ci: Unify more of hack/ and tests/, move tmt to subdir

A key thing for me is that the `Justfile` should be a one-stop
shop for development of the project. It can't have everything but
it should answer the basic questions of "how do I build and test
this project".

This aligns the recently added tmt-on-GHA flow a *bit* more closely
with some of that. Biggest is to use the `just build-integration-test-image` as the canonical
way to build a container image with our testing stuff in it;
which uses our main Dockerfile

Other cleanups:
- Move tmt/ into tests/tmt/ as a workaround for
  teemtee/tmt#3037 (comment)
- Change the qemu logic to use SMBIOS credentials so we don't
  have to carry around both a disk image and a SSH key
- Change qemu to use `-snapshot` so we can reuse disks
- Change the scripts to accept data via argv[1] and not environment
- Drop the hardcoded testing directory and use `target/` as
  a generic build artifact dir

Signed-off-by: Colin Walters <[email protected]>

Author: cgwalters

.github/workflows/integration.yml

@@ -1,14 +1,16 @@
 name: bootc integration test
 on:
   pull_request:
-    branches: [main]
+    branches: [main]  
+  workflow_dispatch:
 
 jobs:
   build:
     strategy:
       matrix:
-        test_os: [fedora-41, fedora-42, fedora-43, centos-9]
-        test_runner: [ubuntu-latest, ubuntu-24.04-arm]
+        #test_os: [fedora-42, fedora-43, centos-9, centos-10]
+        test_os: [centos-10]
+        test_runner: [ubuntu-24.04, ubuntu-24.04-arm]
 
     runs-on: ${{ matrix.test_runner }}
 
@@ -18,67 +20,56 @@ jobs:
           set -eux
           echo 'deb [trusted=yes] https://ftp.debian.org/debian/ testing main' | sudo tee /etc/apt/sources.list.d/testing.list
           sudo apt update
-          sudo apt install -y crun/testing podman/testing
+          sudo apt install -y crun/testing podman/testing just
 
       - uses: actions/checkout@v4
 
-      - name: Build bootc and bootc image
-        env:
-          TEST_OS: ${{ matrix.test_os }}
-        run: sudo -E TEST_OS=$TEST_OS tests/build.sh
+      - name: Set architecture variable
+        id: set_arch
+        run: echo "ARCH=$(arch)" >> $GITHUB_ENV
 
-      - name: Grant sudo user permission to archive files
+      - name: Build bootc and bootc image
         run: |
-          sudo chmod 0755 /tmp/tmp-bootc-build/id_rsa
+          sudo tests/build.sh ${{ matrix.test_os }}
 
       - name: Archive bootc disk image - disk.raw
-        if: matrix.test_runner == 'ubuntu-latest'
-        uses: actions/upload-artifact@v4
-        with:
-          name: PR-${{ github.event.number }}-${{ matrix.test_os }}-disk
-          path: /tmp/tmp-bootc-build/disk.raw
-          retention-days: 1
-
-      - name: Archive SSH private key - id_rsa
-        if: matrix.test_runner == 'ubuntu-latest'
         uses: actions/upload-artifact@v4
         with:
-          name: PR-${{ github.event.number }}-${{ matrix.test_os }}-id_rsa
-          path: /tmp/tmp-bootc-build/id_rsa
+          name: PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-disk
+          path: target/disk.raw
           retention-days: 1
 
   test:
     needs: build
     strategy:
       matrix:
-        test_os: [fedora-41, fedora-42, fedora-43, centos-9]
+        #test_os: [fedora-42, fedora-43, centos-9, centos-10]
+        test_os: [centos-10]
         tmt_plan: [test-01-readonly, test-20-local-upgrade, test-21-logically-bound-switch, test-22-logically-bound-install, test-23-install-outside-container, test-24-local-upgrade-reboot]
 
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
 
-      - name: Install dependence
+      - name: Set architecture variable
+        id: set_arch
+        run: echo "ARCH=$(arch)" >> $GITHUB_ENV
+
+      - name: Install deps
         run: |
           sudo apt-get update
-          sudo apt install -y qemu-kvm qemu-system
+          sudo apt install -y qemu-kvm qemu-system just
           pip install --user tmt
 
       - name: Create folder to save disk image
-        run: mkdir -p /tmp/tmp-bootc-build
+        run: mkdir -p target
 
       - name: Download disk.raw
         uses: actions/download-artifact@v4
         with:
-          name: PR-${{ github.event.number }}-${{ matrix.test_os }}-disk
-          path: /tmp/tmp-bootc-build
-
-      - name: Download id_rsa
-        uses: actions/download-artifact@v4
-        with:
-          name: PR-${{ github.event.number }}-${{ matrix.test_os }}-id_rsa
-          path: /tmp/tmp-bootc-build
+          name: PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-disk
+          path: target
 
       - name: Enable KVM group perms
         run: |
@@ -88,13 +79,13 @@ jobs:
           ls -l /dev/kvm
 
       - name: Run test
-        env:
-          TMT_PLAN_NAME: ${{ matrix.tmt_plan }}
-        run: chmod 600 /tmp/tmp-bootc-build/id_rsa && tests/test.sh
+        run: |
+          ls -al target
+          tests/test.sh ${{ matrix.tmt_plan }}
 
       - name: Archive TMT logs
         if: always()
         uses: actions/upload-artifact@v4
         with:
-          name: tmt-log-PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ matrix.tmt_plan }}
+          name: tmt-log-PR-${{ github.event.number }}-${{ matrix.test_os }}-${{ env.ARCH }}-${{ matrix.tmt_plan }}
           path: /var/tmp/tmt

hack/Containerfile

@@ -1,4 +1,7 @@
-# This injects some extra testing stuff into our image
+# Build a container image that has extra testing stuff in it, such
+# as nushell, some preset logically bound images, etc. This expects
+# to create an image derived FROM localhost/bootc which was created
+# by the Dockerfile at top.
 
 FROM scratch as context
 # We only need this stuff in the initial context
@@ -11,7 +14,15 @@ ARG variant=
 # And this layer has additional stuff for testing, such as nushell etc.
 RUN --mount=type=bind,from=context,target=/run/context <<EORUN
 set -xeuo pipefail
-/run/context/hack/provision-derived.sh "$variant"
+cd /run/context/hack
+./provision-derived.sh "$variant"
+
+# For test-22-logically-bound-install
+cp -a lbi/usr/. /usr
+for x in curl.container curl-base.image podman.image; do
+    ln -s /usr/share/containers/systemd/$x /usr/lib/bootc/bound-images.d/$x
+done
+
 # Add some testing kargs into our dev builds
 install -D -t /usr/lib/bootc/kargs.d /run/context/hack/test-kargs/*
 # Also copy in some default install configs we use for testing

tmt/tests/lbi/usr/share/containers/systemd/curl-base.image renamed to hack/lbi/usr/share/containers/systemd/curl-base.image

@@ -0,0 +1,4 @@
+# Needed by tmt
+rsync
+/usr/bin/flock
+/usr/bin/awk

tmt/tests/lbi/usr/share/containers/systemd/curl.container renamed to hack/lbi/usr/share/containers/systemd/curl.container

@@ -16,12 +16,10 @@ case "${ID}-${VERSION_ID}" in
         dnf config-manager --set-enabled crb
         dnf -y install epel-release epel-next-release
         dnf -y install nu
-        dnf clean all
         ;;
     "rhel-9."*)
         dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
         dnf -y install nu
-        dnf clean all
         ;;
     "centos-10"|"rhel-10."*)
         # nu is not available in CS10
@@ -32,10 +30,13 @@ case "${ID}-${VERSION_ID}" in
         ;;
     "fedora-"*)
         dnf -y install nu
-        dnf clean all
         ;;
 esac
 
+# Extra packages we install
+grep -Ev -e '^#' packages.txt | xargs dnf -y install
+dnf clean all
+
 # Stock extra cleaning of logs and caches in general (mostly dnf)
 rm /var/log/* /var/cache /var/lib/{dnf,rpm-state,rhsm} -rf
 # And clean root's homedir

tmt/tests/lbi/usr/share/containers/systemd/jboss-webserver-5.image renamed to hack/lbi/usr/share/containers/systemd/jboss-webserver-5.image

@@ -4,116 +4,59 @@ set -exuo pipefail
 # This script basically builds bootc from source using the provided base image,
 # then runs the target tests.
 
-mkdir -p /tmp/tmp-bootc-build
-BOOTC_TEMPDIR="/tmp/tmp-bootc-build"
-
-# Get OS info from TEST_OS env
-OS_ID=$(echo "$TEST_OS" | cut -d '-' -f 1)
-OS_VERSION_ID=$(echo "$TEST_OS" | cut -d '-' -f 2)
-
-# Base image
-case "$OS_ID" in
-    "centos")
-        TIER1_IMAGE_URL="quay.io/centos-bootc/centos-bootc:stream${OS_VERSION_ID}"
+# If provided should be of the form fedora-42 or centos-10
+target=${1:-}
+
+build_args=()
+if test -n "${target:-}"; then
+    shift
+    # Get OS info from TEST_OS env
+    OS_ID=$(echo "$target" | cut -d '-' -f 1)
+    OS_VERSION_ID=$(echo "$target" | cut -d '-' -f 2)
+
+    # Base image
+    case "$OS_ID" in
+        "centos")
+            BASE="quay.io/centos-bootc/centos-bootc:stream${OS_VERSION_ID}"
         ;;
-    "fedora")
-        TIER1_IMAGE_URL="quay.io/fedora/fedora-bootc:${OS_VERSION_ID}"
+        "fedora")
+            BASE="quay.io/fedora/fedora-bootc:${OS_VERSION_ID}"
         ;;
-esac
-
-CONTAINERFILE="${BOOTC_TEMPDIR}/Containerfile"
-tee "$CONTAINERFILE" > /dev/null << CONTAINERFILEOF
-FROM $TIER1_IMAGE_URL as build
-
-WORKDIR /code
-
-RUN <<EORUN
-set -xeuo pipefail
-. /usr/lib/os-release
-case \$ID in
-    centos|rhel) dnf config-manager --set-enabled crb;;
-    fedora) dnf -y install dnf-utils 'dnf5-command(builddep)';;
-esac
-dnf -y distro-sync ostree{,-libs} systemd
-dnf -y builddep contrib/packaging/bootc.spec
-dnf -y install git-core
-EORUN
-
-RUN mkdir -p /build/target/dev-rootfs
-# git config --global --add safe.directory /code to fix "fatal: detected dubious ownership in repository at '/code'" error
-RUN --mount=type=cache,target=/build/target --mount=type=cache,target=/var/roothome git config --global --add safe.directory /code && make test-bin-archive && mkdir -p /out && cp target/bootc.tar.zst /out
-
-FROM $TIER1_IMAGE_URL
-
-# Inject our built code
-COPY --from=build /out/bootc.tar.zst /tmp
-RUN tar -C / --zstd -xvf /tmp/bootc.tar.zst && rm -vrf /tmp/*
-
-RUN <<EORUN
-set -xeuo pipefail
-
-# Provision test requirement
-/code/hack/provision-derived.sh
-# Also copy in some default install configs we use for testing
-cp -a /code/hack/install-test-configs/* /usr/lib/bootc/install/
-# And some test kargs
-cp -a /code/hack/test-kargs/* /usr/lib/bootc/kargs.d/
-
-# For testing farm
-mkdir -p -m 0700 /var/roothome
-
-# Enable ttyS0 console
-mkdir -p /usr/lib/bootc/kargs.d/
-cat <<KARGEOF >> /usr/lib/bootc/kargs.d/20-console.toml
-kargs = ["console=ttyS0,115200n8"]
-KARGEOF
-
-# For test-22-logically-bound-install
-cp -a /code/tmt/tests/lbi/usr/. /usr
-ln -s /usr/share/containers/systemd/curl.container /usr/lib/bootc/bound-images.d/curl.container
-ln -s /usr/share/containers/systemd/curl-base.image /usr/lib/bootc/bound-images.d/curl-base.image
-ln -s /usr/share/containers/systemd/podman.image /usr/lib/bootc/bound-images.d/podman.image
-
-# Install rsync which is required by tmt
-dnf -y install cloud-init rsync
-dnf -y clean all
-
-rm -rf /var/cache /var/lib/dnf
-EORUN
-CONTAINERFILEOF
+        *) echo "Unknown OS: ${OS_ID}" 1>&2; exit 1
+        ;;
+    esac
+    build_args+=("--build-arg=base=$BASE")
+fi
 
-LOCAL_IMAGE="localhost/bootc:test"
-podman build \
-    --retry 5 \
-    --retry-delay 5s \
-    -v "$(pwd)":/code:z \
-    -t "$LOCAL_IMAGE" \
-    -f "$CONTAINERFILE" \
-    "$BOOTC_TEMPDIR"
+just build ${build_args[@]}
+just build-integration-test-image
 
-SSH_KEY=${BOOTC_TEMPDIR}/id_rsa
-ssh-keygen -f "${SSH_KEY}" -N "" -q -t rsa-sha2-256 -b 2048
+# Host builds will have this already, but we use it as a general dumping space
+# for output artifacts
+mkdir -p target
 
-truncate -s 10G "${BOOTC_TEMPDIR}/disk.raw"
+rm -vf target/disk.raw
+truncate -s 10G "target/disk.raw"
 
 # For test-22-logically-bound-install
 podman pull --retry 5 --retry-delay 5s quay.io/curl/curl:latest
 podman pull --retry 5 --retry-delay 5s quay.io/curl/curl-base:latest
 podman pull --retry 5 --retry-delay 5s registry.access.redhat.com/ubi9/podman:latest
 
+mkdir -p target/disks
+
 podman run \
   --rm \
   --privileged \
   --pid=host \
   --security-opt label=type:unconfined_t \
   -v /var/lib/containers:/var/lib/containers \
   -v /dev:/dev \
-  -v "$BOOTC_TEMPDIR":/output \
-  "$LOCAL_IMAGE" \
+  -v $(pwd)/target:/target \
+  localhost/bootc-integration \
   bootc install to-disk \
   --filesystem "xfs" \
-  --root-ssh-authorized-keys "/output/id_rsa.pub" \
   --karg=console=ttyS0,115200n8 \
   --generic-image \
   --via-loopback \
-  /output/disk.raw
+  /target/disk.raw