Ref:
https://github.com/containers/podman/pull/21570#issuecomment-1935709148
This tool is really intended/best used from git pre-commit on developers
local machines, to prevent addition of secret leaks. When used as a
check against PRs, it tends to turn up more false-positives than helpful
warnings. There's no good way to fix this, and maintaining the scanner
is an additional burden. Rather than continue struggling to improve/fix
the situation, let's just remove the tool entirely.
Signed-off-by: Chris Evich <cevich@redhat.com>
No longer bother testing any 2.x or 3.x. Only 4.1 and above.
Remove all CNI-related code. CNI is gone.
Add DatabaseBackend tests, confirming that we can handle
both boltdb and sqlite.
Require BATS >= 1.8.0, and use "run -0" to do exit-status checks.
Update docs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
As of this commit, there are several pages worth of lint findings for
windows. Once they're all addressed, this commit may be reverted to
enable continuous checking.
Signed-off-by: Chris Evich <cevich@redhat.com>
Podman v5 will not support cgroups-v1. This commit will print a warning
if it detects a cgroups-v1 system. The warning can be hidden by setting
envvar `PODMAN_CGROUPSV1_WARNING`.
This warning is patched out for RHEL 9 builds as cgroups-v1 will still
be supported on RHEL 9 systems.
Resolves: https://issues.redhat.com/browse/RUN-1957
[NO NEW TESTS NEEDED]
Co-authored-by: Ed Santiago <santiago@redhat.com>
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
Co-authored-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
CNI is deprecated and is build tagged out for 5.0. Don't test it in our CI.
This commit also disables upgrade tests for now - those need more work since the old version of Podman only uses CNI. Upgrade tests will be re-vamped in a later commit.
Signed-off-by: Ashley Cui <acui@redhat.com>
From https://github.com/containers/automation_images/pull/325
Major change: netavark and aardvark are now included in prior-fedora,
so CNI can be fully eliminated from CI (#21410)
FIXME FIXME FIXME: skip two e2e tests, waiting for new netavark
Signed-off-by: Ed Santiago <santiago@redhat.com>
This updates the Windows installer and macOS installer to ship the newer
binaries, as well as the vendored gvisor-tap-vsock code.
[NO NEW TESTS NEEDED]
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Because the podman machine tests normally run at the end of the chain,
it's time consuming for developers to validate machine-only changes.
Support a special CI runtime mode, only when a PR is marked as a draft.
Update related documentation
Also: Only run machine tests on PRs, never for branches or new tags.
Signed-off-by: Chris Evich <cevich@redhat.com>
crun-wasm depends on the same epoch:version-release as crun so
overriding `crun` but not `crun-wasm` will cause installation issues
like:
```
error: Could not depsolve transaction; 1 problem detected:
Problem: package crun-wasm-1.11.1-1.fc39.x86_64 from @System requires crun = 1.11.1-1.fc39, but none of the providers can be installed
- cannot install both crun-102:1.12-1.20231205201336970037.main.19.g90b21dd.fc39.x86_64 from @commandline and crun-1.11.1-1.fc39.x86_64 from @System
- cannot install both crun-102:1.12-1.20231205201336970037.main.19.g90b21dd.fc39.x86_64 from @commandline and crun-1.11.1-1.fc39.x86_64 from updates-archive
- conflicting requests
```
This commit overrides both crun and crun-wasm from what's found in
podman-next.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
A simple regression was introduced to the test suite that overrode the
default image for hyperv testing.
Signed-off-by: Brent Baude <bbaude@redhat.com>
- Modified Check-Exit to take a relative stack postition so that reusing
functions like Run-Command report on their callers as opposed to the source
position of the wrapper.
- Record and print the last command executed as it likely scrolled off with
test output.
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Issue Ref: #20853
Allow the tests to fail, but don't block merging PRs.
This commit should be reverted when #20853 is resolved.
Signed-off-by: Chris Evich <cevich@redhat.com>
Setup and execute podman machine testing on bare-metal M1 Macs
using a pool of shared and semi-persistent hosts. Automated
and manual processes outside this repository are responsible
for providing and maintaining all hosts. Ref.
https://github.com/containers/automation/tree/main/mac_pw_pool
Update the `localmachine` make target to standardize execution
across platforms. Update/simplify podman-machine e2e README to
reflect current reality.
Warning: This CI setup and supporting infrastructure was developed
in favor of expediency vs reliability and stability. There are
many possible failure-modes (known and unknown) which may lead
to undefined test behaviors. Future work may address some of
these as they are encountered or discovered.
[NO NEW TESTS NEEDED]
Signed-off-by: Chris Evich <cevich@redhat.com>
For whatever reason (I don't understand this stuff well) the
`win-podman-machine-main.ps1` script exits successfully despite the
final `Check-Exit` showing a non-zero exit code was detected. Attempt
to fix this by throwing an exception instead of calling `Exit`.
Signed-off-by: Chris Evich <cevich@redhat.com>
Intended to serve as motivation to fix them. Removed from status
aggregator so the failures don't block PR merging. Updated comment text
to reference related open issue, #20548.
Signed-off-by: Chris Evich <cevich@redhat.com>
We're only testing vfs in CI. That's bad. #18822 tried to
remedy that but that only worked on system tests, not e2e.
Here we introduce CI_DESIRED_STORAGE, to be set in .cirrus.yml
in the same vein as all the other CI_DESIRED_X. Since it's 2023
we default to overlay, testing vfs only in priorfedora.
Fixes required:
- e2e tests:
- in cleanup, umount ROOT/overlay to avoid leaking mounts
- system tests:
- fix a few badly-written tests that assumed/hardcoded overlay
- buildx test: add weird exception to device-number test
- mount tests: add special case code for vfs
- unprivileged test: disable one section that is N/A on vfs
Signed-off-by: Ed Santiago <santiago@redhat.com>
This change will allow RHEL subscriptions from the host to flow
to internal containers.
Fixes: https://github.com/containers/common/issues/1735
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Followup to #20318: now that sqlite is the podman default,
enforce that in CI as well. Test boltdb only in Prior Fedora.
In the process, discovered & cleaned up some duplication
and unused YAML anchors.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The podman in `ubuntu-latest` environment apparently is too old to
support `--userns=keep-id:uid=1000,gid=1000`. Employ workaround in GHA
workflow and in `prebuild.sh` check.
Signed-off-by: Chris Evich <cevich@redhat.com>
As an effort to catch potential secrets and/or credential leaks, add a
github-actions workflow which is untouchable in a PR context.
To additionally guard against accidents, also check recent branch
history. This is especially important on newly created
release-branches, which may begin with content from who-knows-where.
Finally, since the new workflow bypasses PR-level changes to the scanner
config and base-line. Add a Cirrus-CI invocation of the scanning tool
to help catch tool-breaking changes from being merged.
Signed-off-by: Chris Evich <cevich@redhat.com>
Also, de-duplicate power-shell variables and functions as they're
beginning to sprawl. This does not completely address all duplicates,
mainly those involved in the podman-machine CI workflow. So,
nothing under `contrib/win-installer` has been touched.
[NO NEW TESTS NEEDED]
Signed-off-by: Chris Evich <cevich@redhat.com>
The `v4.3.1` version of the library defines a common
`passthrough_envars()` so it doesn't need to be duplicated in podman and
buildah CI. It also includes an update to build-push which should make
debugging easier.
Finally, these images include setting of the en_US.UTF-8 locale to enable
removal of a workaroud in a future commit.
Signed-off-by: Chris Evich <cevich@redhat.com>
When you run e2e tests locally they use CNI unless the NETWORK_BACKEND
env was set to netavark. Because our main focus is on netavark we should
test it by default.
For local tests this should help to prevent CNI/netavark conflicts as I
assume most systems where people run tests on are on netavark by now.
For CI testing we hardcode NETWORK_BACKEND there to test both netavark
(on current fedora) and CNI (prior fedora). MAke sure to switch the
logic in the CI setup to reflect that.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit installs `crun-wasm` and `wasmedge-rt` in the FCOS image at
https://quay.io/repository/podman/fcos .
- crun-wasm is installed from rhcontainerbot/podman-next
- wasmedge-rt is installed from the official Fedora repos
Packages in Containerfile have also been rearranged in alphabetical
order.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Ashley Cui
openshift-merge-bot[bot]
Chris Evich
Jake Correnti
Ed Santiago
Lokesh Mandvekar
Anjan Nath
Daniel J Walsh
Christophe Fergeau
Łukasz Stolcman
Brent Baude
Jason T. Greene
Sander Maijers
Giuseppe Scrivano
Chris Evich
Urvashi Mohnani
OpenShift Merge Robot
Paul Holzinger
Lokesh Mandvekar