warning: This CI setup and supporting infrastructure was developed
in favor of expediency vs reliability and stability. There are
many possible failure-modes (known and unknown) which may lead
to undefined test behaviors. Future work may address some of
these as they are encountered or discovered.
[NO NEW TESTS NEEDED]
Signed-off-by: Chris Evich <cevich@redhat.com>
In case a future maintainer asks "why" all these weird looking
four-letter architectures are present here and in CI.
Signed-off-by: Chris Evich <cevich@redhat.com>
Since gvisor-tap-vsock 0.7.1, the upstream project ships pre-built
Windows binaries for gvproxy and win-sshproxy. These binaries are built
with -Hwindowsgui as needed by podman.
This makes the same change in winmake.ps1, but I had to hardcode
gvisor-tap-vsock version in one more place.
[NO NEW TESTS NEEDED]
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
I'm not sure about apparmor tag. Atleast runc isn't using it anymore.
"apparmor (since runc v1.0.0-rc93 the feature is always enabled)" from https://github.com/opencontainers/runc
containers-common still seems to check for apparmor, so not touching it for now.
Signed-off-by: Rahil Bhimjiani <rahil3108@gmail.com>
Shortcuts like unix:path and unix:/path do not work everywhere,
so make sure to use unix://path when quoting the url (or address)
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
Paul Holzinger
Jhon Honce
openshift-merge-bot[bot]
Brent Baude
Ed Santiago
renovate[bot]
Dan Čermák
JiaLing Zhang
Cedric Staniewski
Brent Baude
Jason T. Greene
Doug Rabson
Daniel J Walsh
Matt Heon
Jake Correnti
Christophe Fergeau
Ygal Blum
Chris Evich
openshift-ci[bot]
Rahil Bhimjiani
Ashley Cui
OpenShift Merge Robot
Anders F Björklund
Michal Biesek