build-sys: Remove separate integration test image

The previous commit consolidated test content (nushell, cloud-init, etc.) into the base image. This completes that work by removing the separate `build-integration-test-image` target and updating all references. Now `just build` produces the complete test-ready image directly, simplifying the build pipeline and eliminating the intermediate `localhost/bootc-integration` image. Also adds SKIP_CONFIGS support for the coreos testing workflow, which skips LBIs, test kargs, and install configs that would conflict with FCOS. Signed-off-by: Colin Walters <walters@verbum.org>
2026-02-05 06:45:13 +01:00 · 2026-01-06 14:56:15 -05:00
parent f1a7624542
commit a6c87c6667
15 changed files with 89 additions and 85 deletions
--- a/.github/workflows/build-and-publish.yml
+++ b/.github/workflows/build-and-publish.yml
@@ -42,7 +42,9 @@ jobs:
          fi

      - name: Build container
-        run: just build-integration-test-image
+        # TODO: Also consider building + publishing an image that is just "base + bootc"
+        # as this implicitly changed to also publish our integration test images.
+        run: just build

      - name: Login to ghcr.io
        uses: redhat-actions/podman-login@v1
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -85,9 +85,9 @@ jobs:
            --tmpfs /var/lib/containers \
            -v /run/dbus:/run/dbus -v /run/systemd:/run/systemd localhost/bootc /src/crates/ostree-ext/ci/priv-integration.sh
          # Nondestructive but privileged tests
-          sudo bootc-integration-tests host-privileged localhost/bootc-integration-install
+          sudo bootc-integration-tests host-privileged localhost/bootc-install
          # Install tests
-          sudo bootc-integration-tests install-alongside localhost/bootc-integration-install
+          sudo bootc-integration-tests install-alongside localhost/bootc-install

          # system-reinstall-bootc tests
          cargo build --release -p system-reinstall-bootc
@@ -97,7 +97,7 @@ jobs:

          sudo install -m 0755 target/release/system-reinstall-bootc /usr/bin/system-reinstall-bootc
          # These tests may mutate the system live so we can't run in parallel
-          sudo bootc-integration-tests system-reinstall localhost/bootc-integration --test-threads=1
+          sudo bootc-integration-tests system-reinstall localhost/bootc --test-threads=1

          # And the fsverity case
          sudo podman run --privileged --pid=host localhost/bootc-fsverity bootc install to-existing-root --stateroot=other \
@@ -189,9 +189,9 @@ jobs:

      - name: Build container
        run: |
-          just build-integration-test-image-from-package target/packages
+          just build-from-packages target/packages
          # Extra cross-check (duplicating the integration test) that we're using the right base
-          used_vid=$(podman run --rm localhost/bootc-integration bash -c '. /usr/lib/os-release && echo ${ID}-${VERSION_ID}')
+          used_vid=$(podman run --rm localhost/bootc bash -c '. /usr/lib/os-release && echo ${ID}-${VERSION_ID}')
          test ${{ matrix.test_os }} = "${used_vid}"

      - name: Unit and container integration tests
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -129,7 +129,7 @@ There's a small set of tests which are designed to run inside a bootc container
 and are built into the default container image:

 ```
-$ podman run --rm -ti localhost/bootc bootc-integration-tests container
+$ just test-container
 ```

 ## Submitting a patch
--- a/4
+++ b/4
@@ -50,7 +50,9 @@ RUN /usr/libexec/bootc-base-imagectl build-rootfs --manifest=standard /target-ro
 FROM scratch as base
 COPY --from=target-base /target-rootfs/ /
 COPY --from=src /src/hack/ /run/hack/
-RUN cd /run/hack/ && ./provision-derived.sh
+# SKIP_CONFIGS=1 skips LBIs, test kargs, and install configs (for FCOS testing)
+ARG SKIP_CONFIGS
+RUN cd /run/hack/ && SKIP_CONFIGS="${SKIP_CONFIGS}" ./provision-derived.sh
 # Note we don't do any customization here yet
 # Mark this as a test image
 LABEL bootc.testimage="1"
--- a/69
+++ b/69
@@ -17,10 +17,8 @@

 # This image is just the base image plus our updated bootc binary
 base_img := "localhost/bootc"
-# Derives from the above and adds nushell, cloudinit etc.
-integration_img := base_img + "-integration"
 # Has a synthetic upgrade
-integration_upgrade_img := integration_img + "-upgrade"
+upgrade_img := base_img + "-upgrade"

 # ostree: The default
 # composefs-sealeduki-sdboot: A system with a sealed composefs using systemd-boot
@@ -57,9 +55,19 @@ sealed_buildargs := "--build-arg=variant=" + variant + " --secret=id=secureboot_
 #
 # This first builds RPMs via the `package` target, then injects them
 # into the container image.
-build: package _keygen
+build: package _keygen && _pull-lbi-images
    @just _build-from-package target/packages

+# Build container image using pre-existing packages from PATH.
+# This skips the package build step - useful when packages are provided
+# externally (e.g. downloaded from CI artifacts).
+build-from-packages PATH: _keygen && _pull-lbi-images
+    @just _build-from-package {{PATH}}
+
+# Pull images used by hack/lbi
+_pull-lbi-images:
+    podman pull -q --retry 5 --retry-delay 5s {{lbi_images}}
+
 # Compute SOURCE_DATE_EPOCH and VERSION from git for reproducible builds.
 # Outputs shell variable assignments that can be eval'd.
 _git-build-vars:
@@ -117,28 +125,13 @@ package: _packagecontainer
    chmod a+r target/packages/*.rpm
    podman rmi localhost/bootc-pkg

-# Pull images used by hack/lbi
-_pull-lbi-images:
-    podman pull -q --retry 5 --retry-delay 5s {{lbi_images}}
-
-# This container image has additional testing content and utilities
-build-integration-test-image: build _pull-lbi-images
-    cd hack && podman build {{base_buildargs}} -t {{integration_img}}-bin -f Containerfile .
-    ./hack/build-sealed {{variant}} {{integration_img}}-bin {{integration_img}} {{sealed_buildargs}}
-
-# Build integration test image using pre-existing packages from PATH
-build-integration-test-image-from-package PATH: _keygen _pull-lbi-images
-    @just _build-from-package {{PATH}}
-    cd hack && podman build {{base_buildargs}} -t {{integration_img}}-bin -f Containerfile .
-    ./hack/build-sealed {{variant}} {{integration_img}}-bin {{integration_img}} {{sealed_buildargs}}
-
 # Build+test using the `composefs-sealeduki-sdboot` variant.
 test-composefs:
    just variant=composefs-sealeduki-sdboot test-tmt readonly local-upgrade-reboot

 # Only used by ci.yml right now
-build-install-test-image: build-integration-test-image
-    cd hack && podman build {{base_buildargs}} -t {{integration_img}}-install -f Containerfile.drop-lbis
+build-install-test-image: build
+    cd hack && podman build {{base_buildargs}} -t {{base_img}}-install -f Containerfile.drop-lbis

 # These tests accept the container image as input, and may spawn it.
 run-container-external-tests:
@@ -160,43 +153,47 @@ validate:
 #
 # To run an individual test, pass it as an argument like:
 # `just test-tmt readonly`
-#
-# To run the integration tests, execute `just test-tmt integration`
-test-tmt *ARGS: build-integration-test-image _build-upgrade-image
+test-tmt *ARGS: build
+    @just _build-upgrade-image
    @just test-tmt-nobuild {{ARGS}}

 # Generate a local synthetic upgrade
 _build-upgrade-image:
-    cat tmt/tests/Dockerfile.upgrade | podman build -t {{integration_upgrade_img}}-bin --from={{integration_img}}-bin -
-    ./hack/build-sealed {{variant}} {{integration_upgrade_img}}-bin {{integration_upgrade_img}} {{sealed_buildargs}}
+    cat tmt/tests/Dockerfile.upgrade | podman build -t {{upgrade_img}}-bin --from={{base_img}}-bin -
+    ./hack/build-sealed {{variant}} {{upgrade_img}}-bin {{upgrade_img}} {{sealed_buildargs}}

