TMT: enable podman reverse dependency tests

Resolves: RHEL-69441 Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2024-12-04 20:26:52 +05:30 · 2024-12-04 20:26:52 +05:30 · 1cc567800a
commit 1cc567800a
parent 722aba4e04
8 changed files with 180 additions and 69 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
+1
--- a/.packit.yaml
+++ b/.packit.yaml
@ -2,30 +2,75 @@
 # See the documentation for more information:
 # https://packit.dev/docs/configuration/

-specfile_path: rpm/container-selinux.spec
+downstream_package_name: container-selinux
 upstream_tag_template: v{version}

+# Ref: https://packit.dev/docs/configuration#files_to_sync
+files_to_sync:
+  - src: rpm/gating.yaml
+    dest: gating.yaml
+    delete: true
+  - src: plans/
+    dest: plans/
+    delete: true
+  - src: test/
+    dest: test/
+    delete: true
+  - src: .fmf/
+    dest: .fmf/
+    delete: true
+  - .packit.yaml
+
+packages:
+  container-selinux-fedora:
+    pkg_tool: fedpkg
+    specfile_path: rpm/container-selinux.spec
+  container-selinux-centos:
+    pkg_tool: centpkg
+    specfile_path: rpm/container-selinux.spec
+  container-selinux-eln:
+    specfile_path: rpm/container-selinux.spec
+
 srpm_build_deps:
  - make

 jobs:
  - job: copr_build
    trigger: pull_request
-    notifications:
+    packages: [container-selinux-fedora]
+    notifications: &copr_build_failure_notification
      failure_comment:
        message: "Ephemeral COPR build failed. @containers/packit-build please check."
    enable_net: true
    # container-selinux is noarch so we only need to test on one arch
+    targets: &fedora_copr_targets
+      - fedora-development
+      - fedora-latest
+      - fedora-ltest-stable
+      - fedora-40
+
+  - job: copr_build
+    trigger: pull_request
+    packages: [container-selinux-eln]
+    notifications: *copr_build_failure_notification
+    enable_net: true
    targets:
-      - fedora-all
      - fedora-eln
-      - epel-9
-      - epel-8
+
+  - job: copr_build
+    trigger: pull_request
+    packages: [container-selinux-centos]
+    notifications: *copr_build_failure_notification
+    enable_net: true
+    targets: &centos_copr_targets
+      - centos-stream-9
+      - centos-stream-10

  # Run on commit to main branch
  # Build targets managed in copr settings
  - job: copr_build
    trigger: commit
+    packages: [container-selinux-fedora]
    notifications:
      failure_comment:
        message: "podman-next COPR build failed. @containers/packit-build please check."
@ -35,67 +80,51 @@ jobs:
    enable_net: true

  # All tests specified in the `/plans/` subdir
-  # Podman e2e tests for Fedora and CentOS Stream
+  # Tests for Fedora
  - job: tests
    trigger: pull_request
-    notifications:
+    packages: [container-selinux-fedora]
+    notifications: &test_failure_notification
      failure_comment:
-        message: "podman e2e tests failed. @containers/packit-build please check."
-    targets: &pr_test_targets
-      - fedora-all
-      - epel-9
-      - epel-8
-    identifier: podman_e2e_test
-    tmt_plan: "/plans/podman_e2e_test"
+        message: "Tests failed. @containers/packit-build please check."
+    targets: *fedora_copr_targets
+    tf_extra_params:
+      environments:
+        - artifacts:
+          - type: repository-file
+            id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo

-  # Podman system tests for Fedora and CentOS Stream
+  # Tests for CentOS Stream
  - job: tests
    trigger: pull_request
-    notifications:
-      failure_comment:
-        message: "podman system tests failed. @containers/packit-build please check."
-    targets: *pr_test_targets
-    identifier: podman_system_test
-    tmt_plan: "/plans/podman_system_test"
-
-  # Podman e2e tests for RHEL
-  - job: tests
-    trigger: pull_request
-    use_internal_tf: true
-    notifications:
-      failure_comment:
-        message: "podman e2e tests failed on RHEL. @containers/packit-build please check."
-    targets: &pr_test_targets_rhel
-      epel-9-x86_64:
-        distros: [RHEL-9.3.0-Nightly,RHEL-9.4.0-Nightly]
-      epel-8-x86_64:
-        distros: [RHEL-8.9.0-Nightly,RHEL-8.10.0-Nightly]
-    identifier: podman_e2e_test_internal
-    tmt_plan: "/plans/podman_e2e_test"
-
-  # Podman system tests for RHEL
-  - job: tests
-    trigger: pull_request
-    use_internal_tf: true
-    notifications:
-      failure_comment:
-        message: "podman system tests failed on RHEL. @containers/packit-build please check."
-    targets: *pr_test_targets_rhel
-    identifier: podman_system_test_internal
-    tmt_plan: "/plans/podman_system_test"
+    packages: [container-selinux-centos]
+    notifications: *test_failure_notification
+    targets: *centos_copr_targets
+    tf_extra_params:
+      environments:
+        - artifacts:
+          - type: repository-file
+            id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/centos-stream-$releasever/rhcontainerbot-podman-next-centos-stream-$releasever.repo

  - job: propose_downstream
    trigger: release
-    update_release: false
-    dist_git_branches:
+    packages: [container-selinux-fedora]
+    dist_git_branches: &fedora_targets
      - fedora-all

+  - job: propose_downstream
+    trigger: release
+    packages: [container-selinux-centos]
+    dist_git_branches:
+      - c10s
+
  - job: koji_build
    trigger: commit
-    dist_git_branches:
-      - fedora-all
+    packages: [container-selinux-fedora]
+    dist_git_branches: *fedora_targets

  - job: bodhi_update
    trigger: commit
+    packages: [container-selinux-fedora]
    dist_git_branches:
      - fedora-branched # rawhide updates are created automatically
--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +1,12 @@
-# recipients: jnovy, lsm5, santiago
 --- !Policy
 product_versions:
-  - rhel-10
+  - fedora-*
+decision_context: bodhi_update_push_stable
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+
+--- !Policy
+product_versions:
+  - rhel-*
 decision_context: osci_compose_gate
 rules: []
--- a/plans/main.fmf
+++ b/plans/main.fmf
@ -0,0 +1,40 @@
+discover:
+    how: fmf
+execute:
+    how: tmt
+adjust:
+    - when: initiator == packit
+      because: "We need to test with updated packages from rhcontainerbot/podman-next copr"
+      prepare+:
+        how: shell
+        script: |
+            sed -i -n '/^priority=/!p;$apriority=1' /etc/yum.repos.d/*podman-next*.repo
+            dnf -y upgrade --allowerasing
+    # FIXME: Use epel10 once bats is available there
+    - when: distro == centos-stream-10 or distro == rhel-10
+      because: "bats isn't yet available on epel10"
+      prepare+:
+        how: install
+        copr: rhcontainerbot/bats-el10
+        package: bats
+    - when: distro == centos-stream-9 or distro == rhel-9
+      because: "bats is present on EPEL on rhel9 / c9s"
+      prepare+:
+        how: feature
+        epel: enabled
+
+/upstream:
+    summary: Run SELinux specific Podman tests on upstream PRs
+    discover+:
+        filter: tag:upstream
+    adjust+:
+        - enabled: false
+          when: initiator is not defined or initiator != packit
+
+/downstream:
+    summary: Run SELinux specific Podman tests on bodhi / errata and dist-git PRs
+    discover+:
+        filter: tag:downstream
+    adjust+:
+        - enabled: false
+          when: initiator == packit
--- a/test/Makefile
+++ b/test/Makefile
@ -0,0 +1,16 @@
+.PHONY: basic_check
+basic_check:
+	semodule --list=full | grep container
+	semodule -B
+	rpm -Vqf /var/lib/selinux/*/active/modules/200/container
+
+.PHONY: podman_e2e_test
+podman_e2e_test:
+	bash ./podman-tests.sh e2e
+
+.PHONY: podman_system_test
+podman_system_test:
+	bash ./podman-tests.sh system
+
+clean:
+	rm -rf podman-*dev* podman.spec
--- a/test/main.fmf
+++ b/test/main.fmf
@ -0,0 +1,19 @@
+require:
+    - bats
+    - container-selinux
+    - cpio
+    - golang
+    - make
+    - podman
+    - podman-tests
+    - policycoreutils
+
+/basic_check:
+    tag: [ upstream, downstream ]
+    summary: Run basic checks
+    test: make basic_check
+
+/podman_system_test:
+    tag: [ upstream, downstream ]
+    summary: Run SELinux specific Podman system tests
+    test: make podman_system_test
--- a/test/podman-tests.sh
+++ b/test/podman-tests.sh
@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -exo pipefail
+
+cat /etc/redhat-release
+
+if [[ "$(id -u)" -ne 0 ]];then
+    echo "Please run as superuser"
+    exit 1
+fi
+
+# Print versions of distro and installed packages
+rpm -q bats container-selinux golang podman podman-tests selinux-policy
+
+# Run podman system tests
+bats /usr/share/podman/test/system/410-selinux.bats
--- a/tests/tests.yml
+++ b/tests/tests.yml
@ -1,16 +0,0 @@
- hosts: localhost
-  tags:
-  - classic
-  roles:
-  - role: standard-test-basic
-    required_packages:
-    - policycoreutils
-    - container-selinux
-    - podman
-    tests:
-    - is-module-installed:
-        run: semodule --list=full | grep container
-    - can-rebuild-policy:
-        run: semodule -B
-    - can-run-podman:
-        run: podman run --rm quay.io/libpod/testimage:20210610 cat -v /proc/self/attr/current