Change the script to generate two files. One including direct
dependencies, the other including direct and transitive dependencies.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Move the analyses scripts to the dependencies directory to avoid
scattering of the dependency management.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The script allows for analyzing the symbols of a go binary passed as an
argument. The tabular output looks as follows:
336 unicode/utf8.DecodeLastRune
323 unicode/utf8.DecodeLastRuneInString
518 unicode/utf8.DecodeRune
518 unicode/utf8.DecodeRuneInString
337 unicode/utf8.EncodeRune
The first column indicates the size in bytes of the symbol in the second
column. Note that only text symbols are considered, other symbols from
the data or the bss segment are ignored to avoid information overload.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Analyse the size of all go-packages used during the build process via
the newly added `hack/analyses/go-archive-analysis.sh` script. The
script expects the `WORK` environment variable to be set, which points
to a temporary work directory generated by `go build`. To generate such
a work directory, set the `BUILDFLAGS="-work -a"`:
* `-work` for creating the work directory
* `-a` to force rebuilding all packages even when already cached
The workflow may look as follows:
```
$ BUILDFLAGS="-work -a" make podman
[...]
WORK=/tmp/go-build127001249
$ WORK=/tmp/go-build127001249 ./hack/analyses/go-archive-analysis.sh
```
The output of the script has the format `$SIZE $PACKAGE` where $SIZE is
the size of the compiled version of the go package (i.e., `.a` file) and
$PACKAGE for the corresponding package, for instance, `math/big` for a
stdlib package or vendor/... for vendored packages.
Credits to the authors of https://github.com/jondot/goweight, which
inspired this work.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
An image with "HEALTHCHECK CMD ['']" is valid but as there is no command
defined the healthcheck will fail. Reject such a configuration.
Fixes#3507
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
If the image was built with "HEALTHCHECK NONE" then we should create a
container without healthcheck configuration. Otherwise executing the
healthcheck on the container will return "unhealthy" instead of the
correct error message that the container doesn't have a healthcheck.
We also ignore the healthcheck configuration if the command list is
empty or the command string is empty.
Fixes#3525
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
If the image doesn't provide any options, e.g. interval, timeout, etc.,
then apply the Docker defaults when creating the container. Otherwise
the defaults will be left 0 and podman doesn't schedule the healtcheck
service & timer for the container or incorrectly reports unhealthy state
when the check is executed.
Fixes#3525
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
- remove duplicate check, already called in HealthCheck()
- reject zero-length command list and empty command string as errorneous
- support all Docker command list keywords: NONE, CMD or CMD-SHELL
- use Docker default "/bin/sh -c" for CMD-SHELL
Fixes#3507
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
Various tasks and scripts behave differently depending on whether or not
the build is running against a PR or on a branch, post-merge. However,
a great number of them are hard-coded to the string 'master' as the
destination. Since this is not always the case (there are other
relevant branches), it makes sense to abstract the references with a
single definition.
Add a top-level `$DEST_BRANCH` variable to CI, and otherwise
default to 'master' when unset. This enables running CI builds on
additional branches without the overhead of updating all the static
references to 'master'. Simply update `$DEST_BRANCH` at the top-level
and all branch-conditional logic will function as intended.
Signed-off-by: Chris Evich <cevich@redhat.com>
Fix Docker CLI compatibility issue: the "--healthcheck-command" option
value should not be split but instead be passed as single string to
"CMD-SHELL", i.e. "/bin/sh -c <opt>".
On the other hand implement the same extension as is already available
for "--entrypoint", i.e. allow the option value to be a JSON array of
strings. This will make life easier for tools like podman-compose.
Updated "--healthcheck-command" option values in tests accordingly.
Continuation of #3455 & #3507
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
do not automatically enable the controllers for the last path
component. It is necessary as once there are enabled controllers in a
cgroup, it won't possible to add processes to it.
Fix conmon being moved to the correct cgroup path when using
--cgroup-manager cgroupfs.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
when the container is running in a user namespace, check if gid=5 is
available, otherwise drop the option gid=5 for /dev/pts.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This flag passes the host environment into the container. The basic idea is to
leak all environment variables from the host into the container.
Environment variables from the image, and passed in via --env and --env-file
will override the host environment.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
be sure to load all the existing handlers, so that they can also be
freed in addition to the handlers we treat differently.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Using pod removal worked, but container removal was missing the
most critical step - the actual removal. Must have been
accidentally removed during a refactor.
Fixes#3556
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
