From 0b2fca993b117167ed6ba2025e4738d4b8ef12e1 Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@ibm.com>
Date: Wed, 31 Jul 2024 14:59:44 +0200
Subject: [PATCH 1/2] ci: use latest Fedora container-image

GitHub had issues with Fedora 40 when it was released. Hopefully this is
not the case anymore.

Closes: #4585
Signed-off-by: Niels de Vos <ndevos@ibm.com>
---
 scripts/Dockerfile.test | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/Dockerfile.test b/scripts/Dockerfile.test
index 9af0888a6a0..a05d7737e08 100644
--- a/scripts/Dockerfile.test
+++ b/scripts/Dockerfile.test
@@ -8,7 +8,7 @@
 # little different.
 #
 
-FROM registry.fedoraproject.org/fedora:39
+FROM registry.fedoraproject.org/fedora:latest
 
 ARG GOPATH=/go
 ARG GOROOT=/usr/local/go

From 6e8b0301be975d4e8805ee443c9f778acf9676ef Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@ibm.com>
Date: Wed, 31 Jul 2024 18:51:29 +0200
Subject: [PATCH 2/2] ci: disable seccomp when running podman with GitHub
 Actions

Fedora 40 builds seems to require disabling seccomp. When enabled,
installing Golang inside the container fails.

See-also: containers/podman#21012
Signed-off-by: Niels de Vos <ndevos@ibm.com>
---
 Makefile | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 57024dc20f9..7a4067fbf2f 100644
--- a/Makefile
+++ b/Makefile
@@ -32,6 +32,11 @@ ifeq ($(HAVE_CPUSET),1)
     CPUSET ?= --cpuset-cpus=0-${CPUS}
 endif
 
+ifneq ($(GITHUB_ACTION),)
+    # see https://github.com/containers/podman/issues/21012
+    SECURITY_OPT ?= --security-opt seccomp=unconfined
+endif
+
 CSI_IMAGE_NAME=$(if $(ENV_CSI_IMAGE_NAME),$(ENV_CSI_IMAGE_NAME),quay.io/cephcsi/cephcsi)
 CSI_IMAGE_VERSION=$(shell . $(CURDIR)/build.env ; echo $${CSI_IMAGE_VERSION})
 CSI_IMAGE=$(CSI_IMAGE_NAME):$(CSI_IMAGE_VERSION)
@@ -229,7 +234,7 @@ ifeq ($(USE_PULLED_IMAGE),no)
 .test-container-id: .container-cmd build.env scripts/Dockerfile.test
 	[ ! -f .test-container-id ] || $(CONTAINER_CMD) rmi $(CSI_IMAGE_NAME):test
 	$(RM) .test-container-id
-	$(CONTAINER_CMD) build $(CPUSET) --build-arg GOARCH=$(GOARCH) -t $(CSI_IMAGE_NAME):test -f ./scripts/Dockerfile.test .
+	$(CONTAINER_CMD) build $(CPUSET) $(SECURITY_OPT) --build-arg GOARCH=$(GOARCH) -t $(CSI_IMAGE_NAME):test -f ./scripts/Dockerfile.test .
 	$(CONTAINER_CMD) inspect -f '{{.Id}}' $(CSI_IMAGE_NAME):test > .test-container-id
 else
 # create the .test-container-id file based on the pulled image