From 40b2b2a43a0725457a6108a01847da3c5105c064 Mon Sep 17 00:00:00 2001 From: Hyounggyu Choi Date: Mon, 5 Feb 2024 11:32:00 +0100 Subject: [PATCH] gha: Run static-checks on self-hosted runners conditionally Due to the restrictions on instance provisioning for self-hosted runners, performing static checks (36 jobs at the time of writing) on them each time a PR is updated could significantly burden them, consequently slowing down the entire CI system. To address this, the decision is to trigger these checks only when an 'ok-to-test' label is added. Meanwhile, the checks for x86_64, which are supported by GitHub-hosted runners, will remain unchanged. Fixes: #8998 Signed-off-by: Hyounggyu Choi --- .github/workflows/build-checks.yaml | 113 ++++++++++++++++++ .../workflows/static-checks-self-hosted.yaml | 26 ++++ .github/workflows/static-checks.yaml | 110 +---------------- 3 files changed, 142 insertions(+), 107 deletions(-) create mode 100644 .github/workflows/build-checks.yaml create mode 100644 .github/workflows/static-checks-self-hosted.yaml diff --git a/.github/workflows/build-checks.yaml b/.github/workflows/build-checks.yaml new file mode 100644 index 0000000000..3d58d21aa1 --- /dev/null +++ b/.github/workflows/build-checks.yaml @@ -0,0 +1,113 @@ +on: + workflow_call: + inputs: + instance: + required: true + type: string + +name: Build checks +jobs: + check: + runs-on: ${{ inputs.instance }} + strategy: + fail-fast: false + matrix: + component: + - agent + - dragonball + - runtime + - runtime-rs + - agent-ctl + - kata-ctl + - runk + - trace-forwarder + - genpolicy + command: + - "make vendor" + - "make check" + - "make test" + - "sudo -E PATH=\"$PATH\" make test" + include: + - component: agent + component-path: src/agent + - component: dragonball + component-path: src/dragonball + - component: runtime + component-path: src/runtime + - component: runtime-rs + component-path: src/runtime-rs + - component: agent-ctl + component-path: src/tools/agent-ctl + - component: kata-ctl + component-path: src/tools/kata-ctl + - component: runk + component-path: src/tools/runk + - component: trace-forwarder + component-path: src/tools/trace-forwarder + - install-libseccomp: no + - component: agent + install-libseccomp: yes + - component: runk + install-libseccomp: yes + - component: genpolicy + component-path: src/tools/genpolicy + steps: + - name: Adjust a permission for repo + run: | + sudo chown -R $USER:$USER $GITHUB_WORKSPACE $HOME + sudo rm -rf $GITHUB_WORKSPACE/* + sudo rm -f /tmp/kata_hybrid* # Sometime we got leftover from test_setup_hvsock_failed() + if: ${{ inputs.instance != 'ubuntu-20.04' }} + + - name: Checkout the code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install yq + run: | + ./ci/install_yq.sh + env: + INSTALL_IN_GOPATH: false + - name: Install golang + if: ${{ matrix.component == 'runtime' }} + run: | + ./tests/install_go.sh -f -p + echo "/usr/local/go/bin" >> $GITHUB_PATH + - name: Install rust + if: ${{ matrix.component != 'runtime' }} + run: | + ./tests/install_rust.sh + echo "${HOME}/.cargo/bin" >> $GITHUB_PATH + - name: Install musl-tools + if: ${{ matrix.component != 'runtime' }} + run: sudo apt-get -y install musl-tools + - name: Install devicemapper + if: ${{ matrix.command == 'make check' && matrix.component == 'agent' }} + run: sudo apt-get -y install libdevmapper-dev + - name: Install libseccomp + if: ${{ matrix.command != 'make vendor' && matrix.command != 'make check' && matrix.install-libseccomp == 'yes' }} + run: | + libseccomp_install_dir=$(mktemp -d -t libseccomp.XXXXXXXXXX) + gperf_install_dir=$(mktemp -d -t gperf.XXXXXXXXXX) + ./ci/install_libseccomp.sh "${libseccomp_install_dir}" "${gperf_install_dir}" + echo "Set environment variables for the libseccomp crate to link the libseccomp library statically" + echo "LIBSECCOMP_LINK_TYPE=static" >> $GITHUB_ENV + echo "LIBSECCOMP_LIB_PATH=${libseccomp_install_dir}/lib" >> $GITHUB_ENV + - name: Install protobuf-compiler + if: ${{ matrix.command == 'make check' && matrix.component == 'agent' }} + run: sudo apt-get -y install protobuf-compiler + - name: Install clang + if: ${{ matrix.command == 'make check' && matrix.component == 'agent' }} + run: sudo apt-get -y install clang + - name: Setup XDG_RUNTIME_DIR for the `runtime` tests + if: ${{ matrix.command != 'make vendor' && matrix.command != 'make check' && matrix.component == 'runtime' }} + run: | + XDG_RUNTIME_DIR=$(mktemp -d /tmp/kata-tests-$USER.XXX | tee >(xargs chmod 0700)) + echo "XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR}" >> $GITHUB_ENV + - name: Running `${{ matrix.command }}` for ${{ matrix.component }} + run: | + cd ${{ matrix.component-path }} + ${{ matrix.command }} + env: + RUST_BACKTRACE: "1" diff --git a/.github/workflows/static-checks-self-hosted.yaml b/.github/workflows/static-checks-self-hosted.yaml new file mode 100644 index 0000000000..2b47bb6a6a --- /dev/null +++ b/.github/workflows/static-checks-self-hosted.yaml @@ -0,0 +1,26 @@ +on: + pull_request: + types: + - opened + - synchronize + - reopened + - labeled # a workflow runs only when the 'ok-to-test' label is added + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +name: Static checks self-hosted +jobs: + build-checks: + if: ${{ contains(github.event.pull_request.labels.