Skip to content

ci: replace Cirrus CI with GitHub Actions#654

Merged
jnovy merged 1 commit into
containers:mainfrom
timcoding1988:ci/replace-cirrus-ci
May 6, 2026
Merged

ci: replace Cirrus CI with GitHub Actions#654
jnovy merged 1 commit into
containers:mainfrom
timcoding1988:ci/replace-cirrus-ci

Conversation

@timcoding1988
Copy link
Copy Markdown

@timcoding1988 timcoding1988 commented May 4, 2026
edited
Loading

cirrus-ci is out of support by June. we are replacing cirrus-ci with native GHA

@timcoding1988 timcoding1988 force-pushed the ci/replace-cirrus-ci branch from 9e50a9a to 82f47b9 Compare May 5, 2026 13:14
@packit-as-a-service
Copy link
Copy Markdown

packit-as-a-service Bot commented May 5, 2026

Ephemeral COPR build failed. @containers/packit-build please check.

@timcoding1988 timcoding1988 force-pushed the ci/replace-cirrus-ci branch from 82f47b9 to db8251a Compare May 5, 2026 13:23
@timcoding1988 timcoding1988 marked this pull request as ready for review May 5, 2026 13:25
lsm5
lsm5 approved these changes May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@lsm5 lsm5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with nit to remove packaging.yml.

Also, I think we should not even have GHA as everything should be manageable via Packit. This repo isn't moving to CNCF, is it?

Comment thread .github/workflows/packaging.yml Outdated
@lsm5
Copy link
Copy Markdown
Member

lsm5 commented May 5, 2026

@saschagrunert @haircommander @jnovy PTAL

@jnovy
Copy link
Copy Markdown
Collaborator

jnovy commented May 5, 2026

@timcoding1988 I agree with @lsm5 on removing packaging.yml - Packit already handles that.

Regarding @lsm5's broader question about whether we need GHA at all: Packit covers packaging/COPR builds, but it doesn't run integration tests, coverage, or static binary builds. So we do still need GHA (or some CI) for those. The existing integration.yml and validate.yml already handle the build/test and lint jobs that Cirrus had, so this PR correctly focuses on the remaining gaps: coverage and static builds.

coverage.yml: hack/github-actions-setup installs a lot of things that make test-coverage doesn't need (runc, crun, cri-tools compiled from source, CRIU, etc.). The original Cirrus coverage task only installed build deps + gcovr. Consider replacing it with targeted apt installs:

- name: Install dependencies
run |
  sudo apt-get update
  sudo apt-get install -y gcovr libglib2.0-dev libseccomp-dev libsystemd-dev pkg-config

This would cut the job time significantly.

static.yml: The CACHIX_AUTH_TOKEN secret needs to be configured in the repo settings (Settings/Secrets/Actions) for the Nix cache to work. Worth noting in the PR description so whoever merges this knows to set it up. Also, for consistency with the other workflows, consider adding an all-done gate job.

@jnovy jnovy self-requested a review May 5, 2026 17:09
jnovy
jnovy requested changes May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@jnovy jnovy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requesting changes as per comment above.

@lsm5
Copy link
Copy Markdown
Member

lsm5 commented May 5, 2026

Packit covers packaging/COPR builds, but it doesn't run integration tests, coverage, or static binary builds. So we do still need GHA (or some CI) for those.

Sorry, I meant we could do those things via Packit and Testing Farm itself, so there shouldn't be any need for GHA as such. But since @timcoding1988 has it in place already with this PR, we could leave all that for later.

@timcoding1988 timcoding1988 force-pushed the ci/replace-cirrus-ci branch from db8251a to 2d666e0 Compare May 6, 2026 12:47
ci: replace Cirrus CI with GitHub Actions
e0c56ec 
Signed-off-by: Tim Zhou <tizhou@redhat.com>
@timcoding1988 timcoding1988 force-pushed the ci/replace-cirrus-ci branch from 2d666e0 to e0c56ec Compare May 6, 2026 12:49
@timcoding1988 timcoding1988 requested a review from jnovy May 6, 2026 13:15
@jnovy
Copy link
Copy Markdown
Collaborator

jnovy commented May 6, 2026

LGTM, nice work! I will continue to set the CACHIX_AUTH_TOKEN secret will need to be configured in the repo settings.

@jnovy jnovy merged commit 9bee4d4 into containers:main May 6, 2026
28 checks passed
@jnovy
Copy link
Copy Markdown
Collaborator

jnovy commented May 6, 2026

@saschagrunert seems that you own the "conmon" cache on cachix - would you mind to update the auth token here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lsm5 lsm5 lsm5 approved these changes

@jnovy jnovy Awaiting requested review from jnovy

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@timcoding1988 @lsm5 @jnovy