diff --git a/.github/workflows/PR-wip-checks.yaml b/.github/workflows/PR-wip-checks.yaml deleted file mode 100644 index 98195b8867fc..000000000000 --- a/.github/workflows/PR-wip-checks.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name: Pull request WIP checks -on: - pull_request: - types: - - opened - - synchronize - - reopened - - edited - - labeled - - unlabeled - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - pr_wip_check: - runs-on: ubuntu-latest - name: WIP Check - steps: - - name: WIP Check - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: tim-actions/wip-check@1c2a1ca6c110026b3e2297bb2ef39e1747b5a755 - with: - labels: '["do-not-merge", "wip", "rfc"]' - keywords: '["WIP", "wip", "RFC", "rfc", "dnm", "DNM", "do-not-merge"]' diff --git a/.github/workflows/add-issues-to-project.yaml b/.github/workflows/add-issues-to-project.yaml deleted file mode 100644 index bed6b884f70d..000000000000 --- a/.github/workflows/add-issues-to-project.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright (c) 2020 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 -# - -name: Add newly created issues to the backlog project - -on: - issues: - types: - - opened - - reopened - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - add-new-issues-to-backlog: - runs-on: ubuntu-latest - steps: - - name: Install hub - run: | - HUB_ARCH="amd64" - HUB_VER=$(curl -sL "https://api.github.com/repos/github/hub/releases/latest" |\ - jq -r .tag_name | sed 's/^v//') - curl -sL \ - "https://github.com/github/hub/releases/download/v${HUB_VER}/hub-linux-${HUB_ARCH}-${HUB_VER}.tgz" |\ - tar xz --strip-components=2 --wildcards '*/bin/hub' && \ - sudo install hub /usr/local/bin - - - name: Install hub extension script - run: | - # Clone into a temporary directory to avoid overwriting - # any existing github directory. - pushd $(mktemp -d) &>/dev/null - git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts - sudo install hub-util.sh /usr/local/bin - popd &>/dev/null - - - name: Checkout code to allow hub to communicate with the project - uses: actions/checkout@v4 - - - name: Add issue to issue backlog - env: - GITHUB_TOKEN: ${{ secrets.KATA_GITHUB_ACTIONS_TOKEN }} - run: | - issue=${{ github.event.issue.number }} - - project_name="Issue backlog" - project_type="org" - project_column="To do" - - hub-util.sh \ - add-issue \ - "$issue" \ - "$project_name" \ - "$project_type" \ - "$project_column" diff --git a/.github/workflows/add-pr-sizing-label.yaml b/.github/workflows/add-pr-sizing-label.yaml deleted file mode 100644 index 4af22cd95a79..000000000000 --- a/.github/workflows/add-pr-sizing-label.yaml +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright (c) 2022 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 -# - -name: Add PR sizing label - -on: - pull_request_target: - types: - - opened - - reopened - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - add-pr-size-label: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ github.event.pull_request.base.ref }} - - - name: Install PR sizing label script - run: | - # Clone into a temporary directory to avoid overwriting - # any existing github directory. - pushd $(mktemp -d) &>/dev/null - git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts - sudo install pr-add-size-label.sh /usr/local/bin - popd &>/dev/null - - - name: Add PR sizing label - env: - GITHUB_TOKEN: ${{ secrets.KATA_GITHUB_ACTIONS_PR_SIZE_TOKEN }} - run: | - pr=${{ github.event.number }} - # Removing man-db, workflow kept failing, fixes: #4480 - sudo apt -y remove --purge man-db - sudo apt -y install diffstat patchutils - - pr-add-size-label.sh -p "$pr" diff --git a/.github/workflows/basic-ci-amd64.yaml b/.github/workflows/basic-ci-amd64.yaml deleted file mode 100644 index fdd0a0940152..000000000000 --- a/.github/workflows/basic-ci-amd64.yaml +++ /dev/null @@ -1,336 +0,0 @@ -name: CI | Basic amd64 tests -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-cri-containerd: - strategy: - # We can set this to true whenever we're 100% sure that - # the all the tests are not flaky, otherwise we'll fail - # all the tests due to a single flaky instance. - fail-fast: false - matrix: - containerd_version: ['lts', 'active'] - vmm: ['clh', 'dragonball', 'qemu', 'stratovirt', 'cloud-hypervisor', 'qemu-runtime-rs'] - runs-on: garm-ubuntu-2204-smaller - env: - CONTAINERD_VERSION: ${{ matrix.containerd_version }} - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/cri-containerd/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/cri-containerd/gha-run.sh install-kata kata-artifacts - - - name: Run cri-containerd tests - timeout-minutes: 10 - run: bash tests/integration/cri-containerd/gha-run.sh run - - run-containerd-stability: - strategy: - fail-fast: false - matrix: - containerd_version: ['lts', 'active'] - vmm: ['clh', 'cloud-hypervisor', 'dragonball', 'qemu', 'stratovirt'] - runs-on: garm-ubuntu-2204-smaller - env: - CONTAINERD_VERSION: ${{ matrix.containerd_version }} - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/stability/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/stability/gha-run.sh install-kata kata-artifacts - - - name: Run containerd-stability tests - timeout-minutes: 15 - run: bash tests/stability/gha-run.sh run - - run-nydus: - strategy: - # We can set this to true whenever we're 100% sure that - # the all the tests are not flaky, otherwise we'll fail - # all the tests due to a single flaky instance. - fail-fast: false - matrix: - containerd_version: ['lts', 'active'] - vmm: ['clh', 'qemu', 'dragonball', 'stratovirt'] - runs-on: garm-ubuntu-2204-smaller - env: - CONTAINERD_VERSION: ${{ matrix.containerd_version }} - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/nydus/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/nydus/gha-run.sh install-kata kata-artifacts - - - name: Run nydus tests - timeout-minutes: 10 - run: bash tests/integration/nydus/gha-run.sh run - - run-runk: - runs-on: garm-ubuntu-2204-smaller - env: - CONTAINERD_VERSION: lts - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/runk/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/runk/gha-run.sh install-kata kata-artifacts - - - name: Run runk tests - timeout-minutes: 10 - run: bash tests/integration/runk/gha-run.sh run - - run-tracing: - strategy: - fail-fast: false - matrix: - vmm: - - clh # cloud-hypervisor - - qemu - runs-on: garm-ubuntu-2204-smaller - env: - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/functional/tracing/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/functional/tracing/gha-run.sh install-kata kata-artifacts - - - name: Run tracing tests - timeout-minutes: 15 - run: bash tests/functional/tracing/gha-run.sh run - - run-vfio: - strategy: - fail-fast: false - matrix: - vmm: ['clh', 'qemu'] - runs-on: garm-ubuntu-2304 - env: - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/functional/vfio/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Run vfio tests - timeout-minutes: 15 - run: bash tests/functional/vfio/gha-run.sh run - - run-docker-tests: - strategy: - # We can set this to true whenever we're 100% sure that - # all the tests are not flaky, otherwise we'll fail them - # all due to a single flaky instance. - fail-fast: false - matrix: - vmm: - - clh - - qemu - runs-on: garm-ubuntu-2304-smaller - env: - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/docker/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/docker/gha-run.sh install-kata kata-artifacts - - - name: Run docker smoke test - timeout-minutes: 5 - run: bash tests/integration/docker/gha-run.sh run - - run-nerdctl-tests: - strategy: - # We can set this to true whenever we're 100% sure that - # all the tests are not flaky, otherwise we'll fail them - # all due to a single flaky instance. - fail-fast: false - matrix: - vmm: - - clh - - dragonball - - qemu - - cloud-hypervisor - runs-on: garm-ubuntu-2304-smaller - env: - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/nerdctl/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/nerdctl/gha-run.sh install-kata kata-artifacts - - - name: Run nerdctl smoke test - timeout-minutes: 5 - run: bash tests/integration/nerdctl/gha-run.sh run - - - name: Collect artifacts ${{ matrix.vmm }} - run: bash tests/integration/nerdctl/gha-run.sh collect-artifacts - - - name: Archive artifacts ${{ matrix.vmm }} - uses: actions/upload-artifact@v4 - with: - name: nerdctl-tests-garm-${{ matrix.vmm }} - path: /tmp/artifacts - retention-days: 1 diff --git a/.github/workflows/build-checks.yaml b/.github/workflows/build-checks.yaml deleted file mode 100644 index 2abdc9b0fd66..000000000000 --- a/.github/workflows/build-checks.yaml +++ /dev/null @@ -1,113 +0,0 @@ -on: - workflow_call: - inputs: - instance: - required: true - type: string - -name: Build checks -jobs: - check: - runs-on: ${{ inputs.instance }} - strategy: - fail-fast: false - matrix: - component: - - agent - - dragonball - - runtime - - runtime-rs - - agent-ctl - - kata-ctl - - runk - - trace-forwarder - - genpolicy - command: - - "make vendor" - - "make check" - - "make test" - - "sudo -E PATH=\"$PATH\" make test" - include: - - component: agent - component-path: src/agent - - component: dragonball - component-path: src/dragonball - - component: runtime - component-path: src/runtime - - component: runtime-rs - component-path: src/runtime-rs - - component: agent-ctl - component-path: src/tools/agent-ctl - - component: kata-ctl - component-path: src/tools/kata-ctl - - component: runk - component-path: src/tools/runk - - component: trace-forwarder - component-path: src/tools/trace-forwarder - - install-libseccomp: no - - component: agent - install-libseccomp: yes - - component: runk - install-libseccomp: yes - - component: genpolicy - component-path: src/tools/genpolicy - steps: - - name: Adjust a permission for repo - run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE $HOME - sudo rm -rf $GITHUB_WORKSPACE/* && echo "GITHUB_WORKSPACE removed" || { sleep 10 && sudo rm -rf $GITHUB_WORKSPACE/*; } - sudo rm -f /tmp/kata_hybrid* # Sometime we got leftover from test_setup_hvsock_failed() - if: ${{ inputs.instance != 'ubuntu-20.04' }} - - - name: Checkout the code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Install yq - run: | - ./ci/install_yq.sh - env: - INSTALL_IN_GOPATH: false - - name: Install golang - if: ${{ matrix.component == 'runtime' }} - run: | - ./tests/install_go.sh -f -p - echo "/usr/local/go/bin" >> $GITHUB_PATH - - name: Install rust - if: ${{ matrix.component != 'runtime' }} - run: | - ./tests/install_rust.sh - echo "${HOME}/.cargo/bin" >> $GITHUB_PATH - - name: Install musl-tools - if: ${{ matrix.component != 'runtime' }} - run: sudo apt-get -y install musl-tools - - name: Install devicemapper - if: ${{ matrix.command == 'make check' && matrix.component == 'agent' }} - run: sudo apt-get -y install libdevmapper-dev - - name: Install libseccomp - if: ${{ matrix.command != 'make vendor' && matrix.command != 'make check' && matrix.install-libseccomp == 'yes' }} - run: | - libseccomp_install_dir=$(mktemp -d -t libseccomp.XXXXXXXXXX) - gperf_install_dir=$(mktemp -d -t gperf.XXXXXXXXXX) - ./ci/install_libseccomp.sh "${libseccomp_install_dir}" "${gperf_install_dir}" - echo "Set environment variables for the libseccomp crate to link the libseccomp library statically" - echo "LIBSECCOMP_LINK_TYPE=static" >> $GITHUB_ENV - echo "LIBSECCOMP_LIB_PATH=${libseccomp_install_dir}/lib" >> $GITHUB_ENV - - name: Install protobuf-compiler - if: ${{ matrix.command != 'make vendor' && (matrix.component == 'agent' || matrix.component == 'runk' || matrix.component == 'genpolicy') }} - run: sudo apt-get -y install protobuf-compiler - - name: Install clang - if: ${{ matrix.command == 'make check' && matrix.component == 'agent' }} - run: sudo apt-get -y install clang - - name: Setup XDG_RUNTIME_DIR for the `runtime` tests - if: ${{ matrix.command != 'make vendor' && matrix.command != 'make check' && matrix.component == 'runtime' }} - run: | - XDG_RUNTIME_DIR=$(mktemp -d /tmp/kata-tests-$USER.XXX | tee >(xargs chmod 0700)) - echo "XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR}" >> $GITHUB_ENV - - name: Running `${{ matrix.command }}` for ${{ matrix.component }} - run: | - cd ${{ matrix.component-path }} - ${{ matrix.command }} - env: - RUST_BACKTRACE: "1" diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml index f5c59c7d747a..88bdcaf1ad97 100644 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ b/.github/workflows/build-kata-static-tarball-amd64.yaml @@ -28,40 +28,19 @@ jobs: matrix: asset: - agent - - agent-ctl - - cloud-hypervisor - - cloud-hypervisor-glibc - coco-guest-components - - firecracker - - genpolicy - - kata-ctl - - kata-manager - kernel - kernel-confidential - - kernel-dragonball-experimental - - kernel-nvidia-gpu - - kernel-nvidia-gpu-confidential - - nydus - - ovmf - - ovmf-sev - pause-image - qemu - - qemu-snp-experimental - - stratovirt - rootfs-image - rootfs-image-confidential - rootfs-initrd - rootfs-initrd-confidential - - rootfs-initrd-mariner - - runk - shim-v2 - - trace-forwarder - virtiofsd stage: - ${{ inputs.stage }} - exclude: - - asset: cloud-hypervisor-glibc - stage: release steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml deleted file mode 100644 index c280da9ff11d..000000000000 --- a/.github/workflows/build-kata-static-tarball-arm64.yaml +++ /dev/null @@ -1,123 +0,0 @@ -name: CI | Build kata-static tarball for arm64 -on: - workflow_call: - inputs: - stage: - required: false - type: string - default: test - tarball-suffix: - required: false - type: string - push-to-registry: - required: false - type: string - default: no - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - build-asset: - runs-on: arm64-builder - strategy: - matrix: - asset: - - agent - - cloud-hypervisor - - firecracker - - kernel - - kernel-dragonball-experimental - - nydus - - qemu - - stratovirt - - rootfs-image - - rootfs-initrd - - shim-v2 - - virtiofsd - steps: - - name: Adjust a permission for repo - run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE - - - name: Login to Kata Containers quay.io - if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 # This is needed in order to keep the commit ids history - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Build ${{ matrix.asset }} - run: | - make "${KATA_ASSET}-tarball" - build_dir=$(readlink -f build) - # store-artifact does not work with symlink - sudo cp -r "${build_dir}" "kata-build" - env: - KATA_ASSET: ${{ matrix.asset }} - TAR_OUTPUT: ${{ matrix.asset }}.tar.gz - PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} - ARTEFACT_REGISTRY: ghcr.io - ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} - ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - TARGET_BRANCH: ${{ inputs.target-branch }} - RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - - - name: store-artifact ${{ matrix.asset }} - if: ${{ inputs.stage != 'release' || matrix.asset != 'agent' }} - uses: actions/upload-artifact@v4 - with: - name: kata-artifacts-arm64-${{ matrix.asset }}${{ inputs.tarball-suffix }} - path: kata-build/kata-static-${{ matrix.asset }}.tar.xz - retention-days: 15 - if-no-files-found: error - - create-kata-tarball: - runs-on: arm64-builder - needs: build-asset - steps: - - name: Adjust a permission for repo - run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - name: get-artifacts - uses: actions/download-artifact@v4 - with: - pattern: kata-artifacts-arm64-*${{ inputs.tarball-suffix }} - path: kata-artifacts - merge-multiple: true - - name: merge-artifacts - run: | - ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts versions.yaml - - name: store-artifacts - uses: actions/upload-artifact@v4 - with: - name: kata-static-tarball-arm64${{ inputs.tarball-suffix }} - path: kata-static.tar.xz - retention-days: 15 - if-no-files-found: error diff --git a/.github/workflows/build-kata-static-tarball-ppc64le.yaml b/.github/workflows/build-kata-static-tarball-ppc64le.yaml deleted file mode 100644 index 890cd50e574e..000000000000 --- a/.github/workflows/build-kata-static-tarball-ppc64le.yaml +++ /dev/null @@ -1,126 +0,0 @@ -name: CI | Build kata-static tarball for ppc64le -on: - workflow_call: - inputs: - stage: - required: false - type: string - default: test - tarball-suffix: - required: false - type: string - push-to-registry: - required: false - type: string - default: no - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - build-asset: - runs-on: ppc64le - strategy: - matrix: - asset: - - agent - - kernel - - qemu - - rootfs-initrd - - shim-v2 - - virtiofsd - stage: - - ${{ inputs.stage }} - steps: - - name: Adjust a permission for repo - run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE - - - name: Prepare the self-hosted runner - run: | - ${HOME}/scripts/prepare_runner.sh - sudo rm -rf $GITHUB_WORKSPACE/* - - - - name: Login to Kata Containers quay.io - if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 # This is needed in order to keep the commit ids history - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Build ${{ matrix.asset }} - run: | - make "${KATA_ASSET}-tarball" - build_dir=$(readlink -f build) - # store-artifact does not work with symlink - sudo cp -r "${build_dir}" "kata-build" - sudo chown -R $(id -u):$(id -g) "kata-build" - env: - KATA_ASSET: ${{ matrix.asset }} - TAR_OUTPUT: ${{ matrix.asset }}.tar.gz - PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} - ARTEFACT_REGISTRY: ghcr.io - ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} - ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - TARGET_BRANCH: ${{ inputs.target-branch }} - RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - - - name: store-artifact ${{ matrix.asset }} - if: ${{ inputs.stage != 'release' || matrix.asset != 'agent' }} - uses: actions/upload-artifact@v4 - with: - name: kata-artifacts-ppc64le-${{ matrix.asset }}${{ inputs.tarball-suffix }} - path: kata-build/kata-static-${{ matrix.asset }}.tar.xz - retention-days: 1 - if-no-files-found: error - - create-kata-tarball: - runs-on: ppc64le - needs: build-asset - steps: - - name: Adjust a permission for repo - run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - name: get-artifacts - uses: actions/download-artifact@v4 - with: - pattern: kata-artifacts-ppc64le-*${{ inputs.tarball-suffix }} - path: kata-artifacts - merge-multiple: true - - name: merge-artifacts - run: | - ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts versions.yaml - - name: store-artifacts - uses: actions/upload-artifact@v4 - with: - name: kata-static-tarball-ppc64le${{ inputs.tarball-suffix }} - path: kata-static.tar.xz - retention-days: 1 - if-no-files-found: error diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml deleted file mode 100644 index 33aa02a8b8e1..000000000000 --- a/.github/workflows/build-kata-static-tarball-s390x.yaml +++ /dev/null @@ -1,167 +0,0 @@ -name: CI | Build kata-static tarball for s390x -on: - workflow_call: - inputs: - stage: - required: false - type: string - default: test - tarball-suffix: - required: false - type: string - push-to-registry: - required: false - type: string - default: no - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - build-asset: - runs-on: s390x - strategy: - matrix: - asset: - - agent - - coco-guest-components - - kernel - - kernel-confidential - - pause-image - - qemu - - rootfs-image - - rootfs-image-confidential - - rootfs-initrd - - rootfs-initrd-confidential - - shim-v2 - - virtiofsd - steps: - - name: Take a pre-action for self-hosted runner - run: ${HOME}/script/pre_action.sh ubuntu-2204 - - - name: Login to Kata Containers quay.io - if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 # This is needed in order to keep the commit ids history - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Build ${{ matrix.asset }} - run: | - make "${KATA_ASSET}-tarball" - build_dir=$(readlink -f build) - # store-artifact does not work with symlink - sudo cp -r "${build_dir}" "kata-build" - sudo chown -R $(id -u):$(id -g) "kata-build" - env: - KATA_ASSET: ${{ matrix.asset }} - TAR_OUTPUT: ${{ matrix.asset }}.tar.gz - PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} - ARTEFACT_REGISTRY: ghcr.io - ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} - ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - TARGET_BRANCH: ${{ inputs.target-branch }} - RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - - - name: store-artifact ${{ matrix.asset }} - if: ${{ inputs.stage != 'release' || (matrix.asset != 'agent' && matrix.asset != 'coco-guest-components' && matrix.asset != 'pause-image') }} - uses: actions/upload-artifact@v4 - with: - name: kata-artifacts-s390x-${{ matrix.asset }}${{ inputs.tarball-suffix }} - path: kata-build/kata-static-${{ matrix.asset }}.tar.xz - retention-days: 15 - if-no-files-found: error - - build-asset-boot-image-se: - runs-on: s390x - needs: build-asset - steps: - - name: Take a pre-action for self-hosted runner - run: ${HOME}/script/pre_action.sh ubuntu-2204 - - - uses: actions/checkout@v4 - - - name: get-artifacts - uses: actions/download-artifact@v4 - with: - pattern: kata-artifacts-s390x-*${{ inputs.tarball-suffix }} - path: kata-artifacts - merge-multiple: true - - - name: Place a host key document - run: | - mkdir -p "host-key-document" - cp "${CI_HKD_PATH}" "host-key-document" - env: - CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }} - - - name: Build boot-image-se - run: | - base_dir=tools/packaging/kata-deploy/local-build/ - cp -r kata-artifacts ${base_dir}/build - # Skip building dependant artifacts of boot-image-se-tarball - # because we already have them from the previous build - sed -i 's/\(^boot-image-se-tarball:\).*/\1/g' ${base_dir}/Makefile - make boot-image-se-tarball - build_dir=$(readlink -f build) - sudo cp -r "${build_dir}" "kata-build" - sudo chown -R $(id -u):$(id -g) "kata-build" - env: - HKD_PATH: "host-key-document" - - - name: store-artifact boot-image-se - uses: actions/upload-artifact@v4 - with: - name: kata-artifacts-s390x${{ inputs.tarball-suffix }} - path: kata-build/kata-static-boot-image-se.tar.xz - retention-days: 1 - if-no-files-found: error - - create-kata-tarball: - runs-on: s390x - needs: [build-asset, build-asset-boot-image-se] - steps: - - name: Take a pre-action for self-hosted runner - run: ${HOME}/script/pre_action.sh ubuntu-2204 - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - name: get-artifacts - uses: actions/download-artifact@v4 - with: - pattern: kata-artifacts-s390x-*${{ inputs.tarball-suffix }} - path: kata-artifacts - merge-multiple: true - - name: merge-artifacts - run: | - ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts versions.yaml - - name: store-artifacts - uses: actions/upload-artifact@v4 - with: - name: kata-static-tarball-s390x${{ inputs.tarball-suffix }} - path: kata-static.tar.xz - retention-days: 15 - if-no-files-found: error diff --git a/.github/workflows/cargo-deny-runner.yaml b/.github/workflows/cargo-deny-runner.yaml deleted file mode 100644 index 608861d42611..000000000000 --- a/.github/workflows/cargo-deny-runner.yaml +++ /dev/null @@ -1,30 +0,0 @@ -name: Cargo Crates Check Runner -on: - pull_request: - types: - - opened - - edited - - reopened - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - cargo-deny-runner: - runs-on: ubuntu-latest - - steps: - - name: Checkout Code - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: actions/checkout@v4 - - name: Generate Action - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: bash cargo-deny-generator.sh - working-directory: ./.github/cargo-deny-composite-action/ - env: - GOPATH: ${{ runner.workspace }}/kata-containers - - name: Run Action - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: ./.github/cargo-deny-composite-action diff --git a/.github/workflows/ci-nightly-s390x.yaml b/.github/workflows/ci-nightly-s390x.yaml deleted file mode 100644 index f3817520a147..000000000000 --- a/.github/workflows/ci-nightly-s390x.yaml +++ /dev/null @@ -1,21 +0,0 @@ -on: - schedule: - - cron: '0 5 * * *' - -name: Nightly CI for s390x -jobs: - check-internal-test-result: - runs-on: s390x - strategy: - fail-fast: false - matrix: - test_title: - - kata-vfio-ap-e2e-tests - - cc-se-e2e-tests - steps: - - name: Fetch a test result for {{ matrix.test_title }} - run: | - file_name="${TEST_TITLE}-$(date +%Y-%m-%d).log" - /home/${USER}/script/handle_test_log.sh download $file_name - env: - TEST_TITLE: ${{ matrix.test_title }} diff --git a/.github/workflows/ci-nightly.yaml b/.github/workflows/ci-nightly.yaml deleted file mode 100644 index 75f5f2667518..000000000000 --- a/.github/workflows/ci-nightly.yaml +++ /dev/null @@ -1,19 +0,0 @@ -name: Kata Containers Nightly CI -on: - schedule: - - cron: '0 0 * * *' - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - kata-containers-ci-on-push: - uses: ./.github/workflows/ci.yaml - with: - commit-hash: ${{ github.sha }} - pr-number: "nightly" - tag: ${{ github.sha }}-nightly - target-branch: ${{ github.ref_name }} - secrets: inherit diff --git a/.github/workflows/ci-on-push.yaml b/.github/workflows/ci-on-push.yaml index c58b2330c139..7bfe8188efc0 100644 --- a/.github/workflows/ci-on-push.yaml +++ b/.github/workflows/ci-on-push.yaml @@ -1,9 +1,6 @@ name: Kata Containers CI on: - pull_request_target: - branches: - - 'main' - - 'stable-*' + pull_request: types: # Adding 'labeled' to the list of activity types that trigger this event # (default: opened, synchronize, reopened) so that we can run this @@ -12,7 +9,6 @@ on: - opened - synchronize - reopened - - labeled concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} @@ -20,7 +16,6 @@ concurrency: jobs: kata-containers-ci-on-push: - if: ${{ contains(github.event.pull_request.labels.*.name, 'ok-to-test') }} uses: ./.github/workflows/ci.yaml with: commit-hash: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ad57a5676d0e..201db9ee6588 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -36,45 +36,6 @@ jobs: target-branch: ${{ inputs.target-branch }} secrets: inherit - build-kata-static-tarball-s390x: - uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - build-kata-static-tarball-ppc64le: - uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - - publish-kata-deploy-payload-s390x: - needs: build-kata-static-tarball-s390x - uses: ./.github/workflows/publish-kata-deploy-payload-s390x.yaml - with: - tarball-suffix: -${{ inputs.tag }} - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-s390x - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - publish-kata-deploy-payload-ppc64le: - needs: build-kata-static-tarball-ppc64le - uses: ./.github/workflows/publish-kata-deploy-payload-ppc64le.yaml - with: - tarball-suffix: -${{ inputs.tag }} - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-ppc64le - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - build-and-publish-tee-confidential-unencrypted-image: runs-on: ubuntu-latest steps: @@ -106,27 +67,15 @@ jobs: - name: Docker build and push uses: docker/build-push-action@v5 with: - tags: ghcr.io/kata-containers/test-images:unencrypted-${{ inputs.pr-number }} + tags: ghcr.io/fidencio/kata-containers/test-images:unencrypted-${{ inputs.pr-number }} push: true context: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/ platforms: linux/amd64, linux/s390x file: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/Dockerfile - run-kata-deploy-tests-on-aks: - needs: publish-kata-deploy-payload-amd64 - uses: ./.github/workflows/run-kata-deploy-tests-on-aks.yaml - with: - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-amd64 - commit-hash: ${{ inputs.commit-hash }} - pr-number: ${{ inputs.pr-number }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - run-kata-deploy-tests-on-garm: + run-k8s-tests-with-containerd: needs: publish-kata-deploy-payload-amd64 - uses: ./.github/workflows/run-kata-deploy-tests-on-garm.yaml + uses: ./.github/workflows/run-k8s-tests-with-containerd.yaml with: registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci @@ -136,113 +85,15 @@ jobs: target-branch: ${{ inputs.target-branch }} secrets: inherit - run-kata-monitor-tests: - needs: build-kata-static-tarball-amd64 - uses: ./.github/workflows/run-kata-monitor-tests.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - - run-k8s-tests-on-aks: - needs: publish-kata-deploy-payload-amd64 - uses: ./.github/workflows/run-k8s-tests-on-aks.yaml - with: - tarball-suffix: -${{ inputs.tag }} - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-amd64 - commit-hash: ${{ inputs.commit-hash }} - pr-number: ${{ inputs.pr-number }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - run-k8s-tests-on-garm: - needs: publish-kata-deploy-payload-amd64 - uses: ./.github/workflows/run-k8s-tests-on-garm.yaml - with: - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-amd64 - commit-hash: ${{ inputs.commit-hash }} - pr-number: ${{ inputs.pr-number }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - run-k8s-tests-with-crio-on-garm: - needs: publish-kata-deploy-payload-amd64 - uses: ./.github/workflows/run-k8s-tests-with-crio-on-garm.yaml - with: - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-amd64 - commit-hash: ${{ inputs.commit-hash }} - pr-number: ${{ inputs.pr-number }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - run-kata-coco-tests: - needs: [publish-kata-deploy-payload-amd64, build-and-publish-tee-confidential-unencrypted-image] - uses: ./.github/workflows/run-kata-coco-tests.yaml - with: - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-amd64 - commit-hash: ${{ inputs.commit-hash }} - pr-number: ${{ inputs.pr-number }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - run-k8s-tests-on-zvsi: - needs: [publish-kata-deploy-payload-s390x, build-and-publish-tee-confidential-unencrypted-image] - uses: ./.github/workflows/run-k8s-tests-on-zvsi.yaml - with: - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-s390x - commit-hash: ${{ inputs.commit-hash }} - pr-number: ${{ inputs.pr-number }} - target-branch: ${{ inputs.target-branch }} - - run-k8s-tests-on-ppc64le: - needs: publish-kata-deploy-payload-ppc64le - uses: ./.github/workflows/run-k8s-tests-on-ppc64le.yaml - with: - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-ppc64le - commit-hash: ${{ inputs.commit-hash }} - pr-number: ${{ inputs.pr-number }} - target-branch: ${{ inputs.target-branch }} - - run-metrics-tests: - needs: build-kata-static-tarball-amd64 - uses: ./.github/workflows/run-metrics.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - - run-basic-amd64-tests: - needs: build-kata-static-tarball-amd64 - uses: ./.github/workflows/basic-ci-amd64.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - - run-cri-containerd-tests-s390x: - needs: build-kata-static-tarball-s390x - uses: ./.github/workflows/run-cri-containerd-tests-s390x.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - - run-cri-containerd-tests-ppc64le: - needs: build-kata-static-tarball-ppc64le - uses: ./.github/workflows/run-cri-containerd-tests-ppc64le.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} + # + # run-k8s-tests-with-crio-on-garm: + # needs: publish-kata-deploy-payload-amd64 + # uses: ./.github/workflows/run-k8s-tests-with-crio-on-garm.yaml + # with: + # registry: ghcr.io + # repo: ${{ github.repository_owner }}/kata-deploy-ci + # tag: ${{ inputs.tag }}-amd64 + # commit-hash: ${{ inputs.commit-hash }} + # pr-number: ${{ inputs.pr-number }} + # target-branch: ${{ inputs.target-branch }} + # secrets: inherit diff --git a/.github/workflows/commit-message-check.yaml b/.github/workflows/commit-message-check.yaml deleted file mode 100644 index 6a51f03974ad..000000000000 --- a/.github/workflows/commit-message-check.yaml +++ /dev/null @@ -1,98 +0,0 @@ -name: Commit Message Check -on: - pull_request: - types: - - opened - - reopened - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -env: - error_msg: |+ - See the document below for help on formatting commits for the project. - - https://github.com/kata-containers/community/blob/main/CONTRIBUTING.md#patch-format - -jobs: - commit-message-check: - runs-on: ubuntu-latest - env: - PR_AUTHOR: ${{ github.event.pull_request.user.login }} - name: Commit Message Check - steps: - - name: Get PR Commits - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - id: 'get-pr-commits' - uses: tim-actions/get-pr-commits@v1.2.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - # Filter out revert commits - # The format of a revert commit is as follows: - # - # Revert "" - # - filter_out_pattern: '^Revert "' - - - name: DCO Check - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: tim-actions/dco@2fd0504dc0d27b33f542867c300c60840c6dcb20 - with: - commits: ${{ steps.get-pr-commits.outputs.commits }} - - - name: Commit Body Missing Check - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') && ( success() || failure() ) }} - uses: tim-actions/commit-body-check@v1.0.2 - with: - commits: ${{ steps.get-pr-commits.outputs.commits }} - - - name: Check Subject Line Length - if: ${{ (env.PR_AUTHOR != 'dependabot[bot]') && !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') && ( success() || failure() ) }} - uses: tim-actions/commit-message-checker-with-regex@v0.3.1 - with: - commits: ${{ steps.get-pr-commits.outputs.commits }} - pattern: '^.{0,75}(\n.*)*$' - error: 'Subject too long (max 75)' - post_error: ${{ env.error_msg }} - - - name: Check Body Line Length - if: ${{ (env.PR_AUTHOR != 'dependabot[bot]') && !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') && ( success() || failure() ) }} - uses: tim-actions/commit-message-checker-with-regex@v0.3.1 - with: - commits: ${{ steps.get-pr-commits.outputs.commits }} - # Notes: - # - # - The subject line is not enforced here (see other check), but has - # to be specified at the start of the regex as the action is passed - # the entire commit message. - # - # - This check will pass if the commit message only contains a subject - # line, as other body message properties are enforced elsewhere. - # - # - Body lines *can* be longer than the maximum if they start - # with a non-alphabetic character or if there is no whitespace in - # the line. - # - # This allows stack traces, log files snippets, emails, long URLs, - # etc to be specified. Some of these naturally "work" as they start - # with numeric timestamps or addresses. Emails can but quoted using - # the normal ">" character, markdown bullets ("-", "*") are also - # useful for lists of URLs, but it is always possible to override - # the check by simply space indenting the content you need to add. - # - # - A SoB comment can be any length (as it is unreasonable to penalise - # people with long names/email addresses :) - pattern: '(^[^\n]+$|^.+(\n([a-zA-Z].{0,150}|[^a-zA-Z\n].*|[^\s\n]*|Signed-off-by:.*|))+$)' - error: 'Body line too long (max 150)' - post_error: ${{ env.error_msg }} - - - name: Check Subsystem - if: ${{ (env.PR_AUTHOR != 'dependabot[bot]') && !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') && ( success() || failure() ) }} - uses: tim-actions/commit-message-checker-with-regex@v0.3.1 - with: - commits: ${{ steps.get-pr-commits.outputs.commits }} - pattern: '^[\s\t]*[^:\s\t]+[\s\t]*:' - error: 'Failed to find subsystem in subject' - post_error: ${{ env.error_msg }} diff --git a/.github/workflows/darwin-tests.yaml b/.github/workflows/darwin-tests.yaml deleted file mode 100644 index d3d1c2a38a20..000000000000 --- a/.github/workflows/darwin-tests.yaml +++ /dev/null @@ -1,25 +0,0 @@ -on: - pull_request: - types: - - opened - - edited - - reopened - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -name: Darwin tests -jobs: - test: - runs-on: macos-latest - steps: - - name: Install Go - uses: actions/setup-go@v2 - with: - go-version: 1.22.2 - - name: Checkout code - uses: actions/checkout@v4 - - name: Build utils - run: ./ci/darwin-test.sh diff --git a/.github/workflows/docs-url-alive-check.yaml b/.github/workflows/docs-url-alive-check.yaml deleted file mode 100644 index 64f990560e91..000000000000 --- a/.github/workflows/docs-url-alive-check.yaml +++ /dev/null @@ -1,37 +0,0 @@ -on: - schedule: - - cron: '0 23 * * 0' - -name: Docs URL Alive Check -jobs: - test: - runs-on: ubuntu-20.04 - # don't run this action on forks - if: github.repository_owner == 'kata-containers' - env: - target_branch: ${{ github.base_ref }} - steps: - - name: Install Go - uses: actions/setup-go@v2 - with: - go-version: 1.22.2 - env: - GOPATH: ${{ runner.workspace }}/kata-containers - - name: Set env - run: | - echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV - echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - path: ./src/github.com/${{ github.repository }} - - name: Setup - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && ./ci/setup.sh - env: - GOPATH: ${{ runner.workspace }}/kata-containers - # docs url alive check - - name: Docs URL Alive Check - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && make docs-url-alive-check diff --git a/.github/workflows/kata-runtime-classes-sync.yaml b/.github/workflows/kata-runtime-classes-sync.yaml deleted file mode 100644 index fdd671a7159a..000000000000 --- a/.github/workflows/kata-runtime-classes-sync.yaml +++ /dev/null @@ -1,36 +0,0 @@ -on: - pull_request: - types: - - opened - - edited - - reopened - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - kata-deploy-runtime-classes-check: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Ensure the split out runtime classes match the all-in-one file - run: | - pushd tools/packaging/kata-deploy/runtimeclasses/ - echo "::group::Combine runtime classes" - for runtimeClass in `find . -type f \( -name "*.yaml" -and -not -name "kata-runtimeClasses.yaml" \) | sort`; do - echo "Adding ${runtimeClass} to the resultingRuntimeClasses.yaml" - cat ${runtimeClass} >> resultingRuntimeClasses.yaml; - done - echo "::endgroup::" - echo "::group::Displaying the content of resultingRuntimeClasses.yaml" - cat resultingRuntimeClasses.yaml - echo "::endgroup::" - echo "" - echo "::group::Displaying the content of kata-runtimeClasses.yaml" - cat kata-runtimeClasses.yaml - echo "::endgroup::" - echo "" - diff resultingRuntimeClasses.yaml kata-runtimeClasses.yaml diff --git a/.github/workflows/move-issues-to-in-progress.yaml b/.github/workflows/move-issues-to-in-progress.yaml deleted file mode 100644 index 43583f9b0750..000000000000 --- a/.github/workflows/move-issues-to-in-progress.yaml +++ /dev/null @@ -1,91 +0,0 @@ -# Copyright (c) 2020 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 -# - -name: Move issues to "In progress" in backlog project when referenced by a PR - -on: - pull_request_target: - types: - - opened - - reopened - -jobs: - move-linked-issues-to-in-progress: - runs-on: ubuntu-latest - steps: - - name: Install hub - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - HUB_ARCH="amd64" - HUB_VER=$(curl -sL "https://api.github.com/repos/github/hub/releases/latest" |\ - jq -r .tag_name | sed 's/^v//') - curl -sL \ - "https://github.com/github/hub/releases/download/v${HUB_VER}/hub-linux-${HUB_ARCH}-${HUB_VER}.tgz" |\ - tar xz --strip-components=2 --wildcards '*/bin/hub' && \ - sudo install hub /usr/local/bin - - - name: Install hub extension script - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - # Clone into a temporary directory to avoid overwriting - # any existing github directory. - pushd $(mktemp -d) &>/dev/null - git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts - sudo install hub-util.sh /usr/local/bin - popd &>/dev/null - - - name: Checkout code to allow hub to communicate with the project - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ github.event.pull_request.base.ref }} - - - name: Move issue to "In progress" - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - env: - GITHUB_TOKEN: ${{ secrets.KATA_GITHUB_ACTIONS_TOKEN }} - run: | - pr=${{ github.event.pull_request.number }} - - linked_issue_urls=$(hub-util.sh \ - list-issues-for-pr "$pr" |\ - grep -v "^\#" |\ - cut -d';' -f3 || true) - - # PR doesn't have any linked issues, handle it only if it exists - [ -z "$linked_issue_urls" ] && { - echo "::warning::No linked issues for PR $pr" - exit 0 - } - - project_name="Issue backlog" - project_type="org" - project_column="In progress" - - for issue_url in $(echo "$linked_issue_urls") - do - issue=$(echo "$issue_url"| awk -F\/ '{print $NF}' || true) - - [ -z "$issue" ] && { - echo "::error::Cannot determine issue number from $issue_url for PR $pr" - exit 1 - } - - # Move the issue to the correct column on the project board - hub-util.sh \ - move-issue \ - "$issue" \ - "$project_name" \ - "$project_type" \ - "$project_column" - done diff --git a/.github/workflows/payload-after-push.yaml b/.github/workflows/payload-after-push.yaml index 588afb4a3ba2..1ada9e1f66ab 100644 --- a/.github/workflows/payload-after-push.yaml +++ b/.github/workflows/payload-after-push.yaml @@ -17,91 +17,13 @@ jobs: target-branch: ${{ github.ref_name }} secrets: inherit - build-assets-arm64: - uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml - with: - commit-hash: ${{ github.sha }} - push-to-registry: yes - target-branch: ${{ github.ref_name }} - secrets: inherit - - build-assets-s390x: - uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml - with: - commit-hash: ${{ github.sha }} - push-to-registry: yes - target-branch: ${{ github.ref_name }} - secrets: inherit - - build-assets-ppc64le: - uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml - with: - commit-hash: ${{ github.sha }} - push-to-registry: yes - target-branch: ${{ github.ref_name }} - secrets: inherit - publish-kata-deploy-payload-amd64: needs: build-assets-amd64 uses: ./.github/workflows/publish-kata-deploy-payload-amd64.yaml with: commit-hash: ${{ github.sha }} registry: quay.io - repo: kata-containers/kata-deploy-ci - tag: kata-containers-latest-amd64 - target-branch: ${{ github.ref_name }} - secrets: inherit - - publish-kata-deploy-payload-arm64: - needs: build-assets-arm64 - uses: ./.github/workflows/publish-kata-deploy-payload-arm64.yaml - with: - commit-hash: ${{ github.sha }} - registry: quay.io - repo: kata-containers/kata-deploy-ci - tag: kata-containers-latest-arm64 - target-branch: ${{ github.ref_name }} - secrets: inherit - - publish-kata-deploy-payload-s390x: - needs: build-assets-s390x - uses: ./.github/workflows/publish-kata-deploy-payload-s390x.yaml - with: - commit-hash: ${{ github.sha }} - registry: quay.io - repo: kata-containers/kata-deploy-ci - tag: kata-containers-latest-s390x + repo: kata-containers/kata-containers + tag: latest-amd64 target-branch: ${{ github.ref_name }} secrets: inherit - - publish-kata-deploy-payload-ppc64le: - needs: build-assets-ppc64le - uses: ./.github/workflows/publish-kata-deploy-payload-ppc64le.yaml - with: - commit-hash: ${{ github.sha }} - registry: quay.io - repo: kata-containers/kata-deploy-ci - tag: kata-containers-latest-ppc64le - target-branch: ${{ github.ref_name }} - secrets: inherit - - publish-manifest: - runs-on: ubuntu-latest - needs: [publish-kata-deploy-payload-amd64, publish-kata-deploy-payload-arm64, publish-kata-deploy-payload-s390x, publish-kata-deploy-payload-ppc64le] - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - name: Push multi-arch manifest - run: | - ./tools/packaging/release/release.sh publish-multiarch-manifest - env: - KATA_DEPLOY_IMAGE_TAGS: "kata-containers-latest" - KATA_DEPLOY_REGISTRIES: "quay.io/kata-containers/kata-deploy-ci" diff --git a/.github/workflows/publish-kata-deploy-payload-arm64.yaml b/.github/workflows/publish-kata-deploy-payload-arm64.yaml deleted file mode 100644 index 5a6737f7ae5b..000000000000 --- a/.github/workflows/publish-kata-deploy-payload-arm64.yaml +++ /dev/null @@ -1,71 +0,0 @@ -name: CI | Publish kata-deploy payload for arm64 -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - kata-payload: - runs-on: arm64-builder - steps: - - name: Adjust a permission for repo - run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-arm64${{ inputs.tarball-suffix }} - - - name: Login to Kata Containers quay.io - if: ${{ inputs.registry == 'quay.io' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - name: Login to Kata Containers ghcr.io - if: ${{ inputs.registry == 'ghcr.io' }} - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: build-and-push-kata-payload - id: build-and-push-kata-payload - run: | - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz \ - ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} - diff --git a/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml b/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml deleted file mode 100644 index 04f423d3e47e..000000000000 --- a/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml +++ /dev/null @@ -1,75 +0,0 @@ -name: CI | Publish kata-deploy payload for ppc64le -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - kata-payload: - runs-on: ppc64le - steps: - - name: Prepare the self-hosted runner - run: | - ${HOME}/scripts/prepare_runner.sh - sudo rm -rf $GITHUB_WORKSPACE/* - - - name: Adjust a permission for repo - run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-ppc64le${{ inputs.tarball-suffix }} - - - name: Login to Kata Containers quay.io - if: ${{ inputs.registry == 'quay.io' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - name: Login to Kata Containers ghcr.io - if: ${{ inputs.registry == 'ghcr.io' }} - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: build-and-push-kata-payload - id: build-and-push-kata-payload - run: | - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz \ - ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} diff --git a/.github/workflows/publish-kata-deploy-payload-s390x.yaml b/.github/workflows/publish-kata-deploy-payload-s390x.yaml deleted file mode 100644 index 23ad32880c6b..000000000000 --- a/.github/workflows/publish-kata-deploy-payload-s390x.yaml +++ /dev/null @@ -1,69 +0,0 @@ -name: CI | Publish kata-deploy payload for s390x -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - kata-payload: - runs-on: s390x - steps: - - name: Take a pre-action for self-hosted runner - run: ${HOME}/script/pre_action.sh ubuntu-2204 - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-s390x${{ inputs.tarball-suffix }} - - - name: Login to Kata Containers quay.io - if: ${{ inputs.registry == 'quay.io' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - name: Login to Kata Containers ghcr.io - if: ${{ inputs.registry == 'ghcr.io' }} - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: build-and-push-kata-payload - id: build-and-push-kata-payload - run: | - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz \ - ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} diff --git a/.github/workflows/release-arm64.yaml b/.github/workflows/release-arm64.yaml deleted file mode 100644 index 5003606e1ade..000000000000 --- a/.github/workflows/release-arm64.yaml +++ /dev/null @@ -1,59 +0,0 @@ -name: Publish Kata release artifacts for arm64 -on: - workflow_call: - inputs: - target-arch: - required: true - type: string - -jobs: - build-kata-static-tarball-arm64: - uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml - with: - push-to-registry: yes - stage: release - secrets: inherit - - kata-deploy: - needs: build-kata-static-tarball-arm64 - runs-on: arm64-builder - steps: - - name: Login to Kata Containers docker.io - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-arm64 - - - name: build-and-push-kata-deploy-ci-arm64 - id: build-and-push-kata-deploy-ci-arm64 - run: | - # We need to do such trick here as the format of the $GITHUB_REF - # is "refs/tags/" - tag=$(echo $GITHUB_REF | cut -d/ -f3-) - if [ "${tag}" = "main" ]; then - tag=$(./tools/packaging/release/release.sh release-version) - tags=(${tag} "latest") - else - tags=(${tag}) - fi - for tag in ${tags[@]}; do - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ - "${tag}-${{ inputs.target-arch }}" - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ - "${tag}-${{ inputs.target-arch }}" - done diff --git a/.github/workflows/release-ppc64le.yaml b/.github/workflows/release-ppc64le.yaml deleted file mode 100644 index 36f0379de53c..000000000000 --- a/.github/workflows/release-ppc64le.yaml +++ /dev/null @@ -1,64 +0,0 @@ -name: Publish Kata release artifacts for ppc64le -on: - workflow_call: - inputs: - target-arch: - required: true - type: string - -jobs: - build-kata-static-tarball-ppc64le: - uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml - with: - push-to-registry: yes - stage: release - secrets: inherit - - kata-deploy: - needs: build-kata-static-tarball-ppc64le - runs-on: ppc64le - steps: - - name: Prepare the self-hosted runner - run: | - bash ${HOME}/scripts/prepare_runner.sh - sudo rm -rf $GITHUB_WORKSPACE/* - - - name: Login to Kata Containers docker.io - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-ppc64le - - - name: build-and-push-kata-deploy-ci-ppc64le - id: build-and-push-kata-deploy-ci-ppc64le - run: | - # We need to do such trick here as the format of the $GITHUB_REF - # is "refs/tags/" - tag=$(echo $GITHUB_REF | cut -d/ -f3-) - if [ "${tag}" = "main" ]; then - tag=$(./tools/packaging/release/release.sh release-version) - tags=(${tag} "latest") - else - tags=(${tag}) - fi - for tag in ${tags[@]}; do - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ - "${tag}-${{ inputs.target-arch }}" - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ - "${tag}-${{ inputs.target-arch }}" - done diff --git a/.github/workflows/release-s390x.yaml b/.github/workflows/release-s390x.yaml deleted file mode 100644 index 1f42fe80333b..000000000000 --- a/.github/workflows/release-s390x.yaml +++ /dev/null @@ -1,62 +0,0 @@ -name: Publish Kata release artifacts for s390x -on: - workflow_call: - inputs: - target-arch: - required: true - type: string - -jobs: - build-kata-static-tarball-s390x: - uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml - with: - push-to-registry: yes - stage: release - secrets: inherit - - kata-deploy: - needs: build-kata-static-tarball-s390x - runs-on: s390x - steps: - - name: Take a pre-action for self-hosted runner - run: ${HOME}/script/pre_action.sh ubuntu-2204 - - - name: Login to Kata Containers docker.io - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-s390x - - - name: build-and-push-kata-deploy-ci-s390x - id: build-and-push-kata-deploy-ci-s390x - run: | - # We need to do such trick here as the format of the $GITHUB_REF - # is "refs/tags/" - tag=$(echo $GITHUB_REF | cut -d/ -f3-) - if [ "${tag}" = "main" ]; then - tag=$(./tools/packaging/release/release.sh release-version) - tags=(${tag} "latest") - else - tags=(${tag}) - fi - for tag in ${tags[@]}; do - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ - "${tag}-${{ inputs.target-arch }}" - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ - "${tag}-${{ inputs.target-arch }}" - done diff --git a/.github/workflows/run-cri-containerd-tests-ppc64le.yaml b/.github/workflows/run-cri-containerd-tests-ppc64le.yaml deleted file mode 100644 index 8a8a8e9c6640..000000000000 --- a/.github/workflows/run-cri-containerd-tests-ppc64le.yaml +++ /dev/null @@ -1,67 +0,0 @@ -name: CI | Run cri-containerd tests on ppc64le -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-cri-containerd: - strategy: - # We can set this to true whenever we're 100% sure that - # the all the tests are not flaky, otherwise we'll fail - # all the tests due to a single flaky instance - fail-fast: false - matrix: - containerd_version: ['active'] - vmm: ['qemu'] - runs-on: ppc64le - env: - CONTAINERD_VERSION: ${{ matrix.containerd_version }} - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - name: Adjust a permission for repo - run: sudo chown -R $USER:$USER $GITHUB_WORKSPACE - - - name: Prepare the self-hosted runner - run: | - bash ${HOME}/scripts/prepare_runner.sh cri-containerd - sudo rm -rf $GITHUB_WORKSPACE/* - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/cri-containerd/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-ppc64le${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/cri-containerd/gha-run.sh install-kata kata-artifacts - - - name: Run cri-containerd tests - run: bash tests/integration/cri-containerd/gha-run.sh run - - - name: Cleanup actions for the self hosted runner - run: ${HOME}/scripts/cleanup_runner.sh diff --git a/.github/workflows/run-cri-containerd-tests-s390x.yaml b/.github/workflows/run-cri-containerd-tests-s390x.yaml deleted file mode 100644 index 3321c93b03cd..000000000000 --- a/.github/workflows/run-cri-containerd-tests-s390x.yaml +++ /dev/null @@ -1,63 +0,0 @@ -name: CI | Run cri-containerd tests -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-cri-containerd: - strategy: - # We can set this to true whenever we're 100% sure that - # the all the tests are not flaky, otherwise we'll fail - # all the tests due to a single flaky instance - fail-fast: false - matrix: - containerd_version: ['active'] - vmm: ['qemu', 'qemu-runtime-rs'] - runs-on: s390x-large - env: - CONTAINERD_VERSION: ${{ matrix.containerd_version }} - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - name: Take a pre-action for self-hosted runner - run: ${HOME}/script/pre_action.sh ubuntu-2204 - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/cri-containerd/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-s390x${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/cri-containerd/gha-run.sh install-kata kata-artifacts - - - name: Run cri-containerd tests - run: bash tests/integration/cri-containerd/gha-run.sh run - - - name: Take a post-action for self-hosted runner - if: always() - run: ${HOME}/script/post_action.sh ubuntu-2204 diff --git a/.github/workflows/run-k8s-tests-on-aks.yaml b/.github/workflows/run-k8s-tests-on-aks.yaml deleted file mode 100644 index d3f98e13f4c7..000000000000 --- a/.github/workflows/run-k8s-tests-on-aks.yaml +++ /dev/null @@ -1,123 +0,0 @@ -name: CI | Run kubernetes tests on AKS -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - pr-number: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-k8s-tests: - strategy: - fail-fast: false - matrix: - host_os: - - ubuntu - vmm: - - clh - - dragonball - - qemu - - stratovirt - - cloud-hypervisor - instance-type: - - small - - normal - include: - - host_os: cbl-mariner - vmm: clh - instance-type: small - genpolicy-pull-method: oci-distribution - - host_os: cbl-mariner - vmm: clh - instance-type: small - genpolicy-pull-method: containerd - - host_os: cbl-mariner - vmm: clh - instance-type: normal - runs-on: ubuntu-latest - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - GH_PR_NUMBER: ${{ inputs.pr-number }} - KATA_HOST_OS: ${{ matrix.host_os }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBERNETES: "vanilla" - USING_NFD: "false" - K8S_TEST_HOST_TYPE: ${{ matrix.instance-type }} - GENPOLICY_PULL_METHOD: ${{ matrix.genpolicy-pull-method }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/kubernetes/gha-run.sh install-kata-tools kata-artifacts - - - name: Download Azure CLI - run: bash tests/integration/kubernetes/gha-run.sh install-azure-cli - - - name: Log into the Azure account - run: bash tests/integration/kubernetes/gha-run.sh login-azure - env: - AZ_APPID: ${{ secrets.AZ_APPID }} - AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} - AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} - AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} - - - name: Create AKS cluster - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh create-cluster - - - name: Install `bats` - run: bash tests/integration/kubernetes/gha-run.sh install-bats - - - name: Install `kubectl` - run: bash tests/integration/kubernetes/gha-run.sh install-kubectl - - - name: Download credentials for the Kubernetes CLI to use them - run: bash tests/integration/kubernetes/gha-run.sh get-cluster-credentials - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-aks - - - name: Run tests - timeout-minutes: 60 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Delete AKS cluster - if: always() - run: bash tests/integration/kubernetes/gha-run.sh delete-cluster diff --git a/.github/workflows/run-k8s-tests-on-ppc64le.yaml b/.github/workflows/run-k8s-tests-on-ppc64le.yaml deleted file mode 100644 index e8d7d929dc91..000000000000 --- a/.github/workflows/run-k8s-tests-on-ppc64le.yaml +++ /dev/null @@ -1,82 +0,0 @@ -name: CI | Run kubernetes tests on Power(ppc64le) -on: - workflow_call: - inputs: - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - pr-number: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-k8s-tests: - strategy: - fail-fast: false - matrix: - vmm: - - qemu - k8s: - - kubeadm - runs-on: k8s-ppc64le - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - PR_NUMBER: ${{ inputs.pr-number }} - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBERNETES: ${{ matrix.k8s }} - USING_NFD: "false" - TARGET_ARCH: "ppc64le" - steps: - - name: Prepare the self-hosted runner - run: | - bash ${HOME}/scripts/prepare_runner.sh kubernetes - sudo rm -rf $GITHUB_WORKSPACE/* - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install golang - run: | - ./tests/install_go.sh -f -p - echo "/usr/local/go/bin" >> $GITHUB_PATH - - - name: Prepare the runner for k8s cluster creation - run: bash ${HOME}/scripts/k8s_cluster_cleanup.sh - - - name: Create k8s cluster using kubeadm - run: bash ${HOME}/scripts/k8s_cluster_create.sh - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-kubeadm - - - name: Run tests - timeout-minutes: 30 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Delete cluster and post cleanup actions - run: bash ${HOME}/scripts/k8s_cluster_cleanup.sh diff --git a/.github/workflows/run-k8s-tests-on-zvsi.yaml b/.github/workflows/run-k8s-tests-on-zvsi.yaml deleted file mode 100644 index 1083f0a76386..000000000000 --- a/.github/workflows/run-k8s-tests-on-zvsi.yaml +++ /dev/null @@ -1,93 +0,0 @@ -name: CI | Run kubernetes tests on IBM Cloud Z virtual server instance (zVSI) -on: - workflow_call: - inputs: - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - pr-number: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-k8s-tests: - strategy: - fail-fast: false - matrix: - vmm: - - qemu - snapshotter: - - devmapper - - nydus - k8s: - - k3s - include: - - snapshotter: devmapper - pull-type: default - using-nfd: true - deploy-cmd: configure-snapshotter - - snapshotter: nydus - pull-type: guest-pull - using-nfd: false - deploy-cmd: deploy-snapshotter - runs-on: s390x-large - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - PR_NUMBER: ${{ inputs.pr-number }} - GH_PR_NUMBER: ${{ inputs.pr-number }} - KATA_HOST_OS: "ubuntu" - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBERNETES: "k3s" - PULL_TYPE: ${{ matrix.pull-type }} - SNAPSHOTTER: ${{ matrix.snapshotter }} - USING_NFD: ${{ matrix.using-nfd }} - TARGET_ARCH: "s390x" - steps: - - name: Take a pre-action for self-hosted runner - run: ${HOME}/script/pre_action.sh ubuntu-2204 - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Deploy ${{ matrix.k8s }} - run: bash tests/integration/kubernetes/gha-run.sh deploy-k8s - - - name: Configure the ${{ matrix.snapshotter }} snapshotter - run: bash tests/integration/kubernetes/gha-run.sh ${{ matrix.deploy-cmd }} - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-zvsi - - - name: Run tests - timeout-minutes: 60 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Take a post-action - if: always() - run: | - bash tests/integration/kubernetes/gha-run.sh cleanup-zvsi || true - ${HOME}/script/post_action.sh ubuntu-2204 diff --git a/.github/workflows/run-k8s-tests-on-garm.yaml b/.github/workflows/run-k8s-tests-with-containerd.yaml similarity index 72% rename from .github/workflows/run-k8s-tests-on-garm.yaml rename to .github/workflows/run-k8s-tests-with-containerd.yaml index e17dc88289a5..b1f77751adb9 100644 --- a/.github/workflows/run-k8s-tests-on-garm.yaml +++ b/.github/workflows/run-k8s-tests-with-containerd.yaml @@ -28,23 +28,13 @@ jobs: fail-fast: false matrix: vmm: - - clh #cloud-hypervisor - - dragonball - - fc #firecracker - qemu - - cloud-hypervisor - snapshotter: - - devmapper k8s: - k3s + - k0s + - rke2 instance: - - garm-ubuntu-2004 - - garm-ubuntu-2004-smaller - include: - - instance: garm-ubuntu-2004 - instance-type: normal - - instance: garm-ubuntu-2004-smaller - instance-type: small + - ubuntu-latest runs-on: ${{ matrix.instance }} env: DOCKER_REGISTRY: ${{ inputs.registry }} @@ -53,9 +43,8 @@ jobs: PR_NUMBER: ${{ inputs.pr-number }} KATA_HYPERVISOR: ${{ matrix.vmm }} KUBERNETES: ${{ matrix.k8s }} - SNAPSHOTTER: ${{ matrix.snapshotter }} USING_NFD: "false" - K8S_TEST_HOST_TYPE: ${{ matrix.instance-type }} + K8S_TEST_HOST_TYPE: baremetal #run all tests steps: - uses: actions/checkout@v4 with: @@ -71,9 +60,6 @@ jobs: - name: Deploy ${{ matrix.k8s }} run: bash tests/integration/kubernetes/gha-run.sh deploy-k8s - - name: Configure the ${{ matrix.snapshotter }} snapshotter - run: bash tests/integration/kubernetes/gha-run.sh configure-snapshotter - - name: Deploy Kata timeout-minutes: 10 run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-garm @@ -82,7 +68,7 @@ jobs: run: bash tests/integration/kubernetes/gha-run.sh install-bats - name: Run tests - timeout-minutes: 30 + timeout-minutes: 45 run: bash tests/integration/kubernetes/gha-run.sh run-tests - name: Collect artifacts ${{ matrix.vmm }} @@ -91,7 +77,7 @@ jobs: - name: Archive artifacts ${{ matrix.vmm }} uses: actions/upload-artifact@v4 with: - name: k8s-tests-garm-${{ matrix.vmm }}-${{ matrix.snapshotter }}-${{ matrix.k8s }}-${{ matrix.instance }}-${{ inputs.tag }} + name: k8s-tests-with-containerd-${{ matrix.vmm }}-${{ matrix.k8s }}-${{ matrix.instance }}-${{ inputs.tag }} path: /tmp/artifacts retention-days: 1 diff --git a/.github/workflows/run-kata-coco-tests.yaml b/.github/workflows/run-kata-coco-tests.yaml deleted file mode 100644 index d2280ef545f5..000000000000 --- a/.github/workflows/run-kata-coco-tests.yaml +++ /dev/null @@ -1,293 +0,0 @@ -name: CI | Run kata coco tests -on: - workflow_call: - inputs: - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - pr-number: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-k8s-tests-on-tdx: - strategy: - fail-fast: false - matrix: - vmm: - - qemu-tdx - snapshotter: - - nydus - pull-type: - - guest-pull - runs-on: tdx - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - PR_NUMBER: ${{ inputs.pr-number }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBERNETES: "k3s" - USING_NFD: "true" - KBS: "true" - K8S_TEST_HOST_TYPE: "baremetal" - KBS_INGRESS: "nodeport" - SNAPSHOTTER: ${{ matrix.snapshotter }} - PULL_TYPE: ${{ matrix.pull-type }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Deploy Snapshotter - timeout-minutes: 5 - run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-tdx - - - name: Uninstall previous `kbs-client` - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client - - - name: Deploy CoCo KBS - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs - - - name: Install `kbs-client` - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client - - - name: Run tests - timeout-minutes: 30 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Delete kata-deploy - if: always() - run: bash tests/integration/kubernetes/gha-run.sh cleanup-tdx - - - name: Delete Snapshotter - if: always() - run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter - - - name: Delete CoCo KBS - if: always() - run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs - - run-k8s-tests-on-sev: - strategy: - fail-fast: false - matrix: - vmm: - - qemu-sev - snapshotter: - - nydus - pull-type: - - guest-pull - runs-on: sev - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - PR_NUMBER: ${{ inputs.pr-number }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBECONFIG: /home/kata/.kube/config - KUBERNETES: "vanilla" - USING_NFD: "false" - K8S_TEST_HOST_TYPE: "baremetal" - SNAPSHOTTER: ${{ matrix.snapshotter }} - PULL_TYPE: ${{ matrix.pull-type }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Deploy Snapshotter - timeout-minutes: 5 - run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-sev - - - name: Run tests - timeout-minutes: 30 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Delete kata-deploy - if: always() - run: bash tests/integration/kubernetes/gha-run.sh cleanup-sev - - - name: Delete Snapshotter - if: always() - run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter - - run-k8s-tests-sev-snp: - strategy: - fail-fast: false - matrix: - vmm: - - qemu-snp - snapshotter: - - nydus - pull-type: - - guest-pull - runs-on: sev-snp - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - PR_NUMBER: ${{ inputs.pr-number }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBECONFIG: /home/kata/.kube/config - KUBERNETES: "vanilla" - USING_NFD: "false" - K8S_TEST_HOST_TYPE: "baremetal" - SNAPSHOTTER: ${{ matrix.snapshotter }} - PULL_TYPE: ${{ matrix.pull-type }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Deploy Snapshotter - timeout-minutes: 5 - run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-snp - - - name: Run tests - timeout-minutes: 30 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Delete kata-deploy - if: always() - run: bash tests/integration/kubernetes/gha-run.sh cleanup-snp - - - name: Delete Snapshotter - if: always() - run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter - - # Generate jobs for testing CoCo on non-TEE environments - run-k8s-tests-coco-nontee: - strategy: - fail-fast: false - matrix: - vmm: - - qemu-coco-dev - snapshotter: - - nydus - pull-type: - - guest-pull - runs-on: ubuntu-latest - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - GH_PR_NUMBER: ${{ inputs.pr-number }} - KATA_HOST_OS: ${{ matrix.host_os }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - # Some tests rely on that variable to run (or not) - KBS: "true" - # Set the KBS ingress handler (empty string disables handling) - KBS_INGRESS: "aks" - KUBERNETES: "vanilla" - PULL_TYPE: ${{ matrix.pull-type }} - SNAPSHOTTER: ${{ matrix.snapshotter }} - USING_NFD: "false" - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Download Azure CLI - run: bash tests/integration/kubernetes/gha-run.sh install-azure-cli - - - name: Log into the Azure account - run: bash tests/integration/kubernetes/gha-run.sh login-azure - env: - AZ_APPID: ${{ secrets.AZ_APPID }} - AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} - AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} - AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} - - - name: Create AKS cluster - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh create-cluster - - - name: Install `bats` - run: bash tests/integration/kubernetes/gha-run.sh install-bats - - - name: Install `kubectl` - run: bash tests/integration/kubernetes/gha-run.sh install-kubectl - - - name: Download credentials for the Kubernetes CLI to use them - run: bash tests/integration/kubernetes/gha-run.sh get-cluster-credentials - - - name: Deploy Snapshotter - timeout-minutes: 5 - run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-aks - - - name: Deploy CoCo KBS - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs - - - name: Install `kbs-client` - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client - - - name: Run tests - timeout-minutes: 60 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Delete AKS cluster - if: always() - run: bash tests/integration/kubernetes/gha-run.sh delete-cluster diff --git a/.github/workflows/run-kata-deploy-tests-on-aks.yaml b/.github/workflows/run-kata-deploy-tests-on-aks.yaml deleted file mode 100644 index a5401c2c17ae..000000000000 --- a/.github/workflows/run-kata-deploy-tests-on-aks.yaml +++ /dev/null @@ -1,90 +0,0 @@ -name: CI | Run kata-deploy tests on AKS -on: - workflow_call: - inputs: - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - pr-number: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-kata-deploy-tests: - strategy: - fail-fast: false - matrix: - host_os: - - ubuntu - vmm: - - clh - - dragonball - - qemu - include: - - host_os: cbl-mariner - vmm: clh - runs-on: ubuntu-latest - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - GH_PR_NUMBER: ${{ inputs.pr-number }} - KATA_HOST_OS: ${{ matrix.host_os }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBERNETES: "vanilla" - USING_NFD: "false" - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Download Azure CLI - run: bash tests/functional/kata-deploy/gha-run.sh install-azure-cli - - - name: Log into the Azure account - run: bash tests/functional/kata-deploy/gha-run.sh login-azure - env: - AZ_APPID: ${{ secrets.AZ_APPID }} - AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} - AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} - AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} - - - name: Create AKS cluster - timeout-minutes: 10 - run: bash tests/functional/kata-deploy/gha-run.sh create-cluster - - - name: Install `bats` - run: bash tests/functional/kata-deploy/gha-run.sh install-bats - - - name: Install `kubectl` - run: bash tests/functional/kata-deploy/gha-run.sh install-kubectl - - - name: Download credentials for the Kubernetes CLI to use them - run: bash tests/functional/kata-deploy/gha-run.sh get-cluster-credentials - - - name: Run tests - run: bash tests/functional/kata-deploy/gha-run.sh run-tests - - - name: Delete AKS cluster - if: always() - run: bash tests/functional/kata-deploy/gha-run.sh delete-cluster diff --git a/.github/workflows/run-kata-deploy-tests-on-garm.yaml b/.github/workflows/run-kata-deploy-tests-on-garm.yaml deleted file mode 100644 index 7514a27b6493..000000000000 --- a/.github/workflows/run-kata-deploy-tests-on-garm.yaml +++ /dev/null @@ -1,65 +0,0 @@ -name: CI | Run kata-deploy tests on GARM -on: - workflow_call: - inputs: - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - pr-number: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-kata-deploy-tests: - strategy: - fail-fast: false - matrix: - vmm: - - clh - - qemu - k8s: - - k0s - - k3s - - rke2 - runs-on: garm-ubuntu-2004-smaller - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - PR_NUMBER: ${{ inputs.pr-number }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBERNETES: ${{ matrix.k8s }} - USING_NFD: "false" - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Deploy ${{ matrix.k8s }} - run: bash tests/functional/kata-deploy/gha-run.sh deploy-k8s - - - name: Install `bats` - run: bash tests/functional/kata-deploy/gha-run.sh install-bats - - - name: Run tests - run: bash tests/functional/kata-deploy/gha-run.sh run-tests diff --git a/.github/workflows/run-kata-monitor-tests.yaml b/.github/workflows/run-kata-monitor-tests.yaml deleted file mode 100644 index 4a2c9bc3a7aa..000000000000 --- a/.github/workflows/run-kata-monitor-tests.yaml +++ /dev/null @@ -1,59 +0,0 @@ -name: CI | Run kata-monitor tests -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-monitor: - strategy: - fail-fast: false - matrix: - vmm: - - qemu - container_engine: - - crio - - containerd - include: - - container_engine: containerd - containerd_version: lts - runs-on: garm-ubuntu-2204-smaller - env: - CONTAINER_ENGINE: ${{ matrix.container_engine }} - CONTAINERD_VERSION: ${{ matrix.containerd_version }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/functional/kata-monitor/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/functional/kata-monitor/gha-run.sh install-kata kata-artifacts - - - name: Run kata-monitor tests - run: bash tests/functional/kata-monitor/gha-run.sh run diff --git a/.github/workflows/run-metrics.yaml b/.github/workflows/run-metrics.yaml deleted file mode 100644 index 37fde9af42cc..000000000000 --- a/.github/workflows/run-metrics.yaml +++ /dev/null @@ -1,94 +0,0 @@ -name: CI | Run test metrics -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - setup-kata: - name: Kata Setup - runs-on: metrics - env: - GOPATH: ${{ github.workspace }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/metrics/gha-run.sh install-kata kata-artifacts - - run-metrics: - needs: setup-kata - strategy: - # We can set this to true whenever we're 100% sure that - # the all the tests are not flaky, otherwise we'll fail - # all the tests due to a single flaky instance. - fail-fast: false - matrix: - vmm: ['clh', 'qemu', 'stratovirt'] - max-parallel: 1 - runs-on: metrics - env: - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - name: enabling the hypervisor - run: bash tests/metrics/gha-run.sh enabling-hypervisor - - - name: run launch times test - run: bash tests/metrics/gha-run.sh run-test-launchtimes - - - name: run memory foot print test - run: bash tests/metrics/gha-run.sh run-test-memory-usage - - - name: run memory usage inside container test - run: bash tests/metrics/gha-run.sh run-test-memory-usage-inside-container - - - name: run blogbench test - run: bash tests/metrics/gha-run.sh run-test-blogbench - - - name: run tensorflow test - run: bash tests/metrics/gha-run.sh run-test-tensorflow - - - name: run fio test - run: bash tests/metrics/gha-run.sh run-test-fio - - - name: run iperf test - run: bash tests/metrics/gha-run.sh run-test-iperf - - - name: run latency test - run: bash tests/metrics/gha-run.sh run-test-latency - - - name: make metrics tarball ${{ matrix.vmm }} - run: bash tests/metrics/gha-run.sh make-tarball-results - - - name: archive metrics results ${{ matrix.vmm }} - uses: actions/upload-artifact@v4 - with: - name: metrics-artifacts-${{ matrix.vmm }} - path: results-${{ matrix.vmm }}.tar.gz - retention-days: 1 - if-no-files-found: error diff --git a/.github/workflows/run-runk-tests.yaml b/.github/workflows/run-runk-tests.yaml deleted file mode 100644 index b5105572126b..000000000000 --- a/.github/workflows/run-runk-tests.yaml +++ /dev/null @@ -1,46 +0,0 @@ -name: CI | Run runk tests -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-runk: - runs-on: garm-ubuntu-2204-smaller - env: - CONTAINERD_VERSION: lts - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/runk/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/runk/gha-run.sh install-kata kata-artifacts - - - name: Run runk tests - run: bash tests/integration/runk/gha-run.sh run diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml deleted file mode 100644 index 5565543236b2..000000000000 --- a/.github/workflows/stale.yaml +++ /dev/null @@ -1,17 +0,0 @@ -name: 'Automatically close stale PRs' -on: - schedule: - - cron: '0 0 * * *' - workflow_dispatch: - -jobs: - stale: - runs-on: ubuntu-latest - steps: - - uses: actions/stale@v9 - with: - stale-pr-message: 'This PR has been opened without with no activity for 180 days. Comment on the issue otherwise it will be closed in 7 days' - days-before-pr-stale: 180 - days-before-pr-close: 7 - days-before-issue-stale: -1 - days-before-issue-close: -1 diff --git a/.github/workflows/static-checks-self-hosted.yaml b/.github/workflows/static-checks-self-hosted.yaml deleted file mode 100644 index 2b47bb6a6ae8..000000000000 --- a/.github/workflows/static-checks-self-hosted.yaml +++ /dev/null @@ -1,26 +0,0 @@ -on: - pull_request: - types: - - opened - - synchronize - - reopened - - labeled # a workflow runs only when the 'ok-to-test' label is added - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -name: Static checks self-hosted -jobs: - build-checks: - if: ${{ contains(github.event.pull_request.labels.*.name, 'ok-to-test') }} - strategy: - fail-fast: false - matrix: - instance: - - "arm-no-k8s" - - "s390x" - - "ppc64le" - uses: ./.github/workflows/build-checks.yaml - with: - instance: ${{ matrix.instance }} diff --git a/.github/workflows/static-checks.yaml b/.github/workflows/static-checks.yaml deleted file mode 100644 index 3a232177b356..000000000000 --- a/.github/workflows/static-checks.yaml +++ /dev/null @@ -1,111 +0,0 @@ -on: - pull_request: - types: - - opened - - edited - - reopened - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -name: Static checks -jobs: - check-kernel-config-version: - runs-on: ubuntu-latest - steps: - - name: Checkout the code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Ensure the kernel config version has been updated - run: | - kernel_dir="tools/packaging/kernel/" - kernel_version_file="${kernel_dir}kata_config_version" - modified_files=$(git diff --name-only origin/$GITHUB_BASE_REF..HEAD) - if git diff --name-only origin/$GITHUB_BASE_REF..HEAD "${kernel_dir}" | grep "${kernel_dir}"; then - echo "Kernel directory has changed, checking if $kernel_version_file has been updated" - if echo "$modified_files" | grep -v "README.md" | grep "${kernel_dir}" >>"/dev/null"; then - echo "$modified_files" | grep "$kernel_version_file" >>/dev/null || ( echo "Please bump version in $kernel_version_file" && exit 1) - else - echo "Readme file changed, no need for kernel config version update." - fi - echo "Check passed" - fi - - build-checks: - uses: ./.github/workflows/build-checks.yaml - with: - instance: ubuntu-20.04 - - build-checks-depending-on-kvm: - runs-on: garm-ubuntu-2004-smaller - strategy: - fail-fast: false - matrix: - component: - - runtime-rs - include: - - component: runtime-rs - command: "sudo -E env PATH=$PATH LIBC=gnu SUPPORT_VIRTUALIZATION=true make test" - - component: runtime-rs - component-path: src/dragonball - steps: - - name: Checkout the code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Install system deps - run: | - sudo apt-get install -y build-essential musl-tools - - name: Install yq - run: | - sudo -E ./ci/install_yq.sh - env: - INSTALL_IN_GOPATH: false - - name: Install rust - run: | - export PATH="$PATH:/usr/local/bin" - ./tests/install_rust.sh - - name: Running `${{ matrix.command }}` for ${{ matrix.component }} - run: | - export PATH="$PATH:${HOME}/.cargo/bin" - cd ${{ matrix.component-path }} - ${{ matrix.command }} - env: - RUST_BACKTRACE: "1" - - static-checks: - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - cmd: - - "make static-checks" - env: - GOPATH: ${{ github.workspace }} - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - path: ./src/github.com/${{ github.repository }} - - name: Install yq - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} - ./ci/install_yq.sh - env: - INSTALL_IN_GOPATH: false - - name: Install golang - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} - ./tests/install_go.sh -f -p - echo "/usr/local/go/bin" >> $GITHUB_PATH - - name: Install system dependencies - run: | - sudo apt-get -y install moreutils hunspell hunspell-en-gb hunspell-en-us pandoc - - name: Run check - run: | - export PATH=${PATH}:${GOPATH}/bin - cd ${GOPATH}/src/github.com/${{ github.repository }} && ${{ matrix.cmd }} diff --git a/tests/integration/kubernetes/gha-run.sh b/tests/integration/kubernetes/gha-run.sh index 9f8192ea669a..b70a44f8dacb 100755 --- a/tests/integration/kubernetes/gha-run.sh +++ b/tests/integration/kubernetes/gha-run.sh @@ -235,8 +235,12 @@ function deploy_kata() { echo "::endgroup::" kubectl apply -f "${tools_dir}/packaging/kata-deploy/kata-rbac/base/kata-rbac.yaml" - if [ "${KUBERNETES}" = "k3s" ]; then + if [ "${KUBERNETES}" = "k0s" ]; then + kubectl apply -k "${tools_dir}/packaging/kata-deploy/kata-deploy/overlays/k0s" + elif [ "${KUBERNETES}" = "k3s" ]; then kubectl apply -k "${tools_dir}/packaging/kata-deploy/kata-deploy/overlays/k3s" + elif [ "${KUBERNETES}" = "rke2" ]; then + kubectl apply -k "${tools_dir}/packaging/kata-deploy/kata-deploy/overlays/rke2" else kubectl apply -f "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml" fi @@ -388,9 +392,15 @@ function collect_artifacts() { function cleanup_kata_deploy() { ensure_yq - if [ "${KUBERNETES}" = "k3s" ]; then + if [ "${KUBERNETES}" = "k0s" ]; then + deploy_spec="-k "${tools_dir}/packaging/kata-deploy/kata-deploy/overlays/k0s"" + cleanup_spec="-k "${tools_dir}/packaging/kata-deploy/kata-cleanup/overlays/k0s"" + elif [ "${KUBERNETES}" = "k3s" ]; then deploy_spec="-k "${tools_dir}/packaging/kata-deploy/kata-deploy/overlays/k3s"" cleanup_spec="-k "${tools_dir}/packaging/kata-deploy/kata-cleanup/overlays/k3s"" + elif [ "${KUBERNETES}" = "rke2" ]; then + deploy_spec="-k "${tools_dir}/packaging/kata-deploy/kata-deploy/overlays/rke2"" + cleanup_spec="-k "${tools_dir}/packaging/kata-deploy/kata-cleanup/overlays/rke2"" else deploy_spec="-f "${tools_dir}/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml"" cleanup_spec="-f "${tools_dir}/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml""