Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#320) #1169

Workflow file for this run

.github/workflows/docker-image.yml at c8c4103

	name: Fetchit Build and test

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]

	env:
	CGO_ENABLED: 0
	PODMAN_VER: v4.9.4

	jobs:

	build-podman-v4:
	env:
	CGO_ENABLED: 1 # CGO is required for podman
	runs-on: ubuntu-20.04
	steps:
	- name: Cache podman bin
	id: cache-podman-bin
	uses: actions/cache@v3
	with:
	path: \|
	./bin
	key: ${{ runner.os }}-podman-${{ env.PODMAN_VER }}
	restore-keys: \|
	${{ runner.os }}-podman
	- uses: actions/checkout@v3
	if: steps.cache-podman-bin.outputs.cache-hit != 'true'
	with:
	repository: containers/podman
	ref: v4.9.4

	- uses: actions/setup-go@v2
	if: steps.cache-podman-bin.outputs.cache-hit != 'true'
	with:
	go-version: ${{ env.GOVER }}

	- name: Cache go modules
	if: steps.cache-podman-bin.outputs.cache-hit != 'true'
	uses: actions/cache@v2
	with:
	# In order:
	# * Module download cache
	# * Build cache (Linux)
	path: \|
	~/go/pkg/mod
	~/.cache/go-build
	key: ${{ runner.os }}-go-podman-${{ hashFiles('**/go.sum') }}
	restore-keys: \|
	${{ runner.os }}-go-podman
	- name: Add build packages
	if: steps.cache-podman-bin.outputs.cache-hit != 'true'
	run: sudo apt install -y libsystemd-dev libseccomp-dev pkg-config golang-github-proglottis-gpgme-dev

	- name: Build podman v4
	if: steps.cache-podman-bin.outputs.cache-hit != 'true'
	run: make binaries

	# store podman binary as artifact
	- uses: actions/upload-artifact@v3
	with:
	name: podman-bins
	path: bin

	build:

	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v2

	- name: Install required packages
	run: sudo apt install curl

	- name: Build the image
	run: go mod tidy -compat=1.17 && go mod vendor && docker build . --file Dockerfile --tag quay.io/fetchit/fetchit-amd:latest

	- name: Export image
	run: docker save -o /tmp/fetchit.tar quay.io/fetchit/fetchit-amd:latest

	- name: Save container as artifact
	uses: actions/upload-artifact@v1
	with:
	name: fetchit-image
	path: /tmp/fetchit.tar

	build-ansible-amd:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2

	- name: Build the image
	run: go mod tidy -compat=1.17 && go mod vendor && make build-ansible-cross-build-linux-amd64

	- name: docker list images
	run: docker images

	- name: Export image
	run: podman save -o /tmp/ansible-amd.tar quay.io/fetchit/fetchit-ansible-amd:latest

	- name: Save container as artifact
	uses: actions/upload-artifact@v1
	with:
	name: ansible-image-amd
	path: /tmp/ansible-amd.tar

	build-ansible-arm:
	runs-on: ubuntu-latest
	needs: [ build, raw-validate, fetchit-config-target-no-config-validate, fetchit-config-reload-validate, clean-validate, kube-validate, systemd-validate, systemd-enable-validate, systemd-user-enable-validate, systemd-autoupdate-validate, systemd-restart-validate, systemd-validate-exact-file, multi-engine-validate, make-change-to-repo, filetransfer-validate, filetransfer-validate-exact-file, ansible-validate, loader-validate, disconnected-validate ]
	if: >
	(github.event_name == 'push' \|\| github.event_name == 'schedule') &&
	(github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/v'))
	steps:
	- uses: actions/checkout@v2

	- name: update system
	run: sudo apt-get update

	- name: Install required packages
	run: sudo apt install podman build-essential qemu-user qemu-user-static

	- name: Build the image
	run: go mod tidy -compat=1.17 && go mod vendor && CTR_CMD=podman make build-ansible-cross-build-linux-arm64

	- name: Export image
	run: podman save -o /tmp/ansible-arm.tar quay.io/fetchit/fetchit-ansible-arm:latest

	- name: Save container as artifact
	uses: actions/upload-artifact@v1
	with:
	name: ansible-image-arm
	path: /tmp/ansible-arm.tar

	pull-and-archive:
	runs-on: ubuntu-latest
	steps:
	- name: pull the colors image
	run: podman pull docker.io/mmumshad/simple-webapp-color:latest

	- name: archive the image
	run: podman save -o /tmp/colors.tar docker.io/mmumshad/simple-webapp-color:latest

	- name: save the container as an artifact
	uses: actions/upload-artifact@v1
	with:
	name: colors
	path: /tmp/colors.tar

	build-systemd-amd:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2

	- name: Build the image
	run: go mod tidy -compat=1.17 && go mod vendor && make build-systemd-cross-build-linux-amd64

	- name: docker list images
	run: docker images

	- name: Export image
	run: podman save -o /tmp/systemd-amd.tar quay.io/fetchit/fetchit-systemd-amd:latest

