Merge pull request containers#875 from cgwalters/merge-ostree-rs-ext

Merge ostree-ext

Cargo.toml

@@ -1,5 +1,5 @@
 [workspace]
-members = ["cli", "lib", "xtask", "tests-integration"]
+members = ["cli", "lib", "ostree-ext", "xtask", "tests-integration"]
 resolver = "2"
 
 [profile.dev]
@@ -23,9 +23,13 @@ camino = "1.1.6"
 cap-std-ext = "4.0.2"
 chrono = { version = "0.4.38", default-features = false }
 clap = "4.5.4"
+clap_mangen = { version = "0.2.20" }
+hex = "0.4.3"
 indoc = "2.0.5"
+indicatif = "0.17.0"
 fn-error-context = "0.2.1"
 libc = "0.2.154"
+openssl = "0.10.33"
 rustix = { "version" = "0.38.34", features = ["thread", "fs", "system", "process", "mount"] }
 serde = "1.0.199"
 serde_json = "1.0.116"
@@ -34,6 +38,7 @@ static_assertions = "1.1.0"
 tempfile = "3.10.1"
 tracing = "0.1.40"
 tokio = ">= 1.37.0"
+tokio-util = { features = ["io-util"], version = "0.7.10" }
 
 # See https://github.com/coreos/cargo-vendor-filterer
 [workspace.metadata.vendor-filter]

lib/Cargo.toml

@@ -19,18 +19,18 @@ anstyle = "1.0.6"
 anyhow = { workspace = true }
 bootc-utils = { path = "../utils" }
 camino = { workspace = true, features = ["serde1"] }
-ostree-ext = { version = "0.15.0" }
+ostree-ext = { path = "../ostree-ext" }
 chrono = { workspace = true, features = ["serde"] }
 clap = { workspace = true, features = ["derive","cargo"] }
-clap_mangen = { version = "0.2.20", optional = true }
+clap_mangen = { workspace = true, optional = true }
 cap-std-ext = { workspace = true, features = ["fs_utf8"] }
-hex = "^0.4.3"
+hex = { workspace = true }
 fn-error-context = { workspace = true }
-indicatif = "0.17.8"
+indicatif = { workspace = true }
 libc = { workspace = true }
 liboverdrop = "0.1.0"
 libsystemd = "0.7"
-openssl = "^0.10.64"
+openssl = { workspace = true }
 regex = "1.10.4"
 rustix = { workspace = true }
 schemars = { version = "0.8.17", features = ["chrono"] }
@@ -39,7 +39,7 @@ serde_ignored = "0.1.10"
 serde_json = { workspace = true }
 serde_yaml = "0.9.34"
 tokio = { workspace = true, features = ["io-std", "time", "process", "rt", "net"] }
-tokio-util = { features = ["io-util"], version = "0.7.10" }
+tokio-util = { workspace = true }
 tracing = { workspace = true }
 tempfile = { workspace = true }
 toml = "0.8.12"

ostree-ext/.github/workflows/bootc.yml

@@ -0,0 +1,65 @@
+name: bootc
+
+permissions:
+  actions: read
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  workflow_dispatch: {}
+
+jobs:
+  build-c9s:
+    runs-on: ubuntu-latest
+    container: quay.io/centos/centos:stream9
+    steps:
+      - run: dnf -y install git-core
+      - uses: actions/checkout@v3
+        with:
+          repository: containers/bootc
+          path: bootc
+      - uses: actions/checkout@v3
+        with:
+          path: ostree-rs-ext
+      - name: Patch bootc to use ostree-rs-ext
+        run: |
+          set -xeuo pipefail
+          cd bootc
+          cat >> Cargo.toml << 'EOF'
+          [patch.crates-io]
+          ostree-ext = { path = "../ostree-rs-ext/lib" }
+          EOF
+      - name: Install deps
+        run: ./bootc/ci/installdeps.sh
+      - name: Cache Dependencies
+        uses: Swatinem/rust-cache@v2
+        with:
+          key: "build-bootc-c9s"
+          workspaces: bootc
+      - name: Build
+        run: cd bootc && make test-bin-archive
+      - name: Upload binary
+        uses: actions/upload-artifact@v4
+        with:
+          name: bootc-c9s.tar.zst
+          path: bootc/target/bootc.tar.zst
+  privtest-alongside:
+    name: "Test install-alongside"
+    needs: build-c9s
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download
+        uses: actions/[email protected]
+        with:
+          name: bootc-c9s.tar.zst
+      - name: Install
+        run: tar -xvf bootc.tar.zst
+      - name: Integration tests
+        run: |
+          set -xeuo pipefail
+          sudo podman run --rm -ti --privileged -v /:/target -v /var/lib/containers:/var/lib/containers -v ./usr/bin/bootc:/usr/bin/bootc --pid=host --security-opt label=disable \
+            quay.io/centos-bootc/centos-bootc-dev:stream9 bootc install to-filesystem \
+            --karg=foo=bar --disable-selinux --replace=alongside /target
+

ostree-ext/.github/workflows/rust.yml

@@ -0,0 +1,184 @@
+# Inspired by https://github.com/rust-analyzer/rust-analyzer/blob/master/.github/workflows/ci.yaml
+# but tweaked in several ways.  If you make changes here, consider doing so across other
+# repositories in e.g. ostreedev etc.
+name: Rust
+
+permissions:
+  actions: read
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  workflow_dispatch: {}
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
+    steps:
+      - uses: actions/checkout@v3
+      - name: Code lints
+        run: ./ci/lints.sh
+      - name: Install deps
+        run: ./ci/installdeps.sh
+      # xref containers/containers-image-proxy-rs
+      - name: Cache Dependencies
+        uses: Swatinem/rust-cache@v2
+        with:
+          key: "tests"
+      - name: cargo fmt (check)
+        run: cargo fmt -- --check -l
+      - name: Build
+        run: cargo test --no-run
+      - name: Individual checks
+        run: (cd cli && cargo check) && (cd lib && cargo check)
+      - name: Run tests
+        run: cargo test -- --nocapture --quiet
+      - name: Manpage generation
+        run: mkdir -p target/man && cargo run --features=docgen -- man --directory target/man
+      - name: cargo clippy
+        run: cargo clippy
+  build:
+    runs-on: ubuntu-latest
+    container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install deps
+        run: ./ci/installdeps.sh
+      - name: Cache Dependencies
+        uses: Swatinem/rust-cache@v2
+        with:
+          key: "build"
+      - name: Build
+        run: cargo build --release --features=internal-testing-api
+      - name: Upload binary
+        uses: actions/upload-artifact@v4
+        with:
+          name: ostree-ext-cli
+          path: target/release/ostree-ext-cli
+  build-minimum-toolchain:
+    name: "Build using MSRV"
+    runs-on: ubuntu-latest
+    container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Install deps
+        run: ./ci/installdeps.sh
+      - name: Detect crate MSRV
+        shell: bash
+        run: |
+          msrv=$(cargo metadata --format-version 1 --no-deps | \
+              jq -r '.packages[1].rust_version')
+          echo "Crate MSRV: $msrv"
+          echo "ACTION_MSRV_TOOLCHAIN=$msrv" >> $GITHUB_ENV
+      - name: Remove system Rust toolchain
+        run: dnf remove -y rust cargo
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN']  }}
+      - name: Cache Dependencies
+        uses: Swatinem/rust-cache@v2
+        with:
+          key: "min"
+      - name: cargo check
+        run: cargo check
+  cargo-deny:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: EmbarkStudios/cargo-deny-action@v1
+      with:
+        log-level: warn
+        command: check bans sources licenses
+  integration:
+    name: "Integration"
+    needs: build
+    runs-on: ubuntu-latest
+    container: quay.io/fedora/fedora-coreos:testing-devel
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Download ostree-ext-cli
+        uses: actions/[email protected]
+        with:
+          name: ostree-ext-cli
+      - name: Install
+        run: install ostree-ext-cli /usr/bin && rm -v ostree-ext-cli
+      - name: Integration tests
+        run: ./ci/integration.sh
+  ima:
+    name: "Integration (IMA)"
+    needs: build
+    runs-on: ubuntu-latest
+    container: quay.io/fedora/fedora-coreos:testing-devel
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Download ostree-ext-cli
+        uses: actions/[email protected]
+        with:
+          name: ostree-ext-cli
+      - name: Install
+        run: install ostree-ext-cli /usr/bin && rm -v ostree-ext-cli
+      - name: Integration tests
+        run: ./ci/ima.sh
+  privtest:
+    name: "Privileged testing"
+    needs: build
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/fedora/fedora-coreos:testing-devel
+      options: "--privileged --pid=host -v /var/tmp:/var/tmp -v /run/dbus:/run/dbus -v /run/systemd:/run/systemd -v /:/run/host"
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Download
+        uses: actions/[email protected]
+        with:
+          name: ostree-ext-cli
+      - name: Install
+        run: install ostree-ext-cli /usr/bin && rm -v ostree-ext-cli
+      - name: Integration tests
+        run: ./ci/priv-integration.sh
+  privtest-cockpit:
+    name: "Privileged testing (cockpit)"
+    needs: build
+    runs-on: ubuntu-latest
+    container:
+      image: quay.io/fedora/fedora-bootc:41
+      options: "--privileged --pid=host -v /var/tmp:/var/tmp -v /run/dbus:/run/dbus -v /run/systemd:/run/systemd -v /:/run/host"
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Download
+        uses: actions/[email protected]
+        with:
+          name: ostree-ext-cli
+      - name: Install
+        run: install ostree-ext-cli /usr/bin && rm -v ostree-ext-cli
+      - name: Integration tests
+        run: ./ci/priv-test-cockpit-selinux.sh
+  container-build:
+    name: "Container build"
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Checkout coreos-layering-examples
+        uses: actions/checkout@v3
+        with:
+          repository: coreos/coreos-layering-examples
+          path: coreos-layering-examples
+      - name: Download
+        uses: actions/[email protected]
+        with:
+          name: ostree-ext-cli
+      - name: Integration tests
+        run: ./ci/container-build-integration.sh