diff --git a/.cirrus.yml b/.cirrus.yml deleted file mode 100644 index 4888b72e53..0000000000 --- a/.cirrus.yml +++ /dev/null @@ -1,568 +0,0 @@ ---- - -# Main collection of env. vars to set for all tasks and scripts. -env: - #### - #### Global variables used for all tasks - #### - # Name of the ultimate destination branch for this CI run, PR or post-merge. - DEST_BRANCH: "v3.4" - # Overrides default location (/tmp/cirrus) for repo clone - GOPATH: &gopath "/var/tmp/go" - GOBIN: "${GOPATH}/bin" - GOCACHE: "${GOPATH}/cache" - GOSRC: &gosrc "/var/tmp/go/src/github.com/containers/podman" - CIRRUS_WORKING_DIR: *gosrc - # The default is 'sh' if unspecified - CIRRUS_SHELL: "/bin/bash" - # Save a little typing (path relative to $CIRRUS_WORKING_DIR) - SCRIPT_BASE: "./contrib/cirrus" - # Runner statistics log file path/name - STATS_LOGFILE_SFX: 'runner_stats.log' - STATS_LOGFILE: '$GOSRC/${CIRRUS_TASK_NAME}-${STATS_LOGFILE_SFX}' - - #### - #### Cache-image names to test with (double-quotes around names are critical) - #### - FEDORA_NAME: "fedora-34" - PRIOR_FEDORA_NAME: "fedora-33" - UBUNTU_NAME: "ubuntu-2104" - - # Google-cloud VM Images - IMAGE_SUFFIX: "c6431352024203264" - FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" - PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}" - UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}" - - # Container FQIN's - FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}" - PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}" - UBUNTU_CONTAINER_FQIN: "quay.io/libpod/ubuntu_podman:${IMAGE_SUFFIX}" - - #### - #### Control variables that determine what to run and how to run it. - #### N/B: Required ALL of these are set for every single task. - #### - TEST_FLAVOR: # int, sys, ext_svc, validate, automation, etc. - TEST_ENVIRON: host # 'host' or 'container' - PODBIN_NAME: podman # 'podman' or 'remote' - PRIV_NAME: root # 'root' or 'rootless' - DISTRO_NV: # any {PRIOR_,}{FEDORA,UBUNTU}_NAME value - VM_IMAGE_NAME: # One of the "Google-cloud VM Images" (above) - CTR_FQIN: # One of the "Container FQIN's" (above) - - -# Default timeout for each task -timeout_in: 60m - - -gcp_credentials: ENCRYPTED[a28959877b2c9c36f151781b0a05407218cda646c7d047fc556e42f55e097e897ab63ee78369dae141dcf0b46a9d0cdd] - - -# Attempt to prevent flakes by confirming all required external/3rd-party -# services are available and functional. -ext_svc_check_task: - alias: 'ext_svc_check' # int. ref. name - required for depends_on reference - name: "Ext. services" # Displayed Title - has no other significance - skip: &tags "$CIRRUS_TAG != ''" # Don't run on tags - # Default/small container image to execute tasks with - container: &smallcontainer - image: ${CTR_FQIN} - # Resources are limited across ALL currently executing tasks - # ref: https://cirrus-ci.org/guide/linux/#linux-containers - cpu: 2 - memory: 2 - env: - TEST_FLAVOR: ext_svc - CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - # NOTE: The default way Cirrus-CI clones is *NOT* compatible with - # environment expectations in contrib/cirrus/lib.sh. Specifically - # the 'origin' remote must be defined, and all remote branches/tags - # must be available for reference from CI scripts. - clone_script: &full_clone | - cd / - rm -rf $CIRRUS_WORKING_DIR - mkdir -p $CIRRUS_WORKING_DIR - git clone --recursive --branch=$DEST_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR - cd $CIRRUS_WORKING_DIR - git remote update origin - if [[ -n "$CIRRUS_PR" ]]; then # running for a PR - git fetch origin pull/$CIRRUS_PR/head:pull/$CIRRUS_PR - git checkout pull/$CIRRUS_PR - else - git reset --hard $CIRRUS_CHANGE_IN_REPO - fi - make install.tools - - setup_script: &setup '$GOSRC/$SCRIPT_BASE/setup_environment.sh' - main_script: &main '/usr/bin/time --verbose --output="$STATS_LOGFILE" $GOSRC/$SCRIPT_BASE/runner.sh' - always: &runner_stats - runner_stats_artifacts: - path: ./*-${STATS_LOGFILE_SFX} - type: text/plain - - -# Execute some quick checks to confirm this YAML file and all -# automation-related shell scripts are sane. -automation_task: - alias: 'automation' - name: "Check Automation" - skip: &branches_and_tags "$CIRRUS_PR == '' || $CIRRUS_TAG != ''" # Don't run on branches/tags - container: *smallcontainer - env: - TEST_FLAVOR: automation - CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - TEST_ENVIRON: container - clone_script: *full_clone - setup_script: *setup - main_script: *main - always: *runner_stats - - -# N/B: This task is critical. It builds all binaries and release archives -# for the project, using all primary OS platforms and versions. Assuming -# the builds are successful, a cache is stored of the entire `$GOPATH` -# contents. For all subsequent tasks, the _BUILD_CACHE_HANDLE value -# is used as a key to reuse this cache, saving both time and money. -# The only exceptions are tasks which only run inside a container, they -# will not have access the cache and therefore must rely on cloning the -# repository. -build_task: - alias: 'build' - name: 'Build for $DISTRO_NV' - gce_instance: &standardvm - image_project: libpod-218412 - zone: "us-central1-a" - cpu: 2 - memory: "4Gb" - # Required to be 200gig, do not modify - has i/o performance impact - # according to gcloud CLI tool warning messages. - disk: 200 - image_name: "${VM_IMAGE_NAME}" # from stdenvars - matrix: &platform_axis - # Ref: https://cirrus-ci.org/guide/writing-tasks/#matrix-modification - - env: &stdenvars - DISTRO_NV: ${FEDORA_NAME} - # Not used here, is used in other tasks - VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} - CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - # ID for re-use of build output - _BUILD_CACHE_HANDLE: ${FEDORA_NAME}-build-${CIRRUS_BUILD_ID} - - env: &priorfedora_envvars - DISTRO_NV: ${PRIOR_FEDORA_NAME} - VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME} - CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN} - _BUILD_CACHE_HANDLE: ${PRIOR_FEDORA_NAME}-build-${CIRRUS_BUILD_ID} - - env: &ubuntu_envvars - DISTRO_NV: ${UBUNTU_NAME} - VM_IMAGE_NAME: ${UBUNTU_CACHE_IMAGE_NAME} - CTR_FQIN: ${UBUNTU_CONTAINER_FQIN} - _BUILD_CACHE_HANDLE: ${UBUNTU_NAME}-build-${CIRRUS_BUILD_ID} - env: - TEST_FLAVOR: build - # Ref: https://cirrus-ci.org/guide/writing-tasks/#cache-instruction - gopath_cache: &gopath_cache - folder: *gopath # Required hard-coded path, no variables. - fingerprint_script: echo "$_BUILD_CACHE_HANDLE" - # Cheat: Clone here when cache is empty, guaranteeing consistency. - populate_script: *full_clone - # A normal clone would invalidate useful cache - clone_script: &noop mkdir -p $CIRRUS_WORKING_DIR - setup_script: *setup - main_script: *main - always: &binary_artifacts - <<: *runner_stats - gosrc_artifacts: - path: ./* # Grab everything in top-level $GOSRC - type: application/octet-stream - binary_artifacts: - path: ./bin/* - type: application/octet-stream - - -# Confirm the result of building on at least one platform appears sane. -# This confirms the binaries can be executed, checks --help vs docs, and -# other essential post-build validation checks. -validate_task: - name: "Validate $DISTRO_NV Build" - alias: validate - # This task is primarily intended to catch human-errors early on, in a - # PR. Skip it for branch-push, branch-create, and tag-push to improve - # automation reliability/speed in those contexts. Any missed errors due - # to nonsequential PR merging practices, will be caught on a future PR, - # build or test task failures. - skip: *branches_and_tags - depends_on: - - ext_svc_check - - automation - - build - # golangci-lint is a very, very hungry beast. - gce_instance: &bigvm - <<: *standardvm - cpu: 8 - memory: "16Gb" - env: - <<: *stdenvars - TEST_FLAVOR: validate - gopath_cache: &ro_gopath_cache - <<: *gopath_cache - reupload_on_changes: false - clone_script: *noop - setup_script: *setup - main_script: *main - always: *runner_stats - - -# Exercise the "libpod" API with a small set of common -# operations to ensure they are functional. -bindings_task: - name: "Test Bindings" - alias: bindings - only_if: ¬_docs $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' - skip: *branches_and_tags - depends_on: - - build - gce_instance: *standardvm - env: - <<: *stdenvars - TEST_FLAVOR: bindings - gopath_cache: *ro_gopath_cache - clone_script: *noop # Comes from cache - setup_script: *setup - main_script: *main - always: &html_artifacts - <<: *runner_stats - # Required for `contrib/cirrus/logformatter` to work properly - html_artifacts: - path: ./*.html - type: text/html - - -# Check that all included go modules from other sources match -# what is expected in `vendor/modules.txt` vs `go.mod`. Also -# make sure that the generated bindings in pkg/bindings/... -# are in sync with the code. -consistency_task: - name: "Test Code