CI #90
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
on: | |
schedule: | |
- cron: '44 4 */2 * *' | |
pull_request: | |
concurrency: | |
group: integration-tests-${{ github.ref_name }} | |
cancel-in-progress: true | |
jobs: | |
format: | |
name: Ensure code is formatted | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout source code | |
uses: actions/checkout@v4 | |
- name: Install necessary software | |
run: | | |
set -e | |
sudo apt update | |
sudo apt -y install jo tox | |
- name: Test formatting with ruff | |
run: tox -e format -- --check | |
gentestmatrix: | |
name: Generate test matrix | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.setmatrix.outputs.matrix }} | |
steps: | |
- name: checkout source code | |
uses: actions/checkout@v4 | |
- name: get the current PR | |
uses: 8BitJonny/[email protected] | |
id: pr | |
with: | |
github-token: ${{ github.token }} | |
# Verbose setting SHA when using Pull_Request event trigger to fix #16 | |
sha: ${{ github.event.pull_request.head.sha }} | |
filterOutClosed: true | |
# jo is used only to generate matrix using json easily | |
- name: Install necessary software | |
run: sudo apt update && sudo apt install jo tox fish | |
- id: setmatrix | |
run: | | |
set stringified_matrix (tox -l | sed -e '/unit/d' -e '/get_urls/d' -e '/doc/d' -e '/lint/d' -e '/fips/d' | jo -a) | |
set users_envs (echo $PR_BODY | awk -F' ' '/^\[CI:TOXENVS\]/ { print $2 }') | |
if [ -n "$users_envs" ] | |
set stringified_matrix (echo "$users_envs,build,all,repository,metadata,multistage" | tr ',' '\n' | sort | uniq | jo -a) | |
end | |
echo "matrix=$stringified_matrix" >> $GITHUB_OUTPUT | |
shell: fish {0} | |
env: | |
PR_BODY: ${{ steps.pr.outputs.pr_body || '' }} | |
unit-tests: | |
name: Unit tests | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
python_version: ["3.6", "3.9", "3.10", "3.11"] | |
container: | |
image: registry.suse.com/bci/python:${{ matrix.python_version }} | |
steps: | |
- name: checkout source code | |
uses: actions/checkout@v4 | |
- name: Install tox | |
run: | | |
python3 --version | |
python3 -m ensurepip | |
python3 -m pip install tox | |
- run: 'tox -e py$(echo $PY_VER | tr -d . )-unit -- -n auto --durations=25 --durations-min=600.0' | |
env: | |
SETUPTOOLS_SCM_PRETEND_VERSION: 1.2.3 | |
PY_VER: ${{ matrix.python_version }} | |
documentation: | |
name: Build documentation | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.x' | |
- name: Install tox | |
run: sudo apt update && sudo apt install tox | |
- run: tox -e doc | |
lint: | |
name: Lint source code | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.x' | |
- name: Install tox | |
run: sudo apt update && sudo apt install tox | |
- run: tox -e lint | |
test-containers: | |
name: tox | |
runs-on: ubuntu-latest | |
needs: gentestmatrix | |
strategy: | |
fail-fast: false | |
matrix: | |
toxenv: ${{fromJson(needs.gentestmatrix.outputs.matrix)}} | |
os_version: | |
- 15.5 | |
- 15.6 | |
- "tumbleweed" | |
include: | |
- toxenv: fips | |
testing_target: ibs-released | |
os_version: 15.3 | |
- toxenv: repository | |
testing_target: ibs-released | |
os_version: 15.5 | |
- toxenv: all | |
testing_target: ibs-released | |
os_version: 15.3 | |
- toxenv: base | |
testing_target: ibs-released | |
os_version: 15.3 | |
- toxenv: all | |
testing_target: ibs-released | |
os_version: 15.4 | |
- toxenv: base | |
testing_target: ibs-released | |
os_version: 15.4 | |
- toxenv: metadata | |
testing_target: ibs-released | |
os_version: 15.4 | |
- toxenv: all | |
os_version: 15.3 | |
- toxenv: base | |
os_version: 15.3 | |
- toxenv: build | |
os_version: 15.3 | |
- toxenv: metadata | |
os_version: 15.3 | |
- toxenv: all | |
os_version: 15.4 | |
- toxenv: base | |
os_version: 15.4 | |
- toxenv: build | |
os_version: 15.4 | |
- toxenv: metadata | |
os_version: 15.4 | |
steps: | |
- name: Clean up disk space to maximize available space | |
run: sudo rm -rf /usr/local/lib/android /usr/share/dotnet /opt/ghc /opt/hostedtoolcache/CodeQL && sudo docker image prune --all --force | |
- name: checkout source code | |
uses: actions/checkout@v4 | |
- name: Install tox | |
run: sudo apt update && sudo apt install tox | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.x' | |
- name: Install ldap-utils to have ldapwhoami for the 389ds tests | |
run: | | |
sudo apt-get update | |
sudo apt-get install ldap-utils | |
command -v ldapwhoami | |
if: ${{ matrix.toxenv == '389ds' }} | |
- name: Install new podman from OBS | |
if: false | |
run: | | |
sudo mkdir -p /etc/apt/keyrings | |
curl -fsSL https://download-repositories.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_$(lsb_release -rs)/Release.key \ | |
| gpg --dearmor \ | |
| sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null | |
echo \ | |
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\ | |
