The Forgejo runner container is Alpine with a near-empty base — no
curl, python3, arp-scan, or sudo out of the box. scripts/smoke-vm.sh
needs all four:
- curl: every PVE API call
- python3: JSON parsing of PVE responses
- arp-scan: MAC→IP discovery on the LAN (live ISO has no guest agent)
- sudo: so the same script also works from a dev laptop as non-root
Without this step the smoke job fails immediately on "curl: not found",
regardless of whether the PVE secrets are correctly set.
Added to both build-iso.yml (inline smoke after ISO build) and
smoke-latest.yml (workflow_dispatch retest path).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
When smoke-vm.sh / PVE setup / secrets change, we want to verify the
fix without waiting for a full 25-min build-iso rebuild (most of which
is the upload-artifact step for a 1.5 GB file).
Adds two things:
1. build-iso.yml grows a "Cache ISO for smoke-latest" step that copies
the freshly built ISO to /data/smoke-cache/latest.iso. /data is
already bind-mounted into the runner container at a matching host
path, so no compose.yml change or runner restart needed.
2. smoke-latest.yml is a workflow_dispatch-only workflow that reads
/data/smoke-cache/latest.iso and runs scripts/smoke-vm.sh against
it. ~2 min end-to-end. Errors cleanly if the cache is empty (build-
iso.yml hasn't populated it yet).
First build-iso run after this merges will populate the cache; from
then on smoke-latest is available for on-demand re-tests.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
