chunked-oci: Rework to support --from too #3134

Workflow file for this run

	---
	name: CI

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]

	permissions:
	contents: read

	env:
	CARGO_TERM_COLOR: always
	# Minimum supported Rust version (MSRV)
	ACTION_MSRV_TOOLCHAIN: 1.60.0
	# Pinned toolchain for linting
	ACTION_LINTS_TOOLCHAIN: 1.60.0

	jobs:
	build:
	name: "Build"
	runs-on: ubuntu-latest
	container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	# https://github.com/actions/checkout/issues/760
	- name: Mark git checkout as safe
	run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
	- name: Codestyle
	run: ./ci/codestyle.sh
	- name: Build
	run: ./ci/build.sh && make install DESTDIR=$(pwd)/install && tar -C install -czf install.tar .
	- name: Unit tests
	run: cargo test
	- name: Upload binary
	uses: actions/upload-artifact@v4
	with:
	name: install.tar
	path: install.tar
	build-tests:
	name: "Build Integration Test Data"
	runs-on: ubuntu-latest
	container:
	image: quay.io/coreos-assembler/fcos-buildroot:testing-devel
	# Run privileged to hack around createrepo_c hitting the classic seccomp
	# broken behaviour of returning EPERM instead of ENOSYS. We should be able
	# to drop this once `ubuntu-latest` is bumped to include the fix for
	# https://github.com/opencontainers/runc/issues/2151.
	options: "--user root --privileged"
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	# https://github.com/actions/checkout/issues/760
	- name: Mark git checkout as safe
	run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
	- name: Build
	run: make -C tests/kolainst && make -C tests/kolainst install DESTDIR=$(pwd)/install && tar -C install -czf tests.tar .
	- name: Upload binary
	uses: actions/upload-artifact@v4
	with:
	name: tests.tar
	path: tests.tar
	cxx-verify:
	name: "Verify CXX generation"
	runs-on: ubuntu-latest
	container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	# https://github.com/actions/checkout/issues/760
	- name: Mark git checkout as safe
	run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
	- name: Codestyle
	run: ./ci/verify-cxx.sh
	# TODO: Enable this once we've switched closer to having `cargo build`
	# be the primary buildsystem entrypoint. Right now the problem is
	# in order to build the libdnf-sys dependency it relies on us having
	# run through autoconf, but that flow wants to a "real" Rust build
	# and not clippy.
	# linting:
	# name: "Lints, pinned toolchain"
	# runs-on: ubuntu-latest
	# container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
	# steps:
	# - name: Checkout repository
	# uses: actions/checkout@v3
	# - name: Install dependencies
	# run: ./ci/installdeps.sh
	# - name: Remove system Rust toolchain
	# run: dnf remove -y rust cargo
	# - name: Install toolchain
	# uses: dtolnay/rust-toolchain@v1
	# with:
	# toolchain: ${{ env['ACTION_LINTS_TOOLCHAIN'] }}
	# components: rustfmt, clippy
	# - name: cargo fmt (check)
	# run: cargo fmt -- --check -l
	# - name: cargo clippy (warnings)
	# run: cargo clippy -- -D warnings
	#build-clang:
	# name: "Build (clang)"
	# runs-on: ubuntu-latest
	# container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
	# steps:
	# - name: Checkout repository
	# uses: actions/checkout@v3
	# # https://github.com/actions/checkout/issues/760
	# - name: Mark git checkout as safe
	# run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
	# - name: Build
	# run: ./ci/clang-build-check.sh
	integration:
	name: "Container Integration"
	needs: [build, build-tests]
	runs-on: ubuntu-latest
	container: quay.io/fedora/fedora-coreos:testing-devel
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Download build
	uses: actions/[email protected]
	with:
	name: install.tar
	- name: Install
	run: tar -C / -xzvf install.tar && rm -f install.tar
	- name: Download tests
	uses: actions/[email protected]
	with:
	name: tests.tar
	- name: Install Tests
	run: tar -C / -xzvf tests.tar && rm -f tests.tar
	- name: Integration tests
	run: ./ci/test-container.sh
	# Try to keep this in sync with https://github.com/ostreedev/ostree-rs-ext/blob/1fc115a760eeada22599e0f57026f58b22efded4/.github/workflows/rust.yml#L163
	container-build:
	name: "Container build"
	needs: build
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Checkout coreos-layering-examples
	uses: actions/checkout@v3
	with:
	repository: coreos/coreos-layering-examples
	path: coreos-layering-examples
	- name: Download
	uses: actions/[email protected]
	with:
	name: install.tar
	- name: Integration tests
	run: ./ci/container-build-integration.sh
