diff --git a/.cirrus.yml b/.cirrus.yml index 7ecd399c62..8d6f618064 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -58,7 +58,7 @@ env: gcp_credentials: ENCRYPTED[f448b0e5ed38a52ba93550305f9e38c9b0c03852b9fc3115930f231fc7124b7423e8c912b4d9e002cc34b3a7ac3c145b] # Default timeout for each task -timeout_in: 120m +timeout_in: 20m # Default VM to use unless set or modified by task gce_instance: @@ -71,8 +71,6 @@ gce_instance: storage_linux_testing: &linux_testing - depends_on: - - storage_lint gce_instance: # Only need to specify differences from defaults (above) image_name: "${VM_IMAGE}" @@ -136,30 +134,6 @@ storage_debian_testing_task: &storage_debian_testing - env: TEST_DRIVER: "btrfs" - -storage_lint_task: - alias: storage_lint - name: "Storage: Lint" - only_if: *only_if_storage - - env: - CIRRUS_WORKING_DIR: "/go/src/github.com/containers/storage" - container: - image: golang - modules_cache: - fingerprint_script: cat storage/go.sum - folder: $GOPATH/pkg/mod - build_script: | - apt-get update - apt-get install -y libbtrfs-dev libsubid-dev - test_script: | - cd storage - [ -n "${CIRRUS_BASE_SHA}" ] && git fetch origin ${CIRRUS_BASE_SHA} # Make ${CIRRUS_BASE_SHA} resolvable for git-validation - make TAGS=regex_precompile local-validate - make lint - make clean - - # Update metadata on VM images referenced by this repository state images_timestamp_update_task: alias: images_timestamp_update @@ -186,10 +160,9 @@ images_timestamp_update_task: script: '/usr/local/bin/entrypoint.sh |& ${_TIMESTAMP}' - -image_validate_task: - alias: image_validate - name: "Image: Validate" +image_cross_task: + alias: image_cross + name: "Image: Cross" only_if: &only_if_image >- $CIRRUS_PR == '' || changesInclude('.cirrus.yml', 'go.work', 'go.work.sum') || @@ -205,23 +178,6 @@ image_validate_task: # Eventually, hard-code FEDORA_CACHE_IMAGE_NAME here again and remove the # VM_IMAGE_NAME parameter. image_name: ${VM_IMAGE_NAME} - env: - HOME: "/root" # default unset, needed by golangci-lint. - VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} - script: | - cd image - git remote update - make tools - # TODO: Enable once we are done with monorepo tests. - # ${GOBIN}/git-validation -q -run DCO,short-subject,dangling-whitespace -range $(git merge-base origin/${DEST_BRANCH} HEAD)..${CIRRUS_CHANGE_IN_REPO} - make validate - - -image_cross_task: - alias: image_cross - name: "Image: Cross" - only_if: *only_if_image - gce_instance: *fedora_vm env: HOME: "/root" # default unset, needed by golangci-lint. VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} @@ -232,8 +188,6 @@ image_cross_task: image_test_task: alias: image_test - depends_on: - - image_validate only_if: *only_if_image gce_instance: *fedora_vm env: @@ -269,8 +223,6 @@ image_test_task: image_test_skopeo_task: alias: image_test_skopeo only_if: *only_if_image - depends_on: - - image_validate gce_instance: *fedora_vm env: HOME: "/root" # default unset, needed by golangci-lint. @@ -345,18 +297,6 @@ storage_gofix_task: # gofix anyway. git diff --diff-filter=M --exit-code -- . ":(exclude)*.crt" ":(exclude)*.key" ":(exclude)*.cert" -storage_codespell_task: - only_if: *only_if_storage - alias: storage_codespell - name: "Storage: codespell" - container: - image: python - build_script: pip install codespell - test_script: | - cd storage - codespell - - # Status aggregator for all tests. This task simply ensures a defined # set of tasks all passed, and allows confirming that based on the status # of this task. @@ -366,15 +306,12 @@ success_task: # Ref: https://github.com/openshift/release/pull/49820 name: "Total Success" depends_on: - - storage_lint - storage_fedora_testing - storage_debian_testing - images_timestamp_update - storage_cross - storage_gofix - - storage_codespell - common_testing - - image_validate - image_cross - image_test - image_test_skopeo diff --git a/common/.codespelldict b/.codespelldict similarity index 100% rename from common/.codespelldict rename to .codespelldict diff --git a/common/.codespellrc b/.codespellrc similarity index 73% rename from common/.codespellrc rename to .codespellrc index 93027e3dd6..452af6e235 100644 --- a/common/.codespellrc +++ b/.codespellrc @@ -2,10 +2,10 @@ [codespell] # Comma-separated list of files to skip. -skip = ./vendor,./.git #,bin,vendor,.git,go.sum,changelog.txt,.cirrus.yml,"RELEASE_NOTES.md,*.xz,*.gz,*.tar,*.tgz,bin2img,*ico,*.png,*.1,*.5,copyimg,*.orig,apidoc.go" +skip = ./.git,./image/signature/fixtures,./image/signature/simplesigning/testdata,./storage/tests/tools/vendor,./storage/AUTHORS # Comma separated list of words to be ignored. Words must be lowercased. -ignore-words-list = clos,creat,ro,hastable,shouldnot,mountns,passt +ignore-words-list = clos,creat,ro,hastable,shouldnot,mountns,passt,te,bu,afile,flate,prevend,Plack,worl # Custom dictionary file that contains spelling corrections. # Run with option '--dictionary=-' to include also default dictionary. diff --git a/.github/workflows/common-validate.yml b/.github/workflows/common-validate.yml deleted file mode 100644 index 425362986a..0000000000 --- a/.github/workflows/common-validate.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: validate - -on: - push: - branches: - - main - pull_request: - branches: - - main - -permissions: read-all - -env: - LINT_VERSION: v2.1.6 - -jobs: - common-codespell: - runs-on: ubuntu-24.04 - defaults: - run: - working-directory: ./common - steps: - - uses: actions/checkout@v4 - - name: install deps - # Version of codespell bundled with Ubuntu is way old, so use pip. - run: pip install --break-system-packages codespell==v2.3.0 - - name: run codespell - run: codespell --dictionary=- - common-lint: - runs-on: ubuntu-24.04 - defaults: - run: - working-directory: ./common - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 2 - - uses: actions/setup-go@v5 - with: - go-version: 1.25.x - - name: install deps - run: | - sudo apt-get -qq update - sudo apt-get -qq install libseccomp-dev - - name: lint - uses: golangci/golangci-lint-action@v8 - with: - version: "${{ env.LINT_VERSION }}" - args: --verbose - working-directory: ./common - # Extra linters, only checking new code from a pull request. - - name: lint-extra - uses: golangci/golangci-lint-action@v8 - with: - args: --config=.golangci-extra.yml - version: "${{ env.LINT_VERSION }}" - only-new-issues: true - working-directory: ./common - - - name: validate seccomp - run: ./tools/validate_seccomp.sh ./pkg/seccomp diff --git a/.github/workflows/image-codespell.yml b/.github/workflows/image-codespell.yml deleted file mode 100644 index b81bf76fef..0000000000 --- a/.github/workflows/image-codespell.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -name: Image - Codespell - -on: - push: - branches: [main] - pull_request: - branches: [main] - -permissions: - contents: read - -jobs: - image-codespell: - name: Check for spelling errors - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./image - - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: install deps - # Version of codespell bundled with Ubuntu is way old, so use pip. - run: pip install --break-system-packages codespell==v2.3.0 - - name: run codespell - run: codespell --dictionary=- diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml new file mode 100644 index 0000000000..acfb602748 --- /dev/null +++ b/.github/workflows/validate.yml @@ -0,0 +1,96 @@ +name: validate + +on: + push: + branches: + - main + pull_request: + branches: + - main + +permissions: read-all + +env: + LINT_VERSION: v2.1.6 + +jobs: + codespell: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + - name: install deps + # Version of codespell bundled with Ubuntu is way old, so use pip. + run: pip install --break-system-packages codespell==v2.4.1 + - name: run codespell + run: codespell --dictionary=- + + lint: + runs-on: ubuntu-24.04 + defaults: + run: + working-directory: ./common + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 2 + - uses: actions/setup-go@v5 + with: + go-version: 1.25.x + # By default the go cache will only use go.sum in the root which we don't have, + # make it use for all checksum files. + # https://github.com/actions/setup-go?tab=readme-ov-file#caching-dependency-files-and-build-outputs + cache-dependency-path: "**/go.sum" + - name: install deps + run: | + sudo apt-get -qq update + sudo apt-get -qq install libseccomp-dev libgpgme-dev libbtrfs-dev libsubid-dev + - name: lint-common + uses: golangci/golangci-lint-action@v8 + with: + version: "${{ env.LINT_VERSION }}" + args: --verbose + working-directory: ./common + # Extra linters, only checking new code from a pull request. + - name: lint-common-extra + uses: golangci/golangci-lint-action@v8 + with: + args: --config=.golangci-extra.yml + version: "${{ env.LINT_VERSION }}" + only-new-issues: true + working-directory: ./common + - name: lint-image + uses: golangci/golangci-lint-action@v8 + with: + version: "${{ env.LINT_VERSION }}" + args: --verbose + working-directory: ./image + - name: lint-storage + uses: golangci/golangci-lint-action@v8 + with: + version: "${{ env.LINT_VERSION }}" + args: --verbose + working-directory: ./storage + + - name: validate seccomp + run: ./tools/validate_seccomp.sh ./pkg/seccomp + + git-validate: + # only run this on PRs + if: github.event_name == 'pull_request' + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@v4 + with: + # By default github actions creates a merge commit which fails the validation, + # we only must validate the actual commits of the author. + ref: ${{ github.event.pull_request.head.sha }} + fetch-depth: ${{ github.event.pull_request.commits }} + - uses: actions/setup-go@v5 + with: + go-version: 1.25.x + # See comment on lint task + cache-dependency-path: "**/go.sum" + - name: install deps + run: go install github.com/vbatts/git-validation@v1.2.2 + - name: run git-validation + run: git-validation -q -run DCO,short-subject,dangling-whitespace -range "HEAD~${{ github.event.pull_request.commits }}..HEAD" diff --git a/image/.codespellrc b/image/.codespellrc deleted file mode 100644 index df04cb4d68..0000000000 --- a/image/.codespellrc +++ /dev/null @@ -1,6 +0,0 @@ -# See https://github.com/codespell-project/codespell#using-a-config-file -[codespell] -skip = ./vendor,./.git,./go.sum,./signature/fixtures,./signature/simplesigning/testdata - -# NOTE words added to the list below need to be lowercased. -ignore-words-list = te,bu diff --git a/image/signature/sigstore/rekor/testdata/start-rekor.sh b/image/signature/sigstore/rekor/testdata/start-rekor.sh index 4c00cd975d..5daa1a8106 100755 --- a/image/signature/sigstore/rekor/testdata/start-rekor.sh +++ b/image/signature/sigstore/rekor/testdata/start-rekor.sh @@ -36,7 +36,7 @@ podman run -d --pod $POD_NAME --name rekor-db-$SUFFIX \ # The db takes a bit to start up, wait until it is ready otherwise the trillian # containers fail to start due the missing db connection. -max_retries=20 +max_retries=40 retries=0 while [[ $retries -le $max_retries ]]; do out=$(podman logs rekor-db-$SUFFIX 2>&1) @@ -46,7 +46,9 @@ while [[ $retries -le $max_retries ]]; do retries=$((retries + 1)) if [[ $retries -ge $max_retries ]]; then - echo "Failed to wait for the database to become ready" + echo "Failed to wait for the database to become ready, logs:" + echo "$out" + podman ps podman pod rm -f -t0 $POD_NAME exit 1 fi diff --git a/storage/.codespellrc b/storage/.codespellrc deleted file mode 100644 index 2af969196e..0000000000 --- a/storage/.codespellrc +++ /dev/null @@ -1,3 +0,0 @@ -[codespell] -skip = ./.git,./vendor,./tests/tools/vendor,AUTHORS -ignore-words-list = afile,flate,prevend,Plack,worl diff --git a/storage/contrib/cirrus/build_and_test.sh b/storage/contrib/cirrus/build_and_test.sh index ad00c9b7c8..bfee27775d 100755 --- a/storage/contrib/cirrus/build_and_test.sh +++ b/storage/contrib/cirrus/build_and_test.sh @@ -9,7 +9,6 @@ pwd ls -l make install.tools showrun make local-binary -showrun make local-cross case $TEST_DRIVER in overlay)