* Convert Ruff and ShellCheck workflows to `workflow_call`
* Remove direct `push` / `pull_request` triggers
* Run sniffers only through centralized CI and release pipelines
* Prevent duplicate and uncontrolled sniffer executions
https://chatgpt.com/share/693d5f9a-5e70-800f-95da-837be2aedb4f
- Introduce dedicated ShellCheck workflow for Bash scripts
- Add Ruff as Python code sniffer for src/ and tests/
- Integrate both sniffers into main CI pipeline
- Require successful sniffer runs before marking a release as stable
- Ensure consistent code quality checks across CI and release workflows
https://chatgpt.com/share/693d5b26-293c-800f-999d-48b2950b9417
Trigger container publishing via workflow_run on "Mark stable commit", gate on success,
checkout the workflow_run head SHA, force-refresh tags, and derive version from the v* tag
pointing at the tested commit to correctly detect and publish stable images.
https://chatgpt.com/share/693c836b-0b00-800f-9536-9e273abd0fb5
Switch publish-containers workflow from workflow_run to direct v* tag triggers,
remove obsolete workflow_run logic, simplify version detection via GITHUB_REF_NAME,
and keep stable-tag detection aligned with the stable ref.
https://chatgpt.com/share/693c836b-0b00-800f-9536-9e273abd0fb5
Introduce a dedicated publish-containers workflow triggered after stable releases.
Unify container build and publish logic via scripts, add buildx-based multi-tag publishing,
default base image resolution, and Arch alias tags for latest/version/stable.
https://chatgpt.com/share/693c836b-0b00-800f-9536-9e273abd0fb5
Refactor Dockerfile into multi-stage virgin/full targets and introduce a single
flag-based image build script. Standardize image naming, remove redundant build
scripts, and update Makefile targets accordingly. CI workflows now build missing
virgin images and run root and user tests consistently across all supported
distributions.
https://chatgpt.com/share/693c29d9-9b28-800f-a549-5661c783d968
* Switch virgin root/user workflows to use *make install* + *make setup/setup-venv*
* Add Git *safe.directory /src* to avoid flake evaluation failures on mounted repos
* Enable Nix flake run in workflows and prepare */nix* for non-root execution
* Refactor Arch packaging to build in an isolated */tmp* directory via *aur_builder*
* Rename installer scripts (*run-** → *dependencies.sh* / *package.sh*) and adjust Docker entry + env var to *REINSTALL_PKGMGR*
https://chatgpt.com/share/693c29d9-9b28-800f-a549-5661c783d968
Refactor CI to clearly separate virtualenv-based container tests from pure Nix flake tests across all distros (arch, debian, ubuntu, fedora, centos).
Introduce dedicated test-env-nix workflow and Makefile targets, rename former container tests to test-env-virtual, and update stable pipeline dependencies.
Improve Nix reliability in containers by fixing installer permissions and explicitly validating nix availability and version during image build and tests.
Updated the `mark-stable` workflow so that the `stable` tag is only moved when:
* the current push is a version tag (`v*`)
* all tests have passed
* the pushed version tag is the highest semantic version among all existing tags
This ensures that `stable` always reflects the latest valid release and prevents older version tags from overwriting it.
https://chatgpt.com/share/693b163b-0c34-800f-adcb-12cf4744dbe2
- Added `git rev-parse HEAD` to test-container workflow to confirm the exact
commit SHA used during CI runs.
- Updated Dockerfile to print BASE_IMAGE and OS release information during
build for better reproducibility diagnostics.
- Extended test-container script to dump the first 40 lines of
`docker image inspect` output, allowing verification of the image ID,
creation time, and applied build args.
These additions help trace discrepancies between local builds and GitHub
Actions, ensuring we can detect mismatches in commit SHA, base image,
or container metadata.
https://chatgpt.com/share/693ae07a-8c58-800f-88e6-254cdb00b676
This ensures that GitHub Actions never reuses outdated Docker layers and that
each test run starts from a fully clean environment. The workflows for
test-container and test-e2e now explicitly invoke:
distro="${{ matrix.distro }}" make build-no-cache
before executing the actual tests.
This aligns the CI behaviour with local testing, eliminates hidden caching
differences, and guarantees deterministic test results across all distros.
https://chatgpt.com/share/693ae07a-8c58-800f-88e6-254cdb00b676
- Introduce a GitHub Actions matrix for `test-container` and `test-e2e`
to run against arch, debian, ubuntu, fedora, and centos
- Run unit and integration tests only in the Arch container by passing
`distro="arch"` via make in the corresponding workflows
- Replace the global DISTROS loop with a single `distro` variable in
the Makefile, defaulting to `arch`, and export it for all scripts
- Update build scripts (build-image, build-image-no-cache, build-image-missing)
to build images for the selected distro only
- Simplify test-container script to validate a single distro image using
the `distro` environment variable
- Simplify E2E, unit, and integration test scripts to run against a
single distro container instead of iterating over all distros
https://chatgpt.com/share/693acbba-9e30-800f-94fb-fea4489e9078
- convert all test workflows to reusable workflow_call
- add central CI workflow for branches and PRs
- add mark-stable workflow triggered on main pushes
- ensure stable tag updates only after all tests succeed
- remove duplicated triggers from test workflows
`
https://chatgpt.com/share/693aa4a6-7460-800f-ba47-cfc15b1b2236
- use correct GitHub API path (/repos/.../actions/runs)
- resolve repository via workflow_run.repository.full_name
- improve logging and safe no-tag exits
- ensure correct token handling and tag update logic
https://chatgpt.com/share/693aa4a6-7460-800f-ba47-cfc15b1b2236
- use workflow_run.repository.full_name for gh API queries
- expose GITHUB_TOKEN as GH_TOKEN for the GitHub CLI
- improve log messages and keep tag skipped when checks are missing or failing
- add mark-stable workflow that runs on workflow_run for all test pipelines
- use GitHub API to ensure all required workflows succeeded before moving the 'stable' tag
- add Nix flake.lock to pin nixpkgs for reproducible builds
https://chatgpt.com/share/693aa4a6-7460-800f-ba47-cfc15b1b2236
- Split virgin tests into separate root and user GitHub Actions workflows
(test-virgin-root, test-virgin-user) and adjust Arch container flows
- Introduce scripts/installation/venv-create.sh and reuse it from
scripts/installation/main.sh with separate root/system and user/dev paths
- Add PKGMGR architecture & setup map (assets/map.png) and section in README
with link to the up-to-date master page
- Simplify README by removing outdated Docker quickstart, usage examples,
and AI footer
- Extend .gitignore to exclude src/source artifacts
https://chatgpt.com/share/6939bbfe-5cb0-800f-8ea8-95628dc911f5
- Introduce `test-nix-flake-e2e.yml` workflow to run a full Arch-based virgin
environment test with Nix flakes enabled and shared Docker caches
- Ensure pkgmgr self-installation and flake-based installer path are exercised
- Update .gitignore with additional build artifacts, Debian packaging files,
and pkgmgr output directories
This commit updates all GitHub Actions workflows and the Makefile to ensure
consistent behavior across unit, integration, end-to-end, and OS-container
tests.
Changes include:
CI Workflows:
- Rename workflows for clearer, more professional naming:
* "Test Distribution Containers" → "Test OS Containers"
* "Test package-manager (e2e)" → "Test End-To-End"
* "Test package-manager (unit)" → "Test Units"
* "Test package-manager (integration)" → "Test Code Integration"
- Remove explicit build steps from workflows; container creation is now
delegated to the Makefile via build-missing.
- Restrict test jobs to only build the Arch test container by setting:
DISTROS="arch"
Makefile:
- Add build-missing as a dependency to all test targets:
test-unit, test-integration, test-e2e, test-container
- Remove redundant build-missing call from the combined 'test' target,
since Make now ensures build-missing runs exactly once per invocation.
- Preserve existing target structure while ensuring container images are
built automatically on demand.
This makes the CI pipeline faster, more predictable, and removes duplicated
container build logic. All tests now use the same unified mechanism for
building missing images.
Changes included:
• GitHub Actions workflow: rename job from 'test-unit' to 'test-container' to match intent.
• RPM packaging: replace %{_libdir}/package-manager with a fixed /usr/lib/package-manager
to avoid lib/lib64 divergence on CentOS and ensure pkgmgr + Nix flake resolution works
consistently across distros.
• Docker entrypoint: add automatic CA-bundle detection and set NIX_SSL_CERT_FILE to fix
TLS issues on CentOS ('unable to get local issuer certificate') when Nix fetches flake
inputs.
These updates stabilize container-based tests and unify the runtime environment
for Fedora, CentOS, and other distributions.
Reference:
ChatGPT conversation: https://chatgpt.com/share/6937aa72-d33c-800f-a63f-c353e92de6b3
