Add a workaround for the issue that podman falls back to the 'cni'
network backend when finding any container images in the local storage
when executed for the first time. Since we started embedding container
images in our CI runner images, this resulted in failures, because the
OS is missing some required CNI plugins. Until we somehow fix this in
osbuild, we explicitly set the network backend to 'netavark'.
This is relevant only for RHEL-9 / c9s, because Fedora since F40 and
el10 support only `netavark` backend.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
if you want to use a custom osbuild.rpm you can supply that in REPO_URL,
no?
Note: this removal of .repo files breaks building the -tests RPM from
source in downstream branches/nightlies b/c the repo is defined in
osbuild-composer.repo
The commonly used 'greenprint' function now adds a date + timestamp to
each message for debugging and tracking the duration of segments of each
scripts.
This hides warnings that are seen whenever dnf is called and also it is
no longer possible to initialize postresql database without it which is
used in base tests now.
Let's explain how RPMs for RHEL are built:
We use a subscribed RHEL 8.x machine and mock build these on it. Mock
initializes its own buildroot based on the latest RHEL 8 CDN content, see[1].
This means that the minor version of the buildroot is independent of the minor
version of the host.
However, we currently upload RPMs to a directory whose name consists also of
the minor version of the host. Our hosts are currently running RHEL 8.3 so
the RPMs are uploaded into rhel-8.3 directory despite them being built in the
RHEL 8.4 buildroot (RHEL 8 CDN buildroot specifically). This means that
we cannot guarantee that they are installable on RHEL 8.3 which is weird.
This commit adds a special case for hosts that run on subscribed RHEL and
thus build RPMs in a buildroot constructed from RHEL CDN. These RPMs are
now uploaded into rhel-8-cdn directory. This change more accurately reflects
the way we build our RPMs and removes some confusion.
Also, we need to bump osbuild commit so we have a version that already has
the rhel-8-cdn change in it.
[1]: https://github.com/rpm-software-management/mock/blob/main/mock-core-configs/etc/mock/templates/rhel-8.tpl#L37
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
EXTRA_REPO_PATH_SEGMENT was needed when both Jenkins and Gitlab CI
were running in parallel (so they don't override their artifacts).
Jenkins is now decommissioned so we can drop the variable.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
This enables the user to specify custom REPO_URL for use during
internal RHEL build testing as ENV in scheduled pipelines.
It also gives the option to use osbuild build specified in
Schutzfile or from the nightly build repository.
GitLab CI builds its own rpms and thus it must be use a different path.
This commit modifies mockbuild.sh and deploy.sh to be able to add an
extra path segment into the path so GitLab can use a different path.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
by defining the COMPOSE_URL environment variable! This will allow
testing more flavors of internal releases.
The rest is renaming files and variables to reflect the fact that
we're running tests against internal trees, not only nightlies.
- even if they don't exist sometimes but ignore the errors
- make the nightly repository with a higher priority
- override rhel-8*.json files so that newly built images will
also consume the nightly content
koji and ansible are not in RHEL repositories. Depending on them breaks RHEL
gating (see OSCI-1541): It tries to build a custom image with -tests package
in it but in the build environment there's no EPEL.
This commit makes the RPM independent from EPEL. However, we still need koji
and ansible, so the provision script now enables EPEL and installs the packages
from there. This is not nice but we have to live with that until OSCI-1541 is
solved.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
koji-osbuild-tests depends on koji which is not available in RHEL. As we need
to get rid of EPEL from deploy.sh (see the following commit), we need a
mechanism to preinstall EPEL before koji-osbuild-tests is installed. This
commit introduces pre_install_packages to Schutzfile - a simple way to
install packages before ${PROJECT}-tests is installed.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Generalize deploy.sh to allow setting up reverse dependency tests. Those
need the same setup for osbuild and osbuild-composer (i.e., the ones
under test), and in addition need the -tests package of the dependant
project.
Add test runs for koji-osbuild for all operating systems in Jenkinsfile.
Use a commit in koji-osbuild for which a repository was pushed to s3 in
the right format.
heredocs make control flow hard to read. Pull writing the repo file into
its own function and use it for setting up osbuild and osbuild-composer
repos.
To make sure we test against what we will release with, use osbuild from
the target distro rather than rebuilding it.
The only exception is in RHEL8.3, where we are not rebasing any longer,
but expect users who use new osbulid-composer from upstream to use it
with new osbuild from upstream too. In this case, use the RPM from
osbuild upstream, for now pinned to the same version as was in the
submodule.
This introduces a new configuration file: Schutzfile, which is meant
to contain the full test-matrix. For now it only points to the upstream
osbuild commit to add to the distro we are testing against (only relevant
for 8.3).
The submodule is now unused and is therefore removed. The produced repos
now only contain osbuild-composer, osbuild is never built as part of
osbuild-composer CI.
Signed-off-by: Tom Gundersen <teg@jklm.no>
Now that the repository URLs are predictable, don't use Jenkins' stash
feature to pass the repo file between stages.
Instead, simply create the repo file where it is needed, in deploy.sh.
The test package should be self-contained and contain all the configuration
necessary for a known-good test run (minus secrets). This moves repo
overrides from the test orchestration into the test package.
We want all the external sources (including boot isos and repositories) to
be pinned by their content hash, and never use anything that is not strictly
defined. This moves us in the right direction, but we still have some tests
to update to use these shipped repos rather than official mirrors.
One remaining challenge is that we must make sure all our test runners have
access to the RHEL snapshots, which is not currently the case for the runners
in EC2, but a solution is in the works.
Signed-off-by: Tom Gundersen <teg@jklm.no>
We no longer release into F31, and the right specfile was anyway not
being tested.
This allows us to remove a workaround that updates the VMs during
deploy, and other fedora-31 specific hacks.
Base these on https://osbuild.org/rpmrepo.
Install those repository files when deploying in schutzbot and include
them in tools/deploy/test for local testing.
Also remove copying overrides from deploy.sh, because it copied the
wrong files. We probably want to add this back properly in the future.
Deployment is specific to CI, but the provision script is needed to be
run to execute tests locally too.
This should be called from each test, rather than from deploy. For now
this change is a noop.
Signed-off-by: Tom Gundersen <teg@jklm.no>
No tests should be run directly from git, but should rather be installed
onto the test system using rpm and run from there. This moves towards
unifying our two types of test cases.
The new structure of is now:
`test/cmd`: the executors, one for each test-case. This is installed
into `/usr/libexec/test/osbuild-composer`.
`test/data`: data and config used by the tests. This is installed into
`/usr/share/tests/osbuild-composer`.
`schutzbot`: configuration of the actual test run. In particular, this
is where the distros and repositories to test against are
configured.
This is very much still work-in-progress, and is only the first step
towards simplifying schutzbot. Apart from moving files around, this
should be a noop.
Signed-off-by: Tom Gundersen <teg@jklm.no>
We already have something called image-tests, so this naming was
confusing. This is a collection of generic integration tests, so name
them accordingly.
Signed-off-by: Tom Gundersen <teg@jklm.no>
