From 04dbb23dfd28f6358a1faa71d3668b5fe4a6a099 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Wed, 2 Jul 2025 18:12:55 +0200 Subject: [PATCH 1/7] Use power image for collector builds --- .github/workflows/collector.yml | 23 +++-------------------- 1 file changed, 3 insertions(+), 20 deletions(-) diff --git a/.github/workflows/collector.yml b/.github/workflows/collector.yml index b97590eac3..662c1fd659 100644 --- a/.github/workflows/collector.yml +++ b/.github/workflows/collector.yml @@ -33,26 +33,14 @@ env: ADDRESS_SANITIZER: ${{ contains(github.event.pull_request.labels.*.name, 'address-sanitizer') }} jobs: - prepare-build-collector: - name: Prepare builders for collector - runs-on: ubuntu-24.04 - outputs: - local-exclude: ${{ steps.arch.outputs.local-exclude || '[]' }} - - steps: - - name: Check arches for local build - if: ${{ ! contains(inputs.architectures, 'ppc64le') }} - id: arch - run: echo 'local-exclude=[{"arch":"ppc64le"}]' >> "$GITHUB_OUTPUT" - build-collector-image: name: Local collector image ${{ matrix.arch }} - needs: prepare-build-collector strategy: matrix: arch: [amd64, arm64, ppc64le] - exclude: ${{ fromJSON(needs.prepare-build-collector.outputs.local-exclude) }} - runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-24.04-arm') || 'ubuntu-24.04' }} + runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-24.04-arm') || + (matrix.arch == 'ppc64le' && 'ubuntu-24.04-ppc64le') || + 'ubuntu-24.04' }} env: PLATFORM: linux/${{ matrix.arch }} @@ -63,11 +51,6 @@ jobs: with: submodules: true - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - image: tonistiigi/binfmt:qemu-v8.1.5 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 From 22d946a071ce6352132de69a0a665aa426bbd77f Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 4 Jul 2025 16:33:30 +0200 Subject: [PATCH 2/7] Install ansible on Power and Z runners --- .github/workflows/collector.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/collector.yml b/.github/workflows/collector.yml index 662c1fd659..7145bb413f 100644 --- a/.github/workflows/collector.yml +++ b/.github/workflows/collector.yml @@ -54,6 +54,11 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Install ansible on P&Z runners + if: matrix.arch == 'ppc64le' + run: | + sudo apt-get install -y ansible + - name: Create ansible vars run: | cat << EOF > ${{ github.workspace }}/ansible/secrets.yml From dfe6e32115c52e054d784ff0769fb8d303a93d5d Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 4 Jul 2025 16:54:38 +0200 Subject: [PATCH 3/7] Use Z runners --- .github/workflows/collector.yml | 81 +-------------------------------- 1 file changed, 2 insertions(+), 79 deletions(-) diff --git a/.github/workflows/collector.yml b/.github/workflows/collector.yml index 7145bb413f..c5ac81bc12 100644 --- a/.github/workflows/collector.yml +++ b/.github/workflows/collector.yml @@ -40,6 +40,7 @@ jobs: arch: [amd64, arm64, ppc64le] runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-24.04-arm') || (matrix.arch == 'ppc64le' && 'ubuntu-24.04-ppc64le') || + (matrix.arch == 's390x' && 'ubuntu-24.04-s390x') || 'ubuntu-24.04' }} env: @@ -55,7 +56,7 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Install ansible on P&Z runners - if: matrix.arch == 'ppc64le' + if: matrix.arch == 'ppc64le' || matrix.arch == 's390x' run: | sudo apt-get install -y ansible @@ -79,7 +80,6 @@ jobs: EOF - name: Build ${{ matrix.arch }} image locally - timeout-minutes: 480 run: | ansible-playbook \ --connection local \ @@ -89,85 +89,9 @@ jobs: -e @'${{ github.workspace }}/ansible/secrets.yml' \ ansible/ci-build-collector.yml - build-collector-image-remote-vm: - name: Remote collector image - runs-on: ubuntu-24.04 - if: contains(inputs.architectures, 's390x') - strategy: - matrix: - arch: [s390x] - - env: - PLATFORM: linux/${{ matrix.arch }} - - steps: - - uses: actions/checkout@v4 - - - uses: actions/setup-python@v5 - with: - python-version: "3.10" - - - uses: 'google-github-actions/auth@v2' - with: - credentials_json: '${{ secrets.GOOGLE_CREDENTIALS_COLLECTOR_SVC_ACCT }}' - - - uses: 'google-github-actions/setup-gcloud@v2' - - - uses: ./.github/actions/setup-vm-creds - with: - gcp-ssh-key: ${{ secrets.GCP_SSH_KEY }} - gcp-ssh-key-pub: ${{ secrets.GCP_SSH_KEY_PUB }} - s390x-ssh-key: ${{ secrets.IBM_CLOUD_S390X_SSH_PRIVATE_KEY }} - ppc64le-ssh-key: ${{ secrets.IBM_CLOUD_POWER_SSH_PRIVATE_KEY }} - ppc64le-ssh-key-pub: ${{ secrets.IBM_CLOUD_POWER_SSH_PUBLIC_KEY }} - s390x-key: ${{ secrets.IBM_CLOUD_S390x_API_KEY }} - ppc64le-key: ${{ secrets.IBM_CLOUD_POWER_API_KEY }} - redhat-username: ${{ secrets.REDHAT_USERNAME }} - redhat-password: ${{ secrets.REDHAT_PASSWORD }} - vm-type: rhel-${{ matrix.arch }} - job-tag: builder - - - name: Create Build VMs - run: | - make -C "${{ github.workspace }}/ansible" create-build-vms - - - name: Create ansible vars - run: | - cat << EOF > ${{ github.workspace }}/ansible/secrets.yml - --- - stackrox_io_username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }} - stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }} - rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} - rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} - collector_git_ref: ${{ github.ref }} - collector_git_sha: ${{ github.sha }} - collector_builder_tag: ${{ env.COLLECTOR_BUILDER_TAG }} - disable_profiling: ${{ matrix.arch != 'amd64' && matrix.arch != 'arm64' }} - rhacs_eng_image: ${{ env.RHACS_ENG_IMAGE }} - collector_image: ${{ inputs.collector-image }} - collector_tag: ${{ inputs.collector-tag }} - debug_mode: ${{ github.event_name == 'pull_request' }} - EOF - - - name: Build ${{ matrix.arch }} image - timeout-minutes: 480 - run: | - ansible-playbook \ - -i ansible/ci \ - -e arch='${{ matrix.arch }}' \ - -e build_hosts='job_id_${{ env.JOB_ID }}' \ - -e @'${{ github.workspace }}/ansible/secrets.yml' \ - ansible/ci-build-collector.yml - - - name: Destroy Build VMs - if: always() - run: | - make -C ansible destroy-vms - create-multiarch-manifest: needs: - build-collector-image - - build-collector-image-remote-vm name: Create Multiarch manifest runs-on: ubuntu-24.04 if: always() && !contains(join(needs.*.result, ','), 'failure') @@ -208,7 +132,6 @@ jobs: if: always() && contains(join(needs.*.result, ','), 'failure') && github.event_name != 'pull_request' needs: - build-collector-image - - build-collector-image-remote-vm - create-multiarch-manifest steps: - name: Slack notification From 50844a7fd2bfa1e58a7a3484bf4170661281e8d8 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 4 Jul 2025 17:06:29 +0200 Subject: [PATCH 4/7] Minimal fixes --- .github/workflows/collector.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/collector.yml b/.github/workflows/collector.yml index c5ac81bc12..995c580a87 100644 --- a/.github/workflows/collector.yml +++ b/.github/workflows/collector.yml @@ -37,7 +37,7 @@ jobs: name: Local collector image ${{ matrix.arch }} strategy: matrix: - arch: [amd64, arm64, ppc64le] + arch: [amd64, arm64, ppc64le, s390x] runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-24.04-arm') || (matrix.arch == 'ppc64le' && 'ubuntu-24.04-ppc64le') || (matrix.arch == 's390x' && 'ubuntu-24.04-s390x') || @@ -96,7 +96,7 @@ jobs: runs-on: ubuntu-24.04 if: always() && !contains(join(needs.*.result, ','), 'failure') env: - ARCHS: ${{ inputs.architectures }} + ARCHS: amd64 arm64 ppc64le s390x steps: - uses: actions/checkout@v4 From 74639c491b6b3dcd7266c596aca284545ace9da5 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 4 Jul 2025 17:31:59 +0200 Subject: [PATCH 5/7] Build builder image on P&Z runners --- .github/workflows/collector-builder.yml | 112 ++++-------------------- .github/workflows/collector.yml | 6 +- ansible/ci-build-builder.yml | 12 --- ansible/ci-build-collector.yml | 13 --- 4 files changed, 20 insertions(+), 123 deletions(-) diff --git a/.github/workflows/collector-builder.yml b/.github/workflows/collector-builder.yml index 0bc24fc36c..8b992a7df1 100644 --- a/.github/workflows/collector-builder.yml +++ b/.github/workflows/collector-builder.yml @@ -31,7 +31,6 @@ jobs: outputs: build-image: ${{ steps.builder-tag.outputs.build-image || false }} collector-builder-tag: ${{ steps.builder-tag.outputs.collector-builder-tag || 'master'}} - local-exclude: ${{ steps.arch.outputs.local-exclude || '[]'}} env: DEFAULT_BUILDER_TAG: master @@ -70,11 +69,6 @@ jobs: echo "collector-builder-tag=${COLLECTOR_BUILDER_TAG}" >> "$GITHUB_OUTPUT" echo "build-image=true" >> "$GITHUB_OUTPUT" - - name: Check arches for local build - if: ${{ ! contains(inputs.architectures, 'ppc64le') }} - id: arch - run: echo 'local-exclude=[{"arch":"ppc64le"}]' >> "$GITHUB_OUTPUT" - build-builder-image: name: Local builder image # Multiarch builds sometimes take for eeeeeeeeeever @@ -85,9 +79,15 @@ jobs: needs.builder-needs-rebuilding.outputs.build-image == 'true' strategy: matrix: - arch: [amd64, arm64, ppc64le] - exclude: ${{ fromJSON(needs.builder-needs-rebuilding.outputs.local-exclude) }} - runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-24.04-arm') || 'ubuntu-24.04' }} + arch: + - amd64 + - arm64 + - ppc64le + - s390x + runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-24.04-arm') || + (matrix.arch == 'ppc64le' && 'ubuntu-24.04-ppc64le') || + (matrix.arch == 's390x' && 'ubuntu-24.04-s390x') || + 'ubuntu-24.04' }} env: PLATFORM: linux/${{ matrix.arch }} @@ -99,14 +99,14 @@ jobs: with: submodules: true - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - image: tonistiigi/binfmt:qemu-v8.1.5 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Install ansible on P&Z runners + if: matrix.arch == 'ppc64le' || matrix.arch == 's390x' + run: | + sudo apt-get install -y ansible + - name: Create ansible vars run: | cat << EOF > ${{ github.workspace }}/ansible/secrets.yml @@ -120,7 +120,6 @@ jobs: EOF - name: Build images - timeout-minutes: 480 run: | ansible-galaxy install -r ansible/requirements.yml ansible-playbook \ @@ -131,90 +130,10 @@ jobs: -e @'${{ github.workspace }}/ansible/secrets.yml' \ ansible/ci-build-builder.yml - build-builder-image-remote-vm: - name: Remote builder image - # Multiarch builds sometimes take for eeeeeeeeeever - timeout-minutes: 480 - needs: - - builder-needs-rebuilding - if: | - needs.builder-needs-rebuilding.outputs.build-image == 'true' && - contains(inputs.architectures, 's390x') - strategy: - matrix: - arch: [s390x] - runs-on: ubuntu-24.04 - - env: - PLATFORM: linux/${{ matrix.arch }} - BUILD_TYPE: ci - COLLECTOR_BUILDER_TAG: ${{ needs.builder-needs-rebuilding.outputs.collector-builder-tag }} - - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - - uses: actions/setup-python@v5 - with: - python-version: "3.10" - - - uses: 'google-github-actions/auth@v2' - with: - credentials_json: '${{ secrets.GOOGLE_CREDENTIALS_COLLECTOR_SVC_ACCT }}' - - - uses: 'google-github-actions/setup-gcloud@v2' - - - uses: ./.github/actions/setup-vm-creds - with: - gcp-ssh-key: ${{ secrets.GCP_SSH_KEY }} - gcp-ssh-key-pub: ${{ secrets.GCP_SSH_KEY_PUB }} - s390x-ssh-key: ${{ secrets.IBM_CLOUD_S390X_SSH_PRIVATE_KEY }} - ppc64le-ssh-key: ${{ secrets.IBM_CLOUD_POWER_SSH_PRIVATE_KEY }} - ppc64le-ssh-key-pub: ${{ secrets.IBM_CLOUD_POWER_SSH_PUBLIC_KEY }} - s390x-key: ${{ secrets.IBM_CLOUD_S390x_API_KEY }} - ppc64le-key: ${{ secrets.IBM_CLOUD_POWER_API_KEY }} - redhat-username: ${{ secrets.REDHAT_USERNAME }} - redhat-password: ${{ secrets.REDHAT_PASSWORD }} - vm-type: all - job-tag: builder - - - name: Create Build VMs - run: | - make -C "${{ github.workspace }}/ansible" create-build-vms - - - name: Create ansible vars - run: | - cat << EOF > ${{ github.workspace }}/ansible/secrets.yml - --- - stackrox_io_username: ${{ secrets.QUAY_STACKROX_IO_RW_USERNAME }} - stackrox_io_password: ${{ secrets.QUAY_STACKROX_IO_RW_PASSWORD }} - rhacs_eng_username: ${{ secrets.QUAY_RHACS_ENG_RW_USERNAME }} - rhacs_eng_password: ${{ secrets.QUAY_RHACS_ENG_RW_PASSWORD }} - collector_git_ref: ${{ github.ref }} - collector_builder_tag: ${{ needs.builder-needs-rebuilding.outputs.collector-builder-tag }} - EOF - - - name: Build images - timeout-minutes: 480 - run: | - ansible-playbook \ - -i ansible/ci \ - -e build_hosts='job_id_${{ env.JOB_ID }}' \ - -e arch='${{ matrix.arch }}' \ - -e @'${{ github.workspace }}/ansible/secrets.yml' \ - ansible/ci-build-builder.yml - - - name: Destroy VMs - if: always() - run: | - make -C ansible destroy-vms - create-multiarch-manifest: needs: - builder-needs-rebuilding - build-builder-image - - build-builder-image-remote-vm name: Create Multiarch manifest runs-on: ubuntu-24.04 if: | @@ -222,7 +141,7 @@ jobs: needs.builder-needs-rebuilding.outputs.build-image == 'true' env: COLLECTOR_BUILDER_TAG: ${{ needs.builder-needs-rebuilding.outputs.collector-builder-tag }} - ARCHS: ${{ inputs.architectures }} + ARCHS: amd64 arm64 ppc64le s390x steps: - uses: actions/checkout@v4 @@ -258,7 +177,6 @@ jobs: if: always() && contains(join(needs.*.result, ','), 'failure') && github.event_name != 'pull_request' needs: - build-builder-image - - build-builder-image-remote-vm - create-multiarch-manifest steps: - name: Slack notification diff --git a/.github/workflows/collector.yml b/.github/workflows/collector.yml index 995c580a87..fa429dba23 100644 --- a/.github/workflows/collector.yml +++ b/.github/workflows/collector.yml @@ -37,7 +37,11 @@ jobs: name: Local collector image ${{ matrix.arch }} strategy: matrix: - arch: [amd64, arm64, ppc64le, s390x] + arch: + - amd64 + - arm64 + - ppc64le + - s390x runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-24.04-arm') || (matrix.arch == 'ppc64le' && 'ubuntu-24.04-ppc64le') || (matrix.arch == 's390x' && 'ubuntu-24.04-s390x') || diff --git a/ansible/ci-build-builder.yml b/ansible/ci-build-builder.yml index d91284aaee..28706cea0d 100644 --- a/ansible/ci-build-builder.yml +++ b/ansible/ci-build-builder.yml @@ -12,18 +12,6 @@ local_branch: local tasks: - - name: Clone repository - ansible.builtin.git: - repo: https://github.com/stackrox/collector - dest: "{{ collector_root }}" - # We fetch the ref (either master, or pull//merge) and then - # create a local branch based on that. Doing it this way, rather - # than with commit hashes, prevents "reference is not a tree" errors - version: "{{ local_branch }}" - refspec: "+{{ collector_git_ref | replace('refs/', '') }}:{{ local_branch }}" - recursive: true - when: arch == "s390x" - - name: Build the collector builder image community.general.make: chdir: "{{ ansible_env.GITHUB_WORKSPACE | default(collector_root) }}" diff --git a/ansible/ci-build-collector.yml b/ansible/ci-build-collector.yml index 631bbffed0..efe43cd54c 100644 --- a/ansible/ci-build-collector.yml +++ b/ansible/ci-build-collector.yml @@ -14,19 +14,6 @@ local_branch: local tasks: - - debug: var=collector_root - - name: Clone repository - ansible.builtin.git: - repo: https://github.com/stackrox/collector - dest: "{{ collector_root }}" - # We fetch the ref (either master, or pull//merge) and then - # create a local branch based on that. Doing it this way, rather - # than with commit hashes, prevents "reference is not a tree" errors - version: "{{ local_branch }}" - refspec: "+{{ collector_git_ref | replace('refs/', '') }}:{{ local_branch }}" - recursive: true - when: arch == "s390x" - - name: Run the builder image community.general.make: chdir: "{{ ansible_env.GITHUB_WORKSPACE | default(collector_root) }}" From 5d5d81f725e55085c7165858766b16c0a63346b4 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Tue, 8 Jul 2025 12:10:11 +0200 Subject: [PATCH 6/7] Run P and Z tests unconditionally --- .github/workflows/collector-builder.yml | 4 +--- .github/workflows/collector.yml | 2 +- .github/workflows/integration-tests.yml | 6 ------ 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/workflows/collector-builder.yml b/.github/workflows/collector-builder.yml index 8b992a7df1..730b86f40c 100644 --- a/.github/workflows/collector-builder.yml +++ b/.github/workflows/collector-builder.yml @@ -70,9 +70,7 @@ jobs: echo "build-image=true" >> "$GITHUB_OUTPUT" build-builder-image: - name: Local builder image - # Multiarch builds sometimes take for eeeeeeeeeever - timeout-minutes: 480 + name: Build builder image needs: - builder-needs-rebuilding if: | diff --git a/.github/workflows/collector.yml b/.github/workflows/collector.yml index fa429dba23..fcd7f8ff07 100644 --- a/.github/workflows/collector.yml +++ b/.github/workflows/collector.yml @@ -34,7 +34,7 @@ env: jobs: build-collector-image: - name: Local collector image ${{ matrix.arch }} + name: Build collector image ${{ matrix.arch }} strategy: matrix: arch: diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 8c1c90d255..3af1f8bd55 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -113,9 +113,6 @@ jobs: s390x-integration-tests: uses: ./.github/workflows/integration-tests-vm-type.yml - if: | - github.event_name != 'pull_request' || inputs.is-konflux || - contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') with: vm_type: rhel-s390x collector-tag: ${{ inputs.collector-tag }} @@ -127,9 +124,6 @@ jobs: ppc64le-integration-tests: uses: ./.github/workflows/integration-tests-vm-type.yml - if: | - github.event_name != 'pull_request' || inputs.is-konflux || - contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds') with: vm_type: rhel-ppc64le collector-tag: ${{ inputs.collector-tag }} From da689f15320bc40933b588517279879fedee5c00 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Tue, 8 Jul 2025 12:16:38 +0200 Subject: [PATCH 7/7] Cleanup unneeded architectures logic --- .github/workflows/collector-builder.yml | 5 ----- .github/workflows/collector.yml | 5 ----- .github/workflows/init.yml | 7 ------- .github/workflows/main.yml | 2 -- 4 files changed, 19 deletions(-) diff --git a/.github/workflows/collector-builder.yml b/.github/workflows/collector-builder.yml index 730b86f40c..ae1aa487c8 100644 --- a/.github/workflows/collector-builder.yml +++ b/.github/workflows/collector-builder.yml @@ -8,11 +8,6 @@ on: required: true description: | The tag used to build the collector image - architectures: - type: string - required: true - description: | - Space-separated list of architectures to build outputs: collector-builder-tag: diff --git a/.github/workflows/collector.yml b/.github/workflows/collector.yml index fcd7f8ff07..a1ee87c037 100644 --- a/.github/workflows/collector.yml +++ b/.github/workflows/collector.yml @@ -18,11 +18,6 @@ on: required: true description: | The builder tag to use in the build - architectures: - type: string - required: true - description: | - Space-separated list of architectures to build env: COLLECTOR_TAG: ${{ inputs.collector-tag }} diff --git a/.github/workflows/init.yml b/.github/workflows/init.yml index 1db7bcd88b..be09716158 100644 --- a/.github/workflows/init.yml +++ b/.github/workflows/init.yml @@ -58,13 +58,6 @@ on: description: | Trigger rebuild of QA containers value: ${{ jobs.common-variables.outputs.rebuild-qa-containers }} - architectures: - description: | - Space-separated list of architectures to build - value: | - ${{ ((github.event_name != 'pull_request' || - contains(github.event.pull_request.labels.*.name, 'run-multiarch-builds')) && - 'amd64 arm64 ppc64le s390x') || 'amd64 arm64' }} jobs: common-variables: diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c9d8e3384d..f002e6eb7b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -40,7 +40,6 @@ jobs: needs: init with: collector-tag: ${{ needs.init.outputs.collector-tag }} - architectures: ${{ needs.init.outputs.architectures }} secrets: inherit build-collector: @@ -52,7 +51,6 @@ jobs: collector-tag: ${{ needs.init.outputs.collector-tag }} collector-image: ${{ needs.init.outputs.collector-image }} collector-builder-tag: ${{ needs.build-builder-image.outputs.collector-builder-tag }} - architectures: ${{ needs.init.outputs.architectures }} secrets: inherit build-test-containers: