diff --git a/.cirrus.yml b/.cirrus.yml index 752ce3aa681..ac0bb8252b9 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -1,1273 +1,1310 @@ ---- - -# Main collection of env. vars to set for all tasks and scripts. -env: - #### - #### Global variables used for all tasks - #### - # Sane (default) value for GOPROXY and GOSUMDB. - GOPROXY: "https://proxy.golang.org,direct" - GOSUMDB: "sum.golang.org" - # Overrides default location (/tmp/cirrus) for repo clone - GOPATH: &gopath "/var/tmp/go" - GOCACHE: "${GOPATH}/cache" - GOSRC: &gosrc "/var/tmp/go/src/github.com/containers/podman" - CIRRUS_WORKING_DIR: *gosrc - # The default is 'sh' if unspecified - CIRRUS_SHELL: "/bin/bash" - # Save a little typing (path relative to $CIRRUS_WORKING_DIR) - SCRIPT_BASE: "./contrib/cirrus" - # Runner statistics log file path/name - STATS_LOGFILE_SFX: 'runner_stats.log' - STATS_LOGFILE: '$GOSRC/${CIRRUS_TASK_NAME}-${STATS_LOGFILE_SFX}' - - #### - #### Cache-image names to test with (double-quotes around names are critical) - #### - FEDORA_NAME: "fedora-42" - FEDORA_AARCH64_NAME: "${FEDORA_NAME}-aarch64" - PRIOR_FEDORA_NAME: "fedora-41" - RAWHIDE_NAME: "rawhide" - DEBIAN_NAME: "debian-14" - - # Image identifiers - IMAGE_SUFFIX: "c20251120t131229z-f42f41d14" - - # EC2 images - FEDORA_AMI: "fedora-aws-${IMAGE_SUFFIX}" - FEDORA_AARCH64_AMI: "fedora-podman-aws-arm64-${IMAGE_SUFFIX}" - # GCP Images - FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" - PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}" - RAWHIDE_CACHE_IMAGE_NAME: "rawhide-${IMAGE_SUFFIX}" - DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}" - # Container FQIN's - FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}" - PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}" - WINDOWS_AMI: "win-server-wsl-${IMAGE_SUFFIX}" - #### - #### Control variables that determine what to run and how to run it. - #### N/B: Required ALL of these are set for every single task. - #### - TEST_FLAVOR: # int, sys, ext_svc, validate, automation, etc. - TEST_ENVIRON: host # 'host', or 'container'. - PODBIN_NAME: podman # 'podman' or 'remote' - PRIV_NAME: root # 'root' or 'rootless' - DISTRO_NV: # any {PRIOR_,}{FEDORA,DEBIAN}_NAME value - VM_IMAGE_NAME: # One of the "Google-cloud VM Images" (above) - CTR_FQIN: # One of the "Container FQIN's" (above) - CI_DESIRED_RUNTIME: crun # As of 2024-05-28 there are no other supported runtimes - CI_DESIRED_STORAGE: overlay # overlay, vfs, or composefs (which is actually overlay) - - # Curl-command prefix for downloading task artifacts, simply add the - # the url-encoded task name, artifact name, and path as a suffix. - ART_URL: https://api.cirrus-ci.com/v1/artifact/build/${CIRRUS_BUILD_ID} - ARTCURL: >- - curl --retry 5 --retry-delay 8 --fail --location -O - --url ${ART_URL} - - -# Default timeout for each task -timeout_in: 20m - - -gcp_credentials: ENCRYPTED[a28959877b2c9c36f151781b0a05407218cda646c7d047fc556e42f55e097e897ab63ee78369dae141dcf0b46a9d0cdd] - -aws_credentials: ENCRYPTED[b4127fef212e5bc38dd3d96eff17440f2c62d6d04219fa97fa7acdcd81475352e70a34863705b5e01289fdc4012d5ee2] - - -validate-source_task: - name: "Validate source code changes" - alias: validate-source - # This task is primarily intended to catch human-errors early on, in a - # PR context. Skip running it everywhere else. - only_if: &is_pr "$CIRRUS_PR != ''" - gce_instance: - image_project: libpod-218412 - zone: "us-central1-a" - # golangci-lint is a very, very hungry beast. - cpu: 8 - memory: "16Gb" - # Required to be 200gig, do not modify - has i/o performance impact - # according to gcloud CLI tool warning messages. - disk: 200 - image_name: "${FEDORA_CACHE_IMAGE_NAME}" # from stdenvars - env: - TEST_FLAVOR: validate-source - TEST_BUILD_TAGS: "" - # NOTE: The default way Cirrus-CI clones is *NOT* compatible with - # environment expectations in contrib/cirrus/lib.sh. Specifically - # the 'origin' remote must be defined, and all remote branches/tags - # must be available for reference from CI scripts. - clone_script: &full_clone | - set -exo pipefail - cd / - rm -rf $CIRRUS_WORKING_DIR - mkdir -p $CIRRUS_WORKING_DIR - if [[ -z "$CIRRUS_PR" ]]; then - DEST_BRANCH="$CIRRUS_BRANCH" - else - DEST_BRANCH="$CIRRUS_BASE_BRANCH" - fi - git clone --recursive --branch=$DEST_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR - cd $CIRRUS_WORKING_DIR - git remote update origin - if [[ -n "$CIRRUS_PR" ]]; then # running for a PR - git fetch origin pull/$CIRRUS_PR/head:pull/$CIRRUS_PR - git checkout pull/$CIRRUS_PR - else - git reset --hard $CIRRUS_CHANGE_IN_REPO - fi - # Standard setup stage call, used by nearly every task in CI. - setup_script: &setup '$GOSRC/$SCRIPT_BASE/setup_environment.sh' - golangci-lint_cache: - folder: /root/.cache/golangci-lint - fingerprint_script: &golangci_cache_fingerprint - - go version - - grep GOLANGCI_LINT_VERSION Makefile | head -1 - - date +%U - # Standard main execution stage call, used by nearly every task in CI. - main_script: &main '/usr/bin/time --verbose --output="$STATS_LOGFILE" $GOSRC/$SCRIPT_BASE/runner.sh' - - -# N/B: This matrix of build tasks are critical to CI, along with the following -# aarch64 task. They build binaries for all CI platforms, and versions. On -# success, the contents of the repository are preserved as an artifact for -# consumption by most subsequent CI tasks. This saves about 3-5 minutes of -# otherwise duplicative effort in most tasks. -build_task: - alias: 'build' - name: 'Build for $DISTRO_NV' # N/B: Referenced by URLencoded strings elsewhere - gce_instance: &fastvm - image_project: libpod-218412 - zone: "us-central1-a" - cpu: 4 - memory: "4Gb" - # Required to be 200gig, do not modify - has i/o performance impact - # according to gcloud CLI tool warning messages. - disk: 200 - image_name: "${VM_IMAGE_NAME}" # from stdenvars - matrix: &platform_axis - # Ref: https://cirrus-ci.org/guide/writing-tasks/#matrix-modification - - env: &stdenvars - DISTRO_NV: ${FEDORA_NAME} - TEST_BUILD_TAGS: "" - # Not used here, is used in other tasks - VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} - CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - - env: - DISTRO_NV: ${PRIOR_FEDORA_NAME} - TEST_BUILD_TAGS: "" - VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME} - CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN} - CI_DESIRED_STORAGE: vfs - - env: - <<: *stdenvars - DISTRO_NV: ${RAWHIDE_NAME} - TEST_BUILD_TAGS: "containers_image_sequoia" - VM_IMAGE_NAME: ${RAWHIDE_CACHE_IMAGE_NAME} - CI_DESIRED_STORAGE: composefs - CTR_FQIN: "" - - env: - DISTRO_NV: ${DEBIAN_NAME} - TEST_BUILD_TAGS: "" - VM_IMAGE_NAME: ${DEBIAN_CACHE_IMAGE_NAME} - env: - TEST_FLAVOR: build - clone_script: *full_clone - # Attempt to prevent flakes by confirming basic environment expectations, - # network service connectivity and essential container image availability. - # TODO: Rename to "ci-sanity" and move into task that runs in parallel to build - prebuild_script: &prebuild $SCRIPT_BASE/prebuild.sh - setup_script: *setup - # Attempt to prevent flakes by confirming automation environment and - # all required external/3rd-party services are available and functional. - main_script: *main - # Attempt to catch code-quality and vendoring problems early. - postbuild_script: &postbuild $SCRIPT_BASE/postbuild.sh - # Cirrus-CI is very slow uploading one file at time, and the repo contains - # thousands of files. Speed this up by archiving into tarball first. - repo_prep_script: &repo_prep >- - tar --zstd -cf /tmp/repo.tar.zst -C $GOSRC . && mv /tmp/repo.tar.zst $GOSRC/ - repo_artifacts: &repo_artifacts - path: ./repo.tar.zst - type: application/octet-stream - always: &runner_stats - runner_stats_artifacts: - path: ./*-${STATS_LOGFILE_SFX} - type: text/plain - - -build_aarch64_task: - alias: 'build_aarch64' - name: 'Build for $DISTRO_NV' - ec2_instance: &standard_build_ec2_aarch64 - image: ${VM_IMAGE_NAME} - type: ${EC2_INST_TYPE} - region: us-east-1 - architecture: arm64 # CAUTION: This has to be "arm64", not "aarch64". - env: &stdenvars_aarch64 - EC2_INST_TYPE: "t4g.xlarge" - DISTRO_NV: ${FEDORA_AARCH64_NAME} - VM_IMAGE_NAME: ${FEDORA_AARCH64_AMI} - CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - TEST_FLAVOR: build - TEST_BUILD_TAGS: "" - clone_script: *full_clone - # TODO: Rename to "ci-sanity" and move into task that runs in parallel to build - prebuild_script: *prebuild - setup_script: *setup - postbuild_script: *postbuild - main_script: *main - # Cirrus-CI is very slow uploading one file at time, and the repo contains - # thousands of files. Speed this up by archiving into tarball first. - repo_prep_script: *repo_prep - repo_artifacts: *repo_artifacts - always: *runner_stats - - -# There are several other important variations of podman which -# must always build successfully. Most of them are handled in -# this task, though a few need dedicated tasks which follow. -alt_build_task: - name: "$ALT_NAME" - alias: alt_build - # Don't create task on rhel-release builds - # Docs: ./contrib/cirrus/CIModes.md - only_if: &no_rhel_release | - $CIRRUS_BRANCH !=~ 'v[0-9\.]+-rhel' && - $CIRRUS_BASE_BRANCH !=~ 'v[0-9\.]+-rhel' - env: - <<: *stdenvars - TEST_FLAVOR: "altbuild" - TEST_BUILD_TAGS: "" - gce_instance: *fastvm - matrix: - - env: - ALT_NAME: 'Build Each Commit' - - env: - # TODO: Replace with task using `winmake` to build - # binary and archive installation zip file. - ALT_NAME: 'Windows Cross' # N/B: Referenced by URLencoded strings elsewhere - - env: - ALT_NAME: 'Alt Arch. x86 Cross' - - env: - ALT_NAME: 'Alt Arch. ARM Cross' - - env: - ALT_NAME: 'Alt Arch. MIPS Cross' - - env: - ALT_NAME: 'Alt Arch. MIPS64 Cross' - - env: - ALT_NAME: 'Alt Arch. Other Cross' - # This task cannot make use of the shared repo.tar.zst artifact. - clone_script: *full_clone - setup_script: *setup - main_script: *main - # Produce a new repo.tar.zst artifact for consumption by 'artifacts' task. - repo_prep_script: *repo_prep - repo_artifacts: *repo_artifacts - always: *runner_stats - - -# Confirm building the remote client, natively on a Mac OS-X VM. -osx_alt_build_task: - name: "Build for MacOS arm64" # N/B: Referenced by URLencoded strings elsewhere - alias: osx_alt_build - # Docs: ./contrib/cirrus/CIModes.md - only_if: *no_rhel_release # RHEL never releases podman mac installer binary - persistent_worker: &mac_pw - labels: - os: darwin - arch: arm64 - purpose: prod - env: &mac_env - CIRRUS_SHELL: "/bin/bash" # sh is the default - CIRRUS_WORKING_DIR: "$HOME/ci/task-${CIRRUS_TASK_ID}" # Isolation: $HOME will be set to "ci" dir. - # Prevent cache-pollution fron one task to the next. - GOPATH: "$CIRRUS_WORKING_DIR/.go" - GOCACHE: "$CIRRUS_WORKING_DIR/.go/cache" - GOENV: "$CIRRUS_WORKING_DIR/.go/support" - GOSRC: "$HOME/ci/task-${CIRRUS_TASK_ID}" - clone_script: *full_clone - # This host is/was shared with potentially many other CI tasks. - # The previous task may have been canceled or aborted. - prep_script: &mac_cleanup "contrib/cirrus/mac_cleanup.sh" - lint_script: - - make golangci-lint - basic_build_script: - - make .install.ginkgo - - make podman-remote - - make