From 4649c32a54da2bf3502a78c0d83a7dc525b7e3b5 Mon Sep 17 00:00:00 2001 From: classabbyamp Date: Sat, 22 Feb 2025 19:19:27 -0500 Subject: [PATCH] .github, common/travis: run CI without root this should allow package tests that check things like writability to succeed and have fewer skipped tests in CI. - switch to using the `void-LIBC-full` container - use `uchroot` instead of `ethereal` - simplify some scripts for this change --- .github/workflows/build.yaml | 102 +++++++++++---------------- .github/workflows/cycles.yaml | 25 +++---- common/scripts/lint-conflicts | 2 + common/travis/build.sh | 8 ++- common/travis/changed_templates.sh | 4 +- common/travis/check-install.sh | 28 +++++--- common/travis/fetch-xbps.sh | 2 +- common/travis/fetch-xtools.sh | 4 +- common/travis/prepare.sh | 14 ++-- common/travis/set_mirror.sh | 4 +- common/travis/show_files.sh | 12 ++-- common/travis/verify-update-check.sh | 2 +- common/travis/xlint.sh | 5 +- common/travis/xpkgdiff.sh | 12 ++-- 14 files changed, 111 insertions(+), 113 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 574e6a6584c..82c9a573374 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -21,9 +21,8 @@ jobs: runs-on: ubuntu-latest container: - image: 'ghcr.io/void-linux/void-buildroot-musl:20250214R1' + image: 'ghcr.io/void-linux/void-musl-full:20250227R1' env: - PATH: '/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin:/usr/local/bin:/tmp/bin' LICENSE_LIST: common/travis/license.lst steps: @@ -32,27 +31,28 @@ jobs: # switch to repo-ci mirror mkdir -p /etc/xbps.d && cp /usr/share/xbps.d/*-repository-*.conf /etc/xbps.d/ sed -i 's|repo-default|repo-ci|g' /etc/xbps.d/*-repository-*.conf - # Sync and upgrade once, assume error comes from xbps update - xbps-install -Syu || xbps-install -yu xbps - # Upgrade again (in case there was a xbps update) - xbps-install -yu - # install tools needed for lints - xbps-install -y grep curl git + # install dependencies + xbps-install -Syu xbps && xbps-install -yu && xbps-install -y sudo bash grep curl git + # create non-root user + useradd -G xbuilder -M builder + - name: Clone and checkout uses: classabbyamp/treeless-checkout-action@v1 - - name: Create hostrepo and prepare masterdir + + - name: Prepare masterdir run: | - ln -s "$(pwd)" /hostrepo && - common/travis/set_mirror.sh && - common/travis/prepare.sh && + chown -R builder:builder . && + sudo -Eu builder common/travis/set_mirror.sh && common/travis/fetch-xtools.sh - - run: common/travis/changed_templates.sh + + - name: Find changed templates + run: sudo -Eu builder common/travis/changed_templates.sh + - name: Run lints run: | - rv=0 - common/travis/xlint.sh || rv=1 - common/travis/verify-update-check.sh || rv=1 - exit $rv + sudo -Eu builder common/travis/verify-update-check.sh || rv=1 + sudo -Eu builder common/travis/xlint.sh || rv=1 + exit "${rv:-0}" # Build changed packages. build: @@ -61,14 +61,14 @@ jobs: if: "!contains(github.event.pull_request.title, '[ci skip]') && !contains(github.event.pull_request.body, '[ci skip]')" container: - image: ghcr.io/void-linux/void-buildroot-${{ matrix.config.libc }}:20250214R1 - options: --platform ${{ matrix.config.platform }} + image: ghcr.io/void-linux/void-${{ matrix.config.libc }}-full:20250227R1 + options: --platform ${{ matrix.config.platform }} --privileged + volumes: + - /dev:/dev env: - PATH: '/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin:/usr/local/bin:/tmp/bin' ARCH: '${{ matrix.config.arch }}' BOOTSTRAP: '${{ matrix.config.host }}' TEST: '${{ matrix.config.test }}' - HOSTREPO: /hostrepo strategy: fail-fast: false @@ -88,64 +88,44 @@ jobs: # switch to repo-ci mirror mkdir -p /etc/xbps.d && cp /usr/share/xbps.d/*-repository-*.conf /etc/xbps.d/ sed -i 's|repo-default|repo-ci|g' /etc/xbps.d/*-repository-*.conf - # Sync and upgrade once, assume error comes from xbps update - xbps-install -Syu || xbps-install -yu xbps - # Upgrade again (in case there was a xbps update) - xbps-install -yu + # install dependencies + xbps-install -Syu xbps && xbps-install -yu && xbps-install -y sudo bash curl git + # create non-root user + useradd -G xbuilder -M builder - name: Clone and checkout - env: - PATH: '/usr/libexec/chroot-git:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin:/usr/local/bin:/tmp/bin' uses: classabbyamp/treeless-checkout-action@v1 - - name: Create hostrepo and prepare masterdir + + - name: Prepare masterdir run: | - ln -s "$(pwd)" /hostrepo && - common/travis/set_mirror.sh && - common/travis/prepare.sh && + chown -R builder:builder . && + sudo -Eu builder common/travis/set_mirror.sh && + sudo -Eu builder common/travis/prepare.sh && common/travis/fetch-xtools.sh + - name: Find changed templates - env: - PATH: '/usr/libexec/chroot-git:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin:/usr/local/bin:/tmp/bin' - run: common/travis/changed_templates.sh + run: sudo -Eu builder common/travis/changed_templates.sh - name: Build and check packages - run: | - ( - here="$(pwd)" - cd / - "$here/common/travis/build.sh" "$BOOTSTRAP" "$ARCH" "$TEST" - ) + run: sudo -Eu builder common/travis/build.sh "$BOOTSTRAP" "$ARCH" "$TEST" - name: Show files - run: | - ( - here="$(pwd)" - cd / - "$here/common/travis/show_files.sh" "$BOOTSTRAP" "$ARCH" - ) + run: sudo -Eu builder common/travis/show_files.sh "$BOOTSTRAP" "$ARCH" - name: Compare to previous - run: | - ( - here="$(pwd)" - cd / - "$here/common/travis/xpkgdiff.sh" "$BOOTSTRAP" "$ARCH" - ) + run: sudo -Eu builder common/travis/xpkgdiff.sh "$BOOTSTRAP" "$ARCH" - name: Check file conflicts if: matrix.config.arch == 'x86_64' # the arch indexed in xlocate - env: - PATH: '/usr/libexec/chroot-git:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin:/usr/local/bin:/tmp/bin' run: | if [ -s /tmp/templates ]; then - xlocate -S && - common/scripts/lint-conflicts $HOME/hostdir/binpkgs + export XDG_CACHE_HOME="$PWD/.cache" + sudo -Eu builder xlocate -S && + sudo -Eu builder common/scripts/lint-conflicts fi - name: Verify repository state run: | - ( - here="$(pwd)" - cd / - "$here/common/travis/check-install.sh" "$BOOTSTRAP" "$ARCH" - ) + mkdir -p /check-install && + chown builder:builder /check-install && + sudo -Eu builder common/travis/check-install.sh "$BOOTSTRAP" "$ARCH" diff --git a/.github/workflows/cycles.yaml b/.github/workflows/cycles.yaml index 3381f7f2d5c..8f64d7a1e0d 100644 --- a/.github/workflows/cycles.yaml +++ b/.github/workflows/cycles.yaml @@ -1,6 +1,7 @@ name: 'Cycle Check' on: + workflow_dispatch: schedule: - cron: '0 18 * * *' @@ -10,33 +11,29 @@ jobs: permissions: issues: write container: - image: 'ghcr.io/void-linux/void-buildroot-musl:20250214R1' - env: - PATH: '/usr/libexec/chroot-git:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin:/usr/local/bin:/tmp/bin' + image: 'ghcr.io/void-linux/void-musl-full:20250227R1' steps: - name: Prepare container run: | # switch to repo-ci mirror mkdir -p /etc/xbps.d && cp /usr/share/xbps.d/*-repository-*.conf /etc/xbps.d/ sed -i 's|repo-default|repo-ci|g' /etc/xbps.d/*-repository-*.conf - # Sync and upgrade once, assume error comes from xbps update - xbps-install -Syu || xbps-install -yu xbps - # Upgrade again (in case there was a xbps update) - xbps-install -yu - # Install script dependencies - xbps-install -y python3-networkx github-cli + # install dependencies + xbps-install -Syu xbps && xbps-install -yu && xbps-install -y sudo bash grep git python3-networkx github-cli + # create non-root user + useradd -G xbuilder -M builder - name: Clone and checkout uses: classabbyamp/treeless-checkout-action@v1 - - name: Create hostrepo and prepare masterdir + - name: Prepare masterdir run: | - ln -s "$(pwd)" /hostrepo && - common/travis/set_mirror.sh && - common/travis/prepare.sh + chown -R builder:builder . && + sudo -Eu builder common/travis/set_mirror.sh + - name: Find cycles and open issues run: | - common/scripts/xbps-cycles.py | tee cycles + sudo -Eu builder common/scripts/xbps-cycles.py | tee cycles grep 'Cycle:' cycles | while read -r line; do if gh issue list -R "$GITHUB_REPOSITORY" -S "$line" | grep .; then printf "Issue on '%s' already exists.\n" "$line" diff --git a/common/scripts/lint-conflicts b/common/scripts/lint-conflicts index d98cf3b0a01..8e2854d0aa0 100755 --- a/common/scripts/lint-conflicts +++ b/common/scripts/lint-conflicts @@ -7,6 +7,8 @@ # With single path as argument, read that local repository. # With -a flag, find conflicts between packages indexed in xlocate. +set -e + if [ "$#" = 0 ]; then binpkgs="$PWD/hostdir/binpkgs" elif [ "$1" = -a ]; then diff --git a/common/travis/build.sh b/common/travis/build.sh index b3190573443..d8ec4eafc7d 100755 --- a/common/travis/build.sh +++ b/common/travis/build.sh @@ -1,7 +1,9 @@ -#!/bin/sh +#!/bin/bash # # build.sh +set -e + if [ "$1" != "$2" ]; then arch="-a $2" fi @@ -10,10 +12,10 @@ if [ "$3" = 1 ]; then test="-Q" fi -PKGS=$(/hostrepo/xbps-src $test sort-dependencies $(cat /tmp/templates)) +PKGS=$(./xbps-src $test sort-dependencies $(cat /tmp/templates)) for pkg in ${PKGS}; do - /hostrepo/xbps-src -j$(nproc) -s -H "$HOME"/hostdir $arch $test pkg "$pkg" + ./xbps-src -j$(nproc) -s $arch $test pkg "$pkg" [ $? -eq 1 ] && exit 1 done diff --git a/common/travis/changed_templates.sh b/common/travis/changed_templates.sh index 074c991d33a..c0764cd8c57 100755 --- a/common/travis/changed_templates.sh +++ b/common/travis/changed_templates.sh @@ -1,7 +1,9 @@ -#!/bin/sh +#!/bin/bash # # changed_templates.sh +set -e + tip="$(git rev-list -1 --parents HEAD)" case "$tip" in # This is a merge commit, pick last parent diff --git a/common/travis/check-install.sh b/common/travis/check-install.sh index 31dd104f1df..4bfb6e2c8d7 100755 --- a/common/travis/check-install.sh +++ b/common/travis/check-install.sh @@ -1,31 +1,37 @@ -#!/bin/sh +#!/bin/bash # # check-install.sh -export XBPS_TARGET_ARCH="$2" XBPS_DISTDIR=/hostrepo +set -e -if [ "$1" != "$XBPS_TARGET_ARCH" ]; then - triplet="$(/hostrepo/xbps-src -a "$XBPS_TARGET_ARCH" show-var XBPS_CROSS_TRIPLET)" - CONFDIR="-C /usr/$triplet/etc/xbps.d" +HOST_ARCH="$1" +export XBPS_TARGET_ARCH="$2" + +if [ "$HOST_ARCH" != "$XBPS_TARGET_ARCH" ]; then + triplet="$(./xbps-src -a "$XBPS_TARGET_ARCH" show-var XBPS_CROSS_TRIPLET)" + CONFDIR="-C $PWD/masterdir-$HOST_ARCH/usr/$triplet/etc/xbps.d" else - CONFDIR="-C /etc/xbps.d" + CONFDIR="-C $PWD/masterdir-$HOST_ARCH/etc/xbps.d" fi -mkdir /check-install +if ! [ -d /check-install ]; then + /bin/echo -e "\x1b[31m/check-install does not exist\x1b[0m" + exit 1 +fi mkdir -p /check-install/var/db/xbps/keys cp /var/db/xbps/keys/* /check-install/var/db/xbps/keys/ -ADDREPO="--repository=$HOME/hostdir/binpkgs/bootstrap - --repository=$HOME/hostdir/binpkgs - --repository=$HOME/hostdir/binpkgs/nonfree" +ADDREPO="--repository=hostdir/binpkgs/bootstrap + --repository=hostdir/binpkgs + --repository=hostdir/binpkgs/nonfree" ROOTDIR="-r /check-install" xbps-install $ROOTDIR $ADDREPO $CONFDIR -S while read -r pkg; do for subpkg in $(xsubpkg $pkg); do - /bin/echo -e "\x1b[32mTrying to install dependants of $subpkg:\x1b[0m" + /bin/echo -e "\x1b[32mTrying to install dependents of $subpkg:\x1b[0m" for dep in $(xbps-query $ADDREPO -RX "$subpkg"); do xbps-install \ $ROOTDIR $ADDREPO $CONFDIR \ diff --git a/common/travis/fetch-xbps.sh b/common/travis/fetch-xbps.sh index e5c58814282..f1474be1324 100755 --- a/common/travis/fetch-xbps.sh +++ b/common/travis/fetch-xbps.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # fetch-xbps.sh diff --git a/common/travis/fetch-xtools.sh b/common/travis/fetch-xtools.sh index 0dd9e6c532c..d22300f49f4 100755 --- a/common/travis/fetch-xtools.sh +++ b/common/travis/fetch-xtools.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # fetch-xtools.sh @@ -16,4 +16,4 @@ else xbps-fetch -o "$FILE" "$URL" || exit 1 fi -$TAR xf "$FILE" -C /tmp/bin --strip-components=1 || exit 1 +$TAR xf "$FILE" -C /usr/local/bin --strip-components=1 || exit 1 diff --git a/common/travis/prepare.sh b/common/travis/prepare.sh index 46072e9f81e..8969990d0d6 100755 --- a/common/travis/prepare.sh +++ b/common/travis/prepare.sh @@ -1,14 +1,16 @@ -#!/bin/sh +#!/bin/bash # # prepare.sh +set -e + /bin/echo -e '\x1b[32mUpdating etc/conf...\x1b[0m' echo XBPS_BUILD_ENVIRONMENT=void-packages-ci >> etc/conf echo XBPS_ALLOW_RESTRICTED=yes >> etc/conf -/bin/echo -e '\x1b[32mEnabling ethereal chroot-style...\x1b[0m' -echo XBPS_CHROOT_CMD=ethereal >> etc/conf -echo XBPS_ALLOW_CHROOT_BREAKOUT=yes >> etc/conf +/bin/echo -e '\x1b[32mEnabling uchroot chroot-style...\x1b[0m' +echo XBPS_CHROOT_CMD=uchroot >> etc/conf -/bin/echo -e '\x1b[32mLinking / to /masterdir...\x1b[0m' -ln -s / masterdir +/bin/echo -e '\x1b[32mBootstrapping...