Merge pull request #950 from cgwalters/ci-ostree-deploy

cgwalters · web-flow · commit 3f5eb52a1712 · 2024-12-09T18:45:20.000-05:00
Cover ostree-ext in ci
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -67,8 +67,6 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
-      - name: Ensure host skopeo is disabled
-        run: sudo rm -f /bin/skopeo /usr/bin/skopeo
       - name: Free up disk space on runner
         run: sudo ./ci/clean-gha-runner.sh
       - name: Integration tests
@@ -81,6 +79,9 @@ jobs:
           sudo install -m 0755 target/release/tests-integration /usr/bin/bootc-integration-tests
           rm target -rf
           df -h /
+          # The ostree-container tests
+          sudo podman run --privileged --pid=host -v /:/run/host -v $(pwd):/src:ro -v /var/tmp:/var/tmp \
+            -v /run/dbus:/run/dbus -v /run/systemd:/run/systemd localhost/bootc /src/ostree-ext/ci/priv-integration.sh
           # Nondestructive but privileged tests
           sudo bootc-integration-tests host-privileged localhost/bootc
           # Finally the install-alongside suite
diff --git a/Makefile b/Makefile
@@ -34,14 +34,15 @@ install-ostree-hooks:
 	  ln -sf ../../../bin/bootc $(DESTDIR)$(prefix)/libexec/libostree/ext/$$x; \
 	done
 
-install-with-tests: install
+# Install the main binary, the ostree hooks, and the integration test suite.
+install-all: install install-ostree-hooks
 	install -D -m 0755 target/release/tests-integration $(DESTDIR)$(prefix)/bin/bootc-integration-tests 
 
 bin-archive: all
 	$(MAKE) install DESTDIR=tmp-install && $(TAR_REPRODUCIBLE) --zstd -C tmp-install -cf target/bootc.tar.zst . && rm tmp-install -rf
 
 test-bin-archive: all
-	$(MAKE) install-with-tests DESTDIR=tmp-install && $(TAR_REPRODUCIBLE) --zstd -C tmp-install -cf target/bootc.tar.zst . && rm tmp-install -rf
+	$(MAKE) install-all DESTDIR=tmp-install && $(TAR_REPRODUCIBLE) --zstd -C tmp-install -cf target/bootc.tar.zst . && rm tmp-install -rf
 
 test-tmt:
 	cargo xtask test-tmt
diff --git a/ostree-ext/.github/workflows/bootc.yml b/ostree-ext/.github/workflows/bootc.yml
diff --git a/ostree-ext/.github/workflows/rust.yml b/ostree-ext/.github/workflows/rust.yml
@@ -128,24 +128,6 @@ jobs:
         run: install ostree-ext-cli /usr/bin && rm -v ostree-ext-cli
       - name: Integration tests
         run: ./ci/ima.sh
-  privtest:
-    name: "Privileged testing"
-    needs: build
-    runs-on: ubuntu-latest
-    container:
-      image: quay.io/fedora/fedora-coreos:testing-devel
-      options: "--privileged --pid=host -v /var/tmp:/var/tmp -v /run/dbus:/run/dbus -v /run/systemd:/run/systemd -v /:/run/host"
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-      - name: Download
-        uses: actions/download-artifact@v4.1.8
-        with:
-          name: ostree-ext-cli
-      - name: Install
-        run: install ostree-ext-cli /usr/bin && rm -v ostree-ext-cli
-      - name: Integration tests
-        run: ./ci/priv-integration.sh
   privtest-cockpit:
     name: "Privileged testing (cockpit)"
     needs: build
diff --git a/ostree-ext/ci/priv-integration.sh b/ostree-ext/ci/priv-integration.sh
@@ -28,21 +28,21 @@ if test '!' -d "${sysroot}/ostree/deploy/${stateroot}"; then
     ostree admin os-init "${stateroot}" --sysroot "${sysroot}"
 fi
 # Should be no images pruned
-ostree-ext-cli container image prune-images --sysroot "${sysroot}"
+ostree container image prune-images --sysroot "${sysroot}"
 # Test the syntax which uses full imgrefs.
-ostree-ext-cli container image deploy --sysroot "${sysroot}" \
+ostree container image deploy --sysroot "${sysroot}" \
     --stateroot "${stateroot}" --imgref "${imgref}"
 ostree admin --sysroot="${sysroot}" status
-ostree-ext-cli container image metadata --repo "${sysroot}/ostree/repo" registry:"${image}" > manifest.json
+ostree container image metadata --repo "${sysroot}/ostree/repo" registry:"${image}" > manifest.json
 jq '.schemaVersion' < manifest.json
-ostree-ext-cli container image remove --repo "${sysroot}/ostree/repo" registry:"${image}"
+ostree container image remove --repo "${sysroot}/ostree/repo" registry:"${image}"
 ostree admin --sysroot="${sysroot}" undeploy 0
 # Now test the new syntax which has a nicer --image that defaults to registry.
-ostree-ext-cli container image deploy --transport registry --sysroot "${sysroot}" \
+ostree container image deploy --transport registry --sysroot "${sysroot}" \
     --stateroot "${stateroot}" --image "${image}"
 ostree admin --sysroot="${sysroot}" status
 ostree admin --sysroot="${sysroot}" undeploy 0
-if ostree-ext-cli container image deploy --transport registry --sysroot "${sysroot}" \
+if ostree container image deploy --transport registry --sysroot "${sysroot}" \
     --stateroot "${stateroot}" --image "${image}" --enforce-container-sigpolicy 2>err.txt; then
     echo "Deployment with enforced verification succeeded unexpectedly" 1>&2
     exit 1
@@ -52,16 +52,16 @@ if ! grep -Ee 'insecureAcceptAnything.*refusing usage' err.txt; then
     cat err.txt
 fi
 # Now we should prune it
-ostree-ext-cli container image prune-images --sysroot "${sysroot}"
-ostree-ext-cli container image list --repo "${sysroot}/ostree/repo" > out.txt
+ostree container image prune-images --sysroot "${sysroot}"
+ostree container image list --repo "${sysroot}/ostree/repo" > out.txt
 test $(stat -c '%s' out.txt) = 0
 
