go-yaml/yaml has been deprecated by its maintainer; Move to goccy/go-yaml, which is
an actively maintained from a scratch yaml implementation in pure go. It
should able to parse all yaml file go-yaml could, and more. As an extra
benefit its errors are a lot better.
Fixes: #592
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Add some yaml anchors in the templating test to ensure those are
correctly handled. This is in preperation for switching the yaml
package.
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Debian bookworm uses golang 1.19, which is rather outdated. In
preperation of switching to go modules that require a newer go stop
build testing with Debian bookworm. Leaving current Debian stable
(trixie), testing (forky) and arch.
Fixes: #564
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Move te overlay-non-existent-destination test to be part of the
various exit_test tests so it can be ran in CI.
Co-authored-by: sjoerdsimons <22603932+sjoerdsimons@users.noreply.github.com>
The user-mode-linux backend appears to be buggy in trixie. Disable
the user-mode-linux backend tests.
Signed-off-by: Christopher Obbard <christopher.obbard@linaro.org>
Since the user-mode-linux backend is flaky in trixie remove the runtime deps
from the docker container so that it cannot be used.
Signed-off-by: Christopher Obbard <christopher.obbard@linaro.org>
With new qemu-user-static from trixie we no longer need to register
the binfmts manually.
This reverts commit 306d2ea194.
Signed-off-by: Christopher Obbard <christopher.obbard@linaro.org>
Since Debian trixie has now been released; upgrade the debos container
to the new release.
Signed-off-by: Christopher Obbard <christopher.obbard@linaro.org>
Let verify (indirectly) save the cleaned keyring paths back to the
action arguments so those are used for the Run as well
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Running the docker container build in the copilot coding agent
environment need some workarounds. Document this in more detail for
copilot, while also emphasizing it should always run integration tests
before committing changes.
To allow building in environments with TLS MITM proxies add a way to
expose the host cert store to the *build* container. This is needed for
for the copilot coding agent as that seems to run in such an environment
when the recommended firewall is enabled.
The runner images install a kernel, which pulls in initramfs-tools to
create an initramfs. For debos we don't need to have an initramfs, we
just need the kernel image. Generating this on the native
architecture (amd64) is reasonably fast. However in emulation, when
building for arm64, this is *very* slow.
In current github actions this change seems to save about 20 minutes per
docker build. For PR triggered runs this (which don't upload the
containers) this should save 20 minutes end-to-end (one build on the
critical path), while for runs that do it should save about 40 minutes
end to end (three builds, of which 2 on the critical path).
When you have multiple debos chroot builds running at the same time,
you will get something like this:
2025/09/16 11:17:38 apt | Mount point '/run/systemd/nspawn/unix-export/root' exists already, refusing.
2025/09/16 11:17:38 Action `recipe` failed at stage Run, error: exit status 1
This because systemd-nspawn will name the container acc. to the root
directory per default, which is always "root" for debos, and wants
to create a subdir inside "/run/systemd/nspawn/unix-export" even
with "--register=no".
To reproduce this problem, you need two copies of a root file system where the
last component of the path has the same name.
The example below was run on Debian Trixie arm64 and uses
~/trixie1/trixie and ~/trixie2/trixie as the root directories:
1st terminal:
root@jaguar1:~/trixie1/trixie# systemd-nspawn --register=no bash
░ Spawning container trixie on /root/trixie1/trixie.
░ Press Ctrl-] three times within 1s to kill container.
root@trixie:/#
2nd terminal:
root@jaguar1:~/trixie2/trixie# systemd-nspawn --register=no bash
░ Spawning container trixie on /root/trixie2/trixie.
░ Press Ctrl-] three times within 1s to kill container.
Mount point '/run/systemd/nspawn/unix-export/trixie' exists already, refusing.
# Try again
root@jaguar1:~/trixie2/trixie# systemd-nspawn --register=no bash
░ Spawning container trixie on /root/trixie2/trixie.
░ Press Ctrl-] three times within 1s to kill container.
Failed to allocate scope: Unit trixie.scope was already loaded or has a fragment file.
To fix this we problem, set the container name via "--machine"
to debos-NNNNN, where NNNNN is a random int63.
This makes name collisions virtually impossible and fixes the problem.
Signed-off-by: Jakob Unterwurzacher <jakob.unterwurzacher@cherry.de>
Unconditionally log SHA256 sum of downloads and add an optional
sha256sum property. Setting this property will ensure verification of
the downloaded file and delete it on mismatch.
Signed-off-by: Loïc Minier <loic.minier@oss.qualcomm.com>
