.gitignore

@@ -0,0 +1,2 @@
+artifacts
+tests/packages

SOURCES/modulemd.src.txt

@@ -1,100 +0,0 @@
----
-document: modulemd
-version: 2
-data:
-  name: container-tools
-  stream: 1.0
-  summary: >-
-    Stable versions of podman 1.0, buildah 1.5, skopeo 0.1, runc, conmon, CRIU,
-    Udica, etc as well as dependencies such as container-selinux built and
-    tested together, and supported for 24 months.
-  description: >-
-    Stable versions of podman 1.0 , buildah 1.5, skopeo 0.1, runc, conmon,
-    CRIU, Udica, etc as well as dependencies such as container-selinux built
-    and tested together. Released with RHEL 8.0 and supported for 24 months.
-    During the support lifecycle, back ports of important, critical
-    vulnerabilities (CVEs, RHSAs) and bug fixes (RHBAs) are provided to this
-    stream, and versions do not move forward. For more information see:
-    https://access.redhat.com/support/policy/updates/containertools
-  license:
-    module:
-    - MIT
-  dependencies:
-  - buildrequires:
-      go-toolset: [rhel8]
-      golang-ecosystem: [1.0]
-      platform: [el8]
-    requires:
-      platform: [el8]
-  references:
-    community: https://github.com/projectatomic
-    documentation: https://projectatomic.io
-    tracker: https://github.com/projectatomic
-  profiles:
-    common:
-      rpms:
-      - buildah
-      - container-selinux
-      - containernetworking-plugins
-      - criu
-      - fuse-overlayfs
-      - oci-systemd-hook
-      - oci-umount
-      - podman
-      - runc
-      - skopeo
-      - slirp4netns
-  api:
-    rpms:
-    - buildah
-    - container-selinux
-    - containernetworking-plugins
-    - containers-common
-    - fuse-overlayfs
-    - oci-systemd-hook
-    - oci-umount
-    - podman
-    - podman-docker
-    - runc
-    - skopeo
-    - slirp4netns
-  buildopts:
-    rpms:
-      macros: |
-        %_with_ignore_tests 1
-  components:
-    rpms:
-      buildah:
-        rationale: Primary component of this module
-        ref: stream-container-tools-1.0-rhel-8.3.0
-      container-selinux:
-        rationale: Primary component of this module
-        ref: stream-container-tools-1.0-rhel-8.3.0
-      containernetworking-plugins:
-        rationale: Primary component of this module
-        ref: stream-container-tools-1.0-rhel-8.3.0
-      criu:
-        rationale: Primary component of this module
-        ref: stream-container-tools-1.0-rhel-8.3.0
-      fuse-overlayfs:
-        rationale: Primary component of this module
-        ref: stream-container-tools-1.0-rhel-8.3.0
-      oci-systemd-hook:
-        rationale: Primary component of this module
-        ref: stream-container-tools-1.0-rhel-8.3.0
-      oci-umount:
-        rationale: Primary component of this module
-        ref: stream-container-tools-1.0-rhel-8.3.0
-      podman:
-        rationale: Primary component of this module
-        ref: stream-container-tools-1.0-rhel-8.3.0
-      runc:
-        rationale: Primary component of this module
-        ref: stream-container-tools-1.0-rhel-8.3.0
-      skopeo:
-        rationale: Primary component of this module
-        ref: stream-container-tools-1.0-rhel-8.3.0
-      slirp4netns:
-        rationale: Primary component of this module
-        ref: stream-container-tools-1.0-rhel-8.3.0
-...

