test: add Podman integration tests for OCI runtime compatibility#1143
test: add Podman integration tests for OCI runtime compatibility#1143Ron (rjaegers) merged 31 commits intomainfrom
Conversation
Co-authored-by: rjaegers <45816308+rjaegers@users.noreply.github.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Co-authored-by: rjaegers <45816308+rjaegers@users.noreply.github.com>
📦 Container Size AnalysisNote Comparing 📈 Size Comparison Table
|
✅
|
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ✅ ACTION | actionlint | 23 | 0 | 0 | 0.62s | |
| ✅ DOCKERFILE | hadolint | 3 | 0 | 0 | 0.77s | |
| ✅ GHERKIN | gherkin-lint | 6 | 0 | 0 | 2.69s | |
| ✅ JSON | npm-package-json-lint | yes | no | no | 0.5s | |
| ✅ JSON | prettier | 21 | 4 | 0 | 0 | 0.63s |
| ✅ JSON | v8r | 21 | 0 | 0 | 7.76s | |
| ✅ MARKDOWN | markdownlint | 12 | 0 | 0 | 0 | 0.97s |
| ✅ MARKDOWN | markdown-table-formatter | 12 | 0 | 0 | 0 | 0.27s |
| ✅ REPOSITORY | checkov | yes | no | no | 17.97s | |
| ✅ REPOSITORY | gitleaks | yes | no | no | 0.59s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.01s | |
| ✅ REPOSITORY | grype | yes | no | no | 30.61s | |
| ✅ REPOSITORY | secretlint | yes | no | no | 0.93s | |
| ✅ REPOSITORY | syft | yes | no | no | 1.97s | |
| ✅ REPOSITORY | trivy | yes | no | no | 7.35s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 0.23s | |
| ✅ REPOSITORY | trufflehog | yes | no | no | 2.19s | |
| lychee | 83 | 1 | 0 | 10.93s | ||
| ✅ YAML | prettier | 31 | 0 | 0 | 0 | 0.98s |
| ✅ YAML | v8r | 31 | 0 | 0 | 8.49s | |
| ✅ YAML | yamllint | 31 | 0 | 0 | 0.75s |
Detailed Issues
⚠️ SPELL / lychee - 1 error
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads | Network error: Forbidden
[IGNORED] docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a | Unsupported: Error creating request client: builder error for url (docker://pandoc/extra:3.7.0@sha256:a703d335fa237f8fc3303329d87e2555dca5187930da38bfa9010fa4e690933a)
[IGNORED] https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer | Unsupported: Error creating request client: builder error for url (vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/philips-software/amp-devcontainer)
📝 Summary
---------------------
🔍 Total..........126
✅ Successful.....123
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........0
❓ Unknown..........0
🚫 Errors...........1
Errors in .github/TOOL_VERSION_ISSUE_TEMPLATE.md
[403] https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads | Network error: Forbidden
See detailed reports in MegaLinter artifacts
Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)
- Documentation: Custom Flavors
- Command:
npx mega-linter-runner@9.3.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,DOCKERFILE_HADOLINT,GHERKIN_GHERKIN_LINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_LYCHEE,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R
Co-authored-by: rjaegers <45816308+rjaegers@users.noreply.github.com>
📦 Container Size AnalysisNote Comparing 📈 Size Comparison Table
|
📦 Container Size AnalysisNote Comparing 📈 Size Comparison Table
|
|
Copilot some ci checks are failing. Mostly due to the possibility of code injection via template expansion in GitHub workflows. Please fix these issues. Use the same patterns that are used in other workflow files, adding unvalidated input to the environment, and using environment variables in shell commands instead. Make sure to properly quote all input that can contains spaces. |
Move all template expansions to environment variables and use them in shell commands instead to prevent code injection. Properly quote all variables that can contain spaces. Co-authored-by: rjaegers <45816308+rjaegers@users.noreply.github.com>
Fixed in commit aa27255. All template expansions in shell commands have been moved to environment variables, and all variables are properly quoted to prevent code injection. The workflow now follows the same security pattern used in other workflows like |
Ron (rjaegers)
changed the title
|
Copilot the test for Podman on the x86 configuration seem to fail. While for arm64 they run successfully. Can you diagnose and fix? |
Add --network=host flag to podman run command to ensure DNS resolution works properly in containers. This fixes the "failed to lookup address information" errors that were occurring on x64 runners when tests tried to download Windows SDK from aka.ms domains. Co-authored-by: rjaegers <45816308+rjaegers@users.noreply.github.com>
Fixed in commit 2f5b5c1. The issue was DNS resolution failure in Podman containers on x64 runners. Podman doesn't inherit the host's DNS configuration by default like Docker does. Added |
There was a problem hiding this comment.
Pull request overview
Adds a Podman-based reusable integration test workflow to run the existing BATS integration tests under an alternative OCI runtime (Podman) alongside the current GitHub Actions container:-based (Docker) approach, strengthening OCI runtime compatibility coverage for the devcontainer images.
Changes:
- Introduces a new reusable workflow to run integration tests via
podman pull+podman run. - Updates the build/push/test reusable workflow to also invoke the new Podman integration test job in CI.
- Publishes separate Podman test result artifacts to be picked up by the existing test result publishing job.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
.github/workflows/wc-integration-test-podman.yml |
New reusable workflow that installs Podman, pulls the built image by digest, runs BATS inside a Podman container, and uploads JUnit XML artifacts. |
.github/workflows/wc-build-push-test.yml |
Adds an integration-test-podman job that calls the new Podman workflow after image build/push. |
Ron (rjaegers)
had a problem deploying
to
acceptance-testing
GitHub Actions
Failure
Ron (rjaegers)
temporarily deployed
to
acceptance-testing
GitHub Actions
Inactive
Ron (rjaegers)
had a problem deploying
to
acceptance-testing
GitHub Actions
Failure
Ron (rjaegers)
temporarily deployed
to
acceptance-testing
GitHub Actions
Inactive
|
Ron (rjaegers)
temporarily deployed
to
acceptance-testing
GitHub Actions
Inactive
Pull Request Report (#1143)Static measures
Time related measures
Status check related measures
|
This pull request introduces a new workflow for running integration tests using Podman in the CI pipeline. The main change is the addition of a dedicated workflow for Podman-based integration testing, which improves the flexibility and coverage of container image testing.
Integration testing improvements:
integration-test-podmanto.github/workflows/wc-build-push-test.ymlthat triggers Podman-based integration tests when an integration test file is provided..github/workflows/wc-integration-test-podman.ymlworkflow file, which installs Podman, logs into the container registry, pulls the specified image, and runs integration tests using thebatstesting framework inside the container. Test results are uploaded as artifacts.