ci: add Testing Farm test via tmt for Konflux CI#4515
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a TMT-based testing framework for coreos-assembler, including Tekton integration for Testing Farm, TMT plans, and a test script for containerized builds. The reviewer identified several improvement opportunities: replacing hardcoded Git references in the Tekton configuration with dynamic parameters, refining the list of required packages in the TMT plan to include podman, and enhancing the test script's reliability by ensuring directory existence and applying proper variable quoting.
| value: https://github.com/Roshan-R/coreos-assembler | ||
| - name: GIT_REF | ||
| value: tmt-testing |
There was a problem hiding this comment.
The GIT_URL and GIT_REF parameters are currently hardcoded to a personal fork and a specific branch (Roshan-R/coreos-assembler and tmt-testing). For integration into the main repository, these should be updated to point to the official repository or use dynamic Tekton parameters to ensure the tests are executed against the correct source code.
| - wget | ||
| - jq | ||
| - git |
There was a problem hiding this comment.
The packages wget, jq, and git are being installed in the test environment but do not appear to be used by the host-side test.sh script. The git command used in the test is executed inside the coreos-assembler container. Conversely, the script relies on podman, which should be explicitly listed if it is not guaranteed to be present in the base image.
- podman
|
|
||
| # IMAGE_URL is the coreos-assembler image that is built by konflux for each run. | ||
| export COREOS_ASSEMBLER_CONTAINER="$IMAGE_URL" | ||
| export COSA_DIR=$HOME/workspace/build |
There was a problem hiding this comment.
It is recommended to ensure that the $COSA_DIR directory exists before it is mounted as a volume. If the directory is missing, podman might create it with root ownership, which can lead to permission issues for the builder user inside the container. Additionally, quoting the path is a best practice to handle potential spaces.
| export COSA_DIR=$HOME/workspace/build | |
| export COSA_DIR="$HOME/workspace/build" | |
| mkdir -p "$COSA_DIR" |
| podman run --rm --security-opt=label=disable --privileged \ | ||
| -v=${COSA_DIR}:/srv/ --device=/dev/kvm \ | ||
| --device=/dev/fuse --tmpfs=/tmp -v=/var/tmp:/var/tmp --name=cosa ${COREOS_ASSEMBLER_CONTAINER} "$@"; |
There was a problem hiding this comment.
The volume mount and image variable should be quoted to prevent word splitting or issues with special characters. Also, the trailing semicolon at the end of the command is unnecessary in a bash script.
| podman run --rm --security-opt=label=disable --privileged \ | |
| -v=${COSA_DIR}:/srv/ --device=/dev/kvm \ | |
| --device=/dev/fuse --tmpfs=/tmp -v=/var/tmp:/var/tmp --name=cosa ${COREOS_ASSEMBLER_CONTAINER} "$@"; | |
| podman run --rm --security-opt=label=disable --privileged \ | |
| -v "${COSA_DIR}:/srv/" --device=/dev/kvm \ | |
| --device=/dev/fuse --tmpfs=/tmp -v /var/tmp:/var/tmp --name=cosa "${COREOS_ASSEMBLER_CONTAINER}" "$@" |
|
/retest |
4 similar comments
|
/retest |
|
/retest |
|
/retest |
|
/retest |
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces a testing framework using tmt for coreos-assembler, including a new test plan, a build test script, and updates to the Tekton pipeline for memory resource management. Feedback suggests adding the fetch flag to the build command to ensure necessary metadata is downloaded, increasing the allocated disk space to prevent out-of-space errors during image generation, and removing a fixed container name in the podman command to avoid potential naming conflicts.
| set -x | ||
| podman run --rm --security-opt=label=disable --privileged \ | ||
| -v="${COSA_DIR}":/srv/ --device=/dev/kvm \ | ||
| --device=/dev/fuse --tmpfs=/tmp -v=/var/tmp:/var/tmp --name=cosa "${COREOS_ASSEMBLER_CONTAINER}" "$@"; |
There was a problem hiding this comment.
Using a fixed name --name=cosa for the podman container can lead to conflicts if the test environment is reused or if multiple tests are run in parallel on the same host. Since the container is run with --rm, the name is not strictly necessary for identification. It's safer to omit it.
| --device=/dev/fuse --tmpfs=/tmp -v=/var/tmp:/var/tmp --name=cosa "${COREOS_ASSEMBLER_CONTAINER}" "$@"; | |
| --device=/dev/fuse --tmpfs=/tmp -v=/var/tmp:/var/tmp "${COREOS_ASSEMBLER_CONTAINER}" "$@"; |
| mkdir -p "$COSA_DIR" | ||
| cosa init --force https://github.com/coreos/fedora-coreos-config --branch testing-devel | ||
| # Test if the newly built container can build the fcos image | ||
| cosa build |
There was a problem hiding this comment.
let's also run a set of test.
See
coreos-assembler/.cci.jenkinsfile
Line 42 in 211dee6
|
/retest |
Roshan-R
force-pushed
the
tmt-testing
branch
2 times, most recently
from
51dbef0 to
fa6e4a4
Compare
|
/retest |
…e memory for prepare-sboms Bump the pipeline-docker-build-multi-platform-oci-ta bundle to the latest hash. The prepare-sboms step in the build-images task requires more memory with our current workload and was hitting OOM. Increase memory requests and limits to 2Gi to ensure reliable execution.
Add tmt test infrastructure to hook into Konflux CI via Testing Farm The new test pulls the newly built coreos-assembler container image and verifies that it can successfully build a Fedora CoreOS image from scratch using a fedora-coreos-config checkout. It will also run kola tests by `cosa init` into fedora-coreos-config and running `kola run` and also the upgrade test using `kola runupgrade`
c4rt0
left a comment
c4rt0
left a comment
There was a problem hiding this comment.
Just a comment based on today's Jenkins experience.
| TEST_CASE: test-qemu | ||
|
|
||
| /test-kola-upgrade: | ||
| duration: 1h |
There was a problem hiding this comment.
Just wondering here if 1h here is sufficient. Honestly I have no idea if Konflux is any faster then Jenkins, but just today we witnessed CDN timeouts that caused a lot of failures.
There was a problem hiding this comment.
The tests have been consistently passing in about 25–35 minutes in previous runs, which is why I set the timeout to 1 hour. I also haven’t seen failures caused by CDN timeouts before. Do you think it makes sense to increase it to 2 hours just to be safe?
There was a problem hiding this comment.
With Dusty's recent workaround (merged only today) the upgrade test should be more... resilient. His change detect's the CDN stall and restarts zincati. That said, this process still takes time, bumping said value could be some form of a safety net. I really don't have strong opinions here - just something to consider.
Roshan-R
force-pushed
the
tmt-testing
branch
2 times, most recently
from
816f027 to
3c5bfc2
Compare
4 participants
Add tmt test infrastructure to hook into Konflux CI via Testing Farm
The new test pulls the newly built coreos-assembler container image and verifies that it can successfully build a Fedora CoreOS image from scratch using a fedora-coreos-config checkout.