GitHub Actions runners are nested VMs, and bcvk's use of virtiofs
causes systemd-journald to enter a livelock when writing to persistent
storage in nested virtualization environments.
Add the kernel argument systemd.journald.storage=volatile to force
journald to use tmpfs instead, which avoids the livelock.
This workaround is needed until bcvk issue #90 is fully resolved
upstream.
Fixes: https://github.com/bootc-dev/bootc/pull/1708#issuecomment-2494643831
Related: https://github.com/bootc-dev/bcvk/issues/90
Assisted-by: Claude Code (Sonnet 4.5)
The v3 version does not exist, causing CI failures. The correct version
is v1 as documented in the action's README.
Assisted-by: Claude Code (Sonnet 4.5)
Temporarily limit CI matrix to only run centos-9 job to debug
the build-integration hang that has been occurring for 40+ minutes.
Added upterm action before the build step to allow interactive SSH
debugging of the issue.
This will enable us to investigate why the bcvk disk image build
is hanging specifically on C9S while other distros pass.
Assisted-by: Claude Code (Sonnet 4.5)
- Change the install logic to detect UKIs and automatically
enable composefs
- Change the install logic to detect absence of bootupd
and default to installing systemd-boot
- Move sealing bits to the toplevel
- Add Justfile entrypoints
- Add basic end-to-end CI coverage (install + run) using
our integration tests
- Change lints to ignore `/boot/EFI`
Signed-off-by: Colin Walters <walters@verbum.org>
Make builds unprivileged by default and start using bcvk in
our own CI, the same way we expect people to do so locally
now.
Signed-off-by: Colin Walters <walters@verbum.org>
We shouldn't support specifying *arbitrary* versions to try
to release, only bump the minor or patch from what's there.
This avoids any ability to mess things up.
Signed-off-by: Colin Walters <walters@verbum.org>
Move libvirt installation into a parameterized input in the
bootc-ubuntu-setup action, allowing workflows to opt-in via
`libvirt: true`. This consolidates installation logic and makes
workflows cleaner by removing duplicate package installation steps.
Assisted-by: Claude Code
Signed-off-by: Colin Walters <walters@verbum.org>
This drains nontrivial logic out GHA and into something
isolated via containers and driven via `Justfile` and
easily replicable locally too.
Signed-off-by: Colin Walters <walters@verbum.org>
- Having separate workflows made sharing build artifacts not
really possible, and it just makes sense to consolidate
- Refactor shared parts into a little internal action
Signed-off-by: Colin Walters <walters@verbum.org>
The emphasis here is on trying to have
the `Justfile` be the default entrypoint,
wrapping other tools.
- Replace mentions of podman-bootc with bcvk
since I hope the latter supercedes the former
- Unify the unit test entrypoint
- Set up /var/tmp as a tmpdir to fix the etc merge
test (otherwise, selinux failures w/tmp)
- Run the unit+container tests in integration.yml
- Have `just validate` run in a container
Signed-off-by: Colin Walters <walters@verbum.org>
This burned us recently. Since our man pages are input to
the build, we can't really skip CI for them.
Signed-off-by: Colin Walters <walters@verbum.org>
A key thing for me is that the `Justfile` should be a one-stop
shop for development of the project. It can't have everything but
it should answer the basic questions of "how do I build and test
this project".
This aligns the recently added tmt-on-GHA flow a *bit* more closely
with some of that. Biggest is to use the `just build-integration-test-image` as the canonical
way to build a container image with our testing stuff in it;
which uses our main Dockerfile
Other cleanups:
- Change test script to move into tests/tmt/ as a workaround for
https://github.com/teemtee/tmt/pull/3037#issuecomment-3259585271
- Change the qemu logic to use SMBIOS credentials so we don't
have to carry around both a disk image and a SSH key
- Change qemu to use `-snapshot` so we can reuse disks
- Change the scripts to accept data via argv[1] and not environment
- Drop the hardcoded testing directory and use `target/` as
a generic build artifact dir
Signed-off-by: Colin Walters <walters@verbum.org>
See the updates to `Justfile` for how to use this.
