containers/bootc
1
0
Fork 0
mirror of https://github.com/containers/bootc.git synced 2026-02-05 15:45:53 +01:00
Code Issues Activity

ci: Run the ostree-ext deploy tests

Browse Source 
Signed-off-by: Colin Walters <walters@verbum.org>
This commit is contained in:
Colin Walters
2024-12-06 16:07:04 -05:00
parent f4e691cb32
commit 6429eebc61
3 changed files with 27 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/ci.yml vendored
View File

@@ -67,8 +67,6 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Ensure host skopeo is disabled
run: sudo rm -f /bin/skopeo /usr/bin/skopeo
- name: Free up disk space on runner
run: sudo ./ci/clean-gha-runner.sh
- name: Integration tests
@@ -81,6 +79,9 @@ jobs:
sudo install -m 0755 target/release/tests-integration /usr/bin/bootc-integration-tests
rm target -rf
df -h /
# The ostree-container tests
sudo podman run --privileged --pid=host -v /:/run/host -v $(pwd):/src:ro -v /var/tmp:/var/tmp \
-v /run/dbus:/run/dbus -v /run/systemd:/run/systemd localhost/bootc /src/ostree-ext/ci/priv-integration.sh
# Nondestructive but privileged tests
sudo bootc-integration-tests host-privileged localhost/bootc
# Finally the install-alongside suite

18
ostree-ext/.github/workflows/rust.yml vendored
View File

@@ -128,24 +128,6 @@ jobs:
run: install ostree-ext-cli /usr/bin && rm -v ostree-ext-cli
- name: Integration tests
run: ./ci/ima.sh
privtest:
name: "Privileged testing"
needs: build
runs-on: ubuntu-latest
container:
image: quay.io/fedora/fedora-coreos:testing-devel
options: "--privileged --pid=host -v /var/tmp:/var/tmp -v /run/dbus:/run/dbus -v /run/systemd:/run/systemd -v /:/run/host"
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Download
uses: actions/download-artifact@v4.1.8
with:
name: ostree-ext-cli
- name: Install
run: install ostree-ext-cli /usr/bin && rm -v ostree-ext-cli
- name: Integration tests
run: ./ci/priv-integration.sh
privtest-cockpit:
name: "Privileged testing (cockpit)"
needs: build

45
ostree-ext/ci/priv-integration.sh
View File

@@ -28,21 +28,21 @@ if test '!' -d "${sysroot}/ostree/deploy/${stateroot}"; then
ostree admin os-init "${stateroot}" --sysroot "${sysroot}"
fi
# Should be no images pruned
ostree-ext-cli container image prune-images --sysroot "${sysroot}"
ostree container image prune-images --sysroot "${sysroot}"
# Test the syntax which uses full imgrefs.
ostree-ext-cli container image deploy --sysroot "${sysroot}" \
ostree container image deploy --sysroot "${sysroot}" \
--stateroot "${stateroot}" --imgref "${imgref}"
ostree admin --sysroot="${sysroot}" status
ostree-ext-cli container image metadata --repo "${sysroot}/ostree/repo" registry:"${image}" > manifest.json
ostree container image metadata --repo "${sysroot}/ostree/repo" registry:"${image}" > manifest.json
jq '.schemaVersion' < manifest.json
ostree-ext-cli container image remove --repo "${sysroot}/ostree/repo" registry:"${image}"
ostree container image remove --repo "${sysroot}/ostree/repo" registry:"${image}"
ostree admin --sysroot="${sysroot}" undeploy 0
# Now test the new syntax which has a nicer --image that defaults to registry.
ostree-ext-cli container image deploy --transport registry --sysroot "${sysroot}" \
ostree container image deploy --transport registry --sysroot "${sysroot}" \
--stateroot "${stateroot}" --image "${image}"
ostree admin --sysroot="${sysroot}" status
ostree admin --sysroot="${sysroot}" undeploy 0
if ostree-ext-cli container image deploy --transport registry --sysroot "${sysroot}" \
if ostree container image deploy --transport registry --sysroot "${sysroot}" \
--stateroot "${stateroot}" --image "${image}" --enforce-container-sigpolicy 2>err.txt; then
echo "Deployment with enforced verification succeeded unexpectedly" 1>&2
exit 1
@@ -52,16 +52,16 @@ if ! grep -Ee 'insecureAcceptAnything.*refusing usage' err.txt; then
cat err.txt
fi
# Now we should prune it
ostree-ext-cli container image prune-images --sysroot "${sysroot}"
ostree-ext-cli container image list --repo "${sysroot}/ostree/repo" > out.txt
ostree container image prune-images --sysroot "${sysroot}"
ostree container image list --repo "${sysroot}/ostree/repo" > out.txt
test $(stat -c '%s' out.txt) = 0
for img in "${image}"; do
ostree-ext-cli container image deploy --sysroot "${sysroot}" \
ostree container image deploy --sysroot "${sysroot}" \
--stateroot "${stateroot}" --imgref ostree-unverified-registry:"${img}"
ostree admin --sysroot="${sysroot}" status
initial_refs=$(ostree --repo="${sysroot}/ostree/repo" refs | wc -l)
ostree-ext-cli container image remove --repo "${sysroot}/ostree/repo" registry:"${img}"
ostree container image remove --repo "${sysroot}/ostree/repo" registry:"${img}"
pruned_refs=$(ostree --repo="${sysroot}/ostree/repo" refs | wc -l)
# Removing the image should only drop the image reference, not its layers
test "$(($initial_refs - 1))" = "$pruned_refs"
@@ -70,7 +70,7 @@ for img in "${image}"; do
n_commits=$(find ${sysroot}/ostree/repo -name '*.commit' | wc -l)
test "${n_commits}" -gt 0
# But right now this still doesn't prune *content*
ostree-ext-cli container image prune-layers --repo="${sysroot}/ostree/repo"
ostree container image prune-layers --repo="${sysroot}/ostree/repo"
ostree --repo="${sysroot}/ostree/repo" refs > refs.txt
if test "$(wc -l < refs.txt)" -ne 0; then
echo "found refs"
@@ -78,21 +78,24 @@ for img in "${image}"; do
exit 1
fi
# And this one should GC the objects too
ostree-ext-cli container image prune-images --full --sysroot="${sysroot}" > out.txt
ostree container image prune-images --full --sysroot="${sysroot}" > out.txt
n_commits=$(find ${sysroot}/ostree/repo -name '*.commit' | wc -l)
test "${n_commits}" -eq 0
done
# Verify we have systemd journal messages
nsenter -m -t 1 journalctl _COMM=ostree-ext-cli > logs.txt
grep 'layers already present: ' logs.txt
nsenter -m -t 1 journalctl _COMM=bootc > logs.txt
if ! grep 'layers already present: ' logs.txt; then
cat logs.txt
exit 1
fi
podman pull ${image}
ostree --repo="${sysroot}/ostree/repo" init --mode=bare-user
ostree-ext-cli container image pull ${sysroot}/ostree/repo ostree-unverified-image:containers-storage:${image}
ostree container image pull ${sysroot}/ostree/repo ostree-unverified-image:containers-storage:${image}
echo "ok pulled from containers storage"
ostree-ext-cli container compare ${imgref} ${imgref} > compare.txt
ostree container compare ${imgref} ${imgref} > compare.txt
grep "Removed layers: *0 *Size: 0 bytes" compare.txt
grep "Added layers: *0 *Size: 0 bytes" compare.txt
@@ -114,22 +117,22 @@ ostree refs ostree/container/image --delete
repo="${sysroot}/ostree/repo"
images=$(ostree container image list --repo "${repo}" | wc -l)
test "${images}" -eq 1
ostree-ext-cli container image deploy --sysroot "${sysroot}" \
ostree container image deploy --sysroot "${sysroot}" \
--stateroot "${stateroot}" --imgref ostree-unverified-image:"${derived_img}"
imgref=$(ostree refs --repo=${repo} ostree/container/image | head -1)
img_commit=$(ostree --repo=${repo} rev-parse ostree/container/image/${imgref})
ostree-ext-cli container image remove --repo "${repo}" "${derived_img}"
ostree container image remove --repo "${repo}" "${derived_img}"
ostree-ext-cli container image deploy --sysroot "${sysroot}" \
ostree container image deploy --sysroot "${sysroot}" \
--stateroot "${stateroot}" --imgref ostree-unverified-image:"${derived_img}"
img_commit2=$(ostree --repo=${repo} rev-parse ostree/container/image/${imgref})
test "${img_commit}" = "${img_commit2}"
echo "ok deploy derived container identical revs"
ostree-ext-cli container image deploy --sysroot "${sysroot}" \
ostree container image deploy --sysroot "${sysroot}" \
--stateroot "${stateroot}" --imgref ostree-unverified-image:"${derived_img_dir}"
echo "ok deploy derived container from local dir"
ostree-ext-cli container image remove --repo "${repo}" "${derived_img_dir}"
ostree container image remove --repo "${repo}" "${derived_img_dir}"
rm -rf /var/tmp/derived.dir
# Verify policy