[do not merge] add swap to CI for 1.29 #6558
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nalind The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Member
Author
|
/hold |
This addresses bumping crun to v1.2.9, which is a huge jump for this repository, but it's the first version of runc with the fix for CVE-2025-52881. This also fixes CVE-2025-31133 and CVE-2025-52565. Fixes: https://issues.redhat.com/browse/RHEL-126920, https://issues.redhat.com/browse/RHEL-126922 and partially addresses: https://issues.redhat.com/browse/OCPBUGS-64906 The CVEs were fixed in v1.2.8, however, regressions were added to that release that are now fixed in v1.2.9 Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Stealing from @cevich's work in containers#6520. In CI, the project and tests are compiled, so therefore require newer CI/VM images with support for the newer golang requirements. Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Add GoProxy. Stolen from @cevich's containers#6520 Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Based on containers#5754 from @kolyshkin Switch from github.com/syndtr/gocapability/capability to "github.com/moby/sys/capability" in order to clear a number of warnings picked up after updates. Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Bump Go from 1.17 to 1.22 in .cirrus.yml and the Makefile files. Prior, issues were seen in CI like: ``` make vendor GO111MODULE=on go mod tidy -compat=1.17 go mod tidy: go.mod file indicates go 1.22, but maximum supported version is 1.17 make: *** [Makefile:193: vendor] Error 1 ``` Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Bumping golang.org/x/tools to v0.26.0 per @nalind's suggestion. Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
nalind
force-pushed
the
ci-1.29
branch
10 times, most recently
from
e34a798 to
56eadec
Compare
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* bump golangci-lint to v1.60.3 * bump golang.org/x/tools to v0.26.0 Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
nalind
force-pushed
the
ci-1.29
branch
7 times, most recently
from
00335f3 to
4b4cb0e
Compare
nalind
force-pushed
the
ci-1.29
branch
3 times, most recently
from
70a6fec to
6c886a3
Compare
The updated images we're using have switched from Ubuntu to Debian. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Run integration tests (both as root and rootless) with both crun and runc on Fedora, to help ensure that we can use either. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Handle requested relabeling of bind mounts (i.e., the "z" and "Z" flags) directly, instead of letting the runtime handle the relabeling. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This is a common mistake by users and is ignored in some places but not everywhere. This change will help this to be ignored everwhere. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Update the image library to get a version of the "docker-daemon" transport that can contact the version of the docker daemon that we use in our conformance tests. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
nalind
force-pushed
the
ci-1.29
branch
2 times, most recently
from
8dc54ae to
0771c81
Compare
Member
Author
|
Flaking a lot in a way that's reminiscent of when we needed the change from containers/common#2339. |
This mostly just inherits the c/common/pkg/auth implementation, except that AuthFilePath and DockerCompatAuthFilePath can not be set simultaneously, so don't always set AuthFilePath. c/common already defaults to the same locations internally. Test handle only invalid commands; a true interoperability test would require a running Docker on the CI systems, which is not currently available. That interoperability was tested manually (and is presumed to be integration-tested in the Podman repo). Signed-off-by: Miloslav Trmač <mitr@redhat.com>
All `[]string`s in containers.conf have now been migrated to attributed string slices which require some adjustments in Buildah and Podman. [NO NEW TESTS NEEDED] Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Newer docker build doesn't set it, so we need to stop. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Make setting the Parent field in the config blob of a docker format image optional (yes, we're bringing it back!), since it no longer appears to be set by newer versions of docker build. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
If the working directory ends with the path separator, and trimming it wouldn't produce an empty value, trim it, for conformance. This was originally fixed in imagebuilder, and we picked up the change automatically, but this should provide the same end-result. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
6ec6f04 includes both dependency updates and a fix for a test which was impacted by the behaviors it changed. Pull the dependency updates out. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Dependency updates changed the text of an error message; update tests that checked for it. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Pushing an image won't log that signatures are being written if the image isn't signed, so check for the message that's logged when the manifest is written. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Pick up the test updates from containers#4829, where we learned that disabling SELinux process labeling in a non-privileged context doesn't result in the container process being granted super privileges. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
When running unit and conformance tests, drop the -cover flag from the invocation of `go test`. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic)
Use the named constants for the status values that runtimes can report to us when we run them with the "state" command. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
It is completely broken (see containers#4396) and is now causing failures in Fedora gating tests: https://artifacts.dev.testing-farm.io/30e7b5bc-d162-4ae7-9a60-896f0186bf73/ Signed-off-by: Ed Santiago <santiago@redhat.com>
Bump Buildah to v1.29.6 Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ignore me!