Skip to content

install: Add support for --root-ssh-authorized-keys #741

install: Add support for --root-ssh-authorized-keys

install: Add support for --root-ssh-authorized-keys #741

Workflow file for this run

name: CI
permissions:
actions: read
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch: {}
env:
CARGO_TERM_COLOR: always
jobs:
tests:
runs-on: ubuntu-latest
container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
steps:
- uses: actions/checkout@v3
- name: Install deps
run: ./ci/installdeps.sh
# xref containers/containers-image-proxy-rs
- name: Cache Dependencies
uses: Swatinem/rust-cache@v2
with:
key: "tests"
- name: cargo fmt (check)
run: cargo fmt -- --check -l
- name: Build
run: cargo test --no-run
- name: Build lib without default features
run: cd lib && cargo check --no-default-features
- name: Individual checks
run: (cd cli && cargo check) && (cd lib && cargo check)
- name: Lints
run: cargo xtask custom-lints
- name: Run tests
run: cargo test -- --nocapture --quiet
- name: Manpage generation
run: mkdir -p target/man && cargo run --features=docgen -- man --directory target/man
- name: Clippy (gate on correctness and suspicous)
run: cargo clippy -- -D clippy::correctness -D clippy::suspicious
build-fedora:
runs-on: ubuntu-latest
container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
steps:
- uses: actions/checkout@v3
- name: Install deps
run: ./ci/installdeps.sh
- name: Cache Dependencies
uses: Swatinem/rust-cache@v2
with:
key: "build"
- name: Build
run: make test-bin-archive
- name: Upload binary
uses: actions/upload-artifact@v3
with:
name: bootc.tar.zst
path: target/bootc.tar.zst
build-c9s:
runs-on: ubuntu-latest
container: quay.io/centos/centos:stream9
steps:
- run: dnf -y install git-core
- uses: actions/checkout@v3
- name: Install deps
run: ./ci/installdeps.sh
- name: Cache Dependencies
uses: Swatinem/rust-cache@v2
with:
key: "build-c9s"
- name: Build
run: make test-bin-archive
- name: Upload binary
uses: actions/upload-artifact@v3
with:
name: bootc-c9s.tar.zst
path: target/bootc.tar.zst
cargo-deny:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: EmbarkStudios/cargo-deny-action@v1
with:
log-level: warn
command: check bans sources licenses
privtest:
name: "Privileged testing"
needs: build-fedora
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Download
uses: actions/download-artifact@v3
with:
name: bootc.tar.zst
- name: Install
run: sudo tar -C / -xvf bootc.tar.zst
- name: Integration tests
run: sudo podman run --rm -ti --privileged -v /run/systemd:/run/systemd -v /:/run/host -v /usr/bin/bootc:/usr/bin/bootc --pid=host quay.io/fedora/fedora-coreos:testing-devel bootc internal-tests run-privileged-integration
container-tests:
name: "Container testing"
needs: build-fedora
runs-on: ubuntu-latest
container: quay.io/centos-bootc/fedora-bootc:eln
steps:
- name: Download
uses: actions/download-artifact@v3
with:
name: bootc.tar.zst
- name: Install
run: sudo tar -C / -xvf bootc.tar.zst
- name: Integration tests
run: bootc internal-tests run-container-integration
privtest-alongside:
name: "Test install-alongside"
needs: [build-fedora]
runs-on: ubuntu-latest
steps:
- name: Ensure host skopeo is disabled
run: sudo rm -f /bin/skopeo /usr/bin/skopeo
- name: Download
uses: actions/download-artifact@v3
with:
name: bootc.tar.zst
- name: Install
run: tar -xvf bootc.tar.zst
- name: Integration tests
run: |
set -xeuo pipefail
echo 'ssh-ed25519 ABC0123 [email protected]' > test_authorized_keys
sudo podman run --rm -ti --privileged -v ./test_authorized_keys:/test_authorized_keys --env RUST_LOG=debug -v /:/target -v /var/lib/containers:/var/lib/containers -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable \
quay.io/centos-bootc/fedora-bootc-dev:eln bootc install to-filesystem \
--karg=foo=bar --disable-selinux --replace=alongside --root-ssh-authorized-keys=/test_authorized_keys /target
ls -al /boot/loader/
sudo grep foo=bar /boot/loader/entries/*.conf
grep authorized_keys /ostree/deploy/default/deploy/*/etc/tmpfiles.d/bootc-root-ssh.conf
# TODO fix https://github.com/containers/bootc/pull/137
sudo chattr -i / /ostree/deploy/default/deploy/*
sudo rm /ostree/deploy/default -rf
sudo podman run --rm -ti --privileged --env BOOTC_SKIP_SELINUX_HOST_CHECK=1 --env RUST_LOG=debug -v /:/target -v /var/lib/containers:/var/lib/containers -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable \
quay.io/centos-bootc/fedora-bootc-dev:eln bootc install to-filesystem \
--replace=alongside /target
sudo ls -ldZ / /ostree/deploy/default/deploy/* /ostree/deploy/default/deploy/*/etc