We're still not testing runc in CI (#14833), and it may be weeks
or months before we can, due to criu/glibc nightmare, but one day
we'll be back on track, then later on we'll update VMs again,
and screw it up, and lose runc, and not notice, and RHEL will
break, and oh noes headless chicken again, repeat repeat.
We can do better. Use .cirrus.yml to explicitly define which
VMs should use which runtimes, and enforce it early in the
CI build step. This should never fail (uh huh) in a PR,
only in one of the update-VM PRs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Reason: task IDs are unique and permanent; linking by
build ID and task name is non-unique, because Re-run.
Fixes: #14863
Signed-off-by: Ed Santiago <santiago@redhat.com>
The podman-machine integration tests are designed to execute on
bare-metal, since they perform significant work with virtual-machines.
This test is costly to run at scale, so it is limited to being manually
triggered by developers (for now). A 'trigger' button will appear in the
task status page of the Github WebUI once all test dependencies are met.
In the Cirrus-CI WebUI, there is also a 'pre-trigger' button that may be
pressed if a developer doesn't wish to wait. Also:
* Add a `localmachine` target in the `Makefile` on the off-chance
developers wish to execute locally. Update the `ginkgo-run` target
to accommodate re-use by the new `localmachine` target.
* Exclude `podman_machine` task from `success` dependency verification.
This also involves adding an exception to `cirrus_yaml_test.py`
otherwise it will complain loudly.
* ***NOTE*** Inclusion of `ec2_instance` in *any* task will cause
`hack/get_ci_vm.sh` to barf and be non-functional. Future updates will
be made to restore functionality. Before then, simply comment out
the `ec2_instance` section as a temporarily workaround.
Signed-off-by: Chris Evich <cevich@redhat.com>
In order to support execution on various non-GCP cloud environments, the
BFQ scheduler workaround needs updating. Previously it assumed the root
disk was always `/dev/sda`. With the addition of new clouds (AWS) and
different environment types, the assumption is not always valid. Update
the workaround to take care in looking up the block device where '/'
comes from.
Also update the scheduler to 'none', as all modern clouds already have
highly optimized underlying storage configurations. There's no reason
to complicate I/O paths further by hard-coding specific scheduler(s) for
all environment types.
Signed-off-by: Chris Evich <cevich@redhat.com>
add support for podman-remote image scp as well as direct access via the API. This entailed
a full rework of the layering of image scp functions as well as the usual API plugging and type creation
also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image
they are loading to the local/remote machine:
allow users to pass a "new name" for the image they are transferring
`podman tag` as implemented creates a new image im `image list` when tagging, so this does the same
meaning that when transferring images with tags, podman on the remote machine/user will load two images
ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host
implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify
`podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check
which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process
Signed-off-by: Charlie Doern <cdoern@redhat.com>
One day we may use AWS for part of CI. Do you want to maintain
two separate code paths in this script for linking to artifacts
in multiple cloud providers? Can you say no? I knew you could.
Cirrus already knows the location of the artifacts and provides
a transparent mechanism for accessing them. Use it.
This PR exposed a nasty bug in our environment-variable handling:
envariables passed through to the containerized environment were
being double-space-escaped, so "FOO=a b" ended up as "FOO=a\ b"
(with a backslash), with one consequence being invalid URLs.
The solution is simple: run 'podman -e FOO', not '-e FOO=value'.
Finally, reinstate the environment-variable dump (in comments).
I had removed this in a moment of panic over leaking secrets,
but no, that doesn't happen. Exclude scary-sounding vars anyway.
Signed-off-by: Ed Santiago <santiago@redhat.com>
* Replace "setup", "lookup", "cleanup", "backup" with
"set up", "look up", "clean up", "back up"
when used as verbs. Replace also variations of those.
* Improve language in a few places.
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Using both the 'skip' and 'only_if' features at the same time may be
hard for maintainers to decipher. Consolidate them into `only_if` since
that bypasses creation of the task all together - meaning there are
potentially fewer tasks for a developer to scroll through.
Since the `multiarch` Cirrus-Cron build no-longer depends on the direct
"build-ability" from the current repo. state, it can be further
optimized. When operating in this context, avoid running many/most
other tasks, depending instead only on `ext_svc_check`.
