Use microshift healthcheck procedure instead of restarting greenboot service

[ggiguash]

Closes #139

• Revert commit 082e76a
• Replace greenboot service restarts by microshift healthcheck command
• Remove pin to Fedora 42 OS

Note: This PR can be merged as soon as the fedora-iot/greenboot-rs#132 fix is released in Fedora 43 and CentOS 9 / 10 upstream.

Summary by CodeRabbit

• Chores

  • Removed strict version pinning for the greenboot package to allow more flexible updates.
  • Updated base images and build image tags to use the latest Fedora image.

• Bug Fixes / Maintenance

  • Replaced host service restarts with an in-container MicroShift healthcheck for more reliable validation.
  • Simplified startup sequence to enable and restart only the primary MicroShift service.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Removed explicit greenboot-0.15.* installation/pinning from packaging and RPM install scripts; replaced CI restarts of greenboot-healthcheck.service with a podman-run microshift healthcheck; simplified service handling to only enable and restart microshift. (46 words)

Changes

Cohort / File(s)	Summary
Greenboot pin removal packaging/bootc.Containerfile, src/quickrpm.sh	Removed inline greenboot-0.15.* pin and dnf install steps.
CI healthcheck substitution .github/actions/quick-rpm-clean/action.yaml	Replaced greenboot-healthcheck.service restart calls with sudo podman exec -i microshift-okd microshift healthcheck -v=2 --timeout=600s and updated comments.
Service restart simplification src/config_isolated_net.sh	Replaced loop restarting microshift and greenboot-healthcheck with enabling and restarting only the microshift service.
Container base updates packaging/rpms-copr.Containerfile, packaging/srpm.Containerfile, src/copr/copr-cli.Containerfile, .github/workflows/builders.yaml, .github/workflows/installers.yaml	Switched Fedora base/image tags from 42 to latest (several Containerfiles and workflow inputs).

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Action as GitHub Action (quick-rpm-clean)
participant Host as Runner Host
participant Podman as Podman
participant Container as microshift-okd container
participant Healthcheck as microshift healthcheck
rect rgba(60,120,200,0.5)
Action->>Host: run healthcheck step
Host->>Podman: podman exec -i microshift-okd microshift healthcheck -v=2 --timeout=600s
Podman->>Container: invoke microshift binary
Container->>Healthcheck: execute checks, gather status
Healthcheck-->>Action: return status/result
end

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Ensure greenboot 0.15 is installed for bootc and quick-rpm procedures #176 — Directly overlaps: previously added/pinned greenboot-0.15 in packaging and quickrpm files.
• Implement a quick rpm install procedure #137 — Related: edits to quick-rpm install flow and CI healthcheck handling touching same scripts/workflow.
• Build and publish nightly RPMs using COPR #161 — Related: changes to Containerfiles and builders workflow that overlap with base/image tag updates.

Suggested reviewers

• agullon
• pmtk

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	Changes to Fedora base image tags (42→latest) in multiple Containerfiles are unrelated to the greenboot/healthcheck objective and appear to be scope creep.	Remove image tag updates from builders.yaml, installers.yaml, rpms-copr.Containerfile, srpm.Containerfile, and copr-cli.Containerfile as they're outside the greenboot/healthcheck refactoring scope.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main objective of the PR: replacing greenboot service restarts with microshift healthcheck. Multiple file changes align with this core change.
Linked Issues check	✅ Passed	The PR addresses issue #139 by removing greenboot service restarts and pinning, replacing them with microshift healthcheck commands as specified in the issue description.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ggiguash]

@coderabbitai
Perform full review.

[coderabbitai]

@ggiguash I'll perform a full review of the PR.

✅ Actions performed

Full review triggered.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @.github/workflows/builders.yaml:
- Around line 67-69: The workflow uses bootc-image-tag: latest which can cause
non-deterministic test substrates; change the bootc image tag to a fixed tag
(e.g., stream9 or stream10) or implement the same dynamic tag resolution used in
release.yaml; update the bootc-image-tag value for the job that defines
bootc-image-url/bootc-image-tag (keys bootc-image-url and bootc-image-tag) so it
pins to a stable tag or pulls the tag via the release.yaml selection logic to
ensure reproducible runs.

In @.github/workflows/installers.yaml:
- Around line 39-41: The workflow uses bootc-image-tag: latest which is unpinned
and inconsistent with other pinned images; replace this by either referencing
the repository variable ${ { vars.FEDORA_BOOTC_TAG }} (create that variable in
repo settings) or hard-code a specific Fedora bootc tag (matching the
builders.yaml tagging pattern used for other images) so that bootc-image-tag
uses a fixed, reproducible version; update the bootc-image-tag entry and ensure
the variable name FEDORA_BOOTC_TAG or the explicit tag aligns with builders.yaml
patterns.

🧹 Nitpick comments (2)

packaging/rpms-copr.Containerfile (1)

1-1: Pin Fedora base image version for build reproducibility.

Both srpm.Containerfile and rpms-copr.Containerfile use latest, which drifts over time. The rpm.Containerfile already pins to stream9, and bootc.Containerfile uses parameterized tags—this Containerfile should follow the same pattern.

Proposed change

+ ARG FEDORA_TAG=43
- FROM quay.io/fedora/fedora:latest
+ FROM quay.io/fedora/fedora:${FEDORA_TAG}

src/copr/copr-cli.Containerfile (1)

1-1: Pin the Fedora base image instead of latest.
latest currently maps to Fedora 43 but will change when future releases become stable, making builds non-deterministic. The repo uses ARG patterns for versioning in other Containerfiles (e.g., bootc.Containerfile); follow that approach here.

Suggested approach

+ ARG FEDORA_TAG=43
- FROM quay.io/fedora/fedora:latest
+ FROM quay.io/fedora/fedora:${FEDORA_TAG}