opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 19:44:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/.cirrus.yml
Paul Holzinger b9ba850440 Lower e2e timeout to not waste time when it hangs 
Ginkgo v2 can result in the test just hanging at the end if there is
some bug which is leaking processes. The tests never take 90 mins
anyway. Just lower that time to 50 mins max. Usually they take between
30-40 mins so we should be fine with 50 mins.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2023-05-02 11:27:36 +02:00

1180 lines
40 KiB
YAML
Raw Blame History

---
# Main collection of env. vars to set for all tasks and scripts.
env:
####
#### Global variables used for all tasks
####
# Name of the ultimate destination branch for this CI run, PR or post-merge.
DEST_BRANCH: "main"
# Sane (default) value for GOPROXY and GOSUMDB.
GOPROXY: "https://proxy.golang.org,direct"
GOSUMDB: "sum.golang.org"
# Overrides default location (/tmp/cirrus) for repo clone
GOPATH: &gopath "/var/tmp/go"
GOCACHE: "${GOPATH}/cache"
GOSRC: &gosrc "/var/tmp/go/src/github.com/containers/podman"
CIRRUS_WORKING_DIR: *gosrc
# The default is 'sh' if unspecified
CIRRUS_SHELL: "/bin/bash"
# Save a little typing (path relative to $CIRRUS_WORKING_DIR)
SCRIPT_BASE: "./contrib/cirrus"
# Runner statistics log file path/name
STATS_LOGFILE_SFX: 'runner_stats.log'
STATS_LOGFILE: '$GOSRC/${CIRRUS_TASK_NAME}-${STATS_LOGFILE_SFX}'
####
#### Cache-image names to test with (double-quotes around names are critical)
####
FEDORA_NAME: "fedora-38"
FEDORA_AARCH64_NAME: "${FEDORA_NAME}-aarch64"
PRIOR_FEDORA_NAME: "fedora-37"
RAWHIDE_NAME: "rawhide"
DEBIAN_NAME: "debian-12"
# Image identifiers
IMAGE_SUFFIX: "c20230426t140447z-f38f37d12"
# EC2 images
FEDORA_AMI: "fedora-aws-${IMAGE_SUFFIX}"
FEDORA_AARCH64_AMI: "fedora-podman-aws-arm64-${IMAGE_SUFFIX}"
# GCP Images
FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
RAWHIDE_CACHE_IMAGE_NAME: "rawhide-${IMAGE_SUFFIX}"
DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}"
# Container FQIN's
FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}"
PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}"
WINDOWS_AMI: "win-server-wsl-${IMAGE_SUFFIX}"
####
#### Control variables that determine what to run and how to run it.
#### N/B: Required ALL of these are set for every single task.
####
TEST_FLAVOR: # int, sys, ext_svc, validate, automation, etc.
TEST_ENVIRON: host # 'host', or 'container'
PODBIN_NAME: podman # 'podman' or 'remote'
PRIV_NAME: root # 'root' or 'rootless'
DISTRO_NV: # any {PRIOR_,}{FEDORA,DEBIAN}_NAME value
VM_IMAGE_NAME: # One of the "Google-cloud VM Images" (above)
CTR_FQIN: # One of the "Container FQIN's" (above)
CI_DESIRED_DATABASE: boltdb # One of "", "sqlite", "boltdb"
# Curl-command prefix for downloading task artifacts, simply add the
# the url-encoded task name, artifact name, and path as a suffix.
ART_URL: https://api.cirrus-ci.com/v1/artifact/build/${CIRRUS_BUILD_ID}
ARTCURL: >-
curl --retry 5 --retry-delay 8 --fail --location -O
--url ${ART_URL}
# Default timeout for each task
timeout_in: 60m
gcp_credentials: ENCRYPTED[a28959877b2c9c36f151781b0a05407218cda646c7d047fc556e42f55e097e897ab63ee78369dae141dcf0b46a9d0cdd]
aws_credentials: ENCRYPTED[4ca070bffe28eb9b27d63c568b52970dd46f119c3a83b8e443241e895dbf1737580b4d84eed27a311a2b74287ef9f79f]
# N/B: This matrix of build tasks are critical to CI, along with the following
# aarch64 task. They build binaries for all CI platforms, and versions. On
# success, the contents of the repository are preserved as an artifact for
# consumption by most subsequent CI tasks. This saves about 3-5 minutes of
# otherwise duplicative effort in most tasks.
build_task:
alias: 'build'
name: 'Build for $DISTRO_NV'
# Multiarch doesn't depend on buildability in this automation context
# Docs: ./contrib/cirrus/CIModes.md
only_if: "$CIRRUS_CRON != 'multiarch'"
gce_instance: &standardvm
image_project: libpod-218412
zone: "us-central1-a"
cpu: 2
memory: "4Gb"
# Required to be 200gig, do not modify - has i/o performance impact
# according to gcloud CLI tool warning messages.
disk: 200
image_name: "${VM_IMAGE_NAME}" # from stdenvars
matrix: &platform_axis
# Ref: https://cirrus-ci.org/guide/writing-tasks/#matrix-modification
- env: &stdenvars
DISTRO_NV: ${FEDORA_NAME}
# Not used here, is used in other tasks
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
# ID for re-use of build output
CI_DESIRED_RUNTIME: crun
CI_DESIRED_NETWORK: netavark
CI_DESIRED_DATABASE: boltdb
- env: &sqliteenvvars
DISTRO_NV: ${FEDORA_NAME}
# Not used here, is used in other tasks
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
# ID for re-use of build output
CI_DESIRED_RUNTIME: crun
CI_DESIRED_NETWORK: netavark
CI_DESIRED_DATABASE: sqlite
- env: &priorfedora_envvars
DISTRO_NV: ${PRIOR_FEDORA_NAME}
VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun
CI_DESIRED_NETWORK: cni
- env:
<<: *sqliteenvvars
DISTRO_NV: ${RAWHIDE_NAME}
VM_IMAGE_NAME: ${RAWHIDE_CACHE_IMAGE_NAME}
CTR_FQIN: ""
- env: &debian_envvars
DISTRO_NV: ${DEBIAN_NAME}
VM_IMAGE_NAME: ${DEBIAN_CACHE_IMAGE_NAME}
CI_DESIRED_RUNTIME: runc
CI_DESIRED_NETWORK: netavark
env:
TEST_FLAVOR: build
# NOTE: The default way Cirrus-CI clones is *NOT* compatible with
# environment expectations in contrib/cirrus/lib.sh. Specifically
# the 'origin' remote must be defined, and all remote branches/tags
# must be available for reference from CI scripts.
clone_script: &full_clone |
cd /
rm -rf $CIRRUS_WORKING_DIR
mkdir -p $CIRRUS_WORKING_DIR
git clone --recursive --branch=$DEST_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR
cd $CIRRUS_WORKING_DIR
git remote update origin
if [[ -n "$CIRRUS_PR" ]]; then # running for a PR
git fetch origin pull/$CIRRUS_PR/head:pull/$CIRRUS_PR
git checkout pull/$CIRRUS_PR
else
git reset --hard $CIRRUS_CHANGE_IN_REPO
fi
# Some test operations & checks require a git "identity"
_gc='git config --file /root/.gitconfig'
$_gc user.email "TMcTestFace@example.com"
$_gc user.name "Testy McTestface"
# Attempt to prevent flakes by confirming basic environment expectations,
# network service connectivity and essential container image availability.
prebuild_script: &prebuild $SCRIPT_BASE/prebuild.sh
# Standard setup stage call, used by nearly every task in CI.
setup_script: &setup '$GOSRC/$SCRIPT_BASE/setup_environment.sh'
# Attempt to prevent flakes by confirming automation environment and
# all required external/3rd-party services are available and functional.
# Standard main execution stage call, used by nearly every task in CI.
main_script: &main '/usr/bin/time --verbose --output="$STATS_LOGFILE" $GOSRC/$SCRIPT_BASE/runner.sh'
# Attempt to catch code-quality and vendoring problems early.
postbuild_script: &postbuild $SCRIPT_BASE/postbuild.sh
# Cirrus-CI is very slow uploading one file at time, and the repo contains
# thousands of files. Speed this up by archiving into tarball first.
repo_prep_script: &repo_prep >-
tar cjf /tmp/repo.tbz -C $GOSRC . && mv /tmp/repo.tbz $GOSRC/
repo_artifacts: &repo_artifacts
path: ./repo.tbz
type: application/octet-stream
always: &runner_stats
runner_stats_artifacts:
path: ./*-${STATS_LOGFILE_SFX}
type: text/plain
build_aarch64_task:
alias: 'build_aarch64'
name: 'Build for $DISTRO_NV'
# Multiarch doesn't depend on buildability in this automation context
# Docs: ./contrib/cirrus/CIModes.md
only_if: "$CIRRUS_CRON != 'multiarch'"
# Enable labeling of EC2 VMs with cirrus task ID. TODO: This can be
# removed when the feature goes mainstream.
experimental: true
ec2_instance: &standard_build_ec2_aarch64
image: ${VM_IMAGE_NAME}
type: ${EC2_INST_TYPE}
region: us-east-1
architecture: arm64 # CAUTION: This has to be "arm64", not "aarch64".
env: &stdenvars_aarch64
EC2_INST_TYPE: "t4g.xlarge"
DISTRO_NV: ${FEDORA_AARCH64_NAME}
VM_IMAGE_NAME: ${FEDORA_AARCH64_AMI}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun
CI_DESIRED_NETWORK: netavark
TEST_FLAVOR: build
clone_script: *full_clone
prebuild_script: *prebuild
setup_script: *setup
postbuild_script: *postbuild
main_script: *main
# Cirrus-CI is very slow uploading one file at time, and the repo contains
# thousands of files. Speed this up by archiving into tarball first.
repo_prep_script: &repo_prep_aarch64 >-
tar cjf /tmp/repo.tbz -C $GOSRC . && mv /tmp/repo.tbz $GOSRC/
repo_artifacts: &repo_artifacts_aarch64
path: ./repo.tbz
type: application/octet-stream
always: *runner_stats
# Confirm the result of building on at least one platform appears sane.
# This confirms the binaries can be executed, checks --help vs docs, and
# other essential post-build validation checks.
validate_task:
name: "Validate ${DISTRO_NV} Build"
alias: validate
# This task is primarily intended to catch human-errors early on, in a
# PR. Skip it for branch-push, branch-create, and tag-push to improve
# automation reliability/speed in those contexts. Any missed errors due
# to nonsequential PR merging practices, will be caught on a future PR,
# build or test task failures.
# Docs: ./contrib/cirrus/CIModes.md
only_if: &is_pr "$CIRRUS_PR != ''"
depends_on:
- build
# golangci-lint is a very, very hungry beast.
gce_instance: &bigvm
<<: *standardvm
cpu: 8
memory: "16Gb"
matrix:
- env:
<<: *stdenvars
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
DISTRO_NV: ${FEDORA_NAME}
- env:
<<: *stdenvars
VM_IMAGE_NAME: ${RAWHIDE_CACHE_IMAGE_NAME}
DISTRO_NV: ${RAWHIDE_NAME}
env:
TEST_FLAVOR: validate
# N/B: This script depends on ${DISTRO_NV} being defined for the task.
clone_script: &get_gosrc |
cd /tmp
echo "$ARTCURL/Build%20for%20${DISTRO_NV}/repo/repo.tbz"
time $ARTCURL/Build%20for%20${DISTRO_NV}/repo/repo.tbz
time tar xjf /tmp/repo.tbz -C $GOSRC
setup_script: *setup
main_script: *main
always: *runner_stats
# Confirm the result of building on at least one platform appears sane.
# This confirms the binaries can be executed, checks --help vs docs, and
# other essential post-build validation checks.
validate_aarch64_task:
name: "Validate $DISTRO_NV Build"
alias: validate_aarch64
# This task is primarily intended to catch human-errors early on, in a
# PR. Skip it for branch-push, branch-create, and tag-push to improve
# automation reliability/speed in those contexts. Any missed errors due
# to nonsequential PR merging practices, will be caught on a future PR,
# build or test task failures.
# Docs: ./contrib/cirrus/CIModes.md
only_if: *is_pr
depends_on:
- build_aarch64
experimental: true # Enable labeling of EC2 VMs with cirrus task ID
ec2_instance: *standard_build_ec2_aarch64
env:
<<: *stdenvars_aarch64
TEST_FLAVOR: validate
DISTRO_NV: ${FEDORA_AARCH64_NAME}
# N/B: This script depends on ${DISTRO_NV} being defined for the task.
clone_script: &get_gosrc_aarch64 |
cd /tmp
echo "$ARTCURL/build_aarch64/repo/repo.tbz"
time $ARTCURL/build_aarch64/repo/repo.tbz
time tar xjf /tmp/repo.tbz -C $GOSRC
setup_script: *setup
main_script: *main
always: *runner_stats
# Exercise the "libpod" API with a small set of common
# operations to ensure they are functional.
bindings_task:
name: "Test Bindings"
alias: bindings
# Don't create task for PRs using [CI:DOCS] or [CI:BUILD]
# Docs: ./contrib/cirrus/CIModes.md
only_if: >-
$CIRRUS_PR != '' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:COPR.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*'
depends_on:
- build
gce_instance: *standardvm
env:
<<: *stdenvars
TEST_FLAVOR: bindings
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: &logs_artifacts
<<: *runner_stats
# Required for `contrib/cirrus/logformatter` to work properly
html_artifacts:
path: ./*.html
type: text/html
server_log_artifacts:
path: ./podman-server.log
type: text/plain
df_script: '$SCRIPT_BASE/logcollector.sh df'
audit_log_script: '$SCRIPT_BASE/logcollector.sh audit'
journal_script: '$SCRIPT_BASE/logcollector.sh journal'
podman_system_info_script: '$SCRIPT_BASE/logcollector.sh podman'
time_script: '$SCRIPT_BASE/logcollector.sh time'
# Build the "libpod" API documentation `swagger.yaml` and
# publish it to google-cloud-storage (GCS).
swagger_task:
name: "Test Swagger"
alias: swagger
# Don't create task for [CI:BUILD] or multiarch builds
# Docs: ./contrib/cirrus/CIModes.md
only_if: >-
$CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*' &&
$CIRRUS_CRON != 'multiarch'
depends_on:
- build
gce_instance: *standardvm
env:
<<: *stdenvars
TEST_FLAVOR: swagger
CTR_FQIN: 'quay.io/libpod/gcsupld:${IMAGE_SUFFIX}'
GCPJSON: ENCRYPTED[927dc01e755eaddb4242b0845cf86c9098d1e3dffac38c70aefb1487fd8b4fe6dd6ae627b3bffafaba70e2c63172664e]
GCPNAME: ENCRYPTED[c145e9c16b6fb88d476944a454bf4c1ccc84bb4ecaca73bdd28bdacef0dfa7959ebc8171a27b2e4064d66093b2cdba49]
GCPPROJECT: 'libpod-218412'
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always:
<<: *runner_stats
swagger_artifacts:
