From 9e40468181259a4bfcd8ad0d5113b88d2cc2633c Mon Sep 17 00:00:00 2001
From: Benjamin Schimke <benjamin.schimke@canonical.com>
Date: Tue, 7 Jan 2025 12:08:51 +0100
Subject: [PATCH 1/6] Ensure lxd is installed before attempting snap refresh

This change checks if the lxd snap is installed before running `snap refresh lxd`,
preventing failures when lxd is missing. If lxd is not found,
it installs the snap using the specified channel.
This is required because the LXD snap is not shipped by default in 24.04 anymore.
---
 .github/actions/install-lxd/action.yaml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/actions/install-lxd/action.yaml b/.github/actions/install-lxd/action.yaml
index 3e90cd23b..851dc0ca8 100644
--- a/.github/actions/install-lxd/action.yaml
+++ b/.github/actions/install-lxd/action.yaml
@@ -12,7 +12,13 @@ runs:
     - name: Install lxd snap
       shell: bash
       run: |
-        sudo snap refresh lxd --channel ${{ inputs.channel }}
+        if ! snap list lxd &> /dev/null; then
+          echo "Installing lxd snap"
+          sudo snap install lxd --channel ${{ inputs.channel }}
+        else
+          echo "lxd snap found, refreshing to specified channel"
+          sudo snap refresh lxd --channel ${{ inputs.channel }}
+        fi
     - name: Initialize lxd
       shell: bash
       run: |

From c11e31ee64a6173a59d76ee62322313d9e417180 Mon Sep 17 00:00:00 2001
From: Benjamin Schimke <benjamin.schimke@canonical.com>
Date: Tue, 7 Jan 2025 12:16:45 +0100
Subject: [PATCH 2/6] use newgrp instead of sg

---
 .github/actions/install-lxd/action.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/actions/install-lxd/action.yaml b/.github/actions/install-lxd/action.yaml
index 851dc0ca8..f6f50f9d8 100644
--- a/.github/actions/install-lxd/action.yaml
+++ b/.github/actions/install-lxd/action.yaml
@@ -24,7 +24,9 @@ runs:
       run: |
         sudo lxd init --auto
         sudo usermod --append --groups lxd $USER
-        sg lxd -c 'lxc version'
+        newgrp lxd <<EOF
+        lxc version
+        EOF
     # Docker sets iptables rules that interfere with LXD.
     # https://documentation.ubuntu.com/lxd/en/latest/howto/network_bridge_firewalld/#prevent-connectivity-issues-with-lxd-and-docker
     - name: Apply Docker iptables workaround

From 70d76776d5795c88a2f3ce987e19820b3eec796f Mon Sep 17 00:00:00 2001
From: Benjamin Schimke <benjamin.schimke@canonical.com>
Date: Tue, 7 Jan 2025 12:24:41 +0100
Subject: [PATCH 3/6] Debug

---
 .github/actions/install-lxd/action.yaml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/.github/actions/install-lxd/action.yaml b/.github/actions/install-lxd/action.yaml
index f6f50f9d8..b5bdc3db7 100644
--- a/.github/actions/install-lxd/action.yaml
+++ b/.github/actions/install-lxd/action.yaml
@@ -23,10 +23,14 @@ runs:
       shell: bash
       run: |
         sudo lxd init --auto
+    - name: Add user to lxd group
+      shell: bash
+      run: |
         sudo usermod --append --groups lxd $USER
-        newgrp lxd <<EOF
-        lxc version
-        EOF
+    - name: Check lxd version
+      shell: bash
+      run: |
+        sg lxd -c 'lxc version'
     # Docker sets iptables rules that interfere with LXD.
     # https://documentation.ubuntu.com/lxd/en/latest/howto/network_bridge_firewalld/#prevent-connectivity-issues-with-lxd-and-docker
     - name: Apply Docker iptables workaround

From 25528b37a606d8c6c615952282d5ba7318a26180 Mon Sep 17 00:00:00 2001
From: Benjamin Schimke <benjamin.schimke@canonical.com>
Date: Tue, 7 Jan 2025 12:33:04 +0100
Subject: [PATCH 4/6] use sudo --user

---
 .github/actions/install-lxd/action.yaml | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/.github/actions/install-lxd/action.yaml b/.github/actions/install-lxd/action.yaml
index b5bdc3db7..64bdef2a0 100644
--- a/.github/actions/install-lxd/action.yaml
+++ b/.github/actions/install-lxd/action.yaml
@@ -23,14 +23,10 @@ runs:
       shell: bash
       run: |
         sudo lxd init --auto
-    - name: Add user to lxd group
-      shell: bash
-      run: |
         sudo usermod --append --groups lxd $USER
-    - name: Check lxd version
-      shell: bash
-      run: |
-        sg lxd -c 'lxc version'
+        # `newgrp` does not work in GitHub Actions; use `sudo --user` instead
+        # See https://github.com/actions/runner-images/issues/9932#issuecomment-2573170305
+        sudo --user "$USER" --preserve-env --preserve-env=PATH -- env -- lxc version'
     # Docker sets iptables rules that interfere with LXD.
     # https://documentation.ubuntu.com/lxd/en/latest/howto/network_bridge_firewalld/#prevent-connectivity-issues-with-lxd-and-docker
     - name: Apply Docker iptables workaround

From 7e73125ef96ad6e72a25927901165a6936be69c5 Mon Sep 17 00:00:00 2001
From: Benjamin Schimke <benjamin.schimke@canonical.com>
Date: Tue, 7 Jan 2025 12:35:10 +0100
Subject: [PATCH 5/6] typo

---
 .github/actions/install-lxd/action.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/actions/install-lxd/action.yaml b/.github/actions/install-lxd/action.yaml
index 64bdef2a0..a24800774 100644
--- a/.github/actions/install-lxd/action.yaml
+++ b/.github/actions/install-lxd/action.yaml
@@ -26,7 +26,7 @@ runs:
         sudo usermod --append --groups lxd $USER
         # `newgrp` does not work in GitHub Actions; use `sudo --user` instead
         # See https://github.com/actions/runner-images/issues/9932#issuecomment-2573170305
-        sudo --user "$USER" --preserve-env --preserve-env=PATH -- env -- lxc version'
+        sudo --user "$USER" --preserve-env --preserve-env=PATH -- env -- lxc version
     # Docker sets iptables rules that interfere with LXD.
     # https://documentation.ubuntu.com/lxd/en/latest/howto/network_bridge_firewalld/#prevent-connectivity-issues-with-lxd-and-docker
     - name: Apply Docker iptables workaround

From c2f6dadf47027764e9ef4cecf5c7dcb0d0a1f4bc Mon Sep 17 00:00:00 2001
From: Benjamin Schimke <benjamin.schimke@canonical.com>
Date: Tue, 7 Jan 2025 12:42:24 +0100
Subject: [PATCH 6/6] use sudo --user everywhere

---
 .github/workflows/build-snap.yaml | 2 +-
 .github/workflows/e2e-tests.yaml  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-snap.yaml b/.github/workflows/build-snap.yaml
index fbc39d01c..0bf8c0934 100644
--- a/.github/workflows/build-snap.yaml
+++ b/.github/workflows/build-snap.yaml
@@ -43,7 +43,7 @@ jobs:
             out_snap=k8s.snap
           fi
 
-          sg lxd -c 'snapcraft --use-lxd'
+          sudo --user "$USER" --preserve-env --preserve-env=PATH -- env -- snapcraft --use-lxd
           mv k8s_*.snap $out_snap
 
           echo "snap-artifact=$out_snap" >> "$GITHUB_OUTPUT"
diff --git a/.github/workflows/e2e-tests.yaml b/.github/workflows/e2e-tests.yaml
index 4e2aa086a..c86d1ae86 100644
--- a/.github/workflows/e2e-tests.yaml
+++ b/.github/workflows/e2e-tests.yaml
@@ -70,7 +70,7 @@ jobs:
           TEST_STRICT_INTERFACE_CHANNELS: "recent 6 strict"
           TEST_MIRROR_LIST: '[{"name": "ghcr.io", "port": 5000, "remote": "https://ghcr.io", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}"}, {"name": "docker.io", "port": 5001, "remote": "https://registry-1.docker.io", "username": "", "password": ""}, {"name": "rocks.canonical.com", "port": 5002, "remote": "https://rocks.canonical.com/cdk"}]'
         run: |
-          cd tests/integration && sg lxd -c "tox -e integration -- --tags ${{ inputs.test-tags }}"
+          cd tests/integration && sudo --user "$USER" --preserve-env --preserve-env=PATH -- env -- tox -e integration -- --tags ${{ inputs.test-tags }}
       - name: Prepare inspection reports
         if: failure()
         run: |