From 4f9f677157c288403413cd1a2336adea709cec7a Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Fri, 16 Aug 2024 12:33:53 -0400 Subject: [PATCH] Produce x86_64 & ARM64 fedora container images At the time of this commit, podman's Makefile has a target to allow validating code changes locally. However, it's based on a bespoke container image which has no connection to the images used in CI. This can easily lead to a situation where validation passes in the local environment passes fails in CI. Support this validate target using the `quay.io/libpod/*fedora_podman:latest` images instead across all common developer architectures. Signed-off-by: Chris Evich --- .cirrus.yml | 18 +++++++++++++----- IMG_SFX | 2 +- Makefile | 8 +++++++- 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 44d40e44..7b769805 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -71,13 +71,14 @@ container_images_task: &container_images skip: *ci_docs_tooling depends_on: - image_builder - timeout_in: &cntr_timeout 40m - gce_instance: &ibi_vm + timeout_in: 90m # emulation is very slow + gce_instance: image_project: "libpod-218412" # Trust whatever was built most recently is functional image_family: "image-builder" zone: "us-central1-a" disk: 200 # Must be 200, negatively affects performance otherwise. + type: "c2d-standard-4" # Extra muscle needed for multi-arch emulation matrix: - name: &name "Build ${TARGET_NAME} container" env: @@ -102,7 +103,9 @@ container_images_task: &container_images # For $REGPFX namespace, select FQINs only. REG_USERNAME: ENCRYPTED[df4efe530b9a6a731cfea19233e395a5206d24dfac25e84329de035393d191e94ead8c39b373a0391fa025cab15470f8] REG_PASSWORD: ENCRYPTED[255ec05057707c20237a6c7d15b213422779c534f74fe019b8ca565f635dba0e11035a034e533a6f39e146e7435d87b5] - script: ci/make_container_images.sh; + script: | + podman run --rm --privileged mirror.gcr.io/multiarch/qemu-user-static:latest --reset -p yes + ci/make_container_images.sh package_cache: &package_cache folder: "/var/tmp/automation_images_tmp/.cache/**" fingerprint_key: "${TARGET_NAME}-cache-version-1" @@ -117,8 +120,13 @@ imgts_build_task: skip: &ci_docs $CIRRUS_CHANGE_TITLE =~ '.*CI:DOCS.*' depends_on: - image_builder - timeout_in: *cntr_timeout - gce_instance: *ibi_vm + timeout_in: &cntr_timeout 40m + gce_instance: &ibi_vm + image_project: "libpod-218412" + # Trust whatever was built most recently is functional + image_family: "image-builder" + zone: "us-central1-a" + disk: 200 # Must be 200, negatively affects performance otherwise. env: *image_env script: | export TARGET_NAME=imgts diff --git a/IMG_SFX b/IMG_SFX index b0846c52..e69e2bea 100644 --- a/IMG_SFX +++ b/IMG_SFX @@ -1 +1 @@ -20240819t164934z-f40f39d13 +20240820t135131z-f40f39d13 diff --git a/Makefile b/Makefile index 48f510a1..36399f4f 100644 --- a/Makefile +++ b/Makefile @@ -308,9 +308,15 @@ fedora_podman: ## Build Fedora podman development container prior-fedora_podman: ## Build Prior-Fedora podman development container $(call build_podman_container,$@,$(PRIOR_FEDORA_RELEASE)) +# N/B: This assumes that qemu_user_static is present and installed into the kernel or (as root) +# podman run --rm --privileged mirror.gcr.io/multiarch/qemu-user-static:latest --reset -p yes +# must been executed (e.g. on CentOS). $(_TEMPDIR)/%_podman.iid: podman/Containerfile podman/setup.sh $(wildcard base_images/*.sh) $(_TEMPDIR) $(wildcard cache_images/*.sh) - podman build -t $*_podman:$(call err_if_empty,_IMG_SFX) \ + podman build --manifest=$*_podman:$(call err_if_empty,_IMG_SFX) \ + --security-opt label=disable \ --security-opt seccomp=unconfined \ + --platform=linux/amd64,linux/arm64 \ + --jobs=2 \ --iidfile=$@ \ --build-arg=BASE_NAME=$(subst prior-,,$*) \ --build-arg=BASE_TAG=$(call err_if_empty,BASE_TAG) \