[release-0.0.99.5] Prepare stable branch (part 8)

[debarshiray]

... for CVE-2025-65637 or GHSA-4f99-4q7p-p3gh.

https://github.com/containers/toolbox/security/dependabot/26

[softwarefactory-project-zuul]

Merge Failed.

This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset.
Warning:
Error merging github.com/containers/toolbox for 1749,bf3816bf53e79069a358b262026e116441343d96

[gemini-code-assist]

Summary of Changes

Hello @debarshiray, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request is part of the ongoing effort to prepare the release-0.0.99.5 stable branch. It primarily focuses on updating and streamlining the project's continuous integration and testing infrastructure. A significant number of outdated container image build definitions for various Linux distributions have been removed, indicating a cleanup of unsupported versions. Concurrently, the CI/CD pipeline has been adjusted to support newer Fedora releases and allocate more time for system tests. The system test suite itself has been refactored for better performance and maintainability, with test environments now set up once per file. These changes collectively aim to ensure the stability and efficiency of the project's build and test processes for the new stable branch.

Highlights

• CI/CD Configuration Updates: Updated Zuul CI/CD configurations to explicitly target the release-0.0.99.5 branch, incorporate newer Fedora versions (42 and 43) for system tests, and increase timeouts for certain test jobs.
• Container Image Definition Cleanup: Removed numerous deprecated container image build definitions, READMEs, and package lists for various Linux distributions (Arch, Fedora versions 28-39, RHEL versions 8.5-9.1, and Ubuntu versions 16.04-22.04), streamlining the project's image management.
• System Test Refactoring and Efficiency Improvements: Extensively refactored system tests (.bats files) to improve efficiency by utilizing setup_file/teardown_file for one-time environment setup per test file, reducing redundant container creation. Also updated RHEL test versions from 8.7 to 8.9 and improved error message assertion logic.
• Toolbox Script Fix: Implemented a minor fix in the main toolbox script to correctly capture the output of the readlink command when checking /etc/localtime during container initialization.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files

• Ignored by pattern: .github/workflows/** (4)
  • .github/workflows/arch-images-pr.yaml
  • .github/workflows/arch-images.yaml
  • .github/workflows/ubuntu-images.yaml
  • .github/workflows/ubuntu-tests.yaml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request prepares the release-0.0.99.5 branch. The changes include updating the Zuul CI configuration to run on this new branch, bumping the tested Fedora versions, and updating RHEL tests from version 8.7 to 8.9. The changes look good overall. I've added a few suggestions to improve maintainability by reducing hardcoded values in the CI configuration and test files, which should make future release preparations easier.

I am having trouble creating individual review comments. Click here to see my feedback.

.zuul.yaml (20)

To improve maintainability and reduce repetition, you could define the branch name release-0.0.99.5 once using a YAML anchor and then reuse it for all jobs. This will make it easier to update the branch for future releases.

For example, you can define an anchor here:

    branches: &release_branch release-0.0.99.5

And then reuse it in other jobs with *release_branch:

- job:
    name: unit-test-migration-path-for-coreos-toolbox
    branches: *release_branch
    ...

    branches: &release_branch release-0.0.99.5

test/system/101-create.bats (142-154)

To improve maintainability and avoid repeating the version number, consider using a local variable for the RHEL version. This makes it easier to update the version in the future.

@test "create: RHEL 8.9" {
  local rhel_version="8.9"
  pull_distro_image rhel "$rhel_version"

  run "$TOOLBOX" --assumeyes create --distro rhel --release "$rhel_version"

  assert_success
  assert_output --partial "Created container: rhel-toolbox-$rhel_version"
  assert_output --partial "Enter with: toolbox enter rhel-toolbox-$rhel_version"

  run podman ps -a

  assert_output --regexp "Created[[:blank:]]+rhel-toolbox-$rhel_version"
}

test/system/104-run.bats (94-97)

Similar to other test files, using a variable for the RHEL version would improve maintainability.

@test "run: Smoke test with RHEL 8.9" {
  local rhel_version="8.9"
  create_distro_container rhel "$rhel_version" "rhel-toolbox-$rhel_version"

  run --separate-stderr "$TOOLBOX" run --distro rhel --release "$rhel_version" true

test/system/setup_suite.bash (48)

The RHEL version is hardcoded here and in several other test files (102-list.bats, 203-network.bats, 206-user.bats, etc.). To improve maintainability, consider defining distribution versions as readonly variables at the top of a shared helper file or at the top of each test file. This would centralize the version numbers and make future updates much easier and less error-prone.

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/7fe4dce6d3134d08993ee1bcab63b1b5

✔️ unit-test SUCCESS in 1m 43s
✔️ unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 06s
✔️ unit-test-restricted SUCCESS in 1m 41s
✔️ system-test-fedora-rawhide SUCCESS in 1h 09m 23s
✔️ system-test-fedora-43 SUCCESS in 1h 07m 22s
✔️ system-test-fedora-42 SUCCESS in 1h 12m 11s

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/d09091043ffa499bad23a49c4eba25b7

✔️ unit-test SUCCESS in 1m 44s
✔️ unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 06s
✔️ unit-test-restricted SUCCESS in 1m 39s
✔️ system-test-fedora-rawhide SUCCESS in 1h 07m 49s
✔️ system-test-fedora-43 SUCCESS in 1h 03m 53s
✔️ system-test-fedora-42 SUCCESS in 1h 06m 50s

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/2b8f8d7053754f818e73984552582d05

✔️ unit-test SUCCESS in 1m 38s
✔️ unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 40s
✔️ unit-test-restricted SUCCESS in 1m 55s
✔️ system-test-fedora-rawhide SUCCESS in 1h 07m 53s
✔️ system-test-fedora-43 SUCCESS in 1h 15m 24s
✔️ system-test-fedora-42 SUCCESS in 1h 21m 21s