mirror of
https://github.com/containers/bootc.git
synced 2026-02-05 15:45:53 +01:00
6f8b0eda99
GitHub Actions runners are nested VMs, and bcvk's use of virtiofs causes systemd-journald to enter a livelock when writing to persistent storage in nested virtualization environments. Add the kernel argument systemd.journald.storage=volatile to force journald to use tmpfs instead, which avoids the livelock. This workaround is needed until bcvk issue #90 is fully resolved upstream. Fixes: https://github.com/bootc-dev/bootc/pull/1708#issuecomment-2494643831 Related: https://github.com/bootc-dev/bcvk/issues/90 Assisted-by: Claude Code (Sonnet 4.5)
216 lines
7.0 KiB
YAML
216 lines
7.0 KiB
YAML
# CI Workflow for bootc
|
|
#
|
|
# Core principles:
|
|
# - Everything done here should be easy to replicate locally. Most tasks
|
|
# should invoke `just <something>`.
|
|
# - Most additions to this should be extending existing tasks; e.g.
|
|
# there's places for unit and integration tests already.
|
|
name: CI
|
|
|
|
permissions:
|
|
actions: read
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
workflow_dispatch: {}
|
|
|
|
env:
|
|
CARGO_TERM_COLOR: always
|
|
# Something seems to be setting this in the default GHA runners, which breaks bcvk
|
|
# as the default runner user doesn't have access
|
|
LIBVIRT_DEFAULT_URI: "qemu:///session"
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
# Run basic validation checks (linting, formatting, etc)
|
|
validate:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
- name: Bootc Ubuntu Setup
|
|
uses: ./.github/actions/bootc-ubuntu-setup
|
|
- name: Validate (default)
|
|
run: just validate
|
|
# Build container with continuous repository enabled
|
|
container-continuous:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
- name: Bootc Ubuntu Setup
|
|
uses: ./.github/actions/bootc-ubuntu-setup
|
|
- name: Build with continuous repo enabled
|
|
run: sudo just build --build-arg=continuous_repo=1
|
|
# Check for security vulnerabilities and license compliance
|
|
cargo-deny:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
- uses: EmbarkStudios/cargo-deny-action@v2
|
|
with:
|
|
log-level: warn
|
|
command: check -A duplicate bans sources licenses
|
|
# Test bootc installation scenarios and fsverity support
|
|
# TODO convert to be an integration test
|
|
install-tests:
|
|
name: "Test install"
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v5
|
|
- name: Bootc Ubuntu Setup
|
|
uses: ./.github/actions/bootc-ubuntu-setup
|
|
- name: Enable fsverity for /
|
|
run: sudo tune2fs -O verity $(findmnt -vno SOURCE /)
