Normally it's a best-practice to only use short-names in Dockerfiles.
However, this image is really only ever used for testing/CI purposes.
Side-step the docker hub rate limits entirely by simply hard-coding the
FQIN and hope that's also "okay" for non-CI usage.
Signed-off-by: Chris Evich <cevich@redhat.com>
Bump up the global timeout due to some (possibly) temporary failures in
the 'cross' task. Also fix build-failure in Dockerfile related to use
of pre-module golang packages.
Signed-off-by: Chris Evich <cevich@redhat.com>
These tests need to operate as part of the c/image repository CI to
verify downstream-usage. That environment is already inside the
container built from the Dockerfile (here). Support this use-case by
adding 'local' targets which bypass the container build. Also,
simplify the "in-container" check to more specifically verify the exact
container image it's operating under.
Signed-off-by: Chris Evich <cevich@redhat.com>
registry:2 no longer contains htpasswd.
Also don't use log_and_run ... >> $file
because that will cause the command to be logged to $file.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
crun had a regression running on cgroupsv1 in containers. It has been
fixed upstream but did not yet bubble up into the packages. Force using
runc to unblock Skopeo's CI.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
drop support for the ostree backend. The only known user for the
backend is the atomic CLI tool that is not maintained anymore
upstream.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1766404
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Using `go get` with go modules has side-effects that we can avoid by
installing golint from the Fedora repositories.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Skopeo CI tests run under podman; hence the registries
run in the tests will be podman-in-podman. This requires
complex muckery to make work:
- install bats, jq, and podman in the test image
- add new test-system Make target. It runs podman
with /var/lib/containers bind-mounted to a tmpdir
and with other necessary options; and invokes a
test script that hack-edits /etc/containers/storage.conf
before running podman for the first time.
- add --cgroup-manager=cgroupfs option to podman
invocations in BATS: without this, podman-in-podman
fails with:
systemd cgroup flag passed, but systemd support for managing cgroups is not available
Also: gpg --pinentry-mode option is not available on all
our test platforms. Check for it before using.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Before we use "go get" in CI, run "go version" so that we can be sure of
which version of the toolchain we're using.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Replace the occurrences of `github.com/projectatomic` with
`github.com/containers` to ensure clean clones of the project are
building, travis badges on the README work as expected and other minor
things.
Signed-off-by: Flavio Castelli <fcastelli@suse.com>
The hack/common.sh script contains
local go_version
go_version=($(go version))
if [[ "${go_version[2]}" < "go1.5" ]]; then
# fail
fi
which does a lexicographic string comparison, and fails with 1.10.
Just drop it, the fedora:latest image is not likely to revert to 1.5.
This reduces the time used to clone openshift/origin on Travis from
> real 2m34.227s
> user 4m18.844s
> sys 0m8.144s
to
> real 0m8.816s
> user 0m2.640s
> sys 0m0.856s
, and the download size from 782.78 MiB to 70.05 MiB .
We can't trivially do this for docker/distribution because it is using
(git checkout $commit) on the cloned repo; we could do a clone+fetch+fetch
with --depth=1, but the full clone takes less than two seconds, so let's
keep that one simple.
This is primarily to get the signature access docker/distribution API
extension.
To make it work, two updates to the test harness are necessary:
- Change the expected output of (oadm policy add-cluster-role-to-group)
- Don't expect (openshift start master) to create .kubeconfig files
for the registry service.
As of https://github.com/openshift/origin/pull/10830 ,
openshift.local.config/master/openshift-registry.kubeconfig is no longer
autogenerated. Instead, do what (oadm registry) does, creating a
service account and a cluster policy role binding. Then manually create
the necessary certificates and a .kubeconfig instead of using the
service account in a pod.
Vendor containers/storage, and its dependencies github.com/pborman/uuid
and github.com/mistifyio/go-zfs, which we didn't already use.
Update the build Dockerfile to install their dependencies.
Add scriptlets that try to detect whether or not we need to use the
"libdm_no_deferred_remove" and/or "btrfs_noversion" build tags.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
I don’t know how to checkout a specific untagged commit (
9ff4bf43548c758b6767b639b335681285fece48 ) from the original repo, so
I have forked the project and fetched that commit from a cached Docker
image.
We should instead update the containers/image client for the new API ASAP,
and then the github.com/mtrmac/origin repo should be removed.
This builds from the image-signatures-rest branch for
https://github.com/openshift/origin/pull/9181 .
Testing push, pull, streaming.
Does not test working with the other Docker registries built in
Dockerfile; I will leave that to the author of that code :)
Note that this relies on an internet connection for pulling from the
Docker Hub (which is incidentally tested by that); pushing to no Docker
Registry, neither local nor Hub, is tested by this.
The tests only run in a container because the (oc login) / (docker
login)-like code modifies files in a home directory; the new
SKOPEO_CONTAINER_TESTS environment variable should protect against
accidental non-container runs.