Consistency" - alias: consistency - skip: *tags - depends_on: - - build - container: *smallcontainer - env: - <<: *stdenvars - TEST_FLAVOR: consistency - TEST_ENVIRON: container - CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - clone_script: *full_clone # build-cache not available to container tasks - setup_script: *setup - main_script: *main - always: *runner_stats - - -# There are several other important variations of podman which -# must always build successfully. Most of them are handled in -# this task, though a few need dedicated tasks which follow. -alt_build_task: - name: "$ALT_NAME" - alias: alt_build - only_if: *not_docs - depends_on: - - build - env: - <<: *stdenvars - TEST_FLAVOR: "altbuild" - gce_instance: *standardvm - matrix: - - env: - ALT_NAME: 'Build Each Commit' - - env: - ALT_NAME: 'Windows Cross' - - env: - ALT_NAME: 'Build Without CGO' - - env: - ALT_NAME: 'Test build RPM' - - env: - ALT_NAME: 'Alt Arch. Cross' - gopath_cache: *ro_gopath_cache - clone_script: *noop # Comes from cache - setup_script: *setup - main_script: *main - always: *binary_artifacts - - -# Does exactly what it says, execute the podman unit-tests on all primary -# platforms and release versions. -unit_test_task: - name: "Unit tests on $DISTRO_NV" - alias: unit_test - skip: *tags - only_if: *not_docs - depends_on: - - validate - matrix: - - env: *stdenvars - - env: *priorfedora_envvars - - env: *ubuntu_envvars - # Special-case: Rootless on latest Fedora (standard) VM - - name: "Rootless unit on $DISTRO_NV" - env: - <<: *stdenvars - PRIV_NAME: rootless - gce_instance: *standardvm - env: - TEST_FLAVOR: unit - clone_script: *noop # Comes from cache - gopath_cache: *ro_gopath_cache - setup_script: *setup - main_script: *main - always: *runner_stats - - -# Execute the podman integration tests on all primary platforms and release -# versions, as root, without involving the podman-remote client. -local_integration_test_task: &local_integration_test_task - # Integration-test task name convention: - # - name: &std_name_fmt "$TEST_FLAVOR $PODBIN_NAME $DISTRO_NV $PRIV_NAME $TEST_ENVIRON" - alias: local_integration_test - only_if: *not_docs - skip: *branches_and_tags - depends_on: - - unit_test - matrix: *platform_axis - gce_instance: *standardvm - timeout_in: 90m - env: - TEST_FLAVOR: int - clone_script: *noop # Comes from cache - gopath_cache: *ro_gopath_cache - setup_script: *setup - main_script: *main - always: &logs_artifacts - <<: *html_artifacts - package_versions_script: '$SCRIPT_BASE/logcollector.sh packages' - df_script: '$SCRIPT_BASE/logcollector.sh df' - audit_log_script: '$SCRIPT_BASE/logcollector.sh audit' - journal_script: '$SCRIPT_BASE/logcollector.sh journal' - podman_system_info_script: '$SCRIPT_BASE/logcollector.sh podman' - time_script: '$SCRIPT_BASE/logcollector.sh time' - - ginkgo_node_logs_artifacts: - path: ./test/e2e/ginkgo-node-*.log - type: text/plain - - -# Nearly identical to `local_integration_test` except all operations -# are performed through the podman-remote client vs a podman "server" -# running on the same host. -remote_integration_test_task: - <<: *local_integration_test_task - alias: remote_integration_test - env: - TEST_FLAVOR: int - PODBIN_NAME: remote - - -# Run the complete set of integration tests from inside a container. -# This verifies all/most operations function with "podman-in-podman". -container_integration_test_task: - name: *std_name_fmt - alias: container_integration_test - only_if: *not_docs - skip: *branches_and_tags - depends_on: - - unit_test - matrix: &fedora_vm_axis - - env: - DISTRO_NV: ${FEDORA_NAME} - _BUILD_CACHE_HANDLE: ${FEDORA_NAME}-build-${CIRRUS_BUILD_ID} - VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} - CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - - env: - DISTRO_NV: ${PRIOR_FEDORA_NAME} - _BUILD_CACHE_HANDLE: ${PRIOR_FEDORA_NAME}-build-${CIRRUS_BUILD_ID} - VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME} - CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN} - gce_instance: *standardvm - timeout_in: 90m - env: - TEST_FLAVOR: int - TEST_ENVIRON: container - clone_script: *noop # Comes from cache - gopath_cache: *ro_gopath_cache - setup_script: *setup - main_script: *main - always: *logs_artifacts - - -# Execute most integration tests as a regular (non-root) user. -rootless_integration_test_task: - name: *std_name_fmt - alias: rootless_integration_test - only_if: *not_docs - skip: *branches_and_tags - depends_on: - - unit_test - matrix: *platform_axis - gce_instance: *standardvm - timeout_in: 90m - env: - TEST_FLAVOR: int - PRIV_NAME: rootless - clone_script: *noop # Comes from cache - gopath_cache: *ro_gopath_cache - setup_script: *setup - main_script: *main - always: *logs_artifacts - - -# Always run subsequent to integration tests. While parallelism is lost -# with runtime, debugging system-test failures can be more challenging -# for some golang developers. Otherwise the following tasks run across -# the same matrix as the integration-tests (above). -local_system_test_task: &local_system_test_task - name: *std_name_fmt - alias: local_system_test - skip: *tags - only_if: *not_docs - depends_on: - - local_integration_test - matrix: *platform_axis - gce_instance: *standardvm - env: - TEST_FLAVOR: sys - clone_script: *noop # Comes from cache - gopath_cache: *ro_gopath_cache - setup_script: *setup - main_script: *main - always: *logs_artifacts - - -remote_system_test_task: - <<: *local_system_test_task - alias: remote_system_test - depends_on: - - remote_integration_test - env: - TEST_FLAVOR: sys - PODBIN_NAME: remote - - -rootless_system_test_task: - name: *std_name_fmt - alias: rootless_system_test - skip: *tags - only_if: *not_docs - depends_on: - - rootless_integration_test - matrix: *platform_axis - gce_instance: *standardvm - env: - TEST_FLAVOR: sys - PRIV_NAME: rootless - clone_script: *noop # Comes from cache - gopath_cache: *ro_gopath_cache - setup_script: *setup - main_script: *main - always: *logs_artifacts - - -# This task is critical. It updates the "last-used by" timestamp stored -# in metadata for all VM images. This mechanism functions in tandem with -# an out-of-band pruning operation to remove disused VM images. -meta_task: - name: "VM img. keepalive" - alias: meta - container: - cpu: 2 - memory: 2 - image: quay.io/libpod/imgts:latest - env: - # Space-separated list of images used by this repository state - IMGNAMES: >- - ${FEDORA_CACHE_IMAGE_NAME} - ${PRIOR_FEDORA_CACHE_IMAGE_NAME} - ${UBUNTU_CACHE_IMAGE_NAME} - BUILDID: "${CIRRUS_BUILD_ID}" - REPOREF: "${CIRRUS_REPO_NAME}" - GCPJSON: ENCRYPTED[3a198350077849c8df14b723c0f4c9fece9ebe6408d35982e7adf2105a33f8e0e166ed3ed614875a0887e1af2b8775f4] - GCPNAME: ENCRYPTED[2f9738ef295a706f66a13891b40e8eaa92a89e0e87faf8bed66c41eca72bf76cfd190a6f2d0e8444c631fdf15ed32ef6] - GCPPROJECT: libpod-218412 - clone_script: *noop - script: /usr/local/bin/entrypoint.sh - - -# Status aggregator for all tests. This task simply ensures a defined -# set of tasks all passed, and allows confirming that based on the status -# of this task. -success_task: - name: "Total Success" - alias: success - # N/B: ALL tasks must be listed here, minus their '_task' suffix. - depends_on: - - ext_svc_check - - automation - - build - - validate - - bindings - - consistency - - alt_build - - unit_test - - local_integration_test - - remote_integration_test - - rootless_integration_test - - container_integration_test - - local_system_test - - remote_system_test - - rootless_system_test - - meta - container: *smallcontainer - env: - CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - TEST_ENVIRON: container - clone_script: *noop - script: /bin/true - - -# When a new tag is pushed, confirm that the code and commits -# meet criteria for an official release. -release_task: - name: "Verify Release" - alias: release - only_if: *tags - depends_on: - - success - gce_instance: *standardvm - env: - <<: *stdenvars - TEST_FLAVOR: release - gopath_cache: *ro_gopath_cache - clone_script: *noop # Comes from cache - setup_script: *setup - main_script: *main - always: *binary_artifacts - - -# When preparing to release a new version, this task may be manually -# activated at the PR stage to verify the build is proper for a potential -# podman release. -# -# Note: This cannot use a YAML alias on 'release_task' as of this -# comment, it is incompatible with 'trigger_type: manual' -release_test_task: - name: "Optional Release Test" - alias: release_test - only_if: $CIRRUS_PR != '' - trigger_type: manual - depends_on: - - success - gce_instance: *standardvm - env: - <<: *stdenvars - TEST_FLAVOR: release - gopath_cache: *ro_gopath_cache - clone_script: *noop # Comes from cache - setup_script: *setup - main_script: *main - always: *binary_artifacts