From 76310fec86c3039052927d175e6bf8842de56a9b Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Wed, 18 Dec 2024 17:22:59 +0530 Subject: [PATCH 1/3] [skip-ci] RPM: cleanup macro defs The default `gobuild` macro on CentOS Stream 9 now includes support for `BUILDTAGS`. CentOS Stream envs now also define `_user_tmpfilesdir` macro by default. Both these definitions are no longer needed here. Signed-off-by: Lokesh Mandvekar --- rpm/podman.spec | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/rpm/podman.spec b/rpm/podman.spec index 852b780f67..ae3a1fcfc2 100644 --- a/rpm/podman.spec +++ b/rpm/podman.spec @@ -7,21 +7,8 @@ %global debug_package %{nil} %endif -# RHEL's default %%gobuild macro doesn't account for the BUILDTAGS variable, so we -# set it separately here and do not depend on RHEL's go-[s]rpm-macros package -# until that's fixed. -# c9s bz: https://bugzilla.redhat.com/show_bug.cgi?id=2227328 -%if %{defined rhel} && 0%{?rhel} < 10 -%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**}; -%endif - %global gomodulesmode GO111MODULE=on -%if %{defined rhel} -# _user_tmpfiles.d currently undefined on rhel -%global _user_tmpfilesdir %{_datadir}/user-tmpfiles.d -%endif - %if %{defined fedora} %define build_with_btrfs 1 %endif From 8a0ed30cd3a90dcc5bd210463b87caeaf997e1e6 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 13 Dec 2024 14:41:28 +0530 Subject: [PATCH 2/3] [skip-ci] RPM: adjust qemu dependency QEMU is available only on Fedora. RHEL and CentOS Stream can use qemu-kvm instead. Signed-off-by: Lokesh Mandvekar --- rpm/podman.spec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/rpm/podman.spec b/rpm/podman.spec index ae3a1fcfc2..2a8a690ec8 100644 --- a/rpm/podman.spec +++ b/rpm/podman.spec @@ -30,6 +30,10 @@ # podman-machine subpackage will be present only on these architectures %global machine_arches x86_64 aarch64 +%if %{defined fedora} +%define qemu 1 +%endif + Name: podman %if %{defined copr_build} Epoch: 102 @@ -174,7 +178,11 @@ when `%{_bindir}/%{name}sh` is set as a login shell or set as os.Args[0]. Summary: Metapackage for setting up %{name} machine Requires: %{name} = %{epoch}:%{version}-%{release} Requires: gvisor-tap-vsock +%if %{defined qemu} Requires: qemu +%else +Requires: qemu-kvm +%endif Requires: virtiofsd ExclusiveArch: x86_64 aarch64 From 9597ec5f878583597042e543abf6bd13fbe2e37f Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Fri, 3 Jan 2025 18:54:28 +0530 Subject: [PATCH 3/3] [skip-ci] TMT: system tests This commit introduces TMT test jobs triggered via packit to run system tests on testing-farm infrastructure. Tests are run for all active Fedora and CentOS Stream environments for aarch64 and x86_64. The same test plan will be reused by Fedora for bodhi, zuul and fedora-ci gating tests. Packit will handle syncing of test plan and sources from upstream to downstream. Jobs will be selectively triggered for `main` v/s release branches based on the `release` PR label. The GHA for labeling PRs has also been updated in this commit. Test jobs on the main branch will include builds from the `rhcontainerbot/podman-next` copr while tests on release branches will only include official distro packages. Signed-off-by: Lokesh Mandvekar --- .github/labeler.yml | 2 ++ .packit.yaml | 71 ++++++++++++++++++++++++++++++++++++++++++-- plans/podman.fmf | 37 +++++++++++++++++++++++ rpm/gating.yaml | 17 +++++++++++ rpm/podman.spec | 12 +++++++- test/tmt/setup.sh | 24 +++++++++++++++ test/tmt/system.fmf | 46 ++++++++++++++++++++++++++++ test/tmt/system.sh | 14 +++++++++ test/tmt/tmt-envvars | 20 +++++++++++++ test/tmt/tmt.fmf | 13 ++++++++ test/tmt/toolbox.fmf | 23 ++++++++++++++ test/tmt/toolbox.sh | 9 ++++++ 12 files changed, 285 insertions(+), 3 deletions(-) create mode 100644 plans/podman.fmf create mode 100644 rpm/gating.yaml create mode 100644 test/tmt/setup.sh create mode 100644 test/tmt/system.fmf create mode 100644 test/tmt/system.sh create mode 100644 test/tmt/tmt-envvars create mode 100644 test/tmt/tmt.fmf create mode 100644 test/tmt/toolbox.fmf create mode 100644 test/tmt/toolbox.sh diff --git a/.github/labeler.yml b/.github/labeler.yml index ce5a69b115..6e0821681b 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -6,3 +6,5 @@ kind/api-change: machine: - changed-files: - any-glob-to-any-file: pkg/machine/** +release: + - base-branch: [^v?(0|[1-9]\d*).(0|[1-9]\d*)$] diff --git a/.packit.yaml b/.packit.yaml index 637e02041b..79b17beb24 100644 --- a/.packit.yaml +++ b/.packit.yaml @@ -5,6 +5,27 @@ downstream_package_name: podman upstream_tag_template: v{version} +# These files get synced from upstream to downstream (Fedora / CentOS Stream) on every +# propose-downstream job. This is done so tests maintained upstream can be run +# downstream in Zuul CI and Bodhi. +# Ref: https://packit.dev/docs/configuration#files_to_sync +files_to_sync: + - src: rpm/gating.yaml + dest: gating.yaml + delete: true + - src: plans/ + dest: plans/ + delete: true + mkpath: true + - src: test/tmt/ + dest: test/tmt/ + delete: true + mkpath: true + - src: .fmf/ + dest: .fmf/ + delete: true + - .packit.yaml + packages: podman-fedora: pkg_tool: fedpkg @@ -31,7 +52,7 @@ jobs: failure_comment: message: "Ephemeral COPR build failed. @containers/packit-build please check." enable_net: true - targets: + targets: &fedora_copr_targets - fedora-all-x86_64 - fedora-all-aarch64 @@ -53,7 +74,7 @@ jobs: packages: [podman-centos] notifications: *packit_build_failure_notification enable_net: true - targets: + targets: ¢os_copr_targets - centos-stream-9-x86_64 - centos-stream-9-aarch64 - centos-stream-10-x86_64 @@ -71,6 +92,52 @@ jobs: project: podman-next enable_net: true + - job: tests + trigger: pull_request + packages: [podman-fedora] + targets: *fedora_copr_targets + require: &dev_tests + label: + absent: + - release + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo + identifier: "dev" + + - job: tests + trigger: pull_request + packages: [podman-fedora] + targets: *fedora_copr_targets + require: &release_tests + label: + present: + - release + preserve_project: true + identifier: "release" + + - job: tests + trigger: pull_request + packages: [podman-centos] + targets: *centos_copr_targets + require: *dev_tests + tf_extra_params: + environments: + - artifacts: + - type: repository-file + id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/centos-stream-$releasever/rhcontainerbot-podman-next-centos-stream-$releasever.repo + identifier: "dev" + + - job: tests + trigger: pull_request + packages: [podman-centos] + targets: *centos_copr_targets + require: *release_tests + preserve_project: true + identifier: "release" + - job: tests identifier: cockpit-revdeps trigger: pull_request diff --git a/plans/podman.fmf b/plans/podman.fmf new file mode 100644 index 0000000000..1945c09e22 --- /dev/null +++ b/plans/podman.fmf @@ -0,0 +1,37 @@ +discover: + how: fmf +execute: + how: tmt +prepare: + - how: feature + epel: enabled + - when: initiator == packit + how: shell + script: | + sed -i -n '/^priority=/!p;$apriority=1' /etc/yum.repos.d/*podman-next*.repo + dnf -y upgrade --allowerasing + if [[ $(rpm --eval '%{?rhel}') == 10 ]]; then + dnf -y copr enable rhcontainerbot/bats-el10 + fi + - how: install + package: + - bats + - podman-remote + - podman-tests + - slirp4netns + +/upstream: + summary: Run tests on upstream PRs + discover+: + filter: tag:upstream + adjust+: + - enabled: false + when: revdeps == yes or initiator is not defined or initiator != packit + +/downstream: + summary: Run tests on bodhi / errata and dist-git PRs + discover+: + filter: tag:downstream + adjust+: + - enabled: false + when: initiator == packit diff --git a/rpm/gating.yaml b/rpm/gating.yaml new file mode 100644 index 0000000000..92c7dc46fe --- /dev/null +++ b/rpm/gating.yaml @@ -0,0 +1,17 @@ +--- !Policy +product_versions: + - fedora-* +decision_contexts: + - bodhi_update_push_stable + - bodhi_update_push_testing +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +# recipients: jnovy, lsm5, santiago +--- !Policy +product_versions: + - rhel-* +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} diff --git a/rpm/podman.spec b/rpm/podman.spec index 2a8a690ec8..1c43bfcb0e 100644 --- a/rpm/podman.spec +++ b/rpm/podman.spec @@ -11,6 +11,8 @@ %if %{defined fedora} %define build_with_btrfs 1 +# No machine stuff for rhel +%define machine 1 %endif %if %{defined copr_username} @@ -34,6 +36,12 @@ %define qemu 1 %endif +# Adjust/Remove after epel10 gets bats +# Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2329315 +%if %{defined fedora} || %{defined rhel} && 0%{?rhel} == 9 +%define bats_epel 1 +%endif + Name: podman %if %{defined copr_build} Epoch: 102 @@ -130,8 +138,10 @@ pages and %{name}. Summary: Tests for %{name} Requires: %{name} = %{epoch}:%{version}-%{release} -%if %{defined fedora} +%if %{defined bats_epel} Requires: bats +%else +Recommends: bats %endif Requires: jq Requires: skopeo diff --git a/test/tmt/setup.sh b/test/tmt/setup.sh new file mode 100644 index 0000000000..0fbca6900d --- /dev/null +++ b/test/tmt/setup.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +set -exo pipefail + +uname -r + +loginctl enable-linger "$ROOTLESS_USER" + +rm -rf /home/$ROOTLESS_USER/.local/share/containers + +rpm -q \ + aardvark-dns \ + buildah \ + conmon \ + container-selinux \ + containers-common \ + crun \ + netavark \ + passt \ + podman \ + podman-tests \ + skopeo \ + slirp4netns \ + systemd diff --git a/test/tmt/system.fmf b/test/tmt/system.fmf new file mode 100644 index 0000000000..ab86921c84 --- /dev/null +++ b/test/tmt/system.fmf @@ -0,0 +1,46 @@ +require: + - bats + - podman-remote + - podman-tests + - slirp4netns + +environment: + PODMAN: /usr/bin/podman + PODMAN_TESTING: /usr/bin/podman-testing + QUADLET: /usr/libexec/podman/quadlet + ROOTLESS_USER: "fedora" +adjust+: + - when: distro == centos-stream + environment+: + ROOTLESS_USER: "ec2-user" + - when: distro == rhel + environment+: + ROOTLESS_USER: "cloud-user" + +/local/root: + tag: [ downstream, upstream, local, root ] + summary: local rootful test + test: bash ./system.sh + duration: 60m + +/local/rootless: + tag: [ downstream, upstream, local, rootless ] + summary: rootless test + test: bash ./system.sh rootless + duration: 60m + +/remote/root: + tag: [ downstream, upstream, remote, root ] + summary: remote rootful test + test: bash ./system.sh + duration: 60m + environment+: + PODMAN: /usr/bin/podman-remote + +/remote/rootless: + tag: [ downstream, upstream, remote, rootless ] + summary: remote rootless test + test: bash ./system.sh rootless + duration: 60m + environment+: + PODMAN: /usr/bin/podman-remote diff --git a/test/tmt/system.sh b/test/tmt/system.sh new file mode 100644 index 0000000000..c73cb02e5d --- /dev/null +++ b/test/tmt/system.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -exo pipefail + +. setup.sh + +export test_cmd="whoami && cd /usr/share/podman/test/system && bats ." + +if [[ -z $1 ]]; then + eval $test_cmd +elif [[ $1 == "rootless" ]]; then + su --whitelist-environment=$(cat ./tmt-envvars | tr '\n' ',') - "$ROOTLESS_USER" -c "eval $test_cmd" +fi +exit 0 diff --git a/test/tmt/tmt-envvars b/test/tmt/tmt-envvars new file mode 100644 index 0000000000..3ae53a1fd2 --- /dev/null +++ b/test/tmt/tmt-envvars @@ -0,0 +1,20 @@ +TMT_TREE +TMT_PLAN_DATA +TMT_VERSION +TMT_TEST_NAME +TMT_TEST_DATA +TMT_TEST_SERIAL_NUMBER +TMT_TEST_ITERATION_ID +TMT_TEST_METADATA +TMT_SOURCE_DIR +TMT_REBOOT_COUNT +TMT_TEST_RESTART_COUNT +TMT_TOPOLOGY_BASH +TMT_TOPOLOGY_YAML +TMT_TEST_PIDFILE +TMT_TEST_PIDFILE_LOCK +TMT_TEST_PIDFILE_ROOT +PODMAN +PODMAN_TESTING +QUADLET +ROOTLESS_USER diff --git a/test/tmt/tmt.fmf b/test/tmt/tmt.fmf new file mode 100644 index 0000000000..f1ae07e646 --- /dev/null +++ b/test/tmt/tmt.fmf @@ -0,0 +1,13 @@ +enabled: false +adjust: + enabled: true + when: distro == centos-strema-9 +summary: Make sure that TMT container provision works +tag: [downstream] +require: + - tmt+provision-container +test: + tmt run --verbose --remove + provision --how container --image fedora + login --command 'cat /etc/os-release' + finish diff --git a/test/tmt/toolbox.fmf b/test/tmt/toolbox.fmf new file mode 100644 index 0000000000..1579ee60fd --- /dev/null +++ b/test/tmt/toolbox.fmf @@ -0,0 +1,23 @@ +# TODO: Maintain this in the toolbox project +# For podman, this only needs to run on downstream tests + +enabled: false +adjust: + enabled: true + when: initiator != packit && distro == fedora + +require: + - toolbox-tests + +environment: + ROOTLESS_USER: "fedora" +adjust+: + environment+: + ROOTLESS_USER: "ec2-user" + when: distro == centos-stream + +/rootless: + tag: [ downstream ] + summary: rootless test + test: bash ./toolbox.sh + duration: 60m diff --git a/test/tmt/toolbox.sh b/test/tmt/toolbox.sh new file mode 100644 index 0000000000..b01cd6b965 --- /dev/null +++ b/test/tmt/toolbox.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +set -exo pipefail + +. setup.sh + +rpm -q containers-common-extra podman toolbox + +su --whitelist-environment=$(cat ./tmt-envvars | tr '\n' ',') - "$ROOTLESS_USER" -c "whoami && cd /usr/share/toolbox/test/system && bats ."