From 13d857a56dbd3a64215c5d31a69d7cb26e5eeeb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 6 Apr 2023 16:50:55 +0200 Subject: [PATCH 1/6] gha: k8s-on-aks: Set {create,delete}_aks as steps MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We've been currently using {create,delete}_aks as jobs. However, it means that if the tests fail we'll end up deleting the AKS cluster (as expected), but not having a way to recreate the cluster without re-running all jobs, which is a waste of resources. Fixes: #6628 Signed-off-by: Fabiano Fidêncio --- .github/workflows/run-k8s-tests-on-aks.yaml | 36 ++++++--------------- 1 file changed, 10 insertions(+), 26 deletions(-) diff --git a/.github/workflows/run-k8s-tests-on-aks.yaml b/.github/workflows/run-k8s-tests-on-aks.yaml index 371fd05a8e..5c5e51071d 100644 --- a/.github/workflows/run-k8s-tests-on-aks.yaml +++ b/.github/workflows/run-k8s-tests-on-aks.yaml @@ -17,18 +17,6 @@ on: type: string jobs: - create-aks: - strategy: - matrix: - vmm: - - clh - - dragonball - - qemu - uses: ./.github/workflows/create-aks.yaml - with: - name: ${{ inputs.checkout-ref }}-${{ matrix.vmm }}-amd64 - secrets: inherit - run-k8s-tests: strategy: fail-fast: false @@ -38,8 +26,12 @@ jobs: - dragonball - qemu runs-on: ubuntu-latest - needs: create-aks steps: + - name: Create AKS cluster to test ${{ matrix.vmm }} + uses: ./.github/workflows-create-aks.yaml + with: + name: ${{ inputs.checkout-ref }}-${{ matrix.vmm }}-amd64 + - uses: actions/checkout@v3 with: ref: ${{ inputs.checkout-ref }} @@ -85,16 +77,8 @@ jobs: env: KATA_HYPERVISOR: ${{ matrix.vmm }} - delete-aks: - strategy: - matrix: - vmm: - - clh - - dragonball - - qemu - needs: run-k8s-tests - if: always() - uses: ./.github/workflows/delete-aks.yaml - with: - name: ${{ inputs.checkout-ref }}-${{ matrix.vmm }}-amd64 - secrets: inherit + - name: Delete AKS cluster used to test ${{ matrix.vmm }} + if: always() + uses: ./.github/workflows/delete-aks.yaml + with: + name: ${{ inputs.checkout-ref }}-${{ matrix.vmm }}-amd64 From 5d4d720647065dd2132205146d4e015acc22b7cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 6 Apr 2023 18:37:21 +0200 Subject: [PATCH 2/6] Revert "gha: k8s-on-aks: Fix cluster name" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 85cc5bb5343cdb46f3abc80a9134820a3f694474. Unfortunately we have to revert the PRs related to the switch done to using `workflow_run` instead of `pull_request_target`. The reason for that being that we can only mark jobs as required if they are targetting PRs. Signed-off-by: Fabiano Fidêncio --- .github/workflows/run-k8s-tests-on-aks.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/run-k8s-tests-on-aks.yaml b/.github/workflows/run-k8s-tests-on-aks.yaml index 5c5e51071d..b444d8db95 100644 --- a/.github/workflows/run-k8s-tests-on-aks.yaml +++ b/.github/workflows/run-k8s-tests-on-aks.yaml @@ -30,7 +30,7 @@ jobs: - name: Create AKS cluster to test ${{ matrix.vmm }} uses: ./.github/workflows-create-aks.yaml with: - name: ${{ inputs.checkout-ref }}-${{ matrix.vmm }}-amd64 + name: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}-${{ matrix.vmm }}-amd64 - uses: actions/checkout@v3 with: @@ -54,7 +54,7 @@ jobs: - name: Download credentials for the Kubernetes CLI to use them run: | - az aks get-credentials -g "kataCI" -n ${{ inputs.checkout-ref }}-${{ matrix.vmm }}-amd64 + az aks get-credentials -g "kataCI" -n ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}-${{ matrix.vmm }}-amd64 - name: Deploy kata-deploy run: | @@ -81,4 +81,4 @@ jobs: if: always() uses: ./.github/workflows/delete-aks.yaml with: - name: ${{ inputs.checkout-ref }}-${{ matrix.vmm }}-amd64 + name: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}-${{ matrix.vmm }}-amd64 From c7ee45f7e53c2a1fac31fbc92f11505915485ddb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 6 Apr 2023 18:32:06 +0200 Subject: [PATCH 3/6] Revert "gha: ci-on-push: Adapt chained jobs to workflow_run" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 7855b43062c1001de372253d33ebacaf120f24d1. Unfortunately we have to revert the PRs related to the switch done to using `workflow_run` instead of `pull_request_target`. The reason for that being that we can only mark jobs as required if they are targetting PRs. Signed-off-by: Fabiano Fidêncio --- .github/workflows/build-kata-static-tarball-amd64.yaml | 8 ++------ .github/workflows/build-kata-static-tarball-arm64.yaml | 8 ++------ .github/workflows/build-kata-static-tarball-s390x.yaml | 8 ++------ .github/workflows/ci-on-push.yaml | 3 --- .github/workflows/publish-kata-deploy-payload-amd64.yaml | 6 +----- .github/workflows/publish-kata-deploy-payload-arm64.yaml | 6 +----- .github/workflows/publish-kata-deploy-payload-s390x.yaml | 6 +----- .github/workflows/run-k8s-tests-on-aks.yaml | 6 +----- 8 files changed, 10 insertions(+), 41 deletions(-) diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml index d2c902af23..8432e77148 100644 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ b/.github/workflows/build-kata-static-tarball-amd64.yaml @@ -2,10 +2,6 @@ name: CI | Build kata-static tarball for amd64 on: workflow_call: inputs: - checkout-ref: - required: false - type: string - default: ${{ github.sha }} tarball-suffix: required: false type: string @@ -33,7 +29,7 @@ jobs: steps: - uses: actions/checkout@v3 with: - ref: ${{ inputs.checkout-ref }} + ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 # This is needed in order to keep the commit ids history - name: Build ${{ matrix.asset }} run: | @@ -60,7 +56,7 @@ jobs: steps: - uses: actions/checkout@v3 with: - ref: ${{ inputs.checkout-ref }} + ref: ${{ github.event.pull_request.head.sha }} - name: get-artifacts uses: actions/download-artifact@v3 with: diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml index a508622310..753bcf13a3 100644 --- a/.github/workflows/build-kata-static-tarball-arm64.yaml +++ b/.github/workflows/build-kata-static-tarball-arm64.yaml @@ -2,10 +2,6 @@ name: CI | Build kata-static tarball for arm64 on: workflow_call: inputs: - checkout-ref: - required: false - type: string - default: ${{ github.sha }} tarball-suffix: required: false type: string @@ -37,7 +33,7 @@ jobs: - uses: actions/checkout@v3 with: - ref: ${{ inputs.checkout-ref }} + ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 # This is needed in order to keep the commit ids history - name: Build ${{ matrix.asset }} run: | @@ -68,7 +64,7 @@ jobs: - uses: actions/checkout@v3 with: - ref: ${{ inputs.checkout-ref }} + ref: ${{ github.event.pull_request.head.sha }} - name: get-artifacts uses: actions/download-artifact@v3 with: diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml index 064ed006b6..95e4a5ff52 100644 --- a/.github/workflows/build-kata-static-tarball-s390x.yaml +++ b/.github/workflows/build-kata-static-tarball-s390x.yaml @@ -2,10 +2,6 @@ name: CI | Build kata-static tarball for s390x on: workflow_call: inputs: - checkout-ref: - required: false - type: string - default: ${{ github.sha }} tarball-suffix: required: false type: string @@ -33,7 +29,7 @@ jobs: - uses: actions/checkout@v3 with: - ref: ${{ inputs.checkout-ref }} + ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 # This is needed in order to keep the commit ids history - name: Build ${{ matrix.asset }} run: | @@ -65,7 +61,7 @@ jobs: - uses: actions/checkout@v3 with: - ref: ${{ inputs.checkout-ref }} + ref: ${{ github.event.pull_request.head.sha }} - name: get-artifacts uses: actions/download-artifact@v3 with: diff --git a/.github/workflows/ci-on-push.yaml b/.github/workflows/ci-on-push.yaml index f2cd7e0554..1093992f60 100644 --- a/.github/workflows/ci-on-push.yaml +++ b/.github/workflows/ci-on-push.yaml @@ -11,14 +11,12 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' }} uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml with: - checkout-ref: ${{ github.event.workflow_run.head_sha }} tarball-suffix: -${{ github.event.workflow_run.head_sha }} publish-kata-deploy-payload-amd64: needs: build-kata-static-tarball-amd64 uses: ./.github/workflows/publish-kata-deploy-payload-amd64.yaml with: - checkout-ref: ${{ github.event.workflow_run.head_sha }} tarball-suffix: -${{ github.event.workflow_run.head_sha }} registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci @@ -29,7 +27,6 @@ jobs: needs: publish-kata-deploy-payload-amd64 uses: ./.github/workflows/run-k8s-tests-on-aks.yaml with: - checkout-ref: ${{ github.event.workflow_run.head_sha }} registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ github.event.workflow_run.head_sha }}-amd64 diff --git a/.github/workflows/publish-kata-deploy-payload-amd64.yaml b/.github/workflows/publish-kata-deploy-payload-amd64.yaml index 697fdb433c..91c7a0612d 100644 --- a/.github/workflows/publish-kata-deploy-payload-amd64.yaml +++ b/.github/workflows/publish-kata-deploy-payload-amd64.yaml @@ -2,10 +2,6 @@ name: CI | Publish kata-deploy payload for amd64 on: workflow_call: inputs: - checkout-ref: - required: false - type: string - default: ${{ github.sha }} tarball-suffix: required: false type: string @@ -25,7 +21,7 @@ jobs: steps: - uses: actions/checkout@v3 with: - ref: ${{ inputs.checkout-ref }} + ref: ${{ github.event.pull_request.head.sha }} - name: get-kata-tarball uses: actions/download-artifact@v3 diff --git a/.github/workflows/publish-kata-deploy-payload-arm64.yaml b/.github/workflows/publish-kata-deploy-payload-arm64.yaml index f1de4abacf..c4fd324775 100644 --- a/.github/workflows/publish-kata-deploy-payload-arm64.yaml +++ b/.github/workflows/publish-kata-deploy-payload-arm64.yaml @@ -2,10 +2,6 @@ name: CI | Publish kata-deploy payload for arm64 on: workflow_call: inputs: - checkout-ref: - required: false - type: string - default: ${{ github.sha }} tarball-suffix: required: false type: string @@ -29,7 +25,7 @@ jobs: - uses: actions/checkout@v3 with: - ref: ${{ inputs.checkout-ref }} + ref: ${{ github.event.pull_request.head.sha }} - name: get-kata-tarball uses: actions/download-artifact@v3 diff --git a/.github/workflows/publish-kata-deploy-payload-s390x.yaml b/.github/workflows/publish-kata-deploy-payload-s390x.yaml index 498b8cd98c..2a0ea8071d 100644 --- a/.github/workflows/publish-kata-deploy-payload-s390x.yaml +++ b/.github/workflows/publish-kata-deploy-payload-s390x.yaml @@ -2,10 +2,6 @@ name: CI | Publish kata-deploy payload for s390x on: workflow_call: inputs: - checkout-ref: - required: false - type: string - default: ${{ github.sha }} tarball-suffix: required: false type: string @@ -29,7 +25,7 @@ jobs: - uses: actions/checkout@v3 with: - ref: ${{ inputs.checkout-ref }} + ref: ${{ github.event.pull_request.head.sha }} - name: get-kata-tarball uses: actions/download-artifact@v3 diff --git a/.github/workflows/run-k8s-tests-on-aks.yaml b/.github/workflows/run-k8s-tests-on-aks.yaml index b444d8db95..715814818f 100644 --- a/.github/workflows/run-k8s-tests-on-aks.yaml +++ b/.github/workflows/run-k8s-tests-on-aks.yaml @@ -2,10 +2,6 @@ name: CI | Run kubernetes tests on AKS on: workflow_call: inputs: - checkout-ref: - required: false - type: string - default: ${{ github.sha }} registry: required: true type: string @@ -34,7 +30,7 @@ jobs: - uses: actions/checkout@v3 with: - ref: ${{ inputs.checkout-ref }} + ref: ${{ github.event.pull_request.head.sha }} - name: Install `bats` run: | sudo apt-get update From 0d96d496331606909630dee84028cde998888a97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 6 Apr 2023 18:33:31 +0200 Subject: [PATCH 4/6] Revert "gha: ci-on-push: Adjust to using workflow_run" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 3a760a157a05a38327468b92e2c3c1b30283b303. Unfortunately we have to revert the PRs related to the switch done to using `workflow_run` instead of `pull_request_target`. The reason for that being that we can only mark jobs as required if they are targetting PRs. Signed-off-by: Fabiano Fidêncio --- .github/workflows/ci-on-push.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-on-push.yaml b/.github/workflows/ci-on-push.yaml index 1093992f60..242c62c17c 100644 --- a/.github/workflows/ci-on-push.yaml +++ b/.github/workflows/ci-on-push.yaml @@ -11,16 +11,16 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' }} uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml with: - tarball-suffix: -${{ github.event.workflow_run.head_sha }} + tarball-suffix: -${{ github.event.pull_request.number}}-${{ github.event.pull_request.head.sha }} publish-kata-deploy-payload-amd64: needs: build-kata-static-tarball-amd64 uses: ./.github/workflows/publish-kata-deploy-payload-amd64.yaml with: - tarball-suffix: -${{ github.event.workflow_run.head_sha }} + tarball-suffix: -${{ github.event.pull_request.number}}-${{ github.event.pull_request.head.sha }} registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ github.event.workflow_run.head_sha }}-amd64 + tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}-amd64 secrets: inherit run-k8s-tests-on-aks: @@ -29,5 +29,5 @@ jobs: with: registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ github.event.workflow_run.head_sha }}-amd64 + tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}-amd64 secrets: inherit From e7bd2545ef680ad89e1a6abed948649ddbe874c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 6 Apr 2023 18:33:48 +0200 Subject: [PATCH 5/6] Revert "gha: ci-on-push: Depend on Commit Message Check" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit a159ffdba7835011abc8c6369e07dd4a52010bbf. Unfortunately we have to revert the PRs related to the switch done to using `workflow_run` instead of `pull_request_target`. The reason for that being that we can only mark jobs as required if they are targetting PRs. Signed-off-by: Fabiano Fidêncio --- .github/workflows/ci-on-push.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/ci-on-push.yaml b/.github/workflows/ci-on-push.yaml index 242c62c17c..8a08d6b6ee 100644 --- a/.github/workflows/ci-on-push.yaml +++ b/.github/workflows/ci-on-push.yaml @@ -1,14 +1,9 @@ name: Kata Containers CI on: - workflow_run: - workflows: - - Commit Message Check - types: - - completed + pull_request_target: jobs: build-kata-static-tarball-amd64: - if: ${{ github.event.workflow_run.conclusion == 'success' }} uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml with: tarball-suffix: -${{ github.event.pull_request.number}}-${{ github.event.pull_request.head.sha }} From 2f35b4d4e5d6eb0249affde29521a4779015aae4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 6 Apr 2023 18:40:23 +0200 Subject: [PATCH 6/6] gha: ci-on-push: Only run on `main` branch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's ensure we're only running this workflow when PRs are opened against the main branch. Signed-off-by: Fabiano Fidêncio --- .github/workflows/ci-on-push.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci-on-push.yaml b/.github/workflows/ci-on-push.yaml index 8a08d6b6ee..2dfd6c728d 100644 --- a/.github/workflows/ci-on-push.yaml +++ b/.github/workflows/ci-on-push.yaml @@ -1,6 +1,8 @@ name: Kata Containers CI on: pull_request_target: + branches: + - 'main' jobs: build-kata-static-tarball-amd64: