Skip to content

ci: Add container integration test for rpm and bootc #264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
martinpitt merged 4 commits into from
Apr 28, 2025
Merged

ci: Add container integration test for rpm and bootc #264

martinpitt merged 4 commits into from
Apr 28, 2025

Conversation

@martinpitt
Copy link
Contributor

@martinpitt martinpitt commented Apr 25, 2025
edited
Loading

Same as in linux-system-roles/sudo#52 to check the new mechanics for a more complex role. This is a case where the role works fine in a system container, but not yet during a bootc container build. I'm working on that in my https://github.com/martinpitt/lsr-firewall/tree/bootc-container-test branch, see https://issues.redhat.com/browse/RHEL-88425 . But this is a nice stepping stone.

@martinpitt martinpitt marked this pull request as draft April 25, 2025 13:20
@codecov
Copy link

codecov bot commented Apr 25, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.56%. Comparing base (2d7c4ba) to head (24a225f).
Report is 59 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #264      +/-   ##
==========================================
- Coverage   61.09%   60.56%   -0.54%     
==========================================
  Files           2        2              
  Lines         910      923      +13     
==========================================
+ Hits          556      559       +3     
- Misses        354      364      +10
Flag Coverage Δ
sanity ?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@martinpitt
Copy link
Contributor Author

martinpitt commented Apr 25, 2025

I.e. the bootc scenarios are quick no-ops due to not being supported here.

@martinpitt martinpitt mentioned this pull request Apr 25, 2025
Merged
11 tasks
@martinpitt martinpitt marked this pull request as ready for review April 28, 2025 15:04
@martinpitt martinpitt requested a review from richm April 28, 2025 15:21
richm
richm reviewed Apr 28, 2025
View reviewed changes
tests/tests_reload_on_reset.yml Outdated
name: podman
name:
- podman
- /usr/bin/ping
Copy link
Contributor

@richm richm Apr 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This introduces a dependency at ostree build time - either some package needs to be added to https://github.com/linux-system-roles/firewall/blob/main/.ostree/packages-testing.txt or possibly one of the platform specific files. I don't know if image builder can use a file, or if it requires the name of a package.

Copy link
Contributor Author

@martinpitt martinpitt Apr 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ack! Done.

@martinpitt martinpitt mentioned this pull request Apr 28, 2025
Merged
1 task
@martinpitt
ci: Fix missing ping in tests_reload_on_reset
fe2dd16 
In some environments, such as a CentOS 9 container, "ping" is not
pre-installed. The test calls it, so install it explicitly.
@martinpitt
ci: Add container integration test for rpm and bootc
aa6dd27 
Generalize qemu-kvm-integration-tests.yml to run some "container-*"
environments as well. For "classic rpm" OSes that does not give us too
much beyond making sure that the container tests actually work
(developers might use them locally, after all). 90% of the logic (setup,
compatibility check, status updates, etc.) is the same, so it's not
economic to duplicate all of that into a new workflow.

Add Fedora/CentOS *-bootc scenarios: These check that our role works
during a bootc container build, without any systemd, processes, or other
runtime environment. tox-lsr added support for this in
linux-system-roles/tox-lsr#188.

However, as most roles don't currently work in that environment,
introduce and check a new `containerbuild` tag in meta/main.yml. We'll
add this to roles as we adjust them.

Similarly, as not every role works in a running container (e.g. due to
assuming SELinux), check a new `container` tag in their tests.
@martinpitt
feat: Support this role in container environments
24a225f 
Feature: Support running the firewall role in system container
environments.

Result: These flags enable running the "classic rpm" scenarios in CI,
which ensures that the role works in podman system containers.

Note: This role does *not* work (yet) during container builds such as
bootc "buildah" environments. Thus do not yet add the "containerbuild"
tag.
@martinpitt martinpitt merged commit 4535834 into linux-system-roles:main Apr 28, 2025
27 of 28 checks passed
@martinpitt martinpitt deleted the container-tests branch April 28, 2025 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@richm richm richm approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@martinpitt @richm