	cargo-deny:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- uses: EmbarkStudios/cargo-deny-action@v1
	with:
	log-level: warn
	command: check bans sources licenses
	compose:
	name: "Compose tests"
	needs: build
	runs-on: ubuntu-latest
	container:
	image: registry.ci.openshift.org/coreos/coreos-assembler:latest
	options: "--user root --privileged -v /var/tmp:/var/tmp"
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Install test dependencies
	run: ./ci/install-test-deps.sh
	- name: Download build
	uses: actions/[email protected]
	with:
	name: install.tar
	- name: Install
	run: tar -C / -xzvf install.tar
	- name: Integration tests
	run: env TMPDIR=/var/tmp JOBS=3 ./tests/compose.sh
	compose-image:
	name: "compose-image tests"
	needs: build
	runs-on: ubuntu-latest
	container:
	image: registry.ci.openshift.org/coreos/coreos-assembler:latest
	options: "--user root --privileged -v /var/tmp:/var/tmp"
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Install test dependencies
	run: ./ci/install-test-deps.sh
	- name: Download build
	uses: actions/[email protected]
	with:
	name: install.tar
	- name: Install
	run: tar -C / -xzvf install.tar
	- name: Integration tests
	run: env TMPDIR=/var/tmp JOBS=3 ./tests/compose-image.sh
	container-encapsulate:
	name: "Encapsulate tests"
	needs: build
	runs-on: ubuntu-latest
	container:
	image: registry.ci.openshift.org/coreos/coreos-assembler:latest
	options: "--user root --privileged -v /var/tmp:/var/tmp"
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	- name: Download build
	uses: actions/[email protected]
	with:
	name: install.tar
	- name: Install
	run: tar -C / -xzvf install.tar
	- name: Integration tests
	run: env TMPDIR=/var/tmp ./tests/encapsulate.sh
	test-build-chunked-oci:
	name: "experimental build-chunked-oci tests"
	needs: build-c9s
	runs-on: ubuntu-24.04
	steps:
	# https://github.com/containers/podman/discussions/17362
	- name: Get a newer podman for heredoc support (from debian testing)
	run: \|
	set -eux
	echo 'deb [trusted=yes] https://ftp.debian.org/debian/ testing main' \| sudo tee /etc/apt/sources.list.d/testing.list
	sudo apt update
	sudo apt install -y crun/testing podman/testing skopeo/testing
	crun --version
	podman --version
	skopeo --version
	- name: Checkout repository
	uses: actions/checkout@v4
	- name: Download build
	uses: actions/[email protected]
	with:
	name: install-c9s.tar
	- name: Integration tests
	run: \|
	set -xeuo pipefail
	cd tests/build-chunked-oci
	# Something is confused in latest GHA here, I was getting: Error: database graph driver "" does not match our graph driver "overlay": database configuration mismatch
	sudo rm /var/lib/containers -rf
	sudo podman build -t localhost/base -f Containerfile.test
	sudo tar -xzvf ../../install.tar
	sudo podman build -v $(pwd)/usr/bin:/ci -t localhost/builder -f Containerfile.builder
	sudo podman run --rm --privileged --security-opt=label=disable \
	-v /var/lib/containers:/var/lib/containers \
	-v /var/tmp:/var/tmp \
	localhost/builder rpm-ostree experimental compose build-chunked-oci --bootc --format-version=1 --from localhost/base --output containers-storage:localhost/base-chunked
	sudo podman inspect localhost/base-chunked
	build-c9s:
	name: "Build (c9s)"
	runs-on: ubuntu-latest
	container: quay.io/centos/centos:stream9
	steps:
	- name: Install git
	run: yum -y install git
	- name: Checkout repository
	uses: actions/checkout@v3
	with:
	submodules: true
	# https://github.com/actions/checkout/issues/760
	- name: Mark git checkout as safe
	run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
	- name: Run ridiculous RHEL -devel package workaround
	run: ./ci/ridiculous-rhel-devel-workaround.sh
	- name: Install dependencies
	run: ./ci/installdeps.sh
	- name: Build
	run: ./ci/build.sh && make install DESTDIR=$(pwd)/install && tar -C install -czf install.tar .
	- name: Unit tests
	run: cargo test
	- name: Upload binary
	uses: actions/upload-artifact@v4
	with:
	name: install-c9s.tar
	path: install.tar
	# Doc: https://github.com/redhat-plumbers-in-action/differential-shellcheck#usage
	differential-shellcheck:
	name: Differential ShellCheck
	runs-on: ubuntu-latest

	permissions:
	security-events: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	with:
	fetch-depth: 0
	- name: Differential ShellCheck
	uses: redhat-plumbers-in-action/differential-shellcheck@v4
	with:
	severity: warning
	token: ${{ secrets.GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chunked-oci: Rework to support --from too #3134

Workflow file

chunked-oci: Rework to support --from too #3134

Jobs

Run details

Workflow file for this run