Add IronCore-in-a-Box integration test targets

[friegger]

Verify current libvirt-provider changes with ironcore-in-a-box test target. Can be run locally on Mac and
runs also in GitHub Actions on Ubuntu.

Fixes #719

Summary by CodeRabbit

Release Notes

• Chores
  • Established automated integration testing infrastructure with CI/CD pipeline integration
  • Added testing and environment cleanup automation utilities

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces a new integration test infrastructure for IronCore-in-a-Box (iiab), enabling the project to run iiab's end-to-end tests in CI and locally. A Bash orchestration script handles cloning the iiab repository, building and patching Docker images, deploying to a local kind cluster, and executing tests. The test is wired into the build system via Make targets and GitHub Actions workflows.

Changes

IronCore-in-a-Box Integration Tests

Layer / File(s)	Summary
Core Orchestration hack/iiab-tests.sh	Implements CLI commands (all, clone, build, patch, deploy, test, clean) to orchestrate local iiab testing: clones/updates the iiab repo with submodules, builds Docker images for libvirt-provider, builds kind node images, patches iiab's kustomization to use local config and image, deploys to kind, and runs integration tests. Includes macOS-specific sed handling for in-place edits.
Build System Integration Makefile	Adds iiab-tests and iiab-clean phony targets that delegate to hack/iiab-tests.sh all and hack/iiab-tests.sh clean respectively, under a new "IronCore-in-a-Box Integration Tests" help category.
CI/CD Workflow .github/workflows/iiab-tests.yml	GitHub Actions workflow triggered on PR events (assigned, opened, synchronize, reopened), ignores changes under docs/** and **/*.md, runs make iiab-tests on ubuntu-latest after installing sshpass.
Configuration & Exclusions .gitignore	Excludes the .iiab/ directory (containing test artifacts and cloned iiab repository) from version control.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding IronCore-in-a-Box integration test targets to the repository.
Description check	✅ Passed	The description covers the purpose (verify libvirt-provider changes with iiab tests) and links to the issue, though it doesn't follow the template structure with bullet points.
Linked Issues check	✅ Passed	The PR successfully implements issue #719 requirements: adds iiab test integration via hack/iiab-tests.sh script, GitHub Actions workflow, and Makefile targets.
Out of Scope Changes check	✅ Passed	All changes are directly related to implementing IronCore-in-a-Box integration tests; no out-of-scope modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch enh/run-iiab-test-on-prs

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@hack/iiab-tests.sh`:
- Around line 75-79: The clean() function currently does rm -rf "${IIAB_DIR}" on
a user-controlled path; add a safety guard before deletion to ensure IIAB_DIR is
non-empty, not "/" or ".", and matches an expected safe pattern (e.g., resides
under /tmp or contains a specific prefix like "iiab") and only proceed if those
checks pass; if the checks fail, log an error and skip deletion. Reference the
clean() function and the IIAB_DIR variable when adding these validations and
retain the kind delete cluster step unchanged.
- Around line 40-47: The kustomization patch hardcodes newName/newTag to
"libvirt-provider:local" so an IIAB_IMG override is ignored; update the sed
replacements in the IIAB script (the blocks that reference variables config_path
and kustomization) to detect IIAB_IMG and split it into image name and tag, then
use those values instead of the hardcoded "libvirt-provider" and "local" (i.e.,
set newName to the image name portion and newTag to the tag portion when
IIAB_IMG is non-empty), ensuring both the macOS (sed -i '') and Linux (sed -i)
branches apply the same conditional substitution logic.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 09bf8a6b-ba0b-4e91-865a-378c7bd3077b

📥 Commits

Reviewing files that changed from the base of the PR and between e548a94 and 6f6e2bc.

📒 Files selected for processing (4)

• .github/workflows/iiab-tests.yml
• .gitignore
• Makefile
• hack/iiab-tests.sh

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

IIAB_IMG override is ignored during kustomization patching.

At Line 41–46, newName/newTag are hardcoded to libvirt-provider:local. If IIAB_IMG is set (documented in usage), deploy references a different image than the one built/loaded.

Suggested fix

 patch() {
     echo "==> Patching iiab kustomization..."
     local kustomization="${IIAB_DIR}/base/libvirt-provider/kustomization.yaml"
+    local image_name="${IIAB_IMG%:*}"
+    local image_tag="${IIAB_IMG##*:}"
+    if [[ "${IIAB_IMG}" != *:* ]]; then
+        image_tag="latest"
+    fi
@@
     if [[ "$(uname)" == "Darwin" ]]; then
         sed -i '' "s|github.com/ironcore-dev/libvirt-provider/config/default?ref=.*|${config_path}|" "${kustomization}"
-        sed -i '' "s|newName: ghcr.io/ironcore-dev/libvirt-provider|newName: libvirt-provider|" "${kustomization}"
-        sed -i '' "/newName: libvirt-provider/{n;s|newTag:.*|newTag: local|;}" "${kustomization}"
+        sed -i '' "s|newName: ghcr.io/ironcore-dev/libvirt-provider|newName: ${image_name}|" "${kustomization}"
+        sed -i '' "/newName: /{n;s|newTag:.*|newTag: ${image_tag}|;}" "${kustomization}"
     else
         sed -i "s|github.com/ironcore-dev/libvirt-provider/config/default?ref=.*|${config_path}|" "${kustomization}"
-        sed -i "s|newName: ghcr.io/ironcore-dev/libvirt-provider|newName: libvirt-provider|" "${kustomization}"
-        sed -i "/newName: libvirt-provider/{n;s|newTag:.*|newTag: local|;}" "${kustomization}"
+        sed -i "s|newName: ghcr.io/ironcore-dev/libvirt-provider|newName: ${image_name}|" "${kustomization}"
+        sed -i "/newName: /{n;s|newTag:.*|newTag: ${image_tag}|;}" "${kustomization}"
     fi

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hack/iiab-tests.sh` around lines 40 - 47, The kustomization patch hardcodes
newName/newTag to "libvirt-provider:local" so an IIAB_IMG override is ignored;
update the sed replacements in the IIAB script (the blocks that reference
variables config_path and kustomization) to detect IIAB_IMG and split it into
image name and tag, then use those values instead of the hardcoded
"libvirt-provider" and "local" (i.e., set newName to the image name portion and
newTag to the tag portion when IIAB_IMG is non-empty), ensuring both the macOS
(sed -i '') and Linux (sed -i) branches apply the same conditional substitution
logic.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add a safety guard before deleting IIAB_DIR.

At Line 78, rm -rf "${IIAB_DIR}" runs on a user-configurable path. A bad env value can wipe unintended directories.

Suggested fix

 clean() {
     echo "==> Cleaning up..."
     kind delete cluster --name "${IIAB_CLUSTER_NAME}" || true
+    if [[ -z "${IIAB_DIR}" || "${IIAB_DIR}" == "/" ]]; then
+        echo "Refusing to remove unsafe IIAB_DIR='${IIAB_DIR}'" >&2
+        return 1
+    fi
     rm -rf "${IIAB_DIR}"
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	clean() {
	echo "==> Cleaning up..."
	kind delete cluster --name "${IIAB_CLUSTER_NAME}" || true
	rm -rf "${IIAB_DIR}"
	}
	clean() {
	echo "==> Cleaning up..."
	kind delete cluster --name "${IIAB_CLUSTER_NAME}" || true
	if [[ -z "${IIAB_DIR}" || "${IIAB_DIR}" == "/" ]]; then
	echo "Refusing to remove unsafe IIAB_DIR='${IIAB_DIR}'" >&2
	return 1
	fi
	rm -rf "${IIAB_DIR}"
	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hack/iiab-tests.sh` around lines 75 - 79, The clean() function currently does
rm -rf "${IIAB_DIR}" on a user-controlled path; add a safety guard before
deletion to ensure IIAB_DIR is non-empty, not "/" or ".", and matches an
expected safe pattern (e.g., resides under /tmp or contains a specific prefix
like "iiab") and only proceed if those checks pass; if the checks fail, log an
error and skip deletion. Reference the clean() function and the IIAB_DIR
variable when adding these validations and retain the kind delete cluster step
unchanged.