It turns out that gnome-shell's toolbox image is still broken
after commit 86b77f65e7.
Toolbox' entry point ensures that the calling user exists inside
the container, and makes their home available inside the container.
There are two ways the `useradd` command in our image may interfere
with that:
- by default, useradd uses the smallest available UID in the
normal user range (usually 1000); this is highly likely to
clash with the host user UID
- if the host's /home is a symlink (for instance to /var/home
on Silverblue), then toolbox recreates that layout inside the
container; it cannot do that if /home is already a non-empty
directory
Luckily we can address both issues without affecting the ability
to build and run tests as user: We can simply create the `meta-user`
with a UID and home directory that are unlikely to clash.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/3134>
Setting up the image with a custom default user broke gnome-shell's
toolbox images. While running tests as non-root user seems like a
good idea, keeping people's development environment working should
be figured out first.
This partially reverts commit 69cc65d15f.
Keep the image to have a local user and use it to run tests so that
we can ensure that permissions are respected
Co-authored-by: Florian Müllner <fmuellner@gnome.org>
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/3083>
We are now building and testing mutter as user, but the clone may happen
as root, before the docker image takes place.
This may create troubles to git, causing errors such as:
fatal: detected dubious ownership in repository at ...
And we can't fix this using safe.directory option because we have no
control on the system at this scope.
So, let's just handle the cloning manually so that the meta-user is
always the owner of the repository.
This fixes the dist job, but also other jobs that may fail because of
this reason.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/3024>
Using the old replace syntax doesn't allow to extend dicts such as
variables or other values, but instead it replaces them.
So use a newer and safer syntax, given we don't need to replace any
parameter where used.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/3024>
It's just closer to reality of an user session.
As per this:
- We need to bump the required CI template to use this feature.
- Use sudo in the actions that require it
- Replace pkexec with sudo (it wouldn't work otherwise)
- Ensure we don't rebuild during install not to break build dir
- Give permission to use /dev/kvm to our user (we do this during the
image creation because we don't have an user when $FDO_DISTRIBUTION_EXEC
happens)
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/3016>
We already test install as part of other jobs (such as
can-build-gnome-shell) and in general that's wrong because we may
add to the final install path artifacts that are required during tests,
hiding potential issues with meson test when those files are not
installed.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/3016>
It's not required and makes things hard to maintain, we can just rely on
the fact we're in a shell and just use `set -e` to prevent any
unexpected failure to go unnoticed.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/3016>
The template already does this at the end, so this step is
pointless in the best case.
When building the x86-64 image, we install additional packages
afterwards, so the repo metadata is downloaded again.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/3010>
This is a followup to GNOME/mutter!1578
This commit does a couple of things to avoid creating multiple
pipelines per commit.
First, it avoid catch all `when: manual` rules, which might
end up matching custom variables set which might potentially
not be handled.
Secondly it reworks the `workflow:rules:` and the pipeline guard
rules to avoid duplicate pipelines as the gitlab documentation
suggests.
Last, it switches from yaml anchors to the new `reference` gitlab
keyword which is more flexible.
https://docs.gitlab.com/ee/ci/jobs/job_control.html#avoid-duplicate-pipelines
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2534>
The image build step is prone to race conditions, e.g. token changes. It
also tends to hit sporadic connection errors to FDO's gitlab. To
minimize the risk of these types of issues block pipelines, always retry
the image building step if it failed.
This has the unwanted consequence that changes to the image building
that results in the script actually failing, but right now there doesn't
appear to be a way to distinguish between actual build errors, and the
mentioned race conditions, as both cause the script to fail.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2564>