	- name: Save container as artifact
	uses: actions/upload-artifact@v1
	with:
	name: systemd-image-amd
	path: /tmp/systemd-amd.tar

	build-systemd-arm:
	runs-on: ubuntu-latest
	needs: [ build, raw-validate, fetchit-config-target-no-config-validate, fetchit-config-reload-validate, clean-validate, kube-validate, systemd-validate, systemd-enable-validate, systemd-user-enable-validate, systemd-autoupdate-validate, systemd-restart-validate, systemd-validate-exact-file, multi-engine-validate, make-change-to-repo, filetransfer-validate, filetransfer-validate-exact-file, ansible-validate, loader-validate, disconnected-validate ]
	if: >
	(github.event_name == 'push' \|\| github.event_name == 'schedule') &&
	(github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/v'))
	steps:
	- uses: actions/checkout@v2

	- name: update system
	run: sudo apt-get update

	- name: Install required packages
	run: sudo apt install podman build-essential qemu-user qemu-user-static

	- name: Build the image
	run: go mod tidy -compat=1.17 && go mod vendor && CTR_CMD=podman make build-systemd-cross-build-linux-arm64

	- name: Export image
	run: podman save -o /tmp/systemd-arm.tar quay.io/fetchit/fetchit-systemd-arm:latest

	- name: Save container as artifact
	uses: actions/upload-artifact@v1
	with:
	name: systemd-image-arm
	path: /tmp/systemd-arm.tar

	fetchit-config-target-no-config-validate:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: create fetchit config directory
	run: sudo mkdir /root/.fetchit

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v /root/.fetchit:/opt/mount -e FETCHIT_CONFIG_URL=https://raw.githubusercontent.com/josephsawaya/fetchit/fix-target-path/examples/raw-config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: identify colors container
	run: timeout 150 bash -c -- 'c=0 ; until [ $c -eq 2 ]; do c=$(sudo podman ps \| grep colors \| wc -l); done'

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: verify container is running
	run: if [[ $(sudo podman ps \| grep -v CON= \| grep colors \| wc -l) = "2" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: Print the current running container
	run: sudo podman ps

	fetchit-config-reload-validate:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: move config file to default location
	run: sudo mkdir "${HOME}"/.fetchit && sudo cp ./examples/config-url.yaml "${HOME}"/.fetchit/config.yaml

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v "${HOME}"/.fetchit/config.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: identify colors container
	run: timeout 150 bash -c -- 'c=0 ; until [ $c -eq 2 ]; do c=$(sudo podman ps \| grep colors \| wc -l); done'

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: verify container is running
	run: if [[ $(sudo podman ps \| grep -v CON= \| grep colors \| wc -l) = "2" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: Print the current running container
	run: sudo podman ps

	fetchit-config-PAT-validate:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: swap in the GITHUB PAT token
	run: sudo sed -i "s/CHANGEME/${{ secrets.GITHUB_TOKEN }}/g" ./examples/pat-testing-config.yaml

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/pat-testing-config.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: identify colors container
	run: timeout 150 bash -c -- 'c=0 ; until [ $c -eq 2 ]; do c=$(sudo podman ps \| grep colors \| wc -l); done'

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: verify container is running
	run: if [[ $(sudo podman ps \| grep -v CON= \| grep colors \| wc -l) = "2" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: Print the current running container
	run: sudo podman ps

	fetchit-PAT-kube-validate:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: swap in the GITHUB PAT token
	run: sudo sed -i "s/CHANGEME/${{ secrets.GITHUB_TOKEN }}/g" ./examples/pat-testing-kube.yaml

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/pat-testing-kube.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: Wait for fetchit to deploy
	run: sleep 1m

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: verify container is running
	run: if [[ $(sudo podman pod ps \| grep -v CON= \| grep colors_pod \| wc -l) = "1" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: Print the current running container
	run: sudo podman ps

	raw-validate:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/raw-config.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: identify colors container
	run: timeout 150 bash -c -- 'c=0 ; until [ $c -eq 2 ]; do c=$(sudo podman ps \| grep colors \| wc -l); done'

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: verify container is running
	run: if [[ $(sudo podman ps \| grep -v CON= \| grep colors \| wc -l) = "2" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: Print the current running container
	run: sudo podman ps

	- name: Check the capabilities of cap1
	run: if [[ $(sudo podman container inspect cap1 --format {{.EffectiveCaps}} \| grep NET_ADMIN \| wc -l) = "1" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: Check that no capabilities exist for cap2
	run: if [[ $(sudo podman container inspect cap2 --format {{.EffectiveCaps}} \| jq length) = "0" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: 'Check that the "owned-by:fetchit" label is applied'
	run: \|
	declare -i numContainers=$(sudo podman ps --filter label=owned-by=fetchit \| wc -l)
	if (( numContainers > 1 )); then
	echo 'Successfully applied labels'
	else
	exit 1
	fi

	# check against a garbage label
	declare -i checkAgainst=$(sudo podman ps --filter label=owned-by=abcdefghijklmnopqrstuvwxyz \| wc -l)
	if (( checkAgainst == numContainers )); then
	echo 'container amount with label cannot equal container amount with nonexistent label'
	exit 1
	else
	echo 'Label was applied correctly'
	fi

	podman-secret-validate:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: generate podman secret
	run: \|
	export GH_PAT=${{ secrets.GITHUB_TOKEN }}
	podman secret create --env GH_PAT GH_PAT

