test: verify UBI collector build in CI (PR #229 E2E)#3
Closed
sonupreetam wants to merge 2 commits into
Closed
Conversation
BREAKING CHANGE: Container base images switch from Alpine/distroless to
UBI10 (ubi-minimal for certs, ubi-micro for runtime). CA cert path changes
to /etc/pki/tls/certs/ca-bundle.crt. CI jobs run inside UBI10 containers.
hack/ directory contents moved to configs/ and deploy/.
- Add Ginkgo v2 E2E tests at tests/integration/ with per-layer
sub-packages (base, storage, storage-tls, enrichment), mock Compass
TLS server, and shared Go helpers
- Containerize all ci_local.yml jobs on UBI10 with new integration-test
job using vfs storage driver for nested podman
- Add compose profiles (storage, enrichment, debug) with COLLECTOR_CONFIG
env var for layer-specific collector config selection
- Move hack/ contents to configs/ (collector configs, loki, openssl.cnf)
and deploy/ (terraform)
- Centralize tool management in .taskfiles/tools.yml with SHA256
verification via .tool_checksums
- Bump go-gemara to v0.4.0; add Ginkgo CLI as tool directive in go.mod
- Drop unused ctx variable in proofwatch/cmd/validate-logs/main.go
Details:
Integration tests:
- Mock Compass at tests/integration/mock-compass/ serves fixture-driven
/v1/enrich and /healthz responses over TLS
- Typed Go helpers (postEvidence, queryLoki, listS3Objects,
execInContainer) replace Venom HTTP and exec executors
- RustFS test bucket uses anonymous public access for plain HTTP S3
ListObjectsV2 queries
- Ginkgo runs via `go tool ginkgo` (tool directive, no global install)
- CI passes --succinct; local runs use -vv for full hierarchy output
CI (ci_local.yml):
- All jobs run in registry.access.redhat.com/ubi10/ubi:latest with
safe.directory workaround for actions/checkout container job issue
- golangci-lint sets GOWORK=off and GOFLAGS=-buildvcs=false to lint
modules independently in the workspace repo
- integration-test job pins podman-compose with --require-hashes
Compose:
- RustFS healthcheck uses /health (not /minio/health/live)
- Collector volumes use :U flag for podman rootless UID remapping
- Loki queries use indexed resource attributes directly, replacing
the removed {exporter="OTLP"} label
- Fix S3_DISABLE_SSL env var to drop unsupported ${VAR:-default}
syntax in collector config
Refs: complytime/complytime-collector-components#181
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
sonupreetam
force-pushed
the
test/pr229-ubi-verify
branch
from
d27e704 to
7cde7e8
Compare
sonupreetam
force-pushed
the
test/pr229-ubi-verify
branch
from
6eed494 to
295a207
Compare
✅ CRAP Load Analysis: PASS (no baseline)No baseline file found. Showing current scores without comparison. Summary
|
Owner
Author
|
Verification complete. All CI checks passed — UBI Containerfile builds successfully in GitHub Actions CI environment. Closing. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Temporary PR to verify the UBI10 Containerfile build in GitHub Actions CI environment.
This pushes the exact commit from 229 to trigger the
integration-testjob, which builds the collector usingContainerfile.collectorwith UBI10 base images.Purpose: Verify that
microdnf install -y ca-certificatessucceeds in CI's nested podman environment (it fails locally due to subscription-gated RHEL repo access).This PR will be closed after verification.