[CI:BUILD] Podman FCOS image from main

Fixes: containers#19446, containers#19447, containers#19448 [NO NEW TESTS NEEDED] Co-authored-by: Chris Evich <[email protected]> Signed-off-by: Lokesh Mandvekar <[email protected]>
lsm5 · Aug 23, 2023 · fbbbf3a · fbbbf3a
1 parent c07f46e
commit fbbbf3a
Show file tree

Hide file tree

Showing 7 changed files with 120 additions and 0 deletions.
diff --git a/.cirrus.yml b/.cirrus.yml
@@ -989,6 +989,28 @@ test_image_build_task:
     env:
         DRYRUN: 1
 
+fcos_image_build_task: &fcos_image-build
+    name: "Build FCOS image $CTXDIR"
+    alias: fcos_image_build
+    only_if: $CIRRUS_PR == '' && $CIRRUS_BRANCH == 'main'
+    timeout_in: 120m  # emulation is sssllllooooowwww
+    gce_instance:
+        <<: *standardvm
+        image_name: build-push-${IMAGE_SUFFIX}
+        # More muscle required for parallel multi-arch build
+        type: "n2-standard-4"
+    matrix:
+        - env:
+            CTXDIR: contrib/podman-next/fcos-podmanimage
+    env:
+        DISTRO_NV: "${FEDORA_NAME}"  # Required for repo cache extraction
+        PODMAN_USERNAME: ENCRYPTED[b9f0f2550029dd2196e086d9dd6c2d1fec7e328630b15990d9bb610f9fcccb5baab8b64a8c3e72b0c1d0f5917cf65aa1]
+        PODMAN_PASSWORD: ENCRYPTED[e3444f6072853f0c8db7f964ead5e2204116af485469fa0de367f26b9316b460fd842a9882f552b9e9a83bbaf650d8b4]
+        CONTAINERS_USERNAME: ENCRYPTED[54a372d5f22f424173c114c6fb25c3214956cad323d5b285c7393a71041884ce96471d0ff733774e5dab9fa5a3c8795c]
+        CONTAINERS_PASSWORD: ENCRYPTED[4ecc3fb534935095a99fb1f2e320ac6bc87f3e7e186746e41cbcc4b5f5379a014b9fc8cc90e1f3d5abdbaf31580a4ab9]
+    setup_script: *setup
+    main_script: *main
+
 
 # This task is critical.  It updates the "last-used by" timestamp stored
 # in metadata for all VM images.  This mechanism functions in tandem with
@@ -1062,6 +1084,7 @@ success_task:
         - rootless_buildah_bud_test
         - upgrade_test
         - image_build
+        - fcos_image_build
         - meta
     container: &smallcontainer
         image: ${CTR_FQIN}

diff --git a/.packit.sh b/.packit.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+# This script handles any custom processing of the spec file using the `fix-spec-file`
+# action in .packit.yaml.
+
+set -eox pipefail
+
+PACKAGE=podman
+
+# Set path to rpm spec file
+SPEC_FILE=rpm/$PACKAGE.spec
+
+# Get Version from HEAD
+VERSION=$(grep '^const RawVersion' version/rawversion/version.go | cut -d\" -f2)
+
+# RPM Version can't take "-"
+RPM_VERSION=$(echo $VERSION | sed -e 's/-/~/')
+
+# Generate source tarball from HEAD
+git-archive-all -C $(git rev-parse --show-toplevel) --prefix=$PACKAGE-$VERSION/ rpm/$PACKAGE-$VERSION.tar.gz
+
+# RPM Spec modifications
+
+# Use the Version from HEAD in rpm spec
+sed -i "s/^Version:.*/Version: $RPM_VERSION/" $SPEC_FILE
+
+# Use Packit's supplied variable in the Release field in rpm spec.
+sed -i "s/^Release:.*/Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/" $SPEC_FILE
+
+# Ensure last part of the release string is the git shortcommit without a
+# prepended "g"
+sed -i "/^Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/ s/\(.*\)g/\1/" $SPEC_FILE
+
+# Use above generated tarball as Source in rpm spec
+sed -i "s/^Source0:.*.tar.gz/Source0: $PACKAGE-$VERSION.tar.gz/" $SPEC_FILE
+
+# Update setup macro to use the correct build dir
+sed -i "s/^%autosetup.*/%autosetup -Sgit -n %{name}-$VERSION/" $SPEC_FILE
diff --git a/.packit.yaml b/.packit.yaml
@@ -6,8 +6,13 @@ specfile_path: rpm/podman.spec
 upstream_tag_template: v{version}
 
 srpm_build_deps:
+  - git-archive-all
   - make
 
+actions:
+  fix-spec-file:
+    - "bash .packit.sh"
+
 jobs:
   - job: copr_build
     trigger: pull_request

diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh
@@ -338,6 +338,15 @@ function _run_gitlab() {
     return $ret
 }
 
