particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3187 commits 1 branch 0 tags 688 MiB
Commit graph

3187 commits

This branch
This branch
All branches
Author SHA1 Message Date
Thomas Lavocat
fec9a6d3e5 Cosmetics: adjust the vertical alignment 2021-12-15 09:41:32 +01:00
Thomas Lavocat
53cb1b952e Tests: generation works with dnf-json.socket down 
Test that the test cases generation will properly start the
dnf-json.socket when needed.
 2021-12-15 09:41:32 +01:00
Thomas Lavocat
e6a6ed01ea Tests: start dnf-json-socket when needed 2021-12-15 09:41:32 +01:00
sanne
83e16afda4 dnf-json: Can be started without systemd 
Instead of starting the socket in the entrypoint, make dnf-json able to
bind on the unixsocket by itself.
 2021-12-15 09:41:32 +01:00
Thomas Lavocat
0877ae3ac0 dnf-json: Avoid leaking memory on the Cpp side 
To avoid dnf leaking memory, dnf-json as a service calls fork() on each
request. This allow memory to be freed automatically when the process
handling the request is destroyed.
 2021-12-15 09:41:32 +01:00
Thomas Lavocat
f8281eee54 dnf-json: refactor 
Prepare the multi-cache architecture by doing some refactoring.
Mainly this commit adds a solver class that embeds all the logic around
dnf. Responsibilities of communicating on the socket and depsolving are
separated.
 2021-12-15 09:41:32 +01:00
Thomas Lavocat
ca126e9747 dnf-json: Change dnf-json to be a daemon 
The service is started via systemd activation sockets.
The service serves http POST requests, the same json as before is
expected as the body of the request, and the same json as before is sent
as the response of the request.
 2021-12-15 09:41:32 +01:00
Juan Abia
4875998cbe schutzbot: remove tagged gcp resources 
extend scheduled cloud cleaner functionality to clean old enough and
tagged gcp resources
 2021-12-14 12:20:31 +01:00
Juan Abia
9debf97f37 test/cases: tag gcp resources 
gcp test images are not tagged. Now we create the "gitlab-ci-test"
labbel so it's easier to remove them later.
 2021-12-14 12:20:31 +01:00
Thomas Lavocat
4da7ec68a0 openstack: use rhos-01 2021-12-13 19:11:13 +00:00
Tomas Hozza
d115baec03 Regenerate image test cases 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2021-12-13 12:33:16 +01:00
Tomas Hozza
66cd704198 RHEL-9.0: use the default partitioning scheme for all EC2 images 
This change is part of unifying the default partitioning scheme used by
all RHEL-9.0 images [1].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2022805

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2021-12-13 12:33:16 +01:00
Tomas Hozza
661cd2772d RHEL-9.0: add / fix BIOS boot partition size comment 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2021-12-13 12:33:16 +01:00
Tomas Hozza
52115716d7 RHEL-9.0: increase the size of /boot/efi partition to 200 MB 
Increase the size of /boot/efi partition in the default partition table
used for x86_64 and aarch64 architectures. The size is the same as what
is being used by RHEL EC2 aarch64 image as well as what ie being
suggested by RHEL-8 documentation [1]. There is currently no
documentation equivalent for RHEL-9 yet.

This change is part of unifying the default partitioning scheme used by
all RHEL-9.0 images.

[1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_installation/partitioning-reference_installing-rhel-as-an-experienced-user
[2] https://bugzilla.redhat.com/show_bug.cgi?id=2022805

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2021-12-13 12:33:16 +01:00
Tomas Hozza
4366acc8f4 RHEL-9.0: add separate /boot partition to default partition table 
Add a separate /boot partition to the default partition table used on
RHEL-9.0. The size is set to 500 MB, which is the value used by RHEL EC2
images. This change is needed to unify the default partitioning scheme
used by all RHEL-9.0 images [1].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2022805

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2021-12-13 12:33:16 +01:00
Alexander Todorov
af18116574 ci: CC QE in notification message 2021-12-13 12:12:41 +01:00
Juan Abia
610db6563a gosec: G601 - Implicit memory aliasing in for loop 
G601 warning doen't mean there's a vulnerabilty. But this code could
have unintended bugs. Disabling warnings locally.
 2021-12-13 12:17:30 +02:00
Juan Abia
8136209d17 gosec: G404 - Use of weak rng 
math/rand is good enough for uuids. disabling rule locally.
 2021-12-13 12:17:30 +02:00
Juan Abia
4f91a2cc81 gosec: G306-WriteFile permissions higher than 0600 
lower WriteFile permissions to 0600 (could break something)
 2021-12-13 12:17:30 +02:00
Juan Abia
b9f1ccbdf1 gosec: G505, G401 - crypto/sha1 module 
Disabling G505 and G401 gosec rules on specific lines on
internal/storage/storage.go to be able to use sha1 algorithm.
 2021-12-13 12:17:30 +02:00
Juan Abia
eb3fa3e5d4 gosec: G204 - Subproccess launched as function arg 
G204 doesn't necessarily indicate a bad behaviour. But could help
discover potential command injection vector.
 2021-12-13 12:17:30 +02:00
Juan Abia
0b9372fe0a gosec: G110 - Potential DoS vulnerability 
this vulnerability is already tested. Disabling issue in line
 2021-12-13 12:17:30 +02:00
Juan Abia
ceb72975c4 gosec: G402 - TLS MinVersion 
stablish minumim TLS version, so G402 from gosec doesn't get triggered
 2021-12-13 12:17:30 +02:00
Juan Abia
c8cf835db3 gosec: G401, G501 - Weak cryptographic primitive 
azure, koji and gcp use md5 hashes. Gosec is not happy with it, so we
create exceptions for them (G401, G501).
 2021-12-13 12:17:30 +02:00
Juan Abia
5a1460a6d1 golangci: enable gosec in golangci 
gosec is a security tools for golang. This change enables this tools
inside golangci-lint
 2021-12-13 12:17:30 +02:00
Simon Steinbeiss
d41ae15220 release-action: Send notification to our Slack channel 
Passing the webhook URL is necessary because GH composite actions don't
support handling secrets.
See also https://github.com/osbuild/release-action/pull/3

[skip ci]
 2021-12-13 09:48:34 +01:00
ondrejbudai
acafddbcd7 Post release version bump 
[skip ci]
 2021-12-09 17:29:14 +00:00
Ondřej Budai
df5074f509 test/regression: fix journalctl for workers 
Our workers are not named osbuild-worker but usually something like
osbuild-worker@1. Let's steal the code that determines the unit name
from other tests.

Signed-off-by: Ondřej Budai <ondrej@budai.cz>
 2021-12-09 12:02:24 +01:00
Ondřej Budai
1ac1409753 test/regression: remove the composes after the build is done 
Otherwise, we are leaking disk space.

Signed-off-by: Ondřej Budai <ondrej@budai.cz>
 2021-12-09 12:02:24 +01:00
Ondřej Budai
47551ffc67 test/regression: fix if formatting 
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
 2021-12-09 12:02:24 +01:00
Achilleas Koutsou
2e1f6ead4e store: set RHSM when initialising SourceConfig with a repo 
Fixes #2055
 2021-12-09 00:28:30 +01:00
Achilleas Koutsou
8c5e32ad9e spec: build all binaries with PIE 2021-12-08 22:03:57 +00:00
Gianluca Zuccarelli
1a709eda5c metrics: add initial job metrics 
Add job metrics to track the number of
pending/running jobs, the duration of
the jobs and how long the jobs spent in
the job queue.
 2021-12-08 21:49:43 +00:00
Jakub Rusz
4455fba187 tests/ostree-ng: add sudo to skopeo copy 
Permissions have changed since a new version of weldr-client.
 2021-12-08 12:12:53 +01:00
Jakub Rusz
6e5642c2d2 tests: add sudo to get_metadata function 
With new weldr-client package the metadata tar archive created has
permissions set to 600 instead of 644 which causes permission failures
when interacting with it. Adding sudo to resolve that.
 2021-12-08 12:12:53 +01:00
Ondřej Budai
969e4296f0 test/koji: patch koji 1.27 that accidentally removed --keytab 
See https://pagure.io/koji/pull-request/3172

Signed-off-by: Ondřej Budai <ondrej@budai.cz>
 2021-12-08 12:12:53 +01:00
Jakub Rusz
5eb8709a18 tests: add sudo to get_metadata function 
With new weldr-client package the metadata tar archive created has
permissions set to 600 instead of 644 which causes permission failures
when interacting with it. Adding sudo to resolve that.
 2021-12-08 12:12:53 +01:00
sanne
98abdf1902 templates: Max concurrent requests is required for the maintenance job 2021-12-08 10:31:33 +01:00
sanne
4224b2231b templates: CronJob is part of the batch/v1 api 2021-12-07 11:52:49 +01:00
Tomas Hozza
523bcdd98e generate-all-test-cases: add --build-rpms option 
Add `--build-rpms` option which will make the script build osbuild-composer
RPMs on the remote runner from the sources which were copied over. These
RPMs are then installed on the system, before any image test cases are
generated.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2021-12-07 09:19:41 +01:00
sanne
0379cb5796 templates: Add maintenance cronjob 2021-12-06 22:51:24 +01:00
Tomas Hozza
6c01d10f8b Use PackIt for building RPMs in COPR for PRs and commits to main 
Exclude s390x for now as it is emulated in COPR and `go` binary
segfaults when building osbuild-composer.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2021-12-06 08:41:09 +01:00
Alex Njaastad
0731857d6c fix uid 2021-12-03 18:38:50 +00:00
Alex Njaastad
595a6fea70 fix version, error-budget interval 2021-12-03 18:38:50 +00:00
Alex Njaastad
a389dae79d fix slo numbers 2021-12-03 18:38:50 +00:00
Alex Njaastad
72109bb775 more dashboard fixes 2021-12-03 18:38:50 +00:00
Alex Njaastad
79caf7b536 add more panels 2021-12-03 18:38:50 +00:00
Alex Njaastad
3cf41cddcd fix interval variable 2021-12-03 18:38:50 +00:00
Alex Njaastad
50bcdf7bc4 dashboard updates 2021-12-03 18:38:50 +00:00
Achilleas Koutsou
db6aefc600 test/data/repositories: switch to latest rpmrepo for RHEL 9.0 
Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
 2021-12-03 16:49:09 +00:00