ci: Add support for bootc end-to-end validation tests

.codespell_ignores

@@ -1 +1,2 @@
 iif
+passt

.github/workflows/ansible-lint.yml

@@ -32,7 +32,7 @@ jobs:
       - name: Install tox, tox-lsr
         run: |
           set -euxo pipefail
-          pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.9.0"
+          pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.10.0"
 
       - name: Convert role to collection format
         id: collection

.github/workflows/ansible-managed-var-comment.yml

@@ -30,7 +30,7 @@ jobs:
       - name: Install tox, tox-lsr
         run: |
           set -euxo pipefail
-          pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.9.0"
+          pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.10.0"
 
       - name: Run ansible-plugin-scan
         run: |

.github/workflows/ansible-test.yml

@@ -33,7 +33,7 @@ jobs:
       - name: Install tox, tox-lsr
         run: |
           set -euxo pipefail
-          pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.9.0"
+          pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.10.0"
 
       - name: Convert role to collection format
         run: |

.github/workflows/python-unit-test.yml

@@ -65,7 +65,7 @@ jobs:
             tox=tox
             virtualenv=virtualenv
           fi
-          pip install "$tox" "$virtualenv" "git+https://github.com/linux-system-roles/tox-lsr@3.9.0"
+          pip install "$tox" "$virtualenv" "git+https://github.com/linux-system-roles/tox-lsr@3.10.0"
           # If you have additional OS dependency packages e.g. libcairo2-dev
           # then put them in .github/config/ubuntu-requirements.txt, one
           # package per line.

.github/workflows/qemu-kvm-integration-tests.yml

@@ -105,7 +105,29 @@ jobs:
           python3 -m pip install --upgrade pip
           sudo apt update
           sudo apt install -y --no-install-recommends git ansible-core genisoimage qemu-system-x86
-          pip3 install "git+https://github.com/linux-system-roles/[email protected]"
+          pip3 install "git+https://github.com/linux-system-roles/[email protected]"
+
+      # HACK: Drop this when moving this workflow to 26.04 LTS
+      - name: Update podman to 5.x for compatibility with bootc-image-builder's podman 5
+        if: steps.check_platform.outputs.supported && endsWith(matrix.scenario.image, '-bootc')
+        run: |
+          sed 's/noble/plucky/g' /etc/apt/sources.list.d/ubuntu.sources | sudo tee /etc/apt/sources.list.d/plucky.sources >/dev/null
+          cat <<EOF | sudo tee /etc/apt/preferences.d/podman.pref >/dev/null
+          Package: podman buildah golang-github-containers-common crun libgpgme11t64 libgpg-error0 golang-github-containers-image catatonit conmon containers-storage
+          Pin: release n=plucky
+          Pin-Priority: 991
+
+          Package: libsubid4 netavark passt aardvark-dns containernetworking-plugins libslirp0 slirp4netns
+          Pin: release n=plucky
+          Pin-Priority: 991
+
+          Package: *
+          Pin: release n=plucky
+          Pin-Priority: 400
+          EOF
+
+          sudo apt update
+          sudo apt install -y podman crun conmon containers-storage
 
       - name: Configure tox-lsr
         if: steps.check_platform.outputs.supported
@@ -117,7 +139,7 @@ jobs:
         if: steps.check_platform.outputs.supported && startsWith(matrix.scenario.env, 'qemu')
         run: >-
           tox -e ${{ matrix.scenario.env }} -- --image-name ${{ matrix.scenario.image }} --make-batch
-          --log-level debug --skip-tags tests::infiniband,tests::nvme,tests::scsi
+          --log-level debug $TOX_ARGS --skip-tags tests::bootc-e2e
           --lsr-report-errors-url DEFAULT --
 
       - name: Qemu result summary
@@ -164,6 +186,28 @@ jobs:
           done
           exit $rc
 
+      - name: Run bootc validation tests in QEMU
+        if: steps.check_platform.outputs.supported &&
+            startsWith(matrix.scenario.env, 'container') &&
+            endsWith(matrix.scenario.image, '-bootc')
+        run: |
+          set -euxo pipefail
+          env=$(echo "${{ matrix.scenario.env }}" | sed 's/^container-/qemu-/')
+
+          for image_file in $(ls tests/tmp/*/qcow2/disk.qcow2 2>/dev/null); do
+              test="tests/$(basename $(dirname $(dirname $image_file))).yml"
+              if tox -e "$env" -- --image-file "$(pwd)/$image_file" \
+                     --log-level debug $TOX_ARGS \
+                     --lsr-report-errors-url DEFAULT \
+                     -e __bootc_validation=true \
+                     -- "$test" >out 2>&1; then
+                  mv out "${test}-PASS.log"
+              else
+                  mv out "${test}-FAIL.log"
+                  exit 1
+              fi
+          done
+
       - name: Upload test logs on failure
         if: failure()
         uses: actions/upload-artifact@v4

README.md

@@ -1,6 +1,6 @@
 # linux-system-roles/network
 
-[![ansible-lint.yml](https://github.com/linux-system-roles/network/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/network/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/ansible-test.yml) [![codeql.yml](https://github.com/linux-system-roles/network/actions/workflows/codeql.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/codeql.yml) [![codespell.yml](https://github.com/linux-system-roles/network/actions/workflows/codespell.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/codespell.yml) [![integration.yml](https://github.com/linux-system-roles/network/actions/workflows/integration.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/integration.yml) [![markdownlint.yml](https://github.com/linux-system-roles/network/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/markdownlint.yml) [![python-unit-test.yml](https://github.com/linux-system-roles/network/actions/workflows/python-unit-test.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/python-unit-test.yml) [![qemu-kvm-integration-tests.yml](https://github.com/linux-system-roles/network/actions/workflows/qemu-kvm-integration-tests.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/qemu-kvm-integration-tests.yml) [![shellcheck.yml](https://github.com/linux-system-roles/network/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/network/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/network/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/network/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/woke.yml) [![Coverage Status](https://coveralls.io/repos/github/linux-system-roles/network/badge.svg)](https://coveralls.io/github/linux-system-roles/network) [![Code Style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/ambv/black) [![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/linux-system-roles/network.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/linux-system-roles/network/context:python)
+[![ansible-lint.yml](https://github.com/linux-system-roles/network/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/network/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/ansible-test.yml) [![codeql.yml](https://github.com/linux-system-roles/network/actions/workflows/codeql.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/codeql.yml) [![codespell.yml](https://github.com/linux-system-roles/network/actions/workflows/codespell.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/codespell.yml) [![markdownlint.yml](https://github.com/linux-system-roles/network/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/markdownlint.yml) [![python-unit-test.yml](https://github.com/linux-system-roles/network/actions/workflows/python-unit-test.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/python-unit-test.yml) [![qemu-kvm-integration-tests.yml](https://github.com/linux-system-roles/network/actions/workflows/qemu-kvm-integration-tests.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/qemu-kvm-integration-tests.yml) [![shellcheck.yml](https://github.com/linux-system-roles/network/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/network/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/network/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/network/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/woke.yml) [![Coverage Status](https://coveralls.io/repos/github/linux-system-roles/network/badge.svg)](https://coveralls.io/github/linux-system-roles/network) [![Code Style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/ambv/black) [![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/linux-system-roles/network.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/linux-system-roles/network/context:python)
 
 ## Overview
 
@@ -274,7 +274,7 @@
 - `macvlan`
 - `infiniband`
 - `wireless`
 - `dummy`
 
 #### `type: ethernet`
 
@@ -377,9 +377,9 @@
 
 - `password`: password for the network (required if `wpa-psk` or `sae` is used)
 
 #### `type: dummy`
 
 Dummy network interface, `nm` (NetworkManager) is the only supported `network_provider`
 for this type.
 
 ### `autoconnect`

contributing.md

@@ -70,3 +70,51 @@ ansible-playbook --skip-tags tests::cleanup \
 
 [NM 1.0](https://lazka.github.io/pgi-docs/#NM-1.0), it contains a full
 explanation about the NetworkManager API.
+
+### Integration tests with podman
+
+1. Create `~/.ansible/collections/ansible_collections/containers/podman/` if this
+  directory does not exist and `cd` into this directory.
+
+    ```bash
+    mkdir -p ~/.ansible/collections/ansible_collections/containers/podman/
+    cd ~/.ansible/collections/ansible_collections/containers/podman/
+    ```
+
+2. Clone the collection plugins for Ansible-Podman into the current directory.
+
+    ```bash
+    git clone https://github.com/containers/ansible-podman-collections.git .
+    ```
+
+3. Change directory into the `tests` subdirectory.
+
+    ```bash
+    cd ~/network/tests
+    ```
+
+4. Use podman with `-d` to run in the background (daemon). Use `c7` because
+  `centos/systemd` is centos7.
+
+    ```bash
+    podman run --name lsr-ci-c7 --rm --privileged \
+    -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
+    -d registry.centos.org/centos/systemd
+    ```
+
+5. Use `podman unshare` first to run "podman mount" in root mode, use `-vi` to
+  run ansible as inventory in verbose mode, use `-c podman` to use the podman
+  connection plugin. NOTE: Some of the tests do not work with podman - see
+  `.github/run_test.sh` for the list of tests that do not work.
+
+    ```bash
+    podman unshare
+    ansible-playbook -vi lsr-ci-c7, -c podman tests_provider_nm.yml
+    ```
+
+6. NOTE that this leaves the container running in the background, to kill it:
+
+    ```bash
+    podman stop lsr-ci-c7
+    podman rm lsr-ci-c7
+    ```