*.name, 'ok-to-test') }} + strategy: + fail-fast: false + matrix: + instance: + - "arm-no-k8s" + - "s390x" + - "ppc64le" + uses: ./.github/workflows/build-checks.yaml + with: + instance: ${{ matrix.instance }} diff --git a/.github/workflows/static-checks.yaml b/.github/workflows/static-checks.yaml index fe882e19e5..3a232177b3 100644 --- a/.github/workflows/static-checks.yaml +++ b/.github/workflows/static-checks.yaml @@ -35,113 +35,9 @@ jobs: fi build-checks: - strategy: - fail-fast: false - matrix: - component: - - agent - - dragonball - - runtime - - runtime-rs - - agent-ctl - - kata-ctl - - runk - - trace-forwarder - - genpolicy - command: - - "make vendor" - - "make check" - - "make test" - - "sudo -E PATH=\"$PATH\" make test" - include: - - component: agent - component-path: src/agent - - component: dragonball - component-path: src/dragonball - - component: runtime - component-path: src/runtime - - component: runtime-rs - component-path: src/runtime-rs - - component: agent-ctl - component-path: src/tools/agent-ctl - - component: kata-ctl - component-path: src/tools/kata-ctl - - component: runk - component-path: src/tools/runk - - component: trace-forwarder - component-path: src/tools/trace-forwarder - - install-libseccomp: no - - component: agent - install-libseccomp: yes - - component: runk - install-libseccomp: yes - - component: genpolicy - component-path: src/tools/genpolicy - instance: - - "ubuntu-20.04" - - "arm-no-k8s" - - "s390x" - - "ppc64le" - runs-on: ${{ matrix.instance }} - steps: - - name: Adjust a permission for repo - run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE $HOME - sudo rm -rf $GITHUB_WORKSPACE/* - sudo rm -f /tmp/kata_hybrid* # Sometime we got leftover from test_setup_hvsock_failed() - if: ${{ matrix.instance != 'ubuntu-20.04' }} - - - name: Checkout the code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Install yq - run: | - ./ci/install_yq.sh - env: - INSTALL_IN_GOPATH: false - - name: Install golang - if: ${{ matrix.component == 'runtime' }} - run: | - ./tests/install_go.sh -f -p - echo "/usr/local/go/bin" >> $GITHUB_PATH - - name: Install rust - if: ${{ matrix.component != 'runtime' }} - run: | - ./tests/install_rust.sh - echo "${HOME}/.cargo/bin" >> $GITHUB_PATH - - name: Install musl-tools - if: ${{ matrix.component != 'runtime' }} - run: sudo apt-get -y install musl-tools - - name: Install devicemapper - if: ${{ matrix.command == 'make check' && matrix.component == 'agent' }} - run: sudo apt-get -y install libdevmapper-dev - - name: Install libseccomp - if: ${{ matrix.command != 'make vendor' && matrix.command != 'make check' && matrix.install-libseccomp == 'yes' }} - run: | - libseccomp_install_dir=$(mktemp -d -t libseccomp.XXXXXXXXXX) - gperf_install_dir=$(mktemp -d -t gperf.XXXXXXXXXX) - ./ci/install_libseccomp.sh "${libseccomp_install_dir}" "${gperf_install_dir}" - echo "Set environment variables for the libseccomp crate to link the libseccomp library statically" - echo "LIBSECCOMP_LINK_TYPE=static" >> $GITHUB_ENV - echo "LIBSECCOMP_LIB_PATH=${libseccomp_install_dir}/lib" >> $GITHUB_ENV - - name: Install protobuf-compiler - if: ${{ matrix.command == 'make check' && matrix.component == 'agent' }} - run: sudo apt-get -y install protobuf-compiler - - name: Install clang - if: ${{ matrix.command == 'make check' && matrix.component == 'agent' }} - run: sudo apt-get -y install clang - - name: Setup XDG_RUNTIME_DIR for the `runtime` tests - if: ${{ matrix.command != 'make vendor' && matrix.command != 'make check' && matrix.component == 'runtime' }} - run: | - XDG_RUNTIME_DIR=$(mktemp -d /tmp/kata-tests-$USER.XXX | tee >(xargs chmod 0700)) - echo "XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR}" >> $GITHUB_ENV - - name: Running `${{ matrix.command }}` for ${{ matrix.component }} - run: | - cd ${{ matrix.component-path }} - ${{ matrix.command }} - env: - RUST_BACKTRACE: "1" + uses: ./.github/workflows/build-checks.yaml + with: + instance: ubuntu-20.04 build-checks-depending-on-kvm: runs-on: garm-ubuntu-2004-smaller