Add bootc-foundry boot test infrastructure (HMS-10336)#2335
Open
thozza wants to merge 15 commits into
Open
Conversation
Add a new RequiresBootc field to the check Metadata struct to allow checks to declare that they only apply to bootc images. This mirrors the existing RequiresBlueprint and RequiresCustomizations pattern. Skip checks that have RequiresBootc set when the build config does not contain Options.Bootc. This follows the same pattern as RequiresBlueprint and RequiresCustomizations, allowing bootc-specific checks to be cleanly skipped for non-bootc images. Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add a new bootc-status check that runs 'bootc status' on the host and verifies it succeeds. The check uses RequiresBootc so it is automatically skipped for non-bootc images. Future bootc-specific checks (kargs validation, package verification) can follow the same pattern. Assisted-by: Claude Code Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add -bootc-ref, -bootc-build-ref and -bootc-remote flags to cmd/build. When -bootc-ref is provided, the tool resolves the container's bootc info and creates a BootcDistro via generic.NewBootc() instead of using the distro factory. The -distro flag becomes unnecessary (and mutually exclusive with -bootc-ref) since the distro identity is derived from the container's os-release. This follows the same pattern established in cmd/gen-manifests for bootc container handling. Note that the installer ref is expected to be passed via the build config, specifically via `options.bootc.installer_payload_ref`. Also ensure that `allRepos` is never `nil`. Assisted-by: Claude Code Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Add a new "dependencies" field to the "common" section in the Schutzfile and move the "bootc-image-builder" ref under it. This is a preparation for moving the osbuild commit there as well. Having all dependencies under a common key will ensure that all of them are co-located. Adjust all scripts that are reading or updating the value. Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Move the osbuild dependency commit to the 'common.dependencies.osbuild' section in the Schutzfile. In reality, the commit is always updated to the same value for all distros. This change reduces the noise by tracking the common value in a single place. That said, it is still possible to define distro-specific osbuild commit if needed. Update all scripts that are reading or writing the value. This will allow the bootc-foundry boot tests to determine the correct osbuild commit to use, even for distros that were previously not defined in this repository's Schutzfile. Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Use an absolute path derived from the script's location to find the Schutzfile. This prevents using a wrong Schutzfile when the repository is cloned as a subdirectory of another project that also has a Schutzfile in its root. Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Resolve the repository root from the script's location instead of relying on the caller's working directory. This fixes pip failing with "Directory '.' is not installable" when the script is invoked from a different project root. Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The previous behavior assumed the last pipeline in the manifest was the exported one. This does not work for bootc image manifests which contain pipelines for all supported image types (qcow2, vmdk, vpc, gce, etc.) but only one is exported during a build. Instead, find the exported pipeline by checking which pipeline directory actually exists in the build output, skipping the "build" pipeline. Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Produce clear error listing the missing variables. Otherwise, the script would fail with a confusing error when running the boot test. Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Detect bootc manifests by checking for the org.osbuild.bootc.install-to-filesystem stage and skip the ssh-server/jq curl-source checks, since bootc images are built from a container that already has all packages installed - there is no individual RPM installation step in the manifest. Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Handle ISOs that ship an embedded kickstart by reading the original content from the build directory (via the new "iso-embedded-ks" field in info.json) and merging it with the generated unattended kickstart. Note that the caller of the script is responsible for extracting the embedded kickstart from the ISO image, making it available in the build output directory and pointing to the filename in the info.json. Route bootc-generic-iso through the no-unattended-support boot path so it goes through kickstart generation. Add it to the CAN_BOOT_TEST set and the FIPS-on-Fedora skip list in imgtestlib.py. Use the distro field instead of path heuristics for RHEL subscription checks and skip registration entirely for bootc images, since all content comes from the container. Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The kickstart generated by boot_qemu_iso_no_unattended_support() adds the osbuild user to the wheel group, which grants sudo access but requires a password. Since the boot tests run non-interactively over SSH, the sudo password prompt causes the bootc-status check to fail when it runs "sudo bootc status". Add a NOPASSWD sudoers rule in the %post section to match the behavior of the cloud-init path (make_cloud_init_iso), which already configures passwordless sudo for the osbuild user. Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Make sure that the boot tests in this repository still pass with the changes. Signed-off-by: Tomáš Hozza <thozza@redhat.com>
lzap
approved these changes
May 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Enable boot testing of disk images built from bootc-derived containers in the bootc-foundry repository. Teach
cmd/buildto accept a bootc container ref directly (deriving distro identity from the container's os-release), consolidate shared dependency tracking in the Schutzfile undercommon.dependencies, and harden path resolution so test scripts work when the images repo is cloned as a subdirectory of another project. Add bootc-specific support to the boot-image test script, including ISO kickstart merging and bootc manifest detection.Architectural Changes
Introduce a
RequiresBootcmetadata flag in the check-host-config framework, following the establishedRequiresBlueprint/RequiresCustomizationspattern. This allows bootc-specific host checks (likebootc status) to be cleanly skipped for non-bootc images without special-casing in the check functions themselves.Consolidate the osbuild dependency commit from per-distro entries into
common.dependencies.osbuildin the Schutzfile. The fallback logic (distro-specific first, then common) preserves the ability to override per-distro when needed, while reducing duplication and enabling external repos like bootc-foundry to discover the correct osbuild commit for any distro.Key Changes
-bootc-ref,-bootc-build-ref, and-bootc-remoteflags tocmd/build, making-distrounnecessary (and mutually exclusive) when building from a bootc containercommon.dependenciesand update all consuming scripts_is_bootc_manifest()) to skip ssh-server/jq checks that don't apply to container-based imagesBreaking Changes
This PR is fully backward compatible. The Schutzfile restructuring updates all consuming scripts in the same commits, and the
get_osbuild_commit()fallback ensures existing distro-specific overrides still take precedence.Testing
RequiresBootcskip logic incheck-host-config, covering nil config, nilOptions.Bootc, and valid bootc configbootc-statuscheck using mock exec to verify pass/fail behavior without requiring a real bootc environmentensure_env_vars) to the boot-image script so missing cloud credentials produce a clear error instead of a confusing traceback mid-testosbuild/imageslibrary (HMS-10336) bootc-foundry#85 via https://gitlab.com/redhat/services/products/image-builder/ci/bootc-foundry/-/pipelines/2525058069