path: ./swagger.yaml
type: text/plain
# There are several other important variations of podman which
# must always build successfully. Most of them are handled in
# this task, though a few need dedicated tasks which follow.
alt_build_task:
name: "$ALT_NAME"
alias: alt_build
# Don't create task for [CI:DOCS] or multiarch builds
# Docs: ./contrib/cirrus/CIModes.md
only_if: $CIRRUS_CRON != 'multiarch'
depends_on:
- build
env:
<<: *stdenvars
TEST_FLAVOR: "altbuild"
gce_instance: *standardvm
matrix:
- env:
ALT_NAME: 'Build Each Commit'
- env:
ALT_NAME: 'Windows Cross'
- env:
ALT_NAME: 'Build Without CGO'
- env:
ALT_NAME: 'Alt Arch. Cross'
- env:
ALT_NAME: 'FreeBSD Cross'
# This task cannot make use of the shared repo.tbz artifact.
clone_script: *full_clone
setup_script: *setup
main_script: *main
# Produce a new repo.tbz artifact for consumption by 'artifacts' task.
repo_prep_script: *repo_prep
repo_artifacts: *repo_artifacts
always: *runner_stats
# Confirm building the remote client, natively on a Mac OS-X VM.
osx_alt_build_task:
name: "OSX Cross"
alias: osx_alt_build
# Docs: ./contrib/cirrus/CIModes.md
only_if: $CIRRUS_CRON != 'multiarch'
depends_on:
- build
env:
<<: *stdenvars
# OSX platform variation prevents this being included in alt_build_task
TEST_FLAVOR: "altbuild"
ALT_NAME: 'OSX Cross'
osx_instance:
image: ghcr.io/cirruslabs/macos-ventura-base:latest
setup_script:
- brew install go
- brew install go-md2man
- go version
build_amd64_script:
- make podman-remote-release-darwin_amd64.zip
build_arm64_script:
- make podman-remote-release-darwin_arm64.zip
build_pkginstaller_script:
- cd contrib/pkginstaller
- make ARCH=amd64 NO_CODESIGN=1 pkginstaller
- make ARCH=aarch64 NO_CODESIGN=1 pkginstaller
# This task cannot make use of the shared repo.tbz artifact and must
# produce a new repo.tbz artifact for consumption by 'artifacts' task.
repo_prep_script: *repo_prep
repo_artifacts: *repo_artifacts
always: *runner_stats
# Verify podman is compatible with the docker python-module.
docker-py_test_task:
name: Docker-py Compat.
alias: docker-py_test
# Don't create task for tags, branches, or PRs w/ [CI:DOCS] or [CI:BUILD]
# N/B: for PRs $CIRRUS_BRANCH == 'pull/<number>'
# Docs: ./contrib/cirrus/CIModes.md
only_if: &not_tag_branch_build_docs >-
$CIRRUS_PR != '' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:COPR.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*'
depends_on:
- build
gce_instance: *standardvm
env:
<<: *stdenvars
TEST_FLAVOR: docker-py
TEST_ENVIRON: container
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *runner_stats
# Does exactly what it says, execute the podman unit-tests on Fedora.
unit_test_task:
name: "Unit tests on $DISTRO_NV"
alias: unit_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_branch_build_docs
depends_on:
- build
- validate
matrix:
- env: *stdenvars
# Special-case: Rootless on latest Fedora (standard) VM
- name: "Rootless unit on $DISTRO_NV"
env:
<<: *stdenvars
PRIV_NAME: rootless
gce_instance: *standardvm
env:
TEST_FLAVOR: unit
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
apiv2_test_task:
name: "APIv2 test on $DISTRO_NV ($PRIV_NAME)"
alias: apiv2_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_branch_build_docs
depends_on:
- build
- validate
gce_instance: *standardvm
# Test is normally pretty quick, about 10-minutes. If it hangs,
# don't make developers wait the full 1-hour timeout.
timeout_in: 20m
env:
<<: *stdenvars
TEST_FLAVOR: apiv2
matrix:
- env:
PRIV_NAME: root
- env:
PRIV_NAME: rootless
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
compose_test_task:
name: "$TEST_FLAVOR test on $DISTRO_NV ($PRIV_NAME)"
alias: compose_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_branch_build_docs
depends_on:
- build
- validate
gce_instance: *standardvm
matrix:
- env:
TEST_FLAVOR: compose
PRIV_NAME: root
- env:
TEST_FLAVOR: compose
PRIV_NAME: rootless
- env:
TEST_FLAVOR: compose_v2
PRIV_NAME: root
- env:
TEST_FLAVOR: compose_v2
PRIV_NAME: rootless
env:
<<: *stdenvars
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
# Execute the podman integration tests on all primary platforms and release
windows_smoke_test_task:
name: "Windows Smoke Test"
alias: windows_smoke_test
# Only run for non-docs/copr PRs and non-multiarch branch builds
# and never for tags. Docs: ./contrib/cirrus/CIModes.md
only_if: >-
$CIRRUS_TAG == '' &&
$CIRRUS_CRON != 'multiarch' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:COPR.*'
depends_on:
- alt_build
experimental: true # Enable labeling of EC2 VMs with cirrus task ID
ec2_instance:
image: "${WINDOWS_AMI}"
type: m5zn.metal
region: us-east-1
platform: windows
env:
PATH: "${PATH};C:\\ProgramData\\chocolatey\\bin"
CIRRUS_SHELL: powershell
# Fake version, we are only testing the installer functions, so version doesn't matter
CIRRUS_WORKING_DIR: "${LOCALAPPDATA}\\Temp\\cirrus-ci-build"
main_script: 'contrib/cirrus/win-podman-machine-main.ps1'
