diff --git a/.cockpit-ci/container b/.cockpit-ci/container new file mode 100644 index 000000000..b5515747f --- /dev/null +++ b/.cockpit-ci/container @@ -0,0 +1 @@ +ghcr.io/cockpit-project/tasks:2024-08-19 diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 000000000..d00491fd7 --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/Makefile b/Makefile index 0722faceb..38cba47e2 100644 --- a/Makefile +++ b/Makefile @@ -71,7 +71,7 @@ vm: rpm bots $(VM_DEPENDS) $(TEST_OS) # run the CDP integration test -check: vm test/common machine +check: vm test/common test/common/run-tests --nondestructive-memory-mb 2048 --test-dir=test/verify --enable-network ${RUN_TESTS_OPTIONS} lint: @@ -89,9 +89,6 @@ bots: if [ -n "$$COCKPIT_BOTS_REF" ]; then git -C bots fetch --quiet --depth=1 origin "$$COCKPIT_BOTS_REF"; git -C bots checkout --quiet FETCH_HEAD; fi @echo "checked out bots/ ref $$(git -C bots rev-parse HEAD)" -machine: bots - rsync -avR --exclude="bots/machine/machine_core/__pycache__/" bots/machine/testvm.py bots/machine/identity bots/machine/cloud-init.iso bots/machine/machine_core bots/lib test - # checkout Cockpit's test API; this has no API stability guarantee, so check out a stable tag test/common: git fetch --depth=1 https://github.com/cockpit-project/cockpit.git 8ede522e5066e680850dd2ae049e2e24f99c4230 # 322 + 30 commits diff --git a/packit.yaml b/packit.yaml index 6f61c540e..e5243cc66 100644 --- a/packit.yaml +++ b/packit.yaml @@ -21,6 +21,17 @@ jobs: - centos-stream-10 - fedora-all + - job: tests + trigger: pull_request + targets: + - fedora-39 + - fedora-39-aarch64 + - fedora-40 + - fedora-40-aarch64 + - centos-stream-9 + - centos-stream-9-aarch64 + - centos-stream-10 + - job: copr_build trigger: commit branch: "^main$" diff --git a/plans/all.fmf b/plans/all.fmf new file mode 100644 index 000000000..689393ef2 --- /dev/null +++ b/plans/all.fmf @@ -0,0 +1,10 @@ +summary: + Run all tests +discover: + how: fmf +execute: + how: tmt + +# Let's handle them upstream only, don't break Fedora/RHEL reverse dependency gating +environment: + TEST_AUDIT_NO_SELINUX: 1 diff --git a/test/browser/browser.sh b/test/browser/browser.sh new file mode 100755 index 000000000..addfdb780 --- /dev/null +++ b/test/browser/browser.sh @@ -0,0 +1,43 @@ +set -eux + +cd "${0%/*}/../.." + +# allow test to set up things on the machine +mkdir -p /root/.ssh +curl https://raw.githubusercontent.com/cockpit-project/bots/main/machine/identity.pub >> /root/.ssh/authorized_keys +chmod 600 /root/.ssh/authorized_keys + +# create user account for logging in +if ! id admin 2>/dev/null; then + useradd -c Administrator -G wheel admin + echo admin:foobar | chpasswd +fi + +# set root's password +echo root:foobar | chpasswd + +# avoid sudo lecture during tests +su -c 'echo foobar | sudo --stdin whoami' - admin + +# disable core dumps, we rather investigate them upstream where test VMs are accessible +echo core > /proc/sys/kernel/core_pattern + +sh test/vm.install + +# Run tests in the cockpit tasks container, as unprivileged user +CONTAINER="$(cat .cockpit-ci/container)" +if grep -q platform:el10 /etc/os-release; then + # HACK: https://bugzilla.redhat.com/show_bug.cgi?id=2273078 + export NETAVARK_FW=nftables +fi +exec podman \ + run \ + --rm \ + --shm-size=1024m \ + --security-opt=label=disable \ + --env='TEST_*' \ + --volume="${TMT_TEST_DATA}":/logs:rw,U --env=LOGS=/logs \ + --volume="$(pwd)":/source:rw,U --env=SOURCE=/source \ + --volume=/usr/lib/os-release:/run/host/usr/lib/os-release:ro \ + "${CONTAINER}" \ + sh /source/test/browser/run-tests.sh diff --git a/test/browser/main.fmf b/test/browser/main.fmf new file mode 100644 index 000000000..3639b3893 --- /dev/null +++ b/test/browser/main.fmf @@ -0,0 +1,23 @@ +/main: + summary: Runs all tests + require: + - cockpit + - cockpit-composer + - composer-cli + - nodejs + - git + - curl + - createrepo_c + - dnf-automatic + - firewalld + - git + - libvirt-daemon-config-network + - libvirt-python3 + - make + - npm + - python3 + - targetcli + - tlog + - podman + test: ./browser.sh + duration: 1h diff --git a/test/browser/run-tests.sh b/test/browser/run-tests.sh new file mode 100755 index 000000000..d6782553f --- /dev/null +++ b/test/browser/run-tests.sh @@ -0,0 +1,41 @@ +set -eux + +cd "${SOURCE}" + +# tests need cockpit's bots/ libraries and test infrastructure +git init +rm -f bots # common local case: existing bots symlink +make bots test/common + +# make sure dev dependencies are present so the tests run properly +npm ci + +# disable detection of affected tests; testing takes too long as there is no parallelization +mv .git dot-git + +. /run/host/usr/lib/os-release +export TEST_OS="${ID}-${VERSION_ID/./-}" + +if [ "$TEST_OS" = "centos-9" ]; then + TEST_OS="${TEST_OS}-stream" +fi + +# Chromium sometimes gets OOM killed on testing farm +export TEST_BROWSER=firefox + +# make it easy to check in logs +echo "TEST_ALLOW_JOURNAL_MESSAGES: ${TEST_ALLOW_JOURNAL_MESSAGES:-}" +echo "TEST_AUDIT_NO_SELINUX: ${TEST_AUDIT_NO_SELINUX:-}" + +GATEWAY="$(python3 -c 'import socket; print(socket.gethostbyname("_gateway"))')" +RC=0 +./test/common/run-tests \ + --test-dir test/verify \ + --nondestructive \ + --machine "${GATEWAY}":22 \ + --browser "${GATEWAY}":9090 \ +|| RC=$? + +echo $RC > "$LOGS/exitcode" +cp --verbose Test* "$LOGS" || true +exit $RC diff --git a/test/verify/composerlib.py b/test/verify/composerlib.py index e801ec340..835e6b839 100644 --- a/test/verify/composerlib.py +++ b/test/verify/composerlib.py @@ -45,7 +45,7 @@ def setUp(self): # push pre-defined blueprint self.machine.execute(""" - for toml_file in /home/admin/files/*.toml; do + for toml_file in /etc/osbuild-composer/blueprints/*.toml; do composer-cli blueprints push $toml_file done """) diff --git a/test/vm.install b/test/vm.install index 9149854c2..bf3f1ab0b 100755 --- a/test/vm.install +++ b/test/vm.install @@ -13,18 +13,24 @@ if [ -n "$VG" ]; then fi # Repositories in /etc/osbuild-composer/repositories are used only for on-premise -REPODIR=/etc/osbuild-composer/repositories -sudo mkdir -p $REPODIR +sudo mkdir -p /etc/osbuild-composer/repositories +sudo mkdir -p /etc/osbuild-composer/blueprints # Copy rhel nightly overrides -cp /home/admin/files/rhel-95.json /etc/osbuild-composer/repositories/rhel-95.json -cp /home/admin/files/rhel-10.json /etc/osbuild-composer/repositories/rhel-10.json -cp /home/admin/files/rhel-10.json /etc/osbuild-composer/repositories/rhel-10.0.json +if [ -d /home/admin/files ]; then + cp /home/admin/files/rhel-95.json /etc/osbuild-composer/repositories/rhel-95.json + cp /home/admin/files/rhel-10.json /etc/osbuild-composer/repositories/rhel-10.0.json + cp /home/admin/files/*.toml /etc/osbuild-composer/blueprints/ +else + cp test/files/rhel-95.json /etc/osbuild-composer/repositories/rhel-95.json + cp test/files/rhel-10.json /etc/osbuild-composer/repositories/rhel-10.json + cp test/files/*.toml /etc/osbuild-composer/blueprints/ +fi ln -s /etc/osbuild-composer/repositories/rhel-95.json /etc/osbuild-composer/repositories/rhel-95-beta.json ln -s /etc/osbuild-composer/repositories/rhel-95.json /etc/osbuild-composer/repositories/rhel-95-ga.json # Allow cockpit port (9090) in INPUT chain # Do not reload firewall rule during image generation -if type firewall-cmd >/dev/null 2>&1; then +if type firewall-cmd >/dev/null 2>&1 && firewall-cmd --state > /dev/null 2>&1; then firewall-cmd --add-service=cockpit --permanent fi