-
Notifications
You must be signed in to change notification settings - Fork 75
162 lines (154 loc) · 7.08 KB
/
ci-integration.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
---
name: CI (integration)
on:
pull_request:
# Cancel any in-progress job or run
concurrency:
group: 'ci-${{ github.workflow }}-${{ github.ref }}'
cancel-in-progress: true
defaults:
run:
shell: sh -ex {0}
jobs:
check-secrets:
name: Check secrets
uses: ./.github/workflows/check-secrets-available.yaml
secrets:
SECRET_TO_CHECK: '${{ secrets.PYCLOUDLIB_CONFIG_CONTENTS }}'
package-builds:
name: Packaging
needs: check-secrets
if: ${{ needs.check-secrets.outputs.has-secrets == 'true' }}
runs-on: ubuntu-22.04
strategy:
matrix:
release: ['xenial', 'bionic', 'focal', 'jammy', 'mantic', 'noble']
steps:
- name: Prepare build tools
env:
DEBFULLNAME: GitHub CI Auto Builder
DEBEMAIL: [email protected]
run: |
sudo DEBIAN_FRONTEND=noninteractive apt-get -qy update
sudo DEBIAN_FRONTEND=noninteractive apt-get -qy install --no-install-recommends sbuild schroot ubuntu-dev-tools debootstrap git-buildpackage
sudo sbuild-adduser $USER
cp /usr/share/doc/sbuild/examples/example.sbuildrc /home/$USER/.sbuildrc
- name: Git checkout
uses: actions/checkout@v3
- name: Build package
env:
DEBFULLNAME: GitHub CI Auto Builder
DEBEMAIL: [email protected]
run: |
gbp dch --ignore-branch --snapshot --distribution=${{ matrix.release }}
dch --local=~${{ matrix.release }} ""
if [ \"${{ matrix.release }}\" = \"noble\" ]; then # TODO update this for the new devel after noble is released
SKIP_PROPOSED=""
else
SKIP_PROPOSED="--skip-proposed"
fi
sg sbuild -c "mk-sbuild $SKIP_PROPOSED ${{ matrix.release }}"
sg sbuild -c "sbuild --dist='${{ matrix.release }}' --resolve-alternatives --no-clean-source --nolog --verbose --no-run-lintian --build-dir='${{ runner.temp }}'"
mv ../*.deb '${{ runner.temp }}' # Workaround for Debbug: #990734, drop in Jammy
- name: Archive debs as artifacts
uses: actions/upload-artifact@v3
with:
name: 'ci-debs-${{ matrix.release }}'
path: '${{ runner.temp }}/*.deb'
retention-days: 3
integration-tests:
name: Integration
needs: package-builds
runs-on: ${{ matrix.host_os }}
strategy:
# Disable fail-fast as these jobs are slow, so we want to extract
# as much information as possible from them.
fail-fast: false
matrix:
release: ['bionic', 'focal', 'jammy', 'mantic', 'noble']
platform: ['lxd-container']
host_os: ['ubuntu-22.04']
include:
# xenial lxd containers dont work on hosts >20.04
- release: xenial
platform: lxd-container
host_os: ubuntu-20.04
- release: bionic
platform: aws.pro
host_os: ubuntu-22.04
- release: bionic
platform: gcp.pro
host_os: ubuntu-22.04
- release: bionic
platform: aws.pro-fips
host_os: ubuntu-22.04
- release: focal
platform: lxd-vm
host_os: ubuntu-22.04
steps:
- name: Prepare test tools
run: |
sudo DEBIAN_FRONTEND=noninteractive apt-get -qy update
sudo DEBIAN_FRONTEND=noninteractive apt-get -qy install tox distro-info
sudo adduser $USER lxd
# Jammy GH Action runners have docker installed, which edits iptables
# in a way that is incompatible with lxd.
# https://linuxcontainers.org/lxd/docs/master/howto/network_bridge_firewalld/#prevent-issues-with-lxd-and-docker
sudo iptables -I DOCKER-USER -j ACCEPT
- name: Refresh LXD
if: matrix.platform == 'lxd-container' || matrix.platform == 'lxd-vm'
run: sudo snap refresh --channel latest/stable lxd
- name: Initialize LXD
if: matrix.platform == 'lxd-container' || matrix.platform == 'lxd-vm'
run: sudo lxd init --auto
- name: Git checkout
uses: actions/checkout@v3
- name: Retrieve debs
uses: actions/download-artifact@v3
with:
name: 'ci-debs-${{ matrix.release }}'
path: '${{ runner.temp }}'
- name: Canonicalize deb filenames
working-directory: '${{ runner.temp }}'
run: |
ln -s ubuntu-advantage-tools*.deb ubuntu-advantage-tools-${{ matrix.release }}.deb
ln -s ubuntu-advantage-pro*.deb ubuntu-advantage-pro-${{ matrix.release }}.deb
- name: Behave
env:
PYCLOUDLIB_CONFIG_CONTENTS: '${{ secrets.PYCLOUDLIB_CONFIG_CONTENTS }}'
GOOGLE_APPLICATION_CREDENTIALS_CONTENTS: '${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_CONTENTS }}'
SSH_PRIVATE_KEY: '${{ secrets.SSH_PRIVATE_KEY }}'
SSH_PUBLIC_KEY: '${{ secrets.SSH_PUBLIC_KEY }}'
UACLIENT_BEHAVE_DEBS_PATH: '${{ runner.temp }}'
UACLIENT_BEHAVE_ARTIFACT_DIR: '${{ runner.temp }}/artifacts/behave-${{ matrix.platform }}-${{ matrix.release }}'
UACLIENT_BEHAVE_SNAPSHOT_STRATEGY: '1'
UACLIENT_BEHAVE_INSTALL_FROM: 'prebuilt'
UACLIENT_BEHAVE_CONTRACT_TOKEN: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN }}'
UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING }}'
UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING_EXPIRED: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING_EXPIRED }}'
UACLIENT_BEHAVE_LANDSCAPE_REGISTRATION_KEY: '${{ secrets.UACLIENT_BEHAVE_LANDSCAPE_REGISTRATION_KEY }}'
UACLIENT_BEHAVE_LANDSCAPE_API_ACCESS_KEY: '${{ secrets.UACLIENT_BEHAVE_LANDSCAPE_API_ACCESS_KEY }}'
UACLIENT_BEHAVE_LANDSCAPE_API_SECRET_KEY: '${{ secrets.UACLIENT_BEHAVE_LANDSCAPE_API_SECRET_KEY }}'
run: |
PYCLOUDLIB_CONFIG="$(mktemp --tmpdir="${{ runner.temp }}" pycloudlib.toml.XXXXXXXXXX)"
GCE_CREDENTIALS_PATH="$(mktemp --tmpdir="${{ runner.temp }}" gcloud.json.XXXXXXXXXX)"
export PYCLOUDLIB_CONFIG
export GCE_CREDENTIALS_PATH
# Dump secrets using a subshell to avoid leaks due to xtrace.
# Use printf as dash's echo always interpretes control sequences (e.g. \n).
sh -c 'printf "%s\n" "$PYCLOUDLIB_CONFIG_CONTENTS" > "$PYCLOUDLIB_CONFIG"'
sh -c 'printf "%s\n" "$GOOGLE_APPLICATION_CREDENTIALS_CONTENTS" > "$GCE_CREDENTIALS_PATH"'
# SSH keys (should match what specified in pycloudlib.toml)
mkdir -p ~/.ssh
touch ~/.ssh/cloudinit_id_rsa
chmod 600 ~/.ssh/cloudinit_id_rsa
sh -c 'printf "%s\n" "$SSH_PRIVATE_KEY" > ~/.ssh/cloudinit_id_rsa'
sh -c 'printf "%s\n" "$SSH_PUBLIC_KEY" > ~/.ssh/cloudinit_id_rsa.pub'
sg lxd -c "tox -e behave -- -D machine_types=${{ matrix.platform }} -D releases=${{ matrix.release }} --tags=-slow --tags=-upgrade --tags=-no_gh --tags=-vpn"
- name: Archive test artifacts
if: always()
uses: actions/upload-artifact@v3
with:
name: 'ci-behave-${{ matrix.release }}'
path: '${{ runner.temp }}/artifacts/behave*'
retention-days: 7