github.com/containers/podman/v4@v4.9.4/contrib/cirrus/prebuild.sh (about) 1 #!/bin/bash 2 3 set -eo pipefail 4 5 # This script attempts to confirm functional networking and 6 # connectivity to essential external servers. It also verifies 7 # some basic environmental expectations and shell-script sanity. 8 # It's intended for use early on in the podman CI system, to help 9 # prevent wasting time on tests that can't succeed due to some 10 # outage, failure, or missed expectation. 11 12 set -a 13 source /etc/automation_environment 14 source $AUTOMATION_LIB_PATH/common_lib.sh 15 set +a 16 17 req_env_vars CI DEST_BRANCH IMAGE_SUFFIX TEST_FLAVOR TEST_ENVIRON \ 18 PODBIN_NAME PRIV_NAME DISTRO_NV AUTOMATION_LIB_PATH \ 19 SCRIPT_BASE CIRRUS_WORKING_DIR FEDORA_NAME \ 20 VM_IMAGE_NAME 21 22 # Defined by the CI system 23 # shellcheck disable=SC2154 24 cd $CIRRUS_WORKING_DIR 25 26 msg "Checking Cirrus YAML" 27 # Defined by CI config. 28 # shellcheck disable=SC2154 29 showrun $SCRIPT_BASE/cirrus_yaml_test.py 30 31 msg "Checking for leading tabs in system tests" 32 if grep -n ^$'\t' test/system/*; then 33 die "Found leading tabs in system tests. Use spaces to indent, not tabs." 34 fi 35 36 # Lookup 'env' dict. string value from key specified as argument from YAML file. 37 get_env_key() { 38 local yaml 39 local script 40 41 yaml="$CIRRUS_WORKING_DIR/.github/workflows/scan-secrets.yml" 42 script="from yaml import safe_load; print(safe_load(open('$yaml'))['env']['$1'])" 43 python -c "$script" 44 } 45 46 # Only need to check CI-stuffs on a single build-task, there's only ever 47 # one prior-fedora task so use that one. 48 # Envars all defined by CI config. 49 # shellcheck disable=SC2154 50 if [[ "${DISTRO_NV}" == "$PRIOR_FEDORA_NAME" ]]; then 51 msg "Checking shell scripts" 52 showrun ooe.sh dnf install -y ShellCheck # small/quick addition 53 showrun shellcheck --format=tty \ 54 --shell=bash --external-sources \ 55 --enable add-default-case,avoid-nullary-conditions,check-unassigned-uppercase \ 56 --exclude SC2046,SC2034,SC2090,SC2064 \ 57 --wiki-link-count=0 --severity=warning \ 58 $SCRIPT_BASE/*.sh \ 59 ./.github/actions/check_cirrus_cron/* \ 60 hack/get_ci_vm.sh 61 62 # Tests for lib.sh 63 showrun ${SCRIPT_BASE}/lib.sh.t 64 65 # Run this during daily cron job to prevent a GraphQL API change/breakage 66 # from impacting every PR. Down-side being if it does fail, a maintainer 67 # will need to do some archaeology to find it. 68 # Defined by CI system 69 # shellcheck disable=SC2154 70 if [[ "$CIRRUS_CRON" == "main" ]]; then 71 export PREBUILD=1 72 showrun bash ${CIRRUS_WORKING_DIR}/.github/actions/check_cirrus_cron/test.sh 73 fi 74 fi 75 76 msg "Checking 3rd party network service connectivity" 77 # shellcheck disable=SC2154 78 cat ${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/required_host_ports.txt | \ 79 while read host port 80 do 81 if [[ "$port" -eq "443" ]] 82 then 83 echo "SSL/TLS to $host:$port" 84 echo -n '' | \ 85 err_retry 9 1000 "" openssl s_client -quiet -no_ign_eof -connect $host:$port 86 else 87 echo "Connect to $host:$port" 88 err_retry 9 1000 1 nc -zv -w 13 $host $port 89 fi 90 done 91 92 # Verify we can pull metadata from a few key testing images on quay.io 93 # in the 'libpod' namespace. This is mostly aimed at validating the 94 # quay.io service is up and responsive. Images were hand-picked with 95 # grep -E -ro 'quay.io/libpod/.+:latest' test | sort -u 96 TEST_IMGS=(\ 97 alpine:latest 98 busybox:latest 99 alpine_labels:latest 100 alpine_nginx:latest 101 alpine_healthcheck:latest 102 badhealthcheck:latest 103 cirros:latest 104 ) 105 106 msg "Checking quay.io test image accessibility" 107 for testimg in "${TEST_IMGS[@]}"; do 108 fqin="quay.io/libpod/$testimg" 109 echo " $fqin" 110 # Belt-and-suspenders: Catch skopeo (somehow) returning False or null 111 # in addition to "bad" (invalid) JSON. 112 skopeo inspect --retry-times 5 "docker://$fqin" | jq -e . > /dev/null 113 done