podman-mac-helper - build_pkginstaller_script: - - pushd contrib/pkginstaller - - make ARCH=aarch64 NO_CODESIGN=1 pkginstaller - - popd - # Building arm podman needs to be the last thing built in this task - # The Mac tests rely this Podman binary to run, and the CI Mac is ARM-based - build_arm64_script: - - make podman-remote-release-darwin_arm64.zip - # Produce a new repo.tar.zst artifact for consumption by dependent tasks. - repo_prep_script: *repo_prep - repo_artifacts: *repo_artifacts - # This host is/was shared with potentially many other CI tasks. - # Ensure nothing is left running while waiting for the next task. - always: - task_cleanup_script: *mac_cleanup - - -# Build freebsd release natively on a FreeBSD VM. -freebsd_alt_build_task: - name: "FreeBSD Cross" - alias: freebsd_alt_build - # Only run on 'main' and PRs against 'main' - # Docs: ./contrib/cirrus/CIModes.md - only_if: $CIRRUS_BRANCH == 'main' || $CIRRUS_BASE_BRANCH == 'main' - env: - <<: *stdenvars - # Functional FreeBSD builds must be built natively since they depend on CGO - DISTRO_NV: freebsd-13 - VM_IMAGE_NAME: notyet - CTR_FQIN: notyet - CIRRUS_SHELL: "/bin/sh" - TEST_FLAVOR: "altbuild" - ALT_NAME: 'FreeBSD Cross' - freebsd_instance: - image_family: freebsd-14-3 - # golangci-lint is a very, very hungry beast. - cpu: 4 - memory: 8Gb - setup_script: - - pkg install -y gpgme bash go-md2man gmake gsed gnugrep go pkgconf zstd - - go version # Downloads a new go version based on go.mod's go directive. - golint_cache: - folder: ~/.cache/golangci-lint - fingerprint_script: *golangci_cache_fingerprint - lint_script: - - gmake golangci-lint - build_amd64_script: - - gmake podman-release - # This task cannot make use of the shared repo.tar.zst artifact and must - # produce a new repo.tar.zst artifact for consumption by 'artifacts' task. - repo_prep_script: *repo_prep - repo_artifacts: *repo_artifacts - - -# Status aggregator for all builds. This task simply makes dependency -# management easier, and results in a simpler graph that using YAML -# anchors/aliases. -build_success_task: - name: "Total Build Success" - alias: build_success - depends_on: - - validate-source - - build - - build_aarch64 - - alt_build - - osx_alt_build - - freebsd_alt_build - env: - CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - container: &smallcontainer - image: ${CTR_FQIN} - # Resources are limited across ALL currently executing tasks - # ref: https://cirrus-ci.org/guide/linux/#linux-containers - cpu: 1 - memory: 1 - clone_script: &noop mkdir -p "$CIRRUS_WORKING_DIR" - script: *noop - - -# Exercise the "libpod" API with a small set of common -# operations to ensure they are functional. -bindings_task: - name: "Test Bindings" - alias: bindings - # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) - # only when: - main rules (see doc above); or - # - bindings test code is changed; or - # - actual source code changed - only_if: >- - $CIRRUS_PR == '' || - $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || - changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || - changesInclude('pkg/bindings/test/**') || - (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) - depends_on: &build - - build_success - gce_instance: &standardvm - <<: *fastvm - cpu: 2 - env: - <<: *stdenvars - TEST_FLAVOR: bindings - TEST_BUILD_TAGS: "" - # N/B: This script depends on ${DISTRO_NV} being defined for the task. - clone_script: &get_gosrc | - cd /tmp - echo "$ARTCURL/Build%20for%20${DISTRO_NV}/repo/repo.tar.zst" - time $ARTCURL/Build%20for%20${DISTRO_NV}/repo/repo.tar.zst - time tar -xf /tmp/repo.tar.zst -C $GOSRC - setup_script: *setup - main_script: *main - always: &logs_artifacts - <<: *runner_stats - # Required for `contrib/cirrus/logformatter` to work properly - html_artifacts: - path: ./*.html - type: text/html - server_log_artifacts: - path: ./podman-server.log - type: text/plain - cleanup_tracer_artifacts: - path: ./podman-cleanup-tracer.log - type: text/plain - df_script: '$SCRIPT_BASE/logcollector.sh df' - audit_log_script: '$SCRIPT_BASE/logcollector.sh audit' - journal_script: '$SCRIPT_BASE/logcollector.sh journal' - podman_system_info_script: '$SCRIPT_BASE/logcollector.sh podman' - time_script: '$SCRIPT_BASE/logcollector.sh time' - - -# Build the "libpod" API documentation `swagger.yaml` and -# publish it to google-cloud-storage (GCS). -swagger_task: - name: "Test Swagger" - alias: swagger - depends_on: *build - gce_instance: *standardvm - env: - <<: *stdenvars - TEST_FLAVOR: swagger - CTR_FQIN: 'quay.io/libpod/gcsupld:${IMAGE_SUFFIX}' - GCPJSON: ENCRYPTED[927dc01e755eaddb4242b0845cf86c9098d1e3dffac38c70aefb1487fd8b4fe6dd6ae627b3bffafaba70e2c63172664e] - GCPNAME: ENCRYPTED[c145e9c16b6fb88d476944a454bf4c1ccc84bb4ecaca73bdd28bdacef0dfa7959ebc8171a27b2e4064d66093b2cdba49] - GCPPROJECT: 'libpod-218412' - TEST_BUILD_TAGS: "" - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: - <<: *runner_stats - swagger_artifacts: - path: ./swagger.yaml - type: text/plain - - -win_installer_task: - name: "Verify Win Installer Build" - matrix: - - env: - CONTAINERS_MACHINE_PROVIDER: 'wsl' - - env: - CONTAINERS_MACHINE_PROVIDER: 'hyperv' - alias: win_installer - only_if: *no_rhel_release - depends_on: *build - ec2_instance: &windows - image: "${WINDOWS_AMI}" - type: m5.large - region: us-east-1 - platform: windows - env: &winenv - CIRRUS_WORKING_DIR: &wincwd "${LOCALAPPDATA}\\cirrus-ci-build" - CIRRUS_SHELL: powershell - PATH: "${PATH};C:\\ProgramData\\chocolatey\\bin" - DISTRO_NV: "windows" - PRIV_NAME: "rootless" - # Fake version, we are only testing the installer functions, so version doesn't matter - WIN_INST_VER: 9.9.9 - # It's HIGHLY desireable to use the same binary throughout CI. Otherwise, if - # there's a toolchain or build-environment specific problem, it can be incredibly - # difficult (and non-obvious) to debug. - clone_script: &winclone | - $ErrorActionPreference = 'Stop' - $ProgressPreference = 'SilentlyContinue' - New-Item -ItemType Directory -Force -Path "$ENV:CIRRUS_WORKING_DIR" - Set-Location "$ENV:CIRRUS_WORKING_DIR" - $uri = "${ENV:ART_URL}/Windows Cross/repo/repo.tar.zst" - Write-Host "Downloading $uri" - For($i = 0;;) { - Try { - Invoke-WebRequest -UseBasicParsing -ErrorAction Stop -OutFile "repo.tar.zst" ` - -Uri "$uri" - Break - } Catch { - if (++$i -gt 6) { - throw $_.Exception - } - Write-Host "Download failed - retrying:" $_.Exception.Response.StatusCode - Start-Sleep -Seconds 10 - } - } - Write-Host "zstd -d repo.tar.zst" - zstd -d repo.tar.zst - if ($LASTEXITCODE -ne 0) { - throw "Extract repo.tar.zst failed" - Exit 1 - } - Write-Host "arc unarchive repo.tar .\" - arc unarchive repo.tar .\repo - if ($LASTEXITCODE -ne 0) { - throw "Unarchive repo.tar failed" - Exit 1 - } - Get-ChildItem -Path . - Get-ChildItem -Path .\repo - main_script: ".\\repo\\contrib\\cirrus\\win-installer-main.ps1" - - -# Verify podman is compatible with the docker python-module. -docker-py_test_task: - name: Docker-py Compat. - alias: docker-py_test - # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) - # only when: - main rules (see doc above); or - # - docker-py test code is changed; or - # - actual source code changed - only_if: >- - $CIRRUS_PR == '' || - $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || - changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || - changesInclude('test/python/**') || - (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) - depends_on: *build - gce_instance: *standardvm - env: - <<: *stdenvars - TEST_FLAVOR: docker-py - TEST_ENVIRON: container - TEST_BUILD_TAGS: "" - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: *runner_stats - - -# Does exactly what it says, execute the podman unit-tests on Fedora. -unit_test_task: - name: "Unit tests on $DISTRO_NV" - alias: unit_test - # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) - # only when: - main rules (see doc above); or - # - unit test files are changed (contains a false positves such as test/e2e/ - # but that should not be an issue, it only runs when it doesn't have to) - # - actual source code changed - only_if: >- - $CIRRUS_PR == '' || - $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || - changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || - changesInclude('**/*_test.go') || - (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) - depends_on: *build - matrix: - - env: *stdenvars - # Special-case: Rootless on latest Fedora (standard) VM - - name: "Rootless unit on $DISTRO_NV" - env: - <<: *stdenvars - PRIV_NAME: rootless - gce_instance: *standardvm - env: - TEST_FLAVOR: unit - TEST_BUILD_TAGS: "" - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: *logs_artifacts - - -unit_test_windows_task: - name: "Unit tests on Windows" - alias: unit_test_windows - # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) - # only when: - main rules (see doc above); or - # - unit test files are changed (contains a false positves such as test/e2e/ - # but that should not be an issue, it only runs when it doesn't have to) - # - actual source code changed - only_if: >- - $CIRRUS_PR == '' || - $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || - changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || - changesInclude('winmake.ps1') || - changesInclude('**/*_test.go') || - (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) - # Special case, we do not run macos/windows builds on rhel branches. - # Thus the machine task should not be run too, while we use only_if - # everywhere to do so here it would mean we would need duplicate the - # full big only_if condition which is more difficult to maintain so - # use the skip here. - skip: &skip_rhel_release | - $CIRRUS_BRANCH =~ 'v[0-9\.]+-rhel' || - $CIRRUS_BASE_BRANCH =~ 'v[0-9\.]+-rhel' - depends_on: *build - ec2_instance: *windows - timeout_in: 20m - env: - <<: *winenv - TEST_FLAVOR: unit - clone_script: *winclone - main_script: ".\\repo\\contrib\\cirrus\\win-unit-main.ps1" - always: - # Required for `contrib/cirrus/logformatter` to work properly - html_artifacts: - path: ./*.html - type: text/html - - -apiv2_test_task: - name: "APIv2 test on $DISTRO_NV ($PRIV_NAME)" - alias: apiv2_test - # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) - # only when: - main rules (see doc above); or - # - apiv2 test code is changed; or - # - actual source code changed - only_if: >- - $CIRRUS_PR == '' || - $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || - changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || - changesInclude('test/apiv2/**', 'test/python/**') || - (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) - depends_on: *build - gce_instance: *standardvm - env: - <<: *stdenvars - TEST_FLAVOR: apiv2 - TEST_BUILD_TAGS: "" - matrix: - - env: - PRIV_NAME: root - - env: - PRIV_NAME: rootless - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: *logs_artifacts - - -compose_test_task: - name: "$TEST_FLAVOR test on $DISTRO_NV ($PRIV_NAME)" - alias: compose_test - # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) - # only when: - main rules (see doc above); or - # - compose test code is changed; or - # - actual source code changed - only_if: >- - $CIRRUS_PR == '' || - $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || - changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || - changesInclude('test/compose/**') || - (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) - depends_on: *build - gce_instance: *standardvm - matrix: - - env: - PRIV_NAME: root - - env: - PRIV_NAME: rootless - env: - <<: *stdenvars - TEST_FLAVOR: compose_v2 - TEST_BUILD_TAGS: "" - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: *logs_artifacts - - -# versions, as root, without involving the podman-remote client. -local_integration_test_task: &local_integration_test_task - # Integration-test task name convention: - # - name: &std_name_fmt "$TEST_FLAVOR $PODBIN_NAME $DISTRO_NV $PRIV_NAME $TEST_ENVIRON" - alias: local_integration_test - # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) - # only when: - main rules (see doc above); or - # - int test code is changed; or - # - actual source code changed - only_if: &only_if_int_test >- - $CIRRUS_PR == '' || - $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || - changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || - changesInclude('test/e2e/**', 'test/utils/**') || - (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) - depends_on: *build - matrix: *platform_axis - # integration tests scale well with cpu as they are parallelized - # so we give these tests 4 cores to make them faster - gce_instance: *fastvm - env: - TEST_FLAVOR: int - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: &int_logs_artifacts - <<: *logs_artifacts - ginkgo_node_logs_artifacts: - path: ./test/e2e/ginkgo-node-*.log - type: text/plain - - -# Nearly identical to `local_integration_test` except all operations -# are performed through the podman-remote client vs a podman "server" -# running on the same host. -remote_integration_test_task: - <<: *local_integration_test_task - alias: remote_integration_test - env: - TEST_FLAVOR: int - PODBIN_NAME: remote - - -# Run the complete set of integration tests from inside a container. -# This verifies all/most operations function with "podman-in-podman". -container_integration_test_task: - name: *std_name_fmt - alias: container_integration_test - # Docs: ./contrib/cirrus/CIModes.md - only_if: *only_if_int_test - depends_on: *build - matrix: &fedora_vm_axis - - env: - DISTRO_NV: ${FEDORA_NAME} - VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} - CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - gce_instance: *fastvm - env: - TEST_FLAVOR: int - TEST_ENVIRON: container - TEST_BUILD_TAGS: "" - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: *int_logs_artifacts - - -# Execute most integration tests as a regular (non-root) user. -rootless_integration_test_task: - name: *std_name_fmt - alias: rootless_integration_test - # Docs: ./contrib/cirrus/CIModes.md - only_if: *only_if_int_test - depends_on: *build - matrix: *platform_axis - gce_instance: *fastvm - env: - TEST_FLAVOR: int - PRIV_NAME: rootless - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: *int_logs_artifacts - - -podman_machine_task: - name: *std_name_fmt - alias: podman_machine - # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) - # only when: - main rules (see doc above); or - # - machine code files are changed - only_if: &only_if_machine_test >- - $CIRRUS_PR == '' || - $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || - changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || - changesInclude('cmd/podman/machine/**', 'pkg/machine/**', '**/*machine*.go') - depends_on: *build - ec2_instance: - image: "${VM_IMAGE_NAME}" - type: "${EC2_INST_TYPE}" - region: us-east-1 - timeout_in: 30m - env: - EC2_INST_TYPE: "m5zn.metal" # Bare-metal instance is required - TEST_FLAVOR: "machine-linux" - TEST_BUILD_TAGS: "" - PRIV_NAME: "rootless" # intended use-case - DISTRO_NV: "${FEDORA_NAME}" - VM_IMAGE_NAME: "${FEDORA_AMI}" - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: *int_logs_artifacts - - -podman_machine_aarch64_task: - name: *std_name_fmt - alias: podman_machine_aarch64 - only_if: *only_if_machine_test - depends_on: *build - ec2_instance: - <<: *standard_build_ec2_aarch64 - timeout_in: 40m - env: - TEST_FLAVOR: "machine-linux" - TEST_BUILD_TAGS: "" - EC2_INST_TYPE: c6g.metal - PRIV_NAME: "rootless" # intended use-case - DISTRO_NV: "${FEDORA_AARCH64_NAME}" - VM_IMAGE_NAME: "${FEDORA_AARCH64_AMI}" - clone_script: &get_gosrc_aarch64 | - cd /tmp - echo "$ARTCURL/build_aarch64/repo/repo.tar.zst" - time $ARTCURL/build_aarch64/repo/repo.tar.zst - time tar -xf /tmp/repo.tar.zst -C $GOSRC - setup_script: *setup - main_script: *main - always: *int_logs_artifacts - - -podman_machine_windows_task: - name: *std_name_fmt - alias: podman_machine_windows - allow_failures: $TEST_FLAVOR == 'machine-wsl' - # Docs: ./contrib/cirrus/CIModes.md - # Duplicated from the main linux machine task as we also must match winmake.ps1 here since that is used on windows. - only_if: >- - $CIRRUS_PR == '' || - $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || - changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || - changesInclude('winmake.ps1') || - changesInclude('cmd/podman/machine/**', 'pkg/machine/**', '**/*machine*.go') - # Special case, we do not run macos/windows builds on rhel branches. - # Thus the machine task should not be run too, while we use only_if - # everywhere to do so here it would mean we would need duplicate the - # full big only_if condition which is more difficult to maintain so - # use the skip here. - skip: *skip_rhel_release - depends_on: *build - ec2_instance: - <<: *windows - type: z1d.metal - platform: windows - timeout_in: 60m - env: *winenv - matrix: - - env: - TEST_FLAVOR: "machine-wsl" - - env: - TEST_FLAVOR: "machine-hyperv" - clone_script: *winclone - # This depends on an instance with an local NVMe storage so we can make use of fast IO - # Our machine tests are IO bound so this is rather imporant to speed them up a lot. - setup_disk_script: | - echo "Get-Disk" - Get-Disk | Ft -autosize | out-string -width 4096 - # Hard coded to disk 0, assume that this is always the case for our ec2 instance. - # It is not clear to me how I would filter by name because we still have two disks - # with the same name. - echo "Format and mount disk 0" - $disk = Get-Disk 0 - $disk | Initialize-Disk -PartitionStyle MBR - $disk | New-Partition -UseMaximumSize -MbrType IFS - $Partition = Get-Partition -DiskNumber $disk.Number - $Partition | Format-Volume -FileSystem NTFS -Confirm:$false - $Partition | Add-PartitionAccessPath -AccessPath "Z:\" - echo "Get-Volume" - Get-Volume - main_script: ".\\repo\\contrib\\cirrus\\win-podman-machine-main.ps1" - always: - wsl_logs_artifacts: - path: ./*.zip - # Required for `contrib/cirrus/logformatter` to work properly - html_artifacts: - path: ./*.html - type: text/html - - -podman_machine_mac_task: - name: *std_name_fmt - alias: podman_machine_mac - only_if: *only_if_machine_test - skip: *skip_rhel_release - depends_on: *build - persistent_worker: *mac_pw - timeout_in: 60m - env: - <<: *mac_env - DISTRO_NV: "darwin" - PRIV_NAME: "rootless" # intended use-case - matrix: - - env: - # See contrib/cirrus/mac_runner.sh - TEST_FLAVOR: "machine-applehv" - - env: - # See contrib/cirrus/mac_runner.sh - TEST_FLAVOR: "machine-libkrun" - clone_script: # artifacts from osx_alt_build_task - - mkdir -p $CIRRUS_WORKING_DIR - - cd $CIRRUS_WORKING_DIR - - $ARTCURL/Build%20for%20MacOS%20arm64/repo/repo.tar.zst - - tar -xf repo.tar.zst - # This host is/was shared with potentially many other CI tasks. - # The previous task may have been canceled or aborted. - prep_script: *mac_cleanup - setup_script: "contrib/cirrus/mac_setup.sh" - env_script: "contrib/cirrus/mac_env.sh" - # TODO: Timeout bumped b/c initial image download (~5min) and VM - # resize (~2min) causes test-timeout (90s default). Should - # tests deal with this internally? - test_script: - - "contrib/cirrus/mac_runner.sh" - # This host is/was shared with potentially many other CI tasks. - # Ensure nothing is left running while waiting for the next task. - always: - # Required for `contrib/cirrus/logformatter` to work properly - html_artifacts: - path: ./*.html - type: text/html - task_cleanup_script: *mac_cleanup - - -# Always run subsequent to integration tests. While parallelism is lost -# with runtime, debugging system-test failures can be more challenging -# for some golang developers. Otherwise the following tasks run across -# the same matrix as the integration-tests (above). -local_system_test_task: &local_system_test_task - name: *std_name_fmt - alias: local_system_test - # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) - # only when: - main rules (see doc above); or - # - sys test code is changed; or - # - actual source code changed - only_if: &only_if_system_test >- - $CIRRUS_PR == '' || - $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || - changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || - changesInclude('test/system/**') || - (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) - depends_on: *build - matrix: *platform_axis - gce_instance: *fastvm - timeout_in: 25m - env: - TEST_FLAVOR: sys - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: *logs_artifacts - - -local_system_test_aarch64_task: &local_system_test_task_aarch64 - name: *std_name_fmt - alias: local_system_test_aarch64 - # Docs: ./contrib/cirrus/CIModes.md - only_if: *only_if_system_test - depends_on: *build - ec2_instance: *standard_build_ec2_aarch64 - timeout_in: 35m - env: - <<: *stdenvars_aarch64 - TEST_FLAVOR: sys - TEST_BUILD_TAGS: "" - DISTRO_NV: ${FEDORA_AARCH64_NAME} - clone_script: *get_gosrc_aarch64 - setup_script: *setup - main_script: *main - always: *logs_artifacts - - -remote_system_test_task: - <<: *local_system_test_task - alias: remote_system_test - env: - TEST_FLAVOR: sys - PODBIN_NAME: remote - - -remote_system_test_aarch64_task: - <<: *local_system_test_task_aarch64 - alias: remote_system_test_aarch64 - env: - TEST_FLAVOR: sys - PODBIN_NAME: remote - - -rootless_remote_system_test_task: - matrix: - # Minimal sanity testing: only the latest Fedora - - env: - DISTRO_NV: ${FEDORA_NAME} - # Not used here, is used in other tasks - VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} - CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - <<: *local_system_test_task - alias: rootless_remote_system_test - gce_instance: *fastvm - timeout_in: 25m - env: - TEST_FLAVOR: sys - PODBIN_NAME: remote - PRIV_NAME: rootless - - -rootless_system_test_task: - name: *std_name_fmt - alias: rootless_system_test - # Docs: ./contrib/cirrus/CIModes.md - only_if: *only_if_system_test - depends_on: *build - matrix: *platform_axis - gce_instance: *fastvm - timeout_in: 25m - env: - TEST_FLAVOR: sys - PRIV_NAME: rootless - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: *logs_artifacts - - -farm_test_task: - name: *std_name_fmt - alias: farm_test - # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) - # only when: - main rules (see doc above); or - # - farm test code is changed or one of the shared helper import files from the system test; or - # - actual source code changed - only_if: >- - $CIRRUS_PR == '' || - $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || - changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || - changesInclude('test/farm/**', 'test/system/*.bash') || - (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) - depends_on: *build - gce_instance: *standardvm - env: - <<: *stdenvars - TEST_FLAVOR: farm - TEST_BUILD_TAGS: "" - PRIV_NAME: rootless - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: *logs_artifacts - -buildah_bud_test_task: - name: *std_name_fmt - alias: buildah_bud_test - # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) - # only when: - main rules (see doc above); or - # - podman build source code files or bud tests files are changed - # (vendor updates, i.e. buildah, are already covered in the main rules) - only_if: >- - $CIRRUS_PR == '' || - $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || - changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || - changesInclude('**/*build*.go', 'test/buildah-bud/**') - depends_on: *build - env: - <<: *stdenvars - TEST_FLAVOR: bud - TEST_BUILD_TAGS: "" - matrix: - - env: - PODBIN_NAME: podman - - env: - PODBIN_NAME: remote - gce_instance: *fastvm - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: *int_logs_artifacts - -upgrade_test_task: - name: "Upgrade test: from $PODMAN_UPGRADE_FROM" - alias: upgrade_test - # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) - # only when: - main rules (see doc above); or - # - upgrade test code is changed or one of the shared helper import files from the system test; or - # - actual source code changed - only_if: >- - $CIRRUS_PR == '' || - $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || - changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || - changesInclude('test/upgrade/**', 'test/system/*.bash') || - (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) - depends_on: *build - matrix: - - env: - PODMAN_UPGRADE_FROM: v5.3.1 - - env: - PODMAN_UPGRADE_FROM: v5.6.2 - gce_instance: *standardvm - env: - TEST_FLAVOR: upgrade_test - TEST_BUILD_TAGS: "" - DISTRO_NV: ${FEDORA_NAME} - VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: *logs_artifacts - - -# This task is critical. It updates the "last-used by" timestamp stored -# in metadata for all VM images. This mechanism functions in tandem with -# an out-of-band pruning operation to remove disused VM images. -meta_task: - name: "VM img. keepalive" - alias: meta - container: - cpu: 2 - memory: 2 - image: quay.io/libpod/imgts:latest - env: - # Space-separated list of images used by this repository state - IMGNAMES: >- - ${FEDORA_CACHE_IMAGE_NAME} - ${PRIOR_FEDORA_CACHE_IMAGE_NAME} - ${RAWHIDE_CACHE_IMAGE_NAME} - ${DEBIAN_CACHE_IMAGE_NAME} - EC2IMGNAMES: >- - ${FEDORA_AARCH64_AMI} - ${FEDORA_AMI} - ${WINDOWS_AMI} - BUILDID: "${CIRRUS_BUILD_ID}" - REPOREF: "${CIRRUS_REPO_NAME}" - AWSINI: ENCRYPTED[a53616be7cafc6883ac619a26eda7bbd9f20ae99a9f9fe99137b18d780bde89bed7941e791e64d6e6b4d971011ca1d28] - GCPJSON: ENCRYPTED[3a198350077849c8df14b723c0f4c9fece9ebe6408d35982e7adf2105a33f8e0e166ed3ed614875a0887e1af2b8775f4] - GCPNAME: ENCRYPTED[2f9738ef295a706f66a13891b40e8eaa92a89e0e87faf8bed66c41eca72bf76cfd190a6f2d0e8444c631fdf15ed32ef6] - GCPPROJECT: libpod-218412 - clone_script: *noop - script: /usr/local/bin/entrypoint.sh - - -# Status aggregator for all tests. This task ensures a defined set of tasks -# all passed, and allows confirming that based on the status of this task. -success_task: - # N/B: The prow merge-bot (tide) is sensitized to this exact name, DO NOT CHANGE IT. - # Ref: https://github.com/openshift/release/pull/48855 - name: "Total Success" - alias: success - # N/B: ALL tasks must be listed here, minus their '_task' suffix. - depends_on: - - build_success - - bindings - - swagger - - win_installer - - docker-py_test - - unit_test - - unit_test_windows - - apiv2_test - - compose_test - - local_integration_test - - remote_integration_test - - container_integration_test - - rootless_integration_test - - podman_machine - - podman_machine_aarch64 - - podman_machine_windows - - podman_machine_mac - - local_system_test - - local_system_test_aarch64 - - remote_system_test - - remote_system_test_aarch64 - - rootless_remote_system_test - - rootless_system_test - - farm_test - - buildah_bud_test - - upgrade_test - - meta - env: - CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - container: *smallcontainer - clone_script: *noop - script: *noop - -# WARNING: Most of the artifacts captured here are also have their -# permalinks present in the `DOWNLOADS.md` file. Any changes made -# here, should probably be reflected in that document. -artifacts_task: - name: "Artifacts" - alias: artifacts - # Docs: ./contrib/cirrus/CIModes.md - only_if: *no_rhel_release - depends_on: - - success - # This task is a secondary/convenience for downstream consumers, don't - # block development progress if there is a failure in a PR, only break - # when running on branches or tags. - allow_failures: $CIRRUS_PR != '' - container: *smallcontainer - env: - CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - TEST_ENVIRON: container - # In order to keep the download URL and Cirrus-CI artifact.zip contents - # simple, nothing should exist in $CIRRUS_WORKING_DIR except for artifacts. - clone_script: *noop - fedora_binaries_script: - - mkdir -p /tmp/fed - - cd /tmp/fed - - $ARTCURL/Build%20for%20${FEDORA_NAME}/repo/repo.tar.zst - - tar -xf repo.tar.zst - - cp ./bin/* $CIRRUS_WORKING_DIR/ - win_binaries_script: - - mkdir -p /tmp/win - - cd /tmp/win - - $ARTCURL/Windows%20Cross/repo/repo.tar.zst - - tar -xf repo.tar.zst - - mv ./podman-remote*.zip $CIRRUS_WORKING_DIR/ - osx_binaries_script: - - mkdir -p /tmp/osx - - cd /tmp/osx - - $ARTCURL/Build%20for%20MacOS%20arm64/repo/repo.tar.zst - - tar -xf repo.tar.zst - - mv ./podman-remote-release-darwin_*.zip $CIRRUS_WORKING_DIR/ - - mv ./contrib/pkginstaller/out/podman-installer-macos-*.pkg $CIRRUS_WORKING_DIR/ - always: - contents_script: ls -la $CIRRUS_WORKING_DIR - # Produce downloadable files and an automatic zip-file accessible - # by a consistent URL, based on contents of $CIRRUS_WORKING_DIR - # Ref: https://cirrus-ci.org/guide/writing-tasks/#latest-build-artifacts - binary_artifacts: - path: ./* - type: application/octet-stream - - -# When a new tag is pushed, confirm that the code and commits -# meet criteria for an official release. -release_task: - name: "Verify Release" - alias: release - # This should _only_ run for new tags - # Docs: ./contrib/cirrus/CIModes.md - only_if: $CIRRUS_TAG != '' - depends_on: - - build_success - - success - gce_instance: *standardvm - env: - <<: *stdenvars - TEST_FLAVOR: release - TEST_BUILD_TAGS: "" - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - - -# When preparing to release a new version, this task may be manually -# activated at the PR stage to verify the build is proper for a potential -# podman release. -# -# Note: This cannot use a YAML alias on 'release_task' as of this -# comment, it is incompatible with 'trigger_type: manual' -release_test_task: - name: "Optional Release Test" - alias: release_test - # Release-PRs always include "release" or "Bump" in the title - # Docs: ./contrib/cirrus/CIModes.md - only_if: $CIRRUS_CHANGE_TITLE =~ '.*((release)|(bump)).*' - # Allow running manually only as part of release-related builds - # see RELEASE_PROCESS.md - trigger_type: manual - depends_on: - - build_success - - success - gce_instance: *standardvm - env: - <<: *stdenvars - TEST_FLAVOR: release - TEST_BUILD_TAGS: "" - clone_script: *get_gosrc - setup_script: *setup - main_script: *main +--- + +# Main collection of env. vars to set for all tasks and scripts. +env: + #### + #### Global variables used for all tasks + #### + # Sane (default) value for GOPROXY and GOSUMDB. + GOPROXY: "https://proxy.golang.org,direct" + GOSUMDB: "sum.golang.org" + # Overrides default location (/tmp/cirrus) for repo clone + GOPATH: &gopath "/var/tmp/go" + GOCACHE: "${GOPATH}/cache" + GOSRC: &gosrc "/var/tmp/go/src/github.com/containers/podman" + CIRRUS_WORKING_DIR: *gosrc + # The default is 'sh' if unspecified + CIRRUS_SHELL: "/bin/bash" + # Save a little typing (path relative to $CIRRUS_WORKING_DIR) + SCRIPT_BASE: "./contrib/cirrus" + # Runner statistics log file path/name + STATS_LOGFILE_SFX: 'runner_stats.log' + STATS_LOGFILE: '$GOSRC/${CIRRUS_TASK_NAME}-${STATS_LOGFILE_SFX}' + + #### + #### Cache-image names to test with (double-quotes around names are critical) + #### + FEDORA_NAME: "fedora-42" + FEDORA_AARCH64_NAME: "${FEDORA_NAME}-aarch64" + PRIOR_FEDORA_NAME: "fedora-41" + RAWHIDE_NAME: "rawhide" + DEBIAN_NAME: "debian-14" + + # Image identifiers + IMAGE_SUFFIX: "c20251120t131229z-f42f41d14" + + # EC2 images + FEDORA_AMI: "fedora-aws-${IMAGE_SUFFIX}" + FEDORA_AARCH64_AMI: "fedora-podman-aws-arm64-${IMAGE_SUFFIX}" + # GCP Images + FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" + PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}" + RAWHIDE_CACHE_IMAGE_NAME: "rawhide-${IMAGE_SUFFIX}" + DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}" + # Container FQIN's + FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}" + PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}" + WINDOWS_AMI: "win-server-wsl-${IMAGE_SUFFIX}" + #### + #### Control variables that determine what to run and how to run it. + #### N/B: Required ALL of these are set for every single task. + #### + TEST_FLAVOR: # int, sys, ext_svc, validate, automation, etc. + TEST_ENVIRON: host # 'host', or 'container'. + PODBIN_NAME: podman # 'podman' or 'remote' + PRIV_NAME: root # 'root' or 'rootless' + DISTRO_NV: # any {PRIOR_,}{FEDORA,DEBIAN}_NAME value + VM_IMAGE_NAME: # One of the "Google-cloud VM Images" (above) + CTR_FQIN: # One of the "Container FQIN's" (above) + CI_DESIRED_RUNTIME: crun # As of 2024-05-28 there are no other supported runtimes + CI_DESIRED_STORAGE: overlay # overlay, vfs, or composefs (which is actually overlay) + + # Curl-command prefix for downloading task artifacts, simply add the + # the url-encoded task name, artifact name, and path as a suffix. + ART_URL: https://api.cirrus-ci.com/v1/artifact/build/${CIRRUS_BUILD_ID} + ARTCURL: >- + curl --retry 5 --retry-delay 8 --fail --location -O + --url ${ART_URL} + + +# Default timeout for each task +timeout_in: 20m + + +gcp_credentials: ENCRYPTED[a28959877b2c9c36f151781b0a05407218cda646c7d047fc556e42f55e097e897ab63ee78369dae141dcf0b46a9d0cdd] + +aws_credentials: ENCRYPTED[b4127fef212e5bc38dd3d96eff17440f2c62d6d04219fa97fa7acdcd81475352e70a34863705b5e01289fdc4012d5ee2] + + +validate-source_task: + name: "Validate source code changes" + skip: true + alias: validate-source + # This task is primarily intended to catch human-errors early on, in a + # PR context. Skip running it everywhere else. + only_if: &is_pr "$CIRRUS_PR != ''" + gce_instance: + image_project: libpod-218412 + zone: "us-central1-a" + # golangci-lint is a very, very hungry beast. + cpu: 8 + memory: "16Gb" + # Required to be 200gig, do not modify - has i/o performance impact + # according to gcloud CLI tool warning messages. + disk: 200 + image_name: "${FEDORA_CACHE_IMAGE_NAME}" # from stdenvars + env: + TEST_FLAVOR: validate-source + TEST_BUILD_TAGS: "" + # NOTE: The default way Cirrus-CI clones is *NOT* compatible with + # environment expectations in contrib/cirrus/lib.sh. Specifically + # the 'origin' remote must be defined, and all remote branches/tags + # must be available for reference from CI scripts. + clone_script: &full_clone | + set -exo pipefail + cd / + rm -rf $CIRRUS_WORKING_DIR + mkdir -p $CIRRUS_WORKING_DIR + if [[ -z "$CIRRUS_PR" ]]; then + DEST_BRANCH="$CIRRUS_BRANCH" + else + DEST_BRANCH="$CIRRUS_BASE_BRANCH" + fi + git clone --recursive --branch=$DEST_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR + cd $CIRRUS_WORKING_DIR + git remote update origin + if [[ -n "$CIRRUS_PR" ]]; then # running for a PR + git fetch origin pull/$CIRRUS_PR/head:pull/$CIRRUS_PR + git checkout pull/$CIRRUS_PR + else + git reset --hard $CIRRUS_CHANGE_IN_REPO + fi + # Standard setup stage call, used by nearly every task in CI. + setup_script: &setup '$GOSRC/$SCRIPT_BASE/setup_environment.sh' + golangci-lint_cache: + folder: /root/.cache/golangci-lint + fingerprint_script: &golangci_cache_fingerprint + - go version + - grep GOLANGCI_LINT_VERSION Makefile | head -1 + - date +%U + # Standard main execution stage call, used by nearly every task in CI. + main_script: &main '/usr/bin/time --verbose --output="$STATS_LOGFILE" $GOSRC/$SCRIPT_BASE/runner.sh' + + +# N/B: This matrix of build tasks are critical to CI, along with the following +# aarch64 task. They build binaries for all CI platforms, and versions. On +# success, the contents of the repository are preserved as an artifact for +# consumption by most subsequent CI tasks. This saves about 3-5 minutes of +# otherwise duplicative effort in most tasks. +build_task: + alias: 'build' + skip: true + name: 'Build for $DISTRO_NV' # N/B: Referenced by URLencoded strings elsewhere + gce_instance: &fastvm + image_project: libpod-218412 + zone: "us-central1-a" + cpu: 4 + memory: "4Gb" + # Required to be 200gig, do not modify - has i/o performance impact + # according to gcloud CLI tool warning messages. + disk: 200 + image_name: "${VM_IMAGE_NAME}" # from stdenvars + matrix: &platform_axis + # Ref: https://cirrus-ci.org/guide/writing-tasks/#matrix-modification + - env: &stdenvars + DISTRO_NV: ${FEDORA_NAME} + TEST_BUILD_TAGS: "" + # Not used here, is used in other tasks + VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} + CTR_FQIN: ${FEDORA_CONTAINER_FQIN} + - env: + DISTRO_NV: ${PRIOR_FEDORA_NAME} + TEST_BUILD_TAGS: "" + VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME} + CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN} + CI_DESIRED_STORAGE: vfs + - env: + <<: *stdenvars + DISTRO_NV: ${RAWHIDE_NAME} + TEST_BUILD_TAGS: "containers_image_sequoia" + VM_IMAGE_NAME: ${RAWHIDE_CACHE_IMAGE_NAME} + CI_DESIRED_STORAGE: composefs + CTR_FQIN: "" + - env: + DISTRO_NV: ${DEBIAN_NAME} + TEST_BUILD_TAGS: "" + VM_IMAGE_NAME: ${DEBIAN_CACHE_IMAGE_NAME} + env: + TEST_FLAVOR: build + clone_script: *full_clone + # Attempt to prevent flakes by confirming basic environment expectations, + # network service connectivity and essential container image availability. + # TODO: Rename to "ci-sanity" and move into task that runs in parallel to build + prebuild_script: &prebuild $SCRIPT_BASE/prebuild.sh + setup_script: *setup + # Attempt to prevent flakes by confirming automation environment and + # all required external/3rd-party services are available and functional. + main_script: *main + # Attempt to catch code-quality and vendoring problems early. + postbuild_script: &postbuild $SCRIPT_BASE/postbuild.sh + # Cirrus-CI is very slow uploading one file at time, and the repo contains + # thousands of files. Speed this up by archiving into tarball first. + repo_prep_script: &repo_prep >- + tar --zstd -cf /tmp/repo.tar.zst -C $GOSRC . && mv /tmp/repo.tar.zst $GOSRC/ + repo_artifacts: &repo_artifacts + path: ./repo.tar.zst + type: application/octet-stream + always: &runner_stats + runner_stats_artifacts: + path: ./*-${STATS_LOGFILE_SFX} + type: text/plain + + +build_aarch64_task: + alias: 'build_aarch64' + skip: true + name: 'Build for $DISTRO_NV' + ec2_instance: &standard_build_ec2_aarch64 + image: ${VM_IMAGE_NAME} + type: ${EC2_INST_TYPE} + region: us-east-1 + architecture: arm64 # CAUTION: This has to be "arm64", not "aarch64". + env: &stdenvars_aarch64 + EC2_INST_TYPE: "t4g.xlarge" + DISTRO_NV: ${FEDORA_AARCH64_NAME} + VM_IMAGE_NAME: ${FEDORA_AARCH64_AMI} + CTR_FQIN: ${FEDORA_CONTAINER_FQIN} + TEST_FLAVOR: build + TEST_BUILD_TAGS: "" + clone_script: *full_clone + # TODO: Rename to "ci-sanity" and move into task that runs in parallel to build + prebuild_script: *prebuild + setup_script: *setup + postbuild_script: *postbuild + main_script: *main + # Cirrus-CI is very slow uploading one file at time, and the repo contains + # thousands of files. Speed this up by archiving into tarball first. + repo_prep_script: *repo_prep + repo_artifacts: *repo_artifacts + always: *runner_stats + + +# There are several other important variations of podman which +# must always build successfully. Most of them are handled in +# this task, though a few need dedicated tasks which follow. +alt_build_task: + name: "$ALT_NAME" + skip: false + alias: alt_build + # Don't create task on rhel-release builds + # Docs: ./contrib/cirrus/CIModes.md + only_if: &no_rhel_release | + $CIRRUS_BRANCH !=~ 'v[0-9\.]+-rhel' && + $CIRRUS_BASE_BRANCH !=~ 'v[0-9\.]+-rhel' + env: + <<: *stdenvars + TEST_FLAVOR: "altbuild" + TEST_BUILD_TAGS: "" + gce_instance: *fastvm + matrix: + # - env: + # ALT_NAME: 'Build Each Commit' + - env: + # TODO: Replace with task using `winmake` to build + # binary and archive installation zip file. + ALT_NAME: 'Windows Cross' # N/B: Referenced by URLencoded strings elsewhere + # - env: + # ALT_NAME: 'Alt Arch. x86 Cross' + # - env: + # ALT_NAME: 'Alt Arch. ARM Cross' + # - env: + # ALT_NAME: 'Alt Arch. MIPS Cross' + # - env: + # ALT_NAME: 'Alt Arch. MIPS64 Cross' + # - env: + # ALT_NAME: 'Alt Arch. Other Cross' + # This task cannot make use of the shared repo.tar.zst artifact. + clone_script: *full_clone + setup_script: *setup + main_script: *main + # Produce a new repo.tar.zst artifact for consumption by 'artifacts' task. + repo_prep_script: *repo_prep + repo_artifacts: *repo_artifacts + always: *runner_stats + + +# Confirm building the remote client, natively on a Mac OS-X VM. +osx_alt_build_task: + name: "Build for MacOS arm64" # N/B: Referenced by URLencoded strings elsewhere + skip: true + alias: osx_alt_build + # Docs: ./contrib/cirrus/CIModes.md + only_if: *no_rhel_release # RHEL never releases podman mac installer binary + persistent_worker: &mac_pw + labels: + os: darwin + arch: arm64 + purpose: prod + env: &mac_env + CIRRUS_SHELL: "/bin/bash" # sh is the default + CIRRUS_WORKING_DIR: "$HOME/ci/task-${CIRRUS_TASK_ID}" # Isolation: $HOME will be set to "ci" dir. + # Prevent cache-pollution fron one task to the next. + GOPATH: "$CIRRUS_WORKING_DIR/.go" + GOCACHE: "$CIRRUS_WORKING_DIR/.go/cache" + GOENV: "$CIRRUS_WORKING_DIR/.go/support" + GOSRC: "$HOME/ci/task-${CIRRUS_TASK_ID}" + clone_script: *full_clone + # This host is/was shared with potentially many other CI tasks. + # The previous task may have been canceled or aborted. + prep_script: &mac_cleanup "contrib/cirrus/mac_cleanup.sh" + lint_script: + - make golangci-lint + basic_build_script: + - make .install.ginkgo + - make podman-remote + - make podman-mac-helper + build_pkginstaller_script: + - pushd contrib/pkginstaller + - make ARCH=aarch64 NO_CODESIGN=1 pkginstaller + - popd + # Building arm podman needs to be the last thing built in this task + # The Mac tests rely this Podman binary to run, and the CI Mac is ARM-based + build_arm64_script: + - make podman-remote-release-darwin_arm64.zip + # Produce a new repo.tar.zst artifact for consumption by dependent tasks. + repo_prep_script: *repo_prep + repo_artifacts: *repo_artifacts + # This host is/was shared with potentially many other CI tasks. + # Ensure nothing is left running while waiting for the next task. + always: + task_cleanup_script: *mac_cleanup + + +# Build freebsd release natively on a FreeBSD VM. +freebsd_alt_build_task: + name: "FreeBSD Cross" + skip: true + alias: freebsd_alt_build + # Only run on 'main' and PRs against 'main' + # Docs: ./contrib/cirrus/CIModes.md + only_if: $CIRRUS_BRANCH == 'main' || $CIRRUS_BASE_BRANCH == 'main' + env: + <<: *stdenvars + # Functional FreeBSD builds must be built natively since they depend on CGO + DISTRO_NV: freebsd-13 + VM_IMAGE_NAME: notyet + CTR_FQIN: notyet + CIRRUS_SHELL: "/bin/sh" + TEST_FLAVOR: "altbuild" + ALT_NAME: 'FreeBSD Cross' + freebsd_instance: + image_family: freebsd-14-3 + # golangci-lint is a very, very hungry beast. + cpu: 4 + memory: 8Gb + setup_script: + - pkg install -y gpgme bash go-md2man gmake gsed gnugrep go pkgconf zstd + - go version # Downloads a new go version based on go.mod's go directive. + golint_cache: + folder: ~/.cache/golangci-lint + fingerprint_script: *golangci_cache_fingerprint + lint_script: + - gmake golangci-lint + build_amd64_script: + - gmake podman-release + # This task cannot make use of the shared repo.tar.zst artifact and must + # produce a new repo.tar.zst artifact for consumption by 'artifacts' task. + repo_prep_script: *repo_prep + repo_artifacts: *repo_artifacts + + +# Status aggregator for all builds. This task simply makes dependency +# management easier, and results in a simpler graph that using YAML +# anchors/aliases. +build_success_task: + name: "Total Build Success" + skip: false + alias: build_success + depends_on: + # - validate-source + # - build + # - build_aarch64 # Skipped for Windows focus + - alt_build + # - osx_alt_build # Skipped for Windows focus + # - freebsd_alt_build # Skipped for Windows focus + env: + CTR_FQIN: ${FEDORA_CONTAINER_FQIN} + container: &smallcontainer + image: ${CTR_FQIN} + # Resources are limited across ALL currently executing tasks + # ref: https://cirrus-ci.org/guide/linux/#linux-containers + cpu: 1 + memory: 1 + clone_script: &noop mkdir -p "$CIRRUS_WORKING_DIR" + script: *noop + + +# Exercise the "libpod" API with a small set of common +# operations to ensure they are functional. +bindings_task: + name: "Test Bindings" + skip: true + alias: bindings + # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) + # only when: - main rules (see doc above); or + # - bindings test code is changed; or + # - actual source code changed + only_if: >- + $CIRRUS_PR == '' || + $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || + changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || + changesInclude('pkg/bindings/test/**') || + (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) + depends_on: &build + - build_success + gce_instance: &standardvm + <<: *fastvm + cpu: 2 + env: + <<: *stdenvars + TEST_FLAVOR: bindings + TEST_BUILD_TAGS: "" + # N/B: This script depends on ${DISTRO_NV} being defined for the task. + clone_script: &get_gosrc | + cd /tmp + echo "$ARTCURL/Build%20for%20${DISTRO_NV}/repo/repo.tar.zst" + time $ARTCURL/Build%20for%20${DISTRO_NV}/repo/repo.tar.zst + time tar -xf /tmp/repo.tar.zst -C $GOSRC + setup_script: *setup + main_script: *main + always: &logs_artifacts + <<: *runner_stats + # Required for `contrib/cirrus/logformatter` to work properly + html_artifacts: + path: ./*.html + type: text/html + server_log_artifacts: + path: ./podman-server.log + type: text/plain + cleanup_tracer_artifacts: + path: ./podman-cleanup-tracer.log + type: text/plain + df_script: '$SCRIPT_BASE/logcollector.sh df' + audit_log_script: '$SCRIPT_BASE/logcollector.sh audit' + journal_script: '$SCRIPT_BASE/logcollector.sh journal' + podman_system_info_script: '$SCRIPT_BASE/logcollector.sh podman' + time_script: '$SCRIPT_BASE/logcollector.sh time' + + +# Build the "libpod" API documentation `swagger.yaml` and +# publish it to google-cloud-storage (GCS). +swagger_task: + name: "Test Swagger" + skip: true + alias: swagger + depends_on: *build + gce_instance: *standardvm + env: + <<: *stdenvars + TEST_FLAVOR: swagger + CTR_FQIN: 'quay.io/libpod/gcsupld:${IMAGE_SUFFIX}' + GCPJSON: ENCRYPTED[927dc01e755eaddb4242b0845cf86c9098d1e3dffac38c70aefb1487fd8b4fe6dd6ae627b3bffafaba70e2c63172664e] + GCPNAME: ENCRYPTED[c145e9c16b6fb88d476944a454bf4c1ccc84bb4ecaca73bdd28bdacef0dfa7959ebc8171a27b2e4064d66093b2cdba49] + GCPPROJECT: 'libpod-218412' + TEST_BUILD_TAGS: "" + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + always: + <<: *runner_stats + swagger_artifacts: + path: ./swagger.yaml + type: text/plain + + +win_installer_task: + name: "Verify Win Installer Build" + skip: true + matrix: + - env: + CONTAINERS_MACHINE_PROVIDER: 'wsl' + - env: + CONTAINERS_MACHINE_PROVIDER: 'hyperv' + alias: win_installer + only_if: *no_rhel_release + depends_on: *build + ec2_instance: &windows + image: "${WINDOWS_AMI}" + type: m5.large + region: us-east-1 + platform: windows + env: &winenv + CIRRUS_WORKING_DIR: &wincwd "${LOCALAPPDATA}\\cirrus-ci-build" + CIRRUS_SHELL: powershell + PATH: "${PATH};C:\\ProgramData\\chocolatey\\bin" + DISTRO_NV: "windows" + PRIV_NAME: "rootless" + # Fake version, we are only testing the installer functions, so version doesn't matter + WIN_INST_VER: 9.9.9 + # It's HIGHLY desireable to use the same binary throughout CI. Otherwise, if + # there's a toolchain or build-environment specific problem, it can be incredibly + # difficult (and non-obvious) to debug. + clone_script: &winclone | + $ErrorActionPreference = 'Stop' + $ProgressPreference = 'SilentlyContinue' + New-Item -ItemType Directory -Force -Path "$ENV:CIRRUS_WORKING_DIR" + Set-Location "$ENV:CIRRUS_WORKING_DIR" + $uri = "${ENV:ART_URL}/Windows Cross/repo/repo.tar.zst" + Write-Host "Downloading $uri" + For($i = 0;;) { + Try { + Invoke-WebRequest -UseBasicParsing -ErrorAction Stop -OutFile "repo.tar.zst" ` + -Uri "$uri" + Break + } Catch { + if (++$i -gt 6) { + throw $_.Exception + } + Write-Host "Download failed - retrying:" $_.Exception.Response.StatusCode + Start-Sleep -Seconds 10 + } + } + Write-Host "zstd -d repo.tar.zst" + zstd -d repo.tar.zst + if ($LASTEXITCODE -ne 0) { + throw "Extract repo.tar.zst failed" + Exit 1 + } + Write-Host "arc unarchive repo.tar .\" + arc unarchive repo.tar .\repo + if ($LASTEXITCODE -ne 0) { + throw "Unarchive repo.tar failed" + Exit 1 + } + Get-ChildItem -Path . + Get-ChildItem -Path .\repo + main_script: ".\\repo\\contrib\\cirrus\\win-installer-main.ps1" + + +# Verify podman is compatible with the docker python-module. +docker-py_test_task: + name: Docker-py Compat. + skip: true + alias: docker-py_test + # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) + # only when: - main rules (see doc above); or + # - docker-py test code is changed; or + # - actual source code changed + only_if: >- + $CIRRUS_PR == '' || + $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || + changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || + changesInclude('test/python/**') || + (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) + depends_on: *build + gce_instance: *standardvm + env: + <<: *stdenvars + TEST_FLAVOR: docker-py + TEST_ENVIRON: container + TEST_BUILD_TAGS: "" + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + always: *runner_stats + + +# Does exactly what it says, execute the podman unit-tests on Fedora. +unit_test_task: + name: "Unit tests on $DISTRO_NV" + skip: true + alias: unit_test + # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) + # only when: - main rules (see doc above); or + # - unit test files are changed (contains a false positves such as test/e2e/ + # but that should not be an issue, it only runs when it doesn't have to) + # - actual source code changed + only_if: >- + $CIRRUS_PR == '' || + $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || + changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || + changesInclude('**/*_test.go') || + (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) + depends_on: *build + matrix: + - env: *stdenvars + # Special-case: Rootless on latest Fedora (standard) VM + - name: "Rootless unit on $DISTRO_NV" + env: + <<: *stdenvars + PRIV_NAME: rootless + gce_instance: *standardvm + env: + TEST_FLAVOR: unit + TEST_BUILD_TAGS: "" + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + always: *logs_artifacts + + +unit_test_windows_task: + name: "Unit tests on Windows" + skip: true + alias: unit_test_windows + # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) + # only when: - main rules (see doc above); or + # - unit test files are changed (contains a false positves such as test/e2e/ + # but that should not be an issue, it only runs when it doesn't have to) + # - actual source code changed + only_if: >- + $CIRRUS_PR == '' || + $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || + changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || + changesInclude('winmake.ps1') || + changesInclude('**/*_test.go') || + (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) + # Special case, we do not run macos/windows builds on rhel branches. + # Thus the machine task should not be run too, while we use only_if + # everywhere to do so here it would mean we would need duplicate the + # full big only_if condition which is more difficult to maintain so + # use the skip here. + # skip: &skip_rhel_release | +# $CIRRUS_BRANCH =~ 'v[0-9\.]+-rhel' || +# $CIRRUS_BASE_BRANCH =~ 'v[0-9\.]+-rhel' + depends_on: *build + ec2_instance: *windows + timeout_in: 20m + env: + <<: *winenv + TEST_FLAVOR: unit + clone_script: *winclone + main_script: ".\\repo\\contrib\\cirrus\\win-unit-main.ps1" + always: + # Required for `contrib/cirrus/logformatter` to work properly + html_artifacts: + path: ./*.html + type: text/html + + +apiv2_test_task: + name: "APIv2 test on $DISTRO_NV ($PRIV_NAME)" + skip: true + alias: apiv2_test + # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) + # only when: - main rules (see doc above); or + # - apiv2 test code is changed; or + # - actual source code changed + only_if: >- + $CIRRUS_PR == '' || + $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || + changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || + changesInclude('test/apiv2/**', 'test/python/**') || + (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) + depends_on: *build + gce_instance: *standardvm + env: + <<: *stdenvars + TEST_FLAVOR: apiv2 + TEST_BUILD_TAGS: "" + matrix: + - env: + PRIV_NAME: root + - env: + PRIV_NAME: rootless + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + always: *logs_artifacts + + +compose_test_task: + name: "$TEST_FLAVOR test on $DISTRO_NV ($PRIV_NAME)" + skip: true + alias: compose_test + # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) + # only when: - main rules (see doc above); or + # - compose test code is changed; or + # - actual source code changed + only_if: >- + $CIRRUS_PR == '' || + $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || + changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || + changesInclude('test/compose/**') || + (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) + depends_on: *build + gce_instance: *standardvm + matrix: + - env: + PRIV_NAME: root + - env: + PRIV_NAME: rootless + env: + <<: *stdenvars + TEST_FLAVOR: compose_v2 + TEST_BUILD_TAGS: "" + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + always: *logs_artifacts + + +# versions, as root, without involving the podman-remote client. +local_integration_test_task: &local_integration_test_task + # Integration-test task name convention: + # + name: &std_name_fmt "$TEST_FLAVOR $PODBIN_NAME $DISTRO_NV $PRIV_NAME $TEST_ENVIRON" + skip: true + alias: local_integration_test + # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) + # only when: - main rules (see doc above); or + # - int test code is changed; or + # - actual source code changed + only_if: &only_if_int_test >- + $CIRRUS_PR == '' || + $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || + changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || + changesInclude('test/e2e/**', 'test/utils/**') || + (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) + depends_on: *build + matrix: *platform_axis + # integration tests scale well with cpu as they are parallelized + # so we give these tests 4 cores to make them faster + gce_instance: *fastvm + env: + TEST_FLAVOR: int + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + always: &int_logs_artifacts + <<: *logs_artifacts + ginkgo_node_logs_artifacts: + path: ./test/e2e/ginkgo-node-*.log + type: text/plain + + +# Nearly identical to `local_integration_test` except all operations +# are performed through the podman-remote client vs a podman "server" +# running on the same host. +remote_integration_test_task: + <<: *local_integration_test_task + alias: remote_integration_test + skip: true + env: + TEST_FLAVOR: int + PODBIN_NAME: remote + + +# Run the complete set of integration tests from inside a container. +# This verifies all/most operations function with "podman-in-podman". +container_integration_test_task: + name: *std_name_fmt + skip: true + alias: container_integration_test + # Docs: ./contrib/cirrus/CIModes.md + only_if: *only_if_int_test + depends_on: *build + matrix: &fedora_vm_axis + - env: + DISTRO_NV: ${FEDORA_NAME} + VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} + CTR_FQIN: ${FEDORA_CONTAINER_FQIN} + gce_instance: *fastvm + env: + TEST_FLAVOR: int + TEST_ENVIRON: container + TEST_BUILD_TAGS: "" + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + always: *int_logs_artifacts + + +# Execute most integration tests as a regular (non-root) user. +rootless_integration_test_task: + name: *std_name_fmt + skip: true + alias: rootless_integration_test + # Docs: ./contrib/cirrus/CIModes.md + only_if: *only_if_int_test + depends_on: *build + matrix: *platform_axis + gce_instance: *fastvm + env: + TEST_FLAVOR: int + PRIV_NAME: rootless + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + always: *int_logs_artifacts + + +podman_machine_task: + name: *std_name_fmt + skip: true + alias: podman_machine + # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) + # only when: - main rules (see doc above); or + # - machine code files are changed + only_if: &only_if_machine_test >- + $CIRRUS_PR == '' || + $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || + changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || + changesInclude('cmd/podman/machine/**', 'pkg/machine/**', '**/*machine*.go') + depends_on: *build + ec2_instance: + image: "${VM_IMAGE_NAME}" + type: "${EC2_INST_TYPE}" + region: us-east-1 + timeout_in: 30m + env: + EC2_INST_TYPE: "m5zn.metal" # Bare-metal instance is required + TEST_FLAVOR: "machine-linux" + TEST_BUILD_TAGS: "" + PRIV_NAME: "rootless" # intended use-case + DISTRO_NV: "${FEDORA_NAME}" + VM_IMAGE_NAME: "${FEDORA_AMI}" + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + always: *int_logs_artifacts + + +podman_machine_aarch64_task: + name: *std_name_fmt + skip: true + alias: podman_machine_aarch64 + only_if: *only_if_machine_test + depends_on: *build + ec2_instance: + <<: *standard_build_ec2_aarch64 + timeout_in: 40m + env: + TEST_FLAVOR: "machine-linux" + TEST_BUILD_TAGS: "" + EC2_INST_TYPE: c6g.metal + PRIV_NAME: "rootless" # intended use-case + DISTRO_NV: "${FEDORA_AARCH64_NAME}" + VM_IMAGE_NAME: "${FEDORA_AARCH64_AMI}" + clone_script: &get_gosrc_aarch64 | + cd /tmp + echo "$ARTCURL/build_aarch64/repo/repo.tar.zst" + time $ARTCURL/build_aarch64/repo/repo.tar.zst + time tar -xf /tmp/repo.tar.zst -C $GOSRC + setup_script: *setup + main_script: *main + always: *int_logs_artifacts + + +podman_machine_windows_task: + name: *std_name_fmt + skip: false + alias: podman_machine_windows + allow_failures: $TEST_FLAVOR == 'machine-wsl' + # Docs: ./contrib/cirrus/CIModes.md + # Duplicated from the main linux machine task as we also must match winmake.ps1 here since that is used on windows. + only_if: >- + $CIRRUS_PR == '' || + $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || + changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || + changesInclude('winmake.ps1') || + changesInclude('cmd/podman/machine/**', 'pkg/machine/**', '**/*machine*.go') + # Special case, we do not run macos/windows builds on rhel branches. + # Thus the machine task should not be run too, while we use only_if + # everywhere to do so here it would mean we would need duplicate the + # full big only_if condition which is more difficult to maintain so + # use the skip here. + # skip: *skip_rhel_release + depends_on: *build + ec2_instance: + <<: *windows + type: z1d.metal + platform: windows + timeout_in: 60m + env: *winenv + matrix: + - env: + TEST_FLAVOR: "machine-wsl" + - env: + TEST_FLAVOR: "machine-hyperv" + clone_script: *winclone + # This depends on an instance with an local NVMe storage so we can make use of fast IO + # Our machine tests are IO bound so this is rather imporant to speed them up a lot. + setup_disk_script: | + echo "Get-Disk" + Get-Disk | Ft -autosize | out-string -width 4096 + # Hard coded to disk 0, assume that this is always the case for our ec2 instance. + # It is not clear to me how I would filter by name because we still have two disks + # with the same name. + echo "Format and mount disk 0" + $disk = Get-Disk 0 + $disk | Initialize-Disk -PartitionStyle MBR + $disk | New-Partition -UseMaximumSize -MbrType IFS + $Partition = Get-Partition -DiskNumber $disk.Number + $Partition | Format-Volume -FileSystem NTFS -Confirm:$false + $Partition | Add-PartitionAccessPath -AccessPath "Z:\" + echo "Get-Volume" + Get-Volume + main_script: ".\\repo\\contrib\\cirrus\\win-podman-machine-main.ps1" + always: + wsl_logs_artifacts: + path: ./*.zip + # Required for `contrib/cirrus/logformatter` to work properly + html_artifacts: + path: ./*.html + type: text/html + + +podman_machine_mac_task: + name: *std_name_fmt + skip: true + alias: podman_machine_mac + only_if: *only_if_machine_test + # skip: *skip_rhel_release + depends_on: *build + persistent_worker: *mac_pw + timeout_in: 60m + env: + <<: *mac_env + DISTRO_NV: "darwin" + PRIV_NAME: "rootless" # intended use-case + matrix: + - env: + # See contrib/cirrus/mac_runner.sh + TEST_FLAVOR: "machine-applehv" + - env: + # See contrib/cirrus/mac_runner.sh + TEST_FLAVOR: "machine-libkrun" + clone_script: # artifacts from osx_alt_build_task + - mkdir -p $CIRRUS_WORKING_DIR + - cd $CIRRUS_WORKING_DIR + - $ARTCURL/Build%20for%20MacOS%20arm64/repo/repo.tar.zst + - tar -xf repo.tar.zst + # This host is/was shared with potentially many other CI tasks. + # The previous task may have been canceled or aborted. + prep_script: *mac_cleanup + setup_script: "contrib/cirrus/mac_setup.sh" + env_script: "contrib/cirrus/mac_env.sh" + # TODO: Timeout bumped b/c initial image download (~5min) and VM + # resize (~2min) causes test-timeout (90s default). Should + # tests deal with this internally? + test_script: + - "contrib/cirrus/mac_runner.sh" + # This host is/was shared with potentially many other CI tasks. + # Ensure nothing is left running while waiting for the next task. + always: + # Required for `contrib/cirrus/logformatter` to work properly + html_artifacts: + path: ./*.html + type: text/html + task_cleanup_script: *mac_cleanup + + +# Always run subsequent to integration tests. While parallelism is lost +# with runtime, debugging system-test failures can be more challenging +# for some golang developers. Otherwise the following tasks run across +# the same matrix as the integration-tests (above). +local_system_test_task: &local_system_test_task + name: *std_name_fmt + skip: true + alias: local_system_test + # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) + # only when: - main rules (see doc above); or + # - sys test code is changed; or + # - actual source code changed + only_if: &only_if_system_test >- + $CIRRUS_PR == '' || + $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || + changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || + changesInclude('test/system/**') || + (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) + depends_on: *build + matrix: *platform_axis + gce_instance: *fastvm + timeout_in: 25m + env: + TEST_FLAVOR: sys + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + always: *logs_artifacts + + +local_system_test_aarch64_task: &local_system_test_task_aarch64 + name: *std_name_fmt + skip: true + alias: local_system_test_aarch64 + # Docs: ./contrib/cirrus/CIModes.md + only_if: *only_if_system_test + depends_on: *build + ec2_instance: *standard_build_ec2_aarch64 + timeout_in: 35m + env: + <<: *stdenvars_aarch64 + TEST_FLAVOR: sys + TEST_BUILD_TAGS: "" + DISTRO_NV: ${FEDORA_AARCH64_NAME} + clone_script: *get_gosrc_aarch64 + setup_script: *setup + main_script: *main + always: *logs_artifacts + + +remote_system_test_task: + <<: *local_system_test_task + alias: remote_system_test + skip: true + env: + TEST_FLAVOR: sys + PODBIN_NAME: remote + + +remote_system_test_aarch64_task: + <<: *local_system_test_task_aarch64 + alias: remote_system_test_aarch64 + skip: true + env: + TEST_FLAVOR: sys + PODBIN_NAME: remote + + +rootless_remote_system_test_task: + matrix: + # Minimal sanity testing: only the latest Fedora + - env: + DISTRO_NV: ${FEDORA_NAME} + # Not used here, is used in other tasks + VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} + CTR_FQIN: ${FEDORA_CONTAINER_FQIN} + <<: *local_system_test_task + alias: rootless_remote_system_test + skip: true + gce_instance: *fastvm + timeout_in: 25m + env: + TEST_FLAVOR: sys + PODBIN_NAME: remote + PRIV_NAME: rootless + + +rootless_system_test_task: + name: *std_name_fmt + skip: true + alias: rootless_system_test + # Docs: ./contrib/cirrus/CIModes.md + only_if: *only_if_system_test + depends_on: *build + matrix: *platform_axis + gce_instance: *fastvm + timeout_in: 25m + env: + TEST_FLAVOR: sys + PRIV_NAME: rootless + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + always: *logs_artifacts + + +farm_test_task: + name: *std_name_fmt + skip: true + alias: farm_test + # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) + # only when: - main rules (see doc above); or + # - farm test code is changed or one of the shared helper import files from the system test; or + # - actual source code changed + only_if: >- + $CIRRUS_PR == '' || + $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || + changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || + changesInclude('test/farm/**', 'test/system/*.bash') || + (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) + depends_on: *build + gce_instance: *standardvm + env: + <<: *stdenvars + TEST_FLAVOR: farm + TEST_BUILD_TAGS: "" + PRIV_NAME: rootless + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + always: *logs_artifacts + +buildah_bud_test_task: + name: *std_name_fmt + skip: true + alias: buildah_bud_test + # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) + # only when: - main rules (see doc above); or + # - podman build source code files or bud tests files are changed + # (vendor updates, i.e. buildah, are already covered in the main rules) + only_if: >- + $CIRRUS_PR == '' || + $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || + changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || + changesInclude('**/*build*.go', 'test/buildah-bud/**') + depends_on: *build + env: + <<: *stdenvars + TEST_FLAVOR: bud + TEST_BUILD_TAGS: "" + matrix: + - env: + PODBIN_NAME: podman + - env: + PODBIN_NAME: remote + gce_instance: *fastvm + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + always: *int_logs_artifacts + +upgrade_test_task: + name: "Upgrade test: from $PODMAN_UPGRADE_FROM" + skip: true + alias: upgrade_test + # Docs: ./contrib/cirrus/CIModes.md (Cirrus Task contexts and runtime modes) + # only when: - main rules (see doc above); or + # - upgrade test code is changed or one of the shared helper import files from the system test; or + # - actual source code changed + only_if: >- + $CIRRUS_PR == '' || + $CIRRUS_CHANGE_TITLE =~ '.*CI:ALL.