Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade test container image to Ubuntu 24.04 #3255

Open
wants to merge 5 commits into
base: master
Choose a base branch
from

Conversation

lunkwill42
Copy link
Member

@lunkwill42 lunkwill42 commented Dec 12, 2024

This upgrades the test container image used for local integration testing to Ubuntu 24.04, which brings it more in line with the current ubuntu-latest tag used on Github Actions.

It also fixes some problems with the image, highlighted by the upgrade to Ubuntu 24:

  • The way privilege escalation for management inside the container works has been turned on its head. The container now starts privileged and drops to a non-privileged user after startup-maintenance has been performed. The main way to elevate privileges inside the container is now through sudo, not gosu (which claims it was never intended for privilege escalation and will not not work if you try it).

  • Cache mounts for APT packages are added to the definition, in an attempt to make image builds faster.

  • Syntax problems/deprecations highlighted by newer Docker versions have been fixed

  • Just as newer Debian versions have started to do, newer Ubuntu versions will refuse to let pip install site-wide packages, in order to avoid breaking the OS' own Python packages. The image therefore switches to using a virtualenv for the few Python commands we need to drive tox and the test suite.

Newer versions of gosu will complain loudly about having the setuid bit
set, and refuse to work.  gosu is not really intended to raise the
privilege level of the calling user, but to lower it.

This switches up the use of the test docker image and gosu, running the
container as root by default, but instead using the entrypoint script to
modify the `build` user and then *drop* privileges to that user before
running the container command.
Newer Docker versions will complain about the legacy ENV syntax if used,
so it's time to switch.
Install the unzip package with basic system packages to reduce number of
apt-get install commands used in image.
This should speed up rebuilds by retaining an apt package cache between
builds of the test image.
Ubuntu has changed how its package lists are specified by default.  It
also ships with libsnmp40 rather than libsnmp35.  Finally, the most
important change is that pip no longer is allowed to install Python
packages globally, so tox and its associates are instead installed to a
virtualenv whose bin directory is added to the default PATH of the
container.
@lunkwill42 lunkwill42 self-assigned this Dec 12, 2024
Copy link

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

Copy link

Test results

    9 files      9 suites   8m 25s ⏱️
2 158 tests 2 158 ✅ 0 💤 0 ❌
4 055 runs  4 055 ✅ 0 💤 0 ❌

Results for commit 74209c6.

Copy link

codecov bot commented Dec 12, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.54%. Comparing base (4b527c8) to head (74209c6).
Report is 21 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #3255      +/-   ##
==========================================
- Coverage   60.55%   60.54%   -0.01%     
==========================================
  Files         606      606              
  Lines       43723    43723              
  Branches       48       48              
==========================================
- Hits        26478    26474       -4     
- Misses      17233    17237       +4     
  Partials       12       12              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@lunkwill42 lunkwill42 requested a review from a team December 12, 2024 14:43
@lunkwill42 lunkwill42 marked this pull request as ready for review December 12, 2024 14:43
@lunkwill42 lunkwill42 added the nonews No news fragment is necessary for this PR (e.g. refactoring, cleanups, workflow/development changes) label Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
nonews No news fragment is necessary for this PR (e.g. refactoring, cleanups, workflow/development changes)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant