This refresh switches the CI for contributors to be triggered by merge
requests. Pushing to a branch in a fork will no longer run CI pipelines,
in order to avoid consuming CI minutes. To regain the original behaviour
contributors can opt-in to a pipeline on push
git push <remote> -o ci.variable=RUN_PIPELINE=1
This variable can also be set globally on the repository, though this is
not recommended. Upstream repo pushes to branches will run CI.
The use of containers has changed in this update, with only the upstream
repo creating containers, in order to avoid consuming contributors'
limited storage quotas. A fork with existing container images may delete
them. Containers will be rebuilt upstream when pushing commits with CI
changes to the default branch. Any other scenario with CI changes will
simply install build pre-requisite packages in a throaway environment,
using the ci/buildenv/ scripts. These scripts may also be used on a
contributor's local machines.
With pipelines triggered by merge requests, it is also now possible to
workaround the inability of contributors to run pipelines if they have
run out of CI quota. A project member can trigger a pipeline from the
merge request, which will run in context of upstream, however, note
this should only be done after reviewing the code for any malicious
CI changes.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The container jobs only exist if there was a dockerfile change in the
pipeline, so the dep from the 'codestyle' job needs to be marked as
optional
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This uses the command "lcitool manifest ci/manifest.yml" to re-generate
all existing dockerfiles and gitlab CI config.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The current docker:dind container has broken default seccomp filter that
results in clone3 being blocked, which in turn breaks Fedora 35 rawhide.
This custom image has a workaround that causes the seccomp filter to
return ENOSYS for clone3 instad of EPERM, thus triggering glibc to
fallback to clone correctly.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
A new 'codestyle' job is added for syntax-check, since that is not run
as part of the 'dist' target.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Previously meson searched $PATH for libgcrypt-config, but it no longer
does this for cross-builds.
The dockerfile changes can be dropped when the following hits rawhide
container images:
https://bugzilla.redhat.com/show_bug.cgi?id=1856446
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Currently on every distro we build against the latest git libvirt
and related deps. We need to test multiple axis:
- A variety of libvirt versions
- A variety of distro versions
So this changes most jobs to build against the distro provided
libvirt and related deps. The CentOS 8 job is kept building
against latest git master libvirt and deps.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Instead of building our own DCO check image, just reuse the common image
provided by the libvirt-ci project.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
