[release-1.41] Packit: Limit packit jobs to RHEL 9 and RHEL 10

.packit.yaml

@@ -5,145 +5,113 @@
 downstream_package_name: buildah
 upstream_tag_template: v{version}
 
-# These files get synced from upstream to downstream (Fedora / CentOS Stream) on every
-# propose-downstream job. This is done so tests maintained upstream can be run
-# downstream in Zuul CI and Bodhi.
-# Ref: https://packit.dev/docs/configuration#files_to_sync
-files_to_sync:
-  - src: rpm/gating.yaml
-    dest: gating.yaml
-    delete: true
-  - src: plans/
-    dest: plans/
-    delete: true
-    mkpath: true
-  - src: tests/tmt/
-    dest: tests/tmt/
-    delete: true
-    mkpath: true
-  - src: .fmf/
-    dest: .fmf/
-    delete: true
-  - .packit.yaml
+specfile_path: rpm/buildah.spec
 
-packages:
-  buildah-fedora:
-    pkg_tool: fedpkg
-    specfile_path: rpm/buildah.spec
-  buildah-centos:
-    pkg_tool: centpkg
-    specfile_path: rpm/buildah.spec
-  buildah-eln:
-    specfile_path: rpm/buildah.spec
+# Disable automatic merging for Copr builds (and subsequent Testing Farm)
+merge_pr_in_ci: false
 
 srpm_build_deps:
   - make
 
 jobs:
   - job: copr_build
     trigger: pull_request
-    packages: [buildah-fedora]
-    notifications: &copr_build_failure_notification
+    notifications:
       failure_comment:
-        message: "Ephemeral COPR build failed. @containers/packit-build please check."
-    # Fedora aliases documentation: https://packit.dev/docs/configuration#aliases
-    # python3-fedora-distro-aliases provides `resolve-fedora-aliases` command
-    targets: &fedora_copr_targets
-      - fedora-all-x86_64
-      - fedora-all-aarch64
-    enable_net: true
-    # Disable osh diff scan until Go support is available
-    # Ref: https://github.com/openscanhub/known-false-positives/pull/30#issuecomment-2858698495
-    osh_diff_scan_after_copr_build: false
-
-  # Ignore until golang is updated in distro buildroot to 1.23.3+
-  - job: copr_build
-    trigger: ignore
-    packages: [buildah-eln]
-    notifications: *copr_build_failure_notification
+        message: "Packit jobs failed. @containers/packit-build please check."
     targets:
-      fedora-eln-x86_64:
-        additional_repos:
-          - "https://kojipkgs.fedoraproject.org/repos/eln-build/latest/x86_64/"
-      fedora-eln-aarch64:
-        additional_repos:
-          - "https://kojipkgs.fedoraproject.org/repos/eln-build/latest/aarch64/"
+      - epel-9-x86_64
+      - epel-9-aarch64
+      - epel-10-x86_64
+      - epel-10-aarch64
     enable_net: true
 
-  # Ignore until golang is updated in distro buildroot to 1.23.3+
-  - job: copr_build
-    trigger: ignore
-    packages: [buildah-centos]
-    notifications: *copr_build_failure_notification
-    targets: &centos_copr_targets
-      - centos-stream-9-x86_64
-      - centos-stream-9-aarch64
-      - centos-stream-10-x86_64
-      - centos-stream-10-aarch64
-    enable_net: true
+  # Rootful integration tests on RHEL 9 and RHEL 10 using internal Testing Farm ranch
+  - job: tests
+    trigger: pull_request
+    identifier: integration-tests
+    use_internal_tf: true
+    targets: &rhel_targets
+      epel-9-x86_64:
+        distros: [RHEL-9-Nightly]
+      epel-10-x86_64: &rhel10_target
+        distros: [RHEL-10-Nightly]
+    tf_extra_params:
+      test:
+        tmt:
+          name: ^/plans/root-integration$
 
-  # Run on commit to main branch
-  - job: copr_build
-    trigger: commit
-    packages: [buildah-fedora]
-    notifications:
-      failure_comment:
-        message: "podman-next COPR build failed. @containers/packit-build please check."
-    branch: main
-    owner: rhcontainerbot
-    project: podman-next
-    enable_net: true
+  # Unit tests on RHEL 9 and RHEL 10 using internal Testing Farm ranch
+  - job: tests
+    trigger: pull_request
+    identifier: unit-tests
+    use_internal_tf: true
+    skip_build: true
+    targets: *rhel_targets
+    tf_extra_params:
+      test:
+        tmt:
+          name: ^/plans/unit$
 
