diff --git a/test/bin/scenario.sh b/test/bin/scenario.sh index 5d429861aa..c5bb83550b 100755 --- a/test/bin/scenario.sh +++ b/test/bin/scenario.sh @@ -295,6 +295,57 @@ sos_report_for_vm_offline() { "--filename" "*.log" } +get_lrel_release_image_url() { + local -r brew_lrel_release_version="$1" + local image_url="" + + # Strip the rpm release suffix and convert tilde to dash. + # "4.19.7-202501010000.p0.gc62e92f.assembly.4.19.7.el9" -> "4.19.7" + # "4.20.0~rc.3-..." -> "4.20.0-rc.3" + local -r ="$(echo "${brew_lrel_release_version}" \ + | sed -E 's/(.*)-.*/\1/' \ + | sed -E 's/(.*)~(.*)/\1-\2/')" + + # EC and RC releases have their bootc pullspec published on the mirror. + local mirror_path="" + if [[ "${release_version}" == *"ec"* ]]; then + mirror_path="ocp-dev-preview" + elif [[ "${release_version}" == *"rc"* ]]; then + mirror_path="ocp" + fi + + if [ -n "${mirror_path}" ]; then + if ! image_url="$(curl -fsS --retry 3 \ + "https://mirror.openshift.com/pub/openshift-v4/${UNAME_M}/microshift/${mirror_path}/${release_version}/el9/bootc-pullspec.txt")"; then + image_url="" + fi + echo "${image_url}" + return + fi + + # GA releases: resolve the arch-specific image digest from the registry. + local arch="" + if [[ "${UNAME_M}" =~ x86 ]]; then + arch="amd64" + elif [[ "${UNAME_M}" =~ aarch ]]; then + arch="arm64" + fi + + local sha_id="" + for registry in "registry.redhat.io" "registry.stage.redhat.io"; do + if ! sha_id=$(skopeo inspect --raw --authfile "${PULL_SECRET}" \ + "docker://${registry}/openshift4/microshift-bootc-rhel9:v${release_version}" 2>/dev/null | \ + jq -r ".manifests[] | select(.platform.architecture==\"${arch}\") | .digest" 2>/dev/null); then + sha_id="" + fi + if [[ "${sha_id}" =~ ^sha256:[0-9a-f]{64}$ ]]; then + image_url="${registry}/openshift4/microshift-bootc-rhel9@${sha_id}" + break + fi + done + echo "${image_url}" +} + # Public function to render a unique kickstart from a template for a # VM in a scenario. # diff --git a/test/scenarios-bootc/releases/el96-crel@published-images-standard1.sh b/test/scenarios-bootc/releases/el96-crel@published-images-standard1.sh deleted file mode 100644 index db13cd01ec..0000000000 --- a/test/scenarios-bootc/releases/el96-crel@published-images-standard1.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash - -# Sourced from scenario.sh and uses functions defined there. - -# Enable container signature verification for published MicroShift images. -# These are ec / rc / z-stream, thus guaranteed to be signed. -# shellcheck disable=SC2034 # used elsewhere -IMAGE_SIGSTORE_ENABLED=true - -scenario_create_vms() { - if [[ "${CURRENT_RELEASE_REPO}" == "" ]] ; then - # Empty string means there's no EC build yet, so the test needs to be skipped. - exit 0 - fi - - local bootc_spec - if [[ "${CURRENT_RELEASE_REPO}" == http* ]] ; then - # Discover a pre-release MicroShift bootc image reference on the mirror - local -r mirror_url="$(dirname "${CURRENT_RELEASE_REPO}")/bootc-pullspec.txt" - - bootc_spec="$(curl -s "${mirror_url}")" - if [ -z "${bootc_spec}" ] || [[ "${bootc_spec}" != quay.io/openshift* ]] ; then - echo "ERROR: Failed to retrieve a bootc pull spec from '${mirror_url}'" - exit 1 - fi - else - # Use the latest released MicroShift bootc image reference in public - # registry for the current minor version - bootc_spec="registry.redhat.io/openshift4/microshift-bootc-rhel9:v4.${MINOR_VERSION}" - fi - - prepare_kickstart host1 kickstart-bootc.ks.template "${bootc_spec}" - launch_vm --boot_blueprint rhel96-bootc - - # Open the firewall ports. Other scenarios get this behavior by embedding - # settings in the blueprint, but we cannot open firewall ports in published - # images. We need to do this step before running the RF suite so that suite - # can assume it can reach all of the same ports as for any other test. - configure_vm_firewall host1 -} - -scenario_remove_vms() { - if [[ "${CURRENT_RELEASE_REPO}" == "" ]] ; then - # Empty string means there's no EC build yet, so the test needs to be skipped. - exit 0 - fi - remove_vm host1 -} - -scenario_run_tests() { - if [[ "${CURRENT_RELEASE_REPO}" == "" ]] ; then - # Empty string means there's no EC build yet, so the test needs to be skipped. - exit 0 - fi - run_tests host1 \ - --variable "EXPECTED_OS_VERSION:9.6" \ - --variable "IMAGE_SIGSTORE_ENABLED:True" \ - suites/standard1/ -} diff --git a/test/scenarios-bootc/releases/el96-crel@published-images-standard2.sh b/test/scenarios-bootc/releases/el96-crel@published-images-standard2.sh deleted file mode 100644 index ddd3b448c9..0000000000 --- a/test/scenarios-bootc/releases/el96-crel@published-images-standard2.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash - -# Sourced from scenario.sh and uses functions defined there. - -# Enable container signature verification for published MicroShift images. -# These are ec / rc / z-stream, thus guaranteed to be signed. -# shellcheck disable=SC2034 # used elsewhere -IMAGE_SIGSTORE_ENABLED=true - -scenario_create_vms() { - if [[ "${CURRENT_RELEASE_REPO}" == "" ]] ; then - # Empty string means there's no EC build yet, so the test needs to be skipped. - exit 0 - fi - - local bootc_spec - if [[ "${CURRENT_RELEASE_REPO}" == http* ]] ; then - # Discover a pre-release MicroShift bootc image reference on the mirror - local -r mirror_url="$(dirname "${CURRENT_RELEASE_REPO}")/bootc-pullspec.txt" - - bootc_spec="$(curl -s "${mirror_url}")" - if [ -z "${bootc_spec}" ] || [[ "${bootc_spec}" != quay.io/openshift* ]] ; then - echo "ERROR: Failed to retrieve a bootc pull spec from '${mirror_url}'" - exit 1 - fi - else - # Use the latest released MicroShift bootc image reference in public - # registry for the current minor version - bootc_spec="registry.redhat.io/openshift4/microshift-bootc-rhel9:v4.${MINOR_VERSION}" - fi - - prepare_kickstart host1 kickstart-bootc.ks.template "${bootc_spec}" - launch_vm --boot_blueprint rhel96-bootc - - # Open the firewall ports. Other scenarios get this behavior by embedding - # settings in the blueprint, but we cannot open firewall ports in published - # images. We need to do this step before running the RF suite so that suite - # can assume it can reach all of the same ports as for any other test. - configure_vm_firewall host1 -} - -scenario_remove_vms() { - if [[ "${CURRENT_RELEASE_REPO}" == "" ]] ; then - # Empty string means there's no EC build yet, so the test needs to be skipped. - exit 0 - fi - remove_vm host1 -} - -scenario_run_tests() { - if [[ "${CURRENT_RELEASE_REPO}" == "" ]] ; then - # Empty string means there's no EC build yet, so the test needs to be skipped. - exit 0 - fi - run_tests host1 \ - --variable "IMAGE_SIGSTORE_ENABLED:True" \ - suites/standard2/ -} diff --git a/test/scenarios-bootc/releases/el96-lrel@published-images-standard1.sh b/test/scenarios-bootc/releases/el96-lrel@published-images-standard1.sh new file mode 100644 index 0000000000..16d2be43a9 --- /dev/null +++ b/test/scenarios-bootc/releases/el96-lrel@published-images-standard1.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +# Enable container signature verification for published MicroShift images. +# These are ec / rc / zstream, thus guaranteed to be signed. +# shellcheck disable=SC2034 # used elsewhere +IMAGE_SIGSTORE_ENABLED=true + +LATEST_RELEASE_IMAGE_URL="$(get_lrel_release_image_url "${BREW_LREL_RELEASE_VERSION}")" + +exit_if_latest_release_image_not_set() { + if [[ "${LATEST_RELEASE_IMAGE_URL}" == "" ]] ; then + echo "LATEST_RELEASE_IMAGE_URL is not set - skipping test" + exit 0 + fi +} + +scenario_create_vms() { + exit_if_latest_release_image_not_set + + prepare_kickstart host1 kickstart-bootc.ks.template "${LATEST_RELEASE_IMAGE_URL}" + launch_vm --boot_blueprint rhel96-bootc + + # Open the firewall ports. Other scenarios get this behavior by embedding + # settings in the blueprint, but we cannot open firewall ports in published + # images. We need to do this step before running the RF suite so that suite + # can assume it can reach all of the same ports as for any other test. + configure_vm_firewall host1 +} + +scenario_remove_vms() { + exit_if_latest_release_image_not_set + + remove_vm host1 +} + +scenario_run_tests() { + exit_if_latest_release_image_not_set + + run_tests host1 \ + --variable "EXPECTED_OS_VERSION:9.6" \ + --variable "IMAGE_SIGSTORE_ENABLED:True" \ + suites/standard1/ suites/selinux/validate-selinux-policy.robot +} diff --git a/test/scenarios-bootc/releases/el96-lrel@published-images-standard2.sh b/test/scenarios-bootc/releases/el96-lrel@published-images-standard2.sh new file mode 100644 index 0000000000..a5051793e7 --- /dev/null +++ b/test/scenarios-bootc/releases/el96-lrel@published-images-standard2.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# Sourced from scenario.sh and uses functions defined there. + +# Enable container signature verification for published MicroShift images. +# These are ec / rc / zstream, thus guaranteed to be signed. +# shellcheck disable=SC2034 # used elsewhere +IMAGE_SIGSTORE_ENABLED=true + +LATEST_RELEASE_IMAGE_URL="$(get_lrel_release_image_url "${BREW_LREL_RELEASE_VERSION}")" + +exit_if_latest_release_image_not_set() { + if [[ "${LATEST_RELEASE_IMAGE_URL}" == "" ]] ; then + echo "LATEST_RELEASE_IMAGE_URL is not set - skipping test" + exit 0 + fi +} + +scenario_create_vms() { + exit_if_latest_release_image_not_set + + prepare_kickstart host1 kickstart-bootc.ks.template "${LATEST_RELEASE_IMAGE_URL}" + launch_vm --boot_blueprint rhel96-bootc + + # Open the firewall ports. Other scenarios get this behavior by embedding + # settings in the blueprint, but we cannot open firewall ports in published + # images. We need to do this step before running the RF suite so that suite + # can assume it can reach all of the same ports as for any other test. + configure_vm_firewall host1 +} + +scenario_remove_vms() { + exit_if_latest_release_image_not_set + + remove_vm host1 +} + +scenario_run_tests() { + exit_if_latest_release_image_not_set + + run_tests host1 \ + --variable "IMAGE_SIGSTORE_ENABLED:True" \ + suites/standard2/ +}