opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 19:44:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/.cirrus.yml
Chris Evich c4e68bdae4 Cirrus: Reuse shared clone script on Mac 
The `Makefile` makes assumptions about git repo. clone details.
Because fixing the `Makefile` would likely be problematic, fix
the clone operation used on the Mac so that it matches what's used
on Linux.

Also, simplify git repo clone operations.  At some point in the
distant past, a git identity was required for CI to function properly.
That has since changed, so remove the unnecessary complexities.

Signed-off-by: Chris Evich <cevich@redhat.com>
2024-02-21 15:20:16 -05:00

1248 lines
42 KiB
YAML
Raw Blame History

---
# Main collection of env. vars to set for all tasks and scripts.
env:
####
#### Global variables used for all tasks
####
# Name of the ultimate destination branch for this CI run, PR or post-merge.
DEST_BRANCH: "main"
# Sane (default) value for GOPROXY and GOSUMDB.
GOPROXY: "https://proxy.golang.org,direct"
GOSUMDB: "sum.golang.org"
# Overrides default location (/tmp/cirrus) for repo clone
GOPATH: &gopath "/var/tmp/go"
GOCACHE: "${GOPATH}/cache"
GOSRC: &gosrc "/var/tmp/go/src/github.com/containers/podman"
CIRRUS_WORKING_DIR: *gosrc
# The default is 'sh' if unspecified
CIRRUS_SHELL: "/bin/bash"
# Save a little typing (path relative to $CIRRUS_WORKING_DIR)
SCRIPT_BASE: "./contrib/cirrus"
# Runner statistics log file path/name
STATS_LOGFILE_SFX: 'runner_stats.log'
STATS_LOGFILE: '$GOSRC/${CIRRUS_TASK_NAME}-${STATS_LOGFILE_SFX}'
####
#### Cache-image names to test with (double-quotes around names are critical)
####
FEDORA_NAME: "fedora-39"
FEDORA_AARCH64_NAME: "${FEDORA_NAME}-aarch64"
PRIOR_FEDORA_NAME: "fedora-38"
RAWHIDE_NAME: "rawhide"
DEBIAN_NAME: "debian-13"
# Image identifiers
IMAGE_SUFFIX: "c20240212t122113z-f39f38d13"
# EC2 images
FEDORA_AMI: "fedora-aws-${IMAGE_SUFFIX}"
FEDORA_AARCH64_AMI: "fedora-podman-aws-arm64-${IMAGE_SUFFIX}"
# GCP Images
FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
RAWHIDE_CACHE_IMAGE_NAME: "rawhide-${IMAGE_SUFFIX}"
DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}"
# Container FQIN's
FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}"
PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}"
WINDOWS_AMI: "win-server-wsl-${IMAGE_SUFFIX}"
####
#### Control variables that determine what to run and how to run it.
#### N/B: Required ALL of these are set for every single task.
####
TEST_FLAVOR: # int, sys, ext_svc, validate, automation, etc.
TEST_ENVIRON: host # 'host', or 'container'.
PODBIN_NAME: podman # 'podman' or 'remote'
PRIV_NAME: root # 'root' or 'rootless'
DISTRO_NV: # any {PRIOR_,}{FEDORA,DEBIAN}_NAME value
VM_IMAGE_NAME: # One of the "Google-cloud VM Images" (above)
CTR_FQIN: # One of the "Container FQIN's" (above)
CI_DESIRED_DATABASE: sqlite # 'sqlite' or 'boltdb'
CI_DESIRED_STORAGE: overlay # overlay or vfs
# Curl-command prefix for downloading task artifacts, simply add the
# the url-encoded task name, artifact name, and path as a suffix.
ART_URL: https://api.cirrus-ci.com/v1/artifact/build/${CIRRUS_BUILD_ID}
ARTCURL: >-
curl --retry 5 --retry-delay 8 --fail --location -O
--url ${ART_URL}
# Default timeout for each task
timeout_in: 60m
gcp_credentials: ENCRYPTED[a28959877b2c9c36f151781b0a05407218cda646c7d047fc556e42f55e097e897ab63ee78369dae141dcf0b46a9d0cdd]
aws_credentials: ENCRYPTED[4ca070bffe28eb9b27d63c568b52970dd46f119c3a83b8e443241e895dbf1737580b4d84eed27a311a2b74287ef9f79f]
# N/B: This matrix of build tasks are critical to CI, along with the following
# aarch64 task. They build binaries for all CI platforms, and versions. On
# success, the contents of the repository are preserved as an artifact for
# consumption by most subsequent CI tasks. This saves about 3-5 minutes of
# otherwise duplicative effort in most tasks.
build_task:
alias: 'build'
name: 'Build for $DISTRO_NV'
gce_instance: &standardvm
image_project: libpod-218412
zone: "us-central1-a"
cpu: 2
memory: "4Gb"
