Skip to content

ci: move functional tests from Konflux to GitHub Actions#1242

Open
decko wants to merge 4 commits into
pulp:mainfrom
decko:feat/gha-functional-tests
Open

ci: move functional tests from Konflux to GitHub Actions#1242
decko wants to merge 4 commits into
pulp:mainfrom
decko:feat/gha-functional-tests

Conversation

@decko
Copy link
Copy Markdown
Member

@decko decko commented Jun 3, 2026
edited by sourcery-ai Bot
Loading

Summary

  • Add GHA workflow that runs the 6 functional test suites using the dev container (build inline with GHA cache, start, generate bindings, run tests)
  • Remove the pulp-functional-tests task from the Konflux deploy-and-test pipeline (-127 lines)
  • Rewire push-api-json-files-to-pulp to run after install-bindings directly

Konflux keeps only what requires its infrastructure: image build, security scans, deployment verification, API schema push, and PyPI publishing.

Test plan

  • GHA functional tests workflow triggers and passes on this PR
  • Verify dev container builds successfully with GHA cache
  • Verify all 6 test suites run and produce JUnit artifacts
  • Verify Konflux PR pipeline still builds/scans the image
  • Verify Konflux deploy-and-test still deploys, builds bindings, and pushes API schemas

🤖 Generated with Claude Code

Summary by Sourcery

Move functional test execution from the Konflux pipeline to a new GitHub Actions workflow using the dev container while keeping Konflux focused on image build, scans, deployment verification, API schema publishing, and PyPI releases.

CI:

  • Add a GitHub Actions workflow that builds the dev container, runs six functional test suites, and uploads JUnit artifacts on pull requests to main.
  • Remove the pulp-functional-tests task from the Tekton deploy-and-test pipeline, and update the API schema push task to run after install-bindings instead.

@sourcery-ai
Copy link
Copy Markdown
Contributor

sourcery-ai Bot commented Jun 3, 2026
edited
Loading

Reviewer's Guide

Moves functional test execution from the Konflux Tekton pipeline into a new GitHub Actions workflow that builds and runs the dev container, executes six focused functional test suites, and uploads JUnit artifacts, while simplifying the Konflux deploy-and-test pipeline dependencies.

File-Level Changes

Change Details Files
Remove Konflux Tekton task that ran functional tests against the ephemeral OpenShift environment and adjust downstream task dependency.
  • Delete the pulp-functional-tests task, including its parameters, Bonfire-based OpenShift login, oc_wrapper helpers, and all inline pytest invocations for the six functional suites.
  • Retain the rest of the deploy-and-test pipeline and its earlier tasks (including install-bindings) unchanged.
  • Change the push-api-json-files-to-pulp task to run after install-bindings instead of after the removed pulp-functional-tests task.
 .tekton/pulp-deploy-and-test.yaml
Introduce a GitHub Actions workflow to run the six functional test suites inside the dev container on pull requests.
  • Trigger on pull_request events to main with minimal read permissions.
  • Build the dev-container image via docker/build-push-action with GHA cache configuration and run it as a long-lived pulp-dev container with constrained worker counts.
  • Poll the Pulp API inside the container until it becomes ready, failing with container logs if it never does.
  • Install pytest and functional test dependencies inside the container and generate client bindings via pulp-test --bindings-only.
  • Execute six separate pytest runs (rpm parallel, rpm serial, pulpcore, maven, npm, service) using localhost API endpoint and fixed admin credentials, each producing a distinct JUnit XML file under /tmp.
  • Copy all JUnit XMLs out of the container into a test-results directory and upload them as an artifact, and dump container logs when the job fails.
 .github/workflows/functional-tests.yml
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai Bot reviewed Jun 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@sourcery-ai sourcery-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • The workflow repeats the same docker exec pulp-dev + environment setup across all six test steps; consider factoring shared env vars into a job-level env: block or a small wrapper script to reduce duplication and keep the test commands easier to maintain.
  • Add an explicit cleanup step (e.g. docker rm -f pulp-dev with if: always()) to ensure the dev container is removed in all cases, which will help avoid stray containers on reused or locally-run GitHub Actions runners.
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- The workflow repeats the same `docker exec pulp-dev` + environment setup across all six test steps; consider factoring shared env vars into a job-level `env:` block or a small wrapper script to reduce duplication and keep the test commands easier to maintain.
- Add an explicit cleanup step (e.g. `docker rm -f pulp-dev` with `if: always()`) to ensure the dev container is removed in all cases, which will help avoid stray containers on reused or locally-run GitHub Actions runners.
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@decko
ci: move functional tests from Konflux to GitHub Actions
1dd2f8b 
Run the 6 functional test suites (pulp_rpm, pulpcore, pulp_maven,
pulp_npm, pulp_service) in a GHA workflow using the dev container
instead of the Konflux deploy-and-test pipeline. This frees Konflux
resources for what only it can do: image build, security scans, and
deployment verification.

Konflux pipeline retains: deploy → build bindings → install bindings →
push API schemas → publish to PyPI. The pulp-functional-tests task is
removed and push-api-json-files-to-pulp now runs after install-bindings.

Assisted-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@decko decko force-pushed the feat/gha-functional-tests branch from dc6bda7 to 1dd2f8b Compare June 3, 2026 18:06
decko added 3 commits June 3, 2026 15:24
@decko
ci: deselect feature_service tests in GHA workflow
e337bde 
These tests require an external entitlement service not available in
the dev container. Matches the deselects already in pulp-test script.

Assisted-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@decko
fix(dev-container): allow pulp user to read attestation test private key
4a098ba 
The test fixture needs to read the private key to sign test
attestations. The file was chmod 600 (root-only) but the container
runs as UID 700 in GID 0. Changed to 640 with root:0 ownership so
the pulp user can read it via group permissions.

Assisted-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@decko
fix(ci): fix attestation key ownership and feature_service deselects
67fcdb2 
- chown attestation keys to 700:0 so pulp user can read via ownership
- Switch from --deselect to -k filter for feature_service tests since
  --deselect paths don't match --pyargs site-packages resolution

Assisted-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@decko