This extra test run is temporary; it should be removed after
rust-podman-sequoia makes it to a stable Fedora release.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Pass BUILDAH_RUNTIME through to tests that we run inside of containers,
and discard the CI_DESIRED_RUNTIME variable, which sort of did the same
thing. We still set OCI to the name of the runtime because tests
consult it directly.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When adding an unprivileged user to run tests as, ensure that the
primary and supplemental groups are not repeated, and that at least one
supplemental group is outside of the user's subgid range. When skipping
a test because the invoking user doesn't have any supplemental groups,
log the user's IDs.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Exercise preservation of supplemental groups in the tests that use
`buildah build` and `buildah from` with `--group-add keep-groups`.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Make tests pass when using a local cache registry (as triggered
by $CI_USE_REGISTRY_CACHE being non-empty).
Mostly just change images: consolidate to a smaller set, like,
replace the few instances of debian with ubuntu, use $SAFEIMAGE
where we can.
The most significant change was with some s1 (schema 1?) images.
Those exist on quay, but cannot be mirrored locally: the local
registry forbids schema 1 images. I choose to skip these tests
when running against a local registry.
Second most significant change is running containerized tests
with --net=host. We need this to access the registry running
on a localhost port. (One alternative would be to bind the
registry on all interfaces, cringe, then perform sed magic
on the registries-cache.conf file changing 127.0.0.1 to
host.containers.internal, more cringe).
Also, some cleanup.
Signed-off-by: Ed Santiago <santiago@redhat.com>
As of https://github.com/containers/automation_images/pull/357
our CI VMs include a local registry preloaded with all(*)
images used in tests.
* where "all" means "most".
This commit defines a new registries-cached.conf, used in tests,
that redirects docker and quay to the new local registry. The
hope is that this will reduce CI flakes.
Since tests change over time, and new tests may require new
images, this commit also adds a mechanism for pulling in
remote images at test run time. Obviously this negates
the purpose of the cache, since it introduces a flake
pain point. The idea is: DO NOT DO THIS UNLESS ABSOLUTELY
NECESSARY, and then, if we have to do this, hurry up and
spin new CI VMs that include the new image(s).
Signed-off-by: Ed Santiago <santiago@redhat.com>
Fixes: #5349
Unanticipated missing `dnf` functionality likely negatively impacts a
significant number of image users. Further exploration of size
reduction is needed, but we cannot (likely) swap to `microdnf` easily.
This reverts commit cdb1a4ff8e.
Signed-off-by: Chris Evich <cevich@redhat.com>
This change will allow RHEL subscriptions from the host to flow to internal containers.
Fixes: containers/common#1735
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Adding a chown after the containers storage.conf file is made for the build user in the buildah container image otherwise the file is owned by root while it should be owned by the build user and its group.
Signed-off-by: Indy Van Mol <indy.van.mol@endstra.dev>
Fixes: https://github.com/containers/buildah/issues/4838
Resolve a long-standing TODO item (and bug fix apparently) relating to
passing important env. var. values into special testing contexts.
Namely container-based and rootless testing. These changes mostly come
from the (now battle-tested) work by @edsantiago in the podman CI
scripts. Some podman-CI specific variables have been stripped out, and
other buildah-specific simplifications made.
Signed-off-by: Chris Evich <cevich@redhat.com>
For image published at `quay.io/containers/buildah` buildah should
correctly use `fuseoverlay` for rootless `build` user `fuse-overlayfs`.
Closes: https://github.com/containers/buildah/issues/4669
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
Sometimes important updates need to be made to dependent packages and
run through CI w/o waiting for package release and new CI VM image
builds. Support this in buildah CI as in podman CI, by updating
packages during setup when the magic string is present and PR is in
draft-mode.
Note: To support containerized testing, both `CIRRUS_CHANGE_TITLE`
and `CIRRUS_PR_DRAFT` env. vars. are passed through. For these tasks,
this will result in **TWO** updates - One for the host, and another one
in the container.
Signed-off-by: Chris Evich <cevich@redhat.com>
No longer needed: this functionality is now done by renovatebot.