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/podman-secret-raw.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: identify colors container
	run: timeout 150 bash -c -- 'c=0 ; until [ $c -eq 2 ]; do c=$(sudo podman ps \| grep colors \| wc -l); done'

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: verify container is running
	run: if [[ $(sudo podman ps \| grep -v CON= \| grep colors \| wc -l) = "2" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: Print the current running container
	run: sudo podman ps

	- name: Check the capabilities of cap1
	run: if [[ $(sudo podman container inspect cap1 --format {{.EffectiveCaps}} \| grep NET_ADMIN \| wc -l) = "1" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: Check that no capabilities exist for cap2
	run: if [[ $(sudo podman container inspect cap2 --format {{.EffectiveCaps}} \| jq length) = "0" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: 'Check that the "owned-by:fetchit" label is applied'
	run: \|
	declare -i numContainers=$(sudo podman ps --filter label=owned-by=fetchit \| wc -l)
	if (( numContainers > 1 )); then
	echo 'Successfully applied labels'
	else
	exit 1
	fi

	# check against a garbage label
	declare -i checkAgainst=$(sudo podman ps --filter label=owned-by=abcdefghijklmnopqrstuvwxyz \| wc -l)
	if (( checkAgainst == numContainers )); then
	echo 'container amount with label cannot equal container amount with nonexistent label'
	exit 1
	else
	echo 'Label was applied correctly'
	fi

	podman-config-secret-validate:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: generate podman secret
	run: \|
	export GH_PAT=${{ secrets.GITHUB_TOKEN }}
	podman secret create --env GH_PAT GH_PAT

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/podman-secret-raw-config.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: identify colors container
	run: timeout 150 bash -c -- 'c=0 ; until [ $c -eq 2 ]; do c=$(sudo podman ps \| grep colors \| wc -l); done'

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: verify container is running
	run: if [[ $(sudo podman ps \| grep -v CON= \| grep colors \| wc -l) = "2" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: Print the current running container
	run: sudo podman ps

	- name: Check the capabilities of cap1
	run: if [[ $(sudo podman container inspect cap1 --format {{.EffectiveCaps}} \| grep NET_ADMIN \| wc -l) = "1" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: Check that no capabilities exist for cap2
	run: if [[ $(sudo podman container inspect cap2 --format {{.EffectiveCaps}} \| jq length) = "0" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: 'Check that the "owned-by:fetchit" label is applied'
	run: \|
	declare -i numContainers=$(sudo podman ps --filter label=owned-by=fetchit \| wc -l)
	if (( numContainers > 1 )); then
	echo 'Successfully applied labels'
	else
	exit 1
	fi

	# check against a garbage label
	declare -i checkAgainst=$(sudo podman ps --filter label=owned-by=abcdefghijklmnopqrstuvwxyz \| wc -l)
	if (( checkAgainst == numContainers )); then
	echo 'container amount with label cannot equal container amount with nonexistent label'
	exit 1
	else
	echo 'Label was applied correctly'
	fi

	config-env-raw-validate:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: Start fetchit with environment variable config
	run: \|
	sudo podman run -d --name fetchit -v fetchit-volume:/opt -e FETCHIT_CONFIG="$(cat ./examples/raw-config.yaml)" -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: identify colors container
	run: timeout 150 bash -c -- 'c=0 ; until [ $c -eq 2 ]; do c=$(sudo podman ps \| grep colors \| wc -l); done'

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: verify container is running
	run: if [[ $(sudo podman ps \| grep -v CON= \| grep colors \| wc -l) = "2" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: Print the current running container
	run: sudo podman ps

	- name: Check the capabilities of cap1
	run: if [[ $(sudo podman container inspect cap1 --format {{.EffectiveCaps}} \| grep NET_ADMIN \| wc -l) = "1" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: Check that no capabilities exist for cap2
	run: if [[ $(sudo podman container inspect cap2 --format {{.EffectiveCaps}} \| jq length) = "0" ]] ; then echo "Container successfully launched"; else exit 1; fi
	filetransfer-validate:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: Create destination directory
	run: sudo mkdir /tmp/ft

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/filetransfer-config.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: Wait for fetchit to deploy
	run: timeout 150 bash -c "until [ -f /tmp/ft/anotherfile.txt ]; do sleep 2; done"

	- name: Wait for fetchit to deploy
	run: timeout 150 bash -c "until [ -f /tmp/ft/hello.txt ]; do sleep 2; done"

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: ensure container is gone
	run: sudo podman ps -a

	filetransfer-validate-exact-file:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: Create destination directory
	run: sudo mkdir -p /tmp/ft/single

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/filetransfer-config-single-file.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: Wait for fetchit to deploy
	run: timeout 150 bash -c "until [ -f /tmp/ft/single/hello.txt ]; do sleep 2; done"

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: ensure container is gone
	run: sudo podman ps -a

	systemd-validate:
	runs-on: ubuntu-latest
	needs: [ build, build-systemd-amd ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/systemd-config.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: Wait for fetchit to deploy
	run: timeout 150 bash -c "until [ -f /etc/systemd/system/httpd.service ]; do sleep 2; done"

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: ensure systemd container is gone
	run: sudo podman ps -a

	systemd-autoupdate-validate:
	runs-on: ubuntu-latest
	needs: [ build , build-systemd-amd ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the autoupdate timer & service
	run: sudo cp examples/systemd/podman-auto-update.service /usr/lib/systemd/system/ && sudo cp examples/systemd/podman-auto-update.timer /usr/lib/systemd/system/ && sudo systemctl daemon-reload

	- name: Load the autoupdate timer drop-in file
	run: sudo mkdir /etc/systemd/system/podman-auto-update.timer.d && sudo cp examples/systemd/podman-auto-update.timer.d-override.conf /etc/systemd/system/podman-auto-update.timer.d/override.conf && sudo systemctl daemon-reload

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: pull systemd amd artifact
	uses: actions/download-artifact@v1
	with:
	name: systemd-image-amd
	path: /tmp

	- name: Load the systemd image
	run: sudo podman load -i /tmp/systemd-amd.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-systemd-amd:latest quay.io/fetchit/fetchit-systemd:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/systemd-autoupdate.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: ensure httpd.service is running
	run: timeout 150 bash -c -- 'sysd=inactive ; until [ $sysd = "active" ]; do sysd=$(sudo systemctl is-active httpd.service); done'

	- name: Pull test httpd image
	run: sudo podman pull quay.io/sallyom/httpd-ex:latest

	- name: tag the image
	run: sudo podman tag quay.io/sallyom/httpd-ex:latest registry.access.redhat.com/ubi8/httpd-24:latest

	- name: Wait for podman auto-update
	run: timeout 150 bash -c -- 'msg=0 ; until [ $msg -ge 1 ]; do msg=$( curl -s localhost:8080/index.html \| grep "Welcome to your static httpd application" \| wc -l ); done'

	- name: check the service
	if: always()
	run: sudo systemctl status podman-auto-update.timer

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: list podman pods showing when they were started
	if: always()
	run: sudo podman ps -a

	systemd-enable-validate:
	runs-on: ubuntu-latest
	needs: [ build , build-systemd-amd ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: pull systemd amd artifact
	uses: actions/download-artifact@v1
	with:
	name: systemd-image-amd
	path: /tmp

	- name: Load the systemd image
	run: sudo podman load -i /tmp/systemd-amd.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-systemd-amd:latest quay.io/fetchit/fetchit-systemd:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/systemd-enable.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: Wait for fetchit to deploy
	run: timeout 150 bash -c "until [ -f /etc/systemd/system/httpd.service ]; do sleep 2; done"

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: ensure systemd containers are gone
	run: sudo podman ps -a

	- name: ensure httpd.service is running
	run: timeout 150 bash -c -- 'sysd=inactive ; until [ $sysd = "active" ]; do sysd=$(sudo systemctl is-active httpd.service); done'

	systemd-user-enable-validate:
	runs-on: ubuntu-latest
	needs: [ build , build-systemd-amd ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: enable podman.socket
	run: \|
	set -x
	loginctl enable-linger runner
	sleep 1
	ls -al /run/user/$UID
	XDG_RUNTIME_DIR=/run/user/$UID systemctl --user enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: podman load -i /tmp/fetchit.tar

	- name: tag the image
	run: podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: pull systemd amd artifact
	uses: actions/download-artifact@v1
	with:
	name: systemd-image-amd
	path: /tmp

	- name: Load the systemd image
	run: podman load -i /tmp/systemd-amd.tar

	- name: tag the image
	run: podman tag quay.io/fetchit/fetchit-systemd-amd:latest quay.io/fetchit/fetchit-systemd:latest

	- name: Start fetchit
	run: podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/systemd-enable-user.yaml:/opt/mount/config.yaml -v /run/user/"${UID}"/podman/podman.sock:/run/podman/podman.sock -e XDG_RUNTIME_DIR="/run/user/${UID}" -e HOME="${HOME}" --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: Wait for fetchit to deploy
	run: timeout 150 bash -c "until [ -f ~/.config/systemd/user/httpd.service ]; do sleep 2; done"

	- name: Logs
	run: podman logs fetchit

	- name: list files
	run: ls ~/.config/systemd/user/httpd.service

	- name: ensure systemd containers are gone
	run: podman ps -a

	- name: ensure httpd.service is running
	run: timeout 150 bash -c -- 'c=0 ; until [ $c -eq 1 ]; do c=$(podman ps \| grep httpd \| wc -l); done'

	systemd-restart-validate:
	runs-on: ubuntu-latest
	needs: [ build , build-systemd-amd ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: pull systemd amd artifact
	uses: actions/download-artifact@v1
	with:
	name: systemd-image-amd
	path: /tmp

	- name: Load the systemd image
	run: sudo podman load -i /tmp/systemd-amd.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-systemd-amd:latest quay.io/fetchit/fetchit-systemd:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/systemd-restart.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: Wait for fetchit to deploy
	run: timeout 150 bash -c "until [ -f /etc/systemd/system/httpd.service ]; do sleep 2; done"