# Required to be 200gig, do not modify - has i/o performance impact
# according to gcloud CLI tool warning messages.
disk: 200
image_name: "${VM_IMAGE_NAME}" # from stdenvars
matrix: &platform_axis
# Ref: https://cirrus-ci.org/guide/writing-tasks/#matrix-modification
- env: &stdenvars
DISTRO_NV: ${FEDORA_NAME}
# Not used here, is used in other tasks
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
# ID for re-use of build output
CI_DESIRED_RUNTIME: crun
- env:
DISTRO_NV: ${PRIOR_FEDORA_NAME}
VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun
CI_DESIRED_DATABASE: boltdb
CI_DESIRED_STORAGE: vfs
# Catch invalid "TMPDIR == /tmp" assumptions; PR #19281
TMPDIR: /var/tmp
- env:
<<: *stdenvars
DISTRO_NV: ${RAWHIDE_NAME}
VM_IMAGE_NAME: ${RAWHIDE_CACHE_IMAGE_NAME}
CTR_FQIN: ""
- env:
DISTRO_NV: ${DEBIAN_NAME}
VM_IMAGE_NAME: ${DEBIAN_CACHE_IMAGE_NAME}
CI_DESIRED_RUNTIME: runc
CI_DESIRED_NETWORK: netavark
# Ignore cgroups-v1 warnings on debian
PODMAN_IGNORE_CGROUPSV1_WARNING: true
env:
TEST_FLAVOR: build
# NOTE: The default way Cirrus-CI clones is *NOT* compatible with
# environment expectations in contrib/cirrus/lib.sh. Specifically
# the 'origin' remote must be defined, and all remote branches/tags
# must be available for reference from CI scripts.
clone_script: &full_clone |
set -exuo pipefail
cd /
rm -rf $CIRRUS_WORKING_DIR
mkdir -p $CIRRUS_WORKING_DIR
git clone --recursive --branch=$DEST_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR
cd $CIRRUS_WORKING_DIR
git remote update origin
if [[ -n "$CIRRUS_PR" ]]; then # running for a PR
git fetch origin pull/$CIRRUS_PR/head:pull/$CIRRUS_PR
git checkout pull/$CIRRUS_PR
else
git reset --hard $CIRRUS_CHANGE_IN_REPO
fi
# Attempt to prevent flakes by confirming basic environment expectations,
# network service connectivity and essential container image availability.
prebuild_script: &prebuild $SCRIPT_BASE/prebuild.sh
# Standard setup stage call, used by nearly every task in CI.
setup_script: &setup '$GOSRC/$SCRIPT_BASE/setup_environment.sh'
# Attempt to prevent flakes by confirming automation environment and
# all required external/3rd-party services are available and functional.
# Standard main execution stage call, used by nearly every task in CI.
main_script: &main '/usr/bin/time --verbose --output="$STATS_LOGFILE" $GOSRC/$SCRIPT_BASE/runner.sh'
# Attempt to catch code-quality and vendoring problems early.
postbuild_script: &postbuild $SCRIPT_BASE/postbuild.sh
# Cirrus-CI is very slow uploading one file at time, and the repo contains
# thousands of files. Speed this up by archiving into tarball first.
repo_prep_script: &repo_prep >-
tar cjf /tmp/repo.tbz -C $GOSRC . && mv /tmp/repo.tbz $GOSRC/
repo_artifacts: &repo_artifacts
path: ./repo.tbz
type: application/octet-stream
always: &runner_stats
runner_stats_artifacts:
path: ./*-${STATS_LOGFILE_SFX}
type: text/plain
build_aarch64_task:
alias: 'build_aarch64'
name: 'Build for $DISTRO_NV'
ec2_instance: &standard_build_ec2_aarch64
image: ${VM_IMAGE_NAME}
type: ${EC2_INST_TYPE}
region: us-east-1
architecture: arm64 # CAUTION: This has to be "arm64", not "aarch64".
env: &stdenvars_aarch64
EC2_INST_TYPE: "t4g.xlarge"
DISTRO_NV: ${FEDORA_AARCH64_NAME}
VM_IMAGE_NAME: ${FEDORA_AARCH64_AMI}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun
TEST_FLAVOR: build
clone_script: *full_clone
prebuild_script: *prebuild
setup_script: *setup
postbuild_script: *postbuild
main_script: *main
# Cirrus-CI is very slow uploading one file at time, and the repo contains
# thousands of files. Speed this up by archiving into tarball first.
repo_prep_script: &repo_prep_aarch64 >-
tar cjf /tmp/repo.tbz -C $GOSRC . && mv /tmp/repo.tbz $GOSRC/
repo_artifacts: &repo_artifacts_aarch64
path: ./repo.tbz
type: application/octet-stream
always: *runner_stats
# Confirm the result of building on at least one platform appears sane.
# This confirms the binaries can be executed, checks --help vs docs, and
# other essential post-build validation checks.
validate_task:
name: "Validate ${DISTRO_NV} Build"
alias: validate
# This task is primarily intended to catch human-errors early on, in a
# PR. Skip it for branch-push, branch-create, and tag-push to improve
# automation reliability/speed in those contexts. Any missed errors due
# to nonsequential PR merging practices, will be caught on a future PR,
# build or test task failures.
# Docs: ./contrib/cirrus/CIModes.md
only_if: &is_pr "$CIRRUS_PR != ''"
depends_on:
- build
# golangci-lint is a very, very hungry beast.
gce_instance: &bigvm
<<: *standardvm
cpu: 8
memory: "16Gb"
matrix:
- env:
<<: *stdenvars
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
DISTRO_NV: ${FEDORA_NAME}
- env:
<<: *stdenvars
VM_IMAGE_NAME: ${RAWHIDE_CACHE_IMAGE_NAME}
DISTRO_NV: ${RAWHIDE_NAME}
env:
TEST_FLAVOR: validate
# N/B: This script depends on ${DISTRO_NV} being defined for the task.
clone_script: &get_gosrc |
cd /tmp
echo "$ARTCURL/Build%20for%20${DISTRO_NV}/repo/repo.tbz"
time $ARTCURL/Build%20for%20${DISTRO_NV}/repo/repo.tbz
time tar xjf /tmp/repo.tbz -C $GOSRC
setup_script: *setup
main_script: *main
always: *runner_stats
# Confirm the result of building on at least one platform appears sane.
# This confirms the binaries can be executed, checks --help vs docs, and
# other essential post-build validation checks.
validate_aarch64_task:
name: "Validate $DISTRO_NV Build"
alias: validate_aarch64
# This task is primarily intended to catch human-errors early on, in a
# PR. Skip it for branch-push, branch-create, and tag-push to improve
# automation reliability/speed in those contexts. Any missed errors due
# to nonsequential PR merging practices, will be caught on a future PR,
# build or test task failures.
# Docs: ./contrib/cirrus/CIModes.md
only_if: *is_pr
depends_on:
- build_aarch64
ec2_instance: *standard_build_ec2_aarch64
env:
<<: *stdenvars_aarch64
TEST_FLAVOR: validate
DISTRO_NV: ${FEDORA_AARCH64_NAME}
# N/B: This script depends on ${DISTRO_NV} being defined for the task.
clone_script: &get_gosrc_aarch64 |
cd /tmp
echo "$ARTCURL/build_aarch64/repo/repo.tbz"
time $ARTCURL/build_aarch64/repo/repo.tbz
time tar xjf /tmp/repo.tbz -C $GOSRC
setup_script: *setup
main_script: *main
always: *runner_stats
# Exercise the "libpod" API with a small set of common
# operations to ensure they are functional.
bindings_task:
name: "Test Bindings"
alias: bindings
# Don't create task for PRs using [CI:DOCS] or [CI:BUILD]
# Docs: ./contrib/cirrus/CIModes.md
only_if: >-
$CIRRUS_PR != '' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:MACHINE.*'
depends_on:
- build
gce_instance: *standardvm
env:
<<: *stdenvars
TEST_FLAVOR: bindings
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: &logs_artifacts
<<: *runner_stats
# Required for `contrib/cirrus/logformatter` to work properly
html_artifacts:
path: ./*.html
type: text/html
server_log_artifacts:
path: ./podman-server.log
type: text/plain
df_script: '$SCRIPT_BASE/logcollector.sh df'
audit_log_script: '$SCRIPT_BASE/logcollector.sh audit'
journal_script: '$SCRIPT_BASE/logcollector.sh journal'
podman_system_info_script: '$SCRIPT_BASE/logcollector.sh podman'
time_script: '$SCRIPT_BASE/logcollector.sh time'
# Build the "libpod" API documentation `swagger.yaml` and
# publish it to google-cloud-storage (GCS).
swagger_task:
name: "Test Swagger"
alias: swagger
# Don't create task for [CI:BUILD]
# Docs: ./contrib/cirrus/CIModes.md
only_if: |
$CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:MACHINE.*'
depends_on:
- build
gce_instance: *standardvm
env:
<<: *stdenvars
TEST_FLAVOR: swagger
CTR_FQIN: 'quay.io/libpod/gcsupld:${IMAGE_SUFFIX}'
# N/B: Do not modify below items w/o update to references in .gitleaks/config.toml
GCPJSON: ENCRYPTED[927dc01e755eaddb4242b0845cf86c9098d1e3dffac38c70aefb1487fd8b4fe6dd6ae627b3bffafaba70e2c63172664e]
GCPNAME: ENCRYPTED[c145e9c16b6fb88d476944a454bf4c1ccc84bb4ecaca73bdd28bdacef0dfa7959ebc8171a27b2e4064d66093b2cdba49]
GCPPROJECT: 'libpod-218412'
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always:
<<: *runner_stats
swagger_artifacts:
path: ./swagger.yaml
type: text/plain
# There are several other important variations of podman which
# must always build successfully. Most of them are handled in
# this task, though a few need dedicated tasks which follow.
alt_build_task:
name: "$ALT_NAME"
alias: alt_build
# Don't create task for [CI:DOCS], or rhel-release builds
# Docs: ./contrib/cirrus/CIModes.md
only_if: &no_rhel_release |
$CIRRUS_BRANCH !=~ 'v[0-9\.]+-rhel' &&
$CIRRUS_BASE_BRANCH !=~ 'v[0-9\.]+-rhel'
depends_on:
- build
env:
<<: *stdenvars
TEST_FLAVOR: "altbuild"
gce_instance: *standardvm
matrix:
- env:
ALT_NAME: 'Build Each Commit'
- env:
# TODO: Replace with task using `winmake` to build
# binary and archive installation zip file.
ALT_NAME: 'Windows Cross'
- env:
ALT_NAME: 'Alt Arch. x86 Cross'
- env:
ALT_NAME: 'Alt Arch. ARM Cross'
- env:
ALT_NAME: 'Alt Arch. MIPS Cross'
- env:
ALT_NAME: 'Alt Arch. MIPS64 Cross'
- env:
ALT_NAME: 'Alt Arch. Other Cross'
# This task cannot make use of the shared repo.tbz artifact.
clone_script: *full_clone
setup_script: *setup
main_script: *main
# Produce a new repo.tbz artifact for consumption by 'artifacts' task.
repo_prep_script: *repo_prep
repo_artifacts: *repo_artifacts
always: *runner_stats
win_installer_task:
name: "Verify Win Installer Build"
alias: win_installer
only_if: # RHEL never releases podman windows installer binary
$CIRRUS_TAG == '' &&
$CIRRUS_BRANCH !=~ 'v[0-9\.]+-rhel' &&
$CIRRUS_BASE_BRANCH !=~ 'v[0-9\.]+-rhel'
depends_on:
- alt_build
ec2_instance: &windows
image: "${WINDOWS_AMI}"
type: m5.large
region: us-east-1
platform: windows
env: &winenv
CIRRUS_WORKING_DIR: &wincwd "${LOCALAPPDATA}\\cirrus-ci-build"
CIRRUS_SHELL: powershell
PATH: "${PATH};C:\\ProgramData\\chocolatey\\bin"
DISTRO_NV: "windows"
PRIV_NAME: "rootless"
# Fake version, we are only testing the installer functions, so version doesn't matter
WIN_INST_VER: 9.9.9
# It's HIGHLY desireable to use the same binary throughout CI. Otherwise, if
# there's a toolchain or build-environment specific problem, it can be incredibly
# difficult (and non-obvious) to debug.
clone_script: &winclone |
$ErrorActionPreference = 'Stop'
$ProgressPreference = 'SilentlyContinue'
New-Item -ItemType Directory -Force -Path "$ENV:CIRRUS_WORKING_DIR"
Set-Location "$ENV:CIRRUS_WORKING_DIR"
$uri = "${ENV:ART_URL}/Windows Cross/repo/repo.tbz"
Write-Host "Downloading $uri"
For($i = 0;;) {
Try {
Invoke-WebRequest -UseBasicParsing -ErrorAction Stop -OutFile "repo.tbz2" `
-Uri "$uri"
Break
} Catch {
if (++$i -gt 6) {
throw $_.Exception
}
Write-Host "Download failed - retrying:" $_.Exception.Response.StatusCode
Start-Sleep -Seconds 10
}
}
arc unarchive repo.tbz2 .\
if ($LASTEXITCODE -ne 0) {
throw "Unarchive repo.tbz2 failed"
Exit 1
}
Get-ChildItem -Path .\repo
main_script: ".\\repo\\contrib\\cirrus\\win-installer-main.ps1"
# Confirm building the remote client, natively on a Mac OS-X VM.
osx_alt_build_task:
name: "OSX Cross"
alias: osx_alt_build
# Docs: ./contrib/cirrus/CIModes.md
only_if: *no_rhel_release # RHEL never releases podman mac installer binary
depends_on:
- build
persistent_worker: &mac_pw
labels:
os: darwin
arch: arm64
purpose: prod
env: &mac_env
CIRRUS_SHELL: "/bin/bash" # sh is the default
CIRRUS_WORKING_DIR: "$HOME/ci/task-${CIRRUS_TASK_ID}" # Isolation: $HOME will be set to "ci" dir.
# Prevent cache-pollution fron one task to the next.
GOPATH: "$CIRRUS_WORKING_DIR/.go"
GOCACHE: "$CIRRUS_WORKING_DIR/.go/cache"
GOENV: "$CIRRUS_WORKING_DIR/.go/support"
GOSRC: "$HOME/ci/task-${CIRRUS_TASK_ID}"
clone_script: *full_clone
# This host is/was shared with potentially many other CI tasks.
# The previous task may have been canceled or aborted.
prep_script: &mac_cleanup "contrib/cirrus/mac_cleanup.sh"
lint_script:
- make lint || true # TODO: Enable when code passes check
basic_build_script:
- make .install.ginkgo
- make podman-remote
- make podman-mac-helper
build_amd64_script:
- make podman-remote-release-darwin_amd64.zip
build_arm64_script:
- make podman-remote-release-darwin_arm64.zip
build_pkginstaller_script:
- cd contrib/pkginstaller
- make ARCH=amd64 NO_CODESIGN=1 pkginstaller
- make ARCH=aarch64 NO_CODESIGN=1 pkginstaller
# Produce a new repo.tbz artifact for consumption by dependent tasks.
repo_prep_script: *repo_prep
repo_artifacts: *repo_artifacts
# This host is/was shared with potentially many other CI tasks.
# Ensure nothing is left running while waiting for the next task.
always:
task_cleanup_script: *mac_cleanup
# Build freebsd release natively on a FreeBSD VM.
freebsd_alt_build_task:
name: "FreeBSD Cross"
alias: freebsd_alt_build
# Only run on 'main' and PRs against 'main'
# Docs: ./contrib/cirrus/CIModes.md
only_if: |
$CIRRUS_CHANGE_TITLE !=~ '.*CI:MACHINE.*' &&
( $CIRRUS_BRANCH == 'main' || $CIRRUS_BASE_BRANCH == 'main' )
depends_on:
- build
env:
<<: *stdenvars
# Functional FreeBSD builds must be built natively since they depend on CGO
DISTRO_NV: freebsd-13
VM_IMAGE_NAME: notyet
CTR_FQIN: notyet
CIRRUS_SHELL: "/bin/sh"
TEST_FLAVOR: "altbuild"
ALT_NAME: 'FreeBSD Cross'
freebsd_instance:
image_family: freebsd-13-2
setup_script:
- pkg install -y gpgme bash go-md2man gmake gsed gnugrep go pkgconf
build_amd64_script:
- gmake podman-release
# This task cannot make use of the shared repo.tbz artifact and must
# produce a new repo.tbz artifact for consumption by 'artifacts' task.
repo_prep_script: *repo_prep
repo_artifacts: *repo_artifacts
# Verify podman is compatible with the docker python-module.
docker-py_test_task:
name: Docker-py Compat.
