Install openssh at VM image creation time to eliminate in-VM internet dependency#26
Draft
Copilot wants to merge 10 commits into
Draft
Install openssh at VM image creation time to eliminate in-VM internet dependency#26Copilot wants to merge 10 commits into
Copilot wants to merge 10 commits into
Conversation
Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add unit tests for RTNetlink component
Add unit tests for RTNetlink component with mocked OS socket
Mar 4, 2026
Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com>
Copilot
AI
changed the title
Add unit tests for RTNetlink component with mocked OS socket
Add RTNetlink unit tests with mocked socket and QEMU-based live VM tests
Mar 18, 2026
Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com>
Copilot
AI
changed the title
Add RTNetlink unit tests with mocked socket and QEMU-based live VM tests
Fix Alpine VM bootstrap: network race, silent apk failures, sshd startup
Mar 18, 2026
Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com>
Copilot
AI
changed the title
Fix Alpine VM bootstrap: network race, silent apk failures, sshd startup
Fix Alpine VM bootstrap: /etc/ssh missing, rc-service sshd not found, silent apk failures
Mar 18, 2026
… checking Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com>
Copilot
AI
changed the title
Fix Alpine VM bootstrap: /etc/ssh missing, rc-service sshd not found, silent apk failures
Fix Alpine VM bootstrap: explicit repos, apk exit-code checks, SSHD false-positive
Mar 18, 2026
…e apk Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com>
Copilot
AI
changed the title
Fix Alpine VM bootstrap: explicit repos, apk exit-code checks, SSHD false-positive
Fix Alpine VM CI: network repos, DNS, apk error checking, sshd guard false-positive
Mar 18, 2026
Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com>
Copilot stopped work on behalf of
polybassa due to an error
March 18, 2026 10:40
Copilot stopped work on behalf of
polybassa due to an error
March 18, 2026 10:51
Copilot stopped work on behalf of
polybassa due to an error
March 18, 2026 11:13
Switch from Alpine virt live ISO to the Alpine cloud QCOW2 image which ships with openssh pre-installed, so SSH is available without any in-VM apk download — even when the VM has no internet access. Add a cloud-init nocloud seed ISO (built on the host, which has internet) to inject the SSH public key on first boot via tiny-cloud. Replace the expect-based console interaction script with straightforward SSH commands issued after the VM becomes reachable. Update the workflow: swap `expect` for `genisoimage` (needed to build the seed ISO); `expect` is no longer required. Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com>
Copilot
AI
changed the title
Fix Alpine VM CI: network repos, DNS, apk error checking, sshd guard false-positive
Install openssh at VM creation via Alpine cloud QCOW2 + cloud-init seed
Mar 18, 2026
…alled
The previous attempt used a non-existent Alpine cloud QCOW2 URL.
Alpine only publishes AWS-specific VHD images; there are no QCOW2 images.
New approach: build a bootable Alpine ext4 QCOW2 on the CI host (which
has internet) from the Alpine minirootfs tarball:
- Download alpine-minirootfs-3.23.3-x86_64.tar.gz (4 MB)
- Format a QCOW2 as ext4 via qemu-nbd and mount it
- chroot (with /proc /sys /dev bind-mounts) and run:
apk add linux-virt openrc openssh dhcpcd python3 iproute2
- Enable sshd via rc-update, pre-generate host keys, inject SSH pubkey
- Boot with QEMU -kernel/-initrd (using the installed linux-virt
kernel+initramfs which can mount a real ext4 root)
The VM now boots with openssh already installed and sshd started by
OpenRC — no in-VM apk/internet access required.
Update workflow: swap genisoimage for qemu-utils (provides qemu-nbd).
Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com>
Copilot
AI
changed the title
Install openssh at VM creation via Alpine cloud QCOW2 + cloud-init seed
Install openssh at VM image creation time to eliminate in-VM internet dependency
Mar 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The QEMU Alpine VM has no internet access at test runtime, causing
apk add opensshto fail inside the running VM and breaking SSH connectivity entirely.Root cause of previous fix attempt
Alpine Linux publishes no QCOW2 images — only AWS-specific VHDs. The
releases/cloud/nocloud/URL used previously does not exist.Approach
Build a bootable Alpine ext4 QCOW2 on the CI host (which has internet) from the Alpine minirootfs tarball. All packages — including
openssh— are installed viaapkin a chroot on the host before the VM ever boots.Disk image creation (CI host, has internet)
alpine-minirootfs-3.23.3-x86_64.tar.gz(~4 MB)qemu-nbd, extract the minirootfs/proc /sys /devand chroot; install:rc-update add sshd default, pre-generate SSH host keys, inject the CI SSH pubkey intoauthorized_keysVM boot (no network required)
-kernel/-initrd) using thelinux-virtkernel+initramfs extracted from the disk — this initramfs (generated by Alpine'smkinitfs) can mount a real ext4 root, unlike the live-ISO initramfssshdfrom the default runlevel; SSH is reachable immediatelyWorkflow
genisoimagewithqemu-utils(providesqemu-nbd)Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
www.alpinelinux.org/home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js(dns block)If you need me to access, download, or install something from one of these locations, you can either:
🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.