ci: add Testing Farm test via tmt for Konflux CI#4515
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a TMT-based testing framework for coreos-assembler, including Tekton integration for Testing Farm, TMT plans, and a test script for containerized builds. The reviewer identified several improvement opportunities: replacing hardcoded Git references in the Tekton configuration with dynamic parameters, refining the list of required packages in the TMT plan to include podman, and enhancing the test script's reliability by ensuring directory existence and applying proper variable quoting.
| value: https://github.com/Roshan-R/coreos-assembler | ||
| - name: GIT_REF | ||
| value: tmt-testing |
There was a problem hiding this comment.
The GIT_URL and GIT_REF parameters are currently hardcoded to a personal fork and a specific branch (Roshan-R/coreos-assembler and tmt-testing). For integration into the main repository, these should be updated to point to the official repository or use dynamic Tekton parameters to ensure the tests are executed against the correct source code.
| - wget | ||
| - jq | ||
| - git |
There was a problem hiding this comment.
The packages wget, jq, and git are being installed in the test environment but do not appear to be used by the host-side test.sh script. The git command used in the test is executed inside the coreos-assembler container. Conversely, the script relies on podman, which should be explicitly listed if it is not guaranteed to be present in the base image.
- podman
|
|
||
| # IMAGE_URL is the coreos-assembler image that is built by konflux for each run. | ||
| export COREOS_ASSEMBLER_CONTAINER="$IMAGE_URL" | ||
| export COSA_DIR=$HOME/workspace/build |
There was a problem hiding this comment.
It is recommended to ensure that the $COSA_DIR directory exists before it is mounted as a volume. If the directory is missing, podman might create it with root ownership, which can lead to permission issues for the builder user inside the container. Additionally, quoting the path is a best practice to handle potential spaces.
| export COSA_DIR=$HOME/workspace/build | |
| export COSA_DIR="$HOME/workspace/build" | |
| mkdir -p "$COSA_DIR" |
| podman run --rm --security-opt=label=disable --privileged \ | ||
| -v=${COSA_DIR}:/srv/ --device=/dev/kvm \ | ||
| --device=/dev/fuse --tmpfs=/tmp -v=/var/tmp:/var/tmp --name=cosa ${COREOS_ASSEMBLER_CONTAINER} "$@"; |
There was a problem hiding this comment.
The volume mount and image variable should be quoted to prevent word splitting or issues with special characters. Also, the trailing semicolon at the end of the command is unnecessary in a bash script.
| podman run --rm --security-opt=label=disable --privileged \ | |
| -v=${COSA_DIR}:/srv/ --device=/dev/kvm \ | |
| --device=/dev/fuse --tmpfs=/tmp -v=/var/tmp:/var/tmp --name=cosa ${COREOS_ASSEMBLER_CONTAINER} "$@"; | |
| podman run --rm --security-opt=label=disable --privileged \ | |
| -v "${COSA_DIR}:/srv/" --device=/dev/kvm \ | |
| --device=/dev/fuse --tmpfs=/tmp -v /var/tmp:/var/tmp --name=cosa "${COREOS_ASSEMBLER_CONTAINER}" "$@" |
|
/retest |
4 similar comments
|
/retest |
|
/retest |
|
/retest |
|
/retest |
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces a testing framework using tmt for coreos-assembler, including a new test plan, a build test script, and updates to the Tekton pipeline for memory resource management. Feedback suggests adding the fetch flag to the build command to ensure necessary metadata is downloaded, increasing the allocated disk space to prevent out-of-space errors during image generation, and removing a fixed container name in the podman command to avoid potential naming conflicts.
| set -x | ||
| podman run --rm --security-opt=label=disable --privileged \ | ||
| -v="${COSA_DIR}":/srv/ --device=/dev/kvm \ | ||
| --device=/dev/fuse --tmpfs=/tmp -v=/var/tmp:/var/tmp --name=cosa "${COREOS_ASSEMBLER_CONTAINER}" "$@"; |
There was a problem hiding this comment.
Using a fixed name --name=cosa for the podman container can lead to conflicts if the test environment is reused or if multiple tests are run in parallel on the same host. Since the container is run with --rm, the name is not strictly necessary for identification. It's safer to omit it.
| --device=/dev/fuse --tmpfs=/tmp -v=/var/tmp:/var/tmp --name=cosa "${COREOS_ASSEMBLER_CONTAINER}" "$@"; | |
| --device=/dev/fuse --tmpfs=/tmp -v=/var/tmp:/var/tmp "${COREOS_ASSEMBLER_CONTAINER}" "$@"; |
| mkdir -p "$COSA_DIR" | ||
| cosa init --force https://github.com/coreos/fedora-coreos-config --branch testing-devel | ||
| # Test if the newly built container can build the fcos image | ||
| cosa build |
There was a problem hiding this comment.
let's also run a set of test.
