Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move secret-verify-leak containerfile into its own Directory #13457

Merged
merged 1 commit into from
Mar 8, 2022
Merged

Move secret-verify-leak containerfile into its own Directory #13457

merged 1 commit into from
Mar 8, 2022
+3 −5

Conversation

ashley-cui
Copy link
Member

Secret-verify-leak is causing flakes, when running in parallel tests.
This is because remote secrets are copied into the context directory to
send to the API server, and secret-verify-leak is doing a COPY * and
then checking if the temporary secret file ends up in the container or
not. Since all the temporary files are prefixed with
"podman-build-secret", this test checks if podman-build-secret is in the
image. However, when run in parallel with other tests, other temporary
podman-build-secrets might be in the context dir. Moving
secret-verify-leak into its own directory makes sure that the context
dir is used only by this one test.

Also renamed Dockerfile -> Containerfile and cleaned up unused
Containerfiles.

Signed-off-by: Ashley Cui [email protected]

Fixes: #13417

@ashley-cui
Move secret-verify-leak containerfile into its own Directory
9ce3c0a 
Secret-verify-leak is causing flakes, when running in parallel tests.
This is because remote secrets are copied into the context directory to
send to the API server, and secret-verify-leak is doing a COPY * and
then checking if the temporary secret file ends up in the container or
not. Since all the temporary files are prefixed with
"podman-build-secret", this test checks if podman-build-secret is in the
image. However, when run in parallel with other tests, other temporary
podman-build-secrets might be in the context dir. Moving
secret-verify-leak into its own directory makes sure that the context
dir is used only by this one test.

Also renamed Dockerfile -> Containerfile and cleaned up unused
Containerfiles.

Signed-off-by: Ashley Cui <[email protected]>
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 8, 2022
@edsantiago
Copy link
Member

LGTM, thank you!

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 8, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ashley-cui, flouthoc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [ashley-cui,flouthoc]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rhatdan
Copy link
Member

rhatdan commented Mar 8, 2022

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 8, 2022
@openshift-merge-robot openshift-merge-robot merged commit a08e4e5 into containers:main Mar 8, 2022
@ashley-cui ashley-cui deleted the flake branch June 3, 2022 17:51
ashley-cui added a commit to ashley-cui/podman that referenced this pull request Jun 3, 2022
@ashley-cui
Fix secret-verify-leak flake: set build context to subdir
9de092e 
Setting the build context to a dedicated subdir makes sure that the test does not
flake when running in parallel, as the test is isolated from other tests
that may dump secrets in a higher level context dir.

This should have been done in
containers#13457, as this makes that PR
actually work.

Signed-off-by: Ashley Cui <[email protected]>
@ashley-cui ashley-cui mentioned this pull request Jun 3, 2022
Merged
mheon pushed a commit to mheon/libpod that referenced this pull request Jun 14, 2022
@ashley-cui @mheon
Fix secret-verify-leak flake: set build context to subdir
8896051 
Setting the build context to a dedicated subdir makes sure that the test does not
flake when running in parallel, as the test is isolated from other tests
that may dump secrets in a higher level context dir.

This should have been done in
containers#13457, as this makes that PR
actually work.

Signed-off-by: Ashley Cui <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@flouthoc flouthoc flouthoc approved these changes

Assignees

@rhatdan rhatdan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CI flake: secret file is not leaked into image
5 participants
@ashley-cui @edsantiago @rhatdan @flouthoc @openshift-merge-robot