Skip to content

Run CI Against Podman #600

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Run CI Against Podman #600

wants to merge 1 commit into from

Conversation

Thomascountz
Copy link

The existing podman-rspec job in the unit_test.yaml workflow only installed Podman, but never started the engine. As a result the tets still talked to the pre-installed Docker daemon on /var/run/docker.sock, since that's what it defaults to. Docker.podman? never returned true and we were silently re-running the test suite with Docker.

https://github.com/actions/runner-images/blob/27d8a9d9026ab6e207340dde6e14f4faf3864e29/images/ubuntu/scripts/build/install-docker.sh#L60-L61

You can see that in the podman-rspec test runs, there are no specs skipped due to skip('Not supported on podman') if ::Docker.podman?, meaning we're not using Podman.

Proposed solution

1. Start a real Podman API service

podman system service unix://… is launched in the runner’s home directory and kept alive for the whole job.

2. Point the test suite at that socket

We export DOCKER_HOST so the gem connects to Podman, and set an EXPECT_PODMAN flag.

3. Fail fast if mis-configured

A guard in spec_helper.rb hard-exits when EXPECT_PODMAN=true but Docker.podman? is still false.

4. Remove Podman installation (Maybe?)

Podman is already pre-installed on GitHub Ubuntu runners so the custom install script is no longer called. But, perhaps it's better to keep it to ensure it's always available.

Additional notes

  • The new guard is a no-op in local development unless you explicitly set EXPECT_PODMAN=true.
  • If the Podman socket fails to start or the environment is mis-wired, the build fails immediately with a clear error message.
  • No additional packages or elevated privileges are required; the service runs rootless in the runner’s home directory.
  • Docker workflow remains unchanged and continues to validate against multiple Docker Engine versions.

@Thomascountz
Copy link
Author

Running against Podman locally and on my fork, I get these failures consistently.

Failures:

  1) Docker::Connection#resource resource 
     Failure/Error: its(:resource) { should be_a Excon::Connection }
     
     NoMethodError:
       private method `resource' called for an instance of Docker::Connection
     # ./spec/docker/connection_spec.rb:69:in `block (3 levels) in <top (required)>'

  2) Docker::Image.create with a block capturing create output calls the block and passes build output
     Failure/Error: expect(create_output).to match(/ulling.*busybox/)
     
       expected "{\"status\":\"Pulling fs layer\",\"progressDetail\":{},\"id\":\"086517b4ab5d\"}\n{\"status\":\"Downl...7f65c9eee073\"}\n{\"status\":\"Download complete\",\"progressDetail\":{},\"id\":\"7f65c9eee073\"}\n" to match /ulling.*busybox/
       Diff:
       @@ -1 +1,5 @@
       -/ulling.*busybox/
       +{"status":"Pulling fs layer","progressDetail":{},"id":"086517b4ab5d"}
       +{"status":"Download complete","progressDetail":{},"id":"086517b4ab5d"}
       +{"status":"Pulling fs layer","progressDetail":{},"id":"7f65c9eee073"}
       +{"status":"Download complete","progressDetail":{},"id":"7f65c9eee073"}
       +{"status":"Download complete","progressDetail":{},"id":"7f65c9eee073"}
       
     # ./spec/docker/image_spec.rb:479:in `block (4 levels) in <top (required)>'

  3) Docker::Image#push when there are no credentials still pushes
     Failure/Error: expect { raise(ex) }.to_not raise_error
     
       expected no Exception, got #<Docker::Error::ServerError:"{\"errorDetail\":{\"message\":\"trying to reuse blob sha256:83df073ecb7...5000: Get \\\"https://localhost:5000/v2/\\\": http: server gave HTTP response to HTTPS client\"}\n"> with backtrace:
         # ./lib/docker/connection.rb:91:in `rescue in request'
         # ./lib/docker/connection.rb:46:in `request'
         # ./lib/docker/connection.rb:111:in `block (2 levels) in <class:Connection>'
         # ./lib/docker/image.rb:37:in `push'
         # ./spec/docker/image_spec.rb:220:in `block (4 levels) in <top (required)>'
     # ./spec/docker/image_spec.rb:225:in `rescue in block (4 levels) in <top (required)>'
     # ./spec/docker/image_spec.rb:219:in `block (4 levels) in <top (required)>'
     # ------------------
     # --- Caused by: ---
     # Excon::Error::InternalServerError:
     #   Expected([200, 201, 202, 203, 204, 301, 304]) <=> Actual(500 InternalServerError)
     #   ./vendor/bundle/ruby/3.3.0/gems/excon-1.2.7/lib/excon/middlewares/expects.rb:13:in `response_call'

Finished in 1 minute 43.63 seconds (files took 1.07 seconds to load)
221 examples, 3 failures, 31 pending

Failed examples:

rspec ./spec/docker/connection_spec.rb:69 # Docker::Connection#resource resource 
rspec ./spec/docker/image_spec.rb:477 # Docker::Image.create with a block capturing create output calls the block and passes build output
rspec ./spec/docker/image_spec.rb:218 # Docker::Image#push when there are no credentials still pushes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Thomascountz