ci: Run runtime-rs tests for TDX on nightly

As we're in the process to stabilise runtime-rs for the coming 4.0.0 release, we better start running as many tests as possible with that. The TDX runtime-rs job is gated to nightly runs only (pr-number == "nightly") since we only have a single TDX machine and cannot afford to run both qemu-tdx and qemu-tdx-runtime-rs on every PR. Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
2026-05-15 03:33:05 +00:00 · 2026-05-03 18:05:17 +02:00
parent 8c3c7aa871
commit 51d5f2ea7b
1 changed files with 18 additions and 3 deletions
--- a/.github/workflows/run-kata-coco-tests.yaml
+++ b/.github/workflows/run-kata-coco-tests.yaml
@@ -57,6 +57,8 @@ jobs:
        include:
          - runner: tdx
            vmm: qemu-tdx
+          - runner: tdx
+            vmm: qemu-tdx-runtime-rs
          - runner: sev-snp
            vmm: qemu-snp
          - runner: sev-snp
@@ -81,58 +83,71 @@ jobs:
      AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
      AUTO_GENERATE_POLICY: "yes"
    steps:
+      - name: Skip non-nightly TDX runtime-rs
+        if: ${{ matrix.vmm == 'qemu-tdx-runtime-rs' && inputs.pr-number != 'nightly' }}
+        run: echo "SKIP_JOB=true" >> "${GITHUB_ENV}"
+
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        if: ${{ env.SKIP_JOB != 'true' }}
        with:
          ref: ${{ inputs.commit-hash }}
          fetch-depth: 0
          persist-credentials: false

      - name: Rebase atop of the latest target branch
+        if: ${{ env.SKIP_JOB != 'true' }}
        run: |
          ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
        env:
          TARGET_BRANCH: ${{ inputs.target-branch }}

      - name: get-kata-tools-tarball
+        if: ${{ env.SKIP_JOB != 'true' }}
        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          name: kata-tools-static-tarball-amd64${{ inputs.tarball-suffix }}
          path: kata-tools-artifacts

      - name: Install kata-tools
+        if: ${{ env.SKIP_JOB != 'true' }}
        run: bash tests/integration/kubernetes/gha-run.sh install-kata-tools kata-tools-artifacts

      - name: Deploy Kata
+        if: ${{ env.SKIP_JOB != 'true' }}
        timeout-minutes: 20
        run: bash tests/integration/kubernetes/gha-run.sh deploy-kata

      - name: Uninstall previous `kbs-client`
+        if: ${{ env.SKIP_JOB != 'true' }}
        timeout-minutes: 10
        run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client

      - name: Deploy CoCo KBS
+        if: ${{ env.SKIP_JOB != 'true' }}
        timeout-minutes: 10
        run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs

      - name: Install `kbs-client`
+        if: ${{ env.SKIP_JOB != 'true' }}
        timeout-minutes: 10
        run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client

      - name: Run tests
+        if: ${{ env.SKIP_JOB != 'true' }}
        timeout-minutes: 100
        run: bash tests/integration/kubernetes/gha-run.sh run-tests

      - name: Report tests
-        if: always()
+        if: ${{ always() && env.SKIP_JOB != 'true' }}
        run: bash tests/integration/kubernetes/gha-run.sh report-tests

      - name: Delete kata-deploy
-        if: always()
+        if: ${{ always() && env.SKIP_JOB != 'true' }}
        timeout-minutes: 15
        run: bash tests/integration/kubernetes/gha-run.sh cleanup

      - name: Delete CoCo KBS
-        if: always()
+        if: ${{ always() && env.SKIP_JOB != 'true' }}
        timeout-minutes: 10
        run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs