When constructing VM cache-images, the latest/greatest podman package is
installed to ensure all necessary dependencies are met. Prior to
testing source-built binaries, most of of the packaged files are removed.
However, if the `io.podman` service or socket is enabled/running, it
could cause the packaged podman and varlink binaries to be both resident
and cached. Since this condition would cause very difficult to diagnose
behaviors, add preventative measures to ensure these services are absent
prior to removing packaged podman files.
Signed-off-by: Chris Evich <cevich@redhat.com>
This is mostly used with Systemd, which really wants to manage
CGroups itself when managing containers via unit file.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
In the Dockerfiles that are used to build the podman images on
quay.io, we were changing the events_logger from journald to
file in libpod.conf, but we weren't enabling it as we didn't
remove the comment. This corrects that and addresses: #3464
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Also add fixes to help prevent 'fatal: Invalid revision range' error.
Should obtaining all authors from the range still fail, only grab the
HEAD commit author as a fallback.
Signed-off-by: Chris Evich <cevich@redhat.com>
Rather than spamming the podman channel with impersonal success
messages referring to PR numbers, mention the author by nick name
and include the PR title and link.
Also avoid needless logging of all bot-script interactions with
IRC when there is no error detected.
Signed-off-by: Chris Evich <cevich@redhat.com>
Rather than hard-coding all four base-image env. var name,
load the values based on the shared variable name suffix.
Thanks to Ed Santiago <santiago@redhat.com> for the suggestion.
Signed-off-by: Chris Evich <cevich@redhat.com>
The initial implementation was far more complicated than necessary.
Strip out the complexities in favor of a simpler and more direct
approach.
Signed-off-by: Chris Evich <cevich@redhat.com>
Specifically pertaining to executing tests in google cloud, there are
default, pre-allocated class-a subnetworks for each region (data-center).
Each includes a gateway using a `.1` LSB and all are routable from other
regions in google cloud via these gateways.
Because the default CNI configuration also utilizes class-a subnetworks,
this creates the possibility for IPv4 address-space clashes. Since the
default regional cloud subnets are pre-defined/known, preventing clashes
can be accomplished by seeding these subnets in a dummy CNI configuration.
The default behavior of podman is to grab the highest priority CNI
configuration. Name the dummy config. appropriate so it always loads
last. Also name the bridge itself with an obvious name `do-not-use`,
such that any related testing errors should be easier to debug.
Also:
* Minor cleanup of `install_test_configs()`
* Move install_test_configs in `setup_environment.sh` to after possible
run of `remove_packaged_podman_files()` because that also strips out
`/etc/cni/net.d/87-podman-bridge.conflist`.
Signed-off-by: Chris Evich <cevich@redhat.com>
This enables user to interact with varlink and create/manage rootless
containers through it.
Using as:
`varlink call unix:/run/user/1000/podman/io.podman/io.podman.ListContainers`
Signed-off-by: Matej Marusak <mmarusak@redhat.com>
Requirement from https://github.com/containers/libpod/issues/3575#issuecomment-512238393
Added --pull for podman create and pull to match the newly added flag in docker CLI.
`missing`: default value, podman will pull the image if it does not exist in the local.
`always`: podman will always pull the image.
`never`: podman will never pull the image.
Signed-off-by: Qi Wang <qiwan@redhat.com>
as issue #2702 describes, we want to make podman and podman-remote as
part of make install.
Fixes: #2702
Signed-off-by: baude <bbaude@redhat.com>
avoid `make` in `make install` in the rpmbuild process.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
This is mainly/initially to support use of Cirrus-CI
in https://github.com/containers/buildah since that setup
re-uses the VM images from this project. However, it also
opens doors here, if libpod ever needs/wants to do things
with a dedicated storage device and/or storage-drivers.
Signed-off-by: Chris Evich <cevich@redhat.com>
The release-task ***must*** always execute last, in order to guarantee a
consistent cache of release archives from dependent tasks. It
accomplishes this by verifying it's task-number matches one-less than
the total number of tasks. Previous to this commit, a YAML anchor/alias
was used to avoid duplication of the dependency list between 'success'
and 'release'
However, it's been observed that this opens the possibility for
'release' and 'success' tasks to race when running on a PR. Because
YAML anchor/aliases cannot be used to modify lists, duplication is
required to make 'release' actually depend upon 'success'.
This duplication will introduce an additional maintenance burden.
Though when adding a new task, it's already very easy to forget to
update the 'depends_on' list. Assist both cases by the addition
unit-tests to verify ``.cirrus.yml`` dependency contents and structure.
Signed-off-by: Chris Evich <cevich@redhat.com>
This task depends upon other tasks caching their binaries. If for
whatever reason the `release` task is re-run and/or is out-of-order
with it's dependents, the state of cache will be undefined. Previously
this would result in an error, and failing of the release task.
This commit alters this behavior to issue a warning instead.
Signed-off-by: Chris Evich <cevich@redhat.com>
It's somewhat hard to predict which units are certinly present
for any given base-image. Therefore, at image-build time, it's
distracting and unhelpful to see all the errors about units that
don't exist, on every platform. Simply ignore them and rely on
the `check_image.sh` test to confirm none are enabled.
Signed-off-by: Chris Evich <cevich@redhat.com>
For CI testing, it's important to remove as much variability from the
overall system as possible. This permits focusing just on problems
closely related to code-changes. To this end, and because VMs are very
short-lived (2 hours at most), disable all systemd services and timers
which perform periodic activities.
Signed-off-by: Chris Evich <cevich@redhat.com>
Various tasks and scripts behave differently depending on whether or not
the build is running against a PR or on a branch, post-merge. However,
a great number of them are hard-coded to the string 'master' as the
destination. Since this is not always the case (there are other
relevant branches), it makes sense to abstract the references with a
single definition.
Add a top-level `$DEST_BRANCH` variable to CI, and otherwise
default to 'master' when unset. This enables running CI builds on
additional branches without the overhead of updating all the static
references to 'master'. Simply update `$DEST_BRANCH` at the top-level
and all branch-conditional logic will function as intended.
Signed-off-by: Chris Evich <cevich@redhat.com>
Over time unless they're removed, the project could grow quite a large
collection of VM images. While generally cheap (less than a penny each,
per month), these will become a significant cost item if not kept
in-check.
Add a specialized container for handling image-pruning, but limit
it to only finding and printing (not actually deleting) images.
Also update the image-building workflow so that base-images used to
compose cache-images are also labeled with metadata.
N/B: As an additional safeguard, the service account which
executes the new container in production *DOES NOT*
have access to delete images. This can be enabled
by adding the GCE IAM role: CustomComputeImagePrune
Signed-off-by: Chris Evich <cevich@redhat.com>
It's desirable to make archives available of builds containing actual
tested content. While not official distro-releases, these will enable
third-party testing, experimentation, and development for both branches
(e.g. "master") and pull requests (e.g. "pr3106").
* Add a Makefile targets for archiving both regular podman binaries
and the remote-client. Encode release metadata within these
archives so that their exact source can be identified.
* Fix bug with cross-compiling remote clients for the Windows and Darwin
platforms.
* Add unit-testing of cross-compiles for Windows and Darwin platforms.
* A few small CI-script typo-fixes
* Add a script which operates in two modes:
1. Call Makefile targets which produce release archives.
Upload the archive to Cirrus-CI's built-in caching system
using reproducible cache keys.
2. Utilize reproduced cache keys to attempt download of cache
from each tasks. When successful, parse the file's
release metadata, using it to name the archive file. Upload
all recovered archives to a publicly accessible storage bucket
for future reference.
* Update the main testing task to call the script in mode #1 for
all primary platforms.
* Add a new `$SPECIALMODE` task to call the script in mode #1 for
Windows and Darwin targets.
* Add a new 'release' task to the CI system, dependent upon all other
tasks. This new tasks executes the script in mode #2.
* Update CI documentation
Signed-off-by: Chris Evich <cevich@redhat.com>
Building/installing dependencies from fixed source-version ensures
testing is reliable, but introduces a maintenance burden and
risks testing far outside of a real-world environment. The
sensible alternative is to install dependencies from distro-packaging
systems.
Install all development and testing dependencies at VM cache-image build
time, to help ensure testing remains stable. The existing cache-image
build workflow can be utilized at any future time to build/test
with updated packages.
***N/B***: This does not update any dockerfiles used by testing, that is
left up to future efforts.
Signed-off-by: Chris Evich <cevich@redhat.com>
I'm running the BATS tests manually once in a while, and
catching several problems each week that make it past
the rest of CI. Since the BATS tests run at RPM gating
time, we need to catch problems earlier. Try running
the tests from Cirrus.
Tests will be skipped on Ubuntu due to a too-ancient
version of coreutils (8.28; the 'timeout -v' we use
requires 8.29).
Tests are run *after* integration tests, even though
these take three minutes and would be nice to have
fail quickly, because running before causes bizarre
CI failures. Shrug.
UPDATE: also fix run test, broken by #3311.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The original solution using --wait does not function on F30, waiting
forever. Replace it with a simple 5-minute timeout loop.
Signed-off-by: Chris Evich <cevich@redhat.com>
Remove disused `build_cache_images` task, and
update relevant dockerfiles for F30.
Fix problem of cloud-init failing to expand root-device on boot
(/var/lib/cloud/instance left in improper state).
Fix problem of cloud-init racing with google-network-daemon.service on
boot (looking for cloudconfig metadata too early). Causing
root-device to _sometimes_ fail to expand.
Fix problem of hack/get_ci_vm.sh argument passing.
Signed-off-by: Chris Evich <cevich@redhat.com>
The upstream/Dockerfile had a few issues that this
cleans up. A few files were misplaced, wrong installs
and removes. This corrects those issues.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
With multiple `containers` projects updating VM Image metadata,
it would be very difficult to discover which Cirrus-CI setup
was responsible. Add the GCE project name to the list
of metadata labels to update when this container runs. This
will give more context as to which images are currently in use.
Signed-off-by: Chris Evich <cevich@redhat.com>
...with the goal of (very soon) reusing this code, in #2947,
to run system tests in CI. This is the cleanest way I can
think of to do so without duplication or a large maintenance
burden.
Changes are:
- replace references to 'ginkgo' with 'integration'. That
target is already in Makefile, and is not only more
readable, it's also more abstract. There is no reason
for this level of code to know about ginkgo.
- allow rootless_test.sh to accept an argument,
that being the name of the test suite to run
(default: integration). #2947 will enable 'system'.
- allow integration_test.sh to serve multiple purposes,
by checking its filename. #2947 will add a symlink,
system_test.sh, which will then cascade down to
invoke system tests.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The Dockerfiles necessary to create the stable, testing and upstream container images
on quay.io/user/podman. Once this is commited, I will set up those images
such that they will be built with every git commit.
stable - Latest Fedora release image
testing - Latest release on bohdi Fedora testing
upstream - Latest version in upstream podman
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>