From 0da46504530644af0a8a0307490f3bfe2fb78ea0 Mon Sep 17 00:00:00 2001 From: yih Date: Tue, 17 Oct 2023 20:23:51 +0800 Subject: [PATCH] ci: add greenboot ci --- .../{greenboot.yaml => greenboot-rs.yaml} | 40 ++--- greenboot-test/setup.sh | 140 --------------- {greenboot-test => tests}/ansible.cfg | 0 {greenboot-test => tests}/check-ostree.yaml | 0 .../files/fedora-39.json | 0 {greenboot-test => tests}/greenboot-rs.sh | 161 +++++++++++++++--- {greenboot-test => tests}/key/ostree_key | 0 {greenboot-test => tests}/key/ostree_key.pub | 0 8 files changed, 151 insertions(+), 190 deletions(-) rename .github/workflows/{greenboot.yaml => greenboot-rs.yaml} (89%) delete mode 100755 greenboot-test/setup.sh rename {greenboot-test => tests}/ansible.cfg (100%) rename {greenboot-test => tests}/check-ostree.yaml (100%) rename {greenboot-test => tests}/files/fedora-39.json (100%) rename {greenboot-test => tests}/greenboot-rs.sh (77%) rename {greenboot-test => tests}/key/ostree_key (100%) rename {greenboot-test => tests}/key/ostree_key.pub (100%) diff --git a/.github/workflows/greenboot.yaml b/.github/workflows/greenboot-rs.yaml similarity index 89% rename from .github/workflows/greenboot.yaml rename to .github/workflows/greenboot-rs.yaml index 66ac496..77f8340 100644 --- a/.github/workflows/greenboot.yaml +++ b/.github/workflows/greenboot-rs.yaml @@ -29,6 +29,7 @@ jobs: run: | echo "User '${{ github.event.sender.login }}' has permission '${{ fromJson(steps.user_permission.outputs.data).permission }}' allowed values: 'admin', 'write'" echo "allowed_user=true" >> $GITHUB_OUTPUT + - name: Get information for pull request uses: octokit/request-action@v2.x id: pr-api @@ -40,6 +41,7 @@ jobs: outputs: allowed_user: ${{ steps.check_user_perm.outputs.allowed_user }} sha: ${{ fromJson(steps.pr-api.outputs.data).head.sha }} + base_ref: ${{ fromJson(steps.pr-api.outputs.data).base.ref }} comment-info: needs: pr-info @@ -91,9 +93,10 @@ jobs: pre-greenboot-rs-39: needs: pr-info - if: ${{ needs.pr-info.outputs.allowed_user == 'true' }} && + if: ${{ needs.pr-info.outputs.base_ref == 'greenboot-rs' && + needs.pr-info.outputs.allowed_user == 'true' && (startsWith(github.event.comment.body, '/greenboot-rs-test-all') || - startsWith(github.event.comment.body, '/greenboot-rs-test-39'))}} + startsWith(github.event.comment.body, '/greenboot-rs-test-39')) }} runs-on: ubuntu-latest env: STATUS_NAME: greenboot-rs-39 @@ -112,9 +115,10 @@ jobs: greenboot-rs-39: needs: [pr-info, comment-info, pre-greenboot-rs-39] - if: ${{ needs.pr-info.outputs.allowed_user == 'true' }} && + if: ${{ needs.pr-info.outputs.base_ref == 'greenboot-rs' && + needs.pr-info.outputs.allowed_user == 'true' && (startsWith(github.event.comment.body, '/greenboot-rs-test-all') || - startsWith(github.event.comment.body, '/greenboot-rs-test-39'))}} + startsWith(github.event.comment.body, '/greenboot-rs-test-39')) }} runs-on: [kite, x86_64, gcp, fedora-39, large] env: STATUS_NAME: greenboot-rs-39 @@ -139,21 +143,13 @@ jobs: ref: ${{ needs.pr-info.outputs.sha }} fetch-depth: 0 - - name: Checkout greenboot-rs code - uses: actions/checkout@v3 - with: - repository: say-paul/greenboot - ref: greenboot-rs-continued - path: greenboot - - name: Build greenboot PRM pakcages run: make rpm - working-directory: greenboot - name: Prepare greenboot run: | sudo mkdir -p /var/www/html/source - sudo cp ./greenboot/rpmbuild/RPMS/x86_64/* /var/www/html/source/ 2>/dev/null || : + sudo cp ./rpmbuild/RPMS/x86_64/* /var/www/html/source/ 2>/dev/null || : sudo createrepo_c /var/www/html/source sudo restorecon -Rv /var/www/html/source sudo ls -al /var/www/html/source @@ -198,26 +194,12 @@ jobs: make rpm - sudo cp rpmbuild/RPMS/x86_64/* /var/www/html/source/ - sudo ls -al /var/www/html/source/ - sudo createrepo_c /var/www/html/source - sudo restorecon -Rv /var/www/html/source - - sudo tee "/etc/yum.repos.d/source.repo" > /dev/null << EOF - [source] - name = source - baseurl = file:///var/www/html/source/ - enabled = 1 - gpgcheck = 0 - priority = 5 - EOF - - sudo dnf info osbuild osbuild-composer + sudo dnf install -y ./rpmbuild/RPMS/x86_64/osbuild-composer-* working-directory: ./osbuild-composer - name: Run greenboot-rs.sh test run: ./greenboot-rs.sh - working-directory: greenboot-test + working-directory: tests timeout-minutes: 100 - name: Set result status diff --git a/greenboot-test/setup.sh b/greenboot-test/setup.sh deleted file mode 100755 index 5e3001e..0000000 --- a/greenboot-test/setup.sh +++ /dev/null @@ -1,140 +0,0 @@ -#!/bin/bash -set -euox pipefail - -# Dumps details about the instance running the CI job. -CPUS=$(nproc) -MEM=$(free -m | grep -oP '\d+' | head -n 1) -DISK=$(df --output=size -h / | sed '1d;s/[^0-9]//g') -HOSTNAME=$(uname -n) -USER=$(whoami) -ARCH=$(uname -m) -KERNEL=$(uname -r) - -echo -e "\033[0;36m" -cat << EOF ------------------------------------------------------------------------------- -CI MACHINE SPECS ------------------------------------------------------------------------------- - Hostname: ${HOSTNAME} - User: ${USER} - CPUs: ${CPUS} - RAM: ${MEM} MB - DISK: ${DISK} GB - ARCH: ${ARCH} - KERNEL: ${KERNEL} ------------------------------------------------------------------------------- -EOF -echo "CPU info" -lscpu -echo -e "\033[0m" - -# Get OS data. -source /etc/os-release - -# Colorful output. -function greenprint { - echo -e "\033[1;32m${1}\033[0m" -} - -# set locale to en_US.UTF-8 -sudo dnf install -y glibc-langpack-en -sudo localectl set-locale LANG=en_US.UTF-8 - -# Install required packages -greenprint "Install required packages" -sudo dnf install -y --nogpgcheck httpd osbuild osbuild-composer composer-cli podman skopeo wget firewalld lorax xorriso curl jq expect qemu-img qemu-kvm libvirt-client libvirt-daemon-kvm libvirt-daemon virt-install rpmdevtools ansible-core - -# Avoid collection installation filed sometime -for _ in $(seq 0 30); do - ansible-galaxy collection install community.general community.libvirt - install_result=$? - if [[ $install_result == 0 ]]; then - break - fi - sleep 10 -done - -# Customize repository -sudo mkdir -p /etc/osbuild-composer/repositories - -case "${ID}-${VERSION_ID}" in - "fedora-39") - sudo cp files/fedora-39.json /etc/osbuild-composer/repositories/fedora-39.json;; - *) - echo "unsupported distro: ${ID}-${VERSION_ID}" - exit 1;; -esac - -# Check ostree_key permissions -KEY_PERMISSION_PRE=$(stat -L -c "%a %G %U" key/ostree_key | grep -oP '\d+' | head -n 1) -echo -e "${KEY_PERMISSION_PRE}" -if [[ "${KEY_PERMISSION_PRE}" != "600" ]]; then - greenprint "💡 File permissions too open...Changing to 600" - chmod 600 ./key/ostree_key -fi - -# Start httpd server as prod ostree repo -greenprint "Start httpd service" -sudo systemctl enable --now httpd.service - -# Start osbuild-composer.socket -greenprint "Start osbuild-composer.socket" -sudo systemctl enable --now osbuild-composer.socket - -# Start firewalld -greenprint "Start firewalld" -sudo systemctl enable --now firewalld - -# Start libvirtd and test it. -greenprint "🚀 Starting libvirt daemon" -sudo systemctl start libvirtd -sudo virsh list --all > /dev/null - -# Set a customized dnsmasq configuration for libvirt so we always get the -# same address on bootup. -greenprint "💡 Setup libvirt network" -sudo tee /tmp/integration.xml > /dev/null << EOF - - integration - 1c8fe98c-b53a-4ca4-bbdb-deb0f26b3579 - - - - - - - - - - - - - - -EOF -if ! sudo virsh net-info integration > /dev/null 2>&1; then - sudo virsh net-define /tmp/integration.xml -fi -if [[ $(sudo virsh net-info integration | grep 'Active' | awk '{print $2}') == 'no' ]]; then - sudo virsh net-start integration -fi - -# Allow anyone in the wheel group to talk to libvirt. -greenprint "🚪 Allowing users in wheel group to talk to libvirt" -sudo tee /etc/polkit-1/rules.d/50-libvirt.rules > /dev/null << EOF -polkit.addRule(function(action, subject) { - if (action.id == "org.libvirt.unix.manage" && - subject.isInGroup("adm")) { - return polkit.Result.YES; - } -}); -EOF - -# Basic weldr API status checking -sudo composer-cli status show - -# Source checking -sudo composer-cli sources list -for SOURCE in $(sudo composer-cli sources list); do - sudo composer-cli sources info "$SOURCE" -done diff --git a/greenboot-test/ansible.cfg b/tests/ansible.cfg similarity index 100% rename from greenboot-test/ansible.cfg rename to tests/ansible.cfg diff --git a/greenboot-test/check-ostree.yaml b/tests/check-ostree.yaml similarity index 100% rename from greenboot-test/check-ostree.yaml rename to tests/check-ostree.yaml diff --git a/greenboot-test/files/fedora-39.json b/tests/files/fedora-39.json similarity index 100% rename from greenboot-test/files/fedora-39.json rename to tests/files/fedora-39.json diff --git a/greenboot-test/greenboot-rs.sh b/tests/greenboot-rs.sh similarity index 77% rename from greenboot-test/greenboot-rs.sh rename to tests/greenboot-rs.sh index 94b12c2..06226e7 100755 --- a/greenboot-test/greenboot-rs.sh +++ b/tests/greenboot-rs.sh @@ -1,12 +1,149 @@ #!/bin/bash set -exuo pipefail -# Provision the software under test. -./setup.sh - # Get OS data. source /etc/os-release + +# Dumps details about the instance running the CI job. +CPUS=$(nproc) +MEM=$(free -m | grep -oP '\d+' | head -n 1) +DISK=$(df --output=size -h / | sed '1d;s/[^0-9]//g') +HOSTNAME=$(uname -n) +USER=$(whoami) ARCH=$(uname -m) +KERNEL=$(uname -r) + +echo -e "\033[0;36m" +cat << EOF +------------------------------------------------------------------------------ +CI MACHINE SPECS +------------------------------------------------------------------------------ + Hostname: ${HOSTNAME} + User: ${USER} + CPUs: ${CPUS} + RAM: ${MEM} MB + DISK: ${DISK} GB + ARCH: ${ARCH} + KERNEL: ${KERNEL} +------------------------------------------------------------------------------ +EOF +echo "CPU info" +lscpu +echo -e "\033[0m" + +# Colorful output. +function greenprint { + echo -e "\033[1;32m${1}\033[0m" +} + +# set locale to en_US.UTF-8 +sudo dnf install -y glibc-langpack-en +sudo localectl set-locale LANG=en_US.UTF-8 + +# Install required packages +greenprint "Install required packages" +sudo dnf install -y --nogpgcheck httpd composer-cli podman skopeo wget firewalld lorax xorriso curl jq expect qemu-img qemu-kvm libvirt-client libvirt-daemon-kvm libvirt-daemon virt-install rpmdevtools ansible-core + +# Avoid collection installation filed sometime +for _ in $(seq 0 30); do + ansible-galaxy collection install community.general community.libvirt + install_result=$? + if [[ $install_result == 0 ]]; then + break + fi + sleep 10 +done + +# Customize repository +sudo mkdir -p /etc/osbuild-composer/repositories + +# Set os-variant and boot location used by virt-install. +case "${ID}-${VERSION_ID}" in + "fedora-"*) + IMAGE_TYPE=fedora-iot-commit + OSTREE_REF="fedora/${VERSION_ID}/${ARCH}/iot" + OS_VARIANT="fedora-unknown" + BOOT_LOCATION="https://dl.fedoraproject.org/pub/fedora/linux/development/39/Everything/x86_64/os/" + sudo cp files/fedora-39.json /etc/osbuild-composer/repositories/fedora-39.json + ;; + *) + echo "unsupported distro: ${ID}-${VERSION_ID}" + exit 1;; +esac + +# Check ostree_key permissions +KEY_PERMISSION_PRE=$(stat -L -c "%a %G %U" key/ostree_key | grep -oP '\d+' | head -n 1) +echo -e "${KEY_PERMISSION_PRE}" +if [[ "${KEY_PERMISSION_PRE}" != "600" ]]; then + greenprint "💡 File permissions too open...Changing to 600" + chmod 600 ./key/ostree_key +fi + +# Start httpd server as prod ostree repo +greenprint "Start httpd service" +sudo systemctl enable --now httpd.service + +# Start osbuild-composer.socket +greenprint "Start osbuild-composer.socket" +sudo systemctl enable --now osbuild-composer.socket + +# Start firewalld +greenprint "Start firewalld" +sudo systemctl enable --now firewalld + +# Start libvirtd and test it. +greenprint "🚀 Starting libvirt daemon" +sudo systemctl start libvirtd +sudo virsh list --all > /dev/null + +# Set a customized dnsmasq configuration for libvirt so we always get the +# same address on bootup. +greenprint "💡 Setup libvirt network" +sudo tee /tmp/integration.xml > /dev/null << EOF + + integration + 1c8fe98c-b53a-4ca4-bbdb-deb0f26b3579 + + + + + + + + + + + + + + +EOF +if ! sudo virsh net-info integration > /dev/null 2>&1; then + sudo virsh net-define /tmp/integration.xml +fi +if [[ $(sudo virsh net-info integration | grep 'Active' | awk '{print $2}') == 'no' ]]; then + sudo virsh net-start integration +fi + +# Allow anyone in the wheel group to talk to libvirt. +greenprint "🚪 Allowing users in wheel group to talk to libvirt" +sudo tee /etc/polkit-1/rules.d/50-libvirt.rules > /dev/null << EOF +polkit.addRule(function(action, subject) { + if (action.id == "org.libvirt.unix.manage" && + subject.isInGroup("adm")) { + return polkit.Result.YES; + } +}); +EOF + +# Basic weldr API status checking +sudo composer-cli status show + +# Source checking +sudo composer-cli sources list +for SOURCE in $(sudo composer-cli sources list); do + sudo composer-cli sources info "$SOURCE" +done # Set up variables. TEST_UUID=$(uuidgen) @@ -30,24 +167,6 @@ BOOT_ARGS="uefi" SSH_OPTIONS=(-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=5) SSH_KEY=key/ostree_key -# Set os-variant and boot location used by virt-install. -case "${ID}-${VERSION_ID}" in - "fedora-"*) - IMAGE_TYPE=fedora-iot-commit - OSTREE_REF="fedora/${VERSION_ID}/${ARCH}/iot" - OS_VARIANT="fedora-unknown" - BOOT_LOCATION="https://dl.fedoraproject.org/pub/fedora/linux/development/39/Everything/x86_64/os/" - ;; - *) - echo "unsupported distro: ${ID}-${VERSION_ID}" - exit 1;; -esac - -# Colorful output. -function greenprint { - echo -e "\033[1;32m${1}\033[0m" -} - # Get the compose log. get_compose_log () { COMPOSE_ID=$1 diff --git a/greenboot-test/key/ostree_key b/tests/key/ostree_key similarity index 100% rename from greenboot-test/key/ostree_key rename to tests/key/ostree_key diff --git a/greenboot-test/key/ostree_key.pub b/tests/key/ostree_key.pub similarity index 100% rename from greenboot-test/key/ostree_key.pub rename to tests/key/ostree_key.pub