Skip to content

ci: Consolidate and cleanup workflows #1646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 26, 2025
Merged

ci: Consolidate and cleanup workflows #1646

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 47 additions & 0 deletions .github/actions/bootc-ubuntu-setup/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: 'Bootc Ubuntu Setup'
description: 'Default host setup'
runs:
using: 'composite'
steps:
# We really want support for heredocs
- name: Update podman and install just
shell: bash
run: |
set -eux
# Require the runner is ubuntu-24.04
IDV=$(. /usr/lib/os-release && echo ${ID}-${VERSION_ID})
test "${IDV}" = "ubuntu-24.04"
# plucky is the next release
echo 'deb http://azure.archive.ubuntu.com/ubuntu plucky universe main' | sudo tee /etc/apt/sources.list.d/plucky.list
sudo apt update
# skopeo is currently older in plucky for some reason hence --allow-downgrades
sudo apt install -y --allow-downgrades crun/plucky podman/plucky skopeo/plucky just
# The default runners have TONS of crud on them...
- name: Free up disk space on runner
shell: bash
run: |
sudo df -h
unwanted=('^aspnetcore-.*' '^dotnet-.*' '^llvm-.*' 'php.*' '^mongodb-.*' '^mysql-.*'
azure-cli google-chrome-stable firefox mono-devel)
for x in ${unwanted[@]}; do
sudo apt-get remove -y $x > /dev/null
done
# Start other removal operations in parallel
sudo docker image prune --all --force > /dev/null &
sudo rm -rf /usr/share/dotnet /opt/ghc /usr/local/lib/android &
# Wait for all background processes to complete
wait
sudo df -h
# This is the default on e.g. Fedora derivatives, but not Debian
- name: Enable unprivileged /dev/kvm access
shell: bash
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
ls -l /dev/kvm
# Used by a few workflows, but generally useful
- name: Set architecture variable
id: set_arch
shell: bash
run: echo "ARCH=$(arch)" >> $GITHUB_ENV
126 changes: 96 additions & 30 deletions .github/workflows/ci.yml
View file
Open in desktop
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @cgwalters, Do we still need to run all those test when push to main?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably not? I am not aware of anyone monitoring the actions that run post-merge (though of course we could start doing so).

What it would catch is semantic merge conflicts, but the more I think about it the more I feel we should go to merge queues.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, we can move integration test into merge_queue trigger and keep the rest test in pull_request trigger?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think that should block this one?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do not need to run same test twice (pull_request and merge_queue).
We can land this PR first and make changes when we enable merge_queue.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK can you approve the PR please?

Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
# CI Workflow for bootc
#
# Core principles:
# - Everything done here should be easy to replicate locally. Most tasks
# should invoke `just <something>`.
# - Most additions to this should be extending existing tasks; e.g.
# there's places for unit and integration tests already.
name: CI

permissions:
Expand All @@ -18,60 +25,43 @@ concurrency:
cancel-in-progress: true

jobs:
# Wrapper for validation
# Run basic validation checks (linting, formatting, etc)
validate:
runs-on: ubuntu-24.04
steps:
- name: Get a newer podman for heredoc support (from debian testing)
run: |
set -eux
echo 'deb [trusted=yes] https://ftp.debian.org/debian/ testing main' | sudo tee /etc/apt/sources.list.d/testing.list
sudo apt update
sudo apt install -y crun/testing podman/testing skopeo/testing just
- uses: actions/checkout@v4
- name: Free up disk space on runner
run: sudo ./ci/clean-gha-runner.sh
- name: Bootc Ubuntu Setup
uses: ./.github/actions/bootc-ubuntu-setup
- name: Validate (default)
run: just validate
# Build container with continuous repository enabled
container-continuous:
runs-on: ubuntu-24.04
steps:
- name: Get a newer podman for heredoc support (from debian testing)
run: |
set -eux
echo 'deb [trusted=yes] https://ftp.debian.org/debian/ testing main' | sudo tee /etc/apt/sources.list.d/testing.list
sudo apt update
sudo apt install -y crun/testing podman/testing skopeo/testing just
- name: Installdeps
run: sudo apt update && sudo apt install just
- uses: actions/checkout@v4
- name: Free up disk space on runner
run: sudo ./ci/clean-gha-runner.sh
- name: Bootc Ubuntu Setup
uses: ./.github/actions/bootc-ubuntu-setup
- name: Build with continuous repo enabled
run: sudo just build --build-arg=continuous_repo=1
# Check for security vulnerabilities and license compliance
cargo-deny:
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2
with:
log-level: warn
command: check -A duplicate bans sources licenses
# Test bootc installation scenarios and fsverity support
# TODO convert to be an integration test
install-tests:
name: "Test install"
# For a not-ancient podman
runs-on: ubuntu-24.04
steps:
- name: Get a newer podman for heredoc support (from debian testing)
run: |
set -eux
echo 'deb [trusted=yes] https://ftp.debian.org/debian/ testing main' | sudo tee /etc/apt/sources.list.d/testing.list
sudo apt update
sudo apt install -y crun/testing podman/testing skopeo/testing just
- name: Checkout repository
uses: actions/checkout@v4
- name: Free up disk space on runner
run: sudo ./ci/clean-gha-runner.sh
- name: Bootc Ubuntu Setup
uses: ./.github/actions/bootc-ubuntu-setup
- name: Enable fsverity for /
run: sudo tune2fs -O verity $(findmnt -vno SOURCE /)
- name: Install utils
Expand Down Expand Up @@ -118,9 +108,11 @@ jobs:
sudo find /ostree/repo/objects -name '*.file' -type f | while read f; do
sudo fsverity measure $f >/dev/null
done
# Build documentation using mdBook (only for PRs with 'documentation' label)
# TODO move into Justfile
docs:
if: ${{ contains(github.event.pull_request.labels.*.name, 'documentation') }}
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
env:
MDBOOK_VERSION: 0.4.37
steps:
Expand Down Expand Up @@ -149,3 +141,77 @@ jobs:
echo `pwd`/mdbook-linkcheck >> $GITHUB_PATH
- name: Build with mdBook
run: cd docs && mdbook-mermaid install && mdbook build
# Build containers and disk images for integration testing across OS matrix
build-integration:
strategy:
fail-fast: false
matrix:
test_os: [fedora-42, fedora-43, centos-9, centos-10]

runs-on: ubuntu-24.04

steps:
- uses: actions/checkout@v4
- name: Bootc Ubuntu Setup
uses: ./.github/actions/bootc-ubuntu-setup
- name: Install qemu-utils
run: sudo apt install -y qemu-utils

- name: Build container and disk image
run: |
sudo tests/build.sh ${{ matrix.test_os }}

- name: Run container tests
run:
sudo just test-container

- name: Archive disk image
uses: actions/upload-artifact@v4
with:
name: PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-disk
path: target/bootc-integration-test.qcow2
retention-days: 1

# Run TMT-based integration tests on disk images from build-integration
test-integration:
needs: build-integration
strategy:
fail-fast: false
matrix:
test_os: [fedora-42, fedora-43, centos-9, centos-10]

runs-on: ubuntu-24.04

steps:
- uses: actions/checkout@v4
- name: Bootc Ubuntu Setup
uses: ./.github/actions/bootc-ubuntu-setup
- name: Install deps
run: |
sudo apt-get update
# see https://tmt.readthedocs.io/en/stable/overview.html#install
sudo apt install -y libkrb5-dev pkg-config libvirt-dev genisoimage qemu-kvm qemu-utils libvirt-daemon-system just
pip install --user "tmt[provision-virtual]"

- name: Create folder to save disk image
run: mkdir -p target

- name: Download disk.raw
uses: actions/download-artifact@v4
with:
name: PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-disk
path: target

- name: Workaround https://github.com/teemtee/testcloud/issues/18
run: sudo rm -f /usr/bin/chcon && sudo ln -sr /usr/bin/true /usr/bin/chcon

- name: Run all TMT tests
run: |
just test-tmt-nobuild

- name: Archive TMT logs
if: always()
uses: actions/upload-artifact@v4
with:
name: tmt-log-PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-${{ matrix.tmt_plan }}
path: /var/tmp/tmt
109 changes: 0 additions & 109 deletions .github/workflows/integration.yml
View file
Open in desktop

This file was deleted.

13 changes: 0 additions & 13 deletions ci/clean-gha-runner.sh
View file
Open in desktop

This file was deleted.