ci: explore and implement multi-distro e2e testing matrix (#208)

Add support for running E2E tests across multiple Linux distributions
(Ubuntu, Fedora, Rocky Linux 9, OpenSUSE Leap) using GitHub Actions
job containers.

Key changes:
- Multi-distro matrix: Fedora, Rocky Linux 9, OpenSUSE Leap alongside Ubuntu
- Distro-agnostic setup: auto-detect package manager (apt/dnf/zypper)
- Resilient containerd service management without requiring systemd
- Fix runc version prefix handling (ensure 'v' prefix in download URL)
- Fix OpenSUSE libseccomp package name with fallback
- Restore containerd devmapper and urunc runtime config snippet
- Add exploration doc: docs/explorations/e2e-multi-distro-options.md

Fixes: #208
Signed-off-by: Aashish Pandit <imshubham.22apr@gmail.com>
Signed-off-by: imshubham22apr-gif <imshubham.22apr@gmail.com>

Author: imshubham22apr-gif

.github/contributors.yaml

@@ -56,7 +56,7 @@ users:
   hemang1404:
     name: Hemang Sharrma
     email: hemangsharrma@gmail.com
-  jiwahn:
+  ilp-sys:
     name: Jiwoo Ahn
     email: ikwydls1314@gmail.com
   goyalpalak18:
@@ -86,12 +86,3 @@ users:
   kaizakin:
     name: Karthik Balasubramanian
     email: karthikbalasubramanian08@gmail.com
-  MUFFANUJ:
-    name: Anuj Kumar Singh
-    email: anujsinghhero292@gmail.com
-  neo-0007:
-    name: Hrishikesh Gohain
-    email: hrishikeshgohain123@gmail.com
-  rishi-jat:
-    name: Rishi Jat
-    email: rishijat098@gmail.com

.github/linters/urunc-dict.txt

@@ -88,7 +88,6 @@ TUNTAP
 Timestamping
 Tmpfs
 Tuntap
-TTRPC
 UNBINDABLE
 URUNC
 Unikernel
@@ -128,11 +127,8 @@ clis
 cmainas
 cmdline
 cntr
-containerdshim
 containerd
 containerd's
-containersapi
-contentapi
 cpio
 creack
 crictl
@@ -154,7 +150,6 @@ elevateprivileges
 elfloader
 endmacro
 epoll
-errdefs
 etest
 etesting
 etfs
@@ -182,7 +177,6 @@ httpreply
 iface
 ifaces
 ifname
-imagesapi
 initpipe
 initrds
 inlinehilite
@@ -204,7 +198,6 @@ kwds
 lazytime
 lenag
 lenpg
-leasesapi
 levarage
 libc
 libcontainer
@@ -303,10 +296,8 @@ setgroup
 settime
 sgid
 sharedfs
-snapshotsapi
 sigaction
 sigreturn
-sigstr
 sirupsen
 socker
 stretchr
@@ -326,7 +317,6 @@ tmpl
 tomlq
 traefik
 triger
-ttrpc
 twemoji
 uidmap
 ukernel

.github/workflows/add-git-trailers.yml

@@ -1,25 +1,29 @@
 name: Add Git Trailers to PR commits
 
 on:
-  pull_request_review:
-    types: [submitted]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
+  workflow_call:
+    secrets:
+      GIT_CLONE_PAT:
+        required: false
+      URUNC_BOT_PRIVATE_KEY:
+        required: true
 
 permissions:
   contents: read
 
 jobs:
   git-trailers:
     name: Add Git Trailers
-    if: >-
-      github.event.pull_request.base.ref == 'main' &&
-      github.event.review.state == 'approved'
-    runs-on: ubuntu-22.04
+    runs-on: ${{ matrix.runner }}
+    strategy:
+      matrix:
+        include:
+          - arch: amd64
+            runner: ubuntu-22.04
+    continue-on-error: true
     permissions:
       contents: write
+      pull-requests: write
     steps:
       - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
@@ -36,23 +40,32 @@ jobs:
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha }}
 
+      - name: Append git trailers
+        uses: nubificus/git-trailers@8e08c91bb4c1fd9cb1ccbd9cc8029c31acf8da66 # feat_use_rebase
+        with:
+          user_info: .github/contributors.yaml
+
       - name: Generate urunc-bot token
         id: generate-token
         uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
         with:
           app-id: ${{ vars.URUNC_BOT_APP_ID }}
           private-key: ${{ secrets.URUNC_BOT_PRIVATE_KEY }}
 
+      - name: Set up Git
+        run: |
+          git config --global user.name "urunc-bot[bot]"
+          git config --global user.email "urunc-bot[bot]@users.noreply.github.com"
+
       - name: Append git trailers
-        uses: nubificus/git-trailers@1d1595aacfd9239ae69d773cb895606daa17e538
+        uses: nubificus/git-trailers@18fd322f3fbfd505b4de728974a4ac1f32f758a7 # feat_auto_merge
         with:
-          token: ${{ steps.generate-token.outputs.token }}
-          user-info: .github/contributors.yaml
+          user_info: .github/contributors.yaml
 
       - name: Merge PR
         env:
           GH_TOKEN: ${{ steps.generate-token.outputs.token }}
-          PR_URL: ${{ github.event.pull_request.html_url }}
         run: |
-          sleep 5 # Wait for github to get updated with the push. Otherwise merge will fail
+          PR_URL=${{ github.event.pull_request.html_url }}
+      
           gh pr merge "$PR_URL" --rebase --admin

.github/workflows/build-latest.yml

@@ -72,7 +72,7 @@ jobs:
 
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051
         with:
           images: ${{ env.IMAGE_NAME }}
           tags: |
@@ -110,7 +110,7 @@ jobs:
  
       - name: Build and push urunc-deploy-${{ matrix.arch}}
         id: build-and-push
-        uses: docker/build-push-action@789f68658055d3ca993799b232b5c46dfe3f114d # master
+        uses: docker/build-push-action@9e436ba9f2d7bcd1d038c8e55d039d37896ddc5d # master
         with:
           context: ./deployment/urunc-deploy
           tags: ${{ steps.meta.outputs.tags }}

.github/workflows/ci_on_push.yml

@@ -1,6 +1,8 @@
 name: urunc CI
 
 on:
+  push:
+    branches: ["chore/issue-208-e2e-multi-distro"]
   pull_request:
     branches: ["main"]
     types: [opened,synchronize,reopened,labeled]

.github/workflows/ci_test.yml

@@ -0,0 +1,20 @@
+name: urunc CI Test
+
+on:
+  push:
+    branches: ["chore/issue-208-e2e-multi-distro"]
+
+jobs:
+  ci-test:
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+      attestations: write
+      pull-requests: read
+    uses: ./.github/workflows/ci.yml
+    with:
+      ref: ${{ github.sha }}
+      skip-build: "no"
+      skip-lint: "no"
+    secrets: inherit

.github/workflows/pr-merge.yml

@@ -4,28 +4,29 @@ on:
   pull_request_target:
     types:
       - closed
-    branches:
-      - 'main-pr*'
 
 permissions:
   contents: read
 
 jobs:
   add-trailers-and-merge:
     if: |
-      github.event.pull_request.merged == true
+      github.event.pull_request.merged == true &&
+      startsWith(github.event.pull_request.base.ref, 'main-pr')
     runs-on: ubuntu-latest
     permissions:
       contents: write
+
     steps:
       - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
         with:
           egress-policy: audit
 
-      - name: Exit if PR is not rebaseable
-        if: ${{ github.event.pull_request.rebaseable != null && github.event.pull_request.rebaseable == false }}
-        run: exit 1
+      - name: Set up Git
+        run: |
+          git config --global user.name "urunc-bot[bot]"
+          git config --global user.email "urunc-bot[bot]@users.noreply.github.com"
 
       - name: Check out repo
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -41,18 +42,16 @@ jobs:
           private-key: ${{ secrets.URUNC_BOT_PRIVATE_KEY }}
 
       - name: Append git trailers
-        uses: nubificus/git-trailers@1d1595aacfd9239ae69d773cb895606daa17e538
+        uses: nubificus/git-trailers@18fd322f3fbfd505b4de728974a4ac1f32f758a7 # feat_auto_merge
         with:
-          token: ${{ steps.generate-token.outputs.token }}
-          user-info: .github/contributors.yaml
+          user_info: .github/contributors.yaml
 
       - name: Create a Pull Request from PR_BRANCH to main and merge it
         env:
           GH_TOKEN: ${{ steps.generate-token.outputs.token }}
-          PR_BRANCH: ${{ github.event.pull_request.base.ref }}
         run: |
           PR_BRANCH=${{ github.event.pull_request.base.ref }}
-
+      
           # Create the pull request
           PR_URL=$(gh pr create \
             --head "$PR_BRANCH" \

.github/workflows/pr-trailers.yml

@@ -0,0 +1,16 @@
+name: Add Git Trailers to PR commits
+
+on:
+  pull_request_review:
+    types: [submitted]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  git-trailers:
+    name: Add Git Trailers to PR commits
+    if: ${{ github.event.pull_request.base.ref == 'main' && github.event.review.state == 'approved' }}
+    uses: ./.github/workflows/add-git-trailers.yml
+    secrets: inherit

.github/workflows/release-trigger.yaml

@@ -159,7 +159,7 @@ jobs:
           echo "EOF" >> $GITHUB_OUTPUT
 
       - name: Create initial release
-        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
+        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
         id: create_release
         with:
           files: |