fix(ci): improve LXD container setup reliability

[lengau]

Fixes several issues with the test-lxd Makefile target that caused containers to hang or fail in CI.

Changes

Network readiness check

Waits for both a default route and DNS to be functional before running package installs:

until ip route 2>/dev/null | grep -q "^default"; do sleep 1; done
until getent hosts cloudflare.com >/dev/null 2>&1 || nslookup cloudflare.com >/dev/null 2>&1; do sleep 1; done

Previous attempts all failed in CI:

• ping hangs — ICMP is blocked in the GitHub Actions environment
• /dev/tcp is bash-only; containers using dash (Debian/Ubuntu) or busybox sh (Alpine) loop forever
• ip route alone is not sufficient — routing comes up before DNS is ready, causing apk/pacman to fail with "Could not resolve host" on Alpine and Arch Linux ARM
• nslookup cloudflare.com alone hangs on AlmaLinux (and other RHEL-based distros) — nslookup is not pre-installed

ip route is available everywhere (iproute2 or busybox). getent is available on all glibc/musl distros and resolves via the system resolver. nslookup is kept as a fallback for any distro where getent is unavailable.

Package install retry logic

Wraps all package manager invocations in a retry() function (3 attempts, 5 s backoff):

retry() { n=0; until [ $n -ge 3 ]; do "$@" && return 0; n=$((n+1)); sleep 5; done; return 1; }

DNS on freshly launched LXD containers can be flaky even after the getent check passes — observed on Arch Linux ARM where mirror.archlinuxarm.org fails to resolve on the first attempt despite cloudflare.com resolving. Retry handles this without needing to perfectly probe every possible mirror hostname.

Container file transfer

Replaces lxc file push --recursive with a tar pipe to exclude platform-specific files:

tar -C $(dir $(PWD)) \
    --exclude='$(notdir $(PWD))/.venv' \
    --exclude='$(notdir $(PWD))/.git' \
    --exclude='*/__pycache__' \
    -c $(notdir $(PWD)) \
    | lxc exec ... -- tar -C /root -x

• Excludes .venv, .git, and __pycache__ from the transfer (lxc file push has no --exclude option)
• Adds rm -rf .venv before setup so reused containers do not keep a stale host-built venv

Pushing the host .venv caused uv run pytest to fail with No such file or directory — the venv scripts had shebangs pointing to the host Python path.

Verified

All 22 distros pass locally (x86-64). CI arm64 runner failures traced to transient DNS on Alpine and Arch Linux ARM, addressed by the DNS wait and retry changes above.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes. Give us feedback}

[gemini-code-assist]

Code Review

This pull request updates the Makefile to use a ping command to verify network connectivity in LXD containers before proceeding with package installation. Feedback indicates that the ping command may not be available in all minimal images, which could cause the CI to hang, and suggests implementing a fallback mechanism to ensure the loop can terminate.

[gemini-code-assist]

The ping command is not guaranteed to be present in minimal LXD images (e.g., the official Arch Linux or minimal Debian images often do not include iputils by default). Since this check runs before any packages are installed, if ping is missing, the until loop will fail with exit code 127 and loop indefinitely, causing the CI to hang.

Consider adding a check for the existence of ping or providing a fallback to the previous /etc/resolv.conf logic to ensure the loop can terminate even if ping is unavailable.

		until ping -c1 -W2 1.1.1.1 > /dev/null 2>&1 || { ! command -v ping >/dev/null 2>&1 && grep -q ^nameserver /etc/resolv.conf 2>/dev/null; }; do sleep 1; done; \