|
|
- name: Install utils
|
|
run: sudo apt -y install fsverity just
|
|
- name: Integration tests
|
|
run: |
|
|
set -xeu
|
|
# Build images to test; TODO investigate doing single container builds
|
|
# via GHA and pushing to a temporary registry to share among workflows?
|
|
sudo just build
|
|
sudo just build-install-test-image
|
|
sudo podman build -t localhost/bootc-fsverity -f ci/Containerfile.install-fsverity
|
|
|
|
# TODO move into a container, and then have this tool run other containers
|
|
cargo build --release -p tests-integration
|
|
|
|
df -h /
|
|
sudo install -m 0755 target/release/tests-integration /usr/bin/bootc-integration-tests
|
|
rm target -rf
|
|
df -h /
|
|
# The ostree-container tests
|
|
sudo podman run --privileged --pid=host -v /:/run/host -v $(pwd):/src:ro -v /var/tmp:/var/tmp \
|
|
--tmpfs /var/lib/containers \
|
|
-v /run/dbus:/run/dbus -v /run/systemd:/run/systemd localhost/bootc /src/crates/ostree-ext/ci/priv-integration.sh
|
|
# Nondestructive but privileged tests
|
|
sudo bootc-integration-tests host-privileged localhost/bootc-integration-install
|
|
# Install tests
|
|
sudo bootc-integration-tests install-alongside localhost/bootc-integration-install
|
|
|
|
# system-reinstall-bootc tests
|
|
cargo build --release -p system-reinstall-bootc
|
|
|
|
# not sure why this is missing in the ubuntu image but just creating this directory allows the tests to pass
|
|
sudo mkdir -p /run/sshd
|
|
|
|
sudo install -m 0755 target/release/system-reinstall-bootc /usr/bin/system-reinstall-bootc
|
|
# These tests may mutate the system live so we can't run in parallel
|
|
sudo bootc-integration-tests system-reinstall localhost/bootc-integration --test-threads=1
|
|
|
|
# And the fsverity case
|
|
sudo podman run --privileged --pid=host localhost/bootc-fsverity bootc install to-existing-root --stateroot=other \
|
|
--acknowledge-destructive --skip-fetch-check
|
|
# Crude cross check
|
|
sudo find /ostree/repo/objects -name '*.file' -type f | while read f; do
|
|
sudo fsverity measure $f >/dev/null
|
|
done
|
|
# Test that we can build documentation
|
|
docs:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
- name: Bootc Ubuntu Setup
|
|
uses: ./.github/actions/bootc-ubuntu-setup
|
|
- name: Build mdbook
|
|
run: just build-mdbook
|
|
# Build containers and disk images for integration testing across OS matrix
|
|
build-integration:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
test_os: [fedora-42, fedora-43, centos-9, centos-10]
|
|
|
|
runs-on: ubuntu-24.04
|
|
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
- name: Bootc Ubuntu Setup
|
|
uses: ./.github/actions/bootc-ubuntu-setup
|
|
with:
|
|
libvirt: true
|
|
|
|
- name: Build container and disk image
|
|
run: |
|
|
tests/build.sh ${{ matrix.test_os }}
|
|
|
|
- name: Run container tests
|
|
run:
|
|
just test-container
|
|
|
|
- name: Archive disk image
|
|
uses: actions/upload-artifact@v5
|
|
with:
|
|
name: PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-disk
|
|
path: target/bootc-integration-test.qcow2
|
|
retention-days: 1
|
|
|
|
# Run TMT-based integration tests on disk images from build-integration
|
|
test-integration:
|
|
needs: build-integration
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
test_os: [fedora-42, fedora-43, centos-9, centos-10]
|
|
|
|
runs-on: ubuntu-24.04
|
|
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
- name: Bootc Ubuntu Setup
|
|
uses: ./.github/actions/bootc-ubuntu-setup
|
|
with:
|
|
libvirt: true
|
|
- name: Install tmt
|
|
run: pip install --user "tmt[provision-virtual]"
|
|
|
|
- name: Create folder to save disk image
|
|
run: mkdir -p target
|
|
|
|
- name: Download disk.raw
|
|
uses: actions/download-artifact@v6
|
|
with:
|
|
name: PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-disk
|
|
path: target
|
|
|
|
- name: Workaround https://github.com/teemtee/testcloud/issues/18
|
|
run: sudo rm -f /usr/bin/chcon && sudo ln -sr /usr/bin/true /usr/bin/chcon
|
|
|
|
- name: Run all TMT tests
|
|
run: |
|
|
just test-tmt-nobuild
|
|
|
|
- name: Archive TMT logs
|
|
if: always()
|
|
uses: actions/upload-artifact@v5
|
|
with:
|
|
name: tmt-log-PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-${{ matrix.tmt_plan }}
|
|
path: /var/tmp/tmt
|
|
# This variant does composefs testing
|
|
test-integration-cfs:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
test_os: [centos-10]
|
|
|
|
runs-on: ubuntu-24.04
|
|
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
- name: Bootc Ubuntu Setup
|
|
uses: ./.github/actions/bootc-ubuntu-setup
|
|
with:
|
|
libvirt: true
|
|
|
|
- name: Build container
|
|
run: just build-sealed
|
|
|
|
- name: Test
|
|
run: just test-composefs
|