container-tools.yaml

@@ -0,0 +1,250 @@
+---
+document: modulemd
+version: 2
+data:
+  name: container-tools
+  stream: rhel8
+  version: 8070020220315135406
+  context: 39077419
+  summary: Most recent (rolling) versions of podman, buildah, skopeo, runc, conmon,
+    runc, conmon, CRIU, Udica, etc as well as dependencies such as container-selinux
+    built and tested together, and updated as frequently as every 12 weeks.
+  description: >-
+    Latest versions of podman, buildah, skopeo, runc, conmon, CRIU, Udica, etc as
+    well as dependencies such as container-selinux built and tested together, and
+    updated as frequently as every 12 weeks. Only very limited back ports are provided
+    to this stream, and most patches come from providing new versions.
+  license:
+    module:
+    - MIT
+  xmd:
+    mbs:
+      buildrequires:
+        go-toolset:
+          context: 76a129d7
+          filtered_rpms: []
+          koji_tag: module-go-toolset-rhel8-8060020220225171547-76a129d7
+          ref: 54faebd4b30ec1e8a6db8b9e55a040b73195928f
+          stream: rhel8
+          version: 8060020220225171547
+        golang-ecosystem:
+          context: cdc1202b
+          filtered_rpms: []
+          koji_tag: module-golang-ecosystem-1.0-8010020191120164442-cdc1202b
+          ref: a9bfdf33835d03622fc88ac8f1779ce78fde26fd
+          stream: 1.0
+          version: 8010020191120164442
+        platform:
+          context: 00000000
+          filtered_rpms: []
+          koji_tag: module-centos-8.7.0-build
+          ref: virtual
+          stream: el8.7.0
+          stream_collision_modules: 
+          ursine_rpms: 
+          version: 2
+      commit: b8b4a9b9e34d9f1142ad2179402435555cba6d03
+      mse: TRUE
+      rpms:
+        buildah:
+          ref: 17cbd977a20897d0a56f473e1cee6ba311f4f08d
+        cockpit-podman:
+          ref: e20cf9b04732ec315e5de1f3f7640d532e00a196
+        conmon:
+          ref: 8e6d71e10276adddd0e3006673ba29c8de5b7d6e
+        container-selinux:
+          ref: 82a06e13a51a021393ca557b5c60115117b256d8
+        containernetworking-plugins:
+          ref: 0ee1dcd3adb33dc22df3afdeb718ea17d86a82fb
+        containers-common:
+          ref: ae5259f7b0465eb9d34baeaa34abd9d752965f78
+        criu:
+          ref: 8125903a0d00c007a847b7c8d0fd1904647308c3
+        crun:
+          ref: 272673180332d604a272c115943c42be6f590053
+        fuse-overlayfs:
+          ref: 976923a0ffae5c917f18d53debd373707a994327
+        libslirp:
+          ref: 03fb499d131c7221b3406245a97e25ef55d4a6a0
+        oci-seccomp-bpf-hook:
+          ref: 8cf5168c9b06be3354d01e4831bb61b624b635d4
+        podman:
+          ref: 75ff1ff2271f83f436bb2a9f79fd590d3ffd2f37
+        python-podman:
+          ref: 6a477b18bb956e9912bf8ebf36fd98208d06addd
+        runc:
+          ref: 208f9e5087a3759faca0c41503e6055d74f4c7af
+        skopeo:
+          ref: 8f5d51b92f34b96b324d3f6772575cf05b11bc26
+        slirp4netns:
+          ref: 5d0adee995bc8ca6744cccd391cb3a3a12d85b6f
+        toolbox:
+          ref: e337f39e4ebd7c425f983cd4d98fbfaf382ba14d
+        udica:
+          ref: c488c22cd2edf985e0294537470eb52d8e9a7fec
+      scmurl: git+https://git.centos.org/modules/container-tools.git?#b8b4a9b9e34d9f1142ad2179402435555cba6d03
+      ursine_rpms: []
+  dependencies:
+  - buildrequires:
+      go-toolset: [rhel8]
+      golang-ecosystem: [1.0]
+      platform: [el8.7.0]
+    requires:
+      platform: [el8]
+  references:
+    community: https://github.com/projectatomic
+    documentation: https://projectatomic.io
+    tracker: https://github.com/projectatomic
+  profiles:
+    common:
+      rpms:
+      - buildah
+      - cockpit-podman
+      - conmon
+      - container-selinux
+      - containernetworking-plugins
+      - containers-common
+      - criu
+      - crun
+      - fuse-overlayfs
+      - libslirp
+      - podman
+      - python3-podman
+      - runc
+      - skopeo
+      - slirp4netns
+      - toolbox
+      - udica
+  api:
+    rpms:
+    - buildah
+    - conmon
+    - container-selinux
+    - containernetworking-plugins
+    - containers-common
+    - fuse-overlayfs
+    - libslirp
+    - podman
+    - podman-docker
+    - podman-manpages
+    - podman-remote
+    - python3-podman
+    - runc
+    - skopeo
+    - slirp4netns
+  buildopts:
+    rpms:
+      macros: >
+        %_with_ignore_tests 1
+  components:
+    rpms:
+      buildah:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/buildah
+        cache: https://git.centos.org/repo/pkgs/buildah
+        ref: 17cbd977a20897d0a56f473e1cee6ba311f4f08d
+        arches: [aarch64, i686, ppc64le, x86_64]
+      cockpit-podman:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/cockpit-podman
+        cache: https://git.centos.org/repo/pkgs/cockpit-podman
+        ref: e20cf9b04732ec315e5de1f3f7640d532e00a196
+        arches: [aarch64, i686, ppc64le, x86_64]
+      conmon:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/conmon
+        cache: https://git.centos.org/repo/pkgs/conmon
+        ref: 8e6d71e10276adddd0e3006673ba29c8de5b7d6e
+        arches: [aarch64, i686, ppc64le, x86_64]
+      container-selinux:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/container-selinux
+        cache: https://git.centos.org/repo/pkgs/container-selinux
+        ref: 82a06e13a51a021393ca557b5c60115117b256d8
+        arches: [aarch64, i686, ppc64le, x86_64]
+      containernetworking-plugins:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/containernetworking-plugins
+        cache: https://git.centos.org/repo/pkgs/containernetworking-plugins
+        ref: 0ee1dcd3adb33dc22df3afdeb718ea17d86a82fb
+        arches: [aarch64, i686, ppc64le, x86_64]
+      containers-common:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/containers-common
+        cache: https://git.centos.org/repo/pkgs/containers-common
+        ref: ae5259f7b0465eb9d34baeaa34abd9d752965f78
+        arches: [aarch64, i686, ppc64le, x86_64]
+      criu:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/criu
+        cache: https://git.centos.org/repo/pkgs/criu
+        ref: 8125903a0d00c007a847b7c8d0fd1904647308c3
+        arches: [aarch64, i686, ppc64le, x86_64]
+      crun:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/crun
+        cache: https://git.centos.org/repo/pkgs/crun
+        ref: 272673180332d604a272c115943c42be6f590053
+        arches: [aarch64, i686, ppc64le, x86_64]
+      fuse-overlayfs:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/fuse-overlayfs
+        cache: https://git.centos.org/repo/pkgs/fuse-overlayfs
+        ref: 976923a0ffae5c917f18d53debd373707a994327
+        arches: [aarch64, i686, ppc64le, x86_64]
+      libslirp:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/libslirp
+        cache: https://git.centos.org/repo/pkgs/libslirp
+        ref: 03fb499d131c7221b3406245a97e25ef55d4a6a0
+        buildorder: 18446744073709551615
+        arches: [aarch64, i686, ppc64le, x86_64]
+      oci-seccomp-bpf-hook:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/oci-seccomp-bpf-hook
+        cache: https://git.centos.org/repo/pkgs/oci-seccomp-bpf-hook
+        ref: 8cf5168c9b06be3354d01e4831bb61b624b635d4
+        arches: [aarch64, i686, ppc64le, x86_64]
+      podman:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/podman
+        cache: https://git.centos.org/repo/pkgs/podman
+        ref: 75ff1ff2271f83f436bb2a9f79fd590d3ffd2f37
+        arches: [aarch64, i686, ppc64le, x86_64]
+      python-podman:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/python-podman
+        cache: https://git.centos.org/repo/pkgs/python-podman
+        ref: 6a477b18bb956e9912bf8ebf36fd98208d06addd
+        arches: [aarch64, i686, ppc64le, x86_64]
+      runc:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/runc
+        cache: https://git.centos.org/repo/pkgs/runc
+        ref: 208f9e5087a3759faca0c41503e6055d74f4c7af
+        arches: [aarch64, i686, ppc64le, x86_64]
+      skopeo:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/skopeo
+        cache: https://git.centos.org/repo/pkgs/skopeo
+        ref: 8f5d51b92f34b96b324d3f6772575cf05b11bc26
+        arches: [aarch64, i686, ppc64le, x86_64]
+      slirp4netns:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/slirp4netns
+        cache: https://git.centos.org/repo/pkgs/slirp4netns
+        ref: 5d0adee995bc8ca6744cccd391cb3a3a12d85b6f
+        arches: [aarch64, i686, ppc64le, x86_64]
+      toolbox:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/toolbox
+        cache: https://git.centos.org/repo/pkgs/toolbox
+        ref: e337f39e4ebd7c425f983cd4d98fbfaf382ba14d
+        arches: [aarch64, i686, ppc64le, x86_64]
+      udica:
+        rationale: Primary component of this module
+        repository: git+https://git.centos.org/rpms/udica
+        cache: https://git.centos.org/repo/pkgs/udica
+        ref: c488c22cd2edf985e0294537470eb52d8e9a7fec
+        arches: [aarch64, i686, ppc64le, x86_64]
+...

