From 929d2e6b23d78f7a426ec61cdce50f7bf8ffd95e Mon Sep 17 00:00:00 2001
From: Achilleas Koutsou <achilleas@koutsou.net>
Date: Mon, 15 Jan 2024 22:55:56 +0100
Subject: [PATCH] test: add AMI build and boot test for bootc-container

To boot test a bootc-container, build an AMI using bootc-image-builder
then use our boot-aws command to upload and boot the image in AWS.

Since we can't build containers from the local registry yet, we push it
to the gitlab registry and pull it back down.
---
 test/scripts/boot-image | 92 +++++++++++++++++++++++++++++++++++------
 1 file changed, 79 insertions(+), 13 deletions(-)

diff --git a/test/scripts/boot-image b/test/scripts/boot-image
index 5368bfe287..667ed0f40f 100755
--- a/test/scripts/boot-image
+++ b/test/scripts/boot-image
@@ -61,25 +61,85 @@ def ensure_uncompressed(filepath):
         yield filepath
 
 
-def boot_ami(distro, arch, image_type, image_path):
+def cmd_boot_aws(arch, image_name, privkey, pubkey, image_path):
     aws_config = get_aws_config()
+    cmd = ["go", "run", "./cmd/boot-aws", "run",
+           "--access-key-id", aws_config["key_id"],
+           "--secret-access-key", aws_config["secret_key"],
+           "--region", aws_config["region"],
+           "--bucket", aws_config["bucket"],
+           "--arch", arch,
+           "--ami-name", image_name,
+           "--s3-key", f"images/boot/{image_name}",
+           "--username", "osbuild",
+           "--ssh-privkey", privkey,
+           "--ssh-pubkey", pubkey,
+           image_path, "test/scripts/base-host-check.sh"]
+    testlib.runcmd_nc(cmd)
+
+
+def boot_ami(distro, arch, image_type, image_path):
     with ensure_uncompressed(image_path) as raw_image_path:
         with create_ssh_key() as (privkey, pubkey):
             image_name = f"image-boot-test-{distro}-{arch}-{image_type}-" + str(uuid.uuid4())
-            cmd = ["go", "run", "./cmd/boot-aws", "run",
-                   "--access-key-id", aws_config["key_id"],
-                   "--secret-access-key", aws_config["secret_key"],
-                   "--region", aws_config["region"],
-                   "--bucket", aws_config["bucket"],
-                   "--arch", arch,
-                   "--ami-name", image_name,
-                   "--s3-key", f"images/boot/{image_name}",
-                   "--username", "osbuild",
-                   "--ssh-privkey", privkey,
-                   "--ssh-pubkey", pubkey,
-                   raw_image_path, "test/scripts/base-host-check.sh"]
+            cmd_boot_aws(arch, image_name, privkey, pubkey, raw_image_path)
+
+
+def boot_container(distro, arch, image_type, image_path, manifest_id):
+    """
+    Use bootc-image-builder to build an AMI and boot it.
+    """
+    # push container to registry so we can build it with BIB
+    # TODO: remove when BIB can pull from containers-storage: https://github.com/osbuild/bootc-image-builder/pull/120
+    container_name = f"bootc-container:{distro}-{arch}-{manifest_id}"
+    cmd = ["./tools/ci/push-container.sh", image_path, container_name]
+    testlib.runcmd_nc(cmd)
+    container_ref = f"{testlib.REGISTRY}/{container_name}"
+
+    with TemporaryDirectory() as tmpdir:
+        with create_ssh_key() as (privkey_file, pubkey_file):
+            with open(pubkey_file, encoding="utf-8") as pubkey_fp:
+                pubkey = pubkey_fp.read()
+
+            # write a config to create a user
+            config_file = os.path.join(tmpdir, "config.json")
+            with open(config_file, "w", encoding="utf-8") as cfg_fp:
+                config = {
+                    "blueprint": {
+                        "customizations": {
+                            "user": [
+                                {
+                                    "name": "osbuild",
+                                    "key": pubkey,
+                                    "groups": [
+                                        "wheel"
+                                    ]
+                                }
+                            ]
+                        }
+                    }
+                }
+                json.dump(config, cfg_fp)
+
+            # build an AMI
+            cmd = ["sudo", "podman", "run",
+                   "--rm", "-it",
+                   "--privileged",
+                   "--pull=newer",
+                   "--security-opt", "label=type:unconfined_t",
+                   "-v", f"{tmpdir}:/output",
+                   "-v", f"{config_file}:/config.json",
+                   "quay.io/centos-bootc/bootc-image-builder:latest",
+                   "--type=ami",
+                   "--config=/config.json",
+                   container_ref]
             testlib.runcmd_nc(cmd)
 
+            # boot it
+            image_name = f"image-boot-test-{distro}-{arch}-{image_type}-" + str(uuid.uuid4())
+            raw_image_path = f"{tmpdir}/image/disk.raw"
+            cmd_boot_aws(arch, image_name, privkey_file, pubkey_file, raw_image_path)
+
 
 def find_image_file(build_path: str) -> str:
     """
@@ -124,6 +184,12 @@ def main():
     match image_type:
         case "ami" | "ec2" | "ec2-ha" | "ec2-sap" | "edge-ami":
             boot_ami(distro, arch, image_type, image_path)
+        case "bootc-container":
+            info_file_path = os.path.join(search_path, "info.json")
+            with open(info_file_path, encoding="utf-8") as info_fp:
+                build_info = json.load(info_fp)
+            manifest_id = build_info["manifest-checksum"]
+            boot_container(distro, arch, image_type, image_path, manifest_id)
         case _:
             # skip
             print(f"{image_type} boot tests are not supported yet")