# versions, as root, without involving the podman-remote client.
local_integration_test_task: &local_integration_test_task
# Integration-test task name convention:
# <int.|sys.> <podman|remote> <Distro NV> <root|rootless>
name: &std_name_fmt "$TEST_FLAVOR $PODBIN_NAME $DISTRO_NV $PRIV_NAME $TEST_ENVIRON ${CI_DESIRED_DATABASE}"
alias: local_integration_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_branch_build_docs
depends_on: &build_unit
- build
- unit_test
matrix: *platform_axis
gce_instance: *standardvm
timeout_in: 50m
env:
TEST_FLAVOR: int
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: &int_logs_artifacts
<<: *logs_artifacts
ginkgo_node_logs_artifacts:
path: ./test/e2e/ginkgo-node-*.log
type: text/plain
# Nearly identical to `local_integration_test` except all operations
# are performed through the podman-remote client vs a podman "server"
# running on the same host.
remote_integration_test_task:
<<: *local_integration_test_task
alias: remote_integration_test
env:
TEST_FLAVOR: int
PODBIN_NAME: remote
# Run the complete set of integration tests from inside a container.
# This verifies all/most operations function with "podman-in-podman".
container_integration_test_task:
name: *std_name_fmt
alias: container_integration_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_branch_build_docs
depends_on: *build_unit
matrix: &fedora_vm_axis
- env:
DISTRO_NV: ${FEDORA_NAME}
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun
CI_DESIRED_NETWORK: netavark
- env:
DISTRO_NV: ${PRIOR_FEDORA_NAME}
VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun
CI_DESIRED_NETWORK: cni
gce_instance: *standardvm
timeout_in: 50m
env:
TEST_FLAVOR: int
TEST_ENVIRON: container
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *int_logs_artifacts
# Execute most integration tests as a regular (non-root) user.
rootless_integration_test_task:
name: *std_name_fmt
alias: rootless_integration_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_branch_build_docs
depends_on: *build_unit
matrix: *platform_axis
gce_instance: *standardvm
timeout_in: 50m
env:
TEST_FLAVOR: int
PRIV_NAME: rootless
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *int_logs_artifacts
podman_machine_task:
name: *std_name_fmt
alias: podman_machine
# Don't create task for tags, or if using [CI:DOCS], [CI:BUILD], multiarch
# Docs: ./contrib/cirrus/CIModes.md
only_if: &not_tag_build_docs_multiarch >-
$CIRRUS_TAG == '' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:COPR.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*' &&
$CIRRUS_CRON != 'multiarch'
depends_on:
- build
- local_integration_test
- remote_integration_test
- container_integration_test
- rootless_integration_test
experimental: true # Enable labeling of EC2 VMs with cirrus task ID
ec2_instance:
image: "${VM_IMAGE_NAME}"
type: "${EC2_INST_TYPE}"
region: us-east-1
env:
EC2_INST_TYPE: "m5zn.metal" # Bare-metal instance is required
TEST_FLAVOR: "machine"
PRIV_NAME: "rootless" # intended use-case
DISTRO_NV: "${FEDORA_NAME}"
VM_IMAGE_NAME: "${FEDORA_AMI}"
CI_DESIRED_NETWORK: netavark
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: &machine_logs_benchmarks
<<: *int_logs_artifacts
benchmark_artifacts:
path: ./data/*
podman_machine_aarch64_task:
name: *std_name_fmt
alias: podman_machine_aarch64
only_if: *not_tag_build_docs_multiarch
depends_on:
- build_aarch64
- validate_aarch64
- local_integration_test
- remote_integration_test
- container_integration_test
- rootless_integration_test
experimental: true # Enable labeling of EC2 VMs with cirrus task ID
ec2_instance:
<<: *standard_build_ec2_aarch64
env:
TEST_FLAVOR: "machine"
EC2_INST_TYPE: c6g.metal
PRIV_NAME: "rootless" # intended use-case
DISTRO_NV: "${FEDORA_AARCH64_NAME}"
VM_IMAGE_NAME: "${FEDORA_AARCH64_AMI}"
CI_DESIRED_NETWORK: netavark
clone_script: *get_gosrc_aarch64
setup_script: *setup
main_script: *main
always: *machine_logs_benchmarks
bench_stuff_task:
