chore(deps): update dependency containers/automation_images to v20230614

[renovate]

This PR contains the following updates:

Package	Update	Change
containers/automation_images	major	20230405t152256z-f37f36d12 -> 20230614t132754z-f38f37d13

---

Release Notes

containers/automation_images (containers/automation_images)

v20230614t132754z-f38f37d13

Compare Source

v20230601t145439z-f38f37d12

Compare Source

v20230517t144652z-f38f37d12

Compare Source

v20230426t140447z-f38f37d12

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[cevich]

@nalind any idea what this smoke test (log) error means:

[+0143s] level=error msg="[runner] Panic: buildir: package \"netip\" (isInitialPkg: false, needAnalyzeSource: true): in net/netip.AddrFromSlice: cannot convert Load <[]byte> t0 ([]byte) to [4]byte: goroutine 9190 [running]:\nruntime/debug.Stack()\n\t/usr/lib/golang/src/runtime/debug/stack.go:24 +0x65\ngithub.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*action).analyzeSafe.func1()\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_action.go:101 +0x155\npanic({0x14d0ba0, 0xc00c95ddd0})\n\t/usr/lib/golang/src/runtime/panic.go:884 +0x213\nhonnef.co/go/tools/go/ir.emitConv(0xc0048163c0, {0x1904888, 0xc01201d500}, {0x18f7d70?, 0xc0044b75a8}, {0x18f7460, 0xc00a4d7500})\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/emit.go:293 +0xd29\nhonnef.co/go/tools/go/ir.(*builder).expr0(0xc001c1fa28, 0xc0048163c0, {0x18fb110?, 0xc00a4d7500?}, {0x7, {0x18f7d70, 0xc0044b75a8}, {0x0, 0x0}})\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:610 +0x5d7\nhonnef.co/go/tools/go/ir.(*builder).expr(0x18f7f00?, 0xc0048163c0, {0x18fb110, 0xc00a4d7500})\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:566 +0x1fa\nhonnef.co/go/tools/go/ir.(*builder).emitCallArgs(0x18f7f00?, 0xc0048163c0, 0xc00a64f400, 0xc00a4d7540, {0x0?, 0x0, 0x8aa0a7?})\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:975 +0x135\nhonnef.co/go/tools/go/ir.(*builder).setCall(0x1539be0?, 0xc0048163c0, 0xc00a4d7540, 0xc00497d088)\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:1037 +0x8e\nhonnef.co/go/tools/go/ir.(*builder).expr0(0xc001c1fa28, 0xc0048163c0, {0x18fb110?, 0xc00a4d7540?}, {0x7, {0x18f7e60, 0xc0043e6310}, {0x0, 0x0}})\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:623 +0x218e\nhonnef.co/go/tools/go/ir.(*builder).expr(0xc001c1ee78?, 0xc0048163c0, {0x18fb110, 0xc00a4d7540})\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:566 +0x1fa\nhonnef.co/go/tools/go/ir.(*builder).stmt(0xc0048163c0?, 0xc0048163c0, {0x18fb650?, 0xc00442e800?})\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:2291 +0x194c\nhonnef.co/go/tools/go/ir.(*builder).stmtList(...)\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:855\nhonnef.co/go/tools/go/ir.(*builder).switchStmt(0x0?, 0xc0048163c0, 0xc006a9c330, 0x0)\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:1366 +0x19a5\nhonnef.co/go/tools/go/ir.(*builder).stmt(0x20?, 0xc0048163c0, {0x18fb7a0?, 0xc006a9c330?})\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:2365 +0x121c\nhonnef.co/go/tools/go/ir.(*builder).stmtList(0x8b0a25?, 0xc001c1f4f8?, {0xc00442e9c0?, 0x2, 0x8b2630?})\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:855 +0x45\nhonnef.co/go/tools/go/ir.(*builder).stmt(0xc0048163c0?, 0xc0048163c0, {0x18fb0b0?, 0xc006a9c360?})\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:2338 +0x9b9\nhonnef.co/go/tools/go/ir.(*builder).buildFunction(0xc001c1fa28, 0xc0048163c0)\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:2450 +0x3d7\nhonnef.co/go/tools/go/ir.(*builder).buildFuncDecl(0x0?, 0xc0047b6510, 0xc006a9c390)\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:2488 +0x19b\nhonnef.co/go/tools/go/ir.(*Package).build(0xc0047b6510)\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:2594 +0xc16\nsync.(*Once).doSlow(0xc0043d17a0?, 0xc0039fd900?)\n\t/usr/lib/golang/src/sync/once.go:74 +0xc2\nsync.(*Once).Do(...)\n\t/usr/lib/golang/src/sync/once.go:65\nhonnef.co/go/tools/go/ir.(*Package).Build(...)\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/go/ir/builder.go:2512\nhonnef.co/go/tools/internal/passes/buildir.run(0xc01660fee0)\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/honnef.co/go/tools/internal/passes/buildir/buildir.go:86 +0x368\ngithub.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*action).analyze(0xc002e8e900)\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_action.go:187 +0x9d6\ngithub.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*action).analyzeSafe.func2()\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_action.go:105 +0x1d\ngithub.com/golangci/golangci-lint/pkg/timeutils.(*Stopwatch).TrackStage(0xc0012968c0, {0x169941a, 0x7}, 0xc003677f48)\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/github.com/golangci/golangci-lint/pkg/timeutils/stopwatch.go:111 +0x4a\ngithub.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*action).analyzeSafe(0xc000c23800?)\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_action.go:104 +0x85\ngithub.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*loadingPackage).analyze.func2(0xc002e8e900)\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_loadingpackage.go:80 +0xb4\ncreated by github.com/golangci/golangci-lint/pkg/golinters/goanalysis.(*loadingPackage).analyze\n\t/var/tmp/go/src/github.com/containers/buildah/tests/tools/vendor/github.com/golangci/golangci-lint/pkg/golinters/goanalysis/runner_loadingpackage.go:75 +0x1eb\n"
[+0143s] level=warning msg="[runner] Can't run linter goanalysis_metalinter: goanalysis_metalinter: buildir: package \"netip\" (isInitialPkg: false, needAnalyzeSource: true): in net/netip.AddrFromSlice: cannot convert Load <[]byte> t0 ([]byte) to [4]byte"
[+0143s] level=error msg="Running error: 1 error occurred:\n\t* can't run linter goanalysis_metalinter: goanalysis_metalinter: buildir: package \"netip\" (isInitialPkg: false, needAnalyzeSource: true): in net/netip.AddrFromSlice: cannot convert Load <[]byte> t0 ([]byte) to [4]byte\n\n"

[cevich]

Update: Found golangci/golangci-lint#3414 (comment)
which suggests we just need a newer version of golangci-lint.

Edit: Renovate is already proposing this in another PR.

[cevich]

Force-push: Attempt to update tooling modules.

[cevich]

Ugh...this is some incredible rabbit-hole I've worked myself into 😢

@containers/buildah-maintainers Heeeeeeeeeeelp! I really don't know what to do here. It seems that golangci-lint is in desperate need of an update b/c golang 1.20 in F38. However, fixing that (clearly) opens a giant can-o-worms 😭

To summarize:

0. Updating to F38 breaks golangci-lint v1.48.0 (set in tests/tools/go.mod) with this ugly error.
1. Googling around found this issue reported upstream including a PR to fix it.
2. Following the recommendation and Bumping golangci-lint (similar proposed in another PR) to 1.51.2 requires golang >= 1.17 (again, in tests/tools/go.mod)
3. Updating to 1.17 requires re-vendoring (tests/tools/vendor) - introducing tens of thousands of changes 😦.
4. golangci-lint 1.51.2 doesn't panic anymore, but flags a tar.TypeRegA deprecation (lint) problem.
5. Fixing that with another commit (to remove tar.TypeRegA references) results in the Smoke Test task turn green 😄 Yay!
6. The integration tests seem to all be passing (there were a few flakes) 😄 Yay!
7. Lastly, "something" among the tens-of-thousands of changes causes all Unit tests * to fail in a horrible horrible horrible way 😢

[cevich]

Force-push: Restoring my updates. I don't understand why Renovate insists on overwriting my changes every 24h. Can't find a setting to disable that 😞

[cevich]

Force-push: Rebased and updated CI VM images (slightly).

[cevich]

@flouthoc any news fixing this, good or bad?

[cevich]

Force-push: Bumped image up to c20230426t140447z-f38f37d12

[cevich]

@nalind PTAL at these conformance test failures. At a glance, it seems all/most are failing due to file-permission differences in docker. Like Docker's dropping the most-significant bits or something:

[+0370s]         	Error:      	Filesystem contents differ
[+0370s]         	Test:       	TestConformance/copy_folder_contents_to_higher_level
[+0370s]         	Messages:   	Content which only exists in buildah version: /etc/hostname
[+0370s]         	            	File attributes in both versions have different values:
[+0370s]         	            	File:attr        Docker        buildah
[+0370s]         	            	/b/1:mode        0644          0100644
[+0370s]         	            	/b/2:mode        0644          0100644
[+0370s]         	            	/b:mode          0755          040755

Any idea what's going on? Was there a recent change in docker that caused this maybe?

[cevich]

@flouthoc in the unit tests, I'm still seeing a few failures. But there's also a HUGE number of errors like the following. Is this related to the tooling re-vendoring?

