This change will allow RHEL subscriptions from the host to flow
to internal containers.
Fixes: https://github.com/containers/common/issues/1735
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Followup to #20318: now that sqlite is the podman default,
enforce that in CI as well. Test boltdb only in Prior Fedora.
In the process, discovered & cleaned up some duplication
and unused YAML anchors.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The podman in `ubuntu-latest` environment apparently is too old to
support `--userns=keep-id:uid=1000,gid=1000`. Employ workaround in GHA
workflow and in `prebuild.sh` check.
Signed-off-by: Chris Evich <cevich@redhat.com>
As an effort to catch potential secrets and/or credential leaks, add a
github-actions workflow which is untouchable in a PR context.
To additionally guard against accidents, also check recent branch
history. This is especially important on newly created
release-branches, which may begin with content from who-knows-where.
Finally, since the new workflow bypasses PR-level changes to the scanner
config and base-line. Add a Cirrus-CI invocation of the scanning tool
to help catch tool-breaking changes from being merged.
Signed-off-by: Chris Evich <cevich@redhat.com>
Also, de-duplicate power-shell variables and functions as they're
beginning to sprawl. This does not completely address all duplicates,
mainly those involved in the podman-machine CI workflow. So,
nothing under `contrib/win-installer` has been touched.
[NO NEW TESTS NEEDED]
Signed-off-by: Chris Evich <cevich@redhat.com>
The `v4.3.1` version of the library defines a common
`passthrough_envars()` so it doesn't need to be duplicated in podman and
buildah CI. It also includes an update to build-push which should make
debugging easier.
Finally, these images include setting of the en_US.UTF-8 locale to enable
removal of a workaroud in a future commit.
Signed-off-by: Chris Evich <cevich@redhat.com>
When you run e2e tests locally they use CNI unless the NETWORK_BACKEND
env was set to netavark. Because our main focus is on netavark we should
test it by default.
For local tests this should help to prevent CNI/netavark conflicts as I
assume most systems where people run tests on are on netavark by now.
For CI testing we hardcode NETWORK_BACKEND there to test both netavark
(on current fedora) and CNI (prior fedora). MAke sure to switch the
logic in the CI setup to reflect that.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit installs `crun-wasm` and `wasmedge-rt` in the FCOS image at
https://quay.io/repository/podman/fcos .
- crun-wasm is installed from rhcontainerbot/podman-next
- wasmedge-rt is installed from the official Fedora repos
Packages in Containerfile have also been rearranged in alphabetical
order.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Followup on #19477
Remove commented out cirrus task for fcos image build with podman-next
and add 2 github actions: 1 for running a simple uni-arch image build
on every PR and another to actually build multiarch images and push to
quay after merge.
`podman --version` will also include git short sha for clarity.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Every few months we get a new CI failure that requires
scanning through logs that give no indication of what
is happening or where. Tracking down the error can
cost many hours.
Solution: pepper cirrus scripts with showrun(), which echoes
the command _and_ displays the source filename + lineno.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Prevent future occurrences of #19894, by making upgrade tests
run any time there's a change to system tests. That's overly
broad: upgrade tests only rely on test/system/helpers.bash,
not test/system/anything-else. IMHO the cost of CI breaking
is higher than the cost of running unnecessary jobs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
These jobs have been failing since early August due to
technical/scripting problems. Disable/remove entirely since a fix is
unlikely to be implemented anytime soon.
Ref: Abandoned recent attempt at debugging
https://github.com/containers/podman/pull/19720
Signed-off-by: Chris Evich <cevich@redhat.com>
The `contrib/hello` directory is needed for some CI tests here and in
buildah. Further, the build job that produces images from this
directory are currently broken. Disable the build job, and updte
the README.md to point people at the replacement repo. for this content.
Ref: https://github.com/containers/podman/pull/19730
Signed-off-by: Chris Evich <cevich@redhat.com>
This reverts commit 7e0130f75c.
It broke CI, not just on podman but on Buildah too. Buildah bud
tests require the hello subdirectory.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Make sure the en_US.UTF-8 locale is available so that we can use it in
tests, namely "podman logs with non ASCII log tag succeeds with env".
It is already there in fedora (except container image but we cannot use
journald there anyway) so only do this for debian. I think it makes
most sense to move this into the image build process in the future to
only do it once at build time.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The socket can already exist and is not removed by disabling the systemd unit,
hence it needs to be deleted to get a "vanilla" system. This is a temporary
workaround suggested in:
https://github.com/containers/podman/pull/19478#issuecomment-1665350945
[NO NEW TESTS NEEDED] - this is a CI fix
Signed-off-by: Dan Čermák <dcermak@suse.com>
This was replaced by the setup.exe burn installer several releases ago,
and only kept around as a fallback. Remove it since it is no longer
maintained and not recommended for use.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
containers
We need to remove /var/tmp/container_images_* and
/var/tmp/container_images_* which are podman temporary directories on each
boot which are created when creating containers from oci-archive tarballs
or other pull operations.
Signed-off-by: Joe Doss <joe@solidadmin.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Podman is basically unusable without cgo, checking if it compiles
without adds no value and just tricks people into thinking it works when
it does not.
This means we do not need extra to NOP out a lot of cgo calls with
functions that just return an error like `XXX is not supported without
cgo`.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Using a FreeBSD VM allows building a functioning binary via 'make
podman-release'. This uses Cirrus' freebsd_instance which provisions VMs
on Google Compute Engine.
I attempted to add FreeBSD binaries to the artifacts task but this
failed, apparently because the extra 50Mb of space exceeded a 1Gb limit
in Cirrus.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
When an e2e test fails in AfterEach, ginkgo "helpfully" adds
a heading in that test log block:
TOP-LEVEL [AfterEach]
/path/to/source.go
Podman Desc Blah
That TOP-LEVEL line screws up our in-page links. Ignore it
both in the heading and in the bottom failure-summary lines.
Add test, including tests for bottom-summary.
Signed-off-by: Ed Santiago <santiago@redhat.com>
In debian environment we are hitting an edge-case where older buildah
version is not compatible with newer podman version because both of them
are using different storage driver.
I.e
* Podmand defaults to native `overlay`.
* Older buildah version defaults to `vfs`.
See discussions below for more details
* containers#18510 (comment)
Co-authored-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Aditya R <arajan@redhat.com>
Ginkgo test names can have more than two levels: there can be
a nested series of Describes() before the final It(). (e.g.,
quadlet_test.go). Handle that.
Before: we just assumed that the third-or-maybe-fourth line
after a "-----" divider was the test name.
Now: examine every line after the "-----" divider, until the
first empty line. Lines with /path/to/source/file are ignored,
lines with text strings are assembled together to make anchors.
This is still imperfect but it's much better than before.
SPECIAL NOTE: in order to allow linking to timing results
in the AfterSuite, I've changed the test name from Leaf to Full.
This will now be a much longer string, and hence much less
readable, but I'm inclined to think it's more correct. Please
review carefully and lmk if I should revert.
Finally, as an unrelated add-on, add links (at top) to original
log, journal, and (if applicable) podman-remote server logs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Fix an oops in my ginkgo-v2 handling: subtest-status was
getting re-reset back to "passed", resulting in incorrect
and misleading green titles on failed tests.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Instrument system tests in hopes of tracking down #17216,
the unlinkat-ebusy-hosed flake.
Oh, also, timestamp.awk: timestamps have always been UTC, but
add a 'Z' to make it unambiguous.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Rather than supporting a special-mode *just* for netavark/aardvark
testing [in podman CI], support testing with all the latest
`podman-next` COPR packages.
The idea here is very similar to the netavark/aardvark special mode it
replaces. Most podman-dependencies do not have the level of
comprehensive CI as exist here. This new CI-mode allows testing
upstream updates to podman-dependencies without needing to roll out
a whole new package/release for them.
Also update documentation for this new mode.
Signed-off-by: Chris Evich <cevich@redhat.com>
This magic string isn't often used and may cause confusion with future
magic-string additions. Remove it.
Signed-off-by: Chris Evich <cevich@redhat.com>
Daniel J Walsh
Ed Santiago
Chris Evich
Chris Evich
Urvashi Mohnani
OpenShift Merge Robot
Paul Holzinger
Christophe Fergeau
Lokesh Mandvekar
Jason T. Greene
Peter Hunt
Dan Čermák
Doug Rabson
Aditya R
Anjan Nath