NO-JIRA: refactor(GitHub Actions): extract Podman setup to reusable action and add test workflow (#2775)

Author: jiridanek

.github/actions/install-podman-action/action.yml

@@ -0,0 +1,102 @@
+---
+name: 'Install Podman'
+description: 'Installs Podman from Homebrew'
+inputs:
+  platform:
+    description: 'Target platform for Podman installation (linux/amd64, linux/s390x, linux/ppc64le, linux/arm64)'
+    required: true
+runs:
+  using: "composite"
+  steps:
+    # https://github.com/containers/buildah/issues/2521#issuecomment-884779112
+    - name: Workaround https://github.com/containers/podman/issues/22152#issuecomment-2027705598
+      shell: bash
+      run: sudo apt-get -qq remove podman crun
+
+    - uses: actions/cache@v4
+      # https://docs.github.com/en/actions/reference/variables-reference#default-environment-variables
+      # https://docs.github.com/en/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables
+      id: cached-linuxbrew
+      with:
+        path: /home/linuxbrew/.linuxbrew
+        key: linuxbrew-${{ runner.os }}-${{ runner.arch }}
+
+    - name: Install podman (linux/amd64, or qemu-user emulation)
+      if: contains(fromJSON('["linux/amd64", "linux/s390x", "linux/ppc64le"]'), inputs.platform) && steps.cached-linuxbrew.outputs.cache-hit != 'true'
+      shell: bash
+      run: |
+        /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+        /home/linuxbrew/.linuxbrew/bin/brew install podman
+
+    # Warning: Your CPU architecture (arm64) is not supported. We only support
+    # x86_64 CPU architectures. You will be unable to use binary packages (bottles).
+    #
+    # This is a Tier 2 configuration:
+    #  https://docs.brew.sh/Support-Tiers#tier-2
+    # Do not report any issues to Homebrew/* repositories!
+    # Read the above document instead before opening any issues or PRs.
+    - name: Install podman (linux/arm64)
+      if: inputs.platform == 'linux/arm64' && steps.cached-linuxbrew.outputs.cache-hit != 'true'
+      # Error: podman: no bottle available!
+      # If you're feeling brave, you can try to install from source with:
+      shell: bash
+      run: |
+        /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+        /home/linuxbrew/.linuxbrew/bin/brew install --build-from-source podman
+
+    - name: Add linuxbrew to PATH
+      shell: bash
+      run: echo "/home/linuxbrew/.linuxbrew/bin/" >> $GITHUB_PATH
+
+    - name: Configure Podman
+      shell: bash
+      run: |
+        set -Eeuxo pipefail
+
+        # podman running as service ignores the TMPDIR env var here, let's give it a bind-mount to /var/tmp
+        mkdir -p $TMPDIR
+        sudo mount --bind -o rw,noexec,nosuid,nodev,bind $TMPDIR /var/tmp
+
+        # podman from brew has its own /etc (was giving me Failed to obtain podman configuration: runroot must be set)
+        # the (default) config location is also where cri-o gets its storage defaults (that can be overriden in crio.conf)
+        sudo cp ci/cached-builds/containers.conf /etc/containers.conf
+        sudo cp ci/cached-builds/containers.conf /home/linuxbrew/.linuxbrew/opt/podman/etc/containers.conf
+        sudo cp ci/cached-builds/storage.conf /etc/containers/storage.conf
+        sudo cp ci/cached-builds/storage.conf /home/linuxbrew/.linuxbrew/opt/podman/etc/containers/storage.conf
+        sudo cp ci/cached-builds/registries.conf /etc/containers/registries.conf
+        sudo cp ci/cached-builds/registries.conf /home/linuxbrew/.linuxbrew/opt/podman/etc/containers/registries.conf
+
+        # should reset storage when changing storage.conf
+        mkdir -p $HOME/.local/share/containers/storage/tmp
+        # remote (CONTAINER_HOST) podman does not do reset (and refuses --force option)
+        sudo /home/linuxbrew/.linuxbrew/opt/podman/bin/podman system reset --force
+
+        # https://github.com/containers/podman/pull/25504
+        # podman 5.5.0: The podman system reset command no longer removes the user's podman.sock API socket
+        sudo rm -rf /var/run/podman
+
+        # https://github.com/containers/podman/blob/main/docs/tutorials/socket_activation.md
+        # since `brew services start podman` is buggy, let's do our own brew-compatible service
+        # Regarding directory paths, see https://unix.stackexchange.com/questions/224992/where-do-i-put-my-systemd-unit-file
+        sudo mkdir -p /usr/local/lib/systemd/system/
+        sudo cp ci/cached-builds/podman.service /usr/local/lib/systemd/system/podman.service
+        sudo cp ci/cached-builds/podman.socket /usr/local/lib/systemd/system/podman.socket
+        sudo systemctl daemon-reload
+        sudo systemctl unmask --now podman.service podman.socket
+        sudo systemctl start podman.socket
+
+        # needed (much) later for trivy
+        echo "PODMAN_SOCK=/var/run/podman/podman.sock" >> $GITHUB_ENV
+
+        # quick check podman works
+        podman ps
+
+    - name: Show error logs (on failure)
+      if: ${{ failure() }}
+      shell: bash
+      run: |
+        set -Eeuxo pipefail
+
+        journalctl -xe
+        ls -AlF /var/run/podman/podman.sock || echo "Socket /var/run/podman/podman.sock not found"
+        sudo ss -xlpn | grep 'podman.sock' || echo "No active listener found for podman.sock via ss"