name: Record machine benchmarks
alias: bench_stuff
# Only run on merge and never for cirrus-cron.
only_if: $CIRRUS_BRANCH == 'main' && $CIRRUS_CRON == ''
depends_on:
- podman_machine
- podman_machine_aarch64
gce_instance: *standardvm
env:
<<: *stdenvars
PR: podman run -it --rm -v /tmp/data:/tmp/data:Z -w /tmp/data
GACJSON: ENCRYPTED[acd4a8bd843dab6dd135c379a2819546187fd2c7ce43e5839c6db4c798ed652f5b456f5d1716afef662554ee94e098ee]
clone_script: &noop mkdir -p $CIRRUS_WORKING_DIR
script:
- mkdir /tmp/data
# Download benchmark.env and benchmark.csv from podman-machine tasks
- $PR quay.io/libpod/ccia $CIRRUS_BUILD_ID benchmark/data
- podman secret create --env GACJSON GACJSON
# Parse and upload benchmark data to GCE firestore database
- $PR --secret GACJSON -e GOOGLE_APPLICATION_CREDENTIALS=/run/secrets/GACJSON quay.io/libpod/bench_stuff ./$CIRRUS_BUILD_ID
# Always run subsequent to integration tests. While parallelism is lost
# with runtime, debugging system-test failures can be more challenging
# for some golang developers. Otherwise the following tasks run across
# the same matrix as the integration-tests (above).
local_system_test_task: &local_system_test_task
name: *std_name_fmt
alias: local_system_test
only_if: *not_tag_build_docs_multiarch
depends_on: *build_unit
matrix: *platform_axis
gce_instance: *standardvm
env:
TEST_FLAVOR: sys
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
local_system_test_aarch64_task: &local_system_test_task_aarch64
name: *std_name_fmt
alias: local_system_test_aarch64
# Don't create task for tags, or if using [CI:DOCS], [CI:BUILD], multiarch
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_build_docs_multiarch
depends_on:
- build_aarch64
- unit_test
experimental: true # Enable labeling of EC2 VMs with cirrus task ID
ec2_instance: *standard_build_ec2_aarch64
env:
<<: *stdenvars_aarch64
TEST_FLAVOR: sys
DISTRO_NV: ${FEDORA_AARCH64_NAME}
clone_script: *get_gosrc_aarch64
setup_script: *setup
main_script: *main
always: *logs_artifacts
remote_system_test_task:
<<: *local_system_test_task
alias: remote_system_test
env:
TEST_FLAVOR: sys
PODBIN_NAME: remote
remote_system_test_aarch64_task:
<<: *local_system_test_task_aarch64
alias: remote_system_test_aarch64
env:
TEST_FLAVOR: sys
PODBIN_NAME: remote
rootless_remote_system_test_task:
matrix:
# Minimal sanity testing: only the latest Fedora
- env:
DISTRO_NV: ${FEDORA_NAME}
# Not used here, is used in other tasks
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun
CI_DESIRED_NETWORK: netavark
<<: *local_system_test_task
alias: rootless_remote_system_test
gce_instance: *standardvm
env:
TEST_FLAVOR: sys
PODBIN_NAME: remote
PRIV_NAME: rootless
rootless_system_test_task:
name: *std_name_fmt
alias: rootless_system_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_build_docs_multiarch
depends_on: *build_unit
matrix: *platform_axis
gce_instance: *standardvm
env:
TEST_FLAVOR: sys
PRIV_NAME: rootless
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
minikube_test_task:
name: *std_name_fmt
alias: minikube_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_build_docs_multiarch
depends_on:
- build
- rootless_system_test
gce_instance: *standardvm
env:
<<: *stdenvars
TEST_FLAVOR: minikube
PRIV_NAME: rootless
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
buildah_bud_test_task:
name: *std_name_fmt
alias: buildah_bud_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_branch_build_docs
depends_on:
- build
- local_integration_test
env:
<<: *stdenvars
TEST_FLAVOR: bud
matrix:
- env:
PODBIN_NAME: podman
- env:
PODBIN_NAME: remote
gce_instance: *standardvm
timeout_in: 45m
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *int_logs_artifacts
rootless_buildah_bud_test_task:
name: *std_name_fmt
alias: rootless_buildah_bud_test
# Please keep this as-is: the buildah treadmill (#13808) relies on it.
only_if: $CIRRUS_CRON == 'treadmill'
depends_on:
- build
- rootless_integration_test
env:
<<: *stdenvars
TEST_FLAVOR: bud
PRIV_NAME: rootless
matrix:
- env:
PODBIN_NAME: podman
- env:
PODBIN_NAME: remote
gce_instance: *standardvm
timeout_in: 45m
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *int_logs_artifacts
upgrade_test_task:
name: "Upgrade test: from $PODMAN_UPGRADE_FROM"
alias: upgrade_test
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_branch_build_docs
depends_on:
- build
- local_system_test
matrix:
- env:
PODMAN_UPGRADE_FROM: v2.1.1
CI_DESIRED_NETWORK: cni
- env:
PODMAN_UPGRADE_FROM: v3.1.2
CI_DESIRED_NETWORK: cni
- env:
PODMAN_UPGRADE_FROM: v3.4.4
CI_DESIRED_NETWORK: cni
gce_instance: *standardvm
env:
TEST_FLAVOR: upgrade_test
DISTRO_NV: ${FEDORA_NAME}
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
always: *logs_artifacts
image_build_task: &image-build
name: "Build multi-arch $CTXDIR"