alias: docker-py_test
# Don't create task for tags, branches, or PRs w/ [CI:<magic>]
# N/B: for PRs $CIRRUS_BRANCH == 'pull/<number>'
# Docs: ./contrib/cirrus/CIModes.md
only_if: &not_tag_branch_build_docs_machine >-
$CIRRUS_PR != '' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:MACHINE.*'
depends_on:
- build
gce_instance: *standardvm
env:
<<: *stdenvars
TEST_FLAVOR: docker-py
TEST_ENVIRON: container
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *runner_stats
# Does exactly what it says, execute the podman unit-tests on Fedora.
unit_test_task:
name: "Unit tests on $DISTRO_NV"
alias: unit_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_branch_build_docs_machine
depends_on:
- build
- validate
matrix:
- env: *stdenvars
# Special-case: Rootless on latest Fedora (standard) VM
- name: "Rootless unit on $DISTRO_NV"
env:
<<: *stdenvars
PRIV_NAME: rootless
gce_instance: *standardvm
env:
TEST_FLAVOR: unit
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
apiv2_test_task:
name: "APIv2 test on $DISTRO_NV ($PRIV_NAME)"
alias: apiv2_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_branch_build_docs_machine
depends_on:
- build
- validate
gce_instance: *standardvm
# Test is normally pretty quick, about 10-minutes. If it hangs,
# don't make developers wait the full 1-hour timeout.
timeout_in: 20m
env:
<<: *stdenvars
TEST_FLAVOR: apiv2
matrix:
- env:
PRIV_NAME: root
- env:
PRIV_NAME: rootless
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
compose_test_task:
name: "$TEST_FLAVOR test on $DISTRO_NV ($PRIV_NAME)"
alias: compose_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_branch_build_docs_machine
depends_on:
- build
- validate
gce_instance: *standardvm
matrix:
- env:
TEST_FLAVOR: compose
PRIV_NAME: root
- env:
TEST_FLAVOR: compose
PRIV_NAME: rootless
- env:
TEST_FLAVOR: compose_v2
PRIV_NAME: root
- env:
TEST_FLAVOR: compose_v2
PRIV_NAME: rootless
env:
<<: *stdenvars
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
# versions, as root, without involving the podman-remote client.
local_integration_test_task: &local_integration_test_task
# Integration-test task name convention:
# <int.|sys.> <podman|remote> <Distro NV> <root|rootless>
name: &std_name_fmt "$TEST_FLAVOR $PODBIN_NAME $DISTRO_NV $PRIV_NAME $TEST_ENVIRON ${CI_DESIRED_DATABASE}"
alias: local_integration_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_branch_build_docs_machine
depends_on: &build_unit
- build
- unit_test
matrix: *platform_axis
gce_instance: *standardvm
timeout_in: 50m
env:
TEST_FLAVOR: int
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: &int_logs_artifacts
<<: *logs_artifacts
ginkgo_node_logs_artifacts:
path: ./test/e2e/ginkgo-node-*.log
type: text/plain
ginkgo_json_artifacts:
path: ./ginkgo-e2e.json
type: application/json
# Nearly identical to `local_integration_test` except all operations
# are performed through the podman-remote client vs a podman "server"
# running on the same host.
remote_integration_test_task:
<<: *local_integration_test_task
alias: remote_integration_test
env:
TEST_FLAVOR: int
PODBIN_NAME: remote
# Run the complete set of integration tests from inside a container.
# This verifies all/most operations function with "podman-in-podman".
container_integration_test_task:
name: *std_name_fmt
alias: container_integration_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_branch_build_docs_machine
depends_on: *build_unit
matrix: &fedora_vm_axis
- env:
DISTRO_NV: ${FEDORA_NAME}
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun
- env:
DISTRO_NV: ${PRIOR_FEDORA_NAME}
VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun
CI_DESIRED_DATABASE: boltdb
gce_instance: *standardvm
timeout_in: 50m
env:
TEST_FLAVOR: int
TEST_ENVIRON: container
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *int_logs_artifacts
# Execute most integration tests as a regular (non-root) user.
rootless_integration_test_task:
name: *std_name_fmt
alias: rootless_integration_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_branch_build_docs_machine
depends_on: *build_unit
matrix: *platform_axis
gce_instance: *standardvm
timeout_in: 50m
env:
TEST_FLAVOR: int
PRIV_NAME: rootless
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *int_logs_artifacts
podman_machine_task:
name: *std_name_fmt
alias: podman_machine
# Only run for PRs and never [CI:DOCS] or [CI:BUILD]
# Docs: ./contrib/cirrus/CIModes.md
only_if: &machine_cron_not_tag_build_docs >-
($CIRRUS_PR != '' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*'
) || $CIRRUS_CRON == "main"
depends_on:
- build
- validate
- local_integration_test
- remote_integration_test
- container_integration_test
- rootless_integration_test
ec2_instance:
image: "${VM_IMAGE_NAME}"
type: "${EC2_INST_TYPE}"
region: us-east-1
env:
EC2_INST_TYPE: "m5zn.metal" # Bare-metal instance is required
TEST_FLAVOR: "machine-linux"
PRIV_NAME: "rootless" # intended use-case
DISTRO_NV: "${FEDORA_NAME}"
VM_IMAGE_NAME: "${FEDORA_AMI}"
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *int_logs_artifacts
podman_machine_aarch64_task:
name: *std_name_fmt
alias: podman_machine_aarch64
only_if: *machine_cron_not_tag_build_docs
depends_on:
- build_aarch64
- validate_aarch64
- local_integration_test
- remote_integration_test
- container_integration_test
- rootless_integration_test
ec2_instance:
<<: *standard_build_ec2_aarch64
env:
TEST_FLAVOR: "machine-linux"
EC2_INST_TYPE: c6g.metal
PRIV_NAME: "rootless" # intended use-case
DISTRO_NV: "${FEDORA_AARCH64_NAME}"
VM_IMAGE_NAME: "${FEDORA_AARCH64_AMI}"
clone_script: *get_gosrc_aarch64
setup_script: *setup
main_script: *main
always: *int_logs_artifacts
podman_machine_windows_task:
name: *std_name_fmt
alias: podman_machine_windows
# Only run for non-docs/copr PRs and non-release branch builds
# and never for tags. Docs: ./contrib/cirrus/CIModes.md
only_if: *machine_cron_not_tag_build_docs
depends_on:
- alt_build
- build
- win_installer
- local_integration_test
- remote_integration_test
- container_integration_test
- rootless_integration_test
ec2_instance:
<<: *windows
type: m5zn.metal
platform: windows
env: *winenv
matrix:
- env:
TEST_FLAVOR: "machine-wsl"
- env:
TEST_FLAVOR: "machine-hyperv"
clone_script: *winclone
main_script: ".\\repo\\contrib\\cirrus\\win-podman-machine-main.ps1"
podman_machine_mac_task:
name: *std_name_fmt
alias: podman_machine_mac
only_if: *machine_cron_not_tag_build_docs
depends_on:
- osx_alt_build
- local_integration_test
- remote_integration_test
- container_integration_test
- rootless_integration_test
persistent_worker: *mac_pw
env:
<<: *mac_env
# Consumed by podman-machine ginkgo tests
CONTAINERS_MACHINE_PROVIDER: "applehv"
# TODO: Should not require a special image, for now it does.
# Simply remove the line below when a mac image is GA.
# MACHINE_IMAGE: "https://fedorapeople.org/groups/podman/testing/applehv/arm64/fedora-coreos-38.20230925.dev.0-applehv.aarch64.raw.gz"
# Values necessary to populate std_name_fmt alias
TEST_FLAVOR: "machine-mac"
DISTRO_NV: "darwin"
PRIV_NAME: "rootless" # intended use-case
clone_script: # artifacts from osx_alt_build_task
- mkdir -p $CIRRUS_WORKING_DIR
- cd $CIRRUS_WORKING_DIR
- $ARTCURL/OSX%20Cross/repo/repo.tbz
- tar xjf repo.tbz
# This host is/was shared with potentially many other CI tasks.
# The previous task may have been canceled or aborted.
prep_script: *mac_cleanup
setup_script: "contrib/cirrus/mac_setup.sh"
env_script: "contrib/cirrus/mac_env.sh"
# TODO: Timeout bumped b/c initial image download (~5min) and VM
# resize (~2min) causes test-timeout (90s default). Should
# tests deal with this internally?
smoke_test_script:
- MACHINE_TEST_TIMEOUT=500 make localmachine FOCUS_FILE="basic_test.go"
test_script:
- make localmachine
# This host is/was shared with potentially many other CI tasks.
# Ensure nothing is left running while waiting for the next task.
always:
task_cleanup_script: *mac_cleanup
# Always run subsequent to integration tests. While parallelism is lost
# with runtime, debugging system-test failures can be more challenging
# for some golang developers. Otherwise the following tasks run across
# the same matrix as the integration-tests (above).
local_system_test_task: &local_system_test_task
name: *std_name_fmt
alias: local_system_test
# Don't create task for tags, or if using [CI:*] magic
# Docs: ./contrib/cirrus/CIModes.md
only_if: &not_tag_magic >-
$CIRRUS_TAG == '' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:MACHINE.*'
depends_on: *build_unit
matrix: *platform_axis
gce_instance: *standardvm
env:
TEST_FLAVOR: sys
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
local_system_test_aarch64_task: &local_system_test_task_aarch64
name: *std_name_fmt
alias: local_system_test_aarch64
# Don't create task for tags, or if using [CI:DOCS], [CI:BUILD]
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_magic
depends_on:
- build_aarch64
- validate_aarch64
- unit_test
ec2_instance: *standard_build_ec2_aarch64
env:
<<: *stdenvars_aarch64
TEST_FLAVOR: sys
DISTRO_NV: ${FEDORA_AARCH64_NAME}
clone_script: *get_gosrc_aarch64
setup_script: *setup
main_script: *main
always: *logs_artifacts
remote_system_test_task:
<<: *local_system_test_task
alias: remote_system_test
env:
TEST_FLAVOR: sys
PODBIN_NAME: remote
remote_system_test_aarch64_task:
<<: *local_system_test_task_aarch64
alias: remote_system_test_aarch64
env:
TEST_FLAVOR: sys
PODBIN_NAME: remote
rootless_remote_system_test_task:
matrix:
# Minimal sanity testing: only the latest Fedora
- env:
DISTRO_NV: ${FEDORA_NAME}
# Not used here, is used in other tasks
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun
<<: *local_system_test_task
alias: rootless_remote_system_test
gce_instance: *standardvm
env:
TEST_FLAVOR: sys
PODBIN_NAME: remote
PRIV_NAME: rootless
rootless_system_test_task:
name: *std_name_fmt
alias: rootless_system_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_magic
depends_on: *build_unit
matrix: *platform_axis
gce_instance: *standardvm
env:
TEST_FLAVOR: sys
PRIV_NAME: rootless
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
minikube_test_task:
name: *std_name_fmt
alias: minikube_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_magic
depends_on:
- build
- rootless_system_test
gce_instance: *standardvm
env:
<<: *stdenvars
TEST_FLAVOR: minikube
PRIV_NAME: rootless
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
farm_test_task:
name: *std_name_fmt
alias: farm_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_magic
depends_on:
- build
- rootless_system_test
gce_instance: *standardvm
env:
<<: *stdenvars
TEST_FLAVOR: farm
PRIV_NAME: rootless
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
buildah_bud_test_task:
name: *std_name_fmt
alias: buildah_bud_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_magic
depends_on:
- build
- local_integration_test
env:
<<: *stdenvars
TEST_FLAVOR: bud
matrix:
- env:
PODBIN_NAME: podman
- env:
PODBIN_NAME: remote
gce_instance: *standardvm
timeout_in: 45m
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *int_logs_artifacts
upgrade_test_task:
name: "Upgrade test: from $PODMAN_UPGRADE_FROM"
alias: upgrade_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_magic
depends_on:
- build
- local_system_test
matrix:
# - env:
# PODMAN_UPGRADE_FROM: v4.1.0
- env:
PODMAN_UPGRADE_FROM: v4.8.0
gce_instance: *standardvm
env:
TEST_FLAVOR: upgrade_test
DISTRO_NV: ${FEDORA_NAME}
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
# Never force a DB, let the old version decide its default
CI_DESIRED_DATABASE:
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
# This task is critical. It updates the "last-used by" timestamp stored
# in metadata for all VM images. This mechanism functions in tandem with
# an out-of-band pruning operation to remove disused VM images.
meta_task:
name: "VM img. keepalive"
alias: meta
container:
cpu: 2
memory: 2
image: quay.io/libpod/imgts:latest
env:
# Space-separated list of images used by this repository state
IMGNAMES: >-
${FEDORA_CACHE_IMAGE_NAME}
${PRIOR_FEDORA_CACHE_IMAGE_NAME}
${RAWHIDE_CACHE_IMAGE_NAME}
${DEBIAN_CACHE_IMAGE_NAME}
build-push-${IMAGE_SUFFIX}
EC2IMGNAMES: >-
${FEDORA_AARCH64_AMI}
${FEDORA_AMI}
${WINDOWS_AMI}
BUILDID: "${CIRRUS_BUILD_ID}"
REPOREF: "${CIRRUS_REPO_NAME}"
# N/B: Do not modify below items w/o update to references in .gitleaks/config.toml
AWSINI: ENCRYPTED[21b2db557171b11eb5abdbccae593f48c9caeba86dfcc4d4ff109edee9b4656ab6720a110dadfcd51e88cc59a71cc7af]
GCPJSON: ENCRYPTED[3a198350077849c8df14b723c0f4c9fece9ebe6408d35982e7adf2105a33f8e0e166ed3ed614875a0887e1af2b8775f4]
GCPNAME: ENCRYPTED[2f9738ef295a706f66a13891b40e8eaa92a89e0e87faf8bed66c41eca72bf76cfd190a6f2d0e8444c631fdf15ed32ef6]
GCPPROJECT: libpod-218412
clone_script: &noop mkdir -p "$CIRRUS_WORKING_DIR"
script: /usr/local/bin/entrypoint.sh
# Status aggregator for all tests. This task simply ensures a defined
# set of tasks all passed, and allows confirming that based on the status
# of this task.
success_task:
name: "Total Success"
alias: success
# N/B: ALL tasks must be listed here, minus their '_task' suffix.
depends_on:
- build
- build_aarch64
- validate
- validate_aarch64
- bindings
- swagger
- alt_build
- osx_alt_build
- freebsd_alt_build
- win_installer
- docker-py_test
- unit_test
- apiv2_test
- compose_test
- local_integration_test
- remote_integration_test
- container_integration_test
- rootless_integration_test
- podman_machine
- podman_machine_aarch64
- podman_machine_windows
- podman_machine_mac
- local_system_test
- local_system_test_aarch64
- remote_system_test
- remote_system_test_aarch64
- rootless_system_test
- rootless_remote_system_test
- minikube_test
- farm_test
- buildah_bud_test
- upgrade_test
- meta
container: &smallcontainer
image: ${CTR_FQIN}
# Resources are limited across ALL currently executing tasks
# ref: https://cirrus-ci.org/guide/linux/#linux-containers
cpu: 2
memory: 2
env:
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
TEST_ENVIRON: container
clone_script: *noop
script: |
if [[ "$CIRRUS_CHANGE_TITLE" =~ CI:MACHINE ]] && [[ -n "$CIRRUS_PR" ]]; then
echo "Error: Risk of untested change merge."
echo "Please remove [CI:MACHINE] from title."
exit 1
fi
# WARNING: Most of the artifacts captured here are also have their
# permalinks present in the `DOWNLOADS.md` file. Any changes made
# here, should probably be reflected in that document.
artifacts_task:
name: "Artifacts"
alias: artifacts
# Docs: ./contrib/cirrus/CIModes.md
only_if: >-
$CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
$CIRRUS_BRANCH !=~ 'v[0-9\.]+-rhel' &&
$CIRRUS_BASE_BRANCH !=~ 'v[0-9\.]+-rhel'
depends_on:
- success
# This task is a secondary/convenience for downstream consumers, don't
# block development progress if there is a failure in a PR, only break
# when running on branches or tags.
allow_failures: $CIRRUS_PR != ''
container: *smallcontainer
env:
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
TEST_ENVIRON: container
# In order to keep the download URL and Cirrus-CI artifact.zip contents
# simple, nothing should exist in $CIRRUS_WORKING_DIR except for artifacts.
clone_script: *noop
fedora_binaries_script:
- mkdir -p /tmp/fed
- cd /tmp/fed
- $ARTCURL/Build%20for%20${FEDORA_NAME}/repo/repo.tbz
- tar xjf repo.tbz
- cp ./bin/* $CIRRUS_WORKING_DIR/
alt_binaries_intel_script:
- mkdir -p /tmp/alt
- cd /tmp/alt
- $ARTCURL/Alt%20Arch.%20x86%20Cross/repo/repo.tbz
- tar xjf repo.tbz
- mv ./*.tar.gz $CIRRUS_WORKING_DIR/
alt_binaries_arm_script:
- mkdir -p /tmp/alt
- cd /tmp/alt
- $ARTCURL/Alt%20Arch.%20ARM%20Cross/repo/repo.tbz
- tar xjf repo.tbz
- mv ./*.tar.gz $CIRRUS_WORKING_DIR/
alt_binaries_mips_script:
- mkdir -p /tmp/alt
- cd /tmp/alt
- $ARTCURL/Alt%20Arch.%20MIPS%20Cross/repo/repo.tbz
- tar xjf repo.tbz
- mv ./*.tar.gz $CIRRUS_WORKING_DIR/
alt_binaries_mips64_script:
- mkdir -p /tmp/alt
- cd /tmp/alt
- $ARTCURL/Alt%20Arch.%20MIPS64%20Cross/repo/repo.tbz
- tar xjf repo.tbz
- mv ./*.tar.gz $CIRRUS_WORKING_DIR/
alt_binaries_other_script:
- mkdir -p /tmp/alt
- cd /tmp/alt
- $ARTCURL/Alt%20Arch.%20Other%20Cross/repo/repo.tbz
- tar xjf repo.tbz
- mv ./*.tar.gz $CIRRUS_WORKING_DIR/
win_binaries_script:
- mkdir -p /tmp/win
- cd /tmp/win
- $ARTCURL/Windows%20Cross/repo/repo.tbz
- tar xjf repo.tbz
- mv ./podman-remote*.zip $CIRRUS_WORKING_DIR/
osx_binaries_script:
- mkdir -p /tmp/osx
- cd /tmp/osx
- $ARTCURL/OSX%20Cross/repo/repo.tbz
- tar xjf repo.tbz
- mv ./podman-remote-release-darwin_*.zip $CIRRUS_WORKING_DIR/
- mv ./contrib/pkginstaller/out/podman-installer-macos-*.pkg $CIRRUS_WORKING_DIR/
always:
contents_script: ls -la $CIRRUS_WORKING_DIR
# Produce downloadable files and an automatic zip-file accessible
# by a consistent URL, based on contents of $CIRRUS_WORKING_DIR
# Ref: https://cirrus-ci.org/guide/writing-tasks/#latest-build-artifacts
binary_artifacts:
path: ./*
type: application/octet-stream
# When a new tag is pushed, confirm that the code and commits
# meet criteria for an official release.
release_task:
name: "Verify Release"
alias: release
# This should _only_ run for new tags
# Docs: ./contrib/cirrus/CIModes.md
only_if: $CIRRUS_TAG != ''
depends_on:
- build
- success
gce_instance: *standardvm
env:
<<: *stdenvars
TEST_FLAVOR: release
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
# When preparing to release a new version, this task may be manually
# activated at the PR stage to verify the build is proper for a potential
# podman release.
#
# Note: This cannot use a YAML alias on 'release_task' as of this
# comment, it is incompatible with 'trigger_type: manual'
release_test_task:
name: "Optional Release Test"
alias: release_test
# Release-PRs always include "release" or "Bump" in the title
# Docs: ./contrib/cirrus/CIModes.md
only_if: $CIRRUS_CHANGE_TITLE =~ '.*((release)|(bump)).*'
# Allow running manually only as part of release-related builds
# see RELEASE_PROCESS.md
trigger_type: manual
depends_on:
- build
- success
gce_instance: *standardvm
env:
<<: *stdenvars
TEST_FLAVOR: release
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
Reference in New Issue View Git Blame Copy Permalink