ci: Add support for bootc end-to-end validation tests

NOTE: This also requires upgrading to tox-lsr 3.10.0, and some hacks to workaround a podman issue in ubuntu. These tests run the role during a bootc container image build, deploy the container into a QEMU VM, boot that, and validate the expected configuration there. They run in two different tox environments, and thus have to be run in two steps (preparation in buildah, validation in QEMU). The preparation is expected to output a qcow2 image in `tests/tmp/TESTNAME/qcow2/disk.qcow2`, i.e. the output structure of <https://github.com/osbuild/bootc-image-builder>. There are two possibilities: * Have separate bootc end-to-end tests. These are tagged with `tests::bootc-e2` and are skipped in the normal qemu-* scenarios. They run as part of the container-* ones. * Modify an existing test: These need to build a qcow2 image exactly *once* (via calling `bootc-buildah-qcow.sh`) and skip setup/cleanup and role invocations in validation mode, i.e. when `__bootc_validation` is true. In the container scenario, run the QEMU validation as a separate step in the workflow. See https://issues.redhat.com/browse/RHEL-88396 Signed-off-by: Rich Megginson <rmeggins@redhat.com>
2026-01-23 02:15:17 +00:00 · 2025-06-03 13:30:06 -06:00 · 2025-06-03 13:30:06 -06:00 · bc339a17f4
commit bc339a17f4
parent d1083aa289
8 changed files with 100 additions and 7 deletions
--- a/.codespell_ignores
+++ b/.codespell_ignores
@ -1 +1,2 @@
 iif
+passt
--- a/.github/workflows/ansible-lint.yml
+++ b/.github/workflows/ansible-lint.yml
@ -32,7 +32,7 @@ jobs:
      - name: Install tox, tox-lsr
        run: |
          set -euxo pipefail
-          pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.9.0"
+          pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.10.0"

      - name: Convert role to collection format
        id: collection
--- a/.github/workflows/ansible-managed-var-comment.yml
+++ b/.github/workflows/ansible-managed-var-comment.yml
@ -30,7 +30,7 @@ jobs:
      - name: Install tox, tox-lsr
        run: |
          set -euxo pipefail
-          pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.9.0"
+          pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.10.0"

      - name: Run ansible-plugin-scan
        run: |
--- a/.github/workflows/ansible-test.yml
+++ b/.github/workflows/ansible-test.yml
@ -33,7 +33,7 @@ jobs:
      - name: Install tox, tox-lsr
        run: |
          set -euxo pipefail
-          pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.9.0"
+          pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.10.0"

      - name: Convert role to collection format
        run: |
--- a/.github/workflows/python-unit-test.yml
+++ b/.github/workflows/python-unit-test.yml
@ -65,7 +65,7 @@ jobs:
            tox=tox
            virtualenv=virtualenv
          fi
-          pip install "$tox" "$virtualenv" "git+https://github.com/linux-system-roles/tox-lsr@3.9.0"
+          pip install "$tox" "$virtualenv" "git+https://github.com/linux-system-roles/tox-lsr@3.10.0"
          # If you have additional OS dependency packages e.g. libcairo2-dev
          # then put them in .github/config/ubuntu-requirements.txt, one
          # package per line.
--- a/.github/workflows/qemu-kvm-integration-tests.yml
+++ b/.github/workflows/qemu-kvm-integration-tests.yml
@ -105,7 +105,29 @@ jobs:
          python3 -m pip install --upgrade pip
          sudo apt update
          sudo apt install -y --no-install-recommends git ansible-core genisoimage qemu-system-x86
-          pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.9.0"
+          pip3 install "git+https://github.com/linux-system-roles/tox-lsr@3.10.0"
+
+      # HACK: Drop this when moving this workflow to 26.04 LTS
+      - name: Update podman to 5.x for compatibility with bootc-image-builder's podman 5
+        if: steps.check_platform.outputs.supported && endsWith(matrix.scenario.image, '-bootc')
+        run: |
+          sed 's/noble/plucky/g' /etc/apt/sources.list.d/ubuntu.sources | sudo tee /etc/apt/sources.list.d/plucky.sources >/dev/null
+          cat <<EOF | sudo tee /etc/apt/preferences.d/podman.pref >/dev/null
+          Package: podman buildah golang-github-containers-common crun libgpgme11t64 libgpg-error0 golang-github-containers-image catatonit conmon containers-storage
+          Pin: release n=plucky
+          Pin-Priority: 991
+
+          Package: libsubid4 netavark passt aardvark-dns containernetworking-plugins libslirp0 slirp4netns
+          Pin: release n=plucky
+          Pin-Priority: 991
+
+          Package: *
+          Pin: release n=plucky
+          Pin-Priority: 400
+          EOF
+
+          sudo apt update
+          sudo apt install -y podman crun conmon containers-storage

      - name: Configure tox-lsr
        if: steps.check_platform.outputs.supported
@ -117,7 +139,7 @@ jobs:
        if: steps.check_platform.outputs.supported && startsWith(matrix.scenario.env, 'qemu')
        run: >-
          tox -e ${{ matrix.scenario.env }} -- --image-name ${{ matrix.scenario.image }} --make-batch
-          --log-level debug --skip-tags tests::infiniband,tests::nvme,tests::scsi
+          --log-level debug $TOX_ARGS --skip-tags tests::bootc-e2e
          --lsr-report-errors-url DEFAULT --

      - name: Qemu result summary
@ -164,6 +186,28 @@ jobs:
          done
          exit $rc

+      - name: Run bootc validation tests in QEMU
+        if: steps.check_platform.outputs.supported &&
+            startsWith(matrix.scenario.env, 'container') &&
+            endsWith(matrix.scenario.image, '-bootc')
+        run: |
+          set -euxo pipefail
+          env=$(echo "${{ matrix.scenario.env }}" | sed 's/^container-/qemu-/')
+
+          for image_file in $(ls tests/tmp/*/qcow2/disk.qcow2 2>/dev/null); do
+              test="tests/$(basename $(dirname $(dirname $image_file))).yml"
+              if tox -e "$env" -- --image-file "$(pwd)/$image_file" \
+                     --log-level debug $TOX_ARGS \
+                     --lsr-report-errors-url DEFAULT \
+                     -e __bootc_validation=true \
+                     -- "$test" >out 2>&1; then
+                  mv out "${test}-PASS.log"
+              else
+                  mv out "${test}-FAIL.log"
+                  exit 1
+              fi
+          done
+
      - name: Upload test logs on failure
        if: failure()
        uses: actions/upload-artifact@v4
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # linux-system-roles/network

-[![ansible-lint.yml](https://github.com/linux-system-roles/network/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/network/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/ansible-test.yml) [![codeql.yml](https://github.com/linux-system-roles/network/actions/workflows/codeql.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/codeql.yml) [![codespell.yml](https://github.com/linux-system-roles/network/actions/workflows/codespell.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/codespell.yml) [![integration.yml](https://github.com/linux-system-roles/network/actions/workflows/integration.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/integration.yml) [![markdownlint.yml](https://github.com/linux-system-roles/network/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/markdownlint.yml) [![python-unit-test.yml](https://github.com/linux-system-roles/network/actions/workflows/python-unit-test.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/python-unit-test.yml) [![qemu-kvm-integration-tests.yml](https://github.com/linux-system-roles/network/actions/workflows/qemu-kvm-integration-tests.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/qemu-kvm-integration-tests.yml) [![shellcheck.yml](https://github.com/linux-system-roles/network/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/network/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/network/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/network/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/woke.yml) [![Coverage Status](https://coveralls.io/repos/github/linux-system-roles/network/badge.svg)](https://coveralls.io/github/linux-system-roles/network) [![Code Style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/ambv/black) [![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/linux-system-roles/network.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/linux-system-roles/network/context:python)
+[![ansible-lint.yml](https://github.com/linux-system-roles/network/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/network/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/ansible-test.yml) [![codeql.yml](https://github.com/linux-system-roles/network/actions/workflows/codeql.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/codeql.yml) [![codespell.yml](https://github.com/linux-system-roles/network/actions/workflows/codespell.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/codespell.yml) [![markdownlint.yml](https://github.com/linux-system-roles/network/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/markdownlint.yml) [![python-unit-test.yml](https://github.com/linux-system-roles/network/actions/workflows/python-unit-test.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/python-unit-test.yml) [![qemu-kvm-integration-tests.yml](https://github.com/linux-system-roles/network/actions/workflows/qemu-kvm-integration-tests.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/qemu-kvm-integration-tests.yml) [![shellcheck.yml](https://github.com/linux-system-roles/network/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/network/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/network/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/network/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/network/actions/workflows/woke.yml) [![Coverage Status](https://coveralls.io/repos/github/linux-system-roles/network/badge.svg)](https://coveralls.io/github/linux-system-roles/network) [![Code Style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/ambv/black) [![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/linux-system-roles/network.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/linux-system-roles/network/context:python)

 ## Overview

--- a/contributing.md
+++ b/contributing.md
@ -70,3 +70,51 @@ ansible-playbook --skip-tags tests::cleanup \

 [NM 1.0](https://lazka.github.io/pgi-docs/#NM-1.0), it contains a full
 explanation about the NetworkManager API.
+
+### Integration tests with podman
+
+1. Create `~/.ansible/collections/ansible_collections/containers/podman/` if this
+  directory does not exist and `cd` into this directory.
+
+    ```bash
+    mkdir -p ~/.ansible/collections/ansible_collections/containers/podman/
+    cd ~/.ansible/collections/ansible_collections/containers/podman/
+    ```
+
+2. Clone the collection plugins for Ansible-Podman into the current directory.
+
+    ```bash
+    git clone https://github.com/containers/ansible-podman-collections.git .
+    ```
+
+3. Change directory into the `tests` subdirectory.
+
+    ```bash
+    cd ~/network/tests
+    ```
+
+4. Use podman with `-d` to run in the background (daemon). Use `c7` because
+  `centos/systemd` is centos7.
+
+    ```bash
+    podman run --name lsr-ci-c7 --rm --privileged \
+    -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
+    -d registry.centos.org/centos/systemd
+    ```
+
+5. Use `podman unshare` first to run "podman mount" in root mode, use `-vi` to
+  run ansible as inventory in verbose mode, use `-c podman` to use the podman
+  connection plugin. NOTE: Some of the tests do not work with podman - see
+  `.github/run_test.sh` for the list of tests that do not work.
+
+    ```bash
+    podman unshare
+    ansible-playbook -vi lsr-ci-c7, -c podman tests_provider_nm.yml
+    ```
+
+6. NOTE that this leaves the container running in the background, to kill it:
+
+    ```bash
+    podman stop lsr-ci-c7
+    podman rm lsr-ci-c7
+    ```