aardvark-dns, netavark and passt are installed on both debian and
fedora. cri-o-runc is not installed anymore and it just uses the normal
runc package on debian. containers-common is called
golang-github-containers-common on debian and also uses
golang-github-containers-image for further config files from c/image.
This makes sure we correctly log all the package versions on debian
correctly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
According to https://go.dev/ref/mod#module-cache golang will leave
behind read-only bits. It was observed that these cause the find/rm
cleanup operations to fail fail with `permission denied` on thousands
of files. This is preventing cleanup of cruft from unrelated Cirrus-tasks
leading to unnecessary occupation of critical, local-ssd storage space.
Fix this by ensuring the user has at least write access to the entire
contents of `$TMPDIR` and `$HOME`, `ci` subdirs.
Signed-off-by: Chris Evich <cevich@redhat.com>
Ref:
https://github.com/containers/podman/pull/21570#issuecomment-1935709148
This tool is really intended/best used from git pre-commit on developers
local machines, to prevent addition of secret leaks. When used as a
check against PRs, it tends to turn up more false-positives than helpful
warnings. There's no good way to fix this, and maintaining the scanner
is an additional burden. Rather than continue struggling to improve/fix
the situation, let's just remove the tool entirely.
Signed-off-by: Chris Evich <cevich@redhat.com>
Fixes: #21574
The documentation for this image references a quay repository that
doesn't exist. It doesn't appear any of these files have been touched
since late 2022. Instead of updating the docs, let's just remove the
source. It's trivial to recreate if anybody actually needs it for
something.
Users needing to access remote podman can simply use the `podman` binary
present in existing images `quay.io/containers/podman`,
`quay.io/podman/stable`, etc.
Signed-off-by: Chris Evich <cevich@redhat.com>
No longer bother testing any 2.x or 3.x. Only 4.1 and above.
Remove all CNI-related code. CNI is gone.
Add DatabaseBackend tests, confirming that we can handle
both boltdb and sqlite.
Require BATS >= 1.8.0, and use "run -0" to do exit-status checks.
Update docs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
As of this commit, there are several pages worth of lint findings for
windows. Once they're all addressed, this commit may be reverted to
enable continuous checking.
Signed-off-by: Chris Evich <cevich@redhat.com>
Podman v5 will not support cgroups-v1. This commit will print a warning
if it detects a cgroups-v1 system. The warning can be hidden by setting
envvar `PODMAN_CGROUPSV1_WARNING`.
This warning is patched out for RHEL 9 builds as cgroups-v1 will still
be supported on RHEL 9 systems.
Resolves: https://issues.redhat.com/browse/RUN-1957
[NO NEW TESTS NEEDED]
Co-authored-by: Ed Santiago <santiago@redhat.com>
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
Co-authored-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
CNI is deprecated and is build tagged out for 5.0. Don't test it in our CI.
This commit also disables upgrade tests for now - those need more work since the old version of Podman only uses CNI. Upgrade tests will be re-vamped in a later commit.
Signed-off-by: Ashley Cui <acui@redhat.com>
From https://github.com/containers/automation_images/pull/325
Major change: netavark and aardvark are now included in prior-fedora,
so CNI can be fully eliminated from CI (#21410)
FIXME FIXME FIXME: skip two e2e tests, waiting for new netavark
Signed-off-by: Ed Santiago <santiago@redhat.com>
This updates the Windows installer and macOS installer to ship the newer
binaries, as well as the vendored gvisor-tap-vsock code.
[NO NEW TESTS NEEDED]
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Because the podman machine tests normally run at the end of the chain,
it's time consuming for developers to validate machine-only changes.
Support a special CI runtime mode, only when a PR is marked as a draft.
Update related documentation
Also: Only run machine tests on PRs, never for branches or new tags.
Signed-off-by: Chris Evich <cevich@redhat.com>
crun-wasm depends on the same epoch:version-release as crun so
overriding `crun` but not `crun-wasm` will cause installation issues
like:
```
error: Could not depsolve transaction; 1 problem detected:
Problem: package crun-wasm-1.11.1-1.fc39.x86_64 from @System requires crun = 1.11.1-1.fc39, but none of the providers can be installed
- cannot install both crun-102:1.12-1.20231205201336970037.main.19.g90b21dd.fc39.x86_64 from @commandline and crun-1.11.1-1.fc39.x86_64 from @System
- cannot install both crun-102:1.12-1.20231205201336970037.main.19.g90b21dd.fc39.x86_64 from @commandline and crun-1.11.1-1.fc39.x86_64 from updates-archive
- conflicting requests
```
This commit overrides both crun and crun-wasm from what's found in
podman-next.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
A simple regression was introduced to the test suite that overrode the
default image for hyperv testing.
Signed-off-by: Brent Baude <bbaude@redhat.com>
- Modified Check-Exit to take a relative stack postition so that reusing
functions like Run-Command report on their callers as opposed to the source
position of the wrapper.
- Record and print the last command executed as it likely scrolled off with
test output.
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Issue Ref: #20853
Allow the tests to fail, but don't block merging PRs.
This commit should be reverted when #20853 is resolved.
Signed-off-by: Chris Evich <cevich@redhat.com>
Setup and execute podman machine testing on bare-metal M1 Macs
using a pool of shared and semi-persistent hosts. Automated
and manual processes outside this repository are responsible
for providing and maintaining all hosts. Ref.
https://github.com/containers/automation/tree/main/mac_pw_pool
Update the `localmachine` make target to standardize execution
across platforms. Update/simplify podman-machine e2e README to
reflect current reality.
Warning: This CI setup and supporting infrastructure was developed
in favor of expediency vs reliability and stability. There are
many possible failure-modes (known and unknown) which may lead
to undefined test behaviors. Future work may address some of
these as they are encountered or discovered.
[NO NEW TESTS NEEDED]
Signed-off-by: Chris Evich <cevich@redhat.com>
For whatever reason (I don't understand this stuff well) the
`win-podman-machine-main.ps1` script exits successfully despite the
final `Check-Exit` showing a non-zero exit code was detected. Attempt
to fix this by throwing an exception instead of calling `Exit`.
Signed-off-by: Chris Evich <cevich@redhat.com>
Intended to serve as motivation to fix them. Removed from status
aggregator so the failures don't block PR merging. Updated comment text
to reference related open issue, #20548.
Signed-off-by: Chris Evich <cevich@redhat.com>
We're only testing vfs in CI. That's bad. #18822 tried to
remedy that but that only worked on system tests, not e2e.
Here we introduce CI_DESIRED_STORAGE, to be set in .cirrus.yml
in the same vein as all the other CI_DESIRED_X. Since it's 2023
we default to overlay, testing vfs only in priorfedora.
Fixes required:
- e2e tests:
- in cleanup, umount ROOT/overlay to avoid leaking mounts
- system tests:
- fix a few badly-written tests that assumed/hardcoded overlay
- buildx test: add weird exception to device-number test
- mount tests: add special case code for vfs
- unprivileged test: disable one section that is N/A on vfs
Signed-off-by: Ed Santiago <santiago@redhat.com>
This change will allow RHEL subscriptions from the host to flow
to internal containers.
Fixes: https://github.com/containers/common/issues/1735
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Followup to #20318: now that sqlite is the podman default,
enforce that in CI as well. Test boltdb only in Prior Fedora.
In the process, discovered & cleaned up some duplication
and unused YAML anchors.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The podman in `ubuntu-latest` environment apparently is too old to
support `--userns=keep-id:uid=1000,gid=1000`. Employ workaround in GHA
workflow and in `prebuild.sh` check.
Signed-off-by: Chris Evich <cevich@redhat.com>
As an effort to catch potential secrets and/or credential leaks, add a
github-actions workflow which is untouchable in a PR context.
To additionally guard against accidents, also check recent branch
history. This is especially important on newly created
release-branches, which may begin with content from who-knows-where.
Finally, since the new workflow bypasses PR-level changes to the scanner
config and base-line. Add a Cirrus-CI invocation of the scanning tool
to help catch tool-breaking changes from being merged.
Signed-off-by: Chris Evich <cevich@redhat.com>
Also, de-duplicate power-shell variables and functions as they're
beginning to sprawl. This does not completely address all duplicates,
mainly those involved in the podman-machine CI workflow. So,
nothing under `contrib/win-installer` has been touched.
[NO NEW TESTS NEEDED]
Signed-off-by: Chris Evich <cevich@redhat.com>
openshift-merge-bot[bot]
Matt Heon
Paul Holzinger
Chris Evich
Ashley Cui
Jake Correnti
Ed Santiago
Lokesh Mandvekar
Anjan Nath
Daniel J Walsh
Christophe Fergeau
Łukasz Stolcman
Brent Baude
Jason T. Greene
Sander Maijers
Giuseppe Scrivano
Chris Evich
Urvashi Mohnani
OpenShift Merge Robot