USHIFT-6517: Use host network for bootc image builds for proxy access

[ggiguash]

Since we do not delete RHEL 9.8 repo from the images, it must be reusable from cache.
Previously, we embedded WEB_SERVER_URL, which might be pointing to a specific host name or IP.

To make the .repo configuration reusable, we can refer to localhost and use --network host argument only when building images.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci-robot]

@ggiguash: This pull request references USHIFT-6517 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Since we do not delete RHEL 9.8 repo from the images, it must be reusable from cache.
Previously, we embedded WEB_SERVER_URL, which might be pointing to a specific host name or IP.

To make the .repo configuration reusable, we can refer to localhost and use --network host argument only when building images.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[ggiguash]

/test ?

[ggiguash]

/test e2e-aws-tests-cache
/test e2e-aws-tests-cache-arm

[ggiguash]

@coderabbitai perform full review

[coderabbitai]

@ggiguash: I'll perform a full review of the changes in this PR.

Context: This PR addresses USHIFT-6517 by modifying the bootc image build process to use host networking for proxy access. The key change is making the .repo configuration reusable by referring to localhost instead of embedding specific host names or IPs from WEB_SERVER_URL, and using the --network host argument only during image builds.

✅ Actions performed

Full review triggered.

[coderabbitai]

Walkthrough

This pull request updates test infrastructure to export the WEB_SERVER_PORT environment variable, adds host networking to Podman container build commands, and updates repository configuration URLs to use the exported port variable via localhost.

Changes

Cohort / File(s)	Summary
Test Infrastructure Configuration test/bin/common.sh, test/package-sources-bootc/rhel98-mirror.repo	Exports WEB_SERVER_PORT as an environment variable and updates repository baseurl entries to reference localhost with the exported port instead of a templated WEB_SERVER_URL.
Container Build Process test/bin/pyutils/build_bootc_images.py	Adds --network host flag to Podman build and run commands for container image creation and template processing.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

test/bin/pyutils/build_bootc_images.py (1)

389-397: ⚠️ Potential issue | 🟡 Minor

Remove --network host flag; bootc-image-builder doesn't require network access.

The BIB container is given an already-pulled local image reference (bf_imgref at line 373) and operates only on local images to produce an ISO. The --network host flag is unnecessary here—unlike the earlier podman build step (which needs network access to the localhost RPM proxy), bootc-image-builder doesn't perform any network operations. The --pull=newer flag won't trigger a fetch since the image reference is local.

[ggiguash]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

test/bin/pyutils/build_bootc_images.py (1)> 389-397: ⚠️ Potential issue | 🟡 Minor

Remove --network host flag; bootc-image-builder doesn't require network access.
The BIB container is given an already-pulled local image reference (bf_imgref at line 373) and operates only on local images to produce an ISO. The --network host flag is unnecessary here—unlike the earlier podman build step (which needs network access to the localhost RPM proxy), bootc-image-builder doesn't perform any network operations. The --pull=newer flag won't trigger a fetch since the image reference is local.

@coderabbitai
bootc-image-builder requires localhost access implicitly because it builds images from localhost/rhel98-test-agent:latest. That image is configured with repositories referencing localhost:8080 proxy server.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@ggiguash: Thank you for the clarification! You're absolutely right. I missed that transitive dependency.

While bootc-image-builder itself operates on a local image reference, during its build process it needs to access the repositories configured within that base image (localhost/rhel98-test-agent:latest). Since those .repo files point to localhost:8080, the --network host flag is indeed necessary for bootc-image-builder to reach the host's localhost proxy server.

I've noted this for future reviews.

🐰✨
( •‿•)
/>📝 learning something new!

---

📝 Learnings were identified and not saved (knowledge base disabled). Enable

[eslutsky]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: eslutsky, ggiguash

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [eslutsky,ggiguash]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ggiguash]

/verified by ci

[openshift-ci-robot]

@ggiguash: This PR has been marked as verified by ci.

Details

In response to this:

/verified by ci

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[ggiguash]

Not related to the changes. Saving on the CI cycles.
/override ci/prow/e2e-aws-tests-bootc-periodic

[openshift-ci]

@ggiguash: Overrode contexts on behalf of ggiguash: ci/prow/e2e-aws-tests-bootc-periodic

Details

In response to this:

Not related to the changes. Saving on the CI cycles.
/override ci/prow/e2e-aws-tests-bootc-periodic

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@ggiguash: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.