EXTRA_REPO_PATH_SEGMENT was needed when both Jenkins and Gitlab CI
were running in parallel (so they don't override their artifacts).
Jenkins is now decommissioned so we can drop the variable.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
There are currently some context mismatches in the image because of the new
files from the sysconfig stage. Let's move the selinux stage to the end so
we fix them.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
There's currently the Package Deletion Process going on in CentOS Stream 9.
When a maintainer wants to get rid of a package, several steps must be taken
before the package is completely removed from all places. We want to include
osbuild-composer in the process so packages that are used here are not deleted
without us noticing it. Thus, maintainers going through the process should be
able to easily see all packages that osbuild-composer includes in images.
This commit moves all package lists from rhel90/distro to rhel90/packages
to allow CentOS Stream maintainers to easily packages required by composer.
Not a functional change.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Fix for v1 results: collect RPMs for main stages, not build.
Support for v2 results: filter out build stages from stage results,
which include stages from all pipelines (flattened).
Metadata from stages in the output from osbuild in the v2 schema are
stored at the top level of the result structure.
Adding the same Metadata types from v1:
- org.osbuild.rpm stage
- org.osbuild.ostree.commit stage
- Raw metadata (for every other stage type)
When the assembler (v1) or any stage (v2) has type ostree.commit,
retrieve the commit ID (hash) from the osbuild stage metadata and return
it with the rest of the metadata (package NEVRAs).
Currently, metadata from osbuild is discarded for all stages except RPM.
Adding explicit support for the ostree.commit stage/assembler and
storing the metadata in a known type.
For all other stages, store the metadata directly without parsing.
The rawAssemblerResult is removed. Assembler results are treated as
stage results.
Move the OSBuildStagesToRPMs function, associated test, and RPM type
from the worker into the rpmmd subpackge. We will use this function in
the cloud API to compile the NEVRAs for the new metadata endpoint.
If a user uses a temporary access key for login, a session token is also
needed.
This commit adds support for it to the internal aws library and also
to the osbuild-upload-aws helper. Note that this doesn't affect the main
osbuild-composer executable nor the worker. Everything here should work
as before and session tokens are not supported. Something for a follow up
if anyone needs it.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
This enables the user to specify custom REPO_URL for use during
internal RHEL build testing as ENV in scheduled pipelines.
It also gives the option to use osbuild build specified in
Schutzfile or from the nightly build repository.
In 0680214c9b20b76f82c381fb3472d83846ca0c71 the BUILD_ID was changed
in azure.sh test but not in cloud_cleaner causing cloud-cleaner to
not clean up properly. This fixes that.
Previously, the temporary directory was created in the script dir. It just
imo created unnecessary and confusing files in my git checkout. Let's just
use the default temporary directory because we don't really have special
needs for it.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Add a new CLI option to `osbuild-image-tests` called
`-skip-selinux-ctx-check` to workaround the limitation of `setfiles` on
RHEL-8 [1]. If the option is passed to the binary, then the
'selinux/context-mismatch' part is removed from the "expected" and
"actual" image-info report, before these two reports are compared.
Modify `image_tests.sh` to run `osbuild-image-tests` with
`-skip-selinux-ctx-check` when run on RHEL-8.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1973754
Signed-off-by: Tomas Hozza <thozza@redhat.com>
When `image-info` inspects ostree images, the `/usr/etc` is bind-mounted
to `/etc`. This results in conflicting SELinux policy specification for
these files and makes the outcome dependent on the `setfiles` build.
All the files in `/etc` have mismatch in the expected vs. actual SELinux
context.
Exclude `/etc` from the check of SELinux ctx mismatches in case the
analysed tree is from an ostree-based image.
Sort the list returned `read_selinux_ctx_mismatch()` based on the item's
`filename` key, to make the result consistent across runs.
`image-info` can not read SELinux labels from the images, which are not
known to the host. This makes the report content depend on the host
environment. As a temporary workaround, relabel the image-info script with
osbuild_exec_t label to allow it to read unknown SELinux labels.
Modify documentation in `test/README.md` to explain the issue with
`image-info` and unknown SELinux labels.
Modify the `generate-all-test-cases` to relabel `image-info` before
generating test cases.
Modify the `image_tests.sh` to relabel `image-info` before running image
test cases.
Add 'tar' image for 'rhel-8' on 's390x' back to the matrix of generated
test cases, as it was removed by mistake. Regenerate the image test
case. Remove 'tar' image from 'rhel-84' on 's390x' from the matrix of
generated test cases, as it is not supported.
Regenerate all affected image test cases.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Remove Fedora 32 image test case manifests, because the release
is already EOL. Remove Fedora 32 definitions from
`distro-arch-imagetype-map.json`. Remove Fedora 32 repositories
from `tools/test-case-generators/repos.json`.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Splitting the api.sh test into its own matrix. The addition of the new
target, aws.s3, made the existing integration test matrix grow beyond
the GitLab parallel job limit (50).
Koji image request handling now reads the exports defined by each image
type. All APIs now support reading the exports defined by each image
type. The worker still falls back to "assembler" in case the call comes
from an older version of composer.