alias: image_build
# Some of these container images take > 1h to build, limit
# this task to a specific Cirrus-Cron entry with this name.
# Docs: ./contrib/cirrus/CIModes.md
only_if: $CIRRUS_CRON == 'multiarch'
timeout_in: 120m # emulation is sssllllooooowwww
gce_instance:
<<: *standardvm
image_name: build-push-${IMAGE_SUFFIX}
# More muscle required for parallel multi-arch build
type: "n2-standard-4"
matrix:
- env:
CTXDIR: contrib/podmanimage/upstream
- env:
CTXDIR: contrib/podmanimage/testing
- env:
CTXDIR: contrib/podmanimage/stable
- env:
CTXDIR: contrib/hello
env:
DISTRO_NV: "${FEDORA_NAME}" # Required for repo cache extraction
PODMAN_USERNAME: ENCRYPTED[b9f0f2550029dd2196e086d9dd6c2d1fec7e328630b15990d9bb610f9fcccb5baab8b64a8c3e72b0c1d0f5917cf65aa1]
PODMAN_PASSWORD: ENCRYPTED[e3444f6072853f0c8db7f964ead5e2204116af485469fa0de367f26b9316b460fd842a9882f552b9e9a83bbaf650d8b4]
CONTAINERS_USERNAME: ENCRYPTED[54a372d5f22f424173c114c6fb25c3214956cad323d5b285c7393a71041884ce96471d0ff733774e5dab9fa5a3c8795c]
CONTAINERS_PASSWORD: ENCRYPTED[4ecc3fb534935095a99fb1f2e320ac6bc87f3e7e186746e41cbcc4b5f5379a014b9fc8cc90e1f3d5abdbaf31580a4ab9]
main_script:
- set -a; source /etc/automation_environment; set +a
- main.sh $CIRRUS_REPO_CLONE_URL $CTXDIR
test_image_build_task:
<<: *image-build
alias: test_image_build
# Allow this to run inside a PR w/ [CI:BUILD] only.
# Docs: ./contrib/cirrus/CIModes.md
only_if: $CIRRUS_PR != '' && $CIRRUS_CHANGE_TITLE =~ '.*CI:BUILD.*'
# This takes a LONG time, only run when requested. N/B: Any task
# made to depend on this one will block FOREVER unless triggered.
# DO NOT ADD THIS TASK AS DEPENDENCY FOR `success_task`.
trigger_type: manual
# Overwrite all 'env', don't push anything, just do the build.
env:
DRYRUN: 1
# This task is critical. It updates the "last-used by" timestamp stored
# in metadata for all VM images. This mechanism functions in tandem with
# an out-of-band pruning operation to remove disused VM images.
meta_task:
name: "VM img. keepalive"
alias: meta
container:
cpu: 2
memory: 2
image: quay.io/libpod/imgts:latest
env:
# Space-separated list of images used by this repository state
IMGNAMES: >-
${FEDORA_CACHE_IMAGE_NAME}
${PRIOR_FEDORA_CACHE_IMAGE_NAME}
${RAWHIDE_CACHE_IMAGE_NAME}
${DEBIAN_CACHE_IMAGE_NAME}
build-push-${IMAGE_SUFFIX}
EC2IMGNAMES: >-
${FEDORA_AARCH64_AMI}
${FEDORA_AMI}
${WINDOWS_AMI}
BUILDID: "${CIRRUS_BUILD_ID}"
REPOREF: "${CIRRUS_REPO_NAME}"
AWSINI: ENCRYPTED[21b2db557171b11eb5abdbccae593f48c9caeba86dfcc4d4ff109edee9b4656ab6720a110dadfcd51e88cc59a71cc7af]
GCPJSON: ENCRYPTED[3a198350077849c8df14b723c0f4c9fece9ebe6408d35982e7adf2105a33f8e0e166ed3ed614875a0887e1af2b8775f4]
GCPNAME: ENCRYPTED[2f9738ef295a706f66a13891b40e8eaa92a89e0e87faf8bed66c41eca72bf76cfd190a6f2d0e8444c631fdf15ed32ef6]
GCPPROJECT: libpod-218412
clone_script: *noop
script: /usr/local/bin/entrypoint.sh
# Status aggregator for all tests. This task simply ensures a defined
# set of tasks all passed, and allows confirming that based on the status
# of this task.
success_task:
name: "Total Success"
