test: Add Packit and gating test

.packit.yaml

@@ -64,21 +64,23 @@ jobs:
       failure_comment:
         message: "bootc Copr build failed for {commit_sha}. @admin check logs {logs_url} and packit dashboard {packit_dashboard_url}"
 
-  # TODO: Readd some tmt tests that install the built RPM and e.g. test out system-reinstall-bootc
-  # - job: tests
-  #   trigger: pull_request
-  #   targets:
-  #     - centos-stream-9-x86_64
-  #     - centos-stream-9-aarch64
-  #     - centos-stream-10-x86_64
-  #     - centos-stream-10-aarch64
-  #     - fedora-42-x86_64
-  #     - fedora-42-aarch64
-  #     - fedora-rawhide-x86_64
-  #     - fedora-rawhide-aarch64
-  #   tmt_plan: /integration
-  #   skip_build: true
-  #   identifier: integration-test
+  - job: tests
+    trigger: pull_request
+    targets:
+      - centos-stream-9-x86_64
+      - centos-stream-9-aarch64
+      - centos-stream-10-x86_64
+      - centos-stream-10-aarch64
+      - fedora-42-x86_64
+      - fedora-42-aarch64
+      - fedora-rawhide-x86_64
+      - fedora-rawhide-aarch64
+    tmt_plan: /tmt/plans/integration
+    tf_extra_params:
+      environments:
+        - tmt:
+            context:
+              running_env: "packit"
 
   - job: propose_downstream
     trigger: release

hack/Containerfile.packit

@@ -0,0 +1,44 @@
+# Build image for system-reinstall-bootc test
+
+# Use centos-bootc:stream10 as default
+FROM quay.io/centos-bootc/centos-bootc:stream10
+
+WORKDIR /bootc-test
+
+# Some rhts-*, rstrnt-* and tmt-* commands are in /usr/local/bin
+COPY bin /usr/local/bin
+# Save testing farm run files
+COPY ARTIFACTS /var/ARTIFACTS
+# Copy bootc repo
+COPY test-artifacts /var/share/test-artifacts
+
+RUN <<EORUN
+set -xeuo pipefail
+. /usr/lib/os-release
+if [[ $ID == "rhel" ]]; then
+    cp rhel.repo /etc/yum.repos.d/
+fi
+cp test-artifacts.repo /etc/yum.repos.d/
+dnf -y update bootc
+./provision-derived.sh
+
+# For test-22-logically-bound-install
+cp -a lbi/usr/. /usr
+for x in curl.container curl-base.image podman.image; do
+    ln -s /usr/share/containers/systemd/$x /usr/lib/bootc/bound-images.d/$x
+done
+
+# Add some testing kargs into our dev builds
+install -D -t /usr/lib/bootc/kargs.d test-kargs/*
+# Also copy in some default install configs we use for testing
+install -D -t /usr/lib/bootc/install/ install-test-configs/*
+
+# Remove bootc repo, bootc updated already
+rm -rf /var/share/test-artifacts /etc/yum.repos.d/test-artifacts.repo
+# Clean up dnf
+dnf -y clean all
+rm -rf /var/cache /var/lib/dnf
+
+# Finally, test our own linting
+# bootc container lint --fatal-warnings
+EORUN

hack/os-image-map.json

@@ -0,0 +1,9 @@
+{
+  "rhel-9.8": "images.paas.redhat.com/bootc/rhel-bootc:latest-9.8",
+  "rhel-10.2": "images.paas.redhat.com/bootc/rhel-bootc:latest-10.2",
+  "centos-9": "quay.io/centos-bootc/centos-bootc:stream9",
+  "centos-10": "quay.io/centos-bootc/centos-bootc:stream10",
+  "fedora-42": "quay.io/fedora/fedora-bootc:42",
+  "fedora-43": "quay.io/fedora/fedora-bootc:43",
+  "fedora-44": "quay.io/fedora/fedora-bootc:rawhide"
+}

hack/packit-reboot.yml

@@ -0,0 +1,19 @@
+---
+
+# tmt-reboot and reboot do not work in this case
+# reboot in ansible is the only way to reboot in tmt prepare
+- name: Reboot after system-reinstall-bootc
+  hosts: all
+  tasks:
+    - name: Check system mode
+      shell: bootc status --json | jq -r '.status.type'
+      register: os_mode
+
+    # null type means package mode
+    - name: Reboot system to image mode
+      reboot:
+      when: os_mode.stdout == 'null'
+
+    - name: Wait for connection to become reachable/usable
+      wait_for_connection:
+        delay: 30

hack/provision-packit.sh

@@ -0,0 +1,110 @@
+#!/bin/bash
+set -exuo pipefail
+
+# Check environment
+printenv
+
+# This script only runs on Packit and gating environment
+# Do not run this script for image mode system
+if command -v bootc >/dev/null && bootc status --json | grep '"type":"bootcHost"'; then
+    echo "This system is Image Mode."
+    exit 0
+fi
+
+# Install required packages
+dnf install -y podman skopeo jq bootc system-reinstall-bootc expect ansible-core
+
+# temp folder to save building files and folders
+BOOTC_TEMPDIR=$(mktemp -d)
+trap 'rm -rf -- "$BOOTC_TEMPDIR"' EXIT
+
+# Copy files and folders in hack to TEMPDIR
+cp -a . "$BOOTC_TEMPDIR"
+
+# Keep testing farm run folder
+cp -r /var/ARTIFACTS "$BOOTC_TEMPDIR"
+
+# Copy bootc repo
+cp -r /var/share/test-artifacts "$BOOTC_TEMPDIR"
+
+ARCH=$(uname -m)
+# Get OS info
+source /etc/os-release
+
+# Some rhts-*, rstrnt-* and tmt-* commands are in /usr/local/bin
+if [[ -d /var/lib/tmt/scripts ]]; then
+    cp -r /var/lib/tmt/scripts "$BOOTC_TEMPDIR"
+else
+    cp -r /usr/local/bin "$BOOTC_TEMPDIR"
+fi
+
+# Get base image URL
+TEST_OS="${ID}-${VERSION_ID}"
+BASE=$(cat os-image-map.json | jq --arg v "$TEST_OS" '.[$v]')
+
+if [[ "$ID" == "rhel" ]]; then
+    # OSCI gating only
+    CURRENT_COMPOSE_ID=$(skopeo inspect --no-tags --retry-times=5 --tls-verify=false "docker://${BASE}" | jq -r '.Labels."redhat.compose-id"')
+
+    if [[ -n ${CURRENT_COMPOSE_ID} ]]; then
+        if [[ ${CURRENT_COMPOSE_ID} == *-updates-* ]]; then
+            BATCH_COMPOSE="updates/"
+        else
+            BATCH_COMPOSE=""
+        fi
+    else
+        BATCH_COMPOSE="updates/"
+        CURRENT_COMPOSE_ID=latest-RHEL-$VERSION_ID
+    fi
+
+    # use latest compose if specific compose is not accessible
+    RC=$(curl -skIw '%{http_code}' -o /dev/null "http://${NIGHTLY_COMPOSE_SITE}/rhel-${VERSION_ID%%.*}/nightly/${BATCH_COMPOSE}RHEL-${VERSION_ID%%.*}/${CURRENT_COMPOSE_ID}/STATUS")
+    if [[ $RC != "200" ]]; then
+        CURRENT_COMPOSE_ID=latest-RHEL-${VERSION_ID%%}
+    fi
+
+    # generate rhel repo
+    tee "${BOOTC_TEMPDIR}/rhel.repo" >/dev/null <<REPOEOF
+[rhel-baseos]
+name=baseos
+baseurl=http://${NIGHTLY_COMPOSE_SITE}/rhel-${VERSION_ID%%.*}/nightly/${BATCH_COMPOSE}RHEL-${VERSION_ID%%.*}/${CURRENT_COMPOSE_ID}/compose/BaseOS/${ARCH}/os/
+enabled=1
+gpgcheck=0
+
+[rhel-appstream]
+name=appstream
+baseurl=http://${NIGHTLY_COMPOSE_SITE}/rhel-${VERSION_ID%%.*}/nightly/${BATCH_COMPOSE}RHEL-${VERSION_ID%%.*}/${CURRENT_COMPOSE_ID}/compose/AppStream/${ARCH}/os/
+enabled=1
+gpgcheck=0
+REPOEOF
+    cp "${BOOTC_TEMPDIR}/rhel.repo" /etc/yum.repos.d
+fi
+
+# Fedora CI: https://github.com/fedora-ci/dist-git-pipeline/blob/master/Jenkinsfile#L145
+# OSCI: https://gitlab.cee.redhat.com/osci-pipelines/dist-git-pipeline/-/blob/master/Jenkinsfile?ref_type=heads#L93
+if [[ -v KOJI_TASK_ID ]] || [[ -v CI_KOJI_TASK_ID ]]; then
+    # Just left those ls commands here to ring the bell for me when something changed
+    echo "$TMT_SOURCE_DIR"
+    ls -al "$TMT_SOURCE_DIR"
+    ls -al "$TMT_SOURCE_DIR/SRPMS"
+fi
+
+ls -al /etc/yum.repos.d
+cat /etc/yum.repos.d/test-artifacts.repo
+ls -al /var/share/test-artifacts
+
+# copy bootc rpm repo into image building root
+cp /etc/yum.repos.d/test-artifacts.repo "$BOOTC_TEMPDIR"
+
+# Let's check things in hack folder
+ls -al "$BOOTC_TEMPDIR" "${BOOTC_TEMPDIR}/bin"
+
+# Do not use just because it's only available on Fedora, not on CS and RHEL
+podman build --jobs=4 --from "$BASE" -v "$BOOTC_TEMPDIR":/bootc-test:z -t localhost/bootc-integration -f "${BOOTC_TEMPDIR}/Containerfile.packit" "$BOOTC_TEMPDIR"
+
+# Keep these in sync with what's used in hack/lbi
+podman pull -q --retry 5 --retry-delay 5s quay.io/curl/curl:latest quay.io/curl/curl-base:latest registry.access.redhat.com/ubi9/podman:latest
+
+# Run system-reinstall-bootc
+# TODO make it more scriptable instead of expect + send
+./system-reinstall-bootc.exp

hack/system-reinstall-bootc.exp

@@ -0,0 +1,31 @@
+#!/usr/bin/expect -f
+
+# Set a timeout
+set timeout 600
+
+spawn system-reinstall-bootc localhost/bootc-integration
+
+expect {
+    "Then you can login as * using those keys. \\\[Y/n\\\]" {
+        send "\r"
+        exp_continue
+    }
+    "NOTICE: This will replace the installed operating system and reboot. Are you sure you want to continue? \\\[y/N\\\]" {
+        send "y"
+        exp_continue
+    }
+    "NOTICE: This will replace the installed operating system and reboot. Are you sure you want to continue? \\\[Y/n\\\]" {
+        send "\r"
+        exp_continue
+    }
+    "Press \\\<enter\\\> to continue" {
+        send "\r"
+        exp_continue
+    }
+    "Operation complete, rebooting in 10 seconds. Press Ctrl-C to cancel reboot, or press enter to continue immediately" {
+        send "\x03"
+    }
+}
+
+# Wait for the program to complete
+expect eof

tmt/plans/integration.fmf

@@ -1,7 +1,17 @@
 provision:
   how: virtual
-  # Build via `./tests/build.sh`
   image: $@{test_disk_image}
+prepare:
+  # Replace package mode with image mode
+  - how: shell
+    script:
+      - pwd && ls -al
+      - if [[ -d hack ]]; then cd hack && ./provision-packit.sh; fi
+  # tmt-reboot and reboot do not work in this case
+  # reboot in ansible is the only way to reboot in tmt prepare
+  - how: ansible
+    playbook:
+      - https://github.com/henrywang/bootc/raw/refs/heads/gating/hack/packit-reboot.yml
 execute:
   how: tmt
 
@@ -60,11 +70,18 @@ execute:
     how: fmf
     test:
         - /tmt/tests/test-26-examples-build
+  adjust:
+    - when: running_env == packit
+      enabled: false
+      because: packit tests use RPM bootc and does not install /usr/lib/bootc/initramfs-setup
 
 /test-27-custom-selinux-policy:
   summary: Execute restorecon test on system with custom selinux policy
   discover:
     how: fmf
     test:
-        - /tmt/tests/bootc-install-provision
         - /tmt/tests/test-27-custom-selinux-policy
+  adjust:
+    - when: running_env == packit
+      enabled: false
+      because: tmt-reboot does not work with systemd reboot in testing farm environment

tmt/tests/booted/test-custom-selinux-policy.nu

@@ -23,7 +23,7 @@ RUN mkdir /opt123; echo \"/opt123 /opt\" >> /etc/selinux/targeted/contexts/files
     podman build -t localhost/bootc-derived .
 
     bootc switch --soft-reboot=auto --transport containers-storage localhost/bootc-derived
-    
+
     assert (not ("/opt123" | path exists))
 
     # https://tmt.readthedocs.io/en/stable/stories/features.html#reboot-during-test