Merge ostree-ext

xref ostreedev/ostree-rs-ext#675 Basically I see bootc as the successor/inheritor of the original ostree-container work. It will help us close the loop faster on things to merge it into this project. Signed-off-by: Colin Walters <[email protected]>
cgwalters · Nov 5, 2024 · 52dd6c6 · 52dd6c6
1 parent 07593a0
commit 52dd6c6
Show file tree

Hide file tree

Showing 66 changed files with 15,275 additions and 4 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,5 +1,5 @@
 [workspace]
-members = ["cli", "lib", "xtask", "tests-integration"]
+members = ["cli", "lib", "ostree-ext", "xtask", "tests-integration"]
 resolver = "2"
 
 [profile.dev]

diff --git a/lib/Cargo.toml b/lib/Cargo.toml
@@ -19,7 +19,7 @@ anstyle = "1.0.6"
 anyhow = { workspace = true }
 bootc-utils = { path = "../utils" }
 camino = { workspace = true, features = ["serde1"] }
-ostree-ext = { version = "0.15.0" }
+ostree-ext = { path = "../ostree-ext" }
 chrono = { workspace = true, features = ["serde"] }
 clap = { workspace = true, features = ["derive","cargo"] }
 clap_mangen = { version = "0.2.20", optional = true }

diff --git a/ostree-ext/.github/workflows/bootc.yml b/ostree-ext/.github/workflows/bootc.yml
@@ -0,0 +1,65 @@
+name: bootc
+
+permissions:
+  actions: read
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  workflow_dispatch: {}
+
+jobs:
+  build-c9s:
+    runs-on: ubuntu-latest
+    container: quay.io/centos/centos:stream9
+    steps:
+      - run: dnf -y install git-core
+      - uses: actions/checkout@v3
+        with:
+          repository: containers/bootc
+          path: bootc
+      - uses: actions/checkout@v3
+        with:
+          path: ostree-rs-ext
+      - name: Patch bootc to use ostree-rs-ext
+        run: |
+          set -xeuo pipefail
+          cd bootc
+          cat >> Cargo.toml << 'EOF'
+          [patch.crates-io]
+          ostree-ext = { path = "../ostree-rs-ext/lib" }
+          EOF
+      - name: Install deps
+        run: ./bootc/ci/installdeps.sh
+      - name: Cache Dependencies
+        uses: Swatinem/rust-cache@v2
+        with:
+          key: "build-bootc-c9s"
+          workspaces: bootc
+      - name: Build
+        run: cd bootc && make test-bin-archive
+      - name: Upload binary
+        uses: actions/upload-artifact@v4
+        with:
+          name: bootc-c9s.tar.zst
+          path: bootc/target/bootc.tar.zst
+  privtest-alongside:
+    name: "Test install-alongside"
+    needs: build-c9s
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download
+        uses: actions/[email protected]
+        with:
+          name: bootc-c9s.tar.zst
+      - name: Install
+        run: tar -xvf bootc.tar.zst
+      - name: Integration tests
+        run: |
+          set -xeuo pipefail
+          sudo podman run --rm -ti --privileged -v /:/target -v /var/lib/containers:/var/lib/containers -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable \
+            quay.io/centos-bootc/centos-bootc-dev:stream9 bootc install to-filesystem \
+            --karg=foo=bar --disable-selinux --replace=alongside /target
+
diff --git a/ostree-ext/.github/workflows/rust.yml b/ostree-ext/.github/workflows/rust.yml
@@ -0,0 +1,184 @@
+# Inspired by https://github.com/rust-analyzer/rust-analyzer/blob/master/.github/workflows/ci.yaml
+# but tweaked in several ways.  If you make changes here, consider doing so across other
+# repositories in e.g. ostreedev etc.
+name: Rust
+
+permissions:
+  actions: read
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  workflow_dispatch: {}
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
+    steps:
+      - uses: actions/checkout@v3
+      - name: Code lints
+        run: ./ci/lints.sh
+      - name: Install deps
+        run: ./ci/installdeps.sh
+      # xref containers/containers-image-proxy-rs
+      - name: Cache Dependencies
+        uses: Swatinem/rust-cache@v2
+        with:
+          key: "tests"
+      - name: cargo fmt (check)
+        run: cargo fmt -- --check -l
+      - name: Build
+        run: cargo test --no-run
+      - name: Individual checks
+        run: (cd cli && cargo check) && (cd lib && cargo check)
+      - name: Run tests
+        run: cargo test -- --nocapture --quiet
+      - name: Manpage generation
+        run: mkdir -p target/man && cargo run --features=docgen -- man --directory target/man
+      - name: cargo clippy
+        run: cargo clippy
+  build:
+    runs-on: ubuntu-latest
+    container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install deps
+        run: ./ci/installdeps.sh
+      - name: Cache Dependencies
+        uses: Swatinem/rust-cache@v2
+        with:
+          key: "build"
+      - name: Build
+        run: cargo build --release --features=internal-testing-api
+      - name: Upload binary
+        uses: actions/upload-artifact@v4
+        with:
+          name: ostree-ext-cli
+          path: target/release/ostree-ext-cli
+  build-minimum-toolchain:
+    name: "Build using MSRV"
+    runs-on: ubuntu-latest
+    container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Install deps
+        run: ./ci/installdeps.sh
+      - name: Detect crate MSRV
+        shell: bash
+        run: |
+          msrv=$(cargo metadata --format-version 1 --no-deps | \
+              jq -r '.packages[1].rust_version')
+          echo "Crate MSRV: $msrv"
+          echo "ACTION_MSRV_TOOLCHAIN=$msrv" >> $GITHUB_ENV
+      - name: Remove system Rust toolchain
+        run: dnf remove -y rust cargo
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN']  }}
+      - name: Cache Dependencies
+        uses: Swatinem/rust-cache@v2
+        with:
+          key: "min"
+      - name: cargo check
+        run: cargo check
+  cargo-deny:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: EmbarkStudios/cargo-deny-action@v1
+      with:
+        log-level: warn
+        command: check bans sources licenses
+  integration:
+    name: "Integration"
+    needs: build
+    runs-on: ubuntu-latest
+    container: quay.io/fedora/fedora-coreos:testing-devel
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Download ostree-ext-cli
+        uses: actions/[email protected]
+        with:
+          name: ostree-ext-cli
+      - name: Install
+        run: install ostree-ext-cli /usr/bin && rm -v ostree-ext-cli
+      - name: Integration tests
+        run: ./ci/integration.sh
+  ima:
+    name: "Integration (IMA)"
+    needs: build
+    runs-on: ubuntu-latest
+    container: quay.io/fedora/fedora-coreos:testing-devel
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Download ostree-ext-cli
+        uses: actions/[email protected]
+        with:
+          name: ostree-ext-cli
+      - name: Install
+        run: install ostree-ext-cli /usr/bin && rm -v ostree-ext-cli
+      - name: Integration tests
+        run: ./ci/ima.sh
+  privtest:
+    name: "Privileged testing"
+    needs: build
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/fedora/fedora-coreos:testing-devel
+      options: "--privileged --pid=host -v /var/tmp:/var/tmp -v /run/dbus:/run/dbus -v /run/systemd:/run/systemd -v /:/run/host"
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Download
+        uses: actions/[email protected]
+        with:
+          name: ostree-ext-cli
+      - name: Install
+        run: install ostree-ext-cli /usr/bin && rm -v ostree-ext-cli
+      - name: Integration tests
+        run: ./ci/priv-integration.sh
+  privtest-cockpit:
+    name: "Privileged testing (cockpit)"
+    needs: build
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/fedora/fedora-bootc:41
+      options: "--privileged --pid=host -v /var/tmp:/var/tmp -v /run/dbus:/run/dbus -v /run/systemd:/run/systemd -v /:/run/host"
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Download
+        uses: actions/[email protected]
+        with:
+          name: ostree-ext-cli
+      - name: Install
+        run: install ostree-ext-cli /usr/bin && rm -v ostree-ext-cli
+      - name: Integration tests
+        run: ./ci/priv-test-cockpit-selinux.sh
+  container-build:
+    name: "Container build"
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Checkout coreos-layering-examples
+        uses: actions/checkout@v3
+        with:
+          repository: coreos/coreos-layering-examples
+          path: coreos-layering-examples
+      - name: Download
+        uses: actions/[email protected]
+        with:
+          name: ostree-ext-cli
+      - name: Integration tests
+        run: ./ci/container-build-integration.sh
diff --git a/ostree-ext/.gitignore b/ostree-ext/.gitignore
@@ -0,0 +1,7 @@
+example
+
+
+# Added by cargo
+
+/target
+Cargo.lock