Cirrus: Support runc testing on debian VMs

Also remove disused `gitlab` test setup.  This test was disabled a
while ago and is unlikely to ever be revived.

Signed-off-by: Chris Evich <[email protected]>

.cirrus.yml

@@ -26,20 +26,20 @@ env:
     ####
     #### Cache-image names to test with (double-quotes around names are critical)
     ####
-    FEDORA_NAME: "fedora-37" ### c20230120t152650z-f37f36u2204
-    FEDORA_AARCH64_NAME: "${FEDORA_NAME}-aarch64" ### c20230120t152650z-f37f36u2204
-    PRIOR_FEDORA_NAME: "fedora-36" ### c20230120t152650z-f37f36u2204
-    #UBUNTU_NAME: "ubuntu-2204"  ### c20230120t152650z-f37f36u2204
+    FEDORA_NAME: "fedora-37"
+    FEDORA_AARCH64_NAME: "${FEDORA_NAME}-aarch64"
+    PRIOR_FEDORA_NAME: "fedora-36"
+    DEBIAN_NAME: "debian-12"
 
     # Image identifiers
-    IMAGE_SUFFIX: "c20230120t152650z-f37f36u2204"
+    IMAGE_SUFFIX: "c20230221t162829z-f37f36d12"
     # EC2 images
     FEDORA_AMI: "fedora-aws-${IMAGE_SUFFIX}"
     FEDORA_AARCH64_AMI: "fedora-podman-aws-arm64-${IMAGE_SUFFIX}"
     # GCP Images
     FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
     PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
-    #UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}"
+    DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}"
     # Container FQIN's
     FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}"
     PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}"
@@ -52,7 +52,7 @@ env:
     TEST_ENVIRON: host       # 'host', or 'container'
     PODBIN_NAME: podman      # 'podman' or 'remote'
     PRIV_NAME: root          # 'root' or 'rootless'
-    DISTRO_NV:               # any {PRIOR_,}{FEDORA,UBUNTU}_NAME value
+    DISTRO_NV:               # any {PRIOR_,}{FEDORA,DEBIAN}_NAME value
     VM_IMAGE_NAME:           # One of the "Google-cloud VM Images" (above)
     CTR_FQIN:                # One of the "Container FQIN's" (above)
 
@@ -109,12 +109,11 @@ build_task:
               CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
               CI_DESIRED_RUNTIME: crun
               CI_DESIRED_NETWORK: cni
-        #- env: &ubuntu_envvars
-        #      DISTRO_NV: ${UBUNTU_NAME}
-        #      VM_IMAGE_NAME: ${UBUNTU_CACHE_IMAGE_NAME}
-        #      CTR_FQIN: ${UBUNTU_CONTAINER_FQIN}
-        #      CI_DESIRED_RUNTIME: runc
-        #      CI_DESIRED_NETWORK: whatever
+        - env: &debian_envvars
+              DISTRO_NV: ${DEBIAN_NAME}
+              VM_IMAGE_NAME: ${DEBIAN_CACHE_IMAGE_NAME}
+              CI_DESIRED_RUNTIME: runc
+              CI_DESIRED_NETWORK: netavark
     env:
         TEST_FLAVOR: build
     # NOTE: The default way Cirrus-CI clones is *NOT* compatible with
@@ -943,11 +942,10 @@ meta_task:
         image: quay.io/libpod/imgts:latest
     env:
         # Space-separated list of images used by this repository state
-        # DISABLED:
-        #   ${UBUNTU_CACHE_IMAGE_NAME}
         IMGNAMES: >-
             ${FEDORA_CACHE_IMAGE_NAME}
             ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
+            ${DEBIAN_CACHE_IMAGE_NAME}
             build-push-${IMAGE_SUFFIX}
         EC2IMGNAMES: >-
           ${FEDORA_AARCH64_AMI}

