Skip to content

ci: drop running COSA as UID 0 #3562

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dustymabe merged 2 commits into from
Jan 19, 2026
Merged

ci: drop running COSA as UID 0 #3562

dustymabe merged 2 commits into from
Jan 19, 2026
+3 −2

Conversation

@dustymabe
Copy link
Contributor

@dustymabe dustymabe commented Jan 16, 2026

With some changes made upstream to COSA [1] we shouldn't need to
runAsUser: 0 any longer.

[1] coreos/coreos-assembler#4410

@openshift-ci
Copy link

openshift-ci bot commented Jan 16, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 16, 2026
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request removes the need to run the COSA container as UID 0, which is a good security improvement. However, the new container image specified uses the :latest tag and appears to be from a personal repository. For build reproducibility and long-term maintenance, it's highly recommended to switch to an official image with a specific version tag.

@dustymabe dustymabe mentioned this pull request Jan 16, 2026
Merged
@dustymabe
Copy link
Contributor Author

dustymabe commented Jan 16, 2026

Unrelated to this PR (I think) there are 3 tests that are failing that need some investigation:

FAIL: rpmostree.install-uninstall
FAIL: ext.ostree.destructive.boot-automount.sh
FAIL: ext.ostree.destructive-rs.destructive::itest_transactionality

@dustymabe
Copy link
Contributor Author

dustymabe commented Jan 18, 2026

Unrelated to this PR (I think) there are 3 tests that are failing that need some investigation:

FAIL: rpmostree.install-uninstall
FAIL: ext.ostree.destructive.boot-automount.sh
FAIL: ext.ostree.destructive-rs.destructive::itest_transactionality

ok - now that all the PRs merged against COSA the only remaining test failure is:

FAIL: ext.ostree.destructive.boot-automount.sh

So I guess that's the only one that needs to be investigated.

@dustymabe
ci: drop running COSA as UID 0
c7265cc 
With some changes made upstream to COSA [1] and a few fixups here
to make sure the directory tree for our built software doesn't have
setgid files we shouldn't need to runAsUser: 0 any longer.

[1] coreos/coreos-assembler#4410
@dustymabe
ci: drop cosa fetch
01dc47f 
Now that we are building via container tools `cosa fetch` isn't
meaningful any longer.
@dustymabe dustymabe marked this pull request as ready for review January 19, 2026 20:17
@dustymabe
Copy link
Contributor Author

dustymabe commented Jan 19, 2026

ok. at this point I say we merge this and deal with the FAIL: ext.ostree.destructive.boot-automount.sh separately

@jmarrero jmarrero enabled auto-merge January 19, 2026 20:25
jmarrero
jmarrero approved these changes Jan 19, 2026
View reviewed changes
Copy link
Member

@jmarrero jmarrero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@dustymabe dustymabe disabled auto-merge January 19, 2026 20:27
@jmarrero jmarrero enabled auto-merge January 19, 2026 20:28
@dustymabe dustymabe disabled auto-merge January 19, 2026 20:57
@dustymabe dustymabe merged commit 911f9cd into ostreedev:main Jan 19, 2026
24 of 26 checks passed
@jmarrero
Copy link
Member

jmarrero commented Jan 19, 2026

@dustymabe and me had a chat, he has admin to merge I don't but this lgtm to do as this is very targeted.

@dustymabe dustymabe mentioned this pull request Jan 20, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmarrero jmarrero jmarrero approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dustymabe @jmarrero