diff --git a/.gitignore b/.gitignore index 2069158..523a91e 100644 --- a/.gitignore +++ b/.gitignore @@ -232,3 +232,14 @@ /v2.233.0.tar.gz /v2.234.1.tar.gz /v2.234.2.tar.gz +/v2.235.0.tar.gz +/v2.236.0.tar.gz +/v2.237.0.tar.gz +/v2.238.0.tar.gz +/v2.239.0.tar.gz +/v2.240.0.tar.gz +/v2.241.0.tar.gz +/v2.242.0.tar.gz +/v2.243.0.tar.gz +/v2.244.0.tar.gz +/v2.245.0.tar.gz diff --git a/.packit.yaml b/.packit.yaml index c9b56ad..d25d664 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -13,9 +13,11 @@ files_to_sync: - src: plans/ dest: plans/ delete: true + mkpath: true - src: test/ dest: test/ delete: true + mkpath: true - src: .fmf/ dest: .fmf/ delete: true @@ -44,18 +46,17 @@ jobs: enable_net: true # container-selinux is noarch so we only need to test on one arch targets: &fedora_copr_targets - - fedora-development - - fedora-latest - - fedora-ltest-stable - - fedora-40 + - fedora-all-x86_64 + - fedora-all-aarch64 - job: copr_build trigger: pull_request packages: [container-selinux-eln] notifications: *copr_build_failure_notification enable_net: true - targets: - - fedora-eln + targets: &eln_copr_targets + - fedora-eln-x86_64 + - fedora-eln-aarch64 - job: copr_build trigger: pull_request @@ -63,8 +64,10 @@ jobs: notifications: *copr_build_failure_notification enable_net: true targets: ¢os_copr_targets - - centos-stream-9 - - centos-stream-10 + - centos-stream-9-x86_64 + - centos-stream-9-aarch64 + - centos-stream-10-x86_64 + - centos-stream-10-aarch64 # Run on commit to main branch # Build targets managed in copr settings @@ -94,6 +97,18 @@ jobs: - type: repository-file id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo + # Tests for Fedora + - job: tests + trigger: pull_request + packages: [container-selinux-eln] + notifications: *test_failure_notification + targets: *eln_copr_targets + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-eln/rhcontainerbot-podman-next-fedora-eln.repo + # Tests for CentOS Stream - job: tests trigger: pull_request diff --git a/README.packit b/README.packit index c18262a..db537f9 100644 --- a/README.packit +++ b/README.packit @@ -1,3 +1,3 @@ This repository is maintained by packit. https://packit.dev/ -The file was generated using packit 0.103.0. +The file was generated using packit 1.13.0. diff --git a/container-selinux.spec b/container-selinux.spec index e34b6fd..6348202 100644 --- a/container-selinux.spec +++ b/container-selinux.spec @@ -20,22 +20,22 @@ %define no_user_namespace 1 %endif -# copr_build is more intuitive than copr_username -%if %{defined copr_username} -%define copr_build 1 +# set copr_build is more intuitive than copr_username +%if %{defined copr_username} && "%{copr_username}" == "rhcontainerbot" && "%{copr_projectname}" == "podman-next" +%define next_build 1 %endif Name: container-selinux -# Set different Epochs for copr and koji -%if %{defined copr_build} +# Set different Epoch for rhcontainerbot/podman-next copr build +%if %{defined next_build} Epoch: 102 %else -Epoch: 2 +Epoch: 4 %endif # Keep Version in upstream specfile at 0. It will be automatically set # to the correct value by Packit for copr and koji builds. # IGNORE this comment if you're looking at it in dist-git. -Version: 2.234.2 +Version: 2.245.0 Release: %autorelease License: GPL-2.0-only URL: https://github.com/containers/%{name} @@ -111,6 +111,9 @@ fi %posttrans %selinux_relabel_post +# Empty placeholder check to silence rpmlint +%check + #define license tag if not already defined %{!?_licensedir:%global license %doc} diff --git a/gating.yaml b/gating.yaml index dbb1d91..c692db7 100644 --- a/gating.yaml +++ b/gating.yaml @@ -1,7 +1,9 @@ --- !Policy product_versions: - fedora-* -decision_context: bodhi_update_push_stable +decision_contexts: + - bodhi_update_push_stable + - bodhi_update_push_testing rules: - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} diff --git a/plans/main.fmf b/plans/main.fmf index 2e13af5..c758669 100644 --- a/plans/main.fmf +++ b/plans/main.fmf @@ -2,39 +2,29 @@ discover: how: fmf execute: how: tmt -adjust: +prepare: + - how: feature + epel: enabled + # TODO: Revisit this once https://github.com/teemtee/tmt/issues/3990 is in place. + # FIXME: For whatever reason, CentOS Stream envs end up upgrading container-selinux + # from podman-next instead of using the one installed by Packit. This apparently should + # be easier to handle once tmt#3990 is done. Things work as expected on Fedora already. - when: initiator == packit - because: "We need to test with updated packages from rhcontainerbot/podman-next copr" - prepare+: - how: shell - script: | - sed -i -n '/^priority=/!p;$apriority=1' /etc/yum.repos.d/*podman-next*.repo - dnf -y upgrade --allowerasing - # FIXME: Use epel10 once bats is available there - - when: distro == centos-stream-10 or distro == rhel-10 - because: "bats isn't yet available on epel10" - prepare+: - how: install - copr: rhcontainerbot/bats-el10 - package: bats - - when: distro == centos-stream-9 or distro == rhel-9 - because: "bats is present on EPEL on rhel9 / c9s" - prepare+: - how: feature - epel: enabled + how: shell + script: | + COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo" + if compgen -G $COPR_REPO_FILE > /dev/null; then + sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE + fi -/upstream: - summary: Run SELinux specific Podman tests on upstream PRs +/basic_check: discover+: - filter: tag:upstream - adjust+: - - enabled: false - when: initiator is not defined or initiator != packit + test: /test/basic_check -/downstream: - summary: Run SELinux specific Podman tests on bodhi / errata and dist-git PRs +/podman_rootful_system: discover+: - filter: tag:downstream - adjust+: - - enabled: false - when: initiator == packit + test: /test/podman_rootful_system + +/podman_rootless_system: + discover+: + test: /test/podman_rootless_system diff --git a/plans/tmt.fmf b/plans/tmt.fmf new file mode 100644 index 0000000..1941978 --- /dev/null +++ b/plans/tmt.fmf @@ -0,0 +1,9 @@ +/: + inherit: false + +summary: Run tmt's integration tests +plan: + import: + url: https://github.com/teemtee/tmt + path: /plans/friends + name: /podman diff --git a/sources b/sources index 1703887..ce107a4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v2.234.2.tar.gz) = 2ec931ca1bf3f62659944389ef9679c6bc283aa001c275ef84e5be0430e79090ec20a993cccd24c4122f7adc3bcf8338489e09b1e5ad548fde1eef840022281c +SHA512 (v2.245.0.tar.gz) = 0bc85980780631ceccb38f2fde64ff7f3792be18d4501806532f097deedde70f446e2389c543dd78e9087b45cd1a6916c0e096e6ea42dd77ac377ad4111b7db2 diff --git a/test/Makefile b/test/Makefile deleted file mode 100644 index 9088bd9..0000000 --- a/test/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -.PHONY: basic_check -basic_check: - semodule --list=full | grep container - semodule -B - rpm -Vqf /var/lib/selinux/*/active/modules/200/container - -.PHONY: podman_e2e_test -podman_e2e_test: - bash ./podman-tests.sh e2e - -.PHONY: podman_system_test -podman_system_test: - bash ./podman-tests.sh system - -clean: - rm -rf podman-*dev* podman.spec diff --git a/test/main.fmf b/test/main.fmf index bded6bc..741aef1 100644 --- a/test/main.fmf +++ b/test/main.fmf @@ -1,19 +1,34 @@ require: - - bats + - attr - container-selinux - - cpio - - golang - - make - - podman - podman-tests - policycoreutils +recommend: + - bats /basic_check: - tag: [ upstream, downstream ] summary: Run basic checks - test: make basic_check + test: | + semodule --list=full | grep container + semodule -B + rpm -Vqf /var/lib/selinux/*/active/modules/200/container -/podman_system_test: - tag: [ upstream, downstream ] +/podman_rootful_system: summary: Run SELinux specific Podman system tests - test: make podman_system_test + test: bash ./podman-rootful-tests.sh + +/podman_rootless_system: + summary: Run rootless Podman system tests + test: bash ./podman-rootless-tests.sh + require+: + - passt + - passt-selinux + environment: + ROOTLESS_USER: "fedora" + adjust: + - when: distro == centos-stream + environment+: + ROOTLESS_USER: "ec2-user" + - when: distro == rhel + environment+: + ROOTLESS_USER: "cloud-user" diff --git a/test/podman-tests.sh b/test/podman-rootful-tests.sh similarity index 77% rename from test/podman-tests.sh rename to test/podman-rootful-tests.sh index 0033d25..faa504b 100644 --- a/test/podman-tests.sh +++ b/test/podman-rootful-tests.sh @@ -10,7 +10,7 @@ if [[ "$(id -u)" -ne 0 ]];then fi # Print versions of distro and installed packages -rpm -q bats container-selinux golang podman podman-tests selinux-policy +rpm -q bats container-selinux podman podman-tests policycoreutils selinux-policy # Run podman system tests bats /usr/share/podman/test/system/410-selinux.bats diff --git a/test/podman-rootless-tests.sh b/test/podman-rootless-tests.sh new file mode 100644 index 0000000..e5583e0 --- /dev/null +++ b/test/podman-rootless-tests.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +set -exo pipefail + +cat /etc/redhat-release + +# Print versions of distro and installed packages +rpm -q bats container-selinux passt passt-selinux podman podman-tests policycoreutils selinux-policy + +loginctl enable-linger "$ROOTLESS_USER" + +# Run podman system tests +su - "$ROOTLESS_USER" -c "bats /usr/share/podman/test/system/410-selinux.bats" +su - "$ROOTLESS_USER" -c "bats /usr/share/podman/test/system/500-networking.bats" +su - "$ROOTLESS_USER" -c "bats /usr/share/podman/test/system/505-networking-pasta.bats"