The `Makefile` makes assumptions about git repo. clone details.
Because fixing the `Makefile` would likely be problematic, fix
the clone operation used on the Mac so that it matches what's used
on Linux.
Also, simplify git repo clone operations. At some point in the
distant past, a git identity was required for CI to function properly.
That has since changed, so remove the unnecessary complexities.
Signed-off-by: Chris Evich <cevich@redhat.com>
There's are sometimes conflicting purposes in podman CI:
1. Have the pipeline proceed in an orderly and progressive manner
to sometimes save resources and unnecessary runtime.
2. Complete all testing as quickly as possible in support of
human-developers moving on to other areas of work.
3. Ideally/hopefully, accomplish both items above safely,
preventing untested and/or unintended changes from merging.
This commit shifts the balance of these slightly more toward the second
point. It rearranges most CI tasks into essentially three buckets with
a single (new) aggregation task in-between the first two:
1. Build + Verify all the things
2. Test all the things
3. Minor/accessory things
The intention is that while we may unnecessarily spin some number of
testing tasks while others have failed, the best-case scenario
(everything passes) has a much shorter runtime. In other words, it
potentially wastes more resources in favor of a chance to have
developers wait less.
Signed-off-by: Chris Evich <cevich@redhat.com>
aardvark-dns, netavark and passt are installed on both debian and
fedora. cri-o-runc is not installed anymore and it just uses the normal
runc package on debian. containers-common is called
golang-github-containers-common on debian and also uses
golang-github-containers-image for further config files from c/image.
This makes sure we correctly log all the package versions on debian
correctly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
According to https://go.dev/ref/mod#module-cache golang will leave
behind read-only bits. It was observed that these cause the find/rm
cleanup operations to fail fail with `permission denied` on thousands
of files. This is preventing cleanup of cruft from unrelated Cirrus-tasks
leading to unnecessary occupation of critical, local-ssd storage space.
Fix this by ensuring the user has at least write access to the entire
contents of `$TMPDIR` and `$HOME`, `ci` subdirs.
Signed-off-by: Chris Evich <cevich@redhat.com>
Ref:
https://github.com/containers/podman/pull/21570#issuecomment-1935709148
This tool is really intended/best used from git pre-commit on developers
local machines, to prevent addition of secret leaks. When used as a
check against PRs, it tends to turn up more false-positives than helpful
warnings. There's no good way to fix this, and maintaining the scanner
is an additional burden. Rather than continue struggling to improve/fix
the situation, let's just remove the tool entirely.
Signed-off-by: Chris Evich <cevich@redhat.com>
Fixes: #21574
The documentation for this image references a quay repository that
doesn't exist. It doesn't appear any of these files have been touched
since late 2022. Instead of updating the docs, let's just remove the
source. It's trivial to recreate if anybody actually needs it for
something.
Users needing to access remote podman can simply use the `podman` binary
present in existing images `quay.io/containers/podman`,
`quay.io/podman/stable`, etc.
Signed-off-by: Chris Evich <cevich@redhat.com>
No longer bother testing any 2.x or 3.x. Only 4.1 and above.
Remove all CNI-related code. CNI is gone.
Add DatabaseBackend tests, confirming that we can handle
both boltdb and sqlite.
Require BATS >= 1.8.0, and use "run -0" to do exit-status checks.
Update docs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
As of this commit, there are several pages worth of lint findings for
windows. Once they're all addressed, this commit may be reverted to
enable continuous checking.
Signed-off-by: Chris Evich <cevich@redhat.com>
Podman v5 will not support cgroups-v1. This commit will print a warning
if it detects a cgroups-v1 system. The warning can be hidden by setting
envvar `PODMAN_CGROUPSV1_WARNING`.
This warning is patched out for RHEL 9 builds as cgroups-v1 will still
be supported on RHEL 9 systems.
Resolves: https://issues.redhat.com/browse/RUN-1957
[NO NEW TESTS NEEDED]
Co-authored-by: Ed Santiago <santiago@redhat.com>
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
Co-authored-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
CNI is deprecated and is build tagged out for 5.0. Don't test it in our CI.
This commit also disables upgrade tests for now - those need more work since the old version of Podman only uses CNI. Upgrade tests will be re-vamped in a later commit.
Signed-off-by: Ashley Cui <acui@redhat.com>
This updates the Windows installer and macOS installer to ship the newer
binaries, as well as the vendored gvisor-tap-vsock code.
[NO NEW TESTS NEEDED]
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Because the podman machine tests normally run at the end of the chain,
it's time consuming for developers to validate machine-only changes.
Support a special CI runtime mode, only when a PR is marked as a draft.
Update related documentation
Also: Only run machine tests on PRs, never for branches or new tags.
Signed-off-by: Chris Evich <cevich@redhat.com>
crun-wasm depends on the same epoch:version-release as crun so
overriding `crun` but not `crun-wasm` will cause installation issues
like:
```
error: Could not depsolve transaction; 1 problem detected:
Problem: package crun-wasm-1.11.1-1.fc39.x86_64 from @System requires crun = 1.11.1-1.fc39, but none of the providers can be installed
- cannot install both crun-102:1.12-1.20231205201336970037.main.19.g90b21dd.fc39.x86_64 from @commandline and crun-1.11.1-1.fc39.x86_64 from @System
- cannot install both crun-102:1.12-1.20231205201336970037.main.19.g90b21dd.fc39.x86_64 from @commandline and crun-1.11.1-1.fc39.x86_64 from updates-archive
- conflicting requests
```
This commit overrides both crun and crun-wasm from what's found in
podman-next.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
A simple regression was introduced to the test suite that overrode the
default image for hyperv testing.
Signed-off-by: Brent Baude <bbaude@redhat.com>
- Modified Check-Exit to take a relative stack postition so that reusing
functions like Run-Command report on their callers as opposed to the source
position of the wrapper.
- Record and print the last command executed as it likely scrolled off with
test output.
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Issue Ref: #20853
Allow the tests to fail, but don't block merging PRs.
This commit should be reverted when #20853 is resolved.
Signed-off-by: Chris Evich <cevich@redhat.com>
Setup and execute podman machine testing on bare-metal M1 Macs
using a pool of shared and semi-persistent hosts. Automated
and manual processes outside this repository are responsible
for providing and maintaining all hosts. Ref.
https://github.com/containers/automation/tree/main/mac_pw_pool
Update the `localmachine` make target to standardize execution
across platforms. Update/simplify podman-machine e2e README to
reflect current reality.
Warning: This CI setup and supporting infrastructure was developed
in favor of expediency vs reliability and stability. There are
many possible failure-modes (known and unknown) which may lead
to undefined test behaviors. Future work may address some of
these as they are encountered or discovered.
[NO NEW TESTS NEEDED]
Signed-off-by: Chris Evich <cevich@redhat.com>
For whatever reason (I don't understand this stuff well) the
`win-podman-machine-main.ps1` script exits successfully despite the
final `Check-Exit` showing a non-zero exit code was detected. Attempt
to fix this by throwing an exception instead of calling `Exit`.
Signed-off-by: Chris Evich <cevich@redhat.com>
Intended to serve as motivation to fix them. Removed from status
aggregator so the failures don't block PR merging. Updated comment text
to reference related open issue, #20548.
Signed-off-by: Chris Evich <cevich@redhat.com>
We're only testing vfs in CI. That's bad. #18822 tried to
remedy that but that only worked on system tests, not e2e.
Here we introduce CI_DESIRED_STORAGE, to be set in .cirrus.yml
in the same vein as all the other CI_DESIRED_X. Since it's 2023
we default to overlay, testing vfs only in priorfedora.
Fixes required:
- e2e tests:
- in cleanup, umount ROOT/overlay to avoid leaking mounts
- system tests:
- fix a few badly-written tests that assumed/hardcoded overlay
- buildx test: add weird exception to device-number test
- mount tests: add special case code for vfs
- unprivileged test: disable one section that is N/A on vfs
Signed-off-by: Ed Santiago <santiago@redhat.com>
Followup to #20318: now that sqlite is the podman default,
enforce that in CI as well. Test boltdb only in Prior Fedora.
In the process, discovered & cleaned up some duplication
and unused YAML anchors.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The podman in `ubuntu-latest` environment apparently is too old to
support `--userns=keep-id:uid=1000,gid=1000`. Employ workaround in GHA
workflow and in `prebuild.sh` check.
Signed-off-by: Chris Evich <cevich@redhat.com>
As an effort to catch potential secrets and/or credential leaks, add a
github-actions workflow which is untouchable in a PR context.
To additionally guard against accidents, also check recent branch
history. This is especially important on newly created
release-branches, which may begin with content from who-knows-where.
Finally, since the new workflow bypasses PR-level changes to the scanner
config and base-line. Add a Cirrus-CI invocation of the scanning tool
to help catch tool-breaking changes from being merged.
Signed-off-by: Chris Evich <cevich@redhat.com>
