This ended up slightly more complicated than anticipated, tin part
because golangci-lint v2 dropped support for --exclude-dirs, so
linter issues with GOOS=windows and GOOS=darwin which were previously
ignored had to be fixed now.
This is also the reason why the ./hack/golangci-lint was simplified.
In addition, it now runs linters on Linux without systemd tag set.
Tested locally with:
for OS in linux windows darwin; do GOOS=$OS ./hack/golangci-lint.sh; done
Linting for GOOS=linux
+ ./bin/golangci-lint run --build-tags=apparmor,seccomp,selinux
0 issues.
+ ./bin/golangci-lint run --build-tags=apparmor,seccomp,selinux,systemd
0 issues.
+ ./bin/golangci-lint run --build-tags=apparmor,seccomp,selinux,remote
0 issues.
Linting for GOOS=windows
+ ./bin/golangci-lint run --build-tags=remote,containers_image_openpgp
0 issues.
Linting for GOOS=darwin
+ ./bin/golangci-lint run --build-tags=remote,containers_image_openpgp
0 issues.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
As of commit d4c7ca39f ("update c/{buildah,common,image,storage} to
latest main") no dependencies use exclude_graphdriver_devicemapper tag.
This (hopefully) concludes the work of removing devicemapper graph
driver.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Automatically generate our GitHub release.
This GitHub action is traggered on a tag push, or manually. After a the trigger, all artifacts are built, including linux, mac, and windows installers. After everything is built, the release is automatically generated on our GitHub, and an email notification is sent out.
Our old actions are marked deprecated, and now can only be triggered manually. Leave them as-is otherwise, as a backup, so we have a tried-and-tested way of generating images, just in case this new action goes wrong.
Signed-off-by: Ashley Cui <acui@redhat.com>
- exportloopref is deprecated and deactivated so it should be removed
from the disable list.
- tenv is deprecated and was replaced by usetesting
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When trying to pass a string with spaces that broke the go command cli
parsing, the full argument must be put in quotes to avoid escaping
issues.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
BuildOrigin is a field that can be set at build time by packagers. This helps us trace how and where the binary was built and installed from, allowing us to see if the issue is due to a specfic installation or a general podman bug. This field shows up in podman version and in podman info when populated. Note that podman info has a new field, Client, that only appears when running podman info using the remote client.
Automatically set the BuildOrigin field when building the macOS pkginstaller to pkginstaller.
Usage: make podman-remote BUILD_ORIGIN="mypackaging"
Signed-off-by: Ashley Cui <acui@redhat.com>
Fix new issues found by usetesting, mainly we should use t.TempDir() in
test which makes the code better as this will be removed on test end
automatically so no need for defer or any error checking.
Also fix issues reported by exptostd, these mainly show where we can
switch the imports to the std maps/slices packages instead of the
golang.org/x/exp/... packages.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In #24034 more variables were added to the envsubst input, but there is no
escaping with envsubst, so the resulting bash script never used
XDG_CONFIG_HOME. Also it replaced HOME with the build time HOME env
var breaking the runtime subsitution, resulting in something bogus like:
[ -e "\${XDG_CONFIG_HOME-\/home/build/.config}/containers/nodocker" ]
Fix by telling envsubst to just replace BINDIR and ETCDIR and remove
the broken escaping in the envsubst input.
Signed-off-by: Christoph Reiter <reiter.christoph@gmail.com>
Exit status was being lost due to sequential bats invocations.
Solution: preserve exit status of first (serial) run,
and skip parallel tests if those fail.
I am so, so sorry.
Signed-off-by: Eduardo Santiago <ed@edsantiago.com>
- fix issues found by recvcheck
- skip k8s files from recvcheck
- remove two removed linters gomnd and execinquery
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We never want the toolchain as the default is to use the same as the go
version. So the only purpose of toolchain is to force a newer compiler
than necessary which we do not want as we are getting build by many
different distributions and block builds that would otherwise work fine
is just not helpful to anyone.
Also update the go.mod comments remind people that there should be no
toolchain. The make vendor target with the toolchain will now guarantee
this so the CI will fail otherwise.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In the user session there is no boot-complete.target so the Requires=
fails. We do not need it and I am not sure if we need it for the root
unit either but I deicded to keep it there to not change anything and
for the user session we patch it out.
I patched this in the Makefile, while we could try to define two
different source files for that it would make the Makefile logic even
more complicated. In particular as this file is a .in we would need to
add it to PODMAN_GENERATED_UNIT_FILES and then somehow fix the loop. To
much work IMO so the sed trick to patch the user file is simpler.
