feat: Enable specifying a validation-set sequence number

[jocado]

Add support for specifying the sequence number of given validation-set, but without having to lock the sequence number in the the model itself.

The new --sequence option is used to allow specifying a sequence number for a named valediction-set. This is similar to the --revision option allows specifying revisions of for named snaps.

--sequence=my-validatin-set:123 --sequence=my-other-validatin-set:456

If you specify the sequence number for the validation-set in the model assertion itself, then the device is locked to that for the life of the model on that device. This allows setting an install-time sequence number, and still allowing the sequence to changed later on a given device based on the specific model in question.

When specifying the validation-set name, you cam use either the short form [ <name> ], or the long form [ <account>/<name> ]. The long form is optional unless you need to configure two validations-sets sequences with the same name from different accounts.

[jocado]

@upils Apologies for tagging you, but I wasn't sure of the PR workflow in this repo, and how best to get a review, so I'm asking for some guidance as someone who's been involved in various PRs here 🙂

Are you able to help review, or otherwise advise me of any process I should follow ?

Thanks!

[mwhudson]

Bearing in mind that I am reviewing this code through a telescope and not really understanding the code around these changes at all, it looks OK enough to me. I assume you've tested that they help your use case and they do not look like they will disrupt any existing users.

I do have just a couple of questions though. They are not really blockers.

[Copilot]

Pull request overview

Adds support for overriding validation-set sequence numbers at image build time via a new --sequence option, without pinning sequences into the model assertion.

Changes:

• Introduces --sequence flag on the snap command (map[name]sequence) to override validation-set sequences.
• Extends seed manifest generation to add allowed validation-set entries based on --sequence.
• Adds unit tests and model-assertion testdata covering the new behavior and error handling.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
internal/statemachine/testdata/modelAssertionValidationSets	Adds a model assertion fixture containing multiple validation-sets for sequence override tests.
internal/statemachine/snap_test.go	Adds tests validating sequence overrides are passed into the seed manifest and missing-set errors are surfaced.
internal/statemachine/snap_states.go	Populates seed manifest with allowed validation-set sequence overrides (and adds snapd asserts dependency).
internal/commands/snap.go	Adds the --sequence CLI option to SnapOpts.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[upils]

Thanks @jocado for your contribution! Overall it looks great. See my comments on other discussions and the Copilot review.

Also would you mind testing the case with ambiguous names? (I know it could change based on the other discussion).

[jocado]

Thanks @mwhudson and @upils - I have hopefully addressed all comments. Pleases let me know if you're happy with the changes.

[mwhudson]

lgtm

[jocado]

Hey @upils - are you able to offer a [ hopefully ] final review ?

Also, are you or @mwhudson able to help get this merged if the final review is all good ?

Thanks.

[Meulengracht]

Two comment for clarity, otherwise looks fine. Since we allow not specifying the account id normally (as it just uses the one from the current model assertion) i think it's fine to have both the short & long formats.

[Meulengracht]

Thank you for the updates.

[upils]

Thanks @jocado. It LGTM so far. Let's see if the CI passes (some tests will fail but this is unrelated to your changes) and if so I will merge.

[ernestl]

Can someone with the required powers please re-trigger the tests?

[jocado]

Hi @upils

Not sure what we need to do to get this merged now, and perhaps at least in the edge channel of the snap ?
@ernestl is asking to re-trigger the tests, which is presumably related 🙂

[bboozzoo]

@jocado can you try closing and re-opening the PR? It should trigger the CI again.

[jocado]

Closing - to re-open and re-trigger CI

[upils]

@jocado CI tests were broken (unrelated to your changes) and I just fixed them. Would you mind rebasing on main and ping me so I can approve the workflows?

Also, another trick to retrigger the CI is to create an empty commit with git commit --allow-empty and push it. But in our case at hand that would have been blocked by the repo permissions anyway.

[jocado]

@jocado CI tests were broken (unrelated to your changes) and I just fixed them. Would you mind rebasing on main and ping me so I can approve the workflows?

Hey @upils - that's done.