-# Assume the localhost/bootc-integration image is up to date, and just run tests.
+# Assume the localhost/bootc image is up to date, and just run tests.
 # Useful for iterating on tests quickly.
 test-tmt-nobuild *ARGS:
-    cargo xtask run-tmt --env=BOOTC_variant={{variant}} --upgrade-image={{integration_upgrade_img}} {{integration_img}} {{ARGS}}
+    cargo xtask run-tmt --env=BOOTC_variant={{variant}} --upgrade-image={{upgrade_img}} {{base_img}} {{ARGS}}

 # Build test container image for testing on coreos with SKIP_CONFIGS=1,
-# without configs and no curl container image
-build-testimage-coreos PATH:
-    @just build-from-package {{PATH}}
-    cd hack && podman build {{base_buildargs}} --build-arg SKIP_CONFIGS=1 -t {{integration_img}}-coreos -f Containerfile .
+# which skips LBIs, test kargs, and install configs that would conflict with FCOS.
+build-testimage-coreos PATH: _keygen
+    #!/bin/bash
+    set -xeuo pipefail
+    pkg_path=$(realpath "{{PATH}}")
+    podman build --target=final -v "${pkg_path}":/run/packages:ro,z \
+        --build-arg SKIP_CONFIGS=1 \
+        -t {{base_img}}-coreos-bin {{buildargs}} .
+    ./hack/build-sealed {{variant}} {{base_img}}-coreos-bin {{base_img}}-coreos {{sealed_buildargs}}

 # Run test bootc install on FCOS
-# BOOTC_target is `bootc-integration-coreos`, it will be used for bootc install.
+# BOOTC_target is `bootc-coreos`, it will be used for bootc install.
 # Run `just build-testimage-coreos target/packages` to build test image firstly,
 # then run `just test-tmt-on-coreos plan-bootc-install-on-coreos`
 test-tmt-on-coreos *ARGS:
-    cargo xtask run-tmt --env=BOOTC_variant={{variant}} --env=BOOTC_target={{integration_img}}-coreos:latest {{fedora-coreos}} {{ARGS}}
+    cargo xtask run-tmt --env=BOOTC_variant={{variant}} --env=BOOTC_target={{base_img}}-coreos:latest {{fedora-coreos}} {{ARGS}}

 # Cleanup all test VMs created by tmt tests
 tmt-vm-cleanup:
    bcvk libvirt rm --stop --force --label bootc.test=1

 # Run tests (unit and integration) that are containerized
-test-container: build-units build-integration-test-image
+test-container: build build-units
    podman run --rm --read-only localhost/bootc-units /usr/bin/bootc-units
    # Pass these through for cross-checking
-    podman run --rm --env=BOOTC_variant={{variant}} --env=BOOTC_base={{base}} {{integration_img}} bootc-integration-tests container
+    podman run --rm --env=BOOTC_variant={{variant}} --env=BOOTC_base={{base}} {{base_img}} bootc-integration-tests container

 # Remove all container images built (locally) via this Justfile, by matching a label
 clean-local-images:
--- a/ci/Containerfile.install-fsverity
+++ b/ci/Containerfile.install-fsverity
@@ -1,5 +1,6 @@
 # Enable fsverity at install time
-FROM localhost/bootc
+# Use bootc-install (not bootc) to avoid LBIs that can't be fetched in this test environment
+FROM localhost/bootc-install
 RUN <<EORUN
 set -xeuo pipefail
 cat > /usr/lib/ostree/prepare-root.conf <<EOF
--- a/crates/xtask/src/tmt.rs
+++ b/crates/xtask/src/tmt.rs
@@ -324,9 +324,12 @@ pub(crate) fn run_tmt(sh: &Shell, args: &RunTmtArgs) -> Result<()> {
    // Workaround for https://github.com/bootc-dev/bcvk/issues/174
    // Save the container image to tar, this will be synced to tested OS
    if variant_id == "coreos" {
-        cmd!(sh, "podman save -q -o {workdir}/tmt/tests/bootc.tar localhost/bootc-integration-coreos:latest")
-            .run()
-            .with_context(|| format!("Saving container image to tar"))?;
+        cmd!(
+            sh,
+            "podman save -q -o {workdir}/tmt/tests/bootc.tar localhost/bootc-coreos:latest"
+        )
+        .run()
+        .with_context(|| format!("Saving container image to tar"))?;
    }

    // Change to workdir for running tmt commands
--- a/crates/xtask/src/xtask.rs
+++ b/crates/xtask/src/xtask.rs
@@ -58,7 +58,7 @@ enum Commands {
 /// Arguments for run-tmt command
 #[derive(Debug, Args)]
 pub(crate) struct RunTmtArgs {
-    /// Image name (e.g., "localhost/bootc-integration")
+    /// Image name (e.g., "localhost/bootc")
    pub(crate) image: String,

    /// Test plan filters (e.g., "readonly")
@@ -73,7 +73,7 @@ pub(crate) struct RunTmtArgs {
    #[clap(long)]
    pub(crate) env: Vec<String>,

-    /// Upgrade image to use when bind-storage-ro is available (e.g., localhost/bootc-integration-upgrade)
+    /// Upgrade image to use when bind-storage-ro is available (e.g., localhost/bootc-upgrade)
    #[clap(long)]
    pub(crate) upgrade_image: Option<String>,

@@ -85,7 +85,7 @@ pub(crate) struct RunTmtArgs {
 /// Arguments for tmt-provision command
 #[derive(Debug, Args)]
 pub(crate) struct TmtProvisionArgs {
-    /// Image name (e.g., "localhost/bootc-integration")
+    /// Image name (e.g., "localhost/bootc")
    pub(crate) image: String,

    /// VM name (defaults to "bootc-tmt-manual-<timestamp>")
--- a/hack/Containerfile
+++ b/hack/Containerfile
@@ -1,16 +0,0 @@
-# Build a container image that has extra testing stuff in it, such
-# as nushell, some preset logically bound images, etc. This expects
-# to create an image derived FROM localhost/bootc which was created
-# by the Dockerfile at top.
-
-FROM scratch as context
-# We only need this stuff in the initial context
-COPY . /
-
-# And the configs
-FROM localhost/bootc
-RUN --mount=type=bind,from=context,target=/run/context <<EORUN
-set -xeuo pipefail
-cd /run/context
-bootc container lint --fatal-warnings
-EORUN
--- a/hack/Containerfile.drop-lbis
+++ b/hack/Containerfile.drop-lbis
@@ -1,3 +1,3 @@
-FROM localhost/bootc-integration
+FROM localhost/bootc
 # Workaround for https://github.com/bootc-dev/bootc/issues/1618
 RUN rm -rf /usr/lib/bootc/bound-images.d/*
--- a/hack/Containerfile.packit
+++ b/hack/Containerfile.packit
@@ -29,7 +29,7 @@ cp test-artifacts.repo /etc/yum.repos.d/
 dnf -y update bootc
 # Required by tmt avc checking after test
 dnf -y install audit
-./provision-derived.sh
+./provision-derived.sh cloudinit

 # Remove bootc repo, bootc updated already
 rm -rf /var/share/test-artifacts /etc/yum.repos.d/test-artifacts.repo
--- a/hack/provision-derived.sh
+++ b/hack/provision-derived.sh
@@ -4,6 +4,13 @@ set -xeu
 # using it in our test suite because it's better than bash. First,
 # enable EPEL to get it.

+cloudinit=0
+case ${1:-} in
+  cloudinit) cloudinit=1 ;;
+  "") ;;
+  *) echo "Unhandled flag: ${1:-}" 1>&2; exit 1 ;;
+esac
+
 # Ensure this is pre-created
 mkdir -p -m 0700 /var/roothome
 mkdir -p ~/.config/nushell
@@ -44,11 +51,12 @@ grep -Ev -e '^#' packages.txt | xargs dnf -y install
 cat <<KARGEOF >> /usr/lib/bootc/kargs.d/20-console.toml
 kargs = ["console=ttyS0,115200n8"]
 KARGEOF
-dnf -y install cloud-init
-ln -s ../cloud-init.target /usr/lib/systemd/system/default.target.wants
+if test $cloudinit = 1; then
+  dnf -y install cloud-init
+  ln -s ../cloud-init.target /usr/lib/systemd/system/default.target.wants
  # Allow root SSH login for testing with bcvk/tmt
-mkdir -p /etc/cloud/cloud.cfg.d
-cat > /etc/cloud/cloud.cfg.d/80-enable-root.cfg <<'CLOUDEOF'
+  mkdir -p /etc/cloud/cloud.cfg.d
+  cat > /etc/cloud/cloud.cfg.d/80-enable-root.cfg <<'CLOUDEOF'
 # Enable root login for testing
 disable_root: false

