--- # Main collection of env. vars to set for all tasks and scripts. env: #### #### Global variables used for all tasks #### # Name of the ultimate destination branch for this CI run, PR or post-merge. DEST_BRANCH: "main" GOPATH: "/var/tmp/go" GOSRC: "${GOPATH}/src/github.com/containers/buildah" GOCACHE: "/tmp/go-build" # Overrides default location (/tmp/cirrus) for repo clone CIRRUS_WORKING_DIR: "${GOSRC}" # Shell used to execute all script commands CIRRUS_SHELL: "/bin/bash" # Automation script path relative to $CIRRUS_WORKING_DIR) SCRIPT_BASE: "./contrib/cirrus" # No need to go crazy, but grab enough to cover most PRs CIRRUS_CLONE_DEPTH: 50 # Unless set by in_podman.sh, default to operating outside of a podman container IN_PODMAN: 'false' # root or rootless PRIV_NAME: root # default "mention the $BUILDAH_RUNTIME in the task alias, with initial whitespace" value RUNTIME_N: "" #### #### Cache-image names to test with #### # GCE project where images live IMAGE_PROJECT: "libpod-218412" FEDORA_NAME: "fedora-42" PRIOR_FEDORA_NAME: "fedora-41" DEBIAN_NAME: "debian-13" # Image identifiers IMAGE_SUFFIX: "c20250422t130822z-f42f41d13" FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}" DEBIAN_CACHE_IMAGE_NAME: "debian-${IMAGE_SUFFIX}" IN_PODMAN_IMAGE: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}" #### #### Command variables to help avoid duplication #### # Command to prefix every output line with a timestamp # (can't do inline awk script, Cirrus-CI or YAML mangles quoting) _TIMESTAMP: 'awk -f ${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/timestamp.awk' gcp_credentials: ENCRYPTED[ae0bf7370f0b6e446bc61d0865a2c55d3e166b3fab9466eb0393e38e1c66a31ca4c71ddc7e0139d47d075c36dd6d3fd7] # Default timeout for each task timeout_in: 30m # Default VM to use unless set or modified by task gce_instance: &standardvm image_project: "${IMAGE_PROJECT}" zone: "us-central1-c" # Required by Cirrus for the time being cpu: 2 memory: "4G" disk: 200 # Gigabytes, do not set less than 200 per obscure GCE docs re: I/O performance image_name: "${FEDORA_CACHE_IMAGE_NAME}" # Update metadata on VM images referenced by this repository state meta_task: name: "VM img. keepalive" alias: meta container: image: "quay.io/libpod/imgts:latest" cpu: 1 memory: "1G" env: # Space-separated list of images used by this repository state IMGNAMES: |- ${FEDORA_CACHE_IMAGE_NAME} ${PRIOR_FEDORA_CACHE_IMAGE_NAME} ${DEBIAN_CACHE_IMAGE_NAME} build-push-${IMAGE_SUFFIX} BUILDID: "${CIRRUS_BUILD_ID}" REPOREF: "${CIRRUS_CHANGE_IN_REPO}" GCPJSON: ENCRYPTED[d3614d6f5cc0e66be89d4252b3365fd84f14eee0259d4eb47e25fc0bc2842c7937f5ee8c882b7e547b4c5ec4b6733b14] GCPNAME: ENCRYPTED[8509e6a681b859479ce6aa275bd3c4ac82de5beec6df6057925afc4cd85b7ef2e879066ae8baaa2d453b82958e434578] GCPPROJECT: ENCRYPTED[cc09b62d0ec6746a3df685e663ad25d9d5af95ef5fd843c96f3d0ec9d7f065dc63216b9c685c9f43a776a1d403991494] clone_script: 'true' script: '/usr/local/bin/entrypoint.sh' smoke_task: alias: 'smoke' name: "Smoke Test" gce_instance: memory: "12G" cpu: 8 # Don't bother running on branches (including cron), or for tags. skip: $CIRRUS_PR == '' timeout_in: 10m setup_script: '${SCRIPT_BASE}/setup.sh |& ${_TIMESTAMP}' build_script: '${SCRIPT_BASE}/build.sh |& ${_TIMESTAMP}' validate_test_script: '${SCRIPT_BASE}/test.sh validate |& ${_TIMESTAMP}' binary_artifacts: path: ./bin/* # Check that all included go modules from other sources match # # what is expected in `vendor/modules.txt` vs `go.mod`. vendor_task: name: "Test Vendoring" alias: vendor env: CIRRUS_WORKING_DIR: "/var/tmp/go/src/github.com/containers/buildah" GOPATH: "/var/tmp/go" GOSRC: "/var/tmp/go/src/github.com/containers/buildah" # Runs within Cirrus's "community cluster" container: image: docker.io/library/golang:1.23.3 cpu: 1 memory: 1 timeout_in: 5m vendor_script: - './hack/check_vendor_toolchain.sh Try updating the image used by the vendor_task in .cirrus.yml.' - 'make vendor' - './hack/tree_status.sh' # Confirm cross-compile ALL architectures on a Mac OS-X VM. cross_build_task: name: "Cross Compile" gce_instance: cpu: 8 memory: "24G" alias: cross_build skip: >- $CIRRUS_CHANGE_TITLE =~ '.*CI:DOCS.*' env: HOME: /root script: - go version - make -j cross CGO_ENABLED=0 binary_artifacts: path: ./bin/* unit_task: name: 'Unit tests w/ $STORAGE_DRIVER' gce_instance: cpu: 4 alias: unit skip: ¬_build_docs >- $CIRRUS_CHANGE_TITLE =~ '.*CI:DOCS.*' || $CIRRUS_CHANGE_TITLE =~ '.*CI:BUILD.*' depends_on: &smoke_vendor - smoke - vendor matrix: - env: STORAGE_DRIVER: 'vfs' - env: STORAGE_DRIVER: 'overlay' setup_script: '${SCRIPT_BASE}/setup.sh |& ${_TIMESTAMP}' unit_test_script: '${SCRIPT_BASE}/test.sh unit |& ${_TIMESTAMP}' conformance_task: name: 'Debian Conformance w/ $STORAGE_DRIVER' alias: conformance skip: *not_build_docs depends_on: *smoke_vendor gce_instance: cpu: 4 image_name: "${DEBIAN_CACHE_IMAGE_NAME}" matrix: - env: STORAGE_DRIVER: 'vfs' TMPDIR: '/var/tmp' - env: STORAGE_DRIVER: 'overlay' setup_script: '${SCRIPT_BASE}/setup.sh conformance |& ${_TIMESTAMP}' conformance_test_script: '${SCRIPT_BASE}/test.sh conformance |& ${_TIMESTAMP}' integration_task: name: "Integration $DISTRO_NV$RUNTIME_N w/ $STORAGE_DRIVER" alias: integration skip: *not_build_docs depends_on: *smoke_vendor matrix: # VFS - env: DISTRO_NV: "${FEDORA_NAME}" IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'vfs' BUILDAH_RUNTIME: crun RUNTIME_N: " using crun" - env: DISTRO_NV: "${FEDORA_NAME}" IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'vfs' BUILDAH_RUNTIME: runc RUNTIME_N: " using runc" - env: DISTRO_NV: "${PRIOR_FEDORA_NAME}" IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'vfs' BUILDAH_RUNTIME: crun RUNTIME_N: " using crun" - env: DISTRO_NV: "${PRIOR_FEDORA_NAME}" IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'vfs' BUILDAH_RUNTIME: runc RUNTIME_N: " using runc" - env: DISTRO_NV: "${DEBIAN_NAME}" IMAGE_NAME: "${DEBIAN_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'vfs' # OVERLAY - env: DISTRO_NV: "${FEDORA_NAME}" IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'overlay' BUILDAH_RUNTIME: crun RUNTIME_N: " using crun" - env: DISTRO_NV: "${FEDORA_NAME}" IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'overlay' BUILDAH_RUNTIME: runc RUNTIME_N: " using runc" - env: DISTRO_NV: "${PRIOR_FEDORA_NAME}" IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'overlay' BUILDAH_RUNTIME: crun RUNTIME_N: " using crun" - env: DISTRO_NV: "${PRIOR_FEDORA_NAME}" IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'overlay' BUILDAH_RUNTIME: runc RUNTIME_N: " using runc" - env: DISTRO_NV: "${DEBIAN_NAME}" IMAGE_NAME: "${DEBIAN_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'overlay' gce_instance: image_name: "$IMAGE_NAME" cpu: 8 memory: "8G" # Separate scripts for separate outputs, makes debugging easier. setup_script: '${SCRIPT_BASE}/setup.sh |& ${_TIMESTAMP}' build_script: '${SCRIPT_BASE}/build.sh |& ${_TIMESTAMP}' integration_test_script: '${SCRIPT_BASE}/test.sh integration |& ${_TIMESTAMP}' binary_artifacts: path: ./bin/* always: &standardlogs audit_log_script: '$GOSRC/$SCRIPT_BASE/logcollector.sh audit' df_script: '$GOSRC/$SCRIPT_BASE/logcollector.sh df' journal_script: '$GOSRC/$SCRIPT_BASE/logcollector.sh journal' podman_system_info_script: '$GOSRC/$SCRIPT_BASE/logcollector.sh podman' buildah_version_script: '$GOSRC/$SCRIPT_BASE/logcollector.sh buildah_version' buildah_info_script: '$GOSRC/$SCRIPT_BASE/logcollector.sh buildah_info' package_versions_script: '$GOSRC/$SCRIPT_BASE/logcollector.sh packages' golang_version_script: '$GOSRC/$SCRIPT_BASE/logcollector.sh golang' integration_rootless_task: name: "Integration rootless $DISTRO_NV$RUNTIME_N w/ $STORAGE_DRIVER" alias: integration_rootless skip: *not_build_docs depends_on: *smoke_vendor matrix: # Running rootless tests on overlay # OVERLAY - env: DISTRO_NV: "${FEDORA_NAME}" IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'overlay' PRIV_NAME: rootless BUILDAH_RUNTIME: runc RUNTIME_N: " using runc" - env: DISTRO_NV: "${FEDORA_NAME}" IMAGE_NAME: "${FEDORA_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'overlay' PRIV_NAME: rootless BUILDAH_RUNTIME: crun RUNTIME_N: " using crun" - env: DISTRO_NV: "${PRIOR_FEDORA_NAME}" IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'overlay' PRIV_NAME: rootless BUILDAH_RUNTIME: runc RUNTIME_N: " using runc" - env: DISTRO_NV: "${PRIOR_FEDORA_NAME}" IMAGE_NAME: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'overlay' PRIV_NAME: rootless BUILDAH_RUNTIME: crun RUNTIME_N: " using crun" - env: DISTRO_NV: "${DEBIAN_NAME}" IMAGE_NAME: "${DEBIAN_CACHE_IMAGE_NAME}" STORAGE_DRIVER: 'overlay' PRIV_NAME: rootless gce_instance: image_name: "$IMAGE_NAME" cpu: 8 memory: "8G" # Separate scripts for separate outputs, makes debugging easier. setup_script: '${SCRIPT_BASE}/setup.sh |& ${_TIMESTAMP}' build_script: '${SCRIPT_BASE}/build.sh |& ${_TIMESTAMP}' integration_test_script: '${SCRIPT_BASE}/test.sh integration |& ${_TIMESTAMP}' binary_artifacts: path: ./bin/* always: <<: *standardlogs in_podman_task: name: "Containerized Integration" alias: in_podman skip: *not_build_docs depends_on: *smoke_vendor gce_instance: cpu: 8 memory: "8G" env: # This is key, cause the scripts to re-execute themselves inside a container. IN_PODMAN: 'true' BUILDAH_ISOLATION: 'chroot' STORAGE_DRIVER: 'vfs' # Separate scripts for separate outputs, makes debugging easier. setup_script: '${SCRIPT_BASE}/setup.sh |& ${_TIMESTAMP}' build_script: '${SCRIPT_BASE}/build.sh |& ${_TIMESTAMP}' integration_test_script: '${SCRIPT_BASE}/test.sh integration |& ${_TIMESTAMP}' binary_artifacts: path: ./bin/* always: <<: *standardlogs # Status aggregator for all tests. This task simply ensures a defined # set of tasks all passed, and allows confirming that based on the status # of this task. success_task: # N/B: The prow merge-bot (tide) is sensitized to this exact name, DO NOT CHANGE IT. # Ref: https://github.com/openshift/release/pull/48909 name: "Total Success" alias: success depends_on: - meta - smoke - unit - conformance - vendor - cross_build - integration - integration_rootless - in_podman container: image: "quay.io/libpod/alpine:latest" cpu: 1 memory: 1 env: CIRRUS_SHELL: direct # execute command directly clone_script: mkdir -p $CIRRUS_WORKING_DIR script: /bin/true