Finally, add a simple document describing the various runtime contexts
along with the list of expected tasks. Reference this prominently right
in front of every `only_if` so it's impossible for a maintainer to miss.
Signed-off-by: Chris Evich <cevich@redhat.com>
Fixes#14021
Substitution values built from `$(shell ...)` output can easily be empty
due to the shell's default `pipefail` behavior. This can also hide
non-zero exit codes, similarly resulting in empty values being set.
While not a perfect fix, the situation is improved by using the
`err_if_empty` function in all cases where empty values would be
unexpected. Remove the definitions for `GIT_BRANCH` and
`GIT_BRANCH_CLEAN` which don't seem to actually be used anywhere
(including in code).
Add a simple release-test to verify `podman info` outputs a non-empty
value for "GitCommit".
Signed-off-by: Chris Evich <cevich@redhat.com>
Most were simply deleted, the main one addressed is in the
"pre-testing" `ext_svc_check.sh` script. It will now verify
accessibility of several key test images we maintain in `quay.io`.
Signed-off-by: Chris Evich <cevich@redhat.com>
Followup to #14178: I broke CI. "--fork-point" does not do
what I thought it did, so remove it.
Also, add 'set -x' to help us debug the next time something
like this happens.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add support for new automation library version w/ `$DEBUG` fix
(ref: containers/automation_images#128) and added definitions
for commonly used Distro/version variables.
Signed-off-by: Chris Evich <cevich@redhat.com>
With the increasingly complex `.cirrus.yml` task relationships, build
cache wasn't always working as intended. Recently, non-build tasks were
observed assuming authority over `gopath_cache`. Ref.:
https://github.com/containers/podman/pull/13998#issuecomment-1108834538
Address this by an overall simplification using artifacts instead of
cache. Using artifacts allows establishing concrete
authorship/authority over cached repo. content. In this way, dependent
tasks may simply consume the artifact with `curl` instead of relying on
complex caching algorithms.
Also/Minor: Add YAML checking to the pre-commit configuration.
Signed-off-by: Chris Evich <cevich@redhat.com>
The sshd service is guaranteed to be running by the VM image build
process - it's required by the packer tool for access. Remove the
startup and check on the sshd service.
For many tests, man ssh connections to/from $ROOTLESS_USER on the
host are needed. To facilitate this, the localhost key is added to
`known_hosts` for root and `$ROOTLESS_USER`. Simplify this setup using
the `ssh-keyscan` tool.
Signed-off-by: Chris Evich <cevich@redhat.com>
There are several runtime contexts (rootless and container) where
`$DEST_BRANCH` is needed but was not supplied. A prior commit
(c486576717) removed the default value, `main` which was being
set incorrectly when CI ran on release branches. Fix this by ensuring
the variable is non-empty upon entry to `setup_environment.sh`, then
ensure it gets passed through to child environments by way of the
`/etc/ci_environment` file. This will maintain compatibility with
both CI and `hack/get_ci_vm.sh` use.
Signed-off-by: Chris Evich <cevich@redhat.com>
The use of 'C^' (parent) in 'git rebase' is counterintuitive,
at least to me: when C is a merge of multiple commits, rebase
picks each of those commits. That probably makes good sense
to a git expert, which I'm not.
Solution: forget using '^', just calculate the baseline sizes
by doing a checkout of the PR's parent.
Also: compute PR parent using git-merge-base instead of
blindly trusting $DEST_BRANCH (which may be volatile as
other PRs are merged).
Also: run git-rebase directly, not via make rule. That
indirection is too confusing here.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The test-skipping optimization is failing as rootless on non-main,
because $DEST_BRANCH is not set. Solution: check for envariable,
skip test if missing. (This was part of my original PR, but was
accidentally removed in #14013)
Also: DEST_BRANCH was silently being defaulted to 'main' in lib.sh.
Remove that: per @cevich, it is no longer necessary.
