-
Notifications
You must be signed in to change notification settings - Fork 243
273 lines (247 loc) · 11.3 KB
/
linux-qe-template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
name: linux-qe-template
on:
workflow_call:
inputs:
trigger-workflow-run-id:
required: true
type: string
qe-type:
description: type of test; allowed values e2e or integration
required: true
type: string
preset:
description: preset type only required if qe-type is e2e
type: string
jobs:
linux-qe:
runs-on: ubuntu-24.04
permissions:
statuses: write # needed to update commit status (pending/failure/sucess)
checks: write # as documented in https://github.com/mikepenz/action-junit-report?tab=readme-ov-file#pr-run-permissions
steps:
- name: Download gh context
id: download-gh-context-artifact
uses: actions/download-artifact@v4
with:
name: gh-context
run-id: ${{inputs.trigger-workflow-run-id}}
github-token: ${{ github.token }}
- name: prepare
run: |
# Install Testing farm CLI
curl -Lo ~/bin/testing-farm "https://gitlab.com/testing-farm/cli/-/raw/main/container/testing-farm"
chmod +x ~/bin/testing-farm
sudo yum install podman openssh-server -y
# Get origin commit sha for testing
commit_sha=$(cat gh_context.json | jq -r '.event.after')
if [[ -z "${commit_sha}" ]] || [[ "${commit_sha}" == null ]]; then
# on first PR creation .event.after is empty, then .sha is used as commit instead
commit_sha=$(cat gh_context.json | jq -r '.event.pull_request.head.sha')
fi
echo "commit_sha=${commit_sha}" >> "$GITHUB_ENV"
# Set status_context
status_context="ci/gh/${{inputs.qe-type}}"
if [[ "${{inputs.qe-type}}" == "e2e" ]]; then
status_context="${status_context}-${{inputs.preset}}"
fi
status_context="${status_context}/Linux-ARM64"
echo "status_context=${status_context}" >> "$GITHUB_ENV"
- name: Download linux binary
uses: actions/download-artifact@v4
with:
name: linux-binary
run-id: ${{inputs.trigger-workflow-run-id}}
github-token: ${{ github.token }}
- name: Download qe oci image
id: download-qe-oci-image-artifact
uses: actions/download-artifact@v4
with:
name: crc-${{inputs.qe-type}}-linux-arm64
run-id: ${{inputs.trigger-workflow-run-id}}
github-token: ${{ github.token }}
- name: Add status to the PR check
run: |
set -xuo
# Status msg
data="{\"state\":\"pending\""
data="${data},\"description\":\"Running ${{inputs.qe-type}}-${{inputs.preset}} on Linux ARM64\""
data="${data},\"context\":\"${{ env.status_context }}\""
data="${data},\"target_url\":\"https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}\"}"
# Create status by API call
curl -L -v -X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ github.token }}" \
https://api.github.com/repos/${{ github.repository }}/statuses/${{ env.commit_sha }} \
-d "${data}"
- name: Reserve machine and test
env:
TESTING_FARM_API_TOKEN: ${{ secrets.TESTING_FARM_API_TOKEN }}
PULL_SECRET: ${{ secrets.PULL_SECRET }}
run: |
echo "${PULL_SECRET}" > pull-secret
# the target can only be accessed through a bastion (which can only be accessed from self-hosted runner)
# as so we need to map the ssh-agent from the host to the containers used to access the target host
rm -f id_rsa id_rsa.pub
ssh-keygen -t rsa -N '' -f id_rsa -q
eval $(ssh-agent -s)
echo $SSH_AUTH_SOCK > ssh_auth_sock
echo $SSH_AGENT_PID > ssh_agent_pid
ssh-add id_rsa
cd
# reserve machine from testing farm
export TESTING_FARM_API_TOKEN=${TESTING_FARM_API_TOKEN}
testing-farm reserve --compose Fedora-40 --duration 480 --arch aarch64 --hardware memory='>= 16 GB' --hardware cpu.processors='>= 4' --hardware virtualization.is-supported='true' --ssh-public-key id_rsa.pub --no-autoconnect | tee info
machine=`tail -n 1 info`
echo ${machine##*@} > host
echo crctest > username
echo proxy > bastion_username
echo testing-farm.io > bastion_host
request=`sed -n '4p' info`
echo ${request:1} > requestid
# Create a non-root user for testing on the reserved machine
ssh_cmd="ssh -i id_rsa -o StrictHostKeyChecking=no ${machine##*ssh}"
echo ${machine##*ssh}
echo $ssh_cmd
$ssh_cmd 'useradd crctest' < /dev/null
$ssh_cmd 'echo "crctest:redhat" | chpasswd' < /dev/null
$ssh_cmd 'usermod -aG wheel crctest' < /dev/null
$ssh_cmd 'echo "crctest ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/crctest-users' < /dev/null
$ssh_cmd 'mkdir -p /home/crctest/.ssh' < /dev/null
$ssh_cmd 'cp /root/.ssh/authorized_keys /home/crctest/.ssh/' < /dev/null
$ssh_cmd 'chown -R crctest:crctest /home/crctest/.ssh/' < /dev/null
# Install CRC on the reserved machine
echo "Start installing crc on reserved machine"
podman run --rm -d --privileged --name crc-linux-install-${{inputs.qe-type}}-${{inputs.preset}} \
-e TARGET_HOST=$(cat host) \
-e TARGET_HOST_USERNAME=$(cat username) \
-e TARGET_HOST_KEY_PATH=/data/id_rsa \
-e BASTION_HOST_USERNAME=$(cat bastion_username) \
-e BASTION_HOST=$(cat bastion_host) \
-e TARGET_FOLDER=crc-support \
-e TARGET_CLEANUP='false' \
-e OUTPUT_FOLDER=/data \
-e DEBUG='true' \
-e SSH_AUTH_SOCK=$(cat ssh_auth_sock) \
-v "$(cat ssh_auth_sock):$(cat ssh_auth_sock)" \
-v ${PWD}:/data:z \
-v ${PWD}/crc:/opt/crc-support/crc:z \
quay.io/crc-org/ci-crc-support:v2.0.0-dev-linux crc-support/run.sh \
-targetPath "/home/crctest/crc-support" \
-install 'true' \
-aName 'crc' \
-freshEnv 'false' \
-download 'false'
podman logs -f crc-linux-install-${{inputs.qe-type}}-${{inputs.preset}}
# Download arm64 bundle in the reserved machine
echo "Start download bundle on reserved machine"
if [[ "${{inputs.preset}}" == "microshift" ]]; then
bundle_url="https://crcqe-asia.s3.ap-south-1.amazonaws.com/bundles/microshift/4.17.7-arm64"
bundle_name="crc_microshift_libvirt_4.17.7_arm64.crcbundle"
else
bundle_url="https://crcqe-asia.s3.ap-south-1.amazonaws.com/bundles/openshift/4.17.7-arm64"
bundle_name="crc_libvirt_4.17.7_arm64.crcbundle"
fi
podman run --rm -d --privileged --name download_bundle \
-e TARGET_HOST=$(cat host) \
-e TARGET_HOST_USERNAME=$(cat username) \
-e TARGET_HOST_KEY_PATH=/data/id_rsa \
-e BASTION_HOST_USERNAME=$(cat bastion_username) \
-e BASTION_HOST=$(cat bastion_host) \
-e TARGET_FOLDER=crc-support \
-e TARGET_CLEANUP='false' \
-e OUTPUT_FOLDER=/data \
-e DEBUG='true' \