Closes: #1428
Assisted-By: Claude Code (opus + sonnet)
Signed-off-by: Colin Walters <walters@verbum.org>
This uses the token generated in the GitHub app that has a limited
scope. Also refactors the commit/push steps to use the
create-pull-request action rather than manually committing and pushing.
This simplifies the token usage when committing/pushing.
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
This modifies the scheduled release to happen every 3 weeks regardless
of when the previous release happened. This aligns with the team's
schedule.
Assisted-by: Claude code
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
Update the autovendor GitHub workflow to use the correct path 'crates/cli'
instead of 'cli', which was causing the job to fail with "No such file or
directory" error.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: John Eckersberg <jeckersb@redhat.com>
Since there is some user intervention required for the scheduled
release, this adds a 2 day buffer in case the buttons weren't clicked
immediately last time.
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
This adds two github actions, "Create Release PR" and "release". The
first is scheduled to run every 3 weeks to automatically create a
release PR that bumps the versions. The "release" action is triggered
when the release PR is merged. It will create a draft release with the
tars attached.
Assited-by: Claude Code
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
And add a single test which verifies that our internal `reboot`
code actually does what it should (via systemd-run etc.)
This took me way, way too long to do...there were so many missteps
and confusion. First of all, I kept trying to use `systemd.extra-unit`
from https://www.freedesktop.org/software/systemd/man/latest/systemd-debug-generator.html#
but that doesn't exist in stream9.
I spent way too long trying to debug the fact that switching from
`podman run <image> /sbin/init` to `podman run <image> /bin/sh -c '<stuff> && exec /sbin/init`
fails because in the latter case podman's auto-detection fails and
we need to explicitly say `--systemd=always`. In retrospect obvious...but oh well.
On the positive side, I think with some cleanup we could extend this model
and generalize it for "test running in a container with systemd" (with
a lot of cleanup really)
Signed-off-by: Colin Walters <walters@verbum.org>
This introduces a GitHub workflow to periodically run `cargo xtask
update-generated` in order to keep the docs up-to-date with the
latest changes. It will create a PR if changes are detected.
Signed-off-by: Micah Abbott <miabbott@redhat.com>
This is aligning with what I did in https://github.com/ostreedev/ostree/pull/3439
- What gets invoked in e.g. GHA should ideally most be `just` commands
that are easy to run locally too (with sudo in GHA, without sudo locally)
- Move the "core build" to the toplevel so that one can just `podman build`
directly too (without the Justfile) and have it do something useful
- The "always build and test in a container" helps for LLM-assisted coding
because what they can do is inherently sandboxed
Signed-off-by: Colin Walters <walters@verbum.org>
This enables using a local image with system-reinstall-bootc. A couple
drive by cleanups to the integration tests are included.
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
This adds a few basic integration tests for system-reinstall-bootc, adds
a system-reinstall option to tests-integration to run them, and executes
them as part of the github action.
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
Key off the ostree prepare-root config to require fsverity
on all objects.
As part of this:
- Add a dependency on composefs-rs just for the fsverity querying
APIs, and as prep for further integration.
- Add `bootc internals fsck`, which verifies the expected
fsverity state.
Signed-off-by: Colin Walters <walters@verbum.org>
We should really have a more centrally-maintained `cargo-deny`
configuration. I'd argue to maintain it here in bootc to
start, but this will be a common thing for other projects
in github.com/containers and elsewhere.
Anyways, this needed updating for the new Unicode-3.0 license
in some updated unicode crates that I saw in rpm-ostree.
While we're here, quiet the duplicate crate warning in the CI
job, as it's just noise. Keep it when running locally so
we have some visibility if we care about it.
Signed-off-by: Colin Walters <walters@verbum.org>