+function _run_fcos_image_build() {
+    if [[ $CIRRUS_PR == '' && $CIRRUS_BRANCH == 'main' ]]; then
+        # wait-for-copr attempts 180 tries with 10s between each try by default
+        wait-for-copr --owner rhcontainerbot --project podman-next podman `git rev-parse --short HEAD`
+        podman build -t quay.io/podman/fcos:podman-next -f ./contrib/podman-next/fcos-podmanimage/Containerfile .
+        podman push quay.io/podman/fcos:podman-next
+    fi
+}
+
 # Name pattern for logformatter output file, derived from environment
 function output_name() {
     # .cirrus.yml defines this as a short readable string for web UI

diff --git a/contrib/podman-next/fcos-podmanimage/Containerfile b/contrib/podman-next/fcos-podmanimage/Containerfile
@@ -0,0 +1,16 @@
+FROM quay.io/fedora/fedora-coreos:stable
+
+# Setup the podman-next copr repo
+# Note: This might need to be updated from time to time to the latest GPG key.
+# The repo config itself is release agnotic but the GPG key might change.
+COPY rhcontainerbot-podman-next-fedora.repo /etc/yum.repos.d/
+COPY rhcontainerbot-podman-next-fedora.gpg /etc/pki/rpm-gpg/
+
+# Replace aardvark-dns, conmon, crun, netavark, podman, containers-common
+# Remove moby-engine, containerd, runc
+# Note: Currently does not result in a size reduction for the container image
+RUN rpm-ostree override replace --experimental --freeze \
+    --from repo="copr:copr.fedorainfracloud.org:rhcontainerbot:podman-next" \
+    aardvark-dns crun netavark podman containers-common containers-common-extra && \
+    rpm-ostree override remove moby-engine containerd runc && \
+    ostree container commit
diff --git a/contrib/podman-next/fcos-podmanimage/rhcontainerbot-podman-next-fedora.gpg b/contrib/podman-next/fcos-podmanimage/rhcontainerbot-podman-next-fedora.gpg
@@ -0,0 +1,19 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBGGpQ8EBCAC3a5QD6FsFzFPVsNDrIXNXz/yDOdh0PdUat6Fma26pB2ivar1K
+H03VrB8/zEmiM7qjgnR/Z3h0b6jkiOiqR39/+hQVKm2Hs222cnC8Tcj36FASpHDq
+GxVVceqs/9zMc1oJTcCkgfrLtOxsQxsLcln43z9e5TF/oSkFFoyhCtCyl8SBWrzb
+qk7ihoZVA/zn+CjyauniUwN+ezTSJj821AfeymF9mNzkqkh9HcPr2aze+0Mct/FV
+eUXfGJ2LQufvhgNHu/eg958Oz2mBJS2JUxDjoQSAYYXzWSmTTQ4ft2+aA9rlg16E
+88G1HnRsYXqail7UQM9Bspqnq5cd+JehEgodABEBAAG0VHJoY29udGFpbmVyYm90
+X3BvZG1hbi1uZXh0IChOb25lKSA8cmhjb250YWluZXJib3QjcG9kbWFuLW5leHRA
+Y29wci5mZWRvcmFob3N0ZWQub3JnPokBWAQTAQgAQhYhBEk3txShalNb9LOwGI5U
+Q5nYfes5BQJhqUPBAhsvBQkJZgGABQsJCAcCAyICAQYVCgkICwIEFgIDAQIeBwIX
+gAAKCRCOVEOZ2H3rOfdcB/4irNK45SoOjhMZpub+UjxqB6t7SSj1LucJVNJhLG7c
+80nTapczhoghk8zN5txdnPGKbwOzfYReB9NEb7w231yVu+JhIU/5kY2UTS3QA/uN
+UG0BBPZ+0yRuOYK4A/mX5BCceTzBkwRkPG7AM0tT7G5tJBt1Z6sQJMfj2drUKutn
++x1wJDsK4Ga0rDlpXsn81aQ7gZAUKiUiKXbujGDLyjPYwvKkjNA74CgAqz60RlXJ
+/LtcbS2pQV1ZuIpaHXyO+82IOmVJmXNL1YNfni5M60f+3/A9pyiiw3c1C+iho77N
+SfsgYLo0HKX7m1i4Q181F+RhSRgKmWP9PVRJ1H0xhDNO
+=P6WX
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/contrib/podman-next/fcos-podmanimage/rhcontainerbot-podman-next-fedora.repo b/contrib/podman-next/fcos-podmanimage/rhcontainerbot-podman-next-fedora.repo
@@ -0,0 +1,10 @@
+[copr:copr.fedorainfracloud.org:rhcontainerbot:podman-next]
+name=Copr repo for podman-next owned by rhcontainerbot
+baseurl=https://download.copr.fedorainfracloud.org/results/rhcontainerbot/podman-next/fedora-$releasever-$basearch/
+type=rpm-md
+skip_if_unavailable=True
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/rhcontainerbot-podman-next-fedora.gpg
+repo_gpgcheck=0
+enabled=1
+enabled_metadata=1