-  # Tests on Fedora for main branch PRs
+  # Smoke tests (build and validation) on RHEL 10 only
   - job: tests
     trigger: pull_request
-    packages: [buildah-fedora]
+    identifier: smoke-tests
+    use_internal_tf: true
+    skip_build: true
     targets:
-      - fedora-all-x86_64
+      epel-10-x86_64: *rhel10_target
     tf_extra_params:
-      environments:
-        - artifacts:
-          - type: repository-file
-            id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/fedora-$releasever/rhcontainerbot-podman-next-fedora-$releasever.repo
+      test:
+        tmt:
+          name: ^/plans/smoke$
 
-  # Ignore until golang is updated in distro buildroot to 1.23.3+
-  # Tests on CentOS Stream for main branch PRs
+  # Vendor tests on RHEL 10 only
   - job: tests
-    trigger: ignore
-    packages: [buildah-centos]
+    trigger: pull_request
+    identifier: vendor-tests
+    use_internal_tf: true
+    skip_build: true
     targets:
-      - centos-stream-9-x86_64
-      - centos-stream-10-x86_64
+      epel-10-x86_64: *rhel10_target
     tf_extra_params:
-      environments:
-        - artifacts:
-          - type: repository-file
-            id: https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/repo/centos-stream-$releasever/rhcontainerbot-podman-next-centos-stream-$releasever.repo
+      test:
+        tmt:
+          name: ^/plans/vendor$
 
-  # Sync to Fedora
-  - job: propose_downstream
-    trigger: release
-    packages: [buildah-fedora]
-    update_release: false
-    dist_git_branches: &fedora_targets
-      - fedora-all
+  # Cross-compile tests on RHEL 10 only
+  - job: tests
+    trigger: pull_request
+    identifier: cross-compile
+    use_internal_tf: true
+    skip_build: true
+    targets:
+      epel-10-x86_64: *rhel10_target
+    tf_extra_params:
+      test:
+        tmt:
+          name: ^/plans/cross$
 
-  # Sync to CentOS Stream
-  - job: propose_downstream
-    trigger: release
-    packages: [buildah-centos]
-    update_release: false
-    dist_git_branches:
-      - c10s
+  # Rootless integration tests on RHEL 9 and RHEL 10
+  - job: tests
+    trigger: pull_request
+    identifier: rootless-tests
+    use_internal_tf: true
+    targets: *rhel_targets
+    tf_extra_params:
+      test:
+        tmt:
+          name: ^/plans/rootless-integration$
 
-  # Fedora Koji build
-  - job: koji_build
-    trigger: commit
-    packages: [buildah-fedora]
-    sidetag_group: podman-releases
-    # Dependents are not rpm dependencies, but the package whose bodhi update
-    # should include this package.
-    # Ref: https://packit.dev/docs/fedora-releases-guide/releasing-multiple-packages
-    dependents:
-      - podman
-    dist_git_branches: *fedora_targets
+  # Containerized integration tests on RHEL 10 only
+  - job: tests
+    trigger: pull_request
+    identifier: in-podman-tests
+    use_internal_tf: true
+    skip_build: true
+    targets:
+      epel-10-x86_64: *rhel10_target
+    tf_extra_params:
+      test:
+        tmt:
+          name: ^/plans/in-podman$

copier/copier.go

@@ -1168,7 +1168,7 @@ func copierHandlerStat(req request, pm *fileutils.PatternMatcher, idMappings *id
 					hostPair := idtools.IDPair{UID: uid, GID: gid}
 					uid, gid, err = idMappings.ToContainer(hostPair)
 					if err != nil {
-						return errorResponse("copier: stat: mapping host filesystem owners %#v to container filesystem owners: %w", hostPair, err)
+						return errorResponse("copier: stat: mapping host filesystem owners %#v to container filesystem owners: %v", hostPair, err)
 					}
 				}
 				result.UID, result.GID = int64(uid), int64(gid)
@@ -2227,7 +2227,7 @@ func copierHandlerMkdir(req request, idMappings *idtools.IDMappings) (*response,
 				return errorResponse("copier: mkdir: error setting owner of %q to %d:%d: %v", path, dirUID, dirGID, err)
 			}
 			if err = chmod(path, dirMode); err != nil {
-				return errorResponse("copier: mkdir: error setting permissions on %q to 0%o: %v", path, dirMode)
+				return errorResponse("copier: mkdir: error setting permissions on %q to 0%o: %v", path, dirMode, err)
 			}
 			created = append(created, path)
 		} else {
@@ -2409,7 +2409,7 @@ func copierHandlerEnsure(req request, idMappings *idtools.IDMappings) *response
 					return errorResponse("copier: ensure: error setting owner of %q to %d:%d: %v", leaf, uid, gid, err)
 				}
 				if err = chmod(filepath.Join(req.Root, leaf), mode); err != nil {
-					return errorResponse("copier: ensure: error setting permissions on %q to 0%o: %v", leaf, mode)
+					return errorResponse("copier: ensure: error setting permissions on %q to 0%o: %v", leaf, mode, err)
 				}
 				if item.ModTime != nil {
 					if err := os.Chtimes(filepath.Join(req.Root, leaf), *item.ModTime, *item.ModTime); err != nil {

hack/tree_status.sh

@@ -1,7 +1,8 @@
 #!/usr/bin/env bash
 set -e
 
-STATUS=$(git status --porcelain)
+# Check only tracked files (ignore untracked files like build artifacts)
+STATUS=$(git status --porcelain | grep -v '^??' || true)
 if [[ -z $STATUS ]]
 then
 	echo "tree is clean"

plans/main.fmf

@@ -1,25 +1,14 @@
 discover:
     how: fmf
+    sync-repo: true
 
 execute:
     how: tmt
 
 prepare:
-    - when: distro == centos-stream or distro == rhel
-      how: shell
-      script: |
-        dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm --eval '%{?rhel}').noarch.rpm
-        dnf -y config-manager --set-enabled epel
+    - how: feature
+      epel: enabled
       order: 10
-    - when: initiator == packit
-      how: shell
-      script: |
-        COPR_REPO_FILE="/etc/yum.repos.d/*podman-next*.repo"
-        if compgen -G $COPR_REPO_FILE > /dev/null; then
-            sed -i -n '/^priority=/!p;$apriority=1' $COPR_REPO_FILE
-        fi
-        dnf -y upgrade --allowerasing
-      order: 20
 
 provision:
     how: artemis
@@ -31,4 +20,57 @@ provision:
         disk:
             - size: ">= 512 GB"
 
+finish:
+    how: shell
+    script: |
+        # Archive logs to TMT_PLAN_DATA for post-test analysis
+        mkdir -p "$TMT_PLAN_DATA/logs"
+
+        # Copy audit logs (SELinux denials, audit events)
+        if [ -f /var/log/audit/audit.log ]; then
+            cp /var/log/audit/audit.log "$TMT_PLAN_DATA/logs/"
+            echo "Audit logs copied to $TMT_PLAN_DATA/logs/audit.log"
+        else
+            echo "No audit log found at /var/log/audit/audit.log"
+        fi
+
+        # Capture full journal (current boot only)
+        journalctl -b --no-pager --all --output=short-precise &> "$TMT_PLAN_DATA/logs/journal.log"
+        echo "Journal output saved to $TMT_PLAN_DATA/logs/journal.log"
+
+        echo "All logs archived to $TMT_PLAN_DATA/logs/"
+
+/root-integration:
+    summary: Rootful system integration tests
+    discover+:
+        test: /tests/tmt/integration/root
+
+/rootless-integration:
+    summary: Rootless system integration tests
+    discover+:
+        test: /tests/tmt/integration/rootless
+
+/unit:
+    summary: Unit tests
+    discover+:
+        test: /tests/tmt/unit
+
+/smoke:
+    summary: Smoke tests (build and validation)
+    discover+:
+        test: /tests/tmt/smoke
+
+/vendor:
+    summary: Vendor dependency tests
+    discover+:
+        test: /tests/tmt/vendor
+
+/cross:
+    summary: Cross-compile tests
+    discover+:
+        test: /tests/tmt/cross
 
+/in-podman:
+    summary: Containerized integration tests
+    discover+:
+        test: /tests/tmt/in-podman