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: list files
	run: sudo ls /etc/systemd/system/httpd.service

	- name: ensure systemd containers are gone
	run: sudo podman ps -a

	- name: ensure httpd.service is running
	run: timeout 150 bash -c -- 'sysd=inactive ; until [ $sysd = "active" ]; do sysd=$(sudo systemctl is-active httpd.service); done'

	ansible-validate:
	runs-on: ubuntu-latest
	needs: [ build, build-ansible-amd ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: ssh-keygen
	run: sudo ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsa -N ""

	- name: cp pub into authorized
	run: sudo cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: Pull ansible artifact
	uses: actions/download-artifact@v1
	with:
	name: ansible-image-amd
	path: /tmp

	- name: Load the ansible image
	run: \|
	sudo podman load -i /tmp/ansible-amd.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-ansible-amd:latest quay.io/fetchit/fetchit-ansible:latest

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/ansible.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: list packages
	run: timeout 150 bash -c -- 'z=0 ; until [ $z -ge 1 ]; do z=$(sudo apt list --installed \| grep zsh \| wc -l); done'

	systemd-validate-exact-file:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/systemd-config-single-file.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: Wait for fetchit to deploy
	run: timeout 150 bash -c "until [ -f /etc/systemd/system/httpd.service ]; do sleep 2; done"

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: list files
	run: sudo ls /etc/systemd/system/httpd.service

	- name: ensure systemd container is gone
	run: sudo podman ps -a

	kube-validate:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/kube-play-config.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: Wait for fetchit to deploy
	run: sleep 1m

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: verify container is running
	run: if [[ $(sudo podman pod ps \| grep -v CON= \| grep colors_pod \| wc -l) = "1" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: Print the current running container
	run: sudo podman ps

	clean-validate:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Create unused volume
	run: sudo podman volume create test

	- name: Pull an image
	run: sudo podman image pull alpine:latest

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/clean-config.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: identify fetchit container
	run: timeout 150 bash -c -- 'f=0 ; until [ $f -eq 1 ]; do f=$(sudo podman ps \| grep fetchit \| wc -l); done'

	- name: Print the current images
	run: sudo podman image ls

	- name: wait until image is removed
	run: timeout 150 bash -c -- 'i=0 ; until [ $i -eq 0 ]; do i=$(sudo podman image ls alpine \| grep -v REPOSITORY \| wc -l); done'

	- name: Wait for fetchit to clean these up
	run: sleep 30s

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: verify volume is deleted
	run: if [[ $(sudo podman volume ls \| grep test) ]] ; then exit 1; else echo "Volume correctly removed" 1; fi

	- name: verify image is deleted
	run: if [[ $(sudo podman image ls \| grep alpine) ]] ; then exit 1; else echo "Image correctly removed" 1; fi

	glob-validate:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/glob-config.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: identify colors container
	run: timeout 150 bash -c -- 'c=0 ; until [ $c -eq 1 ]; do c=$(sudo podman ps \| grep colors \| wc -l); done'

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: verify container is running
	run: if [[ $(sudo podman ps \| grep -v CON= \| grep colors \| wc -l) = "1" ]] ; then echo "Container successfully launched"; else exit 1; fi

	- name: Print the current running container
	run: sudo podman ps

	- name: Check the capabilities of cap1
	run: if [[ $(sudo podman container inspect cap1 --format {{.EffectiveCaps}} \| grep NET_ADMIN \| wc -l) = "1" ]] ; then echo "Container successfully launched"; else exit 1; fi

	multi-engine-validate:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: Create destination directory
	run: sudo mkdir /tmp/ft

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/full-suite.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: Wait for fetchit to deploy
	run: timeout 150 bash -c "until [ -f /etc/systemd/system/httpd.service ]; do sleep 2; done"

	- name: check for file
	run: timeout 150 bash -c "until [ -f /tmp/ft/hello.txt ]; do sleep 2; done"

	- name: identify colors container
	run: timeout 150 bash -c -- 'c=0 ; until [ $c -eq 2 ]; do c=$(sudo podman ps \| grep colors \| wc -l); done'

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: ensure only required containers are running (cap colors and fetchit)
	run: if [[ $(sudo podman ps -a \| grep -v CON \| grep -v fetchit \| grep -v cap \| grep -v colors \| wc -l) > "0" ]] ; then exit 1; else echo "Containers properly cleaned"; fi

	- name: verify raw container is running
	run: if [[ $(sudo podman ps \| grep -v CON= \| grep colors \| grep -v cap \| wc -l) = "2" ]] ; then echo "Container successfully launched"; else exit 1; fi

	multi-engine-skew-validate:
	runs-on: ubuntu-latest
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: Create destination directory
	run: sudo mkdir /tmp/ft

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v ./examples/full-suite-with-skew.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: Wait for fetchit to deploy
	run: timeout 150 bash -c "until [ -f /etc/systemd/system/httpd.service ]; do sleep 2; done"

	- name: check for file
	run: timeout 150 bash -c "until [ -f /tmp/ft/hello.txt ]; do sleep 2; done"

