test: add anaconda-iso build tests with signed containers #687
Conversation
|
From user perspective, can we assume bib can now build out one anaconda-iso with signed bootc container image ? |
Yes, since #676 was merged |
mmartinv
force-pushed
the
anaconda-iso-signed-container-tests
branch
4 times, most recently
from
ee6c346
to
ab8e6d2
Compare
There was a problem hiding this comment.
Thank you for this very nice test!
Some quick notes inline and maybe we can get away without skopeo copy in bib if we actually implement osbuild/osbuild#1907 - having the test is still good though.
I like the thoroughness of the test but it's expensive (timewise in CI) so I wonder if we can find a faster way (see my inline comment). Maybe not, but worth thinking about I feel.
|
In order to validate feature related to this, assuming I had one signed container image,e.g:registry.redhat.io/rhel9/rhel-bootc:9.4. |
mmartinv
force-pushed
the
anaconda-iso-signed-container-tests
branch
3 times, most recently
from
5c38dc0
to
efe9934
Compare
mmartinv
force-pushed
the
anaconda-iso-signed-container-tests
branch
2 times, most recently
from
d954cd4
to
da31052
Compare
No, you don't need to copy anything, using the signed container directly should work as is. Not sure if the change is already available in quay.io/centos-bootc/bootc-image-builder:latest though. |
mmartinv
force-pushed
the
anaconda-iso-signed-container-tests
branch
2 times, most recently
from
37417e2
to
867bd15
Compare
There was a problem hiding this comment.
Thank you for the branch and the update. I added a bunch of small questions/suggestions (hope they are useful). The one bigger point that prevents me from approving is that it seems to modify the host system configuration which I would really love to avoid. If there is no way to avoid it, maybe we can add a pytest condition that skips the test unless e.g. an env like BIB_TEST_MODIFY_SYSTEM=1 is set (or a parameter to pytest with a similar name9 and then we set this for the GH action/testing farm tests but not for the default, wdyt?
mmartinv
force-pushed
the
anaconda-iso-signed-container-tests
branch
3 times, most recently
from
20ef0d9
to
742cf72
Compare
mmartinv
force-pushed
the
anaconda-iso-signed-container-tests
branch
from
742cf72
to
dfe1089
Compare
mmartinv
force-pushed
the
anaconda-iso-signed-container-tests
branch
from
dfe1089
to
022b34b
Compare
Add anaconda-iso iso build tests with signed containers. The rest of the images can be also added to the test once [1] and [2] are merged [1] osbuild/images#990 [2] osbuild/osbuild#1906 Signed-off-by: Miguel Martín <[email protected]>
mmartinv
force-pushed
the
anaconda-iso-signed-container-tests
branch
from
022b34b
to
2735bf8
Compare
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
Add anaconda-iso iso build tests with signed containers.
The rest of the images can be also added to the test once
[1] and [2] are merged
[1] osbuild/images#990
[2] osbuild/osbuild#1906
Signed-off-by: Miguel Martín [email protected]