The nightly cron job has been deleted.
This reverts commit 899ecaaf74.
Signed-off-by: Ed Santiago <santiago@redhat.com>
As of this commit, the build script runs the process on x86_64 hardware
(4cpus/8gig) using emulation for foreign architectures. Due to various
delays, inefficiencies, and other emulation-related slowdowns, it's
possible for dnf to timeout and/or mis-measure a minimum repository
download rate. Bump up the minimum download rate by 10x and timeout
interval by double. This should allow the builds to complete more
consistently.
Signed-off-by: Chris Evich <cevich@redhat.com>
This project uses the American dialect of written English. Not the
English (or Canadian) dialects as some more befuddled individuals might
do. I hope you enjoy the humour of this, I do.
Signed-off-by: Andrew Meadows <andrew@befuddled.ca>
Due to concerns about the ambiguous overloaded meaning of RELEASE in
this context, the build argument has been renamed to `FLAVOUR`.
Signed-off-by: Andrew Meadows <andrew@befuddled.ca>
A single `Containerfile` should be easier to maintain and more reliable
than having three nearly identical files. The new file uses an argument
named `RELEASE` with the value `stable`, `testing`, or `upstream`.
Signed-off-by: Andrew Meadows <andrew@befuddled.ca>
As per discussion with @nalid, updating the inconsistent use of
sequential operator (`;`) to the AND operator (`&&`) to avoid ignoring
errors. (Previous commit mimicked existing style.)
Signed-off-by: Andrew Meadows <andrew@befuddled.ca>
As discussed in f2f: this is the cleanest, simplest mechanism
I can think of to auto-test the Big Three dependencies: simply
run go mod edit immediately after git checkout, then run the
entire CI test suite.
If this approach works, we can set up a new CIRRUS_CRON=treadmill job.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Drop a reference as to why the rpm --setcaps... line is needed, along
with a TODO reminder to check if it's still needed.
Signed-off-by: Chris Evich <cevich@redhat.com>
When building the multi-arch "upstream" flavor of buildah container
images, it's more optimal to use separate compilation and image
construction steps. The image-build automation is time-limited,
and operating under a (slow) emulation environment. So using a
continuously pre-built buildah RPM will also improve build
reliability.
ref: https://github.com/containers/buildah/pull/4062
Signed-off-by: Chris Evich <cevich@redhat.com>
This specfile along with a webhook will trigger auto rpm builds on the
`rhcontainerbot/podman-next` copr after every upstream PR merge.
Useful for those who want to fetch the latest upstream buildah without
having to build from source.
This commit also gets rid of `contrib/rpm/buildah.spec` and
`tests/version.bats`.
Known issue: Currently fails to build for EL8 envs.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Previously, `;` were separating several `RUN` commands. This is
dangerous, as failure in one won't result in a build failure. This was
happening due to the `runc` package having a required dependency on
`contaqiner-selinux` which was excluded. Fix this by using `&&` and
switching to the crun package.
Signed-off-by: Chris Evich <cevich@redhat.com>
Contents updated to more closely resemble the same docs in the podman
repository. Also, remove the `centos7` compatibility section (and
build context) given it's not been built or maintained in over two
years.
Signed-off-by: Chris Evich <cevich@redhat.com>
Fedora no longer ships /etc/containers/storage.conf but
/usr/share/containers/storage.conf, this causes the buildimages
to fail to build. This PR uses the storage.conf in /usr.
Removed Centos7 image, since this distribution is no longer supported
and no reason to ship an image specific to this distribution.
Removed stablebyhand image, since this does not look like it is needed
any longer, and was not being maintained.
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Cleans up the Dockerfiles for the buildah images that land on quay.
A number of readability changes, and an adjustment to sed to
handle storage.conf.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Miloslav Trmač
Nalin Dahyabhai
flouthoc
Ed Santiago
Chris Evich
Ian Kerins
Daniel J Walsh
Indy Van Mol
Aditya R
Kir Kolyshkin
Andrew Meadows
Giuseppe Scrivano
openshift-ci[bot]
Lokesh Mandvekar
tomsweeneyredhat