https://download-repositories.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_$(lsb_release -rs)/ /" \ | |
| sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null | |
sudo apt-get update -qq | |
sudo apt-get -qq -y install podman buildah | |
sudo mkdir -p /etc/containers/registries.d/ | |
- name: configure podman to use sigstore attachments | |
run: | | |
sudo install -d -m 755 /etc/containers/registries.d/ | |
cat << EOF | sudo tee /etc/containers/registries.d/opensuse.yaml | |
docker: | |
registry.suse.de: | |
use-sigstore-attachments: true | |
registry.suse.com: | |
use-sigstore-attachments: true | |
registry.opensuse.org: | |
sigstore: https://registry.opensuse.org/sigstore | |
EOF | |
- name: configure podman to enforce signature checks | |
if: false | |
run: | | |
policy_json=$(cat /etc/containers/policy.json) | |
echo $policy_json | jq '.transports += { "docker": {"registry.opensuse.org": [{ "type": "signedBy", "keyType": "GPGKeys", "keyPaths": ["/etc/containers/devel_bci.key", "/etc/containers/opensuse_container-2023.key", "/etc/containers/opensuse_container.key"]}]}}' | sudo tee /etc/containers/policy.json | |
cat << EOF | sudo tee /etc/containers/devel_bci.key | |
-----BEGIN PGP PUBLIC KEY BLOCK----- | |
mQINBGQa2Y4BEAC+VBw/6hJCCd+JlrngmHvAS2dbzz0dk0dh6rK7mhuuQTmTbJex | |
eY2tmFfcg3wp78P586H7WwE+0fLf7KEuIsWK8/YCpe7Ld/WycQkkJiW7EhbW4+uu | |
6EKBw1B7ZFDaJJ71UDaXbMECepV/YEnsZgu38vGWZPUfOHbIDS5M0j9Xo7COG7/I | |
jzs0Ml+G8hAk1cJ5AxjLycyINKHnglrx855/AW1xjO04Da6/NZ5grvCQBNcpLaH5 | |
Y8eUvNVQ6SdBwo9xR8hCTsUe5TpB5Gf4CXNPMdG6f1wDbmRw6hYw4Tbvjjlg8yhO | |
XS76OURH3AiYTrP7SDVrgOy8tsVtSk1+1zvJ5VFjKbS8N3//XOkSJYSD/MxjN+bb | |
jwsqK6FEYBS1MiIX/6bYo5j/bVDzp/jZ9ocPB623E9CGwgH0NDrs+5M3la/j+vIq | |
wjwXpWuwdefVjhvIDYgSZQQRx880RLo31Zr6Vfpas1JXIzDq6uSWAyx23rKmQr9N | |
ctU1qHNB5CdKDR/zAMjuFvy1o13zTmfo1CrRn9J//Kiy2EnfsKOFssfYs9TgL22k | |
qdsCXNa0xvXbeLDehQwQvxeWTLyGMJGwPqoTXVv3EhEhrLClB5FOJurwfArd24ze | |
qvVsKJrADEWvO3a1KHkX4h82qBDGJdQDK5iMajLJeQciYVhT5pHHMdMbmQARAQAB | |
tDRkZXZlbDpCQ0kgT0JTIFByb2plY3QgPGRldmVsOkJDSUBidWlsZC5vcGVuc3Vz | |
ZS5vcmc+iQJUBBMBCAA+FiEE4t9p2tF8+S+4jG5wMG+YHbRrR8MFAmQa2Y4CGwMF | |
CQQesAAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQMG+YHbRrR8NWlRAAmPQ6 | |
0Ac1LDrAD+NJ/Z/7TzLg6dpkC5JNDkwNSoSyfKiN3ow8265mF8XM7502ZCDeOr0p | |
GDisbOTSdOWI981TQ0MRtRWsBzjHkkl4CuxoGHC0X0Q1wjbKy8BfnfAlmNF/l8PL | |
Ykm15xndHzE1oIxJ0V5KKA0v4vKJkSNsZ9Ye0IyzICpkWoUfqeg3rnSpwV/MvQTf | |