[+2026s] time="2023-05-18T14:40:53-05:00" level=debug msg="error: coverage counter data emit failed: output directory \"/tmp/go-build4242071993/b708/gocoverdir\" inaccessible (err: stat /tmp/go-build4242071993/b708/gocoverdir: no such file or directory); no coverage data written"

[cevich]

@rhatdan there's an interesting SELinux test failure happening. Is this caused by recent work on container-selinux packages?

[+3990s] not ok 731 selinux spc
[+3990s] # (from function `assert' in file ./helpers.bash, line 430,
[+3990s] #  from function `expect_output' in file ./helpers.bash, line 457,
[+3990s] #  in test file ./selinux.bats, line 52)
[+3990s] #   `expect_output --from="$role" "system_r" "SELinux role"' failed
[+3990s] # /var/tmp/go/src/github.com/containers/buildah/tests /var/tmp/go/src/github.com/containers/buildah/tests
[+3990s] # # [checking for: docker.io/library/alpine]
[+3990s] # # [restoring from cache: /var/tmp/buildah-image-cache.10915 / docker.io/library/alpine]
[+3990s] # Getting image source signatures
[+3990s] # Copying blob sha256:9d16cba9fb961d1aafec9542f2bf7cb64acfc55245f9e4eb5abecd4cdc38d749
[+3990s] # Copying config sha256:961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4
[+3990s] # Writing manifest to image destination
[+3990s] # Storing signatures
[+3990s] # # /var/tmp/go/src/github.com/containers/buildah/tests/./../bin/buildah from --quiet --security-opt label=disable --quiet --signature-policy /var/tmp/go/src/github.com/containers/buildah/tests/./policy.json alpine
[+3990s] # alpine-working-container
[+3990s] # # /var/tmp/go/src/github.com/containers/buildah/tests/./../bin/buildah run alpine-working-container sh -c tr \\0 \\n < /proc/self/attr/current
[+3990s] # unconfined_u:unconfined_r:spc_t:s0
[+3990s] # #/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
[+3990s] # #|     FAIL: SELinux role
[+3990s] # #| expected: 'system_r'
[+3990s] # #|   actual: 'unconfined_r'
[+3990s] # #\^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

[rhatdan]

Yes.

[rhatdan]

I will take this over.

[cevich]

Thanks Dan, sorry it's such a huge mess 😕

[rhatdan]

I looked at this for a while yesterday, and I have no idea why it is happening. The test fails locally in a very unexpected manner, and I believe the problem is in container-selinux, although I have not figured out what it is yet.

[cevich]

Thanks for trying so hard Dan. At least the problem is reproducible.

Idea: If you want to simplify the number of changes for debugging, but still run on F38, you could temporarily bypass all calls to build or run golangci-lint. That's the main thing leading to the mass re-vendoring of test/tools/ (hauling in 50k changes).

[cevich]

Thanks @flouthoc that helps a lot actually.

@rhatdan I believe you've been working/fighting/struggling to fix this for quite a while now. I think maybe the larger buildah-CI beneficiary's may be suffering due to lack of F38 testing. Would you be comfortable if we skip these failing tests temporarily?
(I understand "no", the thought makes me slightly uncomfortable).

[rhatdan]

If the only thing that is failing is the SELinux tests, then skip and I will look at them. I thought the problem was the conformance tests.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: renovate[bot]
Once this PR has been reviewed and has the lgtm label, please ask for approval from cevich. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[cevich]

If the only thing that is failing is the SELinux tests, then skip and I will look at them

Ack, thanks. Just rebased/force-pushed to confirm that's all that's failing.

[flouthoc]

Conformance tests are failing because it is comparing: buildah's attribute including both file type and mode bits with docker's attribute which does not include these two things. I suspect something has changed in newer docker version ?

Anyways I think this should be easy to fix. ( at least that what it seems from looking at it )

[rhatdan]

Should we change to match Docker, or continue with what we are doing and adjust the test?

[cevich]

Should we change to match Docker, or continue with what we are doing and adjust the test?

My un-educated opinion is we should just adjust the test. I think I remember seeing this class for failure several times before (likely during CI VM updates). So I suspect that chasing after docker may be a frequent PITA w/o much actual benefit. Though I'm certainly not an expert on these things.

[nalind]

We should probably match Docker's removal of fillGo18FileTypeBits() from the archive package in the storage library.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 20230614.x releases. But if you manually upgrade to 20230614.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

[cevich]

(Assuming closing this was on accident)

[cevich]

Force-push: Restoring (customized) commits.

[rhatdan]

We are getting close on the SELinux PR above, so closing.

[cevich]

Ahh good news, thanks for the detail Dan.