110 Commits

Author SHA1 Message Date
Colin Walters
c1ef3942f3 Switch to quay.io vs registry.ci
The old one was a mirror that seems to have finally
been decommissioned.
2024-12-16 16:56:57 +00:00
Colin Walters
3ef9ae95b9 ci: Add buildroot to c9s build
Because composefs-devel isn't shipped in RHEL.
2024-05-30 11:05:20 -04:00
Colin Walters
a33c7d23d6 ci: Only run clang-format on ubuntu-stable GH runner
Previously we were running clang-format across multiple operating
system versions and hence clang versions, and it turns out
clang has changed the preferred formatting multiple times.

We could *probably* dig in and try to pin things more strongly
but eh...for now let's arbitrarily just use whatever's in
the default GH Action ubuntu-latest runner as that should
be equally painful for everyone.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-05-01 20:35:32 -04:00
Colin Walters
eb54a44169 Switch to external composefs
Since there's now a stable shared library, let's use it.
2024-04-12 16:16:21 -04:00
Colin Walters
ed4bd88a3e rofiles-fuse: Check fsverity flag for copyup
We need to do a copyup if fsverity is enabled.
Sadly to do this we can't just use ostree_break_hardlink
as is.
2024-02-15 08:03:16 -05:00
Colin Walters
3623f0d805 ci: Add a bootc/c9s workflow
This obsoletes the "just build" on c9s flow, and actually runs
though a bootc install, which exercises more of things.
2024-01-31 14:03:25 -05:00
Colin Walters
833251cb0d tests: Use ext4, re-enable composefs test
Until the XFS fsverity stuff lands.
2023-10-13 12:00:05 -04:00
Colin Walters
734ea3ee37 ci: Disable composefs test for now
Need to change the framework to boot with an Ignition config
that switches to ext4 soon.
2023-10-11 09:16:45 -04:00
Colin Walters
2f76b03089 ci: Ensure composefs+openssl are is enabled on Fedora
For some reason we're not picking this up in the Prow build,
which breaks things because now rpm-ostree hard requires it.

Let's make this a fatal build time error for more clear
debugging.
2023-10-06 13:12:23 -04:00
Colin Walters
592351d1b0 build-sys: Enable composefs at *build time* by default
There's no additional dependencies, and it's a small amount
of new code.

The riskiest thing is the changes to ostree-prepare-root, but
I believe that things are in a good state now there.

Again, this just enables it at *build time* - it's still
off at runtime by default.
2023-07-14 10:34:46 -04:00
Colin Walters
6591210661 build: Drop make syntax-check
As of lately it emits a ton of errors from `grep` about having `*`
at the start of a line, but more generally it's only generally
found papercut-style issues that aren't worth carrying a distinct
checking system for.
2023-07-11 14:17:05 -04:00
Colin Walters
531b4ab055 ci: Fix executability 2023-06-28 02:37:31 -04:00
Colin Walters
5e2b5aca40 ci/prow: Build tests before trying to install
Our `install` target doesn't depend on `all` unlike the
rpm-ostree version; not doing so is arguably better, so let's
explicitly build before installing.
2023-06-27 05:27:23 -04:00
Colin Walters
6df69880de ci: Sync prow config with rpm-ostree, enable composefs there
I want to gain testing over the composefs path; but without
yet changing the main Jenkins build.  Because we have duplicate/overlapping
CI systems, we can take advantage of this by testing the composefs
flow via Prow.

Sync the Prow build scripts with what's in coreos/rpm-ostree
right now.

Then let's test the composefs flow a bit more e2e there.
2023-06-19 19:07:01 -04:00
Colin Walters
c1044a02b2 ci: Validate clang-format 2023-05-02 10:39:04 -04:00
Colin Walters
f56131976e Add clang formatting infrastructure
Prep for reformatting the codebase.
2023-05-01 15:37:56 -04:00
Colin Walters
64aa5af236 ci: Drop workaround for fedora-release-container
I think this isn't necessary anymore, and is now actively broken
with f38.
2023-04-26 09:46:57 -04:00
Colin Walters
3391d8f3f0 ci: Turn off errors for deprecated-declarations
Having `-Werror` on in CI only by default has generally worked OK,
but I don't think it's worth trying to immediately scramble to port
when they deprecate APIs.

Motivated in this case by
```
 src/libostree/ostree-fetcher-curl.c: In function 'initiate_next_curl_request':
src/libostree/ostree-fetcher-curl.c:876:3: error: 'CURLOPT_PROTOCOLS' is deprecated: since 7.85.0. Use CURLOPT_PROTOCOLS_STR [-Werror=deprecated-declarations]
  876 |   rc = curl_easy_setopt (req->easy, CURLOPT_PROTOCOLS, (long)(CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FILE));
      |   ^~
```
2023-04-26 09:37:22 -04:00
Luca BRUNO
4202082019
ci: adjust git tags filtering
Another attempt at fixing logic for version detection in COPR.
2022-11-21 15:12:31 +00:00
Colin Walters
199ef821c8 ci: Add a codestyle.sh
This matches what we do in rpm-ostree.  Move the `glnx_fd_close`
bits out of `make syntax-check` in preparation for dropping that.
2022-05-31 11:42:42 -04:00
Colin Walters
aea20704b5 ci: Drop an unused files
Cruft from previous CI flows.
2022-05-31 11:42:42 -04:00
Colin Walters
1c201d6be4 ci: Move codestyle and min build to GH actions
Part of general momentum to leave heavy lifting (e.g. VM tests)
to Jenkins and Prow and use the cheaper/faster GH actions for
plain builds.
2022-05-17 08:11:09 -04:00
Colin Walters
41b9f8ff97 ci: Drop gcc -fanalyzer by default
There's a pile of new warnings in GCC 12 from F36, I dug into
them but most of them seem inscrutable - I am not seeing the bugs.

For now to unblock further work, stop using this flag.
2022-05-16 11:00:08 -04:00
Ondrej Mosnacek
edb4f38934 deploy: Try to rebuild policy in new deployment if needed
Whenever the user has SELinux enabled and has any local
modules/modifications installed, it is necessary to rebuild the policy
in the final deployment, otherwise ostree will leave the binary policy
files unchanged from last deployment as it detects difference against
the base content (in rpm-ostree case this is the RPM content).

To avoid the situation where the policy binaries go stale once any local
customization of the policy is made, try to rebuild the policy as part
of sysroot_finalize_deployment(). Use the special
--rebuild-if-modules-changed switch, which detects if the input module
files have changed relative to last time the policy was built and skips
the most time-consuming part of the rebuild process if modules are
unchanged (thus making this a relatively cheap operation if the user
hasn't made any modifications to the shipped policy).

As suggested by Jonathan Lebon, this uses bubblewrap (via
g_spawn_sync()) to perform the rebuild inside the deployment's
filesystem tree, which also means that ostree will have a runtime
dependency on bubblewrap.

Partially addresses: https://github.com/coreos/fedora-coreos-tracker/issues/701

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2022-03-28 17:18:03 -04:00
Jonathan Lebon
a51ae1ed73 ci/make-git-snapshot.sh: xz the archive
This matches `make dist` and what the spec file expects.
2022-02-03 13:23:43 -05:00
Jonathan Lebon
92c396c82b ci/make-git-snapshot.sh: auto-initialize submodules
Matches `autogen.sh`.
2022-02-03 13:22:47 -05:00
Jonathan Lebon
8d45298a2d ci/make-git-snapshot.sh: fix archive name
The archive name is libostree even though the project name is ostree, so
we can't rely on the directory name.

Just hardcode it.
2022-02-03 13:21:54 -05:00
Jonathan Lebon
8e445cb957 ci/libbuild.sh: drop yum/CentOS support
`dnf` is present in all the platforms we care about now, and the CentOS
bit is out of date. We can re-add it if we add e.g. C[89]S support with
the updated list of packages.

Motivated by noticing that the `yum` symlink isn't always present.
2022-02-03 13:17:56 -05:00
Simon McVittie
43859b58f6
rofiles-fuse: Build using FUSE 3 if possible, falling back to FUSE 2
This adds build-time configuration logic to automatically detect
and switch between libfuse 2.x and 3.x.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Co-authored-by: Luca BRUNO <luca.bruno@coreos.com>
2022-01-04 09:41:38 +00:00
Colin Walters
3b338df956 ci: Require libcap2-bin for capsh
This was previously pulled in indirectly, but it looks like we need
to require it explicitly in newer Ubuntu.
2021-11-09 09:22:43 -05:00
Colin Walters
fda41e8d24 ci: Enable -fanalyzer
Followup to https://github.com/ostreedev/ostree/pull/2463

One thing I noticed here is we lost usage of `build-check.sh`
which also invokes `clang`, which doesn't speak `-fanalyzer`
and would be broken by this if we try to enable `build-check.sh`
again.  But that can come later.
2021-10-15 15:44:04 -04:00
Colin Walters
7ba8dbf0cc Attempt to update packit flow to build in COPR
No idea if this will really work, but at least `packit srpm`
does work now.
2021-10-14 12:36:38 -04:00
Simon McVittie
2c5fa2cdb6 tests: Unset SOURCE_DATE_EPOCH
Some distributions set this during build in order to have reproducible
builds from the same source code: for example, Debian uses the date
from debian/changelog.

However, some of our tests assume that `ostree commit` will result in
a commit with the current date/time, and SOURCE_DATE_EPOCH breaks that
assumption. Unset it for our build-time tests.