	- name: check for file
	run: timeout 150 bash -c "until [ -f /tmp/ft/anotherfile.txt ]; do sleep 2; done"

	- name: identify colors container
	run: timeout 150 bash -c -- 'c=0 ; until [ $c -eq 2 ]; do c=$(sudo podman ps \| grep colors \| wc -l); done'

	- name: ensure only required containers are running (cap colors and fetchit)
	run: if [[ $(sudo podman ps -a \| grep -v CON \| grep -v fetchit \| grep -v cap \| grep -v colors \| wc -l) > "0" ]] ; then exit 1; else echo "Containers properly cleaned"; fi

	- name: verify raw container is running
	run: if [[ $(sudo podman ps \| grep -v CON= \| grep -v cap \| grep colors \| wc -l) = "2" ]] ; then echo "Container successfully launched"; else exit 1; fi

	make-change-to-repo:
	runs-on: ubuntu-latest
	if: >
	(github.event_name == 'push' \|\| github.event_name == 'schedule') &&
	(github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/v'))
	needs: [ build , pull-and-archive ]
	steps:
	- uses: actions/checkout@v3
	with:
	path: main

	- name: checkout with token
	uses: actions/checkout@v3
	with:
	path: ci
	ref: ci

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: ensure value and commit
	run: \|
	if [[ $( grep pink ./ci/examples/raw/color1.json \| wc -l ) = "1" ]] ; then
	cat <<< $(jq '.Env.APP_COLOR \|= "blue"' ./ci/examples/raw/color1.json) > ./ci/examples/raw/color1.json
	cd ci
	git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
	git config --local user.name "github-actions[bot]"
	git commit -m "color changes" -a
	git push -f
	fi

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: set values relating to the current env
	run: \|
	sed -i 's\| url: https://github.com/containers/fetchit\| url: https://github.com/${{ github.repository }}\|g' /home/runner/work/fetchit/fetchit/main/examples/ci-config.yaml
	sed -i 's\| branch: ci\| branch: "{{ github.ref }}"\|g' /home/runner/work/fetchit/fetchit/main/examples/ci-config.yaml

	- name: Start fetchit
	run: sudo podman run -d --name fetchit -v fetchit-volume:/opt -v /home/runner/work/fetchit/fetchit/main/examples/ci-config.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock --security-opt label=disable quay.io/fetchit/fetchit-amd:latest

	- name: identify colors container
	run: timeout 150 bash -c -- 'c=0 ; until [ $c -eq 2 ]; do c=$(sudo podman ps \| grep colors \| wc -l); done'

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: get environment variable
	run: timeout 150 bash -c -- 'c=0 ; until [ $c -eq 1 ]; do c=$(sudo podman exec colors1 env \| grep blue\| wc -l); done'

	- name: update variable
	run: \|
	cat <<< $(jq '.Env.APP_COLOR \|= "pink"' ./ci/examples/raw/color1.json) > ./ci/examples/raw/color1.json

	- name: Commit files
	run: \|
	cd ci
	git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
	git config --local user.name "github-actions[bot]"
	git commit -m "color changes" -a
	git push -f

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	- name: get environment variable
	run: timeout 150 bash -c -- 'c=0 ; until [ $c -eq 1 ]; do c=$(sudo podman exec colors1 env \| grep pink\| wc -l); done'

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	loader-validate:
	runs-on: ubuntu-latest
	needs: [ build, pull-and-archive ]
	steps:
	- uses: actions/checkout@v2

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: Tag with a new name
	run: sudo podman tag docker.io/mmumshad/simple-webapp-color:latest quay.io/notreal/httpd:latest

	- name: archive the image
	run: \|
	sudo mkdir -p /tmp/image
	sudo podman save -o /tmp/image/httpd.tar quay.io/notreal/httpd:latest
	sudo podman image rm quay.io/notreal/httpd:latest

	- name: start httpd and serve the httpd.tar image
	run: sudo podman run -d --name httpd -p 8080:8080 -v /tmp/image:/var/www/html registry.access.redhat.com/ubi8/httpd-24

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit --network=host -v ./examples/imageLoad-config.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock quay.io/fetchit/fetchit-amd:latest

	- name: wait until image exists
	run: timeout 150 bash -c -- 'i=1 ; until [ $i -eq 1 ]; do i=$(sudo podman image ls quay.io/notreal/httpd:latest \| grep -v REPOSITORY \| wc -l); done'

	- name: identify local container
	run: timeout 150 bash -c -- 'f=0 ; until [ $f -eq 1 ]; do f=$(sudo podman ps \| grep notreal \| wc -l); done'

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	disconnected-validate:
	runs-on: ubuntu-latest
	needs: [ build, pull-and-archive ]
	steps:
	- name: checkout with token
	uses: actions/checkout@v3
	with:
	path: ci

	- name: pull in podman
	uses: actions/download-artifact@v1
	with:
	name: podman-bins
	path: bin

	- name: replace
	run: \|
	chmod +x bin/podman
	sudo mv bin/podman /usr/bin/podman

	- name: Enable the podman socket
	run: sudo systemctl enable --now podman.socket

	- name: ssh-keygen
	run: sudo ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsa -N ""

	- name: cp pub into authorized
	run: sudo cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: Pull ansible artifact
	uses: actions/download-artifact@v1
	with:
	name: ansible-image-amd
	path: /tmp

	- name: Load the ansible image
	run: \|
	sudo podman load -i /tmp/ansible-amd.tar
	sudo podman tag quay.io/fetchit/fetchit-ansible-amd:latest quay.io/fetchit/fetchit-ansible:latest

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: colors
	path: /tmp

	- name: Load the image
	run: sudo podman load -i /tmp/colors.tar

	- name: Make directory
	run: mkdir -p /tmp/ft

	- name: Create an archive of the fetchit repo
	run: \|
	sudo git clone https://github.com/containers/fetchit.git
	sudo mkdir -p /tmp/disco
	cd fetchit && sudo zip -r /tmp/disco/fetchit.zip ../fetchit

	- name: pull the web container
	run: podman pull registry.access.redhat.com/ubi8/httpd-24

	- name: start httpd and serve the fetchit.zip image
	run: sudo podman run -d --name httpd -p 9000:8080 -v /tmp/disco:/var/www/html registry.access.redhat.com/ubi8/httpd-24

	- name: Load the image
	run: sudo podman load -i /tmp/fetchit.tar

	- name: tag the image
	run: sudo podman tag quay.io/fetchit/fetchit-amd:latest quay.io/fetchit/fetchit:latest

	- name: Start fetchit
	run: sudo podman run -d --name fetchit --network=host -v fetchit-volume:/opt -v ./ci/examples/full-suite-disconnected.yaml:/opt/mount/config.yaml -v /run/podman/podman.sock:/run/podman/podman.sock quay.io/fetchit/fetchit-amd:latest

	- name: Wait for fetchit to deploy
	run: timeout 150 bash -c "until [ -f /etc/systemd/system/httpd.service ]; do sleep 2; done"

	- name: check for file
	run: timeout 150 bash -c "until [ -f /tmp/ft/hello.txt ]; do sleep 2; done"

	- name: check for file
	run: timeout 150 bash -c "until [ -f /tmp/ft/anotherfile.txt ]; do sleep 2; done"

	- name: ensure only required containers are running (cap colors and fetchit)
	run: if [[ $(sudo podman ps -a \| grep -v CON \| grep -v httpd \| grep -v fetchit \| grep -v cap \| grep -v colors \| wc -l) > "0" ]] ; then exit 1; else echo "Containers properly cleaned"; fi

	- name: Logs
	if: always()
	run: sudo podman logs fetchit

	push-amd-image-to-registry:
	runs-on: ubuntu-latest
	needs: [ build, raw-validate, podman-secret-validate, podman-config-secret-validate, fetchit-config-target-no-config-validate, fetchit-config-reload-validate, clean-validate, kube-validate, systemd-validate, systemd-enable-validate, systemd-user-enable-validate, systemd-autoupdate-validate, systemd-restart-validate, systemd-validate-exact-file, multi-engine-validate, make-change-to-repo, filetransfer-validate, filetransfer-validate-exact-file, ansible-validate, loader-validate, disconnected-validate ]
	if: >
	(github.event_name == 'push' \|\| github.event_name == 'schedule') &&
	(github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/v'))
	steps:
	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the image
	run: docker load -i /tmp/fetchit.tar

	- name: push image
	run: docker push quay.io/fetchit/fetchit-amd:latest


	build-arm-and-manifest-list:
	runs-on: ubuntu-latest
	needs: [ build, raw-validate, podman-secret-validate, podman-config-secret-validate, fetchit-config-target-no-config-validate, fetchit-config-reload-validate, clean-validate, kube-validate, systemd-validate, systemd-enable-validate, systemd-user-enable-validate, systemd-autoupdate-validate, systemd-restart-validate, systemd-validate-exact-file, multi-engine-validate, make-change-to-repo, filetransfer-validate, filetransfer-validate-exact-file, ansible-validate, loader-validate, disconnected-validate ]
	if: >
	(github.event_name == 'push' \|\| github.event_name == 'schedule') &&
	(github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/v'))
	steps:
	- name: Checkout code
	uses: actions/checkout@v2

	- name: update system
	run: sudo apt-get update

	- name: Install required packages
	run: sudo apt install podman build-essential qemu-user qemu-user-static

	- name: Build the arm image
	run: go mod tidy -compat=1.17 && go mod vendor && CTR_CMD=podman make build-containerized-cross-build-linux-arm64

	- name: Export image
	run: podman save -o /tmp/fetchit-arm.tar quay.io/fetchit/fetchit-arm:latest

	- name: Save container as artifact
	uses: actions/upload-artifact@v1
	with:
	name: fetchit-arm-image
	path: /tmp/fetchit-arm.tar

	push-manifest-list-to-registry:
	runs-on: ubuntu-latest
	needs: [ build-arm-and-manifest-list ]
	if: >
	(github.event_name == 'push' \|\| github.event_name == 'schedule') &&
	(github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/v'))
	steps:
	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the amd image
	run: podman load -i /tmp/fetchit.tar

