From c57a44436cd58bc974386611773fb2eee7d4a77a Mon Sep 17 00:00:00 2001 From: Ryan Savino Date: Mon, 24 Apr 2023 11:34:34 -0500 Subject: [PATCH 1/2] gha: Add the ability to test qemu-snp With the changes proposed as part of this PR, a qemu-snp cluster will be created but no tests will be performed. GitHub Actions will only run the tests using the workflows that are part of the **target** branch, instead of the using the ones coming from the PR. No way to work around this for now. After this commit is merged, the tests (not the yaml files for the actions) will be altered in order for the checkout action to help in this case. Fixes: #6722 Signed-off-by: Ryan Savino --- tests/integration/kubernetes/run_kubernetes_tests.sh | 4 ++++ 1 file changed, 4 insertions(+) mode change 100755 => 100644 tests/integration/kubernetes/run_kubernetes_tests.sh diff --git a/tests/integration/kubernetes/run_kubernetes_tests.sh b/tests/integration/kubernetes/run_kubernetes_tests.sh old mode 100755 new mode 100644 index daddb756ab..281d1d878f --- a/tests/integration/kubernetes/run_kubernetes_tests.sh +++ b/tests/integration/kubernetes/run_kubernetes_tests.sh @@ -58,6 +58,10 @@ if [ ${KATA_HYPERVISOR} == "qemu-sev" ]; then exit 0 fi +if [ ${KATA_HYPERVISOR} == "qemu-snp" ]; then + exit 0 +fi + # we may need to skip a few test cases when running on non-x86_64 arch arch_config_file="${kubernetes_dir}/filter_out_per_arch/${TARGET_ARCH}.yaml" if [ -f "${arch_config_file}" ]; then From 5c9246db19bf8c6cf5567df42535fcbae1795e0b Mon Sep 17 00:00:00 2001 From: Ryan Savino Date: Mon, 24 Apr 2023 11:36:35 -0500 Subject: [PATCH 2/2] gha: Also run k8s tests on qemu-snp Added the k8s tests for qemu-snp Fixes: #6722 Signed-Off-By: Ryan Savino --- .github/workflows/ci-on-push.yaml | 8 +++ .github/workflows/run-k8s-tests-on-snp.yaml | 65 +++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 .github/workflows/run-k8s-tests-on-snp.yaml diff --git a/.github/workflows/ci-on-push.yaml b/.github/workflows/ci-on-push.yaml index 8b1b6ef365..3951bba081 100644 --- a/.github/workflows/ci-on-push.yaml +++ b/.github/workflows/ci-on-push.yaml @@ -37,6 +37,14 @@ jobs: repo: ${{ github.repository_owner }}/kata-deploy-ci tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}-amd64 + run-k8s-tests-on-snp: + needs: publish-kata-deploy-payload-amd64 + uses: ./.github/workflows/run-k8s-tests-on-snp.yaml + with: + registry: ghcr.io + repo: ${{ github.repository_owner }}/kata-deploy-ci + tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}-amd64 + run-k8s-tests-on-tdx: needs: publish-kata-deploy-payload-amd64 uses: ./.github/workflows/run-k8s-tests-on-tdx.yaml diff --git a/.github/workflows/run-k8s-tests-on-snp.yaml b/.github/workflows/run-k8s-tests-on-snp.yaml new file mode 100644 index 0000000000..5bc4aea506 --- /dev/null +++ b/.github/workflows/run-k8s-tests-on-snp.yaml @@ -0,0 +1,65 @@ +name: CI | Run kubernetes tests on SEV-SNP +on: + workflow_call: + inputs: + registry: + required: true + type: string + repo: + required: true + type: string + tag: + required: true + type: string + +jobs: + run-k8s-tests: + strategy: + fail-fast: false + matrix: + vmm: + - qemu-snp + runs-on: sev-snp + env: + KUBECONFIG: /home/kata/.kube/config + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Deploy kata-deploy + run: | + sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${{ inputs.registry }}/${{ inputs.repo }}:${{ inputs.tag }}|g" tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml + cat tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml + cat tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml | grep "${{ inputs.registry }}/${{ inputs.repo }}:${{ inputs.tag }}" || die "Failed to setup the tests image" + + kubectl apply -f tools/packaging/kata-deploy/kata-rbac/base/kata-rbac.yaml + kubectl apply -f tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml + kubectl -n kube-system wait --timeout=10m --for=condition=Ready -l name=kata-deploy pod + kubectl apply -f tools/packaging/kata-deploy/runtimeclasses/kata-runtimeClasses.yaml + + - name: Run tests + timeout-minutes: 30 + run: | + pushd tests/integration/kubernetes + sed -i -e 's|runtimeClassName: kata|runtimeClassName: kata-${{ matrix.vmm }}|' runtimeclass_workloads/*.yaml + bash run_kubernetes_tests.sh + popd + env: + KATA_HYPERVISOR: ${{ matrix.vmm }} + + - name: Delete kata-deploy + if: always() + run: | + kubectl delete -f tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml + kubectl -n kube-system wait --timeout=10m --for=delete -l name=kata-deploy pod + + sed -i -e "s|quay.io/kata-containers/kata-deploy:latest|${{ inputs.registry }}/${{ inputs.repo }}:${{ inputs.tag }}|g" tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml + cat tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml + cat tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml | grep "${{ inputs.registry }}/${{ inputs.repo }}:${{ inputs.tag }}" || die "Failed to setup the tests image" + kubectl apply -f tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml + sleep 180s + + kubectl delete -f tools/packaging/kata-deploy/kata-cleanup/base/kata-cleanup.yaml + kubectl delete -f tools/packaging/kata-deploy/kata-rbac/base/kata-rbac.yaml + kubectl delete -f tools/packaging/kata-deploy/runtimeclasses/kata-runtimeClasses.yaml