From c497602216e6b55ab7deb88eba6545138f827a61 Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Tue, 24 May 2022 08:49:15 -0400 Subject: [PATCH] openshift/os: fix user issues on validate job The `validate` job started to fail with: ``` fatal: unsafe repository ('/go/src/github.com/openshift/os' is owned by someone else) To add an exception for this directory, call: git config --global --add safe.directory /go/src/github.com/openshift/os ``` Applying this suggestion as part of the `ci/validate.sh` script (see openshift/os#802) fails with the error: ``` + git config --global --add safe.directory /go/src/github.com/openshift/os error: could not lock config file //.gitconfig: Permission denied ``` I suspect this is related to how the random user ID is configured in OCP pods, similar to what is described in openshift/os#781, so I tried using the `ci/set-openshift-user.sh` script as part of the `validate` job. Through trial and error, I found that using the `fcos-buildroot` container based on F36 would not work with this change and had to switch to using the `cosa:latest` container. Going further down the rabbit hole, I found that I didn't need to use the `ci/set-openshift-user.sh` script at all and just the `cosa:latest` container was enough to get the `validate` job to pass. I don't claim to fully understand why this is the case, but it does effectively unblock the `validate` job. --- ci-operator/config/openshift/os/openshift-os-c9s.yaml | 8 ++++++-- ci-operator/config/openshift/os/openshift-os-master.yaml | 7 +++++-- .../openshift/os/openshift-os-master__periodic.yaml | 7 +++++-- .../jobs/openshift/os/openshift-os-c9s-presubmits.yaml | 3 ++- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/ci-operator/config/openshift/os/openshift-os-c9s.yaml b/ci-operator/config/openshift/os/openshift-os-c9s.yaml index 31b0405ab2477..9e5d2f54bc6af 100644 --- a/ci-operator/config/openshift/os/openshift-os-c9s.yaml +++ b/ci-operator/config/openshift/os/openshift-os-c9s.yaml @@ -45,9 +45,13 @@ resources: memory: 3Gi tests: - as: validate - commands: ./ci/validate.sh + commands: | + #!/bin/bash + set -xeuo + ./ci/validate.sh container: - from: src + from: coreos_coreos-assembler_latest + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ - as: build-test-qemu commands: /src/ci/build-test-qemu.sh container: diff --git a/ci-operator/config/openshift/os/openshift-os-master.yaml b/ci-operator/config/openshift/os/openshift-os-master.yaml index 56e30ff92c142..c14682f6a06d8 100644 --- a/ci-operator/config/openshift/os/openshift-os-master.yaml +++ b/ci-operator/config/openshift/os/openshift-os-master.yaml @@ -139,9 +139,12 @@ resources: memory: 3Gi tests: - as: validate - commands: ./ci/validate.sh + commands: | + #!/bin/bash + set -xeuo + ./ci/validate.sh container: - from: src + from: coreos_coreos-assembler_latest skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ - as: validate-built-image commands: cat /etc/os-release diff --git a/ci-operator/config/openshift/os/openshift-os-master__periodic.yaml b/ci-operator/config/openshift/os/openshift-os-master__periodic.yaml index 1c6e0b266735b..aecbeda3ec57d 100644 --- a/ci-operator/config/openshift/os/openshift-os-master__periodic.yaml +++ b/ci-operator/config/openshift/os/openshift-os-master__periodic.yaml @@ -140,9 +140,12 @@ resources: memory: 3Gi tests: - as: validate - commands: ./ci/validate.sh + commands: | + #!/bin/bash + set -xeuo + ./ci/validate.sh container: - from: src + from: coreos_coreos-assembler_latest cron: '@daily' - as: validate-built-image commands: cat /etc/os-release diff --git a/ci-operator/jobs/openshift/os/openshift-os-c9s-presubmits.yaml b/ci-operator/jobs/openshift/os/openshift-os-c9s-presubmits.yaml index ff90c5cf304fb..2d33428a295ec 100644 --- a/ci-operator/jobs/openshift/os/openshift-os-c9s-presubmits.yaml +++ b/ci-operator/jobs/openshift/os/openshift-os-c9s-presubmits.yaml @@ -100,7 +100,7 @@ presubmits: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) - agent: kubernetes - always_run: true + always_run: false branches: - ^c9s$ - ^c9s- @@ -114,6 +114,7 @@ presubmits: pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-os-c9s-validate rerun_command: /test validate + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ spec: containers: - args: