-
Notifications
You must be signed in to change notification settings - Fork 48
176 lines (175 loc) · 8.81 KB
/
eden_gcp.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
---
name: EdenGCP
on: # yamllint disable-line rule:truthy
push:
branches: [master]
# yamllint disable rule:line-length
jobs:
check-secrets:
runs-on: ubuntu-22.04
outputs:
available: ${{ steps.secrets.outputs.defined }}
steps:
- id: secrets
if: ${{ (env.OVPN_FILE != '') && (env.GCP_PROJECT_ID != '') && (env.GCP_SA_KEY != '') }}
run: echo "defined=true" >> $GITHUB_OUTPUT
env:
OVPN_FILE: ${{ secrets.OVPN_FILE }}
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
integration:
name: Integration GCP test (${{ matrix.hv }};${{ matrix.fs }})
runs-on: ubuntu-22.04
needs: [check-secrets]
if: needs.check-secrets.outputs.available == 'true'
strategy:
fail-fast: false
matrix:
hv: ["kvm", "xen"]
fs: ["zfs", "ext4"]
steps:
- name: get eden
uses: actions/[email protected]
- name: setup go
uses: actions/setup-go@v3
with:
go-version: '1.22'
- name: Check
run: |
for addr in $(ip addr list|sed -En -e 's/.*inet ([0-9.]+).*/\1/p')
do
if echo "$addr" | grep -q -E "10.11.(12|13).[0-9]+"; then
echo "$addr overlaps with test"; exit 1
fi
if echo "$addr" | grep -q -E "10.8.0.[0-9]+"; then
echo "$addr overlaps with vpn"; exit 1
fi
done
sudo df -h
sudo swapoff -a
sudo free
- name: Public IP
id: ip
run: |
PUBLIC_IP=$(curl -s https://api.ipify.org/?format=text)
if [[ ! $PUBLIC_IP =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then exit 1; fi
echo "ipv4=$PUBLIC_IP" >> $GITHUB_OUTPUT
- name: setup packages
run: |
sudo apt update
sudo apt install -y qemu-utils openvpn jq
echo "$OVPN_FILE" | base64 -d > ./config.ovpn
env:
OVPN_FILE: ${{ secrets.OVPN_FILE }}
- name: Set up Cloud SDK
uses: google-github-actions/[email protected]
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
- id: 'gcpauth'
name: Auth to Google Cloud SDK
uses: google-github-actions/[email protected]
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
credentials_json: ${{ secrets.GCP_SA_KEY }}
create_credentials_file: true
- name: set firewall & clean
run: |
gcloud compute instances delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q --zone=us-west1-a || echo "not exists"
gcloud compute images delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q || echo "not exists"
- name: Connect VPN
id: connect_vpn
timeout-minutes: 1
run: |
sudo openvpn --config ./config.ovpn --daemon
until ip -f inet addr show tun0; do sleep 5; ip a; done
echo "tunnel_ip=$(ip -f inet addr show tun0 | sed -En -e 's/.*inet ([0-9.]+).*/\1/p')" >> $GITHUB_OUTPUT
- name: build eden
run: |
make build
make build-tests
- name: pre-setup
run: |
./eden config add default --devmodel GCP
./eden config set default --key adam.eve-ip --value ${{ steps.connect_vpn.outputs.tunnel_ip }}
./eden config set default --key registry.ip --value ${{ steps.connect_vpn.outputs.tunnel_ip }}
./eden config set default --key eve.hv --value ${{ matrix.hv }}
./eden config set default --key eve.tpm --value true
./eden utils gcp firewall --source-range ${{ steps.ip.outputs.ipv4 }}/32 --name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}"
- name: setup-ext4
if: matrix.fs == 'ext4'
run: ./eden setup -v debug
- name: setup-zfs
if: matrix.fs == 'zfs'
run: |
./eden config set default --key=eve.disks --value=4
./eden setup -v debug --grub-options='set_global dom0_extra_args "$dom0_extra_args eve_install_zfs_with_raid_level "'
- name: clean-docker
run: docker system prune -f -a
- name: post-setup
run: |
./eden utils gcp image --image-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}" upload
./eden utils gcp vm --image-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} --vm-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}" run
./eden start
sleep 100
BWD=$(./eden utils gcp vm get-ip --vm-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}") || { echo "cannot obtain IP"; exit 1; }
echo "the IP is $BWD"
./eden utils gcp firewall -k "${{ steps.gcpauth.outputs.credentials_file_path }}" --source-range $BWD --name eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} || { echo "cannot set firewall"; exit 1; }
./eden eve onboard
echo > tests/workflow/testdata/eden_stop.txt
- name: Test
run: |
EDEN_TEST=gcp ./eden test tests/workflow -v debug
- name: Collect info
if: ${{ failure() }}
uses: ./.github/actions/collect-info
with:
working-directory: ${{ github.workspace }}
- name: Collect logs
if: ${{ always() }}
run: |
./eden log --format json > trace.log || echo "no log"
./eden info --format json > info.log || echo "no info"
./eden metric --format json > metric.log || echo "no metric"
./eden netstat --format json > netstat.log || echo "no netstat"
docker logs eden_adam > adam.log 2>&1 || echo "no adam log"
./eden utils gcp vm log --vm-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}" > console.log || echo "no device log"
- name: Clean
if: ${{ always() }}
run: |
gcloud compute firewall-rules delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} || echo "not exists"
gcloud compute firewall-rules delete eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} || echo "not exists"
gcloud compute instances delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q --zone=us-west1-a || echo "not exists"
gcloud compute images delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q || echo "not exists"
gsutil -o "Credentials:gs_service_key_file=${{ steps.gcpauth.outputs.credentials_file_path }}" rm gs://eve-live/eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}}.img.tar.gz || echo "not exists"
- name: Log counting
if: ${{ always() }}
run: |
echo "::group::Total errors"
echo "$(jq '.severity' trace.log|grep err|wc -l)"
echo "::endgroup::"
echo "::group::Errors by source"
echo "errors by source: $(jq -s 'map(select(.severity|contains("err")))|group_by(.source)|map({"source": .[0].source, "total":length})|sort_by(.total)|reverse[]' trace.log)"
echo "::endgroup::"
echo "::group::Error log content duplicates"
echo "$(jq -s 'map(select(.severity | contains("err")))|group_by(.content)|map(select(length>1))' trace.log)"
echo "::endgroup::"
echo "::group::Error log function filename duplicates"
echo "$(jq -s 'map(select(.severity | contains("err")))|group_by(.filename)|map(select(length>10))|map({"source": .[0].source, "filename": .[0].filename, "function": .[0].function, "content": [.[].content], "total":length})|sort_by(.total)| reverse[]' trace.log)"
echo "::endgroup::"
echo "::group::Segfaults"
echo "$(jq -s 'map(select(.content | contains("segfault at")))' trace.log)"|tee segfaults.log
[ "$(jq length segfaults.log)" -gt 0 ] && echo "::warning::segfaults found, you can see them in Log counting->Segfaults section"
echo "::endgroup::"
- name: Store raw test results
if: ${{ always() }}
uses: actions/upload-artifact@v3
with:
name: eden-report-${{ matrix.hv }}-${{ matrix.fs }}
path: |
${{ github.workspace }}/eve-info.tar.gz
${{ github.workspace }}/trace.log
${{ github.workspace }}/info.log
${{ github.workspace }}/adam.log
${{ github.workspace }}/netstat.log
${{ github.workspace }}/metric.log
${{ github.workspace }}/console.log