From a6c87c6667078109c1ba702f103957609e96e453 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 6 Jan 2026 14:56:15 -0500 Subject: [PATCH] build-sys: Remove separate integration test image The previous commit consolidated test content (nushell, cloud-init, etc.) into the base image. This completes that work by removing the separate `build-integration-test-image` target and updating all references. Now `just build` produces the complete test-ready image directly, simplifying the build pipeline and eliminating the intermediate `localhost/bootc-integration` image. Also adds SKIP_CONFIGS support for the coreos testing workflow, which skips LBIs, test kargs, and install configs that would conflict with FCOS. Signed-off-by: Colin Walters --- .github/workflows/build-and-publish.yml | 4 +- .github/workflows/ci.yml | 10 ++-- CONTRIBUTING.md | 2 +- Dockerfile | 4 +- Justfile | 69 ++++++++++++------------- ci/Containerfile.install-fsverity | 3 +- crates/xtask/src/tmt.rs | 9 ++-- crates/xtask/src/xtask.rs | 6 +-- hack/Containerfile | 16 ------ hack/Containerfile.drop-lbis | 2 +- hack/Containerfile.packit | 2 +- hack/provision-derived.sh | 41 ++++++++++----- hack/provision-packit.sh | 2 +- hack/system-reinstall-bootc.exp | 2 +- tmt/tests/Dockerfile.upgrade | 2 +- 15 files changed, 89 insertions(+), 85 deletions(-) delete mode 100644 hack/Containerfile diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 817778f9..f4caa7a1 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -42,7 +42,9 @@ jobs: fi - name: Build container - run: just build-integration-test-image + # TODO: Also consider building + publishing an image that is just "base + bootc" + # as this implicitly changed to also publish our integration test images. + run: just build - name: Login to ghcr.io uses: redhat-actions/podman-login@v1 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 103e8fbb..303995e9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -85,9 +85,9 @@ jobs: --tmpfs /var/lib/containers \ -v /run/dbus:/run/dbus -v /run/systemd:/run/systemd localhost/bootc /src/crates/ostree-ext/ci/priv-integration.sh # Nondestructive but privileged tests - sudo bootc-integration-tests host-privileged localhost/bootc-integration-install + sudo bootc-integration-tests host-privileged localhost/bootc-install # Install tests - sudo bootc-integration-tests install-alongside localhost/bootc-integration-install + sudo bootc-integration-tests install-alongside localhost/bootc-install # system-reinstall-bootc tests cargo build --release -p system-reinstall-bootc @@ -97,7 +97,7 @@ jobs: sudo install -m 0755 target/release/system-reinstall-bootc /usr/bin/system-reinstall-bootc # These tests may mutate the system live so we can't run in parallel - sudo bootc-integration-tests system-reinstall localhost/bootc-integration --test-threads=1 + sudo bootc-integration-tests system-reinstall localhost/bootc --test-threads=1 # And the fsverity case sudo podman run --privileged --pid=host localhost/bootc-fsverity bootc install to-existing-root --stateroot=other \ @@ -189,9 +189,9 @@ jobs: - name: Build container run: | - just build-integration-test-image-from-package target/packages + just build-from-packages target/packages # Extra cross-check (duplicating the integration test) that we're using the right base - used_vid=$(podman run --rm localhost/bootc-integration bash -c '. /usr/lib/os-release && echo ${ID}-${VERSION_ID}') + used_vid=$(podman run --rm localhost/bootc bash -c '. /usr/lib/os-release && echo ${ID}-${VERSION_ID}') test ${{ matrix.test_os }} = "${used_vid}" - name: Unit and container integration tests diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 151cd0ef..b395bd58 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -129,7 +129,7 @@ There's a small set of tests which are designed to run inside a bootc container and are built into the default container image: ``` -$ podman run --rm -ti localhost/bootc bootc-integration-tests container +$ just test-container ``` ## Submitting a patch diff --git a/Dockerfile b/Dockerfile index ef12cede..8e98021a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -50,7 +50,9 @@ RUN /usr/libexec/bootc-base-imagectl build-rootfs --manifest=standard /target-ro FROM scratch as base COPY --from=target-base /target-rootfs/ / COPY --from=src /src/hack/ /run/hack/ -RUN cd /run/hack/ && ./provision-derived.sh +# SKIP_CONFIGS=1 skips LBIs, test kargs, and install configs (for FCOS testing) +ARG SKIP_CONFIGS +RUN cd /run/hack/ && SKIP_CONFIGS="${SKIP_CONFIGS}" ./provision-derived.sh # Note we don't do any customization here yet # Mark this as a test image LABEL bootc.testimage="1" diff --git a/Justfile b/Justfile index 0085e057..6c959706 100644 --- a/Justfile +++ b/Justfile @@ -17,10 +17,8 @@ # This image is just the base image plus our updated bootc binary base_img := "localhost/bootc" -# Derives from the above and adds nushell, cloudinit etc. -integration_img := base_img + "-integration" # Has a synthetic upgrade -integration_upgrade_img := integration_img + "-upgrade" +upgrade_img := base_img + "-upgrade" # ostree: The default # composefs-sealeduki-sdboot: A system with a sealed composefs using systemd-boot @@ -57,9 +55,19 @@ sealed_buildargs := "--build-arg=variant=" + variant + " --secret=id=secureboot_ # # This first builds RPMs via the `package` target, then injects them # into the container image. -build: package _keygen +build: package _keygen && _pull-lbi-images @just _build-from-package target/packages +# Build container image using pre-existing packages from PATH. +# This skips the package build step - useful when packages are provided +# externally (e.g. downloaded from CI artifacts). +build-from-packages PATH: _keygen && _pull-lbi-images + @just _build-from-package {{PATH}} + +# Pull images used by hack/lbi +_pull-lbi-images: + podman pull -q --retry 5 --retry-delay 5s {{lbi_images}} + # Compute SOURCE_DATE_EPOCH and VERSION from git for reproducible builds. # Outputs shell variable assignments that can be eval'd. _git-build-vars: @@ -117,28 +125,13 @@ package: _packagecontainer chmod a+r target/packages/*.rpm podman rmi localhost/bootc-pkg -# Pull images used by hack/lbi -_pull-lbi-images: - podman pull -q --retry 5 --retry-delay 5s {{lbi_images}} - -# This container image has additional testing content and utilities -build-integration-test-image: build _pull-lbi-images - cd hack && podman build {{base_buildargs}} -t {{integration_img}}-bin -f Containerfile . - ./hack/build-sealed {{variant}} {{integration_img}}-bin {{integration_img}} {{sealed_buildargs}} - -# Build integration test image using pre-existing packages from PATH -build-integration-test-image-from-package PATH: _keygen _pull-lbi-images - @just _build-from-package {{PATH}} - cd hack && podman build {{base_buildargs}} -t {{integration_img}}-bin -f Containerfile . - ./hack/build-sealed {{variant}} {{integration_img}}-bin {{integration_img}} {{sealed_buildargs}} - # Build+test using the `composefs-sealeduki-sdboot` variant. test-composefs: just variant=composefs-sealeduki-sdboot test-tmt readonly local-upgrade-reboot # Only used by ci.yml right now -build-install-test-image: build-integration-test-image - cd hack && podman build {{base_buildargs}} -t {{integration_img}}-install -f Containerfile.drop-lbis +build-install-test-image: build + cd hack && podman build {{base_buildargs}} -t {{base_img}}-install -f Containerfile.drop-lbis # These tests accept the container image as input, and may spawn it. run-container-external-tests: @@ -160,43 +153,47 @@ validate: # # To run an individual test, pass it as an argument like: # `just test-tmt readonly` -# -# To run the integration tests, execute `just test-tmt integration` -test-tmt *ARGS: build-integration-test-image _build-upgrade-image +test-tmt *ARGS: build + @just _build-upgrade-image @just test-tmt-nobuild {{ARGS}} # Generate a local synthetic upgrade _build-upgrade-image: - cat tmt/tests/Dockerfile.upgrade | podman build -t {{integration_upgrade_img}}-bin --from={{integration_img}}-bin - - ./hack/build-sealed {{variant}} {{integration_upgrade_img}}-bin {{integration_upgrade_img}} {{sealed_buildargs}} + cat tmt/tests/Dockerfile.upgrade | podman build -t {{upgrade_img}}-bin --from={{base_img}}-bin - + ./hack/build-sealed {{variant}} {{upgrade_img}}-bin {{upgrade_img}} {{sealed_buildargs}} -# Assume the localhost/bootc-integration image is up to date, and just run tests. +# Assume the localhost/bootc image is up to date, and just run tests. # Useful for iterating on tests quickly. test-tmt-nobuild *ARGS: - cargo xtask run-tmt --env=BOOTC_variant={{variant}} --upgrade-image={{integration_upgrade_img}} {{integration_img}} {{ARGS}} + cargo xtask run-tmt --env=BOOTC_variant={{variant}} --upgrade-image={{upgrade_img}} {{base_img}} {{ARGS}} # Build test container image for testing on coreos with SKIP_CONFIGS=1, -# without configs and no curl container image -build-testimage-coreos PATH: - @just build-from-package {{PATH}} - cd hack && podman build {{base_buildargs}} --build-arg SKIP_CONFIGS=1 -t {{integration_img}}-coreos -f Containerfile . +# which skips LBIs, test kargs, and install configs that would conflict with FCOS. +build-testimage-coreos PATH: _keygen + #!/bin/bash + set -xeuo pipefail + pkg_path=$(realpath "{{PATH}}") + podman build --target=final -v "${pkg_path}":/run/packages:ro,z \ + --build-arg SKIP_CONFIGS=1 \ + -t {{base_img}}-coreos-bin {{buildargs}} . + ./hack/build-sealed {{variant}} {{base_img}}-coreos-bin {{base_img}}-coreos {{sealed_buildargs}} # Run test bootc install on FCOS -# BOOTC_target is `bootc-integration-coreos`, it will be used for bootc install. +# BOOTC_target is `bootc-coreos`, it will be used for bootc install. # Run `just build-testimage-coreos target/packages` to build test image firstly, # then run `just test-tmt-on-coreos plan-bootc-install-on-coreos` test-tmt-on-coreos *ARGS: - cargo xtask run-tmt --env=BOOTC_variant={{variant}} --env=BOOTC_target={{integration_img}}-coreos:latest {{fedora-coreos}} {{ARGS}} + cargo xtask run-tmt --env=BOOTC_variant={{variant}} --env=BOOTC_target={{base_img}}-coreos:latest {{fedora-coreos}} {{ARGS}} # Cleanup all test VMs created by tmt tests tmt-vm-cleanup: bcvk libvirt rm --stop --force --label bootc.test=1 # Run tests (unit and integration) that are containerized -test-container: build-units build-integration-test-image +test-container: build build-units podman run --rm --read-only localhost/bootc-units /usr/bin/bootc-units # Pass these through for cross-checking - podman run --rm --env=BOOTC_variant={{variant}} --env=BOOTC_base={{base}} {{integration_img}} bootc-integration-tests container + podman run --rm --env=BOOTC_variant={{variant}} --env=BOOTC_base={{base}} {{base_img}} bootc-integration-tests container # Remove all container images built (locally) via this Justfile, by matching a label clean-local-images: diff --git a/ci/Containerfile.install-fsverity b/ci/Containerfile.install-fsverity index a47c2964..de585773 100644 --- a/ci/Containerfile.install-fsverity +++ b/ci/Containerfile.install-fsverity @@ -1,5 +1,6 @@ # Enable fsverity at install time -FROM localhost/bootc +# Use bootc-install (not bootc) to avoid LBIs that can't be fetched in this test environment +FROM localhost/bootc-install RUN < /usr/lib/ostree/prepare-root.conf < Result<()> { // Workaround for https://github.com/bootc-dev/bcvk/issues/174 // Save the container image to tar, this will be synced to tested OS if variant_id == "coreos" { - cmd!(sh, "podman save -q -o {workdir}/tmt/tests/bootc.tar localhost/bootc-integration-coreos:latest") - .run() - .with_context(|| format!("Saving container image to tar"))?; + cmd!( + sh, + "podman save -q -o {workdir}/tmt/tests/bootc.tar localhost/bootc-coreos:latest" + ) + .run() + .with_context(|| format!("Saving container image to tar"))?; } // Change to workdir for running tmt commands diff --git a/crates/xtask/src/xtask.rs b/crates/xtask/src/xtask.rs index 203a2f3d..97b267c6 100644 --- a/crates/xtask/src/xtask.rs +++ b/crates/xtask/src/xtask.rs @@ -58,7 +58,7 @@ enum Commands { /// Arguments for run-tmt command #[derive(Debug, Args)] pub(crate) struct RunTmtArgs { - /// Image name (e.g., "localhost/bootc-integration") + /// Image name (e.g., "localhost/bootc") pub(crate) image: String, /// Test plan filters (e.g., "readonly") @@ -73,7 +73,7 @@ pub(crate) struct RunTmtArgs { #[clap(long)] pub(crate) env: Vec, - /// Upgrade image to use when bind-storage-ro is available (e.g., localhost/bootc-integration-upgrade) + /// Upgrade image to use when bind-storage-ro is available (e.g., localhost/bootc-upgrade) #[clap(long)] pub(crate) upgrade_image: Option, @@ -85,7 +85,7 @@ pub(crate) struct RunTmtArgs { /// Arguments for tmt-provision command #[derive(Debug, Args)] pub(crate) struct TmtProvisionArgs { - /// Image name (e.g., "localhost/bootc-integration") + /// Image name (e.g., "localhost/bootc") pub(crate) image: String, /// VM name (defaults to "bootc-tmt-manual-") diff --git a/hack/Containerfile b/hack/Containerfile deleted file mode 100644 index 13dc120b..00000000 --- a/hack/Containerfile +++ /dev/null @@ -1,16 +0,0 @@ -# Build a container image that has extra testing stuff in it, such -# as nushell, some preset logically bound images, etc. This expects -# to create an image derived FROM localhost/bootc which was created -# by the Dockerfile at top. - -FROM scratch as context -# We only need this stuff in the initial context -COPY . / - -# And the configs -FROM localhost/bootc -RUN --mount=type=bind,from=context,target=/run/context <&2; exit 1 ;; +esac + # Ensure this is pre-created mkdir -p -m 0700 /var/roothome mkdir -p ~/.config/nushell @@ -44,11 +51,12 @@ grep -Ev -e '^#' packages.txt | xargs dnf -y install cat <> /usr/lib/bootc/kargs.d/20-console.toml kargs = ["console=ttyS0,115200n8"] KARGEOF -dnf -y install cloud-init -ln -s ../cloud-init.target /usr/lib/systemd/system/default.target.wants +if test $cloudinit = 1; then + dnf -y install cloud-init + ln -s ../cloud-init.target /usr/lib/systemd/system/default.target.wants # Allow root SSH login for testing with bcvk/tmt -mkdir -p /etc/cloud/cloud.cfg.d -cat > /etc/cloud/cloud.cfg.d/80-enable-root.cfg <<'CLOUDEOF' + mkdir -p /etc/cloud/cloud.cfg.d + cat > /etc/cloud/cloud.cfg.d/80-enable-root.cfg <<'CLOUDEOF' # Enable root login for testing disable_root: false @@ -59,6 +67,7 @@ growpart: devices: ["/sysroot"] resize_rootfs: false CLOUDEOF +fi dnf clean all # Stock extra cleaning of logs and caches in general (mostly dnf) @@ -114,13 +123,19 @@ EOF rm -rf /var/lib/dhclient fi -# For test-22-logically-bound-install -cp -a lbi/usr/. /usr -for x in curl.container curl-base.image podman.image; do - ln -s /usr/share/containers/systemd/$x /usr/lib/bootc/bound-images.d/$x -done +# The following configs are skipped when SKIP_CONFIGS=1, which is used +# for testing bootc install on Fedora CoreOS where these would conflict. +if test -z "${SKIP_CONFIGS:-}"; then + # For test-22-logically-bound-install + cp -a lbi/usr/. /usr + for x in curl.container curl-base.image podman.image; do + ln -s /usr/share/containers/systemd/$x /usr/lib/bootc/bound-images.d/$x + done -# Add some testing kargs into our dev builds -install -D -t /usr/lib/bootc/kargs.d test-kargs/* -# Also copy in some default install configs we use for testing -install -D -t /usr/lib/bootc/install/ install-test-configs/* + # Add some testing kargs into our dev builds + install -D -t /usr/lib/bootc/kargs.d test-kargs/* + # Also copy in some default install configs we use for testing + install -D -t /usr/lib/bootc/install/ install-test-configs/* +else + echo "SKIP_CONFIGS is set, skipping LBIs, test kargs, and install configs" +fi diff --git a/hack/provision-packit.sh b/hack/provision-packit.sh index 7f1848bf..9ec9a144 100755 --- a/hack/provision-packit.sh +++ b/hack/provision-packit.sh @@ -86,7 +86,7 @@ cp /etc/yum.repos.d/test-artifacts.repo "$BOOTC_TEMPDIR" ls -al "$BOOTC_TEMPDIR" # Do not use just because it's only available on Fedora, not on CS and RHEL -podman build --jobs=4 --from "$BASE" -v "$BOOTC_TEMPDIR":/bootc-test:z -t localhost/bootc-integration -f "${BOOTC_TEMPDIR}/Containerfile.packit" "$BOOTC_TEMPDIR" +podman build --jobs=4 --from "$BASE" -v "$BOOTC_TEMPDIR":/bootc-test:z -t localhost/bootc -f "${BOOTC_TEMPDIR}/Containerfile.packit" "$BOOTC_TEMPDIR" # Keep these in sync with what's used in hack/lbi podman pull -q --retry 5 --retry-delay 5s quay.io/curl/curl:latest quay.io/curl/curl-base:latest registry.access.redhat.com/ubi9/podman:latest diff --git a/hack/system-reinstall-bootc.exp b/hack/system-reinstall-bootc.exp index 76003309..54effbd7 100755 --- a/hack/system-reinstall-bootc.exp +++ b/hack/system-reinstall-bootc.exp @@ -3,7 +3,7 @@ # Set a timeout set timeout 600 -spawn system-reinstall-bootc localhost/bootc-integration +spawn system-reinstall-bootc localhost/bootc expect { "Then you can login as * using those keys. \\\[Y/n\\\]" { diff --git a/tmt/tests/Dockerfile.upgrade b/tmt/tests/Dockerfile.upgrade index ab3b73c7..a9e36ba5 100644 --- a/tmt/tests/Dockerfile.upgrade +++ b/tmt/tests/Dockerfile.upgrade @@ -1,3 +1,3 @@ # Just creates a file as a new layer for a synthetic upgrade test -FROM localhost/bootc-integration +FROM localhost/bootc RUN touch --reference=/usr/bin/bash /usr/share/testing-bootc-upgrade-apply