gating.yaml

@@ -0,0 +1,8 @@
+# recipients: jnovy, santiago, lsm5
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate_modules
+subject_type: redhat-module
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.redhat-module.tier0.functional}

tests/roles/bats_installed/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+# Sigh; RHEL8 doesn't have BATS
+- name: bats | fetch and unpack tarball
+  unarchive:
+    src: https://github.com/bats-core/bats-core/archive/v1.1.0.tar.gz
+    dest: /root
+    remote_src: true
+
+- name: bats | install
+  command: ./install.sh /usr/local
+  args:
+    chdir: /root/bats-core-1.1.0

tests/roles/fetch_pkg/tasks/main.yml

@@ -0,0 +1,36 @@
+# standard role for fetching a package dist-git into the Ansible controller for running its tests
+# variables:
+# - package: dist-git source package name
+# - modulemd: file name of module metadata description, for getting correct branch name
+---
+- name: Install git
+  dnf: name=git state=installed
+
+- name: Clone package dist-git
+  git:
+    repo: git://pkgs.devel.redhat.com/rpms/{{ package }}
+    # read package branch from module md file
+    version: "{{ (lookup('file', modulemd) | from_yaml)['data']['components']['rpms'][package]['ref'] }}"
+    dest: "/tmp/packages/{{ package }}"
+
+# fetch can only get a single file, so we have to do this in a loop
+- name: Get package test file list
+  find:
+    paths: "/tmp/packages/{{ package }}/tests"
+    recurse: yes
+  register: test_files_to_fetch
+
+- name: Copy package test files to controller
+  fetch:
+    src: "{{ item.path }}"
+    # strip off /tmp/ prefix
+    dest: "{{ playbook_dir }}/{{ item.path[5:] }}"
+    flat: yes
+  with_items: "{{ test_files_to_fetch.files }}"
+
+- name: Copy package files
+  fetch:
+    src: "/tmp/packages/{{ package }}/{{ item }}"
+    dest: "{{ playbook_dir }}/packages/{{ package }}/"
+    flat: yes
+  with_items: ["{{ package }}.spec", "sources"]

tests/roles/nonroot_user/tasks/main.yml

@@ -0,0 +1,7 @@
+---
+- name: create nonroot user
+  user:
+    name: testuser
+    shell: /bin/bash
+- name: enable linger
+  command: loginctl enable-linger testuser

tests/roles/run_bats_tests/files/helper.buildah-root.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+#
+# setup and teardown helpers for buildah test
+#
+
+function setup() {
+    REGISTRY_FQIN=quay.io/libpod/registry:2
+
+    AUTHDIR=/tmp/buildah-tests-auth.$$
+    mkdir -p $AUTHDIR
+
+    CERT=$AUTHDIR/domain.crt
+    if [ ! -e $CERT ]; then
+        openssl req -newkey rsa:4096 -nodes -sha256 \
+                -keyout $AUTHDIR/domain.key -x509 -days 2 \
+                -out $AUTHDIR/domain.crt \
+                -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=localhost"
+    fi
+
+    if [ ! -e $AUTHDIR/htpasswd ]; then
+        htpasswd -Bbn testuser testpassword > $AUTHDIR/htpasswd
+    fi
+
+    podman run -d -p 5000:5000 \
+           --name registry \
+           -v $AUTHDIR:/auth:Z \
+           -e "REGISTRY_AUTH=htpasswd" \
+           -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
+           -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
+           -e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \
+           -e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \
+           $REGISTRY_FQIN
+}
+
+function teardown() {
+    podman rm -f registry
+}

tests/roles/run_bats_tests/files/run_bats_tests.sh

@@ -0,0 +1,103 @@
+#!/bin/bash
+#
+# Run bats tests for a given $TEST_PACKAGE, e.g. buildah, podman
+#
+# This is invoked by the 'run_bats_tests' role; we assume that
+# the package foo has a foo-tests subpackage which provides the
+# directory /usr/share/foo/test/system, containing one or more .bats
+# test files.
+#
+
+export PATH=/usr/local/bin:/usr/sbin:/usr/bin
+
+# Keep all logs in /tmp/artifacts - this seems to be an undocumented
+# (and therefore dangerous and unreliable) convention of the Standard
+# Test Roles package. As of 2020-05 we have to coexist with cockpit
+# which uses standard-test-basic, which means we need to conform to
+# its conventions.
+# We rely on our parent playbook to create /tmp/artifacts and make it
+# world-writable so nonroot tests can use it.
+TEST_LOG_TXT=/tmp/artifacts/test.log
+TEST_LOG_YML=/tmp/artifacts/results.yml
+
+# "podman root" -> "podman-root"
+testname_oneword=${TEST_NAME// /-}
+
+FULL_LOG=/tmp/artifacts/test.${testname_oneword}.debug.log
+BATS_LOG=/tmp/artifacts/test.${testname_oneword}.bats.log
+rm -f $FULL_LOG $BATS_LOG
+touch $FULL_LOG $BATS_LOG
+
+exec &> $FULL_LOG
+
+# Log program versions
+echo "Packages:"
+(
+    uname -r
+    rpm -qa |\
+        egrep 'buildah|conmon|container|crun|iptable|podman|runc|skopeo|slirp|systemd' |\
+        sort
+) | sed -e 's/^/  /'
+
+echo "------------------------------"
+printenv | sort
+
+testdir=/usr/share/${TEST_PACKAGE}/test/system
+
+if ! cd $testdir; then
+    echo "FAIL ${TEST_NAME} : cd $testdir"      >> $TEST_LOG_TXT
+    echo "- { test: '${TEST_NAME}', result: error, logs: [ $(basename $FULL_LOG) ] }" >> $TEST_LOG_YML
+    exit 0
+fi
+
+if [ -e /tmp/helper.sh ]; then
+    echo "------------------------------"
+    echo ". /tmp/helper.sh"
+    . /tmp/helper.sh
+fi
+
+if [ "$(type -t setup)" = "function" ]; then
+    echo "------------------------------"
+    echo "\$ setup"
+    setup
+    if [ $? -ne 0 ]; then
+        echo "FAIL ${TEST_NAME} : setup"       >> $TEST_LOG_TXT
+        echo "- { test: '${TEST_NAME}', result: error, logs: [ $(basename $FULL_LOG) ] }" >> $TEST_LOG_YML
+        exit 0
+    fi
+fi
+
+echo "------------------------------"
+echo "\$ bats ."
+TMPDIR=/var/tmp bats . &> $BATS_LOG
+rc=$?
+
+echo "------------------------------"
+echo "bats completed with status $rc"
+
+status=PASS
+if [ $rc -ne 0 ]; then
+    status=FAIL
+fi
+
+echo "${status} ${TEST_NAME}" >> $TEST_LOG_TXT
+
+# Append a stanza to results.yml
+(
+    echo "- test: ${TEST_NAME}"
+    # pass/fail - the ',,' (comma comma) converts to lower-case
+    echo "  result: ${status,,}"
+    echo "  logs:"
+    echo "  - $(basename $BATS_LOG)"
+    echo "  - $(basename $FULL_LOG)"
+)  >> $TEST_LOG_YML
+
+
+if [ "$(type -t teardown)" = "function" ]; then
+    echo "------------------------------"
+    echo "\$ teardown"
+    teardown
+fi
+
+# FIXME: for CI purposes, always exit 0. This allows subsequent tests.
+exit 0

tests/roles/run_bats_tests/tasks/main.yml

@@ -0,0 +1,50 @@
+---
+# Create a directory for artifacts on remote host
+- name: create remote artifacts directory
+  file:
+    path: /tmp/artifacts
+    state: directory
+    mode: 0777
+
+# Create empty results file, world-writable so rootless test can log to it
+- name: initialize test.log file
+  copy: dest=/tmp/artifacts/test.log content='' force=yes mode=0666
+
+# Same with results.yml file
+- name: initialize results.yml file
+  copy: dest=/tmp/artifacts/results.yml content='results:\n' force=yes mode=0666
+
+- name: execute tests
+  include: run_one_test.yml
+  with_items: "{{ tests }}"
+  loop_control:
+    loop_var: test
+
+- name: pull test.log and results.yml
+  fetch:
+    src: "{{ item }}"
+    dest: "{{ artifacts }}/"
+    flat: yes
+  with_items:
+    - /tmp/artifacts/test.log
+    - /tmp/artifacts/results.yml
+
+# Copied from standard-test-basic
+- name: check results
+  shell: grep "^FAIL" /tmp/artifacts/test.log
+  register: test_fails
+  # Never fail at this step. Just store result of tests.
+  failed_when: False
+
+- name: preserve results
+  set_fact:
+    role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}"
+    role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}"
+
+- name: display results
+  vars:
+    msg: |
+       Tests failed: {{ role_result_failed|d('Undefined') }}
+       Tests msg: {{ role_result_msg|d('None') }}
+  debug:
+    msg: "{{ msg.split('\n') }}"

tests/roles/run_bats_tests/tasks/run_one_test.yml

@@ -0,0 +1,52 @@
+---
+- name: "{{ test.name }} | install test packages"
+  dnf: name="{{ test.package }}-tests" state=installed
+
+- name: "{{ test.name }} | define helper variables"
+  set_fact:
+    test_name_oneword: "{{ test.name | replace(' ','-') }}"
+
+# UGH. This is necessary because our caller sets some environment variables
+# and we need to set a few more based on other caller variables; then we
+# need to combine the two dicts when running the test. This seems to be
+# the only way to do it in ansible.
+- name: "{{ test.name }} | define local environment"
+  set_fact:
+    local_environment:
+      TEST_NAME:    "{{ test.name }}"
+      TEST_PACKAGE: "{{ test.package }}"
+      TEST_ENV:     "{{ test.environment }}"
+
+- name: "{{ test.name }} | setup/teardown helper | see if exists"
+  local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh
+  register: helper
+
+- name: "{{ test.name }} | setup/teardown helper | install"
+  copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh
+  when: helper.stat.exists
+
+- name: "{{ test.name }} | run test"
+  script: ./run_bats_tests.sh
+  args:
+    chdir: /usr/share/{{ test.package }}/test/system
+  become: "{{ true if test.become is defined else false }}"
+  become_user: testuser
+  environment: "{{ local_environment | combine(test.environment) }}"
+
+- name: "{{ test.name }} | pull logs"
+  fetch:
+    src: "/tmp/artifacts/test.{{ test_name_oneword }}.{{ item }}.log"
+    dest: "{{ artifacts }}/"
+    flat: yes
+  with_items:
+    - bats
+    - debug
+
+- name: "{{ test.name }} | remove remote logs and helpers"
+  file:
+    dest=/tmp/{{ item }}
+    state=absent
+  with_items:
+    - artifacts/test.{{ test_name_oneword }}.bats.log
+    - artifacts/test.{{ test_name_oneword }}.debug.log
+    - helper.sh

tests/tests.yml

@@ -0,0 +1,48 @@
+---
+- hosts: localhost
+  tags:  classic
+  vars:
+  - artifacts: ./artifacts
+  roles:
+  - role: bats_installed
+  - role: nonroot_user
+  - role: run_bats_tests
+    tests:
+    - name:    podman root
+      package: podman
+      environment:
+        PODMAN: /usr/bin/podman
+
+    - name:    podman nonroot
+      package: podman
+      environment:
+        PODMAN: /usr/bin/podman
+      become:  true
+
+      #- name:    podman-remote root
+      #package: podman
+      #environment:
+      #  PODMAN: /usr/bin/podman-remote
+
+    - name:    buildah root
+      package: buildah
+      environment:
+        BUILDAH_BINARY: /usr/bin/buildah
+        IMGTYPE_BINARY: /usr/bin/buildah-imgtype
+        COPY_BINARY: /usr/bin/buildah-copy
+
+    - name:    skopeo root
+      package: skopeo
+      environment:
+        SKOPEO_BINARY: /usr/bin/skopeo
+
+  # cockpit-podman
+  - role: fetch_pkg
+    package: cockpit-podman
+    modulemd: ../container-tools.yaml
+  tasks:
+  - include_role:
+      name: ./packages/cockpit-podman/tests/roles/test
+    vars:
+      pkgdir: ./packages/cockpit-podman/
+      test_script_dir: tests