Add CMake workflow for single platform CI#28935
Closed
Premiermoney wants to merge 10000 commits into
Closed
Conversation
…ate/zizmorcore-zizmor-action-0.x [skip-ci] Update zizmorcore/zizmor-action action to v0.5.3
Implements the feature introduced in the design document added with commit 4bdc1d3 Fixes https://redhat.atlassian.net/browse/RUN-4260 Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…ate/github.com-docker-go-connections-0.x Update module github.com/docker/go-connections to v0.7.0
With netavark v2 we start to default to strict isolation mode in netavark[1] as such that already matches the docker behavior. Therefore no longer hard code the isolate option in the compat api. Podman v6 is requires netavark v2 for other changes already so we do not need to worry about podman 6 + older netavark here. [1] containers/netavark#1438 Fixes: podman-container-tools#27349 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Improve code readability by sorting ContainerCreateOptions field assignments alphabetically and simplifying access to embedded Config fields. Fixes: podman-container-tools#28377 Signed-off-by: Donal O'Sullivan <donal.osullivan@elastic.co>
Fixes: https://redhat.atlassian.net/browse/RUN-3835 Signed-off-by: Nicola Sella <nsella@redhat.com>
This was implemented by containers/netavark podman-container-tools#1369; this commit completes the process by wiring it into Podman. We now respect the CLI order for configured networks - if a user passes `--net net1,net2` we guarantee that net1 will be configured before net2. For containers created before this patch, we don't retain enough information to configure networks in CLI order, so we use alphabetical order instead to still guarantee consistency. No breaking API changes have been made, but we do add a new field to supplement the existing map to (optionally) provide ordering information. The Podman CLI will always pass this. Existing applications that do not will, again, receive] deterministic ordering based on an alphabetical sort of network names. This requires the latest version of Netavark to work properly. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
These are two new Buildah flags that we need to wire into Podman (both local and remote) and document, with the interesting note that one requires the other and a check needed to be added for that. Also: secret parsing was tightened up in Buildah, and was breaking the remote build tests. Rewire it to use the new parser Buildah made, which ends up simplifying the code considerably. Tests are back to passing afterwards. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
…leanup/alphabetize-container-create-options Sort cliOpts fields alphabetically in Compat Create Endpoint
…eImageFromSrc Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
…n-quadlet Add Pod to quadlet list
remove isolate option from docker compat API
…tworks Move to deterministic network setup order
The Docker client (docker run) sends /wait then /start, but it only sends /start after receiving the 200 OK response from /wait. Previously, the event subscription for the "died" event was set up after the 200 was sent, creating a window where a fast-exiting container (e.g. hello-world) could emit its "died" event before the subscription was ready, causing the client to hang forever. Fix this by subscribing to "died" events before flushing the 200 status code. This guarantees the event listener is ready before the client can send /start, eliminating the race entirely. Fixes: podman-container-tools#28514 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Use shared configfile instead of custom policy.json path handling. This updates ocipull to rely on signature.DefaultPolicy(), removes explicit SignaturePolicyPath, and replaces trust's custom default-policy path logic with common configfile code. Replace hidden `--policypath` with --signature-policy` and require it for `trust set` command instead of path resolution based on configfile. For `trust get`, the `--signature-policy` is optional. Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
We were asked about adding podman-py to the project, which seems entirely sensible given how strongly related it is. However, we don't actually have a process to do this right now. I added a section on adding and removing subprojects, based on the CNCF governance-by-subprojects template. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Fix Docker compat `/wait` hanging for next-exit condition
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…ate/github.com-moby-moby-api-1.x Update module github.com/moby/moby/api to v1.54.2
…ix-tmp Clean up temporary file for CreateImageFromSrc
…file trust: switch policy.json lookup to configfile
This PR reflects the upstream change of moving the buildah module from github.com/containers/buildah to go.podman.io/buildah. Signed-off-by: Brent Baude <bbaude@redhat.com>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Currently, running Podman on Hyper-V as a non-administrator requires the user to be a member of the "Hyper-V Administrators" local group. If they are not, various WMI calls fail with access denied. This commit automates the permission setup. 1. During podman machine init, if Podman is running with elevated privileges (required for registry/networking setup anyway), it will now automatically add the current user to the localized "Hyper-V Administrators" group 2. If a user is added to the group, the change is not reflected until the next login. We now detect this state and explicitly instruct the user to log out and back in. 3. Modified the Hyper-V stubber to handle permission checks at the method level rather than the provider selection level (GetAll). This allows init to continue far enough to perform the elevation and setting. Signed-off-by: lstocchi <lstocchi@redhat.com>
