Unify in_podman container packaging & VM packaging

.cirrus.yml

@@ -39,7 +39,7 @@ env:
     UBUNTU_NAME: "ubuntu-19"
     PRIOR_UBUNTU_NAME: "ubuntu-18"
 
-    _BUILT_IMAGE_SUFFIX: "libpod-6301182083727360"
+    _BUILT_IMAGE_SUFFIX: "libpod-6220812239765504"
     FEDORA_CACHE_IMAGE_NAME: "${FEDORA_NAME}-${_BUILT_IMAGE_SUFFIX}"
     PRIOR_FEDORA_CACHE_IMAGE_NAME: "${PRIOR_FEDORA_NAME}-${_BUILT_IMAGE_SUFFIX}"
     UBUNTU_CACHE_IMAGE_NAME: "${UBUNTU_NAME}-${_BUILT_IMAGE_SUFFIX}"
@@ -156,6 +156,32 @@ gating_task:
         failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh'
 
 
+# Ensure these container images can build
+container_image_build_task:
+    alias: 'container_image_build'
+    depends_on:
+        - "gating"
+
+    # Only run for PRs, quay.io will automatically build after bramch-push
+    only_if: $CIRRUS_BRANCH != $DEST_BRANCH
+
+    matrix:
+        - name: "build in_podman image ${FEDORA_NAME} "
+          container:
+              dockerfile: Dockerfile
+        - name: "build in_podman image ${UBUNTU_NAME}"
+          container:
+              dockerfile: Dockerfile.ubuntu
+        - name: "build gate image $DEST_BRANCH branch"
+          container:
+              dockerfile: contrib/gate/Dockerfile
+
+    container:
+        dockerfile: Dockerfile
+
+    script: make install.remote
+
+
 # This task checks to make sure that we can still build an rpm from the
 # source code using contrib/rpm/podman.spec.in
 rpmbuild_task:
@@ -389,6 +415,7 @@ testing_task:
         - "varlink_api"
         - "build_each_commit"
         - "build_without_cgo"
+        - "container_image_build"
 
     allow_failures: $CI == 'true'
 
@@ -681,6 +708,7 @@ test_build_cache_images_task:
 
     depends_on:
         - "gating"
+        - 'container_image_build'
 
     # VMs created by packer are not cleaned up by cirrus, must allow task to complete
     auto_cancellation: $CI != "true"
@@ -782,6 +810,7 @@ success_task:
         - "varlink_api"
         - "build_each_commit"
         - "build_without_cgo"
+        - "container_image_build"
         - "meta"
         - "image_prune"
         - "testing"

Dockerfile

@@ -1,117 +1,26 @@
-FROM golang:1.12
-
-RUN apt-get update && apt-get install -y \
-    apparmor \
-    autoconf \
-    automake \
-    bison \
-    build-essential \
-    curl \
-    e2fslibs-dev \
-    file \
-    gawk \
-    gettext \
-    go-md2man \
-    iptables \
-    pkg-config \
-    libaio-dev \
-    libcap-dev \
-    libfuse-dev \
-    libnet-dev \
-    libnl-3-dev \
-    libprotobuf-dev \
-    libprotobuf-c-dev \
-    libseccomp2 \
-    libseccomp-dev \
-    libtool \
-    libudev-dev \
-    protobuf-c-compiler \
-    protobuf-compiler \
-    libglib2.0-dev \
-    libapparmor-dev \
-    btrfs-tools \
-    libdevmapper1.02.1 \
-    libdevmapper-dev \
-    libgpgme11-dev \
-    liblzma-dev \
-    netcat \
-    socat \
-    lsof \
-    xz-utils \
-    unzip \
-    python3-yaml \
-    --no-install-recommends \
-    && apt-get clean
-
-# Install runc
-ENV RUNC_COMMIT 029124da7af7360afa781a0234d1b083550f797c
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
-	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
-	&& git fetch origin --tags \
-	&& git checkout --detach -q "$RUNC_COMMIT" \
-	&& make static BUILDTAGS="seccomp selinux" \
-	&& cp runc /usr/bin/runc \
-	&& rm -rf "$GOPATH"
-
-# Install conmon
-ENV CONMON_COMMIT 65fe0226d85b69fc9e527e376795c9791199153d
-RUN set -x \
-	&& export GOPATH="$(mktemp -d)" \
-	&& git clone https://github.com/containers/conmon.git "$GOPATH/src/github.com/containers/conmon.git" \
-	&& cd "$GOPATH/src/github.com/containers/conmon.git" \
-	&& git fetch origin --tags \
-	&& git checkout --detach -q "$CONMON_COMMIT" \
-	&& make \
-	&& install -D -m 755 bin/conmon /usr/libexec/podman/conmon \
-	&& rm -rf "$GOPATH"
-
-# Install CNI plugins
-ENV CNI_COMMIT 485be65581341430f9106a194a98f0f2412245fb
-RUN set -x \
-       && export GOPATH="$(mktemp -d)" GOCACHE="$(mktemp -d)" \
-       && git clone https://github.com/containernetworking/plugins.git "$GOPATH/src/github.com/containernetworking/plugins" \
-       && cd "$GOPATH/src/github.com/containernetworking/plugins" \
-       && git checkout --detach -q "$CNI_COMMIT" \
-       && ./build_linux.sh \
-       && mkdir -p /usr/libexec/cni \
-       && cp bin/* /usr/libexec/cni \
-       && rm -rf "$GOPATH"
-
-# Install ginkgo
-RUN set -x \
-       && export GOPATH=/go \
-       && go get -u github.com/onsi/ginkgo/ginkgo \
-       && install -D -m 755 "$GOPATH"/bin/ginkgo /usr/bin/
-
-# Install gomega
-RUN set -x \
-       && export GOPATH=/go \
-       && go get github.com/onsi/gomega/...
-
-# Install latest stable criu version
-RUN set -x \
-      && cd /tmp \
-      && git clone https://github.com/checkpoint-restore/criu.git \
-      && cd criu \
-      && make \
-      && install -D -m 755  criu/criu /usr/sbin/ \
-      && rm -rf /tmp/criu
-
-# Install cni config
-#RUN make install.cni
-RUN mkdir -p /etc/cni/net.d/
-COPY cni/87-podman-bridge.conflist /etc/cni/net.d/87-podman-bridge.conflist
-
-# Make sure we have some policy for pulling images
-RUN mkdir -p /etc/containers && curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora -o /etc/containers/registries.conf
-
-COPY test/policy.json /etc/containers/policy.json
-COPY test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redhat.com.yaml
-
-ADD . /go/src/github.com/containers/libpod
-
-RUN set -x && cd /go/src/github.com/containers/libpod
-
-WORKDIR /go/src/github.com/containers/libpod
+FROM registry.fedoraproject.org/fedora:latest
+
+# This container image is utilized by the containers CI automation system
+# for building and testing libpod inside a container environment.
+# It is assumed that the source to be tested will overwrite $GOSRC (below)
+# at runtime.
+ENV GOPATH=/var/tmp/go
+ENV GOSRC=$GOPATH/src/github.com/containers/libpod
+ENV SCRIPT_BASE=./contrib/cirrus
+ENV PACKER_BASE=$SCRIPT_BASE/packer
+
+# Only add minimal tooling necessary to complete setup.
+ADD /$SCRIPT_BASE $GOSRC/$SCRIPT_BASE
+ADD /hack/install_catatonit.sh $GOSRC/hack/
+ADD /cni/*.conflist $GOSRC/cni/
+ADD /test/*.json $GOSRC/test/
+ADD /test/*.conf $GOSRC/test/
+WORKDIR $GOSRC
+
+# Re-use repositories and package setup as in VMs under CI
+RUN bash $PACKER_BASE/fedora_packaging.sh && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
+
+# Mirror steps taken under CI
+RUN bash -c 'source $GOSRC/$SCRIPT_BASE/lib.sh && install_test_configs'

Dockerfile.ubuntu

@@ -0,0 +1,29 @@
+# Must resemble $UBUNTU_BASE_IMAGE in ./contrib/cirrus/lib.sh
+FROM ubuntu:latest
+
+# This container image is intended for building and testing libpod
+# from inside a container environment.  It is assumed that the source
+# to be tested will overwrite $GOSRC (below) at runtime.
+ENV GOPATH=/var/tmp/go
+ENV GOSRC=$GOPATH/src/github.com/containers/libpod
+ENV SCRIPT_BASE=./contrib/cirrus
+ENV PACKER_BASE=$SCRIPT_BASE/packer
+
+RUN export DEBIAN_FRONTEND="noninteractive" && \
+    apt-get -qq update --yes && \
+    apt-get -qq upgrade --yes && \
+    apt-get -qq install curl git && \
+    apt-get -qq autoremove --yes && \
+    rm -rf /var/cache/apt
+
+# Only add minimal tooling necessary to complete setup.
+ADD / $GOSRC
+WORKDIR $GOSRC
+
+# Re-use repositories and package setup as in VMs under CI
+RUN bash $PACKER_BASE/ubuntu_packaging.sh && \
+    apt-get -qq autoremove --yes && \
+    rm -rf /var/cache/apt
+
+# Mirror steps taken under CI
+RUN bash -c 'source $GOSRC/$SCRIPT_BASE/lib.sh && install_test_configs'