DNF has more elaborate locking system and can wait for other instances of
itself when installing packages. Using rpm directly to install local
package is causing failures in CI due to it not being able to acquire
lock on `/var/lib/rpm/.rpm.lock`.
Using DNF should improve the situation, although there is no good
documentation to link and support this claim for sure.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Currently, we still have the issue with rogue instances. The latest commit in
the gitlab-ci-terraform repository prevents that by limiting the validity
of the spot fleet request to 4 hours which matches our maximum job duration
set in GitLab.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
We used pre-GA repositories previously. Since GA is now out, let's switch to
it. We need to do two changes:
- use the latest terraform definitions that use the GA images
- update Schutzfile to use GA repositories (and updates)
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
The new terraform runners support an extended lists of tags to get a
greater precision on the stats we can extract from AWS cost center.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Fedora-37 was using "ci-ssd" instance in RHOS-01 which does not support
nested KVM. This SHA switches them to use "ci" instances which do
support nested kvm.
This update removes all repos on the f-37 runner during provisioning
which should resolve issues with "updates-testing" repo being enabled
and not overwritten.
The checkout in the working directory is a shallow clone with gitlab as
a remote. As a result fast-forwarding failed due to not recognizing the
remote release branch as an ancestor of $CI_COMMIT_SHA.
This clones (with `--bare`) the github remote in a separate
directory. It should not be necessary to remove the release-ff-clone
directory each time, simply fetch if it already exists.
We want to be able to safely gather any artifacts without worrying about
any possible secrets leaking. Every artifacts that we want to upload
will now have to be placed in /tmp/artifacts which will then be uploaded
to S3 by the executor and link to the artifacts will be provided in the
logs. Only people with access to our AWS account can see them.
There appears to be a problem with nested virtualization on newly added
hypervisors with ssd. I believe the issue is not preset on regular
instances, so switching to those until the issues can be resolved.
RPM Spec
--------
Remove all Go dependecies
Add Start and End marker comments for bundling information
Add '-k' to goprep to preserve the vendor directory
tools
-----
Add script to update the RPM spec file to generate the indication lines
based on vendor/modules.txt
Packit
------
Run the new script as a post-upstream-clone hook
Makefile
--------
Run the new script on the generated spec file before generating the RPM
mockbuild.sh
------------
Run the new script before creating the RPM
scheduled cloud cleaner is skipping the default storage account for a
resource group, as this images should get removed. There can be a
situation where this images are not removed and forgotten here. Remove
this skip condition so scc checks also in this storage account.
All of the edge tests are being ran on every nightly compose inside
virt-qe Jenkins so no need to run all of them here as well. Keep just
ostree-raw-image.sh to cover edge testing for sign-off.
RHEL 9.0 will ship a brand new auxiliary key. Let's use it everywhere in our
RHEL 9 stuff. Taken from current RHEL 9.0's redhat-release package.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
It is good to know what system repositories are used exactly on the
runner. Also running the ci_details.sh in after_script can help during
any debugging as packages that got updated or installed during the run
can be easily identified.