Check the result from the volume config deletion to verify rows were actually affected. If no rows were deleted, return ErrNoSuchVolume. Signed-off-by: Donal O'Sullivan <osullivanpatrickdonal@gmail.com>
…uildah RUN-4538: Fix buildah vendoring
auto-add user to Hyper-V Administrators group
The swagger spec generated from pkg/api/server/doc.go sets the contact URL to https://podman.io/community/. That URL now returns 404, while https://podman.io/community (no trailing slash) returns 200 and is what the live site links to from its own navigation. Issue podman-container-tools#28298 reports the link as broken at the top of the rendered API reference, which is where ReDoc surfaces the contact field. Drop the trailing slash so the contact link in the generated swagger spec resolves. Signed-off-by: Matt Van Horn <mvanhorn@gmail.com>
Archive both audit.log and full journal output to TMT_PLAN_DATA/logs/ for post-test debugging and analysis. Signed-off-by: Jan Rodák <hony.com@seznam.cz>
…-log tmt: archive audit and journal logs after test execution
Add nightly release pipeline validation
Some were already pinned; let's fix the rest. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
ci: pin all github actions
…ate/github.com-onsi-gomega-1.x fix(deps): update module github.com/onsi/gomega to v1.41.0
…ose-leaked-file-handles Close leaked file handles in container config, CRIU stats, and playbook read
…ose-directory-handle-registries-d pkg/trust: fix directory handle leak in loadAndMergeConfig
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Used command: go get go.podman.io/storage@main && go get go.podman.io/image/v5@main && go get go.podman.io/common@main && make vendor Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Add rootless_port_forwarder="pasta" option that uses pesto to update pasta's forwarding table via UNIX socket, preserving source IPs that rootlessport's userspace proxy masks. HostIP is stripped from port mappings in the netavark wrapper when pasta forwarding is active because pesto handles host-side binding while pasta's splice changes the destination IP that netavark DNAT expects. Pesto binds both 0.0.0.0 and [::] for dual-stack support. Fixes: https://redhat.atlassian.net/browse/RUN-2214 Fixes: podman-container-tools#8193 Fixes: https://redhat.atlassian.net/browse/RUN-3587 Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
The interfacer linter was removed a few years ago. Remove the annotations as well. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
…ate/github.com-vbauerster-mpb-v8-8.x fix(deps): update module github.com/vbauerster/mpb/v8 to v8.12.1
…98-podman-io-community-trailing-slash docs(api): drop trailing slash on podman.io/community contact URL
…port Rootless bridge: preserve source IPs via pesto/pasta
Using os.Is{Exist,NotExist,Permission} checks is not recommended in the
new code (see official documentation). While using it in the existing
code is OK, it may still result in a subtle errors later (for a specific
example of that, see [1]).
Replace those with errors.Is.
Generated by:
gofmt -r 'os.IsExist(a) -> errors.Is(a, os.ErrExist)' -w .
gofmt -r 'os.IsNotExist(a) -> errors.Is(a, os.ErrNotExist)' -w .
gofmt -r 'os.IsPermission(a) -> errors.Is(a, os.ErrPermission)' -w .
goimports -w .
git diff vendor test/tools/vendor | patch -p1 -R
[1]: opencontainers/runc#5061
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
They were replaced by errors.Is by the previous commit, and shall not crawl back in. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This functionality is superseded by golangci-lint. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
EditorConfig is a way to specify some basic code formatting rules independently of an $EDITOR being used. Add rules for bats/bash/sh files: - use 4 spaces for indentation (which appears to be a de-facto standard in this repository, see e.g. commit 86e55d0); - ignore everything in vendor directories. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Remove unused nolint annotations
Stop using os.Is{Exist,NotExist,Permission} checks
…config .editorconfig: add indentation rule for shell files
Since commit def7001 git-validation is only used to check if the commit subject is less than 90 characters. Drop the vendored git-validation Go tool and the .gitvalidation make target in favor of hack/commit-subject-check.sh. This removes a Go build dependency and a vendored tree from test/tools/ while keeping the same CI and local behavior. Note the now-removed GIT_CHECK_EXCLUDE was not used by gitvalidation since commit def7001 because it was not checking any specific files, just the commit subject lengths. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
…it-validation ci: replace git-validation with a small shell script
This workflow sets up a CI process for CMake projects on a single platform, specifying build and test steps. Signed-off-by: Premiermoney <devjava21@proton.me>
|
[NON-BLOCKING] Packit jobs failed. @containers/packit-build please check. Everyone else, feel free to ignore. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This workflow sets up a CI process for CMake projects on a single platform, specifying build and test steps.
Checklist
Ensure you have completed the following checklist for your pull request to be reviewed:
commits. (
git commit -s). (If needed, usegit commit -s --amend). The author email must matchthe sign-off email address. See CONTRIBUTING.md
for more information.
Fixes: #00000in commit message (if applicable)make validatepr(format/lint checks)Noneif no user-facing changes)Does this PR introduce a user-facing change?