ci: Add support for bootc end-to-end validation tests

[richm]

NOTE: This also requires upgrading to tox-lsr 3.10.0, and some
hacks to workaround a podman issue in ubuntu.

These tests run the role during a bootc container image build, deploy
the container into a QEMU VM, boot that, and validate the expected
configuration there. They run in two different tox environments, and
thus have to be run in two steps (preparation in buildah, validation in
QEMU). The preparation is expected to output a qcow2 image in
tests/tmp/TESTNAME/qcow2/disk.qcow2, i.e. the output structure of
https://github.com/osbuild/bootc-image-builder.

There are two possibilities:

• Have separate bootc end-to-end tests. These are tagged with
  tests::bootc-e2 and are skipped in the normal qemu-* scenarios.
  They run as part of the container-* ones.

• Modify an existing test: These need to build a qcow2 image exactly
  once (via calling bootc-buildah-qcow.sh) and skip setup/cleanup
  and role invocations in validation mode, i.e. when
  __bootc_validation is true.

In the container scenario, run the QEMU validation as a separate step in
the workflow.

See https://issues.redhat.com/browse/RHEL-88396

[sourcery-ai]

Reviewer's Guide

This PR adds end-to-end bootc validation test support by upgrading tox-lsr, injecting a Podman compatibility hack, extending the qemu-kvm CI workflow to prepare and validate qcow2 images, and updating user documentation and badges.

Sequence Diagram: Bootc End-to-End Test Execution

sequenceDiagram
    participant CIWorkflow as CI Workflow
    participant Buildah
    participant QEMU_VM as QEMU VM
    participant TestRole as Ansible Role

    CIWorkflow->>Buildah: Start Image Preparation (using bootc)
    activate Buildah
    Buildah->>TestRole: Run role during image build
    activate TestRole
    TestRole-->>Buildah: Role execution complete
    deactivate TestRole
    Buildah-->>CIWorkflow: Output qcow2 image
    deactivate Buildah

    CIWorkflow->>QEMU_VM: Deploy qcow2 image and boot
    activate QEMU_VM
    QEMU_VM-->>CIWorkflow: VM Booted
    CIWorkflow->>QEMU_VM: Start Validation
    QEMU_VM->>TestRole: Validate configuration (skip setup/cleanup if __bootc_validation is true)
    activate TestRole
    TestRole-->>QEMU_VM: Validation complete
    deactivate TestRole
    QEMU_VM-->>CIWorkflow: Validation Result
    deactivate QEMU_VM

Loading

File-Level Changes

Change	Details	Files
Upgrade tox-lsr to v3.10.0 across all CI workflows	Bump pip3 install reference from 3.9.0 to 3.10.0 in workflows Ensure consistent tox-lsr version in Python, ansible-lint, ansible-test, and managed-var pipelines	.github/workflows/qemu-kvm-integration-tests.yml .github/workflows/ansible-lint.yml .github/workflows/ansible-managed-var-comment.yml .github/workflows/ansible-test.yml .github/workflows/python-unit-test.yml
Add Podman 5.x compatibility hack for bootc scenarios in qemu-kvm CI	Conditionally pin Ubuntu sources to ‘plucky’ for Podman 5 Create APT preferences to prioritize Podman and related packages Update apt and install Podman, crun, conmon, containers-storage	.github/workflows/qemu-kvm-integration-tests.yml
Extend qemu-kvm CI workflow to handle bootc end-to-end tests	Skip bootc-e2e tagged tests in standard qemu jobs Add a step to loop over generated qcow2 images and run validation in QEMU Capture and archive PASS/FAIL logs per test	.github/workflows/qemu-kvm-integration-tests.yml
Document Podman-based integration testing in contributing guide	Introduce “Integration tests with podman” section Provide a six-step procedure to set up and run ansible tests inside Podman	contributing.md
Clean up CI badge links in README	Remove the legacy integration.yml badge from the workflow badges section	README.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @richm - I've reviewed your changes - here's some feedback:

• Consider refactoring the repeated tox-lsr version bump across multiple workflows into a shared variable or template to reduce maintenance overhead.
• The APT "plucky" hack for upgrading Podman adds substantial complexity—please reference a tracking issue and mark it clearly for removal once Ubuntu 26.04 support lands.
• The new podman integration instructions in contributing.md are quite detailed—consider moving them to a separate file or dedicated section to keep the main guide focused.

Here's what I looked at during the review

• 🟡 General issues: 3 issues found
• 🟢 Security: all looks good
• 🟢 Review instructions: all looks good
• 🟢 Testing: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue: Clarify path context for ~/network/tests

Specify that ~/network/tests is the tests directory within the cloned repository, and note that users should adjust the path if their clone location differs.

[sourcery-ai]

suggestion: Clarify the purpose of podman unshare

Clarify that podman unshare is required so Ansible, through the podman connector, can perform privileged operations such as mounting filesystems.

Suggested change

	5. Use `podman unshare` first to run "podman mount" in root mode, use `-vi` to
	run ansible as inventory in verbose mode, use `-c podman` to use the podman
	connection plugin. NOTE: Some of the tests do not work with podman - see
	`.github/run_test.sh` for the list of tests that do not work.
	```bash
	podman unshare
	ansible-playbook -vi lsr-ci-c7, -c podman tests_provider_nm.yml
	```
	5. Use `podman unshare` first to ensure Ansible, when using the podman connection plugin, can perform privileged operations such as mounting filesystems inside the container. This is required because some operations (like "podman mount") need to be run in a user namespace with elevated privileges. Then, use `-vi` to run ansible as inventory in verbose mode, and `-c podman` to use the podman connection plugin. NOTE: Some of the tests do not work with podman - see
	`.github/run_test.sh` for the list of tests that do not work.
	```bash
	podman unshare
	ansible-playbook -vi lsr-ci-c7, -c podman tests_provider_nm.yml
	```

[sourcery-ai]

nitpick: Use more precise term than 'kill it'

Replace 'to kill it:' with 'to stop and remove it:' to better reflect the use of podman stop and podman rm.