github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-26 15:32:30 +00:00
Code Issues Projects Releases Wiki Activity

workflows: Use AUTO_GENERATE_POLICY for qemu-coco-dev

Browse Source 
By the moment we're testing it also with qemu-coco-dev, it becomes
easier for a developer without access to TEE to also test it locally.

Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
This commit is contained in:
Fabiano Fidêncio 2024-11-04 21:00:38 +01:00
parent 7d3f2f7200
commit 72979d7f30
3 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/ci.yaml vendored
View File

@ -176,6 +176,7 @@ jobs:
needs: [publish-kata-deploy-payload-amd64, build-and-publish-tee-confidential-unencrypted-image] needs: [publish-kata-deploy-payload-amd64, build-and-publish-tee-confidential-unencrypted-image]
uses: ./.github/workflows/run-kata-coco-tests.yaml uses: ./.github/workflows/run-kata-coco-tests.yaml
with: with:
tarball-suffix: -${{ inputs.tag }}
registry: ghcr.io registry: ghcr.io
repo: ${{ github.repository_owner }}/kata-deploy-ci repo: ${{ github.repository_owner }}/kata-deploy-ci
tag: ${{ inputs.tag }}-amd64 tag: ${{ inputs.tag }}-amd64

15
.github/workflows/run-kata-coco-tests.yaml vendored
View File

@ -2,6 +2,9 @@ name: CI | Run kata coco tests
on: on:
workflow_call: workflow_call:
inputs: inputs:
tarball-suffix:
required: false
type: string
registry: registry:
required: true required: true
type: string type: string
@ -262,6 +265,7 @@ jobs:
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
SNAPSHOTTER: ${{ matrix.snapshotter }} SNAPSHOTTER: ${{ matrix.snapshotter }}
USING_NFD: "false" USING_NFD: "false"
AUTO_GENERATE_POLICY: "yes"
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
@ -274,6 +278,15 @@ jobs:
env: env:
TARGET_BRANCH: ${{ inputs.target-branch }} TARGET_BRANCH: ${{ inputs.target-branch }}
- name: get-kata-tarball
uses: actions/download-artifact@v4
with:
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
path: kata-artifacts
- name: Install kata
run: bash tests/integration/kubernetes/gha-run.sh install-kata-tools kata-artifacts
- name: Download Azure CLI - name: Download Azure CLI
run: bash tests/integration/kubernetes/gha-run.sh install-azure-cli run: bash tests/integration/kubernetes/gha-run.sh install-azure-cli
@ -315,7 +328,7 @@ jobs:
run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
- name: Run tests - name: Run tests
timeout-minutes: 60 timeout-minutes: 80
run: bash tests/integration/kubernetes/gha-run.sh run-tests run: bash tests/integration/kubernetes/gha-run.sh run-tests
- name: Delete AKS cluster - name: Delete AKS cluster

4
tests/integration/kubernetes/tests_common.sh
View File

@ -84,7 +84,7 @@ auto_generate_policy_enabled() {
adapt_common_policy_settings_for_tdx() { adapt_common_policy_settings_for_tdx() {
local settings_dir=$1 local settings_dir=$1
info "Adapting common policy settings for TDX or SNP" info "Adapting common policy settings for TDX, SNP, or the non-TEE development environment"
jq '.common.cpath = "/run/kata-containers" | .volumes.configMap.mount_point = "^$(cpath)/$(bundle-id)-[a-z0-9]{16}-"' "${settings_dir}/genpolicy-settings.json" > temp.json && sudo mv temp.json "${settings_dir}/genpolicy-settings.json" jq '.common.cpath = "/run/kata-containers" | .volumes.configMap.mount_point = "^$(cpath)/$(bundle-id)-[a-z0-9]{16}-"' "${settings_dir}/genpolicy-settings.json" > temp.json && sudo mv temp.json "${settings_dir}/genpolicy-settings.json"
} }
@ -119,7 +119,7 @@ adapt_common_policy_settings() {
local settings_dir=$1 local settings_dir=$1
case "${KATA_HYPERVISOR}" in case "${KATA_HYPERVISOR}" in
"qemu-tdx"|"qemu-snp") "qemu-tdx"|"qemu-snp"|"qemu-coco-dev")
adapt_common_policy_settings_for_tdx "${settings_dir}" adapt_common_policy_settings_for_tdx "${settings_dir}"
;; ;;
"qemu-sev") "qemu-sev")