Fixes#23790
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This service is meant to be used by quadlet as replacement for
network-online.target as this does not work for rootless users.
see #22197
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Use a single loop for both the user and system service so we do not have
to duplicate the full paths every time.
In particular we can use `$^` to list all dependecies and then add the
not generated files to the loop as well to simplify this. And to make
things clear rename PODMAN_UNIT_FILES to PODMAN_GENERATED_UNIT_FILES so
readers immediately know they are generated and are safe to delete in
contrast to the .socket/.timer unit that are not and part of the git
history.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The current podman-release-%.tar.gz target does a lot more then just
checking if we can build for the given arch, in particular it first
builds a local podman-remote for the remote-docs.sh script. This makes
things slow as we compile several things and then builda and package the
docs. Given the docs are not arch specific there is realy no point in
doing all that work. All we care about is if the bianries can build on
other arches to catch compile issue for otherwise untested arches.
This should make the CI Alt Arch. tasks much faster.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This target runs several scripts in serial but they do not have any
dependencies so we can split them all into their own target so that make
-j can run the targets in parallel to speed this up.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This fixes a regression that causes the FOCUS option to not work
correctly as the --silence-skips is passes to --focus not as extra
option.
Fixes 23f256349b ("Makefile - silence skipped tests when focusing on a file")
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
For the past two months we've been splitting system tests
into two categories: those that CAN be run in parallel,
and those that CANNOT. Much work has been done to replace
hardcoded names (mycontainer, mypod) with safename().
Hundreds of test runs, in CI and on Ed's laptop, have
proven this approach viable.
make {local,remote}system now runs in two steps: first
the serial ones, then the parallel ones. hack/bats will
now recognize the 'ci:parallel' tag and add --jobs (nprocs).
This requires some tweaking of leak_check, because there
can be umpteen tests running (affecting image/container/pod/etc
state) when any given test completes.
Rules for enabling parallelization in tests:
* use unique container/pod/volume/network names (safename)
* do not run 'podman rm -a' or 'rmi -a'
* never use the -l (--latest) option
* do not run 'podman ps/images' and expect precise output
Signed-off-by: Ed Santiago <santiago@redhat.com>
This is a follow up to 5389eee737
to add rooltess.md information to man pages to help users
discover solutions to troubleshooting and rooless issues.
Specicifally I was surprised when binding to ports < 1024 was
not covered in podman-troubleshooting.7 man page.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
It is not used by anybody so we do not have to store these and can safe
some time by not having to generate it even if it is just ~500ms.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Generated at build time from troubleshooting.md. Purpose is
to ship an actual man page to end users.
Much more complicated than initial guess, because there was
a bug in my Makefile man page filtering, the sed expression
that cleans up markdown that does not translate to roff.
All I've done here is reorder some of the expressions,
stripping off https links *before* we process
podman man page links.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Belated followup to #21965.
All this time, we've been creating a socket and running
podman-remote --url /path/to/socket
This dates back to varlink. Remember varlink?
There's no need for it. Let's run podman system service
with no args. That's a more realistic test, and it makes
our logs cleaner as a bonus.
Signed-off-by: Ed Santiago <santiago@redhat.com>
In the RHEL specific branches we want to ensure that all MRs link to
at least one downstream Jira ticket. To do this we add a new test in
validate-source similar to the existing pr-should-include-tests. This
test only runs on actual pull requests.
The syntax for linking to a Jira is "Fixes " or "Fixes: ", followed by
one jira links, like so:
```
Fixes https://issues.redhat.com/browse/RHEL-50506
Fixes: https://issues.redhat.com/browse/RHEL-50506
```
Note: This is the same syntax as for a regular github issue reference.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
As discussed in Aug 13 Cabal, we are almost at a point where
e2e tests are reliably passing on the first try. Let's try to
keep things that way, and not hide future flakes.
Closes: #17967
Signed-off-by: Ed Santiago <santiago@redhat.com>
Previously there were two CI tasks that ended up both testing docker-py
compatibility. Remove the duplicate from the `localapiv2-python` make
target, and symlink the identical requirements file.
Signed-off-by: Chris Evich <cevich@redhat.com>
This contains a fix for a gvproxy crash on macos on fast connections
with heavy network load.
This should fix https://github.com/containers/podman/issues/23114
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Kir Kolyshkin
Mario Loriedo
openshift-merge-bot[bot]
Yevhen Vydolob
Ashley Cui
Paul Holzinger
H Dub
Christophe Fergeau
Christoph Reiter
Eduardo Santiago
renovate[bot]
Gunjan Vyas
Ygal Blum
Ed Santiago
Yaroslav Halchenko
Daniel J Walsh
Alexander Larsson
Chris Evich
Arthur Sengileyev