From 7d22834d5dfe766646c86c73a83c4c0b555a3513 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= <thozza@redhat.com>
Date: Mon, 6 Jan 2025 06:25:22 +0100
Subject: [PATCH 1/5] update-schutzfile-osbuild: update commit in all distos
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Modify the script to not only update osbuild dependency commit for all
distros defined in the Schutzfile, but also define it for any distros
that didn't have it.

This will ensure consistency of using a well known osbuild version when
testing image builds in CI and storing it in the S3 CI cache with the
osbuild ref being part of the object prefix.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
---
 test/scripts/update-schutzfile-osbuild | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/test/scripts/update-schutzfile-osbuild b/test/scripts/update-schutzfile-osbuild
index 77036c509a..091a4cebb4 100755
--- a/test/scripts/update-schutzfile-osbuild
+++ b/test/scripts/update-schutzfile-osbuild
@@ -30,8 +30,10 @@ def update_osbuild_commit_ids(new):
         data = json.load(schutzfile)
 
     for distro in data.keys():
-        if data[distro].get("dependencies", {}).get("osbuild", {}).get("commit", {}):
-            data[distro]["dependencies"]["osbuild"]["commit"] = new
+        if distro == "common":
+            continue
+
+        data[distro].setdefault("dependencies", {}).setdefault("osbuild", {})["commit"] = new
 
     with open(testlib.SCHUTZFILE, encoding="utf-8", mode="w") as schutzfile:
         json.dump(data, schutzfile, indent="  ")

From 12a27d1309107b2d97722eed85961b45baefc39c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= <thozza@redhat.com>
Date: Mon, 6 Jan 2025 06:30:09 +0100
Subject: [PATCH 2/5] setup-osbuild-repo: fail if no osbuild dep commit is
 defined
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Modify the script to fail in case the host distro version does not have
the osbuild dependency commit ID defined in the Schutzfile. This will
ensure that we'll always use a well-known osbuild version for testing
image builds and for the artifacts stored in the S3 cache.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
---
 test/scripts/setup-osbuild-repo | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/scripts/setup-osbuild-repo b/test/scripts/setup-osbuild-repo
index ea42fe26ec..74f9a8bbfb 100755
--- a/test/scripts/setup-osbuild-repo
+++ b/test/scripts/setup-osbuild-repo
@@ -55,8 +55,8 @@ def main():
     distro_version = osrelease["ID"] + "-" + osrelease["VERSION_ID"]
     commit_id = testlib.get_osbuild_commit(distro_version)
     if not commit_id:
-        print("No commit ID defined for osbuild")
-        return
+        print(f"Error: {distro_version} does not have the osbuild commit ID defined in the Schutzfile")
+        sys.exit(1)
 
     write_repo(commit_id, distro_version)
 

From 365c3dfd09f5497624b8ec5444e7c5cdfac02dfa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= <thozza@redhat.com>
Date: Mon, 6 Jan 2025 10:25:25 +0100
Subject: [PATCH 3/5] Schutzfile: define osbuild dependency commit for all
 tested distros
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Make sure that the osbuild dependency commit is defined for all distros
on which we setup the osbuild repository. Specifically whose that we run
in GH actions and in GitLab CI.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
---
 Schutzfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Schutzfile b/Schutzfile
index 5b78e6b43d..055ac17bc5 100644
--- a/Schutzfile
+++ b/Schutzfile
@@ -6,14 +6,14 @@
     },
     "gitlab-ci-runner": "aws/fedora-41"
   },
-  "centos-8": {
+  "centos-9": {
     "dependencies": {
       "osbuild": {
         "commit": "fcb93bde01d4a027c67b5747c8f976ceb4fc8d80"
       }
     }
   },
-  "centos-9": {
+  "centos-10": {
     "dependencies": {
       "osbuild": {
         "commit": "fcb93bde01d4a027c67b5747c8f976ceb4fc8d80"

From b081feabcd185bb41023be2c0cee6e52af8b00a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= <thozza@redhat.com>
Date: Mon, 6 Jan 2025 10:29:58 +0100
Subject: [PATCH 4/5] Schutzfile: don't define repo overrides for F40
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We no longer run F40 in GitLab CI, so there's not need to define repo
overrides for it. We do not override system repositories for GH actions.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
---
 Schutzfile | 38 +-------------------------------------
 1 file changed, 1 insertion(+), 37 deletions(-)

diff --git a/Schutzfile b/Schutzfile
index 055ac17bc5..2577f5f749 100644
--- a/Schutzfile
+++ b/Schutzfile
@@ -25,43 +25,7 @@
       "osbuild": {
         "commit": "fcb93bde01d4a027c67b5747c8f976ceb4fc8d80"
       }
-    },
-    "repos": [
-      {
-        "file": "/etc/yum.repos.d/fedora.repo",
-        "x86_64": [
-          {
-            "title": "fedora",
-            "name": "fedora",
-            "baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/f40/f40-x86_64-fedora-20240514"
-          }
-        ],
-        "aarch64": [
-          {
-            "title": "fedora",
-            "name": "fedora",
-            "baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/f40/f40-aarch64-fedora-20240514"
-          }
-        ]
-      },
-      {
-        "file": "/etc/yum.repos.d/fedora-updates.repo",
-        "x86_64": [
-          {
-            "title": "updates",
-            "name": "updates",
-            "baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/f40/f40-x86_64-updates-released-20250101"
-          }
-        ],
-        "aarch64": [
-          {
-            "title": "updates",
-            "name": "updates",
-            "baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/f40/f40-aarch64-updates-released-20250101"
-          }
-        ]
-      }
-    ]
+    }
   },
   "fedora-41": {
     "dependencies": {

From b7485d903c59789cf24d4ad728dba4f035be8e46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= <thozza@redhat.com>
Date: Mon, 6 Jan 2025 10:31:28 +0100
Subject: [PATCH 5/5] GH actions/test: don't setup repos outside of the
 container env
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

I noticed that the action that is running unit tests on Fedora was
setting up YUM repository for osbuild on the Ubuntu runner and then
again inside the Fedora container in which it runs unit tests.

Setting the osbuild YUM repository on the Ubuntu runner is useless,
therefore delete the task.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
---
 .github/workflows/tests.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 46f8ad8b1f..4d9aefc536 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -30,9 +30,6 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
-      - name: Set up repository for pinned osbuild commit
-        run: ./test/scripts/setup-osbuild-repo
-
       - name: Run unit tests
         run: make BASE_CONTAINER_IMAGE_TAG=${{matrix.fedora_version}} gh-action-test