From e19ee03da4082b5144441df1731464755387a31a Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 26 Dec 2024 14:54:34 +0530 Subject: [PATCH 1/3] TMT: simplify podman tests `dnf download` on CentOS Stream ends up downloading all rpm versions of a package from all available repos instead of only the latest rpm. This leads to more (unnecessary) complications in the test script. Things are a lot simpler if we directly test using the `podman-tests` package. This means we'll have to disable podman e2e tests and only do system tests but that shouldn't be too big a problem. A better way to run podman e2e tests would be by creating a `podman-src` rpm subpackage that'll install all the rpm sources. The same set of tests can be run across all environments so there's no need to maintain separate plans for upstream and downstream. Signed-off-by: Lokesh Mandvekar --- plans/main.fmf | 33 ++++++++++------------ test/Makefile | 16 ----------- test/main.fmf | 22 ++++++--------- test/podman-tests.sh | 65 ++------------------------------------------ 4 files changed, 26 insertions(+), 110 deletions(-) delete mode 100644 test/Makefile diff --git a/plans/main.fmf b/plans/main.fmf index 9479e82..baa8b2f 100644 --- a/plans/main.fmf +++ b/plans/main.fmf @@ -3,21 +3,18 @@ discover: execute: how: tmt prepare: - how: feature - epel: enabled - -/upstream: - summary: Run SELinux specific Podman tests on upstream PRs - discover+: - filter: tag:upstream - adjust+: - enabled: false - when: initiator is not defined or initiator != packit - -/downstream: - summary: Run SELinux specific Podman tests on bodhi / errata and dist-git PRs - discover+: - filter: tag:downstream - adjust+: - enabled: false - when: initiator == packit + - when: distro == centos-stream or distro == rhel + how: shell + script: | + dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm + dnf -y config-manager --set-enabled epel + order: 10 + - when: initiator == packit + how: shell + script: | + COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo" + if compgen -G $COPR_REPO_FILE > /dev/null; then + sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE + fi + dnf -y upgrade --allowerasing + order: 20 diff --git a/test/Makefile b/test/Makefile deleted file mode 100644 index 9088bd9..0000000 --- a/test/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -.PHONY: basic_check -basic_check: - semodule --list=full | grep container - semodule -B - rpm -Vqf /var/lib/selinux/*/active/modules/200/container - -.PHONY: podman_e2e_test -podman_e2e_test: - bash ./podman-tests.sh e2e - -.PHONY: podman_system_test -podman_system_test: - bash ./podman-tests.sh system - -clean: - rm -rf podman-*dev* podman.spec diff --git a/test/main.fmf b/test/main.fmf index c369ca7..4b186d5 100644 --- a/test/main.fmf +++ b/test/main.fmf @@ -1,23 +1,17 @@ -# Only common dependencies that are NOT required to run podman-tests.sh are -# specified here. Everything else is in podman-tests.sh. require: + - attr - bats - - cpio - - golang - - make + - container-selinux + - podman-tests - policycoreutils /basic_check: - tag: [ upstream, downstream ] summary: Run basic checks - test: make basic_check - -/podman_e2e_test: - tag: [ upstream, downstream ] - summary: Run SELinux specific Podman e2e tests - test: make podman_e2e_test + test: | + semodule --list=full | grep container + semodule -B + rpm -Vqf /var/lib/selinux/*/active/modules/200/container /podman_system_test: - tag: [ upstream, downstream ] summary: Run SELinux specific Podman system tests - test: make podman_system_test + test: bash ./podman-tests.sh diff --git a/test/podman-tests.sh b/test/podman-tests.sh index d4d45fa..faa504b 100644 --- a/test/podman-tests.sh +++ b/test/podman-tests.sh @@ -9,67 +9,8 @@ if [[ "$(id -u)" -ne 0 ]];then exit 1 fi -if [[ -z "$1" ]]; then - echo -e "Usage: $(basename ${BASH_SOURCE[0]}) TEST_TYPE\nTEST_TYPE can be 'e2e' or 'system'\n" - exit 1 -fi - -TEST_TYPE=$1 - -# Remove testing-farm repos if they exist as these interfere with the packages -# we want to install, especially when podman-next copr is involved -rm -f /etc/yum.repos.d/tag-repository.repo - -# Fetch and extract latest podman source from the highest priority dnf repo -# NOTE: On upstream pull-requests, the srpm will be fetched from the -# podman-next copr while on bodhi updates, it will be fetched from Fedora's -# official repos. -PODMAN_DIR=$(mktemp -d) -pushd $PODMAN_DIR - -# Download podman and podman-tests rpms, along with podman srpm -dnf download podman podman-tests -# Download srpm, srpm opts differ between dnf and dnf5 -rpm -q dnf5 && dnf download --srpm podman || dnf download --source podman - -# Ensure podman-tests RPM and podman SRPM version-release match -# NOTE: podman RPM and podman-tests RPM matching is ensured by podman.spec so -# matching podman-tests and podman srpm is sufficient here. -PODMAN_TESTS_VERSION=$(ls podman-tests* | sed -e "s/.$(uname -m).rpm//" -e "s/podman-tests-//") -PODMAN_SRPM_VERSION=$(ls podman*.src.rpm | sed -e "s/.src.rpm//" -e "s/podman-//") -if [[ "$PODMAN_TESTS_VERSION" != "$PODMAN_SRPM_VERSION" ]]; then - echo "podman-tests and podman srpm version-release don't match" - exit 1 -fi - -# Install downloaded podman and podman-tests rpms -dnf -y install ./podman*.$(uname -m).rpm - -# Extract and untar podman source from srpm -rpm2cpio $(ls podman*.src.rpm) | cpio -di -tar zxf *.tar.gz - -popd - # Print versions of distro and installed packages -rpm -q bats container-selinux golang podman podman-tests selinux-policy - -if [[ "$TEST_TYPE" == "e2e" ]]; then - # /tmp is often unsufficient - export TMPDIR=/var/tmp +rpm -q bats container-selinux podman podman-tests policycoreutils selinux-policy - # dnf5 contains breaking changes - # Either of `dnf` OR `dnf5` will be installed, never both. - # To fetch srpm, dnf uses `--source`, dnf5 uses `--srpm`. - #rpm -q dnf5 && SRPM_OPTS="--srpm" || SRPM_OPTS="--source" - - # Run podman e2e tests - pushd $PODMAN_DIR/podman-*/test/e2e - PODMAN_BINARY=/usr/bin/podman go test -v config.go config_amd64.go common_test.go libpod_suite_test.go run_selinux_test.go - popd -fi - -if [[ "$TEST_TYPE" == "system" ]]; then - # Run podman system tests - bats /usr/share/podman/test/system/410-selinux.bats -fi +# Run podman system tests +bats /usr/share/podman/test/system/410-selinux.bats From f1f157d261df1ee39d530141e85524e0bd47b216 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 13 Dec 2024 16:46:07 +0530 Subject: [PATCH 2/3] Enable aarch64 testing container-selinux maybe noarch but it would help to have aarch64 visibility to ensure everything works, especially RE: podman. Signed-off-by: Lokesh Mandvekar --- .packit.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.packit.yaml b/.packit.yaml index 75f3395..cc1d83b 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -46,7 +46,8 @@ jobs: enable_net: true # container-selinux is noarch so we only need to test on one arch targets: &fedora_copr_targets - - fedora-all + - fedora-all-x86_64 + - fedora-all-aarch64 - job: copr_build trigger: pull_request @@ -54,7 +55,8 @@ jobs: notifications: *copr_build_failure_notification enable_net: true targets: - - fedora-eln + - fedora-eln-x86_64 + - fedora-eln-aarch64 - job: copr_build trigger: pull_request @@ -62,8 +64,10 @@ jobs: notifications: *copr_build_failure_notification enable_net: true targets: ¢os_copr_targets - - centos-stream-9 - - centos-stream-10 + - centos-stream-9-x86_64 + - centos-stream-9-aarch64 + - centos-stream-10-x86_64 + - centos-stream-10-aarch64 # Run on commit to main branch # Build targets managed in copr settings From e8677a4326e3a46cbea832af744f86284bf76c74 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 13 Dec 2024 16:54:02 +0530 Subject: [PATCH 3/3] RPM: Update gating config OSCI will gate on TMT tests for CentOS Stream. Bodhi will gate on pushes for both testing and stable. Signed-off-by: Lokesh Mandvekar --- rpm/gating.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rpm/gating.yaml b/rpm/gating.yaml index dbb1d91..8f949e2 100644 --- a/rpm/gating.yaml +++ b/rpm/gating.yaml @@ -1,7 +1,9 @@ --- !Policy product_versions: - fedora-* -decision_context: bodhi_update_push_stable +decision_context: + - bodhi_update_push_stable + - bodhi_update_push_testing rules: - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}