*' || + changesInclude('.cirrus.yml', 'Makefile', 'contrib/cirrus/**', 'vendor/**', 'test/tools/**', 'test/registries*.conf', 'hack/**', 'version/rawversion/*') || + changesInclude('test/upgrade/**', 'test/system/*.bash') || + (changesInclude('**/*.go', '**/*.c', '**/*.h') && !changesIncludeOnly('test/**', 'pkg/machine/e2e/**')) + depends_on: *build + matrix: + - env: + PODMAN_UPGRADE_FROM: v5.3.1 + - env: + PODMAN_UPGRADE_FROM: v5.6.2 + gce_instance: *standardvm + env: + TEST_FLAVOR: upgrade_test + TEST_BUILD_TAGS: "" + DISTRO_NV: ${FEDORA_NAME} + VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + always: *logs_artifacts + + +# This task is critical. It updates the "last-used by" timestamp stored +# in metadata for all VM images. This mechanism functions in tandem with +# an out-of-band pruning operation to remove disused VM images. +meta_task: + name: "VM img. keepalive" + skip: true + alias: meta + container: + cpu: 2 + memory: 2 + image: quay.io/libpod/imgts:latest + env: + # Space-separated list of images used by this repository state + IMGNAMES: >- + ${FEDORA_CACHE_IMAGE_NAME} + ${PRIOR_FEDORA_CACHE_IMAGE_NAME} + ${RAWHIDE_CACHE_IMAGE_NAME} + ${DEBIAN_CACHE_IMAGE_NAME} + EC2IMGNAMES: >- + ${FEDORA_AARCH64_AMI} + ${FEDORA_AMI} + ${WINDOWS_AMI} + BUILDID: "${CIRRUS_BUILD_ID}" + REPOREF: "${CIRRUS_REPO_NAME}" + AWSINI: ENCRYPTED[a53616be7cafc6883ac619a26eda7bbd9f20ae99a9f9fe99137b18d780bde89bed7941e791e64d6e6b4d971011ca1d28] + GCPJSON: ENCRYPTED[3a198350077849c8df14b723c0f4c9fece9ebe6408d35982e7adf2105a33f8e0e166ed3ed614875a0887e1af2b8775f4] + GCPNAME: ENCRYPTED[2f9738ef295a706f66a13891b40e8eaa92a89e0e87faf8bed66c41eca72bf76cfd190a6f2d0e8444c631fdf15ed32ef6] + GCPPROJECT: libpod-218412 + clone_script: *noop + script: /usr/local/bin/entrypoint.sh + + +# Status aggregator for all tests. This task ensures a defined set of tasks +# all passed, and allows confirming that based on the status of this task. +success_task: + # N/B: The prow merge-bot (tide) is sensitized to this exact name, DO NOT CHANGE IT. + # Ref: https://github.com/openshift/release/pull/48855 + name: "Total Success" + skip: true + alias: success + # N/B: ALL tasks must be listed here, minus their '_task' suffix. + depends_on: + - build_success + - bindings + - swagger + - win_installer + - docker-py_test + - unit_test + - unit_test_windows + - apiv2_test + - compose_test + - local_integration_test + - remote_integration_test + - container_integration_test + - rootless_integration_test + - podman_machine + - podman_machine_aarch64 + - podman_machine_windows + - podman_machine_mac + - local_system_test + - local_system_test_aarch64 + - remote_system_test + - remote_system_test_aarch64 + - rootless_remote_system_test + - rootless_system_test + - farm_test + - buildah_bud_test + - upgrade_test + - meta + env: + CTR_FQIN: ${FEDORA_CONTAINER_FQIN} + container: *smallcontainer + clone_script: *noop + script: *noop + +# WARNING: Most of the artifacts captured here are also have their +# permalinks present in the `DOWNLOADS.md` file. Any changes made +# here, should probably be reflected in that document. +artifacts_task: + name: "Artifacts" + skip: true + alias: artifacts + # Docs: ./contrib/cirrus/CIModes.md + only_if: *no_rhel_release + depends_on: + - success + # This task is a secondary/convenience for downstream consumers, don't + # block development progress if there is a failure in a PR, only break + # when running on branches or tags. + allow_failures: $CIRRUS_PR != '' + container: *smallcontainer + env: + CTR_FQIN: ${FEDORA_CONTAINER_FQIN} + TEST_ENVIRON: container + # In order to keep the download URL and Cirrus-CI artifact.zip contents + # simple, nothing should exist in $CIRRUS_WORKING_DIR except for artifacts. + clone_script: *noop + fedora_binaries_script: + - mkdir -p /tmp/fed + - cd /tmp/fed + - $ARTCURL/Build%20for%20${FEDORA_NAME}/repo/repo.tar.zst + - tar -xf repo.tar.zst + - cp ./bin/* $CIRRUS_WORKING_DIR/ + win_binaries_script: + - mkdir -p /tmp/win + - cd /tmp/win + - $ARTCURL/Windows%20Cross/repo/repo.tar.zst + - tar -xf repo.tar.zst + - mv ./podman-remote*.zip $CIRRUS_WORKING_DIR/ + osx_binaries_script: + - mkdir -p /tmp/osx + - cd /tmp/osx + - $ARTCURL/Build%20for%20MacOS%20arm64/repo/repo.tar.zst + - tar -xf repo.tar.zst + - mv ./podman-remote-release-darwin_*.zip $CIRRUS_WORKING_DIR/ + - mv ./contrib/pkginstaller/out/podman-installer-macos-*.pkg $CIRRUS_WORKING_DIR/ + always: + contents_script: ls -la $CIRRUS_WORKING_DIR + # Produce downloadable files and an automatic zip-file accessible + # by a consistent URL, based on contents of $CIRRUS_WORKING_DIR + # Ref: https://cirrus-ci.org/guide/writing-tasks/#latest-build-artifacts + binary_artifacts: + path: ./* + type: application/octet-stream + + +# When a new tag is pushed, confirm that the code and commits +# meet criteria for an official release. +release_task: + name: "Verify Release" + skip: true + alias: release + # This should _only_ run for new tags + # Docs: ./contrib/cirrus/CIModes.md + only_if: $CIRRUS_TAG != '' + depends_on: + - build_success + - success + gce_instance: *standardvm + env: + <<: *stdenvars + TEST_FLAVOR: release + TEST_BUILD_TAGS: "" + clone_script: *get_gosrc + setup_script: *setup + main_script: *main + + +# When preparing to release a new version, this task may be manually +# activated at the PR stage to verify the build is proper for a potential +# podman release. +# +# Note: This cannot use a YAML alias on 'release_task' as of this +# comment, it is incompatible with 'trigger_type: manual' +release_test_task: + name: "Optional Release Test" + skip: true + alias: release_test + # Release-PRs always include "release" or "Bump" in the title + # Docs: ./contrib/cirrus/CIModes.md + only_if: $CIRRUS_CHANGE_TITLE =~ '.*((release)|(bump)).*' + # Allow running manually only as part of release-related builds + # see RELEASE_PROCESS.md + trigger_type: manual + depends_on: + - build_success + - success + gce_instance: *standardvm + env: + <<: *stdenvars + TEST_FLAVOR: release + TEST_BUILD_TAGS: "" + clone_script: *get_gosrc + setup_script: *setup + main_script: *main diff --git a/.packit.yaml b/.packit.yaml index 37be3fda7ea..e8600436edc 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -1,31 +1,21 @@ ---- -# See the documentation for more information: -# https://packit.dev/docs/configuration/ - downstream_package_name: podman upstream_tag_template: v{version} - -# These files get synced from upstream to downstream (Fedora / CentOS Stream) on every -# propose-downstream job. This is done so tests maintained upstream can be run -# downstream in Zuul CI and Bodhi. -# Ref: https://packit.dev/docs/configuration#files_to_sync files_to_sync: - - src: rpm/gating.yaml - dest: gating.yaml - delete: true - - src: plans/ - dest: plans/ - delete: true - mkpath: true - - src: test/tmt/ - dest: test/tmt/ - delete: true - mkpath: true - - src: .fmf/ - dest: .fmf/ - delete: true - - .packit.yaml - +- src: rpm/gating.yaml + dest: gating.yaml + delete: true +- src: plans/ + dest: plans/ + delete: true + mkpath: true +- src: test/tmt/ + dest: test/tmt/ + delete: true + mkpath: true +- src: .fmf/ + dest: .fmf/ + delete: true +- .packit.yaml packages: podman-fedora: pkg_tool: fedpkg @@ -35,21 +25,17 @@ packages: specfile_path: rpm/podman.spec podman-eln: specfile_path: rpm/podman.spec - -# Disable automatic merging for Copr builds (and subsequent Testing Farm) merge_pr_in_ci: false - srpm_build_deps: - - git-archive-all - - make - +- git-archive-all +- make actions: fix-spec-file: "bash contrib/packit-tmt/packit-copr-rpm.sh" pre-sync: "bash contrib/packit-tmt/packit-rpm-git-commit.sh" jobs: - job: copr_build - trigger: pull_request + trigger: ignore packages: [podman-fedora] notifications: &packit_generic_failure_notification failure_comment: diff --git a/contrib/cirrus/win-lib.ps1 b/contrib/cirrus/win-lib.ps1 index ee9a4196ea7..9172ec04af7 100644 --- a/contrib/cirrus/win-lib.ps1 +++ b/contrib/cirrus/win-lib.ps1 @@ -107,3 +107,56 @@ function Run-Command { Check-Exit 2 "'$command'" "$exitCode" } + +function Invoke-CommandAsUser { + param ( + [string] $Command, + [string] $Username, + [secureString] $SecurePassword + ) + + $credential = New-Object System.Management.Automation.PSCredential $Username, $securePassword + + $bytes = [System.Text.Encoding]::Unicode.GetBytes($Command) + $encodedCommand = [Convert]::ToBase64String($bytes) + + $cwd = [Environment]::GetFolderPath('CommonApplicationData') + + # Start the process with the encoded command and the credentials + # -Wait: Wait for the process to complete (synchronously) + # -PassThru: Return the process object + $p = Start-Process -FilePath "powershell.exe" ` + -ArgumentList "-NoLogo -ExecutionPolicy Bypass -NoProfile -NonInteractive -EncodedCommand $encodedCommand" ` + -Credential $credential ` + -WindowStyle Hidden ` + -Wait ` + -PassThru ` + -RedirectStandardOutput "$cwd\command-output.txt" + -RedirectStandardError "$cwd\command-output.txt" + -WorkingDirectory "$cwd" + + if ($Env:CIRRUS_CI -eq "true") { + Invoke-Logformatter $cwd\command-output.txt + } + + Write-Host "Command output:" + Get-Content "$cwd\command-output.txt" + + if ($null -eq $p) { + throw "the process object returned by Start-Process is null." + } elseif (-not $p.HasExited) { + throw "the process is still running (should never happen)." + } elseif ($p.ExitCode -ne 0) { + # Decode common task scheduler error codes + $resultMessage = switch ($p.ExitCode) { + 0 { "Success" } + 1 { "Commmand completed with an error or unknown command called" } + 2 { "File not found" } + 10 { "Environment is incorrect" } + 2147750687 { "Command failed to start (invalid credentials or permissions)" } + 2147943645 { "Access is denied" } + default { "Unknown error code" } + } + throw "command failed with error code: $p.ExitCode ($resultMessage)" + } +} diff --git a/contrib/cirrus/win-podman-machine-test.ps1 b/contrib/cirrus/win-podman-machine-test.ps1 index 72a9949d67b..a708fada6b5 100644 --- a/contrib/cirrus/win-podman-machine-test.ps1 +++ b/contrib/cirrus/win-podman-machine-test.ps1 @@ -2,6 +2,18 @@ . $PSScriptRoot\win-lib.ps1 +function GenerateRandomPassword { + param( + [int]$length = 32 + ) + + $rnd = [byte[]]::new($length) + [System.Security.Cryptography.RandomNumberGenerator]::create().getBytes($rnd) + $password = ($rnd | % { $syms[$_ % $syms.length] }) -join '' + + return $password +} + Write-Host "Recovering env. vars." Import-CLIXML "$ENV:TEMP\envars.xml" | % { Write-Host " $($_.Name) = $($_.Value)" @@ -40,7 +52,7 @@ $Env:TMPDIR = 'Z:\' $Env:TMP = 'Z:\' $Env:TEMP = 'Z:\' -Write-Host "`nRunning podman-machine e2e tests" +# Write-Host "`nRunning podman-machine e2e tests" if ($Env:TEST_FLAVOR -eq "machine-wsl") { # Output info so we know what version we are testing. @@ -48,10 +60,26 @@ if ($Env:TEST_FLAVOR -eq "machine-wsl") { Run-Command "$PSScriptRoot\win-collect-wsl-logs-start.ps1" } +# The unprivileged user is the default user for running Podman e2e and +# installation tests. +$unprivilegedUser = "unprivileged-user" +$unprivilegedUserPass = GenerateRandomPassword +$unprivilegedUserPassEnc = ConvertTo-SecureString $unprivilegedUserPass -AsPlainText -Force +New-LocalUser -Name $unprivilegedUser -Password $unprivilegedUserPassEnc + try { - Run-Command ".\winmake localmachine" + Invoke-CommandAsUser -Username $unprivilegedUser -SecurePassword $unprivilegedUserPassEnc -Command ".\winmake whoami" } finally { if ($Env:TEST_FLAVOR -eq "machine-wsl") { Run-Command "$PSScriptRoot\win-collect-wsl-logs-stop.ps1" } } + +Write-Host "`nListing the users on the machine" +Get-LocalUser +Write-Host "`nListing members of the Users group" +Get-LocalGroup -Name Users | Get-LocalGroupMember +Write-Host "`nListing members of the Administrators group" +Get-LocalGroup -Name Administrators | Get-LocalGroupMember +Write-Host "`nListing members of the Hyper-V Administrators group" +Get-LocalGroup -Name "Hyper-V Administrators" | Get-LocalGroupMember diff --git a/winmake.ps1 b/winmake.ps1 index af03699cf69..9a245cb7c18 100644 --- a/winmake.ps1 +++ b/winmake.ps1 @@ -429,6 +429,9 @@ switch ($target) { { $_ -in '', 'podman-remote', 'podman' } { Podman-Remote } + 'whoami' { + Write-Host "Current user: $(whoami)" + } 'localunit' { Local-Unit }