install: Add support for --root-ssh-authorized-keys
#741
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
permissions: | |
actions: read | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
workflow_dispatch: {} | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
tests: | |
runs-on: ubuntu-latest | |
container: quay.io/coreos-assembler/fcos-buildroot:testing-devel | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install deps | |
run: ./ci/installdeps.sh | |
# xref containers/containers-image-proxy-rs | |
- name: Cache Dependencies | |
uses: Swatinem/rust-cache@v2 | |
with: | |
key: "tests" | |
- name: cargo fmt (check) | |
run: cargo fmt -- --check -l | |
- name: Build | |
run: cargo test --no-run | |
- name: Build lib without default features | |
run: cd lib && cargo check --no-default-features | |
- name: Individual checks | |
run: (cd cli && cargo check) && (cd lib && cargo check) | |
- name: Lints | |
run: cargo xtask custom-lints | |
- name: Run tests | |
run: cargo test -- --nocapture --quiet | |
- name: Manpage generation | |
run: mkdir -p target/man && cargo run --features=docgen -- man --directory target/man | |
- name: Clippy (gate on correctness and suspicous) | |
run: cargo clippy -- -D clippy::correctness -D clippy::suspicious | |
build-fedora: | |
runs-on: ubuntu-latest | |
container: quay.io/coreos-assembler/fcos-buildroot:testing-devel | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install deps | |
run: ./ci/installdeps.sh | |
- name: Cache Dependencies | |
uses: Swatinem/rust-cache@v2 | |
with: | |
key: "build" | |
- name: Build | |
run: make test-bin-archive | |
- name: Upload binary | |
uses: actions/upload-artifact@v3 | |
with: | |
name: bootc.tar.zst | |
path: target/bootc.tar.zst | |
build-c9s: | |
runs-on: ubuntu-latest | |
container: quay.io/centos/centos:stream9 | |
steps: | |
- run: dnf -y install git-core | |
- uses: actions/checkout@v3 | |
- name: Install deps | |
run: ./ci/installdeps.sh | |
- name: Cache Dependencies | |
uses: Swatinem/rust-cache@v2 | |
with: | |
key: "build-c9s" | |
- name: Build | |
run: make test-bin-archive | |
- name: Upload binary | |
uses: actions/upload-artifact@v3 | |
with: | |
name: bootc-c9s.tar.zst | |
path: target/bootc.tar.zst | |
cargo-deny: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: EmbarkStudios/cargo-deny-action@v1 | |
with: | |
log-level: warn | |
command: check bans sources licenses | |
privtest: | |
name: "Privileged testing" | |
needs: build-fedora | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Download | |
uses: actions/download-artifact@v3 | |
with: | |
name: bootc.tar.zst | |
- name: Install | |
run: sudo tar -C / -xvf bootc.tar.zst | |
- name: Integration tests | |
run: sudo podman run --rm -ti --privileged -v /run/systemd:/run/systemd -v /:/run/host -v /usr/bin/bootc:/usr/bin/bootc --pid=host quay.io/fedora/fedora-coreos:testing-devel bootc internal-tests run-privileged-integration | |
container-tests: | |
name: "Container testing" | |
needs: build-fedora | |
runs-on: ubuntu-latest | |
container: quay.io/centos-bootc/fedora-bootc:eln | |
steps: | |
- name: Download | |
uses: actions/download-artifact@v3 | |
with: | |
name: bootc.tar.zst | |
- name: Install | |
run: sudo tar -C / -xvf bootc.tar.zst | |
- name: Integration tests | |
run: bootc internal-tests run-container-integration | |
privtest-alongside: | |
name: "Test install-alongside" | |
needs: [build-fedora] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Ensure host skopeo is disabled | |
run: sudo rm -f /bin/skopeo /usr/bin/skopeo | |
- name: Download | |
uses: actions/download-artifact@v3 | |
with: | |
name: bootc.tar.zst | |
- name: Install | |
run: tar -xvf bootc.tar.zst | |
- name: Integration tests | |
run: | | |
set -xeuo pipefail | |
echo 'ssh-ed25519 ABC0123 [email protected]' > test_authorized_keys | |
sudo podman run --rm -ti --privileged -v ./test_authorized_keys:/test_authorized_keys --env RUST_LOG=debug -v /:/target -v /var/lib/containers:/var/lib/containers -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable \ | |
quay.io/centos-bootc/fedora-bootc-dev:eln bootc install to-filesystem \ | |
--karg=foo=bar --disable-selinux --replace=alongside --root-ssh-authorized-keys=/test_authorized_keys /target | |
ls -al /boot/loader/ | |
sudo grep foo=bar /boot/loader/entries/*.conf | |
grep authorized_keys /ostree/deploy/default/deploy/*/etc/tmpfiles.d/bootc-root-ssh.conf | |
# TODO fix https://github.com/containers/bootc/pull/137 | |
sudo chattr -i / /ostree/deploy/default/deploy/* | |
sudo rm /ostree/deploy/default -rf | |
sudo podman run --rm -ti --privileged --env BOOTC_SKIP_SELINUX_HOST_CHECK=1 --env RUST_LOG=debug -v /:/target -v /var/lib/containers:/var/lib/containers -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable \ | |
quay.io/centos-bootc/fedora-bootc-dev:eln bootc install to-filesystem \ | |
--replace=alongside /target | |
sudo ls -ldZ / /ostree/deploy/default/deploy/* /ostree/deploy/default/deploy/*/etc |