	- name: pull arm artifact
	uses: actions/download-artifact@v1
	with:
	name: fetchit-arm-image
	path: /tmp

	- name: Load the arm image
	run: podman load -i /tmp/fetchit-arm.tar

	- name: create manifest
	run: podman manifest create quay.io/fetchit/fetchit:latest

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: podman login to quay.io
	run: podman login --authfile ~/.docker/config.json quay.io

	- name: add images and push manifest list
	run: \|
	podman manifest add --arch arm64 quay.io/fetchit/fetchit:latest docker://quay.io/fetchit/fetchit-arm:latest
	podman manifest add quay.io/fetchit/fetchit:latest docker://quay.io/fetchit/fetchit-amd:latest
	podman manifest push --authfile ~/.docker/config.json quay.io/fetchit/fetchit:latest docker://quay.io/fetchit/fetchit:latest --format=docker

	publish-binary-to-github:
	runs-on: ubuntu-latest
	needs: [ build-arm-and-manifest-list ]
	if: >
	(github.event_name == 'push' \|\| github.event_name == 'schedule') &&
	(github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/v'))
	steps:
	- name: pull arm image
	uses: actions/download-artifact@v1
	with:
	name: fetchit-arm-image
	path: /tmp

	- name: Load the arm image
	run: podman load -i /tmp/fetchit-arm.tar

	- name: Pull amd image
	uses: actions/download-artifact@v1
	with:
	name: fetchit-image
	path: /tmp

	- name: Load the amd image
	run: podman load -i /tmp/fetchit.tar

	- name: move binary
	run: \|
	arm=$(podman images \| grep arm \| awk '{print $3}')
	amd=$(podman images \| grep amd \| awk '{print $3}')
	podman cp $(podman create --rm $arm):/usr/local/bin/fetchit ./fetchit-arm
	podman cp $(podman create --rm $amd):/usr/local/bin/fetchit ./fetchit-amd

	- name: push binary
	uses: "marvinpinto/action-automatic-releases@latest"
	with:
	repo_token: "${{ secrets.GITHUB_TOKEN }}"
	automatic_release_tag: "latest"
	prerelease: true
	title: "Latest Build"
	files: \|
	fetchit-arm
	fetchit-amd

	create-ansible-manifest:
	runs-on: ubuntu-latest
	needs: [ ansible-validate, build-ansible-arm ]
	if: >
	(github.event_name == 'push' \|\| github.event_name == 'schedule') &&
	(github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/v'))
	steps:
	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: ansible-image-arm
	path: /tmp

	- name: Load the amd image
	run: podman load -i /tmp/ansible-arm.tar

	- name: pull amd artifact
	uses: actions/download-artifact@v1
	with:
	name: ansible-image-amd
	path: /tmp

	- name: Load the arm image
	run: podman load -i /tmp/ansible-amd.tar

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: podman login to quay.io
	run: podman login --authfile ~/.docker/config.json quay.io

	- name: create manifest
	run: podman manifest create quay.io/fetchit/fetchit-ansible:latest

	- name: add images to manifest list
	run: \|
	podman manifest add --arch arm64 quay.io/fetchit/fetchit-ansible:latest docker://quay.io/fetchit/fetchit-ansible-arm:latest
	podman manifest add quay.io/fetchit/fetchit-ansible:latest docker://quay.io/fetchit/fetchit-ansible-amd:latest
	podman manifest push --authfile ~/.docker/config.json quay.io/fetchit/fetchit-ansible:latest docker://quay.io/fetchit/fetchit-ansible:latest --format=docker

	create-systemd-manifest:
	runs-on: ubuntu-latest
	needs: [ systemd-validate, systemd-enable-validate, systemd-user-enable-validate, systemd-autoupdate-validate, build-systemd-arm ]
	if: >
	(github.event_name == 'push' \|\| github.event_name == 'schedule') &&
	(github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/v'))
	steps:
	- name: pull artifact
	uses: actions/download-artifact@v1
	with:
	name: systemd-image-arm
	path: /tmp

	- name: Load the arm image
	run: podman load -i /tmp/systemd-arm.tar

	- name: pull amd artifact
	uses: actions/download-artifact@v1
	with:
	name: systemd-image-amd
	path: /tmp

	- name: Load the amd image
	run: podman load -i /tmp/systemd-amd.tar

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: podman login to quay.io
	run: podman login --authfile ~/.docker/config.json quay.io

	- name: create manifest
	run: podman manifest create quay.io/fetchit/fetchit-systemd:latest

	- name: add images to manifest list
	run: \|
	podman manifest add --arch arm64 quay.io/fetchit/fetchit-systemd:latest docker://quay.io/fetchit/fetchit-systemd-arm:latest
	podman manifest add quay.io/fetchit/fetchit-systemd:latest docker://quay.io/fetchit/fetchit-systemd-amd:latest
	podman manifest push --authfile ~/.docker/config.json quay.io/fetchit/fetchit-systemd:latest docker://quay.io/fetchit/fetchit-systemd:latest --format=docker

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#320) #1169

Workflow file

Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#320) #1169

Jobs

Run details

Workflow file for this run