CI flake: secret file is not leaked into image

[edsantiago]

Pretty rare flake:

? Failure [10.262 seconds]
    Podman build
    /var/tmp/go/src/github.com[/containers/podman/test/e2e/build_test.go:18](https://github.com/containers/podman/blob/572e6464f607189744afb76ee729ab31018266ad/test/e2e/build_test.go#L18)
      podman build with a secret from file and verify if secret file is not leaked into image [It]
      /var/tmp/go/src/github.com[/containers/podman/test/e2e/build_test.go:85](https://github.com/containers/podman/blob/572e6464f607189744afb76ee729ab31018266ad/test/e2e/build_test.go#L85)
         
      Expected
          <string>: Containerfile Containerfile.path Containerfile.volume Dockerfile
                    Dockerfile.squash-a Dockerfile.squash-b Dockerfile.squash-c Dockerfile.test-cp-root-dir
                    Dockerfile.with-multiple-secret Dockerfile.with-secret Dockerfile.with-secret-verify-leak
                    alpinetest.tgz anothersecret.txt bin context_dir_a_file dev etc home lib media mnt opt
      >>>>>>>>>>>>> podman-build-secret535923765 podman-build-secret775430160 podman-build-secret893804089
                    proc root run sbin secret.txt srv sys tmp usr var
      not to contain substring
          <string>: podman-build-secret
         
      test/e2e/build_test.go#L94

(formatted for legibility).

This is ginkgo, so my hunch is that multiple secrets-related tests are all running at once. One super-simple fix might be to move test/e2e/build/Dockerfile.with-secret-verify-leak into a new subdirectory, test/e2e/build/secret-verify-leak. It should be very easy to do this and see if the flake goes away. But it's also possible that this is a real bug.

Seems to be remote only.

Podman build [It] podman build with a secret from file and verify if secret file is not leaked into image

• fedora-34 : int remote fedora-34 root host [remote]
  • PR Add 409 response to swagger godoc #13205
    • 02-10 16:43
• fedora-35 : int remote fedora-35 root host [remote]
  • PR Use storage that better supports rootless overlayfs #13375
    • 03-01 13:18
  • PR Bump to v4.0.0-RC5 #13203
    • 02-11 14:58

[vrothberg]

@ashley-cui please take a look

[edsantiago]

Still flaking; reopening

Podman build [It] podman build with a secret from file and verify if secret file is not leaked into image

• fedora-35 : int remote fedora-35 root host [remote]
  • PR Cirrus: Fix Makefile including 'hack' in $PATH #14180
    • 05-10 12:00
  • PR test: use T.TempDir to create temporary test directory #14129
    • 05-05 10:54
  • PR volume: add new option -o o=noquota #14051
    • 04-28 08:40
  • PR replace golint with revive linter #13973
    • 04-22 10:24
  • PR Bump github.com/fsnotify/fsnotify from 1.5.1 to 1.5.2 #13949
    • 04-21 09:20
  • PR Implement Windows volume/mount support #13908
    • 04-25 16:15
  • PR compat api: use network mode bridge as default #13844
    • 04-13 10:52
  • PR [v4.0 backport] Bump golang.org/x/crypto to 7b82a4e #13843
    • 04-12 12:16
  • PR Bump golang.org/x/crypto to 7b82a4e #13841
    • 04-12 12:18
  • PR Add log rotation based on log size #13641
    • 04-14 05:44
• fedora-36 : int remote fedora-36 root host [remote]
  • PR kube: honor pod security context IDs #14167
    • 05-10 04:25
  • PR build: disable and hide --output for podman-remote clients #14125
    • 05-05 07:59
  • PR libpod: treat ECONNRESET as EOF #14109
    • 05-04 10:57
  • PR pass networks to container clone #14059
    • 05-04 00:21
  • PR pod: add exit policies #13859
    • 05-02 08:42
• ubuntu-2110 : int remote ubuntu-2110 root host [remote]
  • PR [v4.1] test: fix "podman search format json" #14164
    • 05-09 14:54
  • PR run, mount: allow setting driver specific option using volume-opt= #13788
    • 04-12 03:49

[vrothberg]

@ashley-cui can you take a look?

[edsantiago]

Podman build [It] podman build with a secret from file and verify if secret file is not leaked into image

• fedora-35 : int remote fedora-35 root host [remote]
  • PR podman machine ssh: set correct exit code #14417
    • 05-31 15:50
    • 05-30 11:30
  • PR Add Authorization field to Plugins for Info #14383
    • 05-26 20:02
  • PR Support remote deadlock errors in rm #14366
    • 05-25 15:27
  • PR Support running podman under a root v2 cgroup #14308
    • 05-21 11:53
  • PR shell completion: use more constants in the code #14272
    • 05-19 09:16
  • PR Deleting an n use image should return conflict not system error #14228
    • 05-16 11:13
• fedora-36 : int remote fedora-36 root host [remote]
  • PR Removed imageStream hardcoded value #14439
    • 06-01 12:52
  • PR pkg/specgen: parse default network mode on server #14436
    • 06-01 12:18
  • PR Makefile: Handle unexpected empty var. values #14435
    • 06-01 18:47
  • PR podman stats: work with network connect/disconnect #14421
    • 05-31 10:39
  • PR podman volume export/import: give better error #14419
  • 05-30 13:21
  • PR podman machine ssh: set correct exit code #14417
    • 05-30 11:30
  • PR Add API support for NoOverwriteDirNonDir #14393
    • 05-26 20:39
  • PR Fix swagger model of InspectPodResponse #14377
    • 05-26 11:46
  • PR [v4.1] Cirrus: Remove unused netavark/aardvark variables #14328
    • 05-23 13:30
  • PR Instead of erroring, clean up after dangling IDs in DB #14321
    • 05-23 12:31
  • PR compat, build: suppress step errors when quiet=1 is set #14319
    • 05-23 16:01
  • PR Swagger refactor/cleanup #14297
    • 05-19 19:32
  • PR DO NOT MERGE: buildah vendor treadmill #13808
    • 05-25 09:10

[ashley-cui]

Ahh! Forgot about this, taking another look now