[CI:BUILD] Podman FCOS image from main

Fixes: #19446, #19447, #19448

[NO NEW TESTS NEEDED]

Co-authored-by: Chris Evich <cevich@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>

.cirrus.yml

@@ -930,6 +930,22 @@ upgrade_test_task:
     always: *logs_artifacts
 
 
+      #fcos_image_build_task:
+    # Only a test. Does not push built images.
+    # Image push to quay will be handled by GHA in
+    # .github/workflows/fcos-podman-next-build.yml
+    #name: "Test Build FCOS image $CTXDIR"
+    #alias: fcos_image_build
+    #only_if: $CIRRUS_PR != '' && $CIRRUS_BASE_BRANCH == 'main' && $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*'
+    #env:
+    #    <<: *stdenvars
+    #    CTXDIR: contrib/podman-next/fcos-podmanimage
+    #    TEST_FLAVOR: "fcos_image_build"
+    #gce_instance: *standardvm
+    #setup_script: *setup
+    #main_script: *main
+
+
 # This task is critical.  It updates the "last-used by" timestamp stored
 # in metadata for all VM images.  This mechanism functions in tandem with
 # an out-of-band pruning operation to remove disused VM images.
@@ -1001,6 +1017,7 @@ success_task:
         - buildah_bud_test
         - rootless_buildah_bud_test
         - upgrade_test
+          #- fcos_image_build
         - meta
     container: &smallcontainer
         image: ${CTR_FQIN}

.github/workflows/fcos-podman-next-build.yml

@@ -0,0 +1,52 @@
+name: Build FCOS image with packages from rhcontainerbot/podman-next
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  IMAGE_NAME: fcos
+  IMAGE_TAGS: latest next podman-next ${{ github.sha }}
+  IMAGE_REGISTRY: quay.io/podman
+  COPR_OWNER: rhcontainerbot
+  COPR_PROJECT: podman-next
+
+jobs:
+  fcos-podman-next-image-build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Set up wait-for-copr
+      run: |
+        pip3 install git+https://github.com/packit/wait-for-copr.git@main
+
+    - name: Wait for successful podman-next build with the latest commit
+      run: |
+        # TODO: add this in the Containerfile itself or as a --build-arg
+        wait-for-copr --owner ${{ env.COPR_OWNER }} --project ${{ env.COPR_PROJECT }} podman $(git rev-parse --short ${{ github.sha }})
+        echo "podman-next build successful."
+
+    - name: Check out code
+      uses: actions/checkout@v3
+
+    - name: Build FCOS Image
+      id: build_image
+      # Ref: https://github.com/redhat-actions/buildah-build
+      uses: redhat-actions/buildah-build@v2
+      with:
+        image: ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: ${{env.IMAGE_TAGS }}
+        containerfiles: |
+          ./contrib/podman-next/fcos-podmanimage/Containerfile .
+
+    - name: Push to Quay
+      id: push-to-quay
+      # Ref: https://github.com/redhat-actions/push-to-registry
+      uses: redhat-actions/push-to-registry@v2
+      with:
+        image: ${{ steps.build-image.outputs.image }}
+        tags: ${{ steps.build-image.outputs.tags }}
+        registry: ${{ env.IMAGE_REGISTRY }}
+        username: ${{ secrets.QUAY_PODMAN_USERNAME }}
+        password: ${{ secrets.QUAY_PODMAN_PASSWORD }}

.packit.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+# This script handles any custom processing of the spec file using the `fix-spec-file`
+# action in .packit.yaml.
+
+set -eox pipefail
+
+PACKAGE=podman
+
+# Set path to rpm spec file
+SPEC_FILE=rpm/$PACKAGE.spec
+
+# Get Version from HEAD
+VERSION=$(grep '^const RawVersion' version/rawversion/version.go | cut -d\" -f2)
+
+# RPM Version can't take "-"
+RPM_VERSION=$(echo $VERSION | sed -e 's/-/~/')
+
+# Generate source tarball from HEAD
+git-archive-all -C $(git rev-parse --show-toplevel) --prefix=$PACKAGE-$VERSION/ rpm/$PACKAGE-$VERSION.tar.gz
+
+# RPM Spec modifications
+
+# Use the Version from HEAD in rpm spec
+sed -i "s/^Version:.*/Version: $RPM_VERSION/" $SPEC_FILE
+
+# Use Packit's supplied variable in the Release field in rpm spec.
+sed -i "s/^Release:.*/Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/" $SPEC_FILE
+
+# Ensure last part of the release string is the git shortcommit without a
+# prepended "g"
+sed -i "/^Release: $PACKIT_RPMSPEC_RELEASE%{?dist}/ s/\(.*\)g/\1/" $SPEC_FILE
+
+# Use above generated tarball as Source in rpm spec
+sed -i "s/^Source0:.*.tar.gz/Source0: $PACKAGE-$VERSION.tar.gz/" $SPEC_FILE
+
+# Update setup macro to use the correct build dir
+sed -i "s/^%autosetup.*/%autosetup -Sgit -n %{name}-$VERSION/" $SPEC_FILE

.packit.yaml

@@ -6,8 +6,13 @@ specfile_path: rpm/podman.spec
 upstream_tag_template: v{version}
 
 srpm_build_deps:
+  - git-archive-all
   - make
 
+actions:
+  fix-spec-file:
+    - "bash .packit.sh"
+
 jobs:
   - job: copr_build
     trigger: pull_request

contrib/cirrus/runner.sh

@@ -338,6 +338,13 @@ function _run_gitlab() {
     return $ret
 }
 
+# TODO: enable fcos_image_build task in cirrus
+#function _run_fcos_image_build() {
+#    # FIXME: Doesn't seem to grab CTXDIR from .cirrus.yml
+#    CTXDIR="contrib/podman-next/fcos-podmanimage"
+#    podman build -t quay.io/podman/fcos:podman-next $CTXDIR
+#}
+
 # Name pattern for logformatter output file, derived from environment
 function output_name() {
     # .cirrus.yml defines this as a short readable string for web UI

contrib/cirrus/setup_environment.sh

@@ -412,6 +412,8 @@ case "$TEST_FLAVOR" in
     swagger)
         make .install.swagger
         ;;
+    #fcos_image_build)
+    #    ;;
     release) ;;
     *) die_unknown TEST_FLAVOR
 esac

contrib/podman-next/fcos-podmanimage/Containerfile

@@ -0,0 +1,19 @@
+FROM quay.io/fedora/fedora-coreos:stable
+
+# Setup the podman-next copr repo
+# The source file for the dnf repo may say `rawhide` but it's release
+# agnostic and `rawhide` in the name is unlikely to change compared
+# with URLs containing fedora release numbers.
+ADD https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-rawhide/rhcontainerbot-podman-next-fedora-rawhide.repos /etc/yum.repos.d/rhcontainerbot-podman-next-fedora.repo
+ADD https://download.copr.fedorainfracloud.org/results/rhcontainerbot/podman-next/pubkey.gpg /etc/pki/rpm-gpg/rhcontainerbot-podman-next-fedora.gpg
+
+# Replace aardvark-dns, conmon, crun, netavark, podman, containers-common
+# Remove moby-engine, containerd, runc
+# Note: Currently does not result in a size reduction for the container image
+RUN rpm-ostree override replace --experimental --freeze \
+    --from repo="copr:copr.fedorainfracloud.org:rhcontainerbot:podman-next" \
+    aardvark-dns crun netavark podman containers-common containers-common-extra && \
+    rpm-ostree override remove moby-engine containerd runc && \
+    ostree container commit
+
+LABEL quay.expires-after=30d