This extra test run is temporary; it should be removed after
rust-podman-sequoia makes it to a stable Fedora release.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Pass BUILDAH_RUNTIME through to tests that we run inside of containers,
and discard the CI_DESIRED_RUNTIME variable, which sort of did the same
thing. We still set OCI to the name of the runtime because tests
consult it directly.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When adding an unprivileged user to run tests as, ensure that the
primary and supplemental groups are not repeated, and that at least one
supplemental group is outside of the user's subgid range. When skipping
a test because the invoking user doesn't have any supplemental groups,
log the user's IDs.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Exercise preservation of supplemental groups in the tests that use
`buildah build` and `buildah from` with `--group-add keep-groups`.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Make tests pass when using a local cache registry (as triggered
by $CI_USE_REGISTRY_CACHE being non-empty).
Mostly just change images: consolidate to a smaller set, like,
replace the few instances of debian with ubuntu, use $SAFEIMAGE
where we can.
The most significant change was with some s1 (schema 1?) images.
Those exist on quay, but cannot be mirrored locally: the local
registry forbids schema 1 images. I choose to skip these tests
when running against a local registry.
Second most significant change is running containerized tests
with --net=host. We need this to access the registry running
on a localhost port. (One alternative would be to bind the
registry on all interfaces, cringe, then perform sed magic
on the registries-cache.conf file changing 127.0.0.1 to
host.containers.internal, more cringe).
Also, some cleanup.
Signed-off-by: Ed Santiago <santiago@redhat.com>
As of https://github.com/containers/automation_images/pull/357
our CI VMs include a local registry preloaded with all(*)
images used in tests.
* where "all" means "most".
This commit defines a new registries-cached.conf, used in tests,
that redirects docker and quay to the new local registry. The
hope is that this will reduce CI flakes.
Since tests change over time, and new tests may require new
images, this commit also adds a mechanism for pulling in
remote images at test run time. Obviously this negates
the purpose of the cache, since it introduces a flake
pain point. The idea is: DO NOT DO THIS UNLESS ABSOLUTELY
NECESSARY, and then, if we have to do this, hurry up and
spin new CI VMs that include the new image(s).
Signed-off-by: Ed Santiago <santiago@redhat.com>
Fixes: https://github.com/containers/buildah/issues/4838
Resolve a long-standing TODO item (and bug fix apparently) relating to
passing important env. var. values into special testing contexts.
Namely container-based and rootless testing. These changes mostly come
from the (now battle-tested) work by @edsantiago in the podman CI
scripts. Some podman-CI specific variables have been stripped out, and
other buildah-specific simplifications made.
Signed-off-by: Chris Evich <cevich@redhat.com>
Sometimes important updates need to be made to dependent packages and
run through CI w/o waiting for package release and new CI VM image
builds. Support this in buildah CI as in podman CI, by updating
packages during setup when the magic string is present and PR is in
draft-mode.
Note: To support containerized testing, both `CIRRUS_CHANGE_TITLE`
and `CIRRUS_PR_DRAFT` env. vars. are passed through. For these tasks,
this will result in **TWO** updates - One for the host, and another one
in the container.
Signed-off-by: Chris Evich <cevich@redhat.com>
No longer needed: this functionality is now done by renovatebot.
The nightly cron job has been deleted.
This reverts commit 899ecaaf74.
Signed-off-by: Ed Santiago <santiago@redhat.com>
As discussed in f2f: this is the cleanest, simplest mechanism
I can think of to auto-test the Big Three dependencies: simply
run go mod edit immediately after git checkout, then run the
entire CI test suite.
If this approach works, we can set up a new CIRRUS_CRON=treadmill job.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add cirrus boiler plate for rootless testing infrastructure.
Following commit introduces only neccassary foundation and skeleton
which will be used by rootless testing of buildah.
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
The Fedora 35 cloud images have switched to UEFI boot with a GPT
partition. Formerly, all Fedora images included support for runtime
re-partitioning. However, the requirement to test alternate storage
has since been dropped/removed. Rather than maintain a disused
feature, and supporting scripts, these Fedora VM images have reverted
to the default: Automatically resize to 100% on boot.
Signed-off-by: Chris Evich <cevich@redhat.com>
During VM image build, a number of packages are downloaded but not
installed, since they may interfere with some testing. Then at runtime,
where required, the packages are installed from cache and used.
However, between image build and runtime it's possible the repository
contents change, which will invalidate the package cache. Since the
`--no-download --ignore-missing` options were used, the install will
fail.
Ref: https://github.com/containers/automation_images/issues/95
Fortunately, when it comes to the docker packages, no other dependencies
are required and so `apt-get` isn't required. Switch to using a simple
dpkg install command on the necessary files. If this ever breaks due
to new dependencies, the list of files may simply be updated.
Signed-off-by: Chris Evich <cevich@redhat.com>
The `IgnorePlatform` options has been removed from the
`LookupImageOptions` in libimage to properly support multi-arch images.
Buildah always set it to true.
Also temporarily remove /usr/share/containers/containers.conf. c/common
is now throwing warnings when facing unknown keys which unfortunately is
the case with the upstream containers.conf and ultimately breaks CI
since some output checks are failing.
Once an updated containers.conf has been shipped, we can revert the
change.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Installing packages at runtime (from an external source) is problematic
for many reasons. Specifically in the case of buildah/docker
conformance testing, it means the current "latest" pacakges are
always installed. This is a problem as new release branches are
created, because it presents an opportunity for test-environment changes
to happen after buildah/test code is stabilized.
Fix this by using new/special VM images which cache the required docker
packages. At runtime then, the required packages may be installed from
this cache instead of reaching out to the repository. Since images used
by tests on release branches never change, this will also serve to
stabilize the package versions for that specific environment.
Signed-off-by: Chris Evich <cevich@redhat.com>
Also simplify `lib.sh` after supporting changes incorporated
into automation library 2.x+ (present in all VM and container
images).
* No need to force-load `/etc/profile` and handle it's expectation
to **not** being in `errexit` mode.
* Slightly re-arrange loading of automation library files for
clarity.
* Remove dependency on updating `/etc/environment` for GPG.
* Remove redundant showrun() function (now present in automation
library)
* Update comments.
Signed-off-by: Chris Evich <cevich@redhat.com>
These changes execute the cross-compile build naively on an OSX VM to
more thoroughly verify multi-platform support (other than on Linux). In
other words, it better confirms that any Linux-only changes do not leak
into non-Linux environments. This change also enables greatly
simplifying automation scripts, as there is no longer any need to
support/check the `$CROSS_TARGET` variable.
Signed-off-by: Chris Evich <cevich@redhat.com>
Due to necessary changes in both scripts and within images, updates are
necessary for this script to function. These changes also bring
the script very close to being identical to the same in the
containers/podman repository. The intent is to support a future
where this script can simply be shared across repos.
Signed-off-by: Chris Evich <cevich@redhat.com>
Also, utilize the common library functions from containers/automation.
This library is now pre-installed into the VM images. There are some
minor API differences to a few frequently used functions. Otherwise
the behaviors are largely identical.
Signed-off-by: Chris Evich <cevich@redhat.com>
The versions of these packages on Fedora/Ubuntu are important/relevant
for testing, make them easy to observe.
Signed-off-by: Chris Evich <cevich@redhat.com>
Systemd is now complaining or mentioning /var/run as a legacy directory.
It has been many years where /var/run is a symlink to /run on all
most distributions, make the change to the default.
Partial fix for https://github.com/containers/podman/issues/8369
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When generating a certificate to be used by a registry server that we're
bringing up, instead of setting a CN value in the subject name to
"localhost" to pass the name check that a client makes, use a subject
alternative name extension.
The "compare the hostname we're given with a CN from the subject name
field" method stops working if the client is built with Go 1.15.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Expand the list of OS/arch combinations we check when we're checking if
we can successfully be cross-compiled, and fix up a couple of places
that wouldn't pass otherwise.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We don't handle passing environment values that contain whitespace
through to tests that we run inside of podman, so we need to screen out
$CIRRUS_CHANGE_TITLE from the list of variables we try to pass in via
the command line.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Move the conformance tests from ginkgo to using the default testing
package and github.com/stretchr/testify/require, preserving the existing
tests and adding more.
Add conformance tests to our Cirrus configuration, currently marked as
an allowed failure.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Have contrib/cirrus/build.sh run `go version` and `go env`, to make it
easier to diagnose build problems that might be specific to the version
of go that we're using for the build test.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add authentication tests using local registry:
- add output string checking wherever possible; this
caught a bug in the old tests, a command that was
failing due to a typo instead of the expected way.
- new --tls-verify=true tests, if $BUILDAH_AUTHDIR is
defined by caller. For Cirrus CI, that's hardcoded
as $HOME/auth and too tricky to change. For Fedora
and RHEL gating tests, this will require further
changes beyond the scope of this PR.
- new buildah-login tests, positive and negative, using
local registry
Also:
- remove unused tests in from.bats
- add "authenticate: " prefix to all tests in that file,
to make it easier for viewer to find the test source file.
- do not copy autogenerated certs to /etc/certs.d - doing so
defeats the purpose of testing --tls-verify={true,false}
Signed-off-by: Ed Santiago <santiago@redhat.com>
Podman no longer uses libpod.conf and has switched to containers.conf.
This change will cause podman to use crun by default, by creating a
/etc/containers/containers.conf file
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Recently the registry image was updated significantly with breaking
changes. Most were caught, this one was not. Instead of relying on the
(clearly) unreliable container image, simply install the package
providing the htpasswd command locally.
Signed-off-by: Chris Evich <cevich@redhat.com>
All packages required for building + testing buildah are now included in
VM images shared withthe libpod project's CI system. Remove former
`setup.sh` and `lib.sh` facilities for installing/updating packages.
Also add in a new function for removing the pre-installed buildah
package files (since we run and test from source). This mirrors
the same behavior used in libpod's CI setup.
Signed-off-by: Chris Evich <cevich@redhat.com>
Miloslav Trmač
Nalin Dahyabhai
flouthoc
Ed Santiago
Chris Evich
Giuseppe Scrivano
Aditya R
Valentin Rothberg
Daniel J Walsh
OpenShift Merge Robot
Josh Soref
dependabot-preview[bot]
Wong Hoi Sing Edison