Fixes: #14131
Signed-off-by: Ed Santiago <santiago@redhat.com>
Newer versions of git are much more pedantic about who owns the
repository files. When setting up to run rootless, prior to this
commit, the repo. ownership was changed from root. This causes
all subsequent git-operations as root to fail:
```
fatal: unsafe repository ('<$GOSRC>' is owned by someone else)
```
Fix this by re-ordering operations, such that the change in ownership is
done immediately before executing as a user. Also disable the
git-ownership check on the source repository assuming the CI environment
is disposable.
Signed-off-by: Chris Evich <cevich@redhat.com>
Normally installing/updating packages at test runtime is highly
discouraged for reliability and efficiency reasons. However, in this
specific case, development work of these packages is still fairly hot.
As a compromise to support podman test development, temporarily update
these two specific packages at runtime. At a future date, when updates
are less frequent, this commit can/should be safely reverted. At that
point, the versions installed at VM image build time will persist.
Signed-off-by: Chris Evich <cevich@redhat.com>
Now that netavark and aardvark are packaged and default in F36, support
CNI-based testing in F35 and Ubuntu.
* Remove the temporary/special `$TEST_ENVIRON=host-netavark` construct.
* Remove dedicated/special integration and system testing tasks.
* Update test-config setup to properly handle CNI vs netavark/aardvark
environments.
* Update package-version logging to operate based on installed packages
(along with some other minor script cleanups).
* Update global environment setup to force `$NETWORK_BACKEND=netavark`
in F36 and later. Except when `upgrade_test` task runs.
* Discontinue installing netavark and aardvark-dns binaries from
upstream build artifacts.
* Drop CGV1-vs-2 policy check. Ubuntu VMs now exclusively test CGv1,
Fedora VMs test CGv2, with F35 testing CNI and F36 testing Netavark.
Signed-off-by: Chris Evich <cevich@redhat.com>
The originally intent for skipping tests based on change-content was to
optimize the PR workflow. However, a mistake in a conditional is
causing almost all tasks running for Cron and branches to be skipped.
Fix this by checking for an empty '$CIRRUS_PR' variable. This value is
always empty when operating outside of PRs.
Signed-off-by: Chris Evich <cevich@redhat.com>
After merging #13998 it was observed that the `docker-py` task was still
failing with the same error on `main`. The original quick-fix had
placed the full-build (`make`) call too late in the process. This
commit moves it up to right before the `make install` call which was
resulting in an error.
Again, a further future commit is planned to re-work and simplify the
entire cache setup. This is only a quick fix to make branch-builds
pass.
Signed-off-by: Chris Evich <cevich@redhat.com>
A suspected race on uploading gopath cache is causing the docker-py (and
possibly other) tasks to fail unpredictably with an error from `make`
regarding missing `bin/podman`. Since this failure is affecting all
development activity, apply a quick/dirty fix to the failing task, by
simply rebuilding the binary. A more comprehensive/long-term fix will
be worked in a future PR.
Signed-off-by: Chris Evich <cevich@redhat.com>
This reverts commit cc3790f332.
We can't change rootful to rootfull because `rootful` is written into the machine config. Changing this will break json unmarshalling, which will break existing machines.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
The default verbosity level does not show the classes or function names.
This makes it difficult to debug problems like hangs. Also, separate
the bats and python-based tests into two sections. This allows for
easier debugging, since isolation can be done in `runner.sh` rather than
mucking with the `Makefile`. Lastly, update the logformatter script
to `autoflush stdout` (thanks @edsantiago).
Signed-off-by: Chris Evich <cevich@redhat.com>
We are inconsistent on the name, we should stick with rootfull.
[NO NEW TESTS NEEDED] Existing tests should handle this and no tests for
machines exists yet.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Newer versions of git (like `2.35`) fail on certain operations (like
`rebase` and `am`) without a local identity. Add a fake one from the
start, with a clearly identifiable test-value to avoid problems at
runtime.
Signed-off-by: Chris Evich <cevich@redhat.com>
A common pattern is to submit PRs that update only tests or docs.
When the only changes are to test/e2e, there is no point in running
test/system or test/upgrade or test/buildah-bud. Likewise, reciprocally,
and similarly for a bunch of other tests (alt, cross, apiv2, ...)
And when the only changes are under docs/ , there is no point in
running any of the above.
