Enforce running Podman over Docker

Running a full systemd including gettys inside a privileged container has nasty side effects such as the container getty starting to write to the same tty as the system getty. Always run Podman since it can run rootless and doesn't suffer from these drawbacks.
NixOS · Apr 30, 2020 · b5e940f · b5e940f
1 parent 5af377f
commit b5e940f
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 6 deletions.
diff --git a/ci/check-tests.sh b/ci/check-tests.sh
@@ -1,4 +1,4 @@
 #!/usr/bin/env nix-shell
 #!nix-shell ../shell.nix -i bash
 
-./coverage-tests.py -a '!libvirtd,!gce,!ec2,!azure' -v
+./coverage-tests.py -a '!libvirtd,!gce,!ec2,!azure' -v tests/unit
diff --git a/ci/run-functional.sh b/ci/run-functional.sh
@@ -2,6 +2,11 @@
 #!nix-shell ../shell.nix -i bash
 set -eu
 
+# Check if we're in github actions
+echo "Github Workflow: "$GITHUB_WORKFLOW
+
+ln -s $(which docker) scripts/podman
+
 # We rely on commits not in 20.03 for container testing
 export NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz
 

diff --git a/tests/functional/test_deploy.py b/tests/functional/test_deploy.py
@@ -34,7 +34,7 @@ def get_container_image() -> str:
  )
 
  image_id = (
- subprocess.check_output(["docker", "images", "-q", image_name]).decode().strip()
+ subprocess.check_output(["podman", "images", "-q", image_name]).decode().strip()
  )
  if image_id:
  return image_id
@@ -59,7 +59,7 @@ def get_container_image() -> str:
  )[0]
 
  return (
- subprocess.check_output(["docker", "import", image_file, image_name])
+ subprocess.check_output(["podman", "import", image_file, image_name])
  .decode()
  .strip()
  )
@@ -91,7 +91,7 @@ def started(self) -> bool:
  def run(self):
  process = subprocess.run(
  [
- "docker",
+ "podman",
  "run",
  "--privileged",
  f"--publish={self.ssh_port}:22",
@@ -134,13 +134,13 @@ def wait_for_ssh(self, timeout=60):
  def stop(self):
  if not self.container_id:
  return
- subprocess.run(["docker", "kill", self.container_id])
+ subprocess.run(["podman", "kill", self.container_id])
 
  def destroy(self):
  if not self.container_id:
  return
  self.stop()
- subprocess.run(["docker", "rm", "-f", self.container_id])
+ subprocess.run(["podman", "rm", "-f", self.container_id])
 
 
 class Deployment: