diff --git a/.github/actions/bootc-ubuntu-setup/action.yml b/.github/actions/bootc-ubuntu-setup/action.yml new file mode 100644 index 000000000..b9bdf9174 --- /dev/null +++ b/.github/actions/bootc-ubuntu-setup/action.yml @@ -0,0 +1,47 @@ +name: 'Bootc Ubuntu Setup' +description: 'Default host setup' +runs: + using: 'composite' + steps: + # We really want support for heredocs + - name: Update podman and install just + shell: bash + run: | + set -eux + # Require the runner is ubuntu-24.04 + IDV=$(. /usr/lib/os-release && echo ${ID}-${VERSION_ID}) + test "${IDV}" = "ubuntu-24.04" + # plucky is the next release + echo 'deb http://azure.archive.ubuntu.com/ubuntu plucky universe main' | sudo tee /etc/apt/sources.list.d/plucky.list + sudo apt update + # skopeo is currently older in plucky for some reason hence --allow-downgrades + sudo apt install -y --allow-downgrades crun/plucky podman/plucky skopeo/plucky just + # The default runners have TONS of crud on them... + - name: Free up disk space on runner + shell: bash + run: | + sudo df -h + unwanted=('^aspnetcore-.*' '^dotnet-.*' '^llvm-.*' 'php.*' '^mongodb-.*' '^mysql-.*' + azure-cli google-chrome-stable firefox mono-devel) + for x in ${unwanted[@]}; do + sudo apt-get remove -y $x > /dev/null + done + # Start other removal operations in parallel + sudo docker image prune --all --force > /dev/null & + sudo rm -rf /usr/share/dotnet /opt/ghc /usr/local/lib/android & + # Wait for all background processes to complete + wait + sudo df -h + # This is the default on e.g. Fedora derivatives, but not Debian + - name: Enable unprivileged /dev/kvm access + shell: bash + run: | + echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules + sudo udevadm control --reload-rules + sudo udevadm trigger --name-match=kvm + ls -l /dev/kvm + # Used by a few workflows, but generally useful + - name: Set architecture variable + id: set_arch + shell: bash + run: echo "ARCH=$(arch)" >> $GITHUB_ENV diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ebd1cb6f6..63903c3f4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,3 +1,10 @@ +# CI Workflow for bootc +# +# Core principles: +# - Everything done here should be easy to replicate locally. Most tasks +# should invoke `just `. +# - Most additions to this should be extending existing tasks; e.g. +# there's places for unit and integration tests already. name: CI permissions: @@ -18,60 +25,43 @@ concurrency: cancel-in-progress: true jobs: - # Wrapper for validation + # Run basic validation checks (linting, formatting, etc) validate: runs-on: ubuntu-24.04 steps: - - name: Get a newer podman for heredoc support (from debian testing) - run: | - set -eux - echo 'deb [trusted=yes] https://ftp.debian.org/debian/ testing main' | sudo tee /etc/apt/sources.list.d/testing.list - sudo apt update - sudo apt install -y crun/testing podman/testing skopeo/testing just - uses: actions/checkout@v4 - - name: Free up disk space on runner - run: sudo ./ci/clean-gha-runner.sh + - name: Bootc Ubuntu Setup + uses: ./.github/actions/bootc-ubuntu-setup - name: Validate (default) run: just validate + # Build container with continuous repository enabled container-continuous: runs-on: ubuntu-24.04 steps: - - name: Get a newer podman for heredoc support (from debian testing) - run: | - set -eux - echo 'deb [trusted=yes] https://ftp.debian.org/debian/ testing main' | sudo tee /etc/apt/sources.list.d/testing.list - sudo apt update - sudo apt install -y crun/testing podman/testing skopeo/testing just - - name: Installdeps - run: sudo apt update && sudo apt install just - uses: actions/checkout@v4 - - name: Free up disk space on runner - run: sudo ./ci/clean-gha-runner.sh + - name: Bootc Ubuntu Setup + uses: ./.github/actions/bootc-ubuntu-setup - name: Build with continuous repo enabled run: sudo just build --build-arg=continuous_repo=1 + # Check for security vulnerabilities and license compliance cargo-deny: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - uses: EmbarkStudios/cargo-deny-action@v2 with: log-level: warn command: check -A duplicate bans sources licenses + # Test bootc installation scenarios and fsverity support + # TODO convert to be an integration test install-tests: name: "Test install" - # For a not-ancient podman runs-on: ubuntu-24.04 steps: - - name: Get a newer podman for heredoc support (from debian testing) - run: | - set -eux - echo 'deb [trusted=yes] https://ftp.debian.org/debian/ testing main' | sudo tee /etc/apt/sources.list.d/testing.list - sudo apt update - sudo apt install -y crun/testing podman/testing skopeo/testing just - name: Checkout repository uses: actions/checkout@v4 - - name: Free up disk space on runner - run: sudo ./ci/clean-gha-runner.sh + - name: Bootc Ubuntu Setup + uses: ./.github/actions/bootc-ubuntu-setup - name: Enable fsverity for / run: sudo tune2fs -O verity $(findmnt -vno SOURCE /) - name: Install utils @@ -118,9 +108,11 @@ jobs: sudo find /ostree/repo/objects -name '*.file' -type f | while read f; do sudo fsverity measure $f >/dev/null done + # Build documentation using mdBook (only for PRs with 'documentation' label) + # TODO move into Justfile docs: if: ${{ contains(github.event.pull_request.labels.*.name, 'documentation') }} - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 env: MDBOOK_VERSION: 0.4.37 steps: @@ -149,3 +141,77 @@ jobs: echo `pwd`/mdbook-linkcheck >> $GITHUB_PATH - name: Build with mdBook run: cd docs && mdbook-mermaid install && mdbook build + # Build containers and disk images for integration testing across OS matrix + build-integration: + strategy: + fail-fast: false + matrix: + test_os: [fedora-42, fedora-43, centos-9, centos-10] + + runs-on: ubuntu-24.04 + + steps: + - uses: actions/checkout@v4 + - name: Bootc Ubuntu Setup + uses: ./.github/actions/bootc-ubuntu-setup + - name: Install qemu-utils + run: sudo apt install -y qemu-utils + + - name: Build container and disk image + run: | + sudo tests/build.sh ${{ matrix.test_os }} + + - name: Run container tests + run: + sudo just test-container + + - name: Archive disk image + uses: actions/upload-artifact@v4 + with: + name: PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-disk + path: target/bootc-integration-test.qcow2 + retention-days: 1 + + # Run TMT-based integration tests on disk images from build-integration + test-integration: + needs: build-integration + strategy: + fail-fast: false + matrix: + test_os: [fedora-42, fedora-43, centos-9, centos-10] + + runs-on: ubuntu-24.04 + + steps: + - uses: actions/checkout@v4 + - name: Bootc Ubuntu Setup + uses: ./.github/actions/bootc-ubuntu-setup + - name: Install deps + run: | + sudo apt-get update + # see https://tmt.readthedocs.io/en/stable/overview.html#install + sudo apt install -y libkrb5-dev pkg-config libvirt-dev genisoimage qemu-kvm qemu-utils libvirt-daemon-system just + pip install --user "tmt[provision-virtual]" + + - name: Create folder to save disk image + run: mkdir -p target + + - name: Download disk.raw + uses: actions/download-artifact@v4 + with: + name: PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-disk + path: target + + - name: Workaround https://github.com/teemtee/testcloud/issues/18 + run: sudo rm -f /usr/bin/chcon && sudo ln -sr /usr/bin/true /usr/bin/chcon + + - name: Run all TMT tests + run: | + just test-tmt-nobuild + + - name: Archive TMT logs + if: always() + uses: actions/upload-artifact@v4 + with: + name: tmt-log-PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-${{ matrix.tmt_plan }} + path: /var/tmp/tmt diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml deleted file mode 100644 index 3dce4bc65..000000000 --- a/.github/workflows/integration.yml +++ /dev/null @@ -1,109 +0,0 @@ -# This workflow builds a container across a matrix of OSes, -# generates a disk image from that, and runs integration tests -# using tmt + libvirt (using nested virt support in the default GHA runners). -name: Build+TMT -on: - pull_request: - branches: [main] - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - build: - strategy: - fail-fast: false - matrix: - test_os: [fedora-42, fedora-43, centos-9, centos-10] - - runs-on: ubuntu-24.04 - - steps: - - name: Install dependencies - run: | - set -eux - echo 'deb [trusted=yes] https://ftp.debian.org/debian/ testing main' | sudo tee /etc/apt/sources.list.d/testing.list - sudo apt update - sudo apt install -y crun/testing podman/testing just qemu-utils - - - uses: actions/checkout@v4 - - - name: Free up disk space on runner - run: sudo ./ci/clean-gha-runner.sh - - - name: Set architecture variable - id: set_arch - run: echo "ARCH=$(arch)" >> $GITHUB_ENV - - - name: Build container and disk image - run: | - sudo tests/build.sh ${{ matrix.test_os }} - - - name: Run container tests - run: - sudo just test-container - - - name: Archive disk image - uses: actions/upload-artifact@v4 - with: - name: PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-disk - path: target/bootc-integration-test.qcow2 - retention-days: 1 - - test: - needs: build - strategy: - fail-fast: false - matrix: - test_os: [fedora-42, fedora-43, centos-9, centos-10] - - runs-on: ubuntu-24.04 - - steps: - - uses: actions/checkout@v4 - - - name: Free up disk space on runner - run: sudo ./ci/clean-gha-runner.sh - - - name: Set architecture variable - id: set_arch - run: echo "ARCH=$(arch)" >> $GITHUB_ENV - - - name: Install deps - run: | - sudo apt-get update - # see https://tmt.readthedocs.io/en/stable/overview.html#install - sudo apt install -y libkrb5-dev pkg-config libvirt-dev genisoimage qemu-kvm qemu-utils libvirt-daemon-system just - pip install --user "tmt[provision-virtual]" - - - name: Create folder to save disk image - run: mkdir -p target - - - name: Download disk.raw - uses: actions/download-artifact@v4 - with: - name: PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-disk - path: target - - - name: Enable KVM group perms - run: | - echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules - sudo udevadm control --reload-rules - sudo udevadm trigger --name-match=kvm - ls -l /dev/kvm - - - name: Workaround https://github.com/teemtee/testcloud/issues/18 - run: sudo rm -f /usr/bin/chcon && sudo ln -sr /usr/bin/true /usr/bin/chcon - - - name: Run all TMT tests - run: | - just test-tmt-nobuild - - - name: Archive TMT logs - if: always() - uses: actions/upload-artifact@v4 - with: - name: tmt-log-PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-${{ matrix.tmt_plan }} - path: /var/tmp/tmt diff --git a/ci/clean-gha-runner.sh b/ci/clean-gha-runner.sh deleted file mode 100755 index b6bac90c3..000000000 --- a/ci/clean-gha-runner.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -set -xeuo pipefail -df -h -docker image prune --all --force > /dev/null -rm -rf /usr/share/dotnet /opt/ghc /usr/local/lib/android -apt-get remove -y '^aspnetcore-.*' > /dev/null -apt-get remove -y '^dotnet-.*' > /dev/null -apt-get remove -y '^llvm-.*' > /dev/null -apt-get remove -y 'php.*' > /dev/null -apt-get remove -y '^mongodb-.*' > /dev/null -apt-get remove -y '^mysql-.*' > /dev/null1 -apt-get remove -y azure-cli google-chrome-stable firefox mono-devel >/dev/null -df -h