Update Docker image to Debian bookworm and get CI tests to pass #893
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The --secret-keyring option has been silently ignored since GPG v2.1, so it never did anything anyways, and in more recent builds this now generates a console warning. We should simply remove it. This should be fine so long as we are making use of the --homedir option to prevent unexpected changes to the user's GPG keyring.
This was deprecated in Go 1.5, and I think it now exists as a builtin command.
This seems to be the latest and greatest we can build cleanly with go1.16, so that's what we will use until we tackle an update of the Circle CI environment.
Just don't pay too much attention to the results, due to some makefile jankiness they don't actually trigger an error if the results are unclean. But that can be a cleanup job for another commit.
It seems that the make's $(shell ...) function is not evaluated quite when we expect it, freuqently leading to the check of the linter results occuring before we even run the linter. To avoid this problem, we should try escaping the dollar-sign so that the underlying shell does the grep command substitution instead of make. This fixes the bug where you see a spurious warning about /tmp/autograph-golint.txt not existing and a failure to catch linter errors in CI.
Same bugfix as in 12a0f30 but this time applied to the staticcheck target. After merging this the CI job should fail if this check detects an issue.
As per the Circle CI docs, this interprets these paths relative to the working_directory, which should always be in a writeable location for the runner's user. By default, I think this is the project checkout dir.
This used to pass only because of the broken vendoring of the verifier/contentsignature package, and the tests were written to match the stale vendored version.
oskirby
changed the title
|
Oh, this repo is a squash and merge one! Could you split this up into smaller PRs? I'd rather us not have to revert all of this work just because one commit had a problem. Some of these also feel totally separable like the docker-compose changes. (Edited later: Also, since the PR checks for merging only run on the whole set, it's not guaranteed to the reviewers that individual commits are revertable if they're problematic) |
|
Also, this patch rules |
|
I am switching this back to a draft, and I will split it up into multiple PR's that are a little more digestable. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is trying to see what happens if we update the Docker image on which autograph is built from
golang:1.16.10-busterto something a bit more recent. In this case I chosedebian:bookwormsince it's the current stable release of Debian.So far, this PR can be divided up into three epochs:
Because one of my objectives of this work was to get the CI tests passing again, I have uncovered a bunch of broken tests and linting errors which have accumulated in the absence of working tests. So this has kind of turned into a large pull request. If this is too much to digest in one PR, let me know and I can make an effort to break it up into smaller pieces.