.github/workflows/build-notebooks-TEMPLATE.yaml

@@ -157,92 +157,10 @@ jobs:
 
       # region Podman setup
 
-      # https://github.com/containers/buildah/issues/2521#issuecomment-884779112
-      - name: Workaround https://github.com/containers/podman/issues/22152#issuecomment-2027705598
-        run: sudo apt-get -qq remove podman crun
-
-      - uses: actions/cache@v4
-        # https://docs.github.com/en/actions/reference/variables-reference#default-environment-variables
-        # https://docs.github.com/en/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables
-        id: cached-linuxbrew
+      - name: Install Podman
+        uses: './.github/actions/install-podman-action'
         with:
-          path: /home/linuxbrew/.linuxbrew
-          key: linuxbrew-${{ runner.os }}-${{ runner.arch }}
-
-      - name: Install podman (linux/amd64, or qemu-user emulation)
-        if: contains(fromJSON('["linux/amd64", "linux/s390x", "linux/ppc64le"]'), inputs.platform) && steps.cached-linuxbrew.outputs.cache-hit != 'true'
-        run: |
-          /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
-          /home/linuxbrew/.linuxbrew/bin/brew install podman
-
-      # Warning: Your CPU architecture (arm64) is not supported. We only support
-      # x86_64 CPU architectures. You will be unable to use binary packages (bottles).
-      #
-      # This is a Tier 2 configuration:
-      #  https://docs.brew.sh/Support-Tiers#tier-2
-      # Do not report any issues to Homebrew/* repositories!
-      # Read the above document instead before opening any issues or PRs.
-      - name: Install podman (linux/arm64)
-        if: inputs.platform == 'linux/arm64' && steps.cached-linuxbrew.outputs.cache-hit != 'true'
-        # Error: podman: no bottle available!
-        # If you're feeling brave, you can try to install from source with:
-        run: |
-          /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
-          /home/linuxbrew/.linuxbrew/bin/brew install --build-from-source podman
-
-      - name: Add linuxbrew to PATH
-        run: echo "/home/linuxbrew/.linuxbrew/bin/" >> $GITHUB_PATH
-
-      - name: Configure Podman
-        run: |
-          set -Eeuxo pipefail
-
-          # podman running as service ignores the TMPDIR env var here, let's give it a bind-mount to /var/tmp
-          mkdir -p $TMPDIR
-          sudo mount --bind -o rw,noexec,nosuid,nodev,bind $TMPDIR /var/tmp
-
-          # podman from brew has its own /etc (was giving me Failed to obtain podman configuration: runroot must be set)
-          # the (default) config location is also where cri-o gets its storage defaults (that can be overriden in crio.conf)
-          sudo cp ci/cached-builds/containers.conf /etc/containers.conf
-          sudo cp ci/cached-builds/containers.conf /home/linuxbrew/.linuxbrew/opt/podman/etc/containers.conf
-          sudo cp ci/cached-builds/storage.conf /etc/containers/storage.conf
-          sudo cp ci/cached-builds/storage.conf /home/linuxbrew/.linuxbrew/opt/podman/etc/containers/storage.conf
-          sudo cp ci/cached-builds/registries.conf /etc/containers/registries.conf
-          sudo cp ci/cached-builds/registries.conf /home/linuxbrew/.linuxbrew/opt/podman/etc/containers/registries.conf
-
-          # should reset storage when changing storage.conf
-          mkdir -p $HOME/.local/share/containers/storage/tmp
-          # remote (CONTAINER_HOST) podman does not do reset (and refuses --force option)
-          sudo /home/linuxbrew/.linuxbrew/opt/podman/bin/podman system reset --force
-
-          # https://github.com/containers/podman/pull/25504
-          # podman 5.5.0: The podman system reset command no longer removes the user's podman.sock API socket
-          sudo rm -rf /var/run/podman
-
-          # https://github.com/containers/podman/blob/main/docs/tutorials/socket_activation.md
-          # since `brew services start podman` is buggy, let's do our own brew-compatible service
-          # Regarding directory paths, see https://unix.stackexchange.com/questions/224992/where-do-i-put-my-systemd-unit-file
-          sudo mkdir -p /usr/local/lib/systemd/system/
-          sudo cp ci/cached-builds/podman.service /usr/local/lib/systemd/system/podman.service
-          sudo cp ci/cached-builds/podman.socket /usr/local/lib/systemd/system/podman.socket
-          sudo systemctl daemon-reload
-          sudo systemctl unmask --now podman.service podman.socket
-          sudo systemctl start podman.socket
-
-          # needed (much) later for trivy
-          echo "PODMAN_SOCK=/var/run/podman/podman.sock" >> $GITHUB_ENV
-
-          # quick check podman works
-          podman ps
-
-      - name: Show error logs (on failure)
-        if: ${{ failure() }}
-        run: |
-          set -Eeuxo pipefail
-
-          journalctl -xe
-          ls -AlF /var/run/podman/podman.sock || echo "Socket /var/run/podman/podman.sock not found"
-          sudo ss -xlpn | grep 'podman.sock' || echo "No active listener found for podman.sock via ss"
+          platform: ${{ inputs.platform }}
 
       - name: Calculate image name and tag
         id: calculated_vars

.github/workflows/test-install-podman.yaml

@@ -0,0 +1,39 @@
+---
+name: Test Install Podman
+
+"on":
+  push:
+    paths:
+      - 'ci/cached-builds/**'
+      - '.github/actions/install-podman-action/**'
+      - '.github/workflows/test-install-podman.yaml'
+  pull_request:
+    paths:
+      - 'ci/cached-builds/**'
+      - '.github/actions/install-podman-action/**'
+      - '.github/workflows/test-install-podman.yaml'
+  workflow_dispatch:
+
+env:
+  TMPDIR: /home/runner/.local/share/containers/tmpdir
+  CONTAINER_HOST: unix:///var/run/podman/podman.sock
+
+jobs:
+  test-install:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v5
+
+      - name: Install Podman
+        uses: './.github/actions/install-podman-action'
+        with:
+          platform: linux/amd64
+
+      - name: Test Podman installation
+        run: |
+          set -Eeuxo pipefail
+
+          podman version
+
+          # https://github.com/containers/podman/blob/main/docs/tutorials/podman_tutorial.md#running-a-sample-container
+          podman run --name basic_httpd -dt -p 8080:80/tcp docker.io/nginx