[do not merge] add swap to CI for 1.27 #6581
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nalind The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
nalind
force-pushed
the
ci-1.27
branch
6 times, most recently
from
58b65ba to
21890ec
Compare
This change is required for future commits that will bring in newer vendored modules with elevated requirements. Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
In CI, the project and tests are compiled, so therefore require newer CI/VM images with support for the newer golang requirements. Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Bumping golang.org/x/tools to v0.26.0 per @nalind's suggestion. Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use sort.Stable() instead of sort.Sort() to sort mounts, and have the comparison function compare the cleaned paths directly if they have the same number of components, so that there's a defined ordering between "/a" and "/b". Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This addresses bumping crun to v1.2.9, which is a huge jump but is necessary to address CVE-2025-52881, CVE-2025-31133 and CVE-2025-52565 plus various regressions in earlier versions. Fixes: https://issues.redhat.com/browse/RHEL-126919 Fixes: https://issues.redhat.com/browse/RHEL-132848 Fixes: https://issues.redhat.com/browse/RHEL-126921 Fixes: https://issues.redhat.com/browse/RHEL-132851 Signed-off-by: Chris Evich <cevich@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
A prior commit brought in a newer Cobra (out of necessity) which also hauled in behavior changes WRT global-vs-local flag handling. In order to preserve the `buildah` CLI options prior to this change, additional code changes are needed. Fix the code such that `hack/xref-helpmsgs-manpages` does not report any differences compared to the pre-existing documentation (which presumably passed the check). Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
github.com/moby/sys/capability is a fork of the (no longer maintained) github.com/syndtr/gocapability package. For the list of changes since the fork took place, see https://github.com/moby/sys/blob/main/capability/CHANGELOG.md Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Ambient capabilities can't be raised without inheritable ones, and since we don't raise inheritable, we should not raise ambient either. This went unnoticed because of a bug in syndtr/gocapability which is only fixed in its fork (see the next commit). Amends commit e7e55c9. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use a listener helper to bind to an available-according-to-the-kernel listening port and run a command with its stdio more or less tied to the connection instead of trying to launch a git daemon directly using a port number that we can only guess is available. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Handle requested relabeling of bind mounts (i.e., the "z" and "Z" flags) directly, instead of letting the runtime handle the relabeling. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Use the named constants for the status values that runtimes can report to us when we run them with the "state" command. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Tweak the wording that describes the effects of --cgroup-parent to be clear that it only affects handling of RUN instructions. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Run integration tests (both as root and rootless) with both crun and runc on Fedora, to help ensure that we can use either. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The updated images we're using have switched from Ubuntu to Debian. Add cross-compile and rootless-integration-over-vfs tests back in. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The previous handful of commits introduced fairly massive changes to buildah, including an overhaul of the CI runtime environment itself. Because of this, several tests need adjusting to match the new reality. Signed-off-by: Chris Evich <cevich@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
It is completely broken (see containers#4396) and is now causing failures in Fedora gating tests: https://artifacts.dev.testing-farm.io/30e7b5bc-d162-4ae7-9a60-896f0186bf73/ Signed-off-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
A bug is present in some versions of runc (including 1.2.8) which result in the wrong number of CPU shares being used. Since the runc version may change in a future commit, but still contain the bug, simply skip the test rather than checking against the miscalculated value. Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Chris Evich <cevich@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The -cover flag causes many 'error: coverage... ; no coverage data written' messages when GOCOVERDIR is not set. These messages needlessly clutter the test output. Remove the -cover flag. Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Update the versions of ginkgo that we build for use by our e2e tests, and the linter. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: flouthoc <flouthoc.git@gmail.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When running unit and conformance tests, drop the -cover flag from the invocation of `go test`. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When checking that we can cross-compile successfully, drop GOOS=windows from the test cases. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Newer docker build doesn't set it, so we need to stop. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Make setting the Parent field in the config blob of a docker format image optional (yes, we're bringing it back!), since it no longer appears to be set by newer versions of docker build. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
If the working directory ends with the path separator, and trimming it wouldn't produce an empty value, trim it, for conformance. This was originally fixed in imagebuilder, and we picked up the change automatically, but this should provide the same end-result. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When comparing layer payloads during conformance tests, mask off any file type bits that the tar headers in the layers might have included. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Chris Evich <cevich@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ignore me!