Exception: if $CIRRUS_<mumble> are undefined (e.g., cron), never skip
Signed-off-by: Ed Santiago <santiago@redhat.com>
Building multi-arch images in a standardized way is complex. Some
of the builds themselves can take a really long time to run (over
an hour). Make changes easier to test inside a PR by adding
manually-triggered image-build tasks. These mirror most of the real
cron-triggered task, without actually pushing the final images.
Signed-off-by: Chris Evich <cevich@redhat.com>
Add a CI check to prevent unwanted bloat in binary images,
by building a baseline (pre-PR) binary then comparing file
sizes post-PR.
Part 1 (#13518) added a new script that runs multiple 'make's,
comparing image sizes against an original, and failing loudly
if growth is too big. An override mechanism is defined.
This is part 2 of 2: adding the CI rule. We couldn't do that
in part 1, because the rule would call a script that didn't
exist in the pre-PR commit.
Signed-off-by: Ed Santiago <santiago@redhat.com>
In general continuous-delivery (CD) tends to pair well with CI. More
specifically, there is a need for some reverse-dependency CI testing in
netavark/aardvark-dns. In all cases, the download URL needs to remain
consistent, without elements like `Build%20for%20fedora-35`.
The 'Total Success' task only ever executes when all dependencies are
successful. When a non `[CI:DOCS]` build is successful, gather all
binary/release artifacts in a new task which depends on 'Total Success'.
This will provide a uniform name (`artifacts`) and URL for downstream
users to use. For example:
https://api.cirrus-ci.com/v1/artifact/github/containers/podman/artifacts/binary.zip
or
https://api.cirrus-ci.com/v1/artifact/github/containers/podman/artifacts/binary/FILENAME
Where ***FILENAME*** is one of:
* `podman`
* `podman-remote`
* `rootlessport`
* `podman-release-386.tar.gz`
* `podman-release-amd64.tar.gz`
* `podman-release-arm64.tar.gz`
* `podman-release-arm.tar.gz`
* `podman-release-mips64le.tar.gz`
* `podman-release-mips64.tar.gz`
* `podman-release-mipsle.tar.gz`
* `podman-release-mips.tar.gz`
* `podman-release-ppc64le.tar.gz`
* `podman-release-s390x.tar.gz`
* `podman-remote-release-darwin_amd64.zip`
* `podman-remote-release-darwin_arm64.zip`
* `podman-remote-release-windows_amd64.zip`
* `podman-v4.0.0-dev.msi`
Signed-off-by: Chris Evich <cevich@redhat.com>
ginkgo netavark logs (and, to a lesser extent, cni logs)
are unreadable because the hide-boring-opts code did not
know about --network-backend. Now it does.
Manually filtered an existing netavark log to confirm there
are no other new options we should know about.
Signed-off-by: Ed Santiago <santiago@redhat.com>
We already link to ginkgo sources, now add links to bats.
Ugly, because we need to hardcode containers/podman (git
repo) and test/system (test file path): those can't be
determined from the log results like they can in ginkgo.
Also, great suggestion from @Luap99: in addition to the
'Annotated results' link which we append to the basic log,
include a short summary of failures. This should help a
viewer see exactly which test(s) failed, which in turn
can be helpful for diagnosing known-flake or real-problem.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add a pair of new Cirrus test suites using Compose v2 instead of
Compose v1 (as is currently packaged in Fedora). They work
identically, and run the same tests, as the Compose v1 tests, but
with the new v2 binary instead.
[NO NEW TESTS NEEDED] This adds an entire Cirrus suite...
Signed-off-by: Matthew Heon <mheon@redhat.com>
* Add configuration to add report header for python client used in tests
* Move report headers into the individual test runners vs runner.sh
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Mainly this is to confirm some changes needed for the podman-py CI setup
don't disrupt operations here. Ref:
https://github.com/containers/automation_images/pull/111
Also includes a minor steup fix WRT setting up for test-rpm build.
Signed-off-by: Chris Evich <cevich@redhat.com>
Daniel J Walsh
Ed Santiago
Chris Evich
cdoern
openshift-ci[bot]
Erik Sjölund
Kir Kolyshkin
OpenShift Merge Robot
Ashley Cui
jason
Matthew Heon
Jhon Honce