Resolves: https://github.com/ostreedev/ostree/issues/2405
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-07-26 11:48:45 +01:00
Luca BRUNO
d573b8dc2f
ci/release-build: evaluate package_version from m4 definition
This fixes the ci-release-build.sh script to directly source
and evaluate 'package_version' from its m4 definition, without
requiring a fully configured source tree.
2021-07-09 16:17:31 +00:00
Dan Nicholson
410b46f09d ci: Update Debian and Ubuntu build dependencies
This refreshes the build dependencies installed for the GitHub Tests
workflow based on the Build-Depends in the upstream packaging. The
handling is now more explicit about any deviations and any release
differences.
2021-06-21 13:47:00 -06:00
Dan Nicholson
156ec07f01 ci: Drop special handling of test-suite.log
The automake test harness[1] already dumps the contents of
`test-suite.log` when `VERBOSE=1` is set, so we don't need to add
special handling for it.

1. https://www.gnu.org/software/automake/manual/html_node/Parallel-Test-Harness.html
2021-06-21 13:47:00 -06:00
Dan Nicholson
00f7c88a2d ci: So long, Travis CI
travis-ci.org stopped running builds on June 15, 2021. Since this
organization is very unlikely to switch to travis-ci.com, just drop the
setup. The new GitHub Actions tests completely replace it.
2021-06-18 15:30:06 -06:00
Dan Nicholson
a0012ae0ee ci: Add GitHub Actions workflow for test suite
This runs the test suite in various distros. The intention is to use
this to replace the Travis CI setup since it often has rate limit
failures.

Each configuration in the matrix runs in a Docker container, installs
system dependencies and then builds and tests ostree. The scripts are
basically copy and paste of the travis ones with some of the lesser used
features pruned out.

Some differences from the travis setup:

* OS details are gathered from `/etc/os-release` instead of being passed
  in as environment variables.

* The scripts always assume the user is root and don't try to use
  `sudo`.

* The `installcheck` test has been removed since ostree doesn't actually
  use that. It could be added to run the installed tests or
  `gnome-desktop-testing-runner` could just be called directly.

There should be enough flexibility to run other distros like Fedora,
Arch or Alpine. Another option would be to use the other build scripts
in ci/.
2021-06-18 15:30:06 -06:00
Timothée Ravier
b8cca6cef1 *: rename master branch to main 2021-05-07 16:55:03 +02:00
Dan Nicholson
764116ef56 travis: Don't ask any debconf questions when installing packages
Currently the Ubuntu builds are stuck waiting for an answer on what
timezone to use. That could be fixed, but generally the way to do these
types of installs is to set the DEBIAN_FRONTEND environment variable to
`noninteractive` so that debconf just chooses a default. This is what
debootstrap does, for instance. I tested installing tzdata on a local
focal container this way and it just chooses `Etc/UTC` as the timezone.
2021-04-08 10:25:46 -06:00
Colin Walters
7170cf9efd installdeps: Drop PyYAML
Doesn't exist anymore in f33 and we don't depend on python2 anymore.
2021-03-31 15:11:34 -04:00
Colin Walters
d49f3291ad Add --enable-sanitizers, fix make check with it
It's cleaner if this is an build option rather than being
kludged into the CI layer.

Notably we can't use `LD_PRELOAD` anymore with ASAN, so update
our tests to check for `ASAN_OPTIONS`.
2021-02-03 20:33:19 +00:00
Colin Walters
6b5aef7612 ci: Add new build-check-sanitized.sh
All C/C++ projects should use the sanitizers (and static analysis)
in their CI.  We had this but lost it in one of our CI shuffles;
let's readd it.
2021-02-02 21:09:23 +00:00
Colin Walters
afb032e693 ci: Don't install deps if running as non-root
This way we run in Prow too.
2021-02-02 21:08:54 +00:00
Luca BRUNO
0d0eb4715b
ci: run ci-release-build.sh on GitHub
This adds a GitHub action in order to run ci-release-build.sh on
release PRs (detected via the `kind/release` label).
2020-11-16 11:14:40 +00:00
Colin Walters
53b6bbbdf2 travis: Add a 32 bit build
In the past we've had 32 bit bugs that were caught by
the compiler, let's add this to Travis.
2020-10-15 10:50:22 -04:00
Colin Walters
1e127f2dcc ci: Barf on unset umask
Since it's just not a sane thing to do and will cause various
failures in our test suite.
2020-08-05 16:34:52 +00:00
Jonathan Lebon
92284f9b81 ci: Constrain parallel build jobs
The default `_NPROCESSORS_ONLN` heuristic we have isn't cgroups aware.
So it thinks it has e.g. 40 CPUs when running in a k8s pod. This can
then blow through our allocated resource limits.

Declare some modest amount of RAM and CPU resources and override `make`
parallelism.

This matches what rpm-ostree now does in
https://github.com/coreos/rpm-ostree/pull/2155.
2020-07-16 15:44:34 -04:00
Jonathan Lebon
516c1340b3 ci: Remove libpaprci/ directory
And move everything that was in it directly in `ci/`. There's a bunch
more cleanups here that we need to do (and more changes to upstream from
the rpm-ostree copies of this).
2020-06-17 15:48:31 -04:00
Jonathan Lebon
eb3fe35b06 ci: Import latest ci-commitmessage-submodules from rpm-ostree
Especially for https://github.com/coreos/rpm-ostree/pull/2079.
2020-06-17 10:39:51 -04:00