Cirrus: Replace Ubuntu container w/ Debian VM

Previously a pre-built Ubuntu-based container image was used for several CI tasks. With the general move toward Debian however, a container image is no-longer available. Remove the old (CI-only) Dockerfile and convert the tasks to run on Debian SID VMs. Signed-off-by: Chris Evich <[email protected]>
containers · Mar 22, 2023 · a04cbc9 · a04cbc9
1 parent ca79008
commit a04cbc9
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 41 deletions.
diff --git a/.cirrus.Dockerfile b/.cirrus.Dockerfile
diff --git a/.cirrus.yml b/.cirrus.yml
@@ -32,15 +32,16 @@ env:
  ####
  #### Cache-image names to test with (double-quotes around names are critical)
  ####
- FEDORA_NAME: "fedora-37" ### c20230120t152650z-f37f36u2204
+ FEDORA_NAME: "fedora-37"
+ DEBIAN_NAME: "debian-12"
 
  # Google-cloud VM Images
- IMAGE_SUFFIX: "c20230120t152650z-f37f36u2204"
+ IMAGE_SUFFIX: "c20230314t204248z-f37f36d12"
  FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
+ DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}"
 
  # Container FQIN's (include bleeding-edge development-level container deps.)
  FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}"
- UBUNTU_CONTAINER_FQIN: "quay.io/libpod/ubuntu_podman:${IMAGE_SUFFIX}"
  # Built along with the standard PR-based workflow in c/automation_images
  SKOPEO_CIDEV_CONTAINER_FQIN: "quay.io/libpod/skopeo_cidev:${IMAGE_SUFFIX}"
 
@@ -53,14 +54,15 @@ validate_task:
  # under Cirrus-CI, due to challenges obtaining the starting commit ID.
  # Only do validation for PRs.
  only_if: $CIRRUS_PR != ''
- # https://cirrus-ci.org/guide/docker-builder-vm/#dockerfile-as-a-ci-environment
- container:
- dockerfile: .cirrus.Dockerfile
- # golangci-lint tool requires heavy cpu/memory or gets OOM'd
- cpu: 6
- memory: 22
- docker_arguments:
- BASE_IMAGE: '${UBUNTU_CONTAINER_FQIN}'
+ gce_instance: &debian_vm
+ image_project: libpod-218412
+ zone: "us-central1-f"
+ cpu: 2
+ memory: "4Gb"
+ # Required to be 200gig, do not modify - has i/o performance impact
+ # according to gcloud CLI tool warning messages.
+ disk: 200
+ image_name: ${DEBIAN_CACHE_IMAGE_NAME}
  script: |
  git remote update
  make tools
@@ -70,33 +72,24 @@ validate_task:
 
 cross_task:
  only_if: &not_docs $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*'
- container: &std_container
- dockerfile: .cirrus.Dockerfile
- # golangci-lint tool requires heavy cpu/memory or gets OOM'd
- cpu: 2
- memory: 4
- docker_arguments:
- BASE_IMAGE: '${UBUNTU_CONTAINER_FQIN}'
- script: |
- make cross
+ gce_instance: *debian_vm
+ script: make cross
 
 
 test_task:
  alias: test
  depends_on:
  - validate
  only_if: *not_docs
- container: *std_container
+ gce_instance: *debian_vm
  matrix:
  - name: "Test"
  env:
  BUILDTAGS: 'btrfs_noversion libdm_no_deferred_remove'
  - name: "Test w/ opengpg"
  env:
  BUILDTAGS: &withopengpg 'btrfs_noversion libdm_no_deferred_remove containers_image_openpgp'
- script: |
- make tools
- make test BUILDTAGS="$BUILDTAGS"
+ script: ${GOSRC}/${SCRIPT_BASE}/runner.sh image_tests
 
 
 #####
@@ -151,7 +144,9 @@ meta_task:
  image: quay.io/libpod/imgts:latest
  env:
  # Space-separated list of images used by this repository state
- IMGNAMES: "${FEDORA_CACHE_IMAGE_NAME}"
+ IMGNAMES: |
+ ${FEDORA_CACHE_IMAGE_NAME}
+ ${DEBIAN_CACHE_IMAGE_NAME}
  BUILDID: "${CIRRUS_BUILD_ID}"
  REPOREF: "${CIRRUS_REPO_NAME}"
  GCPJSON: ENCRYPTED[04306103eee1933f87deb8a5af6514a7e3164aa589d6079abc0451eb2360879430ed020d6e025ca64ef667138ce9d786]

diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh
@@ -20,7 +20,7 @@ fi
 export "PATH=$PATH:$GOPATH/bin"
 
 _run_setup() {
- req_env_vars SKOPEO_PATH SKOPEO_CI_TAG GOSRC
+ req_env_vars SKOPEO_PATH SKOPEO_CI_TAG GOSRC BUILDTAGS
 
  project_module=$(go list .)
 
@@ -43,6 +43,46 @@ _run_setup() {
  "${SKOPEO_PATH}/${SCRIPT_BASE}/runner.sh" setup
 }
 
+_run_image_tests() {
+ req_env_vars GOPATH GOSRC
+
+ # Tests in this repo. are intended to run as a regular user.
+ ROOTLESS_USER="testuser$RANDOM"
+ msg "Setting up rootless user '$ROOTLESS_USER'"
+ cd $GOSRC || exit 1
+ # Guarantee independence from specific values
+ rootless_uid=$((RANDOM+1000))
+ rootless_gid=$((RANDOM+1000))
+ msg "Creating $rootless_uid:$rootless_gid $ROOTLESS_USER user"
+ groupadd -g $rootless_gid $ROOTLESS_USER
+ useradd -g $rootless_gid -u $rootless_uid --no-user-group --create-home $ROOTLESS_USER
+
+ msg "Setting ownership of $GOPATH and $GOSRC"
+ chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
+
+ msg "Creating ssh key pairs"
+ mkdir -p "/root/.ssh" "/home/$ROOTLESS_USER/.ssh"
+ ssh-keygen -t ed25519 -P "" -f "/root/.ssh/id_ed25519"
+
+ msg "Setup authorized_keys"
+ cat /root/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys
+
+ msg "Configure ssh file permissions"
+ chmod -R 700 "/root/.ssh"
+ chmod -R 700 "/home/$ROOTLESS_USER/.ssh"
+ chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh"
+
+ msg "Ensure the ssh daemon is up and running within 5 minutes"
+ systemctl is-active sshd || \
+ systemctl start sshd
+
+ msg "Setup known_hosts for root"
+ ssh-keyscan localhost > /root/.ssh/known_hosts \
+
+ msg "Executing tests as $ROOTLESS_USER"
+ showrun ssh $ROOTLESS_USER@localhost make -C $GOSRC test "BUILDTAGS='$BUILDTAGS'"
+}
+
 req_env_vars GOSRC
 
 handler="_run_${1}"