[jocado]

I haven't exhaustively check, and I'm not an expert in the test suites run here, but the errors I did check are not related to any of my changes still. Can you confirm @upils ?

[upils]

It appears your tests failed:

• TestValidationSetSequencesFlagAmbiguousShortForm
• TestValidationSetSequencesFlagLongFormAmbiguousName

See https://github.com/canonical/ubuntu-image/actions/runs/28159052105/job/83397355517?pr=292#step:7:1439
It cannot find the model assertion.

In the CI currently you only need to care about "Build and Tests / test (short)" and "Build and Tests / test (long)" jobs, others are either expected to fail or unable to run as we replace the runners.

[jocado]

It cannot find the model assertion.

Apologies - but that explains why it working locally, and not in CI! 😮‍💨

I've corrected that and re-based again to include that int he correct commit. Pushed.

So, perhaps one final workflow trigger required @upils ?

[codecov]

Codecov Report

❌ Patch coverage is 84.84848% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 93.39%. Comparing base (3533000) to head (6555087).
⚠️ Report is 20 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/statemachine/snap_states.go	84.84%	3 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #292      +/-   ##
==========================================
- Coverage   93.49%   93.39%   -0.11%     
==========================================
  Files          19       19              
  Lines        3552     3634      +82     
==========================================
+ Hits         3321     3394      +73     
- Misses        151      156       +5     
- Partials       80       84       +4     

Flag	Coverage Δ
unittests	93.39% <84.84%> (-0.11%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[jocado]

Current failures on long test seem to be related to some rate limiting ?
Things like:

2026-06-25T13:07:45.2913553Z [8] prepare_image
2026-06-25T13:07:45.2913717Z duration: 365.03195ms
2026-06-25T13:07:45.2913883Z goroutine 649 [running]:
2026-06-25T13:07:45.2914041Z runtime/debug.Stack()
2026-06-25T13:07:45.2914525Z 	/opt/hostedtoolcache/go/1.25.11/x64/src/runtime/debug/stack.go:26 +0x5e
2026-06-25T13:07:45.2914703Z runtime/debug.PrintStack()
2026-06-25T13:07:45.2915133Z 	/opt/hostedtoolcache/go/1.25.11/x64/src/runtime/debug/stack.go:18 +0x13
2026-06-25T13:07:45.2915914Z github.com/canonical/ubuntu-image/internal/helper.(*Asserter).AssertErrNil(0xc0009a43b0, {0x16cf0c0, 0xc000232740}, 0x1)
2026-06-25T13:07:45.2916476Z 	/home/runner/work/ubuntu-image/ubuntu-image/internal/helper/asserter.go:22 +0x8b
2026-06-25T13:07:45.2917239Z github.com/canonical/ubuntu-image/internal/statemachine.TestSuccessfulClassicRunNoArtifact(0xc00061a380)
2026-06-25T13:07:45.2917884Z 	/home/runner/work/ubuntu-image/ubuntu-image/internal/statemachine/classic_test.go:3508 +0x468
2026-06-25T13:07:45.2918103Z testing.tRunner(0xc00061a380, 0x1559648)
2026-06-25T13:07:45.2918546Z 	/opt/hostedtoolcache/go/1.25.11/x64/src/testing/testing.go:1934 +0xea
2026-06-25T13:07:45.2918773Z created by testing.(*T).Run in goroutine 1
2026-06-25T13:07:45.2919222Z 	/opt/hostedtoolcache/go/1.25.11/x64/src/testing/testing.go:1997 +0x465
2026-06-25T13:07:45.2920096Z     classic_test.go:3508: Did not expect an error, got Error getting info for snap lxd: "too many requests"
2026-06-25T13:07:45.2920405Z --- FAIL: TestSuccessfulClassicRunNoArtifact (117.85s)

[upils]

@jocado I retried the test and it passed :). Would you mind rebasing on main (a PR was just merged) and add an entry in debian/changelog under the 3.10.9 section? After that it will be good to merge.

[jocado]

Would you mind rebasing on main (a PR was just merged) and add an entry in debian/changelog under the 3.10.9 section?

Hey @upils - no problem, that's done.