Expand/consolidate "detecting bootc" #4405
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CI Workflow for bootc | |
| # | |
| # Core principles: | |
| # - Everything done here should be easy to replicate locally. Most tasks | |
| # should invoke `just <something>`. | |
| # - Most additions to this should be extending existing tasks; e.g. | |
| # there's places for unit and integration tests already. | |
| name: CI | |
| permissions: | |
| actions: read | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: {} | |
| env: | |
| CARGO_TERM_COLOR: always | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| # Run basic validation checks (linting, formatting, etc) | |
| validate: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Bootc Ubuntu Setup | |
| uses: ./.github/actions/bootc-ubuntu-setup | |
| - name: Validate (default) | |
| run: just validate | |
| # Build container with continuous repository enabled | |
| container-continuous: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Bootc Ubuntu Setup | |
| uses: ./.github/actions/bootc-ubuntu-setup | |
| - name: Build with continuous repo enabled | |
| run: sudo just build --build-arg=continuous_repo=1 | |
| # Check for security vulnerabilities and license compliance | |
| cargo-deny: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: EmbarkStudios/cargo-deny-action@v2 | |
| with: | |
| log-level: warn | |
| command: check -A duplicate bans sources licenses | |
| # Test bootc installation scenarios and fsverity support | |
| # TODO convert to be an integration test | |
| install-tests: | |
| name: "Test install" | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Bootc Ubuntu Setup | |
| uses: ./.github/actions/bootc-ubuntu-setup | |
| - name: Enable fsverity for / | |
| run: sudo tune2fs -O verity $(findmnt -vno SOURCE /) | |
| - name: Install utils | |
| run: sudo apt -y install fsverity just | |
| - name: Integration tests | |
| run: | | |
| set -xeu | |
| # Build images to test; TODO investigate doing single container builds | |
| # via GHA and pushing to a temporary registry to share among workflows? | |
| sudo just build | |
| sudo just build-install-test-image | |
| sudo podman build -t localhost/bootc-fsverity -f ci/Containerfile.install-fsverity | |
| # TODO move into a container, and then have this tool run other containers | |
| export CARGO_INCREMENTAL=0 # because we aren't caching the test runner bits | |
| cargo build --release -p tests-integration | |
| df -h / | |
| sudo install -m 0755 target/release/tests-integration /usr/bin/bootc-integration-tests | |
| rm target -rf | |
| df -h / | |
| # The ostree-container tests | |
| sudo podman run --privileged --pid=host -v /:/run/host -v $(pwd):/src:ro -v /var/tmp:/var/tmp \ | |
| --tmpfs /var/lib/containers \ | |
| -v /run/dbus:/run/dbus -v /run/systemd:/run/systemd localhost/bootc /src/crates/ostree-ext/ci/priv-integration.sh | |
| # Nondestructive but privileged tests | |
| sudo bootc-integration-tests host-privileged localhost/bootc-integration-install | |
| # Install tests | |
| sudo bootc-integration-tests install-alongside localhost/bootc-integration-install | |
| # system-reinstall-bootc tests | |
| cargo build --release -p system-reinstall-bootc | |
| # not sure why this is missing in the ubuntu image but just creating this directory allows the tests to pass | |
| sudo mkdir -p /run/sshd | |
| sudo install -m 0755 target/release/system-reinstall-bootc /usr/bin/system-reinstall-bootc | |
| # These tests may mutate the system live so we can't run in parallel | |
| sudo bootc-integration-tests system-reinstall localhost/bootc-integration --test-threads=1 | |
| # And the fsverity case | |
| sudo podman run --privileged --pid=host localhost/bootc-fsverity bootc install to-existing-root --stateroot=other \ | |
| --acknowledge-destructive --skip-fetch-check | |
| # Crude cross check | |
| sudo find /ostree/repo/objects -name '*.file' -type f | while read f; do | |
| sudo fsverity measure $f >/dev/null | |
| done | |
| # Test that we can build documentation | |
| docs: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Bootc Ubuntu Setup | |
| uses: ./.github/actions/bootc-ubuntu-setup | |
| - name: Build mdbook | |
| run: just build-mdbook | |
| # Build containers and disk images for integration testing across OS matrix | |
| build-integration: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| test_os: [fedora-42, fedora-43, centos-9, centos-10] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Bootc Ubuntu Setup | |
| uses: ./.github/actions/bootc-ubuntu-setup | |
| - name: Install qemu-utils | |
| run: sudo apt install -y qemu-utils | |
| - name: Build container and disk image | |
| run: | | |
| sudo tests/build.sh ${{ matrix.test_os }} | |
| - name: Run container tests | |
| run: | |
| sudo just test-container | |
| - name: Archive disk image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-disk | |
| path: target/bootc-integration-test.qcow2 | |
| retention-days: 1 | |
| # Run TMT-based integration tests on disk images from build-integration | |
| test-integration: | |
| needs: build-integration | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| test_os: [fedora-42, fedora-43, centos-9, centos-10] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Bootc Ubuntu Setup | |
| uses: ./.github/actions/bootc-ubuntu-setup | |
| - name: Install deps | |
| run: | | |
| sudo apt-get update | |
| # see https://tmt.readthedocs.io/en/stable/overview.html#install | |
| sudo apt install -y libkrb5-dev pkg-config libvirt-dev genisoimage qemu-kvm qemu-utils libvirt-daemon-system just | |
| pip install --user "tmt[provision-virtual]" | |
| - name: Create folder to save disk image | |
| run: mkdir -p target | |
| - name: Download disk.raw | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-disk | |
| path: target | |
| - name: Workaround https://github.com/teemtee/testcloud/issues/18 | |
| run: sudo rm -f /usr/bin/chcon && sudo ln -sr /usr/bin/true /usr/bin/chcon | |
| - name: Run all TMT tests | |
| run: | | |
| just test-tmt-nobuild | |
| - name: Archive TMT logs | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: tmt-log-PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-${{ matrix.tmt_plan }} | |
| path: /var/tmp/tmt |