ci: add workflow

.github/workflows/cs9-x86.yml

@@ -0,0 +1,150 @@
+---
+name: centos-bootc:stream9 Test
+
+on:
+  issue_comment:
+    types:
+      - created
+
+jobs:
+  pr-info:
+    if: ${{ github.event.issue.pull_request &&
+            (endsWith(github.event.comment.body, '/test-cs9') ||
+            endsWith(github.event.comment.body, '/test-cs9-x86') ||
+            endsWith(github.event.comment.body, '/test-cs9-x86-openstack-replace') ||
+            endsWith(github.event.comment.body, '/test-cs9-x86-gcp-replace') ||
+            endsWith(github.event.comment.body, '/test-cs9-x86-aws-replace') ||
+            endsWith(github.event.comment.body, '/test-cs9-x86-libvirt-replace') ||
+            endsWith(github.event.comment.body, '/test-cs9-x86-anaconda')) }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Query author repository permissions
+        uses: octokit/[email protected]
+        id: user_permission
+        with:
+          route: GET /repos/${{ github.repository }}/collaborators/${{ github.event.sender.login }}/permission
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # restrict running of tests to users with admin or write permission for the repository
+      # see https://docs.github.com/en/free-pro-team@latest/rest/reference/repos#get-repository-permissions-for-a-user
+      - name: Check if user does have correct permissions
+        if: contains('admin write', fromJson(steps.user_permission.outputs.data).permission)
+        id: check_user_perm
+        run: |
+          echo "User '${{ github.event.sender.login }}' has permission '${{ fromJson(steps.user_permission.outputs.data).permission }}' allowed values: 'admin', 'write'"
+          echo "allowed_user=true" >> $GITHUB_OUTPUT
+
+      - name: Get information for pull request
+        uses: octokit/[email protected]
+        id: pr-api
+        with:
+          route: GET /repos/${{ github.repository }}/pulls/${{ github.event.issue.number }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    outputs:
+      allowed_user: ${{ steps.check_user_perm.outputs.allowed_user }}
+      sha: ${{ fromJson(steps.pr-api.outputs.data).head.sha }}
+      ref: ${{ fromJson(steps.pr-api.outputs.data).head.ref }}
+      repo_url: ${{ fromJson(steps.pr-api.outputs.data).head.repo.html_url }}
+
+  cs9-x86-openstack-replace:
+    needs: pr-info
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+        with:
+          repository: virt-s1/bootc-workflow-test
+          fetch-depth: 0
+
+      - name: Run the tests
+        uses: sclorg/testing-farm-as-github-action@v1
+        with:
+          compose: CentOS-Stream-9
+          api_key: ${{ secrets.TF_API_KEY }}
+          git_url: ${{ needs.pr-info.outputs.repo_url }}
+          git_ref: ${{ needs.pr-info.outputs.ref }}
+          arch: "x86_64"
+          tmt_context: "arch=x86_64"
+          pull_request_status_name: "bootc-cs9-x86-openstack-replace"
+          tmt_plan_regex: "openstack"
+          tf_scope: private
+          secrets: "OS_USERNAME=${{ secrets.OS_USERNAME }};OS_PASSWORD=${{ secrets.OS_PASSWORD }};OS_AUTH_URL=${{ secrets.OS_AUTH_URL }};OS_PROJECT_NAME=${{ secrets.OS_PROJECT_NAME }};OS_USER_DOMAIN_NAME=${{ secrets.OS_USER_DOMAIN_NAME }};OS_PROJECT_DOMAIN_NAME=${{ secrets.OS_PROJECT_DOMAIN_NAME }};QUAY_USERNAME=${{ secrets.QUAY_USERNAME }};QUAY_PASSWORD=${{ secrets.QUAY_PASSWORD }};TEST_OS=centos-stream-9"
+
+  cs9-x86-gcp-replace:
+    needs: pr-info
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+        with:
+          repository: virt-s1/bootc-workflow-test
+          fetch-depth: 0
+
+      - name: Run the tests
+        uses: sclorg/testing-farm-as-github-action@v1
+        with:
+          compose: CentOS-Stream-9
+          api_key: ${{ secrets.TF_API_KEY }}
+          git_url: ${{ needs.pr-info.outputs.repo_url }}
+          git_ref: ${{ needs.pr-info.outputs.ref }}
+          arch: "x86_64"
+          tmt_context: "arch=x86_64"
+          pull_request_status_name: "bootc-cs9-x86-gcp-replace"
+          tmt_plan_regex: "gcp"
+          tf_scope: private
+          secrets: "GCP_PROJECT=${{ secrets.GCP_PROJECT }};GCP_SERVICE_ACCOUNT_NAME=${{ secrets.GCP_SERVICE_ACCOUNT_NAME }};GCP_SERVICE_ACCOUNT_FILE_B64=${{ secrets.GCP_SERVICE_ACCOUNT_FILE_B64 }};QUAY_USERNAME=${{ secrets.QUAY_USERNAME }};QUAY_PASSWORD=${{ secrets.QUAY_PASSWORD }};TEST_OS=centos-stream-9"
+
+  cs9-x86-aws-replace:
+    needs: pr-info
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+        with:
+          repository: virt-s1/bootc-workflow-test
+          fetch-depth: 0
+
+      - name: Run the tests
+        uses: sclorg/testing-farm-as-github-action@v1
+        with:
+          compose: CentOS-Stream-9
+          api_key: ${{ secrets.TF_API_KEY }}
+          git_url: ${{ needs.pr-info.outputs.repo_url }}
+          git_ref: ${{ needs.pr-info.outputs.ref }}
+          arch: "x86_64"
+          tmt_context: "arch=x86_64"
+          pull_request_status_name: "bootc-cs9-x86-aws-replace"
+          tmt_plan_regex: "aws"
+          tf_scope: private
+          secrets: "AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }};AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }};AWS_REGION=${{ secrets.AWS_REGION }};QUAY_USERNAME=${{ secrets.QUAY_USERNAME }};QUAY_PASSWORD=${{ secrets.QUAY_PASSWORD }};TEST_OS=centos-stream-9"
+
+  cs9-x86-libvirt-replace:
+    needs: pr-info
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+        with:
+          repository: virt-s1/bootc-workflow-test
+          fetch-depth: 0
+
+      - name: Run the tests
+        uses: sclorg/testing-farm-as-github-action@v1
+        with:
+          compose: CentOS-Stream-9
+          api_key: ${{ secrets.TF_API_KEY }}
+          git_url: ${{ needs.pr-info.outputs.repo_url }}
+          git_ref: ${{ needs.pr-info.outputs.ref }}
+          arch: "x86_64"
+          tmt_context: "arch=x86_64"
+          pull_request_status_name: "bootc-cs9-x86-libvirt-replace"
+          tmt_plan_regex: "local"
+          tf_scope: private
+          secrets: "QUAY_USERNAME=${{ secrets.QUAY_USERNAME }};QUAY_PASSWORD=${{ secrets.QUAY_PASSWORD }};TEST_OS=centos-stream-9"

.github/workflows/rhel9-x86.yml

@@ -0,0 +1,150 @@
+---
+name: rhel9-rhel_bootc:rhel-9.4 Test
+
+on:
+  issue_comment:
+    types:
+      - created
+
+jobs:
+  pr-info:
+    if: ${{ github.event.issue.pull_request &&
+            (endsWith(github.event.comment.body, '/test-rhel94') ||
+            endsWith(github.event.comment.body, '/test-rhel94-x86') ||
+            endsWith(github.event.comment.body, '/test-rhel94-x86-openstack-replace') ||
+            endsWith(github.event.comment.body, '/test-rhel94-x86-gcp-replace') ||
+            endsWith(github.event.comment.body, '/test-rhel94-x86-aws-replace') ||
+            endsWith(github.event.comment.body, '/test-rhel94-x86-libvirt-replace') ||
+            endsWith(github.event.comment.body, '/test-rhel94-x86-anaconda')) }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Query author repository permissions
+        uses: octokit/[email protected]
+        id: user_permission
+        with:
+          route: GET /repos/${{ github.repository }}/collaborators/${{ github.event.sender.login }}/permission
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # restrict running of tests to users with admin or write permission for the repository
+      # see https://docs.github.com/en/free-pro-team@latest/rest/reference/repos#get-repository-permissions-for-a-user
+      - name: Check if user does have correct permissions
+        if: contains('admin write', fromJson(steps.user_permission.outputs.data).permission)
+        id: check_user_perm
+        run: |
+          echo "User '${{ github.event.sender.login }}' has permission '${{ fromJson(steps.user_permission.outputs.data).permission }}' allowed values: 'admin', 'write'"
+          echo "allowed_user=true" >> $GITHUB_OUTPUT
+
+      - name: Get information for pull request
+        uses: octokit/[email protected]
+        id: pr-api
+        with:
+          route: GET /repos/${{ github.repository }}/pulls/${{ github.event.issue.number }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    outputs:
+      allowed_user: ${{ steps.check_user_perm.outputs.allowed_user }}
+      sha: ${{ fromJson(steps.pr-api.outputs.data).head.sha }}
+      ref: ${{ fromJson(steps.pr-api.outputs.data).head.ref }}
+      repo_url: ${{ fromJson(steps.pr-api.outputs.data).head.repo.html_url }}
+
+  rhel94-x86-openstack-replace:
+    needs: pr-info
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+        with:
+          repository: virt-s1/bootc-workflow-test
+          fetch-depth: 0
+
+      - name: Run the tests
+        uses: sclorg/testing-farm-as-github-action@v1
+        with:
+          compose: RHEL-9.4.0-Nightly
+          api_key: ${{ secrets.TF_API_KEY }}
+          git_url: ${{ needs.pr-info.outputs.repo_url }}
+          git_ref: ${{ needs.pr-info.outputs.ref }}
+          arch: "x86_64"
+          tmt_context: "arch=x86_64"
+          pull_request_status_name: "bootc-rhel94-x86-openstack-replace"
+          tmt_plan_regex: "openstack"
+          tf_scope: private
+          secrets: "OS_USERNAME=${{ secrets.OS_USERNAME }};OS_PASSWORD=${{ secrets.OS_PASSWORD }};OS_AUTH_URL=${{ secrets.OS_AUTH_URL }};OS_PROJECT_NAME=${{ secrets.OS_PROJECT_NAME }};OS_USER_DOMAIN_NAME=${{ secrets.OS_USER_DOMAIN_NAME }};OS_PROJECT_DOMAIN_NAME=${{ secrets.OS_PROJECT_DOMAIN_NAME }};QUAY_USERNAME=${{ secrets.QUAY_USERNAME }};QUAY_PASSWORD=${{ secrets.QUAY_PASSWORD }};RHEL_REGISTRY_URL=${{ secrets.RHEL_REGISTRY_URL }};DOWNLOAD_NODE=${{ secrets.DOWNLOAD_NODE }};TEST_OS=rhel-9-4"
+
+  rhel94-x86-gcp-replace:
+    needs: pr-info
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+        with:
+          repository: virt-s1/bootc-workflow-test
+          fetch-depth: 0
+
+      - name: Run the tests
+        uses: sclorg/testing-farm-as-github-action@v1
+        with:
+          compose: RHEL-9.4.0-Nightly
+          api_key: ${{ secrets.TF_API_KEY }}
+          git_url: ${{ needs.pr-info.outputs.repo_url }}
+          git_ref: ${{ needs.pr-info.outputs.ref }}
+          arch: "x86_64"
+          tmt_context: "arch=x86_64"
+          pull_request_status_name: "bootc-rhel94-x86-gcp-replace"
+          tmt_plan_regex: "gcp"
+          tf_scope: private
+          secrets: "GCP_PROJECT=${{ secrets.GCP_PROJECT }};GCP_SERVICE_ACCOUNT_NAME=${{ secrets.GCP_SERVICE_ACCOUNT_NAME }};GCP_SERVICE_ACCOUNT_FILE_B64=${{ secrets.GCP_SERVICE_ACCOUNT_FILE_B64 }};QUAY_USERNAME=${{ secrets.QUAY_USERNAME }};QUAY_PASSWORD=${{ secrets.QUAY_PASSWORD }};RHEL_REGISTRY_URL=${{ secrets.RHEL_REGISTRY_URL }};DOWNLOAD_NODE=${{ secrets.DOWNLOAD_NODE }};TEST_OS=rhel-9-4"
+
+  rhel94-x86-aws-replace:
+    needs: pr-info
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+        with:
+          repository: virt-s1/bootc-workflow-test
+          fetch-depth: 0
+
+      - name: Run the tests
+        uses: sclorg/testing-farm-as-github-action@v1
+        with:
+          compose: RHEL-9.4.0-Nightly
+          api_key: ${{ secrets.TF_API_KEY }}
+          git_url: ${{ needs.pr-info.outputs.repo_url }}
+          git_ref: ${{ needs.pr-info.outputs.ref }}
+          arch: "x86_64"
+          tmt_context: "arch=x86_64"
+          pull_request_status_name: "bootc-rhel94-x86-aws-replace"
+          tmt_plan_regex: "aws"
+          tf_scope: private
+          secrets: "AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }};AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }};AWS_REGION=${{ secrets.AWS_REGION }};QUAY_USERNAME=${{ secrets.QUAY_USERNAME }};QUAY_PASSWORD=${{ secrets.QUAY_PASSWORD }};RHEL_REGISTRY_URL=${{ secrets.RHEL_REGISTRY_URL }};DOWNLOAD_NODE=${{ secrets.DOWNLOAD_NODE }};TEST_OS=rhel-9-4"
+
+  rhel94-x86-libvirt-replace:
+    needs: pr-info
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+        with:
+          repository: virt-s1/bootc-workflow-test
+          fetch-depth: 0
+
+      - name: Run the tests
+        uses: sclorg/testing-farm-as-github-action@v1
+        with:
+          compose: RHEL-9.4.0-Nightly
+          api_key: ${{ secrets.TF_API_KEY }}
+          git_url: ${{ needs.pr-info.outputs.repo_url }}
+          git_ref: ${{ needs.pr-info.outputs.ref }}
+          arch: "x86_64"
+          tmt_context: "arch=x86_64"
+          pull_request_status_name: "bootc-rhel94-x86-libvirt-replace"
+          tmt_plan_regex: "local"
+          tf_scope: private
+          secrets: "QUAY_USERNAME=${{ secrets.QUAY_USERNAME }};QUAY_PASSWORD=${{ secrets.QUAY_PASSWORD }};RHEL_REGISTRY_URL=${{ secrets.RHEL_REGISTRY_URL }};DOWNLOAD_NODE=${{ secrets.DOWNLOAD_NODE }};TEST_OS=rhel-9-4"

.github/workflows/trigger-cs.yml

@@ -0,0 +1,90 @@
+---
+name: centos-bootc:stream9 trigger
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 3 * * *'
+
+jobs:
+  check-image:
+    # Do not run this job on any fork repos
+    if: github.repository == 'virt-s1/bootc-workflow-report'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check CentOS Stream 9 image info
+        id: check_image_cs9
+        run: |
+          IMAGE_DIGEST=$(skopeo inspect docker://quay.io/centos-bootc/centos-bootc:stream9 | jq -r '.Digest')
+          IMAGE_VERSION=$(skopeo inspect docker://quay.io/centos-bootc/centos-bootc:stream9 | jq -r '.Labels.version')
+          KERNEL_VERSION=$(skopeo inspect docker://quay.io/centos-bootc/centos-bootc:stream9 | jq -r '.Labels."ostree.linux"')
+          COMPOSE_ID=$(skopeo inspect docker://quay.io/centos-bootc/centos-bootc:stream9 | jq -r '.Labels."redhat.compose-id"')
+
+          echo "image_digest=$IMAGE_DIGEST" >> $GITHUB_OUTPUT
+          echo "image_version=$IMAGE_VERSION" >> $GITHUB_OUTPUT
+          echo "kernel_version=$KERNEL_VERSION" >> $GITHUB_OUTPUT
+          echo "compose_id=$COMPOSE_ID" >> $GITHUB_OUTPUT
+
+    outputs:
+      image_digest: ${{ steps.check_image_cs9.outputs.image_digest }}
+      image_version: ${{ steps.check_image_cs9.outputs.image_version }}
+      kernel_version: ${{ steps.check_image_cs9.outputs.kernel_version }}
+      compose_id: ${{ steps.check_image_cs9.outputs.compose_id }}
+
+  create-pr:
+    needs: check-image
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Save tested container image digest
+        run: echo "${{ needs.check-image.outputs.image_digest }}" >> files/pr_file
+
+      - name: Get current date
+        id: date
+        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+
+      - name: Create Pull Request
+        id: cpr
+        uses: peter-evans/create-pull-request@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: "build: centos-bootc:stream9 - ${{ needs.check-image.outputs.image_version }} - ${{ steps.date.outputs.date }}"
+          committer: cloudkitebot <[email protected]>
+          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+          branch: cpr
+          branch-suffix: random
+          delete-branch: true
+          title: "centos-bootc:stream9 - ${{ needs.check-image.outputs.image_version }} - ${{ steps.date.outputs.date }}"
+          labels: auto-merge,centos-bootc:stream9
+          body: |
+            centos-bootc:stream9 image ${{ needs.check-image.outputs.image_version }}
+            - Date: ${{ steps.date.outputs.date }}
+            - Image URL: quay.io/centos-bootc/centos-bootc:stream9
+            - Image Digest: ${{ needs.check-image.outputs.image_digest }}
+            - Image Version: ${{ needs.check-image.outputs.image_version }}
+            - Kernel Version: ${{ needs.check-image.outputs.kernel_version }}
+            - Compose ID: ${{ needs.check-image.outputs.compose_id }}
+
+      - name: Enable Pull Request Automerge
+        if: steps.cpr.outputs.pull-request-operation == 'created'
+        uses: peter-evans/enable-pull-request-automerge@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
+          merge-method: rebase
+
+      - name: Add a comment to trigger test workflow
+        uses: peter-evans/create-or-update-comment@v2
+        with:
+          token: ${{ secrets.PAT }}
+          issue-number: ${{ steps.cpr.outputs.pull-request-number }}
+          body: /test-cs9
+
+      - name: Create a project card to track compose test result
+        uses: peter-evans/create-or-update-project-card@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          project-name: bootc test
+          column-name: centos-bootc:stream9
+          issue-number: ${{ steps.cpr.outputs.pull-request-number }}