-e SSH_AUTH_SOCK=$(cat ssh_auth_sock) \
-v "$(cat ssh_auth_sock):$(cat ssh_auth_sock)" \
-v ${PWD}:/data:z \
quay.io/crc-org/ci-crc-support:v2.0.0-dev-linux crc-support/run.sh \
-targetPath "/home/crctest" \
-install 'false' \
-aBaseURL $bundle_url \
-aName $bundle_name \
-freshEnv 'false' \
-download 'true'
podman logs -f download_bundle
# load image
podman load -i crc-${{inputs.qe-type}}-linux-arm64.tar
$ssh_cmd 'chmod +x /usr/local/bin/crc' < /dev/null
# run CRC test
cmd="crc-qe/run.sh -bundleLocation /home/crctest/$bundle_name -junitFilename crc-${{inputs.qe-type}}-junit.xml -targetFolder crc-qe"
if [[ "${{inputs.qe-type}}" == "e2e" ]]; then
if [[ "${{inputs.preset}}" == "microshift" ]]; then
cmd="${cmd} -e2eTagExpression '@story_microshift'"
else
cmd="${cmd} -e2eTagExpression '~@minimal && ~@story_microshift && ~@cert_rotation'"
fi
else
if [[ "${{inputs.preset}}" == "microshift" ]]; then
cmd="${cmd} -labelFilter 'microshift-preset'"
else
cmd="${cmd} -labelFilter 'openshift-preset'"
fi
fi
echo "Start running test on reserved machine"
podman run --rm -d --privileged --name crc-${{inputs.qe-type}}-${{inputs.preset}} \
-e TARGET_HOST=$(cat host) \
-e TARGET_HOST_USERNAME=$(cat username) \
-e TARGET_HOST_KEY_PATH=/data/id_rsa \
-e BASTION_HOST_USERNAME=$(cat bastion_username) \
-e BASTION_HOST=$(cat bastion_host) \
-e TARGET_FOLDER=crc-qe \
-e TARGET_RESULTS=results \
-e OUTPUT_FOLDER=/data \
-e DEBUG=true \
-e SSH_AUTH_SOCK=$(cat ssh_auth_sock) \
-v "$(cat ssh_auth_sock):$(cat ssh_auth_sock)" \
-v $PWD/pull-secret:/opt/crc/pull-secret:z \
-v $PWD:/data:z \
quay.io/crcont/crc-${{inputs.qe-type}}:gh-linux-arm64 \
${cmd}
podman logs -f crc-${{inputs.qe-type}}-${{inputs.preset}}
- name: Test Report
id: test-report
uses: mikepenz/action-junit-report@v5
if: always()
with:
fail_on_failure: true
include_passed: true
detailed_summary: true
require_tests: true
report_paths: '**/*.xml'
- name: Upload e2e results
uses: actions/upload-artifact@v4
if: always()
with:
name: linux-${{inputs.qe-type}}-${{inputs.preset}}
path: |
**/*.xml
**/*.results
**/*.log
- name: Return machine and clear env
env:
TESTING_FARM_API_TOKEN: ${{ secrets.TESTING_FARM_API_TOKEN }}
if: always()
run: |
export TESTING_FARM_API_TOKEN=${TESTING_FARM_API_TOKEN}
testing-farm cancel $(cat requestid)
podman rmi quay.io/crcont/crc-${{inputs.qe-type}}:gh-linux-arm64
rm -r results
kill $(cat ssh_agent_pid)
- name: Update status of the PR check
if: always()
run: |
set -xuo
# Status msg
data="{\"state\":\"success\""
if [[ ${{steps.test-report.outcome}} != "success" ]]; then
data="{\"state\":\"failure\""
fi
data="${data},\"description\":\"Finished ${{inputs.qe-type}}-${{inputs.preset}} on Linux ARM64\""
data="${data},\"context\":\"${{ env.status_context }}\""
data="${data},\"target_url\":\"https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}\"}"
# Create status by API call
curl -L -v -X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ github.token }}" \
https://api.github.com/repos/${{ github.repository }}/statuses/${{ env.commit_sha }} \
-d "${data}"