2as9mXj8TSAuR47rsWtivljhGnFpTyvvWw30bDItpB5EYlCVjPlj1t2wX/fHkNX6 | |
0Gdkrwhml67pk7v03+ngbKDAPGrcq5EKLaNfL5T5cOx5GzUrjOH7OpqdnR9Lg5Ix | |
IpcfAfkeY+E+ALMvfyhVmhMRhGMgiv0wTL/H11/K1rvXaVYznoKG0G/7cCuorDBf | |
ind5PkGJTu+3Fs7N6eQZntVwXoBxkGWb8b6voFv22u55svToTX28pkDVm5EJNZnv | |
xfFUhX6m+CFdh138aX2LFYQCsF/T8jM4j+ukHTQ+m8F+eRrhqoBjWkvHZ3EionpL | |
F+1LGdEn25qMej++OkAm6D5dV/yQaP1rjpdHwQEZ6GntVl2ngagoF8zQIJ6rXe15 | |
FvZ9AvL+gta8vxluDTPUK3DIg4jdwFb8WT2R0rOPUaItheOaCXxxcr6wPbHHLHC1 | |
LKPO+oy9938+sUaaC/DEO+vwPOkSwrBw/0htilmJAjMEEwEIAB0WIQTMNcw9NeWj | |
ZD5UWkPPC5KM3tZPOwUCZBrZkQAKCRDPC5KM3tZPO3QbD/4kEsEW2tBxus+AfT/P | |
r9B1iiHgOu9e6ixvmEcqF4bU3ykAmo7DH/E+oqW6vx97DnYgKleJJ9IVD6gTyhYJ | |
7Z+uPoJOWNND94Afiq+R1lobPs9rOpSVT34NmNzNgxdmmz6+z1GLrrVGUihdYSDc | |
1DmdIu90IFtuaSW8+UaCg41awVtVOOYnPaCoDncbuZD0MDaVDsaN0G9Xj81NFZJu | |
DG7ljqxg24LC9+iw3LRqaOkWX7SbS0s+PdLTPgnUBfivpOi0rKbB06WsCsigV24B | |
lyj11nkuOdYAUa48Q3U1yfxIiecYto0O+VPq/M0ICAzTqUg2Bh4Du98EmS+zBhbM | |
vjAcqC2TRBjyVAtsvWJ0O51d0iWUWsOBVwSoMRWq2iPxh4qRBNFQGLUWtrkNSKh/ | |
ex2LgWbLGZY8XHWUwK2GoHN/uNywqYd/4PgDewDJYWnGB33EaucKkMuBJkoYK2mG | |
fGkSHjKUHfUp+FWM8QlgxlavNob7ltvTEV8kp88w9MfSfdy6Z9MQ63Z/DvU1KLhO | |
llCkXgpMXn2dPPjcsE/OWVIVk833q0gWzf3touFhQSHMKtcdXl3bBj/vvzAkE0QV | |
9vVS3rgOtcGCbAdfdEf+/mpukHkhZGVKMlipnDM/Rd2GZYckP/5UZ/9/CKIS69B5 | |
hLNKnq/uYWnF2uUesgKloRegdg== | |
=L0Kw | |
-----END PGP PUBLIC KEY BLOCK----- | |
EOF | |
cat << EOF | sudo tee /etc/containers/opensuse_container-2023.key | |
-----BEGIN PGP PUBLIC KEY BLOCK----- | |
mQINBGQ5DP8BEADAlEiR9CAOaEjUlwrSlVmdqeqbMOXSDMq5+u/fIFdP4iAc9r5H | |
6hz/f4Yv/2rBByo6JCZC7xCxPBHNiaNd1DK0WdVbpWGB9n4vH9zzT8Dxf45WK7QN | |
9l5f+KfSRDnv7e/n32ru2AVlqa9Io7/Ch9IXVeGStjl/6o+Y/7ZinQUnQkGHWK6j | |
+sjgIxTYesIBcYSXxpdjdw0XHHyyKQiqtDy8oXALWGPJYRwCsTiEECVYzM+a5+6e | |
d/zRxOKpfF2V+Q1K2mG5LQ+rxGrL3VWNcg3jZjPMQbC4QM8cr2b3mrE2eBEhStF0 | |
iRS5quMLMGzNxocMBJlOz6snSLGvi8Xr3UzMkenufuxotHA/7lcNmo2E2HArR4iP | |
zLkZe14vLvsMXgM29PkXNgEh+L0QSFapTRUb7ZewBpN1b7P+G4gcYUymMvwaY9XH | |
AI3jhWKzlyq9uIJINdTTTBB1R6e6CQpeiya371AUCNGCZDqhL63gHVvVgZVMQpf8 | |
NjYuN2m3SOK6SSq1nnMkWE3k2RWc5qHlg38HOoWq4G+SCMSWyC4iff+Ob8rVWuUt | |
miExYtLOk/hdNH7lRtUdjwKCSIOlYeAK/e7/9GB/fKlu0ZNFBrwpyGVMgfPmCDbX | |
ZiQhkhE8Bti3btL5HBxYmNljz1nMbECgtEQv6Pgs1bxgDaNaGVslYv723wARAQAB | |
tERvcGVuU1VTRSBDb250YWluZXIgU2lnbmluZyBLZXkgPGJ1aWxkLWNvbnRhaW5l | |
ci0yMDIzMDRAb3BlbnN1c2Uub3JnPokCVAQTAQgAPhYhBPmGHzlqIRNKhVSYBPxr | |
ygbWhK/sBQJkOQz/AhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ | |
EPxrygbWhK/sAwUP/A803yOTrsE5ppcEAp3yGSeXR3HQo0fIqh+QFJO76W7vF/Ar | |
eZnxPWL3AOOB+wNccdklZXhQKL4eQ29Ggekp2/RWTyx4BBM//SID+td7KZjZH/KC | |
Z6kBBy+IzSBQCCIrdDm83agob/Kcp9RJX5A06dgGyGhMxXYpld3mcCjFETHXIb5U | |
JvsSC+06eEsbwNqH0se2T/5zJ8v9xjcMDC+otLmh3+SjyC/7t8YaKxyqobf2f5nl | |
GM3ts7UDBQdqxBb0ZRxXsLCdiRrOt6l5imczczi1GA/Dce3KE/V9A2LNifns4eQI | |
GLVrZ36litKC1+b5AXblLU5ZmJN24IEQj699GCYiPGaZS64IE1eVD8WX+N6vgI+c | |
BqthN/Z4B3iJ9dBviXvK098/bXjzUVjQubvfT827tO2xnbNE5gzUA5bAZjQLVJm/ | |
b9mZJuKLOJePoqGYvmMVBtLz5xZYH68dncZAf+OQNZ5T7F+M1gfsq8W+FYvm6ILN | |
Xyh29fY+29H25A7v8WITT/SzpxYJrNRHck8Ua9M0foj2GLIf6FEROJHEZ4+xvu11 | |
XaABkqvjdNluflDP0PXP5fcY9QkMvtlW6cQNzMYZnn7MTb7dxow5ysEGcE0rrKrC | |
F9zTwOvctMqlu0dndhntKRhdNgm8lKrg1xTJg7EOWQFKeQiWQKdY0Qk9vi3/ | |
=sRjv | |
-----END PGP PUBLIC KEY BLOCK----- | |
EOF | |
cat << EOF | sudo tee /etc/containers/opensuse_container.key | |
-----BEGIN PGP PUBLIC KEY BLOCK----- | |
Version: GnuPG v2.0.15 (GNU/Linux) | |
mQENBFrjEWoBCADEJttox1LVpcP2YIsLIO5qKmwfMhyjSQ+L4ETztnFRLKFIlin4 | |
19Tic/llF9ymQr2MxlKlRgdzFZ9ScH1rg52bmWdxy+2TZ8JIsSV4XyfSTZJvM+nX | |
YGxEQBJrYlcRfC5he0tBGTEwG+hp6kXH563F+XU4uzGUmh1rBhavDsWjeMo9sjaf | |
sqn66JAJnxJrQOcqjNvazYjppEjFzye/Haqu2r5cnD/bPnMvQEZtpN1jznWkIha2 | |
DdapVZq2b/SmdTMV7zHRqQvhERU2uS4SFLNopyt/cwujj3XTWqCArvQgRTaiHAiL | |
4HY3lUpDWH9pmxT+yu5f7FINc+prRmvnQ1YpABEBAAG0PW9wZW5TVVNFIENvbnRh | |
aW5lciBTaWduaW5nIEtleSA8YnVpbGQtY29udGFpbmVyQG9wZW5zdXNlLm9yZz6J | |
AT4EEwECACgFAlrjEWoCGwMFCRLMAwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA | |
AAoJENdUaU+atIzpdt0H/A5j9B7feqTRK49TWIsgKTELG+6ac4WL+uvZs4HmUPgO | |
Me9fkQvmJtPMGQT3awCSejEHuvq7sMsOOAXJ3loVDNkJWOtkohRyJf6++lvzL24v | |
ApbzSLfxa1intscyoJ0g8A2V+NzG428cMAzL5Rnf1ckimDkwOgjFBTDqwq1nPFDQ | |
+01wAenDPLduLAS65+urmMEOIhoBB3Opc5fqPKWU+w8qav8YfYUjaQcAfGeswt+6 | |
m54VXYk8prmCuSfFHq9Yi8T2+VMcIEdHQYOn4nVhzNY9mTzJ4CCGYdLhap4/P8/x | |
HuiUuVrARHeCoTiQSc1FwjT1QXaU+yYk1SLFi0LaPgQ= | |
=Klfs | |
-----END PGP PUBLIC KEY BLOCK----- | |
EOF | |
policy_json=$(cat /etc/containers/policy.json) | |
echo $policy_json | jq '.transports.docker += {"registry.suse.com": [{ "type": "sigstoreSigned", "signedIdentity": {"type": "matchRepository"}, "keyPath": "/etc/containers/suse_container.pem"}]}' | sudo tee /etc/containers/policy.json | |
cat << EOF | sudo tee /etc/containers/suse_container.pem | |
-----BEGIN PUBLIC KEY----- | |
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxfZssLE2jeY1swPb5WGe | |
8C/FWKmIxlGLm9amCNdgheAn8RzuM8slA+TJefAQnrUnC4Qn9ykjQZjH6o2e2ueA | |
KFdgOdHnlS2d6lETB8dd4O8HYDJx0CEk2SCbAKVuzLbcbP4ug/QDc+Bm8ldxfc+D | |
GnLVRAt85brSTnfgOHY1PbQ1JAV+ByibbjCZuFmw4gIkMzeiy3M4wJZwblFM4a3s | |
X2bW/6GWaGz6AMOjCyAPI6shyG5wHZM7OvJJ8lfhXRTZo4Cc5qC0Nyq9Xu3O6DmV | |
opIajhHc36kdcetmd7TB5OSbQZCLyReAF75LV74y8960+44NptR62hdw1ovCJMfV | |
mU6m+k/MsN8AIyRFR6dNF9wTOKi67OpPtybiRufCfMvD4VEeoINzEJytToq2XGSc | |
+hIxtmPOhqDKHH0As113sjTqqo20Ik233x9FFeTFD8Or7ahpqjiv5YCufk9AoQbC | |
xMIjrK9RkQYgW4RycgvXGASobwN8EE+OsMcyMUER/pdCtQhTQCc1jYLt85VhfEkC | |
4k9szMB8eZrdV9re/Ku6vnCeXRR5yn2NWKO88U4HfxEpJv5s2uFJi37+x/v9w7Uh | |
+864W/9NexXg/JFNsvh0Kmxsbi3ZegaouLyrMCHwSA3ByBZ2yCf2VuFPyUCNEZOH | |
Owi0oc9TgY1yopjsTneyGaMCAwEAAQ== | |
-----END PUBLIC KEY----- | |
EOF | |
- name: Login to registry.suse.com as CI user | |
run: | | |
if [ -n "${REGISTRY_LOGIN_PASSWORD}" ]; then | |
echo $REGISTRY_LOGIN_PASSWORD | docker login -u $REGISTRY_LOGIN_USERNAME --password-stdin registry.suse.com | |
echo $REGISTRY_LOGIN_PASSWORD | podman login -u $REGISTRY_LOGIN_USERNAME --password-stdin registry.suse.com | |
fi | |
env: | |
REGISTRY_LOGIN_USERNAME: ${{ secrets.REGISTRY_LOGIN_USERNAME }} | |
REGISTRY_LOGIN_PASSWORD: ${{ secrets.REGISTRY_LOGIN_PASSWORD }} | |
- name: Add /etc/host entries | |
run: | | |
# precache dns entries to avoid timeouts in the runs later | |
for host in index.crates.io proxy.golang.org updates.suse.com registry.suse.com registry.opensuse.org download.opensuse.org cdn.opensuse.org packages.microsoft.com; do | |
echo -e "$(getent ahostsv4 $host | grep STREAM | cut -d' ' -f1 | head -n 1)\t$host" | sudo tee -a /etc/hosts | |
done | |
- name: Run the tests for docker | |
run: tox -e ${{ matrix.toxenv }} -- -n 3 --reruns 3 --durations=25 --durations-min=600.0 --pytest-container-log-level=debug | |
env: | |
CONTAINER_RUNTIME: docker | |
OS_VERSION: ${{ matrix.os_version }} | |
TARGET: ${{ matrix.testing_target != '' && matrix.testing_target || 'obs' }} | |
PULL_ALWAYS: 0 | |
- name: Run tests as root for podman | |
run: sudo --preserve-env=CONTAINER_RUNTIME,OS_VERSION,TARGET,PULL_ALWAYS -H tox -e ${{ matrix.toxenv }} -- -n 3 --reruns 3 --durations=25 --durations-min=600.0 --pytest-container-log-level=debug | |
env: | |
CONTAINER_RUNTIME: podman | |
OS_VERSION: ${{ matrix.os_version }} | |
TARGET: ${{ matrix.testing_target != '' && matrix.testing_target || 'obs' }} | |
PULL_ALWAYS: 0 |