Skip to content

ci: enhancements #108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Nov 17, 2025
Merged

ci: enhancements #108

merged 16 commits into from
Nov 17, 2025

Conversation

@mmartinv
Copy link
Collaborator

@mmartinv mmartinv commented Nov 7, 2025

No description provided.

@gemini-code-assist
Copy link

gemini-code-assist bot commented Nov 7, 2025

Summary of Changes

Hello @mmartinv, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces significant improvements to the CI/testing infrastructure, primarily by refactoring certificate generation utilities and enhancing service configuration capabilities. The changes aim to provide more robust support for HTTPS across various FDO services within the testing environment, improve error reporting, and streamline the setup process for both standard and RPM-based CI tests. These updates contribute to a more reliable and maintainable testing suite.

Highlights

  • Certificate Generation Refactoring: The generate_cert utility function in scripts/cert-utils.sh has been simplified. It no longer handles public key generation directly, and a new dedicated function, extract_pubkey_from_cert, has been introduced for this purpose. This streamlines the core certificate generation logic.
  • Enhanced CI Service Configuration: The CI test scripts now include a more structured approach to service configuration. A new configure_services function orchestrates the setup, including the generation of HTTPS-specific certificates. This change improves modularity and clarity in how services are prepared for testing.
  • Improved Error Handling and Logging in CI: Error handling in CI scripts has been enhanced with the introduction of an on_failure trap. This new mechanism ensures that services are properly stopped and relevant logs are collected when a test fails, providing better debugging information.
  • RPM-based Test Configuration: The FMF (Fedora Modular Framework) tests (test/fmf/tests/utils.sh) have been significantly updated to correctly configure FDO services when installed via RPMs. This includes managing certificate paths, file ownership, and sysconfig entries, especially for HTTPS communication.
  • HTTPS Support in Resale Tests: The resale test (test/ci/test-resale.sh) now explicitly supports HTTPS for the new owner service and correctly extracts the public key from the new owner's certificate, ensuring robust testing of secure resale scenarios.
Ignored Files
  • Ignored by pattern: .github/workflows/** (2)
    • .github/workflows/ci.yml
    • .github/workflows/containers.yml
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Nov 7, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces significant refactoring to the CI test scripts, primarily to add support for HTTPS and improve modularity by reducing code duplication. The changes are well-structured, centralizing common logic into utility scripts. I've identified a few critical issues related to shell quoting within sudo bash -c blocks in the FMF test utilities, which will prevent the HTTPS configuration from being applied correctly. Additionally, I've suggested a couple of robustness improvements for the trap handlers to prevent potential recursive calls. Overall, this is a great improvement to the test suite.

@mmartinv mmartinv force-pushed the ci-https-changes branch 6 times, most recently from 0d9d42b to 5b671ab Compare November 12, 2025 16:00
@mmartinv mmartinv changed the title Ci https changes CI enhancements Nov 12, 2025
@mmartinv mmartinv changed the title CI enhancements ci: enhancements Nov 12, 2025
@mmartinv mmartinv force-pushed the ci-https-changes branch 2 times, most recently from 5f939ea to 210b757 Compare November 13, 2025 09:52
@mmartinv mmartinv marked this pull request as draft November 13, 2025 10:41
@mmartinv mmartinv force-pushed the ci-https-changes branch 10 times, most recently from 38ce1bd to 44832ef Compare November 14, 2025 12:27
@mmartinv mmartinv mentioned this pull request Nov 14, 2025
Merged
@mmartinv
Copy link
Collaborator Author

mmartinv commented Nov 14, 2025

/gemini review

@mmartinv mmartinv requested review from kgiusti and runcom November 14, 2025 14:05
gemini-code-assist[bot]
gemini-code-assist bot reviewed Nov 14, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a significant and valuable set of enhancements to the CI/CD infrastructure. The changes primarily focus on refactoring and improving the test scripts, resulting in better code reuse, maintainability, and robustness across different testing environments (local CI, containers, and FMF/RPM). Key improvements include modernizing the Packit configuration, enhancing the Makefile for more flexible local builds, and restructuring the shell scripts for better modularity.

