[master] Makefile: add "verify" target to test install of packages#697
Merged
Conversation
…ker#435) * * Verification scripts for rpm * Verification scripts for deb * Integrated verify step in release-packaging Jenkinsfile Signed-off-by: Zuhayr Elahi <elahi.zuhayr@gmail.com> * Merge pull request docker#439 from seemethere/remove_f31 [ce-19.03] ci: Remove fedora 31 arm64 * Revert "Merge pull request docker#439 from seemethere/remove_f31" This reverts commit 700e7a6b75938d96ab587b889077ec6a3dec9963, reversing changes made to caa1930f1f60c52afccd1ff06882c6e7c2200440. * [ce-19.03] ci: Re-add saveS3 (docker#437) [ce-19.03] ci: Re-add saveS3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 3880335d06a5960bc5754d4dc9c5c796ae06885b) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use the --force-depends in case other dependencies are
added in future, which would make dpkg -i fail.
Also bring back --no-install-recommmends to make install
slightly faster, and document the steps we're doing in
this script:
Install the locally built packages using 'dpkg' because installing with
'apt-get' would attempt to install dependency packages (such as the CLI)
from download.docker.com instead of the locally built CLI package. Given
that 'dpkg -i' does not install any dependency (but will fail if depen-
dencies are missing), we use the '--ignore-depends' option to ignore
packages we know to be missing at this stage, and '--force-depends' to
only warn about any other missing dependency.
Afterwards, we run 'apt-get install' with the '--fix-broken' option to
trigger installation of the dependencies, which should succceed succesfully.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 7da772e08ba12a09471650dc5b6d311c39470668)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
…verify [ce-nightly backport] Fix verify to not depend on download.docker.com
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Move the `ARCH` variable to the containerd script, as that's where it's used use the `pkg_config_manager` variable, which is not strictly nescessary (main use of the variable looks to be for `install_rpm_containerd`), but using the variable prevents linting warnings. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
ca-certs was not installed (or outdated) in the raspbian images, so explicitly install it. Also adding "--no-install-recommends" flag, to force explicitly including packages we need, instead of the implicitly being installed. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
[ce-nightly] build from upstream repositories instead of docker-ce mono-repo
This allows running the verify step in situations where containerd.io has not yet been pushed to the production package repo. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
…tage [ce-nightly] Verify: use "download-stage.docker.com" as default for deps
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
[ce-nightly] Fix for upstream changes, and remove EOL distros
Signed-off-by: Tibor Vass <tibor@docker.com>
[ce-nightly] Always use test channel when installing containerd
This is to avoid duplicate codepaths. Note that this completes the move of the tar.gz logic from release-packaging to docker-ce-packaging only for the deb/rpm cases. Static Linux, Windows and Mac were not touched. Also I still think this whole bundles tar.gz thing is useless, but this is what release-repo is currently consuming. This also makes rpms work, as the path structure changed in docker-ce-packaging to include distro. Signed-off-by: Tibor Vass <tibor@docker.com>
deb/rpm: reuse bundles targets from docker-ce-packaging
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It tries to make a daemon connection, which fails in this case;
docker scan --accept-license --version
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Makefile:193: recipe for target 'verify' failed
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Verify was failing, because we did a test-build to staging:
docker-ce is already the newest version (5:0.0.0-20210401100358-59fd6f0-0~ubuntu-xenial).
docker-ce-rootless-extras is already the newest version (5:0.0.0-20210401100358-59fd6f0-0~ubuntu-xenial).
docker-ce-cli is already the newest version (5:0.0.0-20210401100358-59fd6f0-0~ubuntu-xenial).
The following additional packages will be installed:
containerd.io iptables libnfnetlink0 libxtables11
The following NEW packages will be installed:
containerd.io iptables libnfnetlink0 libxtables11
The following packages will be DOWNGRADED:
docker-scan-plugin
What's happening is that;
- first, we `dpkg-install` docker-ce, docker-ce-cli, and docker-scan-plugin
from the packages we just built
- then, we `apt-get install` to verify that dependencies (`containerd`)
are installed
However, we have `docker-scan-plugin` 0.7 on staging, which it then tries to
install, but sees it's an older build, so a _downgrade_
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
[ce-nightly] Updates to build and verify docker-scan-plugin
If download-stage.docker.com already contains a previous build of docker-ce/docker-ce-cli, apt attempts to install that version, only to discover that it's an older build (and considered a "downgrade") This patch (hopefully) fixes that case, by not attempting to upgrade. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
[ce-nightly] verify: don't attempt to upgrade packages
…nd_strategy [ce-nightly] verify: remove old hack, and update comments to describe the process
Debian "sid" is not an actual distro version. Sid represents the "unstable"
channel ("next stable in-progress"). Currently, it is equivalent to "bullseye",
but once "bullseye" is stable, it becomes "bookworm", "trixy", etc (see the
list of Debian releases at https://wiki.debian.org/DebianReleases).
We should fix this hard-coded override, and instead try to get this name from
information in /var/lib/apt/lists/.
Also see docker/containerd-packaging#219 for details.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We should never build packages for "sid", which is a codename for "unstable", and instead use the codename that it's currently referring to (codename of next stable release). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This integrates the verify scripts from our internal release-packaging repository (ce-nightly branch), from commit a712afb008b56c7572e87b2bca81f1c50022ad2b docker/release-packaging@a712afb Strategy taken: # install filter-repo (https://github.com/newren/git-filter-repo/blob/main/INSTALL.md) brew install git-filter-repo cd ~/projects # create a temporary clone of docker git clone https://github.com/docker/release-packaging.git release_packaging_verify cd release_packaging_verify git checkout ce-nightly # remove all code, except for verify and install-containerd-helpers git filter-repo --path verify --path install-containerd-helpers --force # go to the target github.com/docker/docker-ce-packaging repository cd ~/projects/docker-ce-packaging # create a branch to work with git checkout -b integrate_verify # add the temporary repository as an upstream and make sure it's up-to-date git remote add release_packaging_verify ~/projects/release_packaging_verify git fetch release_packaging_verify # merge the upstream code git merge --allow-unrelated-histories --signoff -S release_packaging_verify/ce-nightly Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This verify step is primarily intended to verify that dependencies are defined correctly, and available on the given distro. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
changed the title
Member
Author
|
Ah, cool, so this is failing on ubuntu 18.04 "bionic", which is expected, and the reason for this PR; this shows the regression introduced in #686 (comment) |
Member
Author
|
So, the intent is to have this merged (even though it's failing currently), so that we can verify fixes for the issue mentioned (such as #696) |
rumpl
approved these changes
May 19, 2022
Member
Author
|
I'll bring this one in; then we can continue debugging the problem 👍 |
Member
Author
|
I guess we should also add this to the GitHub actions (which we're test-driving for x86 / amd64 builds) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This integrates one of the verify scripts from our internal pacakging repository
This verify step is primarily intended to verify that dependencies are defined
correctly, and available on the given distro.
Migrated from commit a712afb008b56c7572e87b2bca81f1c50022ad2b in our internal
repo (from the
ce-nightlybranch, which corresponds withmasterin thedocker-ce-packagingrepository); https://github.com/docker/release-packaging/commit/a712afb008b56c7572e87b2bca81f1c50022ad2bStrategy taken to preserve history: