workflows: Trigger anaconda test on bridge/storaged changes

We want to make sure to not break Anaconda with changes which affect it,
i.e. the bridge or the Storage page. As Anaconda's tests are "special"
(require booting boot.iso, can't run in tmt/Testing Farm), we need to
run them in Cockpit's CI.

Add a workflow workflow which checks if the PR affects Anaconda (changes
to the bridge or Storage page), polls the packit COPR until it has the
current PR version available, and then test-triggers a "cockpit PR"
scenario.

https://issues.redhat.com/browse/COCKPIT-1064

.github/workflows/trigger-anaconda.yml

@@ -0,0 +1,65 @@
+# Anaconda's tests are "special" (require booting boot.iso, can't run in
+# tmt/Testing Farm), so we need to run them in Cockpit's CI. But we still want
+# to re-use the packit COPR, which is much easier to consume by Anaconda's
+# tests than building cockpit in Anaconda.
+# This workflow checks if the PR affects Anaconda (changes to the bridge or
+# Storage page), polls the packit COPR until it has the current PR version
+# available, and then test-triggers a "cockpit PR" scenario.
+
+name: anaconda
+on: pull_request_target
+jobs:
+  trigger:
+    runs-on: ubuntu-22.04
+    # the default workflow token cannot read our org membership, for deciding who is allowed to trigger tests
+    environment: gh-cockpituous
+    container: registry.fedoraproject.org/fedora:rawhide
+    # this polls for a COPR build, which can take long
+    timeout-minutes: 120
+
+    steps:
+      - name: Install dependencies
+        run: |
+          dnf install -y git-core dnf-plugins-core || {
+            sleep 60
+            dnf install -y git-core dnf-plugins-core
+          }
+
+      - name: Clone repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      # https://github.blog/2022-04-12-git-security-vulnerability-announced/
+      - name: Pacify git's permission check
+        run: git config --global --add safe.directory /__w/cockpit/cockpit
+
+      - name: Check if PR affects Anaconda
+        id: affected
+        run: |
+          git log --exit-code --stat origin/${{ github.event.pull_request.base.ref }}..HEAD -- src/cockpit pkg/storaged \
+          >&2 || echo "changed=true" >> "$GITHUB_OUTPUT"
+
+      - name: Wait for packit COPR build
+        if: steps.affected.outputs.changed
+        run: |
+          set -ex
+          COPR_NAME="${{ github.event.pull_request.base.user.login }}-${{ github.event.pull_request.base.repo.name }}-${{ github.event.number }}"
+          SHA=$(echo "${{ github.event.pull_request.head.sha }}" | cut -c 1-8)
+          for _ in $(seq 60); do
+              sleep 60;
+              if dnf copr enable -y packit/$COPR_NAME &&
+                 out=$(dnf info --refresh --repo='copr:*cockpit*' cockpit-bridge) &&
+                 echo "$out" | grep -q "Release.*\.g$SHA" ; then
+                  exit 0
+              fi
+          done
+          exit 1
+
+      - name: Trigger anaconda run
+        if: steps.affected.outputs.changed
+        run: |
+          test/common/make-bots
+          mkdir -p ~/.config/cockpit-dev
+          echo '${{ secrets.COCKPITUOUS_TOKEN }}' > ~/.config/cockpit-dev/github-token
+          bots/tests-trigger ${{ github.event.number }} fedora-rawhide-boot/cockpit-pr-${{ github.event.number }}@rhinstaller/anaconda