From a04cbc979b5a7a8ac709b0ed619392a4aef993c8 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Tue, 14 Mar 2023 15:12:29 -0400 Subject: [PATCH] Cirrus: Replace Ubuntu container w/ Debian VM Previously a pre-built Ubuntu-based container image was used for several CI tasks. With the general move toward Debian however, a container image is no-longer available. Remove the old (CI-only) Dockerfile and convert the tasks to run on Debian SID VMs. Signed-off-by: Chris Evich --- .cirrus.Dockerfile | 15 -------------- .cirrus.yml | 45 ++++++++++++++++++---------------------- contrib/cirrus/runner.sh | 42 ++++++++++++++++++++++++++++++++++++- 3 files changed, 61 insertions(+), 41 deletions(-) delete mode 100644 .cirrus.Dockerfile diff --git a/.cirrus.Dockerfile b/.cirrus.Dockerfile deleted file mode 100644 index b22261958..000000000 --- a/.cirrus.Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -ARG BASE_IMAGE=ubuntu:latest -FROM $BASE_IMAGE -ARG GOPATH=/var/tmp/go -ARG TEST_USER=testuser - -RUN apt-get -qq update && \ - apt-get install -y sudo docker.io libdevmapper-dev libgpgme-dev libostree-dev - -RUN adduser --shell=/bin/bash --disabled-password \ - --gecos "$TEST_USER" "$TEST_USER" && \ - mkdir -p "$GOPATH" && \ - chown -R $TEST_USER:$TEST_USER "$GOPATH" && \ - find "$GOPATH" -type d -exec chmod 2770 '{}' + -ENV PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$GOPATH/bin" -USER $TEST_USER diff --git a/.cirrus.yml b/.cirrus.yml index 5287ff500..947bdcdb3 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -32,15 +32,16 @@ env: #### #### Cache-image names to test with (double-quotes around names are critical) #### - FEDORA_NAME: "fedora-37" ### c20230120t152650z-f37f36u2204 + FEDORA_NAME: "fedora-37" + DEBIAN_NAME: "debian-12" # Google-cloud VM Images - IMAGE_SUFFIX: "c20230120t152650z-f37f36u2204" + IMAGE_SUFFIX: "c20230314t204248z-f37f36d12" FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" + DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}" # Container FQIN's (include bleeding-edge development-level container deps.) FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}" - UBUNTU_CONTAINER_FQIN: "quay.io/libpod/ubuntu_podman:${IMAGE_SUFFIX}" # Built along with the standard PR-based workflow in c/automation_images SKOPEO_CIDEV_CONTAINER_FQIN: "quay.io/libpod/skopeo_cidev:${IMAGE_SUFFIX}" @@ -53,14 +54,15 @@ validate_task: # under Cirrus-CI, due to challenges obtaining the starting commit ID. # Only do validation for PRs. only_if: $CIRRUS_PR != '' - # https://cirrus-ci.org/guide/docker-builder-vm/#dockerfile-as-a-ci-environment - container: - dockerfile: .cirrus.Dockerfile - # golangci-lint tool requires heavy cpu/memory or gets OOM'd - cpu: 6 - memory: 22 - docker_arguments: - BASE_IMAGE: '${UBUNTU_CONTAINER_FQIN}' + gce_instance: &debian_vm + image_project: libpod-218412 + zone: "us-central1-f" + cpu: 2 + memory: "4Gb" + # Required to be 200gig, do not modify - has i/o performance impact + # according to gcloud CLI tool warning messages. + disk: 200 + image_name: ${DEBIAN_CACHE_IMAGE_NAME} script: | git remote update make tools @@ -70,15 +72,8 @@ validate_task: cross_task: only_if: ¬_docs $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' - container: &std_container - dockerfile: .cirrus.Dockerfile - # golangci-lint tool requires heavy cpu/memory or gets OOM'd - cpu: 2 - memory: 4 - docker_arguments: - BASE_IMAGE: '${UBUNTU_CONTAINER_FQIN}' - script: | - make cross + gce_instance: *debian_vm + script: make cross test_task: @@ -86,7 +81,7 @@ test_task: depends_on: - validate only_if: *not_docs - container: *std_container + gce_instance: *debian_vm matrix: - name: "Test" env: @@ -94,9 +89,7 @@ test_task: - name: "Test w/ opengpg" env: BUILDTAGS: &withopengpg 'btrfs_noversion libdm_no_deferred_remove containers_image_openpgp' - script: | - make tools - make test BUILDTAGS="$BUILDTAGS" + script: ${GOSRC}/${SCRIPT_BASE}/runner.sh image_tests ##### @@ -151,7 +144,9 @@ meta_task: image: quay.io/libpod/imgts:latest env: # Space-separated list of images used by this repository state - IMGNAMES: "${FEDORA_CACHE_IMAGE_NAME}" + IMGNAMES: | + ${FEDORA_CACHE_IMAGE_NAME} + ${DEBIAN_CACHE_IMAGE_NAME} BUILDID: "${CIRRUS_BUILD_ID}" REPOREF: "${CIRRUS_REPO_NAME}" GCPJSON: ENCRYPTED[04306103eee1933f87deb8a5af6514a7e3164aa589d6079abc0451eb2360879430ed020d6e025ca64ef667138ce9d786] diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh index 2166145f9..dadaa5db1 100755 --- a/contrib/cirrus/runner.sh +++ b/contrib/cirrus/runner.sh @@ -20,7 +20,7 @@ fi export "PATH=$PATH:$GOPATH/bin" _run_setup() { - req_env_vars SKOPEO_PATH SKOPEO_CI_TAG GOSRC + req_env_vars SKOPEO_PATH SKOPEO_CI_TAG GOSRC BUILDTAGS project_module=$(go list .) @@ -43,6 +43,46 @@ _run_setup() { "${SKOPEO_PATH}/${SCRIPT_BASE}/runner.sh" setup } +_run_image_tests() { + req_env_vars GOPATH GOSRC + + # Tests in this repo. are intended to run as a regular user. + ROOTLESS_USER="testuser$RANDOM" + msg "Setting up rootless user '$ROOTLESS_USER'" + cd $GOSRC || exit 1 + # Guarantee independence from specific values + rootless_uid=$((RANDOM+1000)) + rootless_gid=$((RANDOM+1000)) + msg "Creating $rootless_uid:$rootless_gid $ROOTLESS_USER user" + groupadd -g $rootless_gid $ROOTLESS_USER + useradd -g $rootless_gid -u $rootless_uid --no-user-group --create-home $ROOTLESS_USER + + msg "Setting ownership of $GOPATH and $GOSRC" + chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC" + + msg "Creating ssh key pairs" + mkdir -p "/root/.ssh" "/home/$ROOTLESS_USER/.ssh" + ssh-keygen -t ed25519 -P "" -f "/root/.ssh/id_ed25519" + + msg "Setup authorized_keys" + cat /root/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys + + msg "Configure ssh file permissions" + chmod -R 700 "/root/.ssh" + chmod -R 700 "/home/$ROOTLESS_USER/.ssh" + chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh" + + msg "Ensure the ssh daemon is up and running within 5 minutes" + systemctl is-active sshd || \ + systemctl start sshd + + msg "Setup known_hosts for root" + ssh-keyscan localhost > /root/.ssh/known_hosts \ + + msg "Executing tests as $ROOTLESS_USER" + showrun ssh $ROOTLESS_USER@localhost make -C $GOSRC test "BUILDTAGS='$BUILDTAGS'" +} + req_env_vars GOSRC handler="_run_${1}"