\x1b[0m' + +./xbps-src binary-bootstrap diff --git a/common/travis/set_mirror.sh b/common/travis/set_mirror.sh index 8159daceb61..0341c9a5bf8 100755 --- a/common/travis/set_mirror.sh +++ b/common/travis/set_mirror.sh @@ -1,4 +1,6 @@ -#!/bin/sh +#!/bin/bash + +set -e TRAVIS_MIRROR=repo-ci.voidlinux.org diff --git a/common/travis/show_files.sh b/common/travis/show_files.sh index c8de93a9aba..138f6982c5a 100755 --- a/common/travis/show_files.sh +++ b/common/travis/show_files.sh @@ -1,15 +1,17 @@ -#!/bin/sh +#!/bin/bash # # show_files.sh -export XBPS_TARGET_ARCH="$2" XBPS_DISTDIR=/hostrepo +set -e + +export XBPS_TARGET_ARCH="$2" while read -r pkg; do for subpkg in $(xsubpkg $pkg); do /bin/echo -e "\x1b[32mFiles of $subpkg:\x1b[0m" - xbps-query --repository=$HOME/hostdir/binpkgs/bootstrap \ - --repository=$HOME/hostdir/binpkgs \ - --repository=$HOME/hostdir/binpkgs/nonfree \ + xbps-query --repository=hostdir/binpkgs/bootstrap \ + --repository=hostdir/binpkgs \ + --repository=hostdir/binpkgs/nonfree \ -i -f "$subpkg" || /bin/echo -e "\x1b[33m $subpkg wasn't found\x1b[0m" done diff --git a/common/travis/verify-update-check.sh b/common/travis/verify-update-check.sh index 902ebc0d6b4..fe6eb61ca12 100755 --- a/common/travis/verify-update-check.sh +++ b/common/travis/verify-update-check.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # runs update-check on all changed templates, then errors only if there was an # issue with the update-check. does not error if further updates are available, # as there may be a good reason not to update to those versions diff --git a/common/travis/xlint.sh b/common/travis/xlint.sh index 0b2d12d0b0d..92e186cd5d0 100755 --- a/common/travis/xlint.sh +++ b/common/travis/xlint.sh @@ -1,14 +1,15 @@ -#!/bin/sh +#!/bin/bash # # xlint.sh EXITCODE=0 read base tip < /tmp/revisions +/bin/echo -e "\x1b[34mLinting commits...\x1b[0m" common/scripts/lint-commits $base $tip || EXITCODE=$? for t in $(awk '{ print "srcpkgs/" $0 "/template" }' /tmp/templates); do - /bin/echo -e "\x1b[32mLinting $t...\x1b[0m" + /bin/echo -e "\x1b[34mLinting $t...\x1b[0m" xlint "$t" > /tmp/xlint_out || EXITCODE=$? common/scripts/lint-version-change "$t" $base $tip > /tmp/vlint_out || EXITCODE=$? awk -f common/scripts/lint2annotations.awk /tmp/xlint_out /tmp/vlint_out diff --git a/common/travis/xpkgdiff.sh b/common/travis/xpkgdiff.sh index ce042c1628b..19f6419cc82 100755 --- a/common/travis/xpkgdiff.sh +++ b/common/travis/xpkgdiff.sh @@ -1,17 +1,19 @@ -#!/bin/sh +#!/bin/bash # # xpkgdiff.sh -export XBPS_TARGET_ARCH="$2" XBPS_DISTDIR=/hostrepo XBPS_HOSTDIR="$HOME/hostdir" +set -e + +export XBPS_TARGET_ARCH="$2" export DIFF='diff --unified=0 --report-identical-files --suppress-common-lines --color=always --label REPO --label BUILT' ARGS="-a $2 -R https://repo-ci.voidlinux.org/current" while read -r pkg; do for subpkg in $(xsubpkg $pkg); do - if xbps-query --repository=$HOME/hostdir/binpkgs/bootstrap \ - --repository=$HOME/hostdir/binpkgs \ - --repository=$HOME/hostdir/binpkgs/nonfree \ + if xbps-query --repository=hostdir/binpkgs/bootstrap \ + --repository=hostdir/binpkgs \ + --repository=hostdir/binpkgs/nonfree \ -i "$subpkg" >&/dev/null; then /bin/echo -e "\x1b[34mFile Diff of $subpkg:\x1b[0m" xpkgdiff $ARGS -f $subpkg