See
coreos-assembler/.cci.jenkinsfile
Line 42 in 211dee6
|
/retest |
Roshan-R
force-pushed
the
tmt-testing
branch
2 times, most recently
from
51dbef0 to
fa6e4a4
Compare
|
/retest |
…e memory for prepare-sboms Bump the pipeline-docker-build-multi-platform-oci-ta bundle to the latest hash. The prepare-sboms step in the build-images task requires more memory with our current workload and was hitting OOM. Increase memory requests and limits to 2Gi to ensure reliable execution.
Roshan-R
force-pushed
the
tmt-testing
branch
2 times, most recently
from
3836375 to
3c5bfc2
Compare
c4rt0
left a comment
c4rt0
left a comment
There was a problem hiding this comment.
Just a comment based on today's Jenkins experience.
Roshan-R
force-pushed
the
tmt-testing
branch
4 times, most recently
from
48c0022 to
d2f61ed
Compare
Rolv-Apneseth
left a comment
Rolv-Apneseth
left a comment
There was a problem hiding this comment.
Minor things about utils.sh but otherwise LGTM
|
/retest |
3 similar comments
|
/retest |
|
/retest |
|
/retest |
|
/retest |
1 similar comment
|
/retest |
c4rt0
left a comment
c4rt0
left a comment
There was a problem hiding this comment.
Some comment, but other than that this /lgtm
joelcapitao
left a comment
joelcapitao
left a comment
There was a problem hiding this comment.
The code looks good but the TestingFarm jobs are failing because of :
[2026-06-02 08:11:28] [E] [test-schedule-tmt-connect] Failed to get list of plans:
---v---v---v---v---v---
No metadata found in the '.' directory. Use 'tmt init' to get started.
The exception was caused by 1 earlier exceptions
Cause number 1:
Unable to find tree root for '/var/ARTIFACTS/git-main13u1u670'.
What's the difference between those jobs and your coreos-assembler-testing-x86-64-rosh job ?
Introduce a tmt-based test suite for Testing Farm integration in Konflux CI. The new workflow validates that the freshly built coreos-assembler container can initialize and build Fedora CoreOS artifacts from fedora-coreos-config, generate QEMU images, and run kola integration, upgrade, and self-tests.
@joelcapitao the jobs are failing since the tmt code is not yet in the coreos-assmebler main branch. the |
Thank you for the clarification. This means we're not testing the changes we're doing in |
Yeah that would be the better solution to this, let me see how to get it working |
We could use similar approach that we did for f-c-c c.f https://github.com/coreos/fedora-coreos-pipeline/blob/main/tmt/tests/init.sh. In that case we're getting the metadata directly from the OCI image itself. |
Looks like there is no |
We don't explicitly add them but Konflux does it for us, see below: skopeo inspect -n docker://quay.io/redhat-user-workloads/coreos-tenant/coreos-assembler-main:on-pr-32d209f69317a30ab9e14375c7250ea32a0b8cfa | jq .Labels
{
"architecture": "x86_64",
"build-date": "2026-06-10T08:57:15Z",
"io.buildah.version": "1.42.2",
"license": "MIT",
"name": "fedora",
"org.opencontainers.image.created": "2026-06-10T08:57:15Z",
"org.opencontainers.image.license": "MIT",
"org.opencontainers.image.licenses": "MIT",
"org.opencontainers.image.name": "fedora",
"org.opencontainers.image.revision": "32d209f69317a30ab9e14375c7250ea32a0b8cfa",
"org.opencontainers.image.source": "https://github.com/Roshan-R/coreos-assembler",
"org.opencontainers.image.title": "fedora",
"org.opencontainers.image.url": "https://fedoraproject.org/",
"org.opencontainers.image.vendor": "Fedora Project",
"org.opencontainers.image.version": "43",
"quay.expires-after": "5d",
"vcs-ref": "32d209f69317a30ab9e14375c7250ea32a0b8cfa",
"vcs-type": "git",
"vendor": "Fedora Project",
"version": "43"
} |
|
/retest |
2 similar comments
|
/retest |
|
/retest |
|
@Roshan-R I did some research and found out the task already supports what we want :) Check out https://gitlab.com/testing-farm/integrations-konflux/-/tree/main/task/testing-farm-konflux-scheduler?ref_type=heads#optional-inputs-to-testing-farm-request |
yepp, I just found out about this a while ago as well. I have edited the integration tests and have started a re-run. let's see if it will work :) |
Oh I see you've already taken that path as I can't see |
5 participants
Add tmt test infrastructure to hook into Konflux CI via Testing Farm
The new test pulls the newly built coreos-assembler container image and verifies that it can successfully build a Fedora CoreOS image from scratch using a fedora-coreos-config checkout.