[do not merge] add swap to CI for 1.26 #6586
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nalind The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
nalind
force-pushed
the
ci-1.26
branch
3 times, most recently
from
10cc0a8 to
d950358
Compare
This change is required for future commits that will bring in newer vendored modules with elevated requirements. Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
In CI, the project and tests are compiled, so therefore require newer CI/VM images with support for the newer golang requirements. Run integration tests (both as root and rootless) with both crun and runc on Fedora, to help ensure that we can use either. Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Bumping golang.org/x/tools to v0.26.0 per @nalind's suggestion. Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic)
Use sort.Stable() instead of sort.Sort() to sort mounts, and have the comparison function compare the cleaned paths directly if they have the same number of components, so that there's a defined ordering between "/a" and "/b". Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic)
This addresses bumping crun to v1.2.9, which is a huge jump but is necessary to address CVE-2025-52881, CVE-2025-31133 and CVE-2025-52565 plus various regressions in earlier versions. Fixes: https://issues.redhat.com/browse/RHEL-126919 In order to both handle breaking changes related to removal of the unmaintained `github.com/docker/libnetwork` while keeping this branch as closely compatible as possible to `release-1.27`, the following major changes were necessary: - Removed duplicate functions from run_linux.go (setupMounts, runSetupRunMounts, getBindMount, getTmpfsMount, getSSHMount) and centralized them in run_common.go - Updated function signatures to use runMountInfo and IDMaps structs instead of individual parameters - Moved IDMaps and runMountInfo struct definitions from run_common.go to run.go to match 1.27 structure - Moved nonCleanablePrefixes variable from run.go to run_linux.go to match 1.27 structure - Updated addResolvConf call to use spec.Linux.Namespaces instead of namespaceOptions - Changed hardcoded "/etc/resolv.conf" strings to use resolvconf.DefaultResolvConf constant - Updated import aliases: run_common.go now uses imageTypes alias for github.com/containers/image/v5/types to match 1.27 This consolidates mount-related code in run_common.go and aligns the 1.26 branch structure with 1.27. Signed-off-by: Chris Evich <cevich@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
A prior commit brought in a newer Cobra (out of necessity) which also hauled in behavior changes WRT global-vs-local flag handling. In order to preserve the `buildah` CLI options prior to this change, additional code changes are needed. Fix the code such that `hack/xref-helpmsgs-manpages` does not report any differences compared to the pre-existing documentation (which presumably passed the check). Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic)
github.com/moby/sys/capability is a fork of the (no longer maintained) github.com/syndtr/gocapability package. For the list of changes since the fork took place, see https://github.com/moby/sys/blob/main/capability/CHANGELOG.md Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Ambient capabilities can't be raised without inheritable ones, and since we don't raise inheritable, we should not raise ambient either. This went unnoticed because of a bug in syndtr/gocapability which is only fixed in its fork (see the next commit). Amends commit e7e55c9. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic)
Use a listener helper to bind to an available-according-to-the-kernel listening port and run a command with its stdio more or less tied to the connection instead of trying to launch a git daemon directly using a port number that we can only guess is available. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic)
Handle requested relabeling of bind mounts (i.e., the "z" and "Z" flags) directly, instead of letting the runtime handle the relabeling. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic)
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic)
Use the named constants for the status values that runtimes can report to us when we run them with the "state" command. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic)
Tweak the wording that describes the effects of --cgroup-parent to be clear that it only affects handling of RUN instructions. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic)
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The previous handful of commits introduced fairly massive changes to buildah, including an overhaul of the CI runtime environment itself. Because of this, several tests need adjusting to match the new reality. Signed-off-by: Chris Evich <cevich@redhat.com>
Pick up the test updates from containers#4829, where we learned that disabling SELinux process labeling in a non-privileged context doesn't result in the container process being granted super privileges. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
It is completely broken (see containers#4396) and is now causing failures in Fedora gating tests: https://artifacts.dev.testing-farm.io/30e7b5bc-d162-4ae7-9a60-896f0186bf73/ Signed-off-by: Ed Santiago <santiago@redhat.com>
A bug is present in some versions of runc (including 1.2.8) which result in the wrong number of CPU shares being used. Since the runc version may change in a future commit, but still contain the bug, simply skip the test rather than checking against the miscalculated value. Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic)
The -cover flag causes many 'error: coverage... ; no coverage data written' messages when GOCOVERDIR is not set. These messages needlessly clutter the test output. Remove the -cover flag. Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic)
Update the versions of ginkgo that we build for use by our e2e tests, and the linter. Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic) Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Newer branches abandoned this with 198b4c3 but it was never backported to this branch. Remove the test as this is a RHEL release branch and uses a separate spec file maintained in various dist-git repos. Signed-off-by: Chris Evich <cevich@redhat.com>
Signed-off-by: Chris Evich <cevich@redhat.com> Assisted-by: Claude (Anthropic)
Newer docker build doesn't set it, so we need to stop. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Make setting the Parent field in the config blob of a docker format image optional (yes, we're bringing it back!), since it no longer appears to be set by newer versions of docker build. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
If the working directory ends with the path separator, and trimming it wouldn't produce an empty value, trim it, for conformance. This was originally fixed in imagebuilder, and we picked up the change automatically, but this should provide the same end-result. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
nalind
force-pushed
the
ci-1.26
branch
2 times, most recently
from
fd5364c to
2917cf4
Compare
When checking if the command we were running returned an exit status, check for wrapping the way the standard library does it, which updated versions of our dependencies might be doing now. Ensure we use errors.Is() or errors.As() when comparing values returned by errors.Cause(), so that the errors are also Unwrap()ped. Change the exit status we expect to get when a multiplatform build fails because a RUN instruction exited with status 1, to also be 1 instead of the more generic 125. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Chris Evich <cevich@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ignore me!