TEMP: test install-tests fix with copy-to-rootful

cgwalters · cgwalters · commit 20ce369d8201 · 2026-01-23T17:02:07.000-05:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -32,6 +32,7 @@ concurrency:
 jobs:
   # Run basic validation checks (linting, formatting, etc)
   validate:
+    if: false  # TEMP: disabled for testing install-tests fix
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v6
@@ -41,6 +42,7 @@ jobs:
         run: just validate
   # Check for security vulnerabilities and license compliance
   cargo-deny:
+    if: false  # TEMP: disabled for testing install-tests fix
     runs-on: ubuntu-24.04
     steps:
     - uses: actions/checkout@v6
@@ -65,16 +67,18 @@ jobs:
       - name: Integration tests
         run: |
           set -xeu
-          # Build images to test; TODO investigate doing single container builds
-          # via GHA and pushing to a temporary registry to share among workflows?
-          # Preserve rustup/cargo environment for sudo (rustup needs RUSTUP_HOME to find toolchains)
-          sudojust() { sudo env PATH="$PATH" CARGO_HOME="${CARGO_HOME:-$HOME/.cargo}" RUSTUP_HOME="${RUSTUP_HOME:-$HOME/.rustup}" just "$@"; }
-          sudojust build
-          sudojust build-install-test-image
+          # Build images as regular user, then copy to root's podman storage
+          # This avoids cargo cache permission issues when running cargo as root
+          just build
+          just build-install-test-image
+          just copy-to-rootful localhost/bootc
+          just copy-to-rootful localhost/bootc-install
+          # Copy bound images (LBI) to root's storage for tests that need them
+          just copy-to-rootful quay.io/curl/curl:latest
+          just copy-to-rootful quay.io/curl/curl-base:latest
+          just copy-to-rootful registry.access.redhat.com/ubi9/podman:latest
           sudo podman build -t localhost/bootc-fsverity -f ci/Containerfile.install-fsverity
 
-          # Grant permission
-          sudo chown -R "$(id -u):$(id -g)" /home/runner/work/bootc/bootc
           # TODO move into a container, and then have this tool run other containers
           cargo build --release -p tests-integration
 
@@ -110,6 +114,7 @@ jobs:
           done
   # Test that we can build documentation
   docs:
+    if: false  # TEMP: disabled for testing install-tests fix
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v6
@@ -119,6 +124,7 @@ jobs:
         run: just build-mdbook
   # Build packages for each test OS
   package:
+    if: false  # TEMP: disabled for testing install-tests fix
     strategy:
       fail-fast: false
       matrix:
@@ -150,6 +156,7 @@ jobs:
   # running unit and integration tests (using TMT, leveraging the support for nested virtualization
   # in the GHA runners)
   test-integration:
+    if: false  # TEMP: disabled for testing install-tests fix
     needs: package
     strategy:
       fail-fast: false
@@ -224,6 +231,7 @@ jobs:
   # when run in the same job as test-integration).
   # Uses fedora-43 as it's the current stable Fedora release matching CoreOS.
   test-coreos:
+    if: false  # TEMP: disabled for testing install-tests fix
     needs: package
     runs-on: ubuntu-24.04
 
@@ -264,7 +272,7 @@ jobs:
 
   # Sentinel job for required checks - configure this job name in repository settings
   required-checks:
-    if: always()
+    if: false  # TEMP: disabled for testing install-tests fix
     needs: [cargo-deny, validate, package, test-integration, test-coreos]
     runs-on: ubuntu-latest
     steps:
diff --git a/Justfile b/Justfile
@@ -282,3 +282,38 @@ _keygen:
 
 _build-upgrade-image:
     cat tmt/tests/Dockerfile.upgrade | podman build -t {{upgrade_img}} --from={{base_img}} -
+
+# Copy an image from user podman storage to root's podman storage
+# This allows building as regular user then running privileged tests
+[group('testing')]
+copy-to-rootful $image:
+    #!/bin/bash
+    set -euxo pipefail
+
+    # If already running as root, nothing to do
+    if [[ "${UID}" -eq "0" ]]; then
+        echo "Already root, no need to copy image"
+        exit 0
+    fi
+
+    # Check if the image exists in user storage
+    if ! podman image exists "${image}"; then
+        echo "Image ${image} not found in user podman storage" >&2
+        exit 1
+    fi
+
+    # Get the image ID from user storage
+    USER_IMG_ID=$(podman images --filter reference="${image}" --format '{{{{.ID}}')
+
+    # Check if the same image ID exists in root storage
+    ROOT_IMG_ID=$(sudo podman images --filter reference="${image}" --format '{{{{.ID}}' 2>/dev/null || true)
+
+    if [[ "${USER_IMG_ID}" == "${ROOT_IMG_ID}" ]] && [[ -n "${ROOT_IMG_ID}" ]]; then
+        echo "Image ${image} already exists in root storage with same ID"
+        exit 0
+    fi
+
+    # Copy the image from user to root storage
+    # Use podman save/load via pipe (works on systems without machinectl)
+    podman save "${image}" | sudo podman load
+    echo "Copied ${image} to root podman storage"