@@ -59,6 +67,7 @@ growpart:
  devices: ["/sysroot"]
 resize_rootfs: false
 CLOUDEOF
+fi

 dnf clean all
 # Stock extra cleaning of logs and caches in general (mostly dnf)
@@ -114,13 +123,19 @@ EOF
  rm -rf /var/lib/dhclient
 fi

-# For test-22-logically-bound-install
-cp -a lbi/usr/. /usr
-for x in curl.container curl-base.image podman.image; do
-    ln -s /usr/share/containers/systemd/$x /usr/lib/bootc/bound-images.d/$x
-done
+# The following configs are skipped when SKIP_CONFIGS=1, which is used
+# for testing bootc install on Fedora CoreOS where these would conflict.
+if test -z "${SKIP_CONFIGS:-}"; then
+  # For test-22-logically-bound-install
+  cp -a lbi/usr/. /usr
+  for x in curl.container curl-base.image podman.image; do
+      ln -s /usr/share/containers/systemd/$x /usr/lib/bootc/bound-images.d/$x
+  done

-# Add some testing kargs into our dev builds
-install -D -t /usr/lib/bootc/kargs.d test-kargs/*
-# Also copy in some default install configs we use for testing
-install -D -t /usr/lib/bootc/install/ install-test-configs/*
+  # Add some testing kargs into our dev builds
+  install -D -t /usr/lib/bootc/kargs.d test-kargs/*
+  # Also copy in some default install configs we use for testing
+  install -D -t /usr/lib/bootc/install/ install-test-configs/*
+else
+  echo "SKIP_CONFIGS is set, skipping LBIs, test kargs, and install configs"
+fi
--- a/hack/provision-packit.sh
+++ b/hack/provision-packit.sh
@@ -86,7 +86,7 @@ cp /etc/yum.repos.d/test-artifacts.repo "$BOOTC_TEMPDIR"
 ls -al "$BOOTC_TEMPDIR"

 # Do not use just because it's only available on Fedora, not on CS and RHEL
-podman build --jobs=4 --from "$BASE" -v "$BOOTC_TEMPDIR":/bootc-test:z -t localhost/bootc-integration -f "${BOOTC_TEMPDIR}/Containerfile.packit" "$BOOTC_TEMPDIR"
+podman build --jobs=4 --from "$BASE" -v "$BOOTC_TEMPDIR":/bootc-test:z -t localhost/bootc -f "${BOOTC_TEMPDIR}/Containerfile.packit" "$BOOTC_TEMPDIR"

 # Keep these in sync with what's used in hack/lbi
 podman pull -q --retry 5 --retry-delay 5s quay.io/curl/curl:latest quay.io/curl/curl-base:latest registry.access.redhat.com/ubi9/podman:latest
--- a/hack/system-reinstall-bootc.exp
+++ b/hack/system-reinstall-bootc.exp
@@ -3,7 +3,7 @@
 # Set a timeout
 set timeout 600

-spawn system-reinstall-bootc localhost/bootc-integration
+spawn system-reinstall-bootc localhost/bootc

 expect {
    "Then you can login as * using those keys. \\\[Y/n\\\]" {
--- a/tmt/tests/Dockerfile.upgrade
+++ b/tmt/tests/Dockerfile.upgrade
@@ -1,3 +1,3 @@
 # Just creates a file as a new layer for a synthetic upgrade test
-FROM localhost/bootc-integration
+FROM localhost/bootc
 RUN touch --reference=/usr/bin/bash /usr/share/testing-bootc-upgrade-apply