alias: success
# N/B: ALL tasks must be listed here, minus their '_task' suffix.
depends_on:
- build
- build_aarch64
- validate
- validate_aarch64
- bindings
- swagger
- alt_build
- osx_alt_build
- win_installer
- windows_smoke_test
- docker-py_test
- unit_test
- apiv2_test
- compose_test
- local_integration_test
- remote_integration_test
- container_integration_test
- rootless_integration_test
- podman_machine
- podman_machine_aarch64
- local_system_test
- local_system_test_aarch64
- remote_system_test
- remote_system_test_aarch64
- rootless_system_test
- rootless_remote_system_test
- minikube_test
- buildah_bud_test
- rootless_buildah_bud_test
- upgrade_test
- image_build
- meta
container: &smallcontainer
image: ${CTR_FQIN}
# Resources are limited across ALL currently executing tasks
# ref: https://cirrus-ci.org/guide/linux/#linux-containers
cpu: 2
memory: 2
env:
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
TEST_ENVIRON: container
clone_script: *noop
script: *noop
# WARNING: Most of the artifacts captured here are also have their
# permalinks present in the `DOWNLOADS.md` file. Any changes made
# here, should probably be reflected in that document.
artifacts_task:
name: "Artifacts"
alias: artifacts
# Docs: ./contrib/cirrus/CIModes.md
only_if: >-
$CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' &&
$CIRRUS_CHANGE_TITLE !=~ '.*CI:COPR.*' &&
$CIRRUS_CRON != 'multiarch'
depends_on:
- success
# This task is a secondary/convenience for downstream consumers, don't
# block development progress if there is a failure in a PR, only break
# when running on branches or tags.
allow_failures: $CIRRUS_PR != ''
container: *smallcontainer
env:
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
TEST_ENVIRON: container
# In order to keep the download URL and Cirrus-CI artifact.zip contents
# simple, nothing should exist in $CIRRUS_WORKING_DIR except for artifacts.
clone_script: *noop
fedora_binaries_script:
- mkdir -p /tmp/fed
- cd /tmp/fed
- $ARTCURL/Build%20for%20${FEDORA_NAME}/repo/repo.tbz
- tar xjf repo.tbz
- cp ./bin/* $CIRRUS_WORKING_DIR/
alt_binaries_script:
- mkdir -p /tmp/alt
- cd /tmp/alt
- $ARTCURL/Alt%20Arch.%20Cross/repo/repo.tbz
- tar xjf repo.tbz
- mv ./*.tar.gz $CIRRUS_WORKING_DIR/
win_binaries_script:
- mkdir -p /tmp/win
- cd /tmp/win
- $ARTCURL/Windows%20Cross/repo/repo.tbz
- tar xjf repo.tbz
- mv ./podman-remote*.zip ./*.msi $CIRRUS_WORKING_DIR/
osx_binaries_script:
- mkdir -p /tmp/osx
- cd /tmp/osx
- $ARTCURL/OSX%20Cross/repo/repo.tbz
- tar xjf repo.tbz
- mv ./podman-remote-release-darwin_*.zip $CIRRUS_WORKING_DIR/
- mv ./contrib/pkginstaller/out/podman-installer-macos-*.pkg $CIRRUS_WORKING_DIR/
always:
contents_script: ls -la $CIRRUS_WORKING_DIR
# Produce downloadable files and an automatic zip-file accessible
# by a consistent URL, based on contents of $CIRRUS_WORKING_DIR
# Ref: https://cirrus-ci.org/guide/writing-tasks/#latest-build-artifacts
binary_artifacts:
path: ./*
type: application/octet-stream
win_installer_task:
name: "Verify Win Installer Build"
alias: win_installer
# Don't run for multiarch container image cirrus-cron job.
only_if: $CIRRUS_CRON != 'multiarch'
depends_on:
- alt_build
windows_container:
image: cirrusci/windowsservercore:2019
env:
PATH: "${PATH};C:\\ProgramData\\chocolatey\\bin"
CIRRUS_SHELL: powershell
# Fake version, we are only testing the installer functions, so version doesn't matter
WIN_INST_VER: 9.9.9
CIRRUS_WORKING_DIR: "${LOCALAPPDATA}\\Temp\\cirrus-ci-build"
install_script: '.\contrib\cirrus\win-installer-install.ps1'
main_script: '.\contrib\cirrus\win-installer-main.ps1'
# When a new tag is pushed, confirm that the code and commits
# meet criteria for an official release.
release_task:
name: "Verify Release"
alias: release
# This should _only_ run for new tags
# Docs: ./contrib/cirrus/CIModes.md
only_if: $CIRRUS_TAG != ''
depends_on:
- build
- success
gce_instance: *standardvm
env:
<<: *stdenvars
TEST_FLAVOR: release
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
# When preparing to release a new version, this task may be manually
# activated at the PR stage to verify the build is proper for a potential
# podman release.
#
# Note: This cannot use a YAML alias on 'release_task' as of this
# comment, it is incompatible with 'trigger_type: manual'
release_test_task:
name: "Optional Release Test"
alias: release_test
# Release-PRs always include "release" or "Bump" in the title
# Docs: ./contrib/cirrus/CIModes.md
only_if: $CIRRUS_CHANGE_TITLE =~ '.*((release)|(bump)).*'
# Allow running manually only as part of release-related builds
# see RELEASE_PROCESS.md
trigger_type: manual
depends_on:
- build
- success
gce_instance: *standardvm
env:
<<: *stdenvars
TEST_FLAVOR: release
clone_script: *get_gosrc
setup_script: *setup
main_script: *main
Reference in New Issue View Git Blame Copy Permalink