My review identifies a few areas for improvement: a potential regression in file permissions for generated certificates which could impact service startup, a suggestion to enhance failure reporting in CI tests by including logs, a minor typo fix in a log message, and a proposed optimization for log collection in containerized tests to avoid redundancy. Overall, these are excellent changes that will improve the development and testing workflow.

@mmartinv mmartinv marked this pull request as ready for review November 14, 2025 14:10
@runcom
Copy link
Member

runcom commented Nov 16, 2025
edited
Loading

can we do something about the date showing twice in the rpm? : sudo dnf install -y go-fdo-server-0-0.20251114150712052692.pr108.20251114gitf63e443.fc43.x86_64 even as a follow up (nevermind, it's packit default and it's ok)! - also, just want to make sure that when we release/propose upstream/downstream, we're getting a "normal" version in the RPM (e.g. 0.1.0.el10)

LGTM

Screenshot From 2025-11-17 09-34-29

@mmartinv mmartinv requested a review from pcdubs November 17, 2025 10:42
@mmartinv mmartinv marked this pull request as draft November 17, 2025 13:28
kgiusti
kgiusti approved these changes Nov 17, 2025
View reviewed changes
Copy link
Collaborator

@kgiusti kgiusti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pcdubs
pcdubs approved these changes Nov 17, 2025
View reviewed changes
Copy link

@pcdubs pcdubs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mmartinv mmartinv mentioned this pull request Nov 17, 2025
Open
@mmartinv
chore: refactor trap and show logs on tmt failed builds
6dbe632 
Signed-off-by: Miguel Martín <[email protected]>
@mmartinv
chore: split generate_cert function
ad204e5 
Move the pub key generation part to a different
function

Signed-off-by: Miguel Martín <[email protected]>
@mmartinv
chore: pass rendezvous and owner protocol to functions
9980666 
Signed-off-by: Miguel Martín <[email protected]>
@mmartinv
chore: build server rpm if not installed in tmt builds
d3b9e69 
Signed-off-by: Miguel Martín <[email protected]>
@mmartinv
chore: use systemctl to stop the services in tmt tests
aeff11f 
Signed-off-by: Miguel Martín <[email protected]>
@mmartinv
chore: rename generate_certs to generate_service_certs
c931899 
Signed-off-by: Miguel Martín <[email protected]>
@mmartinv
chore: support generate https certs globally
5cbbed5 
Signed-off-by: Miguel Martín <[email protected]>
@mmartinv
chore: support configuring services globally
c06dfb6 
Signed-off-by: Miguel Martín <[email protected]>
@mmartinv
chore: support https on resale protocol
a2465b4 
Signed-off-by: Miguel Martín <[email protected]>
@mmartinv mmartinv force-pushed the ci-https-changes branch 2 times, most recently from b41732c to e74ee7c Compare November 17, 2025 17:14
@mmartinv mmartinv marked this pull request as ready for review November 17, 2025 17:14
mmartinv and others added 7 commits November 17, 2025 18:16
@mmartinv
chore: simplify packit configuration
e6403b1 
Signed-off-by: Miguel Martín <[email protected]>
Co-authored-by: Paul Whalen <[email protected]>
@mmartinv
ci: replace test-onboarding.sh with utils.sh
dbbddd3 
Source `utils.sh` instead of `test-onboarding.sh` because
the `run_test` is being fully overwritten

Signed-off-by: Miguel Martín <[email protected]>
@mmartinv
chore: remove packages from the install list
4e2b880 
Signed-off-by: Miguel Martín <[email protected]>
@mmartinv
chore: avoid calling cleanup twice in github actions
b828957 
Signed-off-by: Miguel Martín <[email protected]>
@mmartinv
chore: ignore all go-fdo-server tarballs
8d2c492 
Signed-off-by: Miguel Martín <[email protected]>
@mmartinv
chore: do not build rpms if not needed
5056408 
Signed-off-by: Miguel Martín <[email protected]>
@mmartinv
chore: always show the logs in github actions
e62aee8 
Signed-off-by: Miguel Martín <[email protected]>
@runcom runcom merged commit 67a6174 into fido-device-onboard:main Nov 17, 2025
31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kgiusti kgiusti kgiusti approved these changes

@runcom runcom runcom approved these changes

+2 more reviewers

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

@pcdubs pcdubs pcdubs approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mmartinv @runcom @kgiusti @pcdubs