ci: add ci workflow

Signed-off-by: Yi He <[email protected]>

Author: Yi He

.github/workflows/integration.yml

@@ -0,0 +1,64 @@
+---
+name: CI Test
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  check-pull-request:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Query author repository permissions
+        uses: octokit/[email protected]
+        id: user_permission
+        with:
+          route: GET /repos/${{ github.repository }}/collaborators/${{ github.event.sender.login }}/permission
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Check if user does have correct permissions
+        if: contains('admin write', fromJson(steps.user_permission.outputs.data).permission)
+        id: check_user_perm
+        run: |
+          echo "User '${{ github.event.sender.login }}' has permission '${{ fromJson(steps.user_permission.outputs.data).permission }}' allowed values: 'admin', 'write'"
+          echo "allowed_user=true" >> $GITHUB_OUTPUT
+
+      - name: Get information for pull request
+        uses: octokit/[email protected]
+        id: pr-api
+        with:
+          route: GET /repos/${{ github.repository }}/pulls/${{ github.event.number }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    outputs:
+      allowed_user: ${{ steps.check_user_perm.outputs.allowed_user }}
+      sha: ${{ fromJson(steps.pr-api.outputs.data).head.sha }}
+      ref: ${{ fromJson(steps.pr-api.outputs.data).head.ref }}
+      repo_url: ${{ fromJson(steps.pr-api.outputs.data).head.repo.html_url }}
+
+  fedora-43-bootc:
+    needs: check-pull-request
+    if: ${{ needs.check-pull-request.outputs.allowed_user == 'true' }}
+    continue-on-error: true
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Run the tests
+        uses: sclorg/[email protected]
+        with:
+          compose: Fedora-43
+          api_key: ${{ secrets.TF_API_KEY }}
+          git_url: ${{ needs.check-pull-request.outputs.repo_url }}
+          git_ref: ${{ needs.check-pull-request.outputs.ref }}
+          update_pull_request_status: true
+          pull_request_status_name: fedora-43-bootc
+          tmt_context: "arch=x86_64;distro=fedora-43"
+          tmt_path: "./test/fmf"
+          tmt_plan_regex: bootc-iso
+          tf_scope: private
+          variables: "ARCH=x86_64"
+          timeout: 60
+
+

test/fmf/plans/integration.fmf

@@ -0,0 +1,18 @@
+summary: fdo server test plan
+discover:
+  how: fmf
+  test: integration
+execute:
+  how: tmt
+provision:
+  hardware:
+    virtualization:
+      is-supported: true
+    cpu:
+      processors: ">= 2"
+    memory: ">= 6 GB"
+
+/bootc-iso:
+  summary: Test go fdo server with bootc iso image
+  environment+:
+    TEST_CASE: bootc-iso

test/fmf/tests/integration-setup.sh

@@ -0,0 +1,160 @@
+#!/usr/bin/env bash
+set -euox pipefail
+
+# Color definitions
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Logging functions
+log_info() { echo -e "${BLUE}[INFO]${NC} $*"; }
+log_success() { echo -e "${GREEN}[SUCCESS]${NC} $*"; }
+
+# Network configuration
+NETWORK_NAME="integration"
+NETWORK_UUID="1c8fe98c-b53a-4ca4-bbdb-deb0f26b3579"
+NETWORK_BRIDGE="integration"
+NETWORK_SUBNET="192.168.100.0/24"
+NETWORK_GATEWAY="192.168.100.1"
+
+# Package management
+install_packages() {
+    log_info "Installing required packages"
+    
+    packages=(
+        make golang podman jq qemu-img httpd firewalld 
+        qemu-kvm libvirt-client libvirt-daemon-kvm 
+        libvirt-daemon virt-install ansible-core 
+        cargo lorax lsof
+    )
+    
+    dnf install -y "${packages[@]}"
+}
+
+# Function to check and fix key permissions
+check_key_permissions() {
+    local key_path="key/ostree_key"
+    
+    if [[ -f "${key_path}" ]]; then
+        local key_perms
+        key_perms=$(stat -L -c "%a" "${key_path}")
+        
+        if [[ "${key_perms}" != "600" ]]; then
+            log_info "File permissions too open (${key_perms}), changing to 600"
+            chmod 600 "${key_path}"
+        fi
+    else
+        log_info "Key file not found: ${key_path}"
+    fi
+}
+
+# Function to configure services
+configure_services() {
+    log_info "Configuring services"
+    
+    # Enable and start services
+    sudo systemctl enable --now httpd.service
+    sudo systemctl enable --now firewalld
+    
+    # Configure libvirt permissions
+    log_info "Configuring libvirt permissions"
+    sudo tee /etc/polkit-1/rules.d/50-libvirt.rules > /dev/null << 'EOF'
+polkit.addRule(function(action, subject) {
+    if (action.id == "org.libvirt.unix.manage" &&
+        subject.isInGroup("adm")) {
+            return polkit.Result.YES;
+    }
+});
+EOF
+    
+    # Start libvirtd
+    log_info "Starting libvirt daemon"
+    sudo systemctl start libvirtd
+    
+    # Verify libvirt is working
+    if ! sudo virsh list --all > /dev/null; then
+        echo "Failed to connect to libvirt" >&2
+        return 1
+    fi
+}
+
+# Function to setup libvirt network
+setup_libvirt_network() {
+    local network_xml="/tmp/integration.xml"
+    
+    log_info "Setting up libvirt network"
+    
+    # Create network configuration
+    sudo tee "${network_xml}" > /dev/null << 'EOF'
+<network xmlns:dnsmasq='http://libvirt.org/schemas/network/dnsmasq/1.0'>
+  <name>integration</name>
+  <uuid>1c8fe98c-b53a-4ca4-bbdb-deb0f26b3579</uuid>
+  <forward mode='nat'>
+    <nat>
+      <port start='1024' end='65535'/>
+    </nat>
+  </forward>
+  <bridge name='integration' zone='trusted' stp='on' delay='0'/>
+  <mac address='52:54:00:36:46:ef'/>
+  <ip address='192.168.100.1' netmask='255.255.255.0'>
+    <dhcp>
+      <range start='192.168.100.2' end='192.168.100.254'/>
+      <host mac='34:49:22:B0:83:30' name='vm-1' ip='192.168.100.50'/>
+      <host mac='34:49:22:B0:83:31' name='vm-2' ip='192.168.100.51'/>
+      <host mac='34:49:22:B0:83:32' name='vm-3' ip='192.168.100.52'/>
+    </dhcp>
+  </ip>
+  <dnsmasq:options>
+    <dnsmasq:option value='dhcp-vendorclass=set:efi-http,HTTPClient:Arch:00016'/>
+    <dnsmasq:option value='dhcp-option-force=tag:efi-http,60,HTTPClient'/>
+    <dnsmasq:option value='dhcp-boot=tag:efi-http,&quot;http://192.168.100.1/httpboot/EFI/BOOT/BOOTX64.EFI&quot;'/>
+  </dnsmasq:options>
+</network>
+EOF
+    
+    # Define network if it doesn't exist
+    if ! sudo virsh net-info integration > /dev/null 2>&1; then
+        sudo virsh net-define "${network_xml}"
+    fi
+    
+    # Start network if not active
+    if [[ $(sudo virsh net-info integration | awk '/Active/ {print $2}') == "no" ]]; then
+        sudo virsh net-start integration
+    fi
+}
+
+# Function to check and free port 8081 if needed
+check_port_8081() {
+    log_info "Checking port 8081 availability"
+    
+    if lsof -Pi :8081 -sTCP:LISTEN -t >/dev/null; then
+        log_info "Port 8081 is in use, attempting to free it"
+        sudo fuser -k 8081/tcp || true
+        sleep 2
+    fi
+}
+
+
+log_info "Starting CI environment setup"
+
+# Get OS data
+source /etc/os-release
+log_info "Detected OS: ${ID} ${VERSION_ID}"
+
+# Install required packages
+install_packages
+
+# Check and fix key permissions
+check_key_permissions
+
+# Configure services
+configure_services
+
+# Setup libvirt network
+setup_libvirt_network
+
+# Check port 8081
+check_port_8081
+
+log_success "CI environment setup completed successfully"

test/fmf/tests/integration.fmf

@@ -0,0 +1,2 @@
+test: ./integration.sh
+duration: 60m