Followup to #22270: wherever possible/practical, extend command
error checks to include explicit exit status codes and error strings.
This commit handles a subset of test/e2e/pod_xxxx_test.go
(I stopped before this grew too huge for review)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Followup to #22270: wherever possible/practical, extend command
error checks to include explicit exit status codes and error strings.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Frequent but intermittently, the stale issue and PR locking workflow
generates the error:
```
You have exceeded a secondary rate limit. Please wait a few minutes
before you try again. If you reach out to GitHub Support for help,
please include the request ID XYZ
```
According to upstream `dessant/lock-threads` issue 48, this seems to be
coming from the GitHub side (bug/feature/limitation), since the action
uses an official github API rate-limiting library. It's unlikely related
to which style/syntax of github token is used, nor if the action is
executed concurrently across multiple repos.
According to the rate-limiting docs:
https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28#about-secondary-rate-limits
it's possible the issue is caused due to an unknown aspect of the clause:
```
These secondary rate limits are subject to change without notice. You
may also encounter a secondary rate limit for undisclosed reasons.
```
The same docs indicate Github Apps have enhanced rate-limits which
scale with the org's repo count. Attempt to fix the intermittent
failures by making use of a new, dedicated, org-specific, private "Stale
Locking App" I recently created. This requires the addition of a new
action to the workflow that obtains a short-lived token for passing to
lock-threads.
Note: Because both `vars.STALE_LOCKING_APP_ID` and
`secrets.STALE_LOCKING_APP_PRIVATE_KEY` are defined at the
containers-organization level, the Buildah and Skopeo re-use
of this workflow should continue to function normally w/o change.
Signed-off-by: Chris Evich <cevich@redhat.com>
..to match the version in root dir, to get rid of the mismatch
warning on every ginkgo run.
I still don't understand why renovatebot isn't doing this.
(Also, touch a file under e2e, to force tests to run)
Signed-off-by: Ed Santiago <santiago@redhat.com>
AppleHV accepts a max 36 bytes for mount tags. Instead of using the fully qualified path for the mount tag, SHA256 the path, and truncate the shasum to 36 bytes.
Also correctly escape dashes in mounted paths.
Signed-off-by: Ashley Cui <acui@redhat.com>
Because the test left the image mounted the cleanup failed to remove the
tmpdir as it contained an active mount point. Thus ensure we unmount the
image again to prevent this leak.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Using /tmp means this file will be leaked and no deleted, switch to
using the per test tempdir which is removed after the test.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
TMPDIR is typically /tmp which is typically(*) a tmpfs.
This PR ignores $TMPDIR when $CI is defined, forcing all
e2e tests to set up one central working directory in /var/tmp
instead.
Also, lots of cleanup.
(*) For many years, up to and still including the time of
this PR, /tmp on Fedora CI VMs is actually NOT tmpfs,
it is just / (root). This is nonstandard and undesirable.
Efforts are underway to remove this special case.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Cache cleanups only happen if there is a cache miss, and we need to pull a new image
For quay.io/podman/machine-os, we remove all old images from the cache dir. This means we will delete any file that exists in the cache dir; this should be safe to do since the machine pull code should be the only thing touching this cache dir. OCI machine images will always have a different manifest, and won’t be updated with the same manifest, so if the version moves on, there isn’t a reason to keep the old version in the cache, it really doesn’t change.
For Fedora (WSL), we use the cache, so we go through the cache dir and remove any old cached images, on a cache miss. We also switch to using ~/.local/share/containers/podman/machine/wsl/cache as the cache dir rather than ~/.local/share/containers/podman/machine/wsl. Both these behaviors existed in v4.9, but are now added back into 5.x.
For generic files pulled from a URL or a non-default OCI image, we shouldn’t actually cache, so we delete the pulled file immediately after creating a machine image. This restores the behavior from v4.9.
For generic files from a local path, the original file will never be cleaned up
Unsure how to test, so:
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
This PR adds libkrun support to podman machine. This is an experimental feature and should not be marketed yet. Before we unmark the experimental status on this function, we will need to have full CI support and a full podman point release has pased.
This work relies on the fact that vfkit and libkrun share a reasonably (if not perfectly) same API. The --log-level debug option will not show a GUI screen for boots as krun is not capable of this.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The fedora image reviewers wanted to use for make validatepr is not
being being built as a multiarch image. Use quay.io/libpod/validatepr
instead.
Signed-off-by: Brent Baude <bbaude@redhat.com>
It is not clear why rootless was forced to the cgroupfs manager when
systemd is the default. In any case it causes local test failures as
described in the issue[1]. Using systemd manager makes them pass as
expected, I don't know enough aout cgroups to know the difference and
why certain tests have bad asumptions but this fixes it.
[1] https://github.com/containers/podman/issues/22474
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Both tests need the podman-registry script in $PATH, this never worked
locally as only the cirrus specific CI setup scripts configured this.
To make it work correctly locally add the hack dir to $PATH for these
Makefile targets.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This doesn't do anything and I was unable to find anything in the git
history when or why it was added. The HACK var is just adding another
directory to the ginkgo argument list. As the only arg used was the
"./hack" dir which does not contain any go files it does nothing
besides confusing me about its purpose.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When the source dir is already mounted noexec, nodev or nosuid then a
rootless user cannot mount the dir into the container without these
options for obvious reasons.
So in order to run the test we must ensure the dir is mounted with these
options first, if they are simply skip as the test will fail otherwise.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When you run locally with a higher oom_score_adj then the one used in
the test podman will print a warning and not set the oom lower then the
current value. Thus use 999 as value which should only cause problems
for users with oom_score_adj value of 1000 (max value) which seems
unlikely.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