 for img in "${image}"; do
-    ostree-ext-cli container image deploy --sysroot "${sysroot}" \
+    ostree container image deploy --sysroot "${sysroot}" \
         --stateroot "${stateroot}" --imgref ostree-unverified-registry:"${img}"
     ostree admin --sysroot="${sysroot}" status
     initial_refs=$(ostree --repo="${sysroot}/ostree/repo" refs | wc -l)
-    ostree-ext-cli container image remove --repo "${sysroot}/ostree/repo" registry:"${img}"
+    ostree container image remove --repo "${sysroot}/ostree/repo" registry:"${img}"
     pruned_refs=$(ostree --repo="${sysroot}/ostree/repo" refs | wc -l)
     # Removing the image should only drop the image reference, not its layers
     test "$(($initial_refs - 1))" = "$pruned_refs"
@@ -70,29 +70,32 @@ for img in "${image}"; do
     n_commits=$(find ${sysroot}/ostree/repo -name '*.commit' | wc -l)
     test "${n_commits}" -gt 0
     # But right now this still doesn't prune *content*
-    ostree-ext-cli container image prune-layers --repo="${sysroot}/ostree/repo"
+    ostree container image prune-layers --repo="${sysroot}/ostree/repo"
     ostree --repo="${sysroot}/ostree/repo" refs > refs.txt
     if test "$(wc -l < refs.txt)" -ne 0; then
         echo "found refs"
         cat refs.txt
         exit 1
     fi
     # And this one should GC the objects too
-    ostree-ext-cli container image prune-images --full --sysroot="${sysroot}" > out.txt
+    ostree container image prune-images --full --sysroot="${sysroot}" > out.txt
     n_commits=$(find ${sysroot}/ostree/repo -name '*.commit' | wc -l)
     test "${n_commits}" -eq 0
 done
 
 # Verify we have systemd journal messages
-nsenter -m -t 1 journalctl _COMM=ostree-ext-cli > logs.txt
-grep 'layers already present: ' logs.txt
+nsenter -m -t 1 journalctl _COMM=bootc > logs.txt
+if ! grep 'layers already present: ' logs.txt; then
+    cat logs.txt
+    exit 1
+fi
 
 podman pull ${image}
 ostree --repo="${sysroot}/ostree/repo" init --mode=bare-user
-ostree-ext-cli container image pull ${sysroot}/ostree/repo ostree-unverified-image:containers-storage:${image}
+ostree container image pull ${sysroot}/ostree/repo ostree-unverified-image:containers-storage:${image}
 echo "ok pulled from containers storage"
 
-ostree-ext-cli container compare ${imgref} ${imgref} > compare.txt
+ostree container compare ${imgref} ${imgref} > compare.txt
 grep "Removed layers: *0 *Size: 0 bytes" compare.txt
 grep "Added layers: *0 *Size: 0 bytes" compare.txt
 
@@ -114,22 +117,22 @@ ostree refs ostree/container/image --delete
 repo="${sysroot}/ostree/repo"
 images=$(ostree container image list --repo "${repo}" | wc -l)
 test "${images}" -eq 1
-ostree-ext-cli container image deploy --sysroot "${sysroot}" \
+ostree container image deploy --sysroot "${sysroot}" \
         --stateroot "${stateroot}" --imgref ostree-unverified-image:"${derived_img}"
 imgref=$(ostree refs --repo=${repo} ostree/container/image | head -1)
 img_commit=$(ostree --repo=${repo} rev-parse ostree/container/image/${imgref})
-ostree-ext-cli container image remove --repo "${repo}" "${derived_img}"
+ostree container image remove --repo "${repo}" "${derived_img}"
 
-ostree-ext-cli container image deploy --sysroot "${sysroot}" \
+ostree container image deploy --sysroot "${sysroot}" \
         --stateroot "${stateroot}" --imgref ostree-unverified-image:"${derived_img}"
 img_commit2=$(ostree --repo=${repo} rev-parse ostree/container/image/${imgref})
 test "${img_commit}" = "${img_commit2}"
 echo "ok deploy derived container identical revs"
 
-ostree-ext-cli container image deploy --sysroot "${sysroot}" \
+ostree container image deploy --sysroot "${sysroot}" \
         --stateroot "${stateroot}" --imgref ostree-unverified-image:"${derived_img_dir}"
 echo "ok deploy derived container from local dir"
-ostree-ext-cli container image remove --repo "${repo}" "${derived_img_dir}"
+ostree container image remove --repo "${repo}" "${derived_img_dir}"
 rm -rf /var/tmp/derived.dir
 
 # Verify policy
