diff --git a/.cirrus.yml b/.cirrus.yml deleted file mode 100644 index f38115ca..00000000 --- a/.cirrus.yml +++ /dev/null @@ -1,259 +0,0 @@ ---- - -# Main collection of env. vars to set for all tasks and scripts. -env: - #### - #### Global variables used for all tasks - #### - # Name of the ultimate destination branch for this CI run, PR or post-merge. - DEST_BRANCH: "main" - # Overrides default location (/tmp/cirrus) for repo clone - GOPATH: &gopath "/var/tmp/go" - GOBIN: "${GOPATH}/bin" - GOCACHE: "${GOPATH}/cache" - GOSRC: &gosrc "/var/tmp/go/src/github.com/containers/skopeo" - # Required for consistency with containers/image CI - SKOPEO_PATH: *gosrc - CIRRUS_WORKING_DIR: *gosrc - # The default is 'sh' if unspecified - CIRRUS_SHELL: "/bin/bash" - # Save a little typing (path relative to $CIRRUS_WORKING_DIR) - SCRIPT_BASE: "./contrib/cirrus" - - # Google-cloud VM Images - IMAGE_SUFFIX: "c20250131t121915z-f41f40d13" - FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" - - # Container FQIN's - FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}" - - # Built along with the standard PR-based workflow in c/automation_images - SKOPEO_CIDEV_CONTAINER_FQIN: "quay.io/libpod/skopeo_cidev:${IMAGE_SUFFIX}" - - -# Default timeout for each task -timeout_in: 45m - - -gcp_credentials: ENCRYPTED[52d9e807b531b37ab14e958cb5a72499460663f04c8d73e22ad608c027a31118420f1c80f0be0882fbdf96f49d8f9ac0] - - -validate_task: - # The git-validation tool doesn't work well on branch or tag push, - # under Cirrus-CI, due to challenges obtaining the starting commit ID. - # Only do validation for PRs. - only_if: &is_pr $CIRRUS_PR != '' - container: - image: '${SKOPEO_CIDEV_CONTAINER_FQIN}' - cpu: 4 - memory: 8 - setup_script: | - make tools - test_script: | - make validate-local - make vendor && hack/tree_status.sh - -doccheck_task: - only_if: *is_pr - depends_on: - - validate - container: - image: "${FEDORA_CONTAINER_FQIN}" - cpu: 4 - memory: 8 - env: - BUILDTAGS: &withopengpg 'btrfs_noversion libdm_no_deferred_remove containers_image_openpgp' - script: | - # TODO: Can't use 'runner.sh setup' inside container. However, - # removing the pre-installed package is the only necessary step - # at the time of this comment. - dnf remove -y skopeo # Guarantee non-interference - "${SKOPEO_PATH}/${SCRIPT_BASE}/runner.sh" build - "${SKOPEO_PATH}/${SCRIPT_BASE}/runner.sh" doccheck - -osx_task: - # Don't run for docs-only builds. - # Also don't run on release-branches or their PRs, - # since base container-image is not version-constrained. - only_if: ¬_docs_or_release_branch >- - ($CIRRUS_BASE_BRANCH == $CIRRUS_DEFAULT_BRANCH || - $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH ) && - $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' - depends_on: - - validate - persistent_worker: &mac_pw - labels: - os: darwin - arch: arm64 - purpose: prod - env: - CIRRUS_WORKING_DIR: "$HOME/ci/task-${CIRRUS_TASK_ID}" - # Prevent cache-pollution fron one task to the next. - GOPATH: "$CIRRUS_WORKING_DIR/.go" - GOCACHE: "$CIRRUS_WORKING_DIR/.go/cache" - GOENV: "$CIRRUS_WORKING_DIR/.go/support" - GOSRC: "$HOME/ci/task-${CIRRUS_TASK_ID}" - TMPDIR: "/private/tmp/ci" - # This host is/was shared with potentially many other CI tasks. - # The previous task may have been canceled or aborted. - prep_script: &mac_cleanup "contrib/cirrus/mac_cleanup.sh" - test_script: - - export PATH=$GOPATH/bin:$PATH - - go version - - go env - - make tools - - make validate-local test-unit-local bin/skopeo - - bin/skopeo -v - # This host is/was shared with potentially many other CI tasks. - # Ensure nothing is left running while waiting for the next task. - always: - task_cleanup_script: *mac_cleanup - - -cross_task: - alias: cross - only_if: >- - $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' - depends_on: - - validate - gce_instance: &standardvm - image_project: libpod-218412 - zone: "us-central1-f" - cpu: 2 - memory: "4Gb" - # Required to be 200gig, do not modify - has i/o performance impact - # according to gcloud CLI tool warning messages. - disk: 200 - image_name: ${FEDORA_CACHE_IMAGE_NAME} - env: - BUILDTAGS: *withopengpg - setup_script: >- - "${GOSRC}/${SCRIPT_BASE}/runner.sh" setup - cross_script: >- - "${GOSRC}/${SCRIPT_BASE}/runner.sh" cross - - -ostree-rs-ext_task: - alias: proxy_ostree_ext - only_if: *not_docs_or_release_branch - # WARNING: This task potentially performs a container image - # build (on change) with runtime package installs. Therefore, - # its behavior can be unpredictable and potentially flake-prone. - # In case of emergency, uncomment the next statement to bypass. - # - # skip: $CI == "true" - # - depends_on: - - validate - # Ref: https://cirrus-ci.org/guide/docker-builder-vm/#dockerfile-as-a-ci-environment - container: - # The runtime image will be rebuilt on change - dockerfile: contrib/cirrus/ostree_ext.dockerfile - docker_arguments: # required build-args - BASE_FQIN: quay.io/coreos-assembler/fcos-buildroot:testing-devel - CIRRUS_IMAGE_VERSION: 3 - env: - EXT_REPO_NAME: ostree-rs-ext - EXT_REPO_HOME: $CIRRUS_WORKING_DIR/../$EXT_REPO_NAME - EXT_REPO: https://github.com/ostreedev/${EXT_REPO_NAME}.git - skopeo_build_script: - - dnf builddep -y skopeo - - make - - make install - proxy_ostree_ext_build_script: - - git clone --depth 1 $EXT_REPO $EXT_REPO_HOME - - cd $EXT_REPO_HOME - - cargo test --no-run - proxy_ostree_ext_test_script: - - cd $EXT_REPO_HOME - - cargo test -- --nocapture --quiet - - -##### -##### NOTE: This task is subtantially duplicated in the containers/image -##### repository's `.cirrus.yml`. Changes made here should be fully merged -##### prior to being manually duplicated and maintained in containers/image. -##### -test_skopeo_task: - alias: test_skopeo - # Don't test for [CI:DOCS], [CI:BUILD]. - only_if: >- - $CIRRUS_CHANGE_TITLE !=~ '.*CI:BUILD.*' && - $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' - depends_on: - - validate - gce_instance: - image_project: libpod-218412 - zone: "us-central1-f" - cpu: 2 - memory: "4Gb" - # Required to be 200gig, do not modify - has i/o performance impact - # according to gcloud CLI tool warning messages. - disk: 200 - image_name: ${FEDORA_CACHE_IMAGE_NAME} - matrix: - - name: "Skopeo Test" # N/B: Name ref. by hack/get_fqin.sh - env: - BUILDTAGS: 'btrfs_noversion libdm_no_deferred_remove' - - name: "Skopeo Test w/ opengpg" - env: - BUILDTAGS: *withopengpg - setup_script: >- - "${GOSRC}/${SCRIPT_BASE}/runner.sh" setup - vendor_script: >- - "${SKOPEO_PATH}/${SCRIPT_BASE}/runner.sh" vendor - build_script: >- - "${SKOPEO_PATH}/${SCRIPT_BASE}/runner.sh" build - unit_script: >- - "${SKOPEO_PATH}/${SCRIPT_BASE}/runner.sh" unit - integration_script: >- - "${SKOPEO_PATH}/${SCRIPT_BASE}/runner.sh" integration - system_script: > - "${SKOPEO_PATH}/${SCRIPT_BASE}/runner.sh" system - - -# This task is critical. It updates the "last-used by" timestamp stored -# in metadata for all VM images. This mechanism functions in tandem with -# an out-of-band pruning operation to remove disused VM images. -meta_task: - name: "VM img. keepalive" - alias: meta - container: &smallcontainer - cpu: 2 - memory: 2 - image: quay.io/libpod/imgts:latest - env: - # Space-separated list of images used by this repository state - IMGNAMES: | - ${FEDORA_CACHE_IMAGE_NAME} - build-push-${IMAGE_SUFFIX} - BUILDID: "${CIRRUS_BUILD_ID}" - REPOREF: "${CIRRUS_REPO_NAME}" - GCPJSON: ENCRYPTED[6867b5a83e960e7c159a98fe6c8360064567a071c6f4b5e7d532283ecd870aa65c94ccd74bdaa9bf7aadac9d42e20a67] - GCPNAME: ENCRYPTED[1cf558ae125e3c39ec401e443ad76452b25d790c45eb73d77c83eb059a0f7fd5085ef7e2f7e410b04ea6e83b0aab2eb1] - GCPPROJECT: libpod-218412 - clone_script: &noop mkdir -p "$CIRRUS_WORKING_DIR" - script: /usr/local/bin/entrypoint.sh - - -# Status aggregator for all tests. This task simply ensures a defined -# set of tasks all passed, and allows confirming that based on the status -# of this task. -success_task: - name: "Total Success" - alias: success - # N/B: ALL tasks must be listed here, minus their '_task' suffix. - depends_on: - - validate - - doccheck - - osx - - cross - - proxy_ostree_ext - - test_skopeo - - meta - container: *smallcontainer - env: - CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - TEST_ENVIRON: container - clone_script: *noop - script: /bin/true diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 00000000..d00491fd --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.packit.yaml b/.packit.yaml index 8b284aa8..b73d0ad6 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -2,98 +2,64 @@ # See the documentation for more information: # https://packit.dev/docs/configuration/ -# NOTE: The Packit copr_build tasks help to check if every commit builds on -# supported Fedora and CentOS Stream arches. -# They do not block the current Cirrus-based workflow. - downstream_package_name: skopeo upstream_tag_template: v{version} -packages: - skopeo-fedora: - pkg_tool: fedpkg - specfile_path: rpm/skopeo.spec - skopeo-centos: - pkg_tool: centpkg - specfile_path: rpm/skopeo.spec - skopeo-eln: - specfile_path: rpm/skopeo.spec +specfile_path: skopeo.spec -srpm_build_deps: - - make +# Disable automatic merging for Copr builds (and subsequent Testing Farm) +merge_pr_in_ci: false jobs: - job: copr_build trigger: pull_request - packages: [skopeo-fedora] - notifications: &copr_build_failure_notification + notifications: &packit_failure_notification failure_comment: - message: "Ephemeral COPR build failed. @containers/packit-build please check." - targets: - - fedora-all-x86_64 - - fedora-all-aarch64 + message: "Packit jobs failed. @containers/packit-build please check." enable_net: true + targets: + - epel-10-x86_64 + - epel-10-aarch64 + actions: + post-upstream-clone: "curl --fail -O https://gitlab.com/redhat/centos-stream/rpms/skopeo/-/raw/c10s/skopeo.spec" - job: copr_build trigger: pull_request - packages: [skopeo-eln] - notifications: *copr_build_failure_notification - targets: - fedora-eln-x86_64: - additional_repos: - - "https://kojipkgs.fedoraproject.org/repos/eln-build/latest/x86_64/" - fedora-eln-aarch64: - additional_repos: - - "https://kojipkgs.fedoraproject.org/repos/eln-build/latest/aarch64/" + notifications: *packit_failure_notification enable_net: true + targets: + - epel-9-x86_64 + - epel-9-aarch64 + actions: + post-upstream-clone: "curl --fail -O https://gitlab.com/redhat/centos-stream/rpms/skopeo/-/raw/c9s/skopeo.spec" - - job: copr_build + - job: tests trigger: pull_request - packages: [skopeo-centos] - notifications: *copr_build_failure_notification + use_internal_tf: true + notifications: *packit_failure_notification targets: - - centos-stream-9-x86_64 - - centos-stream-9-aarch64 - - centos-stream-10-x86_64 - - centos-stream-10-aarch64 - enable_net: true + epel-10-x86_64: + distros: [RHEL-10-Nightly,RHEL-10.0-Nightly] + epel-10-aarch64: + distros: [RHEL-10-Nightly,RHEL-10.0-Nightly] + epel-9-x86_64: + distros: [RHEL-9-Nightly,RHEL-9.6.0-Nightly] + epel-9-aarch64: + distros: [RHEL-9-Nightly,RHEL-9.6.0-Nightly] + tmt_plan: "/plans/system" + identifier: "rpm" - # Run on commit to main branch - - job: copr_build - trigger: commit - packages: [skopeo-fedora] - notifications: - failure_comment: - message: "podman-next COPR build failed. @containers/packit-build please check." - branch: main - owner: rhcontainerbot - project: podman-next - enable_net: true - - # Sync to Fedora - - job: propose_downstream - trigger: release - packages: [skopeo-fedora] - update_release: false - dist_git_branches: &fedora_targets - - fedora-all - - # Sync to CentOS Stream - - job: propose_downstream - trigger: release - packages: [skopeo-centos] - update_release: false - dist_git_branches: - - c10s - - # Fedora Koji build - - job: koji_build - trigger: commit - packages: [skopeo-fedora] - sidetag_group: podman-releases - # Dependents are not rpm dependencies, but the package whose bodhi update - # should include this package. - # Ref: https://packit.dev/docs/fedora-releases-guide/releasing-multiple-packages - dependents: - - podman - dist_git_branches: *fedora_targets + - job: tests + trigger: pull_request + use_internal_tf: true + notifications: *packit_failure_notification + skip_build: true + targets: + # RHEL-N-Nightly can often have newer toolchain packages, breaking + # vendoring. So, only test on N.Y here + epel-10-x86_64: + distros: [RHEL-10.0-Nightly] + epel-9-x86_64: + distros: [RHEL-9.6.0-Nightly] + tmt_plan: "/plans/no-rpm" + identifier: "no-rpm" diff --git a/Makefile b/Makefile index 6ac85261..8b735350 100644 --- a/Makefile +++ b/Makefile @@ -70,7 +70,9 @@ export SKOPEO_CONTAINER_TESTS ?= $(if $(CI),1,0) # This is a compromise, we either use a container for this or require # the local user to have a compatible python3 development environment. # Define it as a "resolve on use" variable to avoid calling out when possible -SKOPEO_CIDEV_CONTAINER_FQIN ?= $(shell hack/get_fqin.sh) +#SKOPEO_CIDEV_CONTAINER_FQIN ?= $(shell hack/get_fqin.sh) +# FIXME: hack/get_fqin.sh depends on cirrus.yml so we hardcode SKOPEO_CIDEV_CONTAINER_FQIN here +SKOPEO_CIDEV_CONTAINER_FQIN ?= "quay.io/libpod/skopeo_cidev:c20250131t121915z-f41f40d13" CONTAINER_CMD ?= ${CONTAINER_RUNTIME} run --rm -i -e TESTFLAGS="$(TESTFLAGS)" -e CI=$(CI) -e SKOPEO_CONTAINER_TESTS=1 # if this session isn't interactive, then we don't want to allocate a # TTY, which would fail, but if it is interactive, we do want to attach diff --git a/hack/tree_status.sh b/hack/tree_status.sh index 1853e812..79d63c0b 100755 --- a/hack/tree_status.sh +++ b/hack/tree_status.sh @@ -1,7 +1,10 @@ #!/usr/bin/env bash set -e -STATUS=$(git status --porcelain) +# TMT breaks this so we only check go.* and vendor +# https://github.com/teemtee/tmt/issues/3800 +# STATUS=$(git status --porcelain) +STATUS=$(git status --porcelain go.* vendor) if [[ -z $STATUS ]] then echo "tree is clean" diff --git a/plans/no-rpm.fmf b/plans/no-rpm.fmf new file mode 100644 index 00000000..31da4d05 --- /dev/null +++ b/plans/no-rpm.fmf @@ -0,0 +1,23 @@ +prepare: + - name: dependencies + how: install + package: [ golang, go-md2man, gpgme-devel, podman-docker ] + +discover: + keep-git-metadata: true + how: shell + tests: + - name: /validate + test: > + make tools && + make BUILDTAGS="exclude_graphdriver_btrfs" validate-local && + make validate-docs && + make vendor && + hack/tree_status.sh + - name: /integration + test: make BUILDTAGS="exclude_graphdriver_btrfs" test-integration + - name: /unit + test: make BUILDTAGS="exclude_graphdriver_btrfs" test-unit-local + +execute: + how: tmt diff --git a/plans/system.fmf b/plans/system.fmf new file mode 100644 index 00000000..4d54c84d --- /dev/null +++ b/plans/system.fmf @@ -0,0 +1,13 @@ +discover: + how: fmf + filter: 'tag:system' +execute: + how: tmt +prepare: + - how: shell + script: | + BATS_VERSION=1.12.0 + curl -L https://github.com/bats-core/bats-core/archive/refs/tags/v"$BATS_VERSION".tar.gz | tar -xz + cd bats-core-"$BATS_VERSION" + ./install.sh /usr + order: 10 diff --git a/rpm/skopeo.spec b/rpm/skopeo.spec deleted file mode 100644 index 0c23ce25..00000000 --- a/rpm/skopeo.spec +++ /dev/null @@ -1,170 +0,0 @@ -%global with_debug 1 - -%if 0%{?with_debug} -%global _find_debuginfo_dwz_opts %{nil} -%global _dwz_low_mem_die_limit 0 -%else -%global debug_package %{nil} -%endif - -%global gomodulesmode GO111MODULE=on - -# No btrfs on RHEL -%if %{defined fedora} -%define build_with_btrfs 1 -%endif - -%if %{defined rhel} -%define fips 1 -%endif - -# Only used in official koji builds -# Copr builds set a separate epoch for all environments -%if %{defined fedora} -%define conditional_epoch 1 -%else -%define conditional_epoch 2 -%endif - -Name: skopeo -%if %{defined copr_username} -Epoch: 102 -%else -Epoch: %{conditional_epoch} -%endif -# DO NOT TOUCH the Version string! -# The TRUE source of this specfile is: -# https://github.com/containers/skopeo/blob/main/rpm/skopeo.spec -# If that's what you're reading, Version must be 0, and will be updated by Packit for -# copr and koji builds. -# If you're reading this on dist-git, the version is automatically filled in by Packit. -Version: 0 -# The `AND` needs to be uppercase in the License for SPDX compatibility -License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0 -Release: %autorelease -%if %{defined golang_arches_future} -ExclusiveArch: %{golang_arches_future} -%else -ExclusiveArch: aarch64 ppc64le s390x x86_64 -%endif -Summary: Inspect container images and repositories on registries -URL: https://github.com/containers/%{name} -# Tarball fetched from upstream -Source0: %{url}/archive/v%{version}.tar.gz -BuildRequires: %{_bindir}/go-md2man -%if %{defined build_with_btrfs} -BuildRequires: btrfs-progs-devel -%endif -BuildRequires: git-core -BuildRequires: golang -%if !