contrib/cirrus/lib.sh

@@ -204,6 +204,14 @@ install_test_configs() {
 }
 
 use_cni() {
+    req_env_vars OS_RELEASE_ID PACKAGE_DOWNLOAD_DIR SCRIPT_BASE
+    # Defined by common automation library
+    # shellcheck disable=SC2154
+    if [[ "$OS_RELEASE_ID" =~ "debian" ]]; then
+        # Supporting it involves swapping the rpm & dnf commands below
+        die "Testing debian w/ CNI networking currently not supported"
+    fi
+
     msg "Unsetting NETWORK_BACKEND for all subsequent environments."
     echo "export -n NETWORK_BACKEND" >> /etc/ci_environment
     echo "unset NETWORK_BACKEND" >> /etc/ci_environment
@@ -238,6 +246,7 @@ use_cni() {
 }
 
 use_netavark() {
+    req_env_vars OS_RELEASE_ID PRIOR_FEDORA_NAME DISTRO_NV
     local magickind repokind
     msg "Forcing NETWORK_BACKEND=netavark for all subsequent environments."
     echo "NETWORK_BACKEND=netavark" >> /etc/ci_environment
@@ -251,7 +260,9 @@ use_netavark() {
     # See ./contrib/cirrus/CIModes.md.
     # Vars defined by cirrus-ci
     # shellcheck disable=SC2154
-    if [[ "$CIRRUS_CHANGE_TITLE" =~ CI:[AN]V[AN]V= ]]; then
+    if [[ ! "$OS_RELEASE_ID" =~ "debian" ]] && \
+       [[ "$CIRRUS_CHANGE_TITLE" =~ CI:[AN]V[AN]V= ]]
+    then
         # shellcheck disable=SC2154
         if [[ "$CIRRUS_PR_DRAFT" != "true" ]]; then
             die "Magic 'CI:NVAV=*' string can only be used on DRAFT PRs"
@@ -306,7 +317,7 @@ remove_packaged_podman_files() {
 
     # OS_RELEASE_ID is defined by automation-library
     # shellcheck disable=SC2154
-    if [[ "$OS_RELEASE_ID" =~ "ubuntu" ]]
+    if [[ "$OS_RELEASE_ID" =~ "debian" ]]
     then
         LISTING_CMD="dpkg-query -L podman"
     else

contrib/cirrus/logcollector.sh

@@ -25,7 +25,7 @@ showrun() {
 case $1 in
     audit)
         case $OS_RELEASE_ID in
-            ubuntu) showrun cat /var/log/kern.log ;;
+            debian) showrun cat /var/log/kern.log ;;
             fedora) showrun cat /var/log/audit/audit.log ;;
             *) bad_os_id_ver ;;
         esac
@@ -34,7 +34,7 @@ case $1 in
     journal) showrun journalctl -b ;;
     podman) showrun ./bin/podman system info ;;
     packages)
-        # These names are common to Fedora and Ubuntu
+        # These names are common to Fedora and Debian
         PKG_NAMES=(\
                     conmon
                     containernetworking-plugins
@@ -59,7 +59,7 @@ case $1 in
                     passt
                 )
                 ;;
-            ubuntu)
+            debian)
                 cat /etc/issue
                 PKG_LST_CMD='dpkg-query --show --showformat=${Package}-${Version}-${Architecture}\n'
                 PKG_NAMES+=(\

contrib/cirrus/setup_environment.sh

@@ -56,9 +56,13 @@ echo -e "\n# Begin single-use VM global variables (${BASH_SOURCE[0]})" \
     done <<<"$(passthrough_envars)"
 ) >> "/etc/ci_environment"
 
-# This is a possible manual maintenance gaff, check to be sure everything matches.
+# This is a possible manual maintenance gaff, i.e. forgetting to update a
+# *_NAME variable in .cirrus.yml.  check to be sure at least one comparison
+# matches the actual OS being run.  Ignore details, such as debian point-release
+# number and/or '-aarch64' suffix.
 # shellcheck disable=SC2154
-[[ "$DISTRO_NV" =~ $OS_REL_VER ]] || \
+grep -q "$DISTRO_NV" <<<"$OS_REL_VER" || \
+    grep -q "$OS_REL_VER" <<<"$DISTRO_NV" || \
     die "Automation spec. '$DISTRO_NV'; actual host '$OS_REL_VER'"
 
 # Only allow this script to execute once
@@ -118,7 +122,7 @@ fi
 
 # Which distribution are we testing on.
 case "$OS_RELEASE_ID" in
-    ubuntu) ;;
+    debian) ;;
     fedora)
         if ((CONTAINER==0)); then
             # All SELinux distros need this for systemd-in-a-container
@@ -352,64 +356,6 @@ case "$TEST_FLAVOR" in
         make install PREFIX=/usr ETCDIR=/etc
         install_test_configs
         ;;
-    gitlab)
-        # ***WARNING*** ***WARNING*** ***WARNING*** ***WARNING***
-        # This sets up a special ubuntu environment exclusively for
-        # running the upstream gitlab-runner unit tests through
-        # podman as a drop-in replacement for the Docker daemon.
-        # Test and setup information can be found here:
-        # https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27270#note_499585550
-        #
-        # Unless you know what you're doing, and/or are in contact
-        # with the upstream gitlab-runner developers/community,
-        # please don't make changes willy-nilly to this setup.
-        # It's designed to follow upstream gitlab-runner development
-        # and alert us if any podman change breaks their foundation.
-        #
-        # That said, if this task does break in strange ways or requires
-        # updates you're unsure of.  Please consult with the upstream
-        # community through an issue near the one linked above.  If
-        # an extended period of breakage is expected, please un-comment
-        # the related `allow_failures: $CI == $CI` line in `.cirrus.yml`.
-        # ***WARNING*** ***WARNING*** ***WARNING*** ***WARNING***
-
-        if [[ "$OS_RELEASE_ID" != "ubuntu" ]]; then
-            die "This test only runs on Ubuntu due to sheer laziness"
-        fi
-
-        remove_packaged_podman_files
-        make install PREFIX=/usr ETCDIR=/etc
-
-        msg "Installing docker and containerd"
-        # N/B: Tests check/expect `docker info` output, and this `!= podman info`
-        ooe.sh dpkg -i \
-            $PACKAGE_DOWNLOAD_DIR/containerd.io*.deb \
-            $PACKAGE_DOWNLOAD_DIR/docker-ce*.deb
-
-        msg "Disabling docker service and socket activation"
-        systemctl stop docker.service docker.socket
-        systemctl disable docker.service docker.socket
-        rm -rf /run/docker*
-        # Guarantee the docker daemon can't be started, even by accident
-        rm -vf $(type -P dockerd)
-
-        msg "Recursively chowning source to $ROOTLESS_USER"
-        chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
-
-        msg "Obtaining necessary gitlab-runner testing bits"
-        slug="gitlab.com/gitlab-org/gitlab-runner"
-        helper_fqin="registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-latest-pwsh"
-        ssh="ssh $ROOTLESS_USER@localhost -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no env GOPATH=$GOPATH"
-        showrun $ssh go install github.com/jstemmer/go-junit-report/[email protected]
-        showrun $ssh git clone https://$slug $GOPATH/src/$slug
-        showrun $ssh make -C $GOPATH/src/$slug development_setup
-        showrun $ssh bash -c "'cd $GOPATH/src/$slug && GOPATH=$GOPATH go get .'"
-
-        showrun $ssh podman pull $helper_fqin
-        # Tests expect image with this exact name
-        showrun $ssh podman tag $helper_fqin \
-            docker.io/gitlab/gitlab-runner-helper:x86_64-latest-pwsh
-        ;;
     swagger)
         make .install.swagger
         ;;