%{defined gobuild} -BuildRequires: go-rpm-macros -%endif -BuildRequires: gpgme-devel -BuildRequires: libassuan-devel -BuildRequires: ostree-devel -BuildRequires: glib2-devel -BuildRequires: make -BuildRequires: shadow-utils-subid-devel -Requires: containers-common >= 4:1-21 - -%description -Command line utility to inspect images and repositories directly on Docker -registries without the need to pull them - -%package tests -Summary: Tests for %{name} - -Requires: %{name} = %{epoch}:%{version}-%{release} -%if %{defined fedora} -Requires: bats -Requires: fakeroot -%endif -Requires: gnupg -Requires: jq -Requires: golang -Requires: podman -Requires: crun -Requires: httpd-tools -Requires: openssl -Requires: squashfs-tools - -%description tests -%{summary} - -This package contains system tests for %{name} - -%prep -%autosetup -Sgit %{name}-%{version} -# The %%install stage should not rebuild anything but only install what's -# built in the %%build stage. So, remove any dependency on build targets. -sed -i 's/^install-binary: bin\/%{name}.*/install-binary:/' Makefile -sed -i 's/^completions: bin\/%{name}.*/completions:/' Makefile -sed -i 's/^install-docs: docs.*/install-docs:/' Makefile - -%build -%set_build_flags -export CGO_CFLAGS=$CFLAGS - -# These extra flags present in $CFLAGS have been skipped for now as they break the build -CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g') -CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g') -CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g') - -%ifarch x86_64 -export CGO_CFLAGS="$CGO_CFLAGS -m64 -mtune=generic -fcf-protection=full" -%endif - -BASEBUILDTAGS="$(hack/libsubid_tag.sh)" -%if %{defined build_with_btrfs} -export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_tag.sh) $(hack/btrfs_installed_tag.sh)" -%else -export BUILDTAGS="$BASEBUILDTAGS btrfs_noversion exclude_graphdriver_btrfs" -%endif - -%if %{defined fips} -export BUILDTAGS="$BUILDTAGS libtrust_openssl" -%endif - -# unset LDFLAGS earlier set from set_build_flags -LDFLAGS='' - -%gobuild -o bin/%{name} ./cmd/%{name} -%{__make} docs - -%install -make \ - DESTDIR=%{buildroot} \ - PREFIX=%{_prefix} \ - install-binary install-docs install-completions - -# system tests -install -d -p %{buildroot}/%{_datadir}/%{name}/test/system -cp -pav systemtest/* %{buildroot}/%{_datadir}/%{name}/test/system/ - -#define license tag if not already defined -%{!?_licensedir:%global license %doc} - -# Include this to silence rpmlint. -# Especially annoying if you use syntastic vim plugin. -%check - -%files -%license LICENSE -%doc README.md -%{_bindir}/%{name} -%{_mandir}/man1/%{name}* -%dir %{_datadir}/bash-completion -%dir %{_datadir}/bash-completion/completions -%{_datadir}/bash-completion/completions/%{name} -%dir %{_datadir}/fish/vendor_completions.d -%{_datadir}/fish/vendor_completions.d/%{name}.fish -%dir %{_datadir}/zsh/site-functions -%{_datadir}/zsh/site-functions/_%{name} - -%files tests -%license LICENSE vendor/modules.txt -%{_datadir}/%{name}/test - -%changelog -%autochangelog diff --git a/systemtest/tmt/main.fmf b/systemtest/tmt/main.fmf new file mode 100644 index 00000000..6e2b5033 --- /dev/null +++ b/systemtest/tmt/main.fmf @@ -0,0 +1,10 @@ +require: + - skopeo-tests + +environment: + SKOPEO_BINARY: /usr/bin/skopeo + +summary: System test +test: bash ./test.sh +duration: 60m +tag: [ system ] diff --git a/systemtest/tmt/test.sh b/systemtest/tmt/test.sh new file mode 100644 index 00000000..30a1b1f9 --- /dev/null +++ b/systemtest/tmt/test.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +set -exo pipefail + +uname -r + +rpm -q \ + containers-common \ + skopeo \ + skopeo-tests \ + +bats /usr/share/skopeo/test/system