Since we are using this to exercise any changes to osbuilder or
packaging scripts, let's make sure that we only run the test in that
case.
Similarly, don't run for every single push. Just run this workflow for
pull requests.
Fixes: #3594
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
Since we are already checking that only an admin is triggering the job,
let's go ahead and make sure we are testing against the PR itself. This
will ensure that we are exercising changes to kata-deploy tooling, which
is important for this test.
While at it, cleanup and simplify some of the tarball creation.
Fixes: #3586
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
The commit message of a revert commit usually generated by
`git revert`, we should consider this as legal.
Consider the commit as the merge commit if the subject
starts with 'Reject "'
Follow the pr kata-containers/tests/#3938, the suttle diffrence
is we skip all commit checks for revert commit including fixes checking
and subsystem checking. Because the commit was reverted must have passed
the check so the revert-commit should have the Fixes and Subsystem.
Fixes: #3568Fixes: kata-containers/tests#3934
Signed-off-by: Tim Zhang <tim@hyper.sh>
Weekly check(at 23:00 every Sunday) whether the docs url is ALIVE, so that
we can find the failed url in time
Fixes#815
Signed-off-by: Binbin Zhang <binbin36520@gmail.com>
Although I've done tests on my own fork using `head_ref` and those
worked, it seems those only worked as the PR was coming from exactly the
same repository as the target one.
Let's switch to base_ref, instead, which we for sure have as part of our
repo.
The downside of this is that we run the test with the last merged PR,
rather than with the "to-be-approved" PR, but that's a limitation we've
always had.
Fixes: #3482
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
This is needed in order to ensure that, for instance, if `force-skip-ci`
label is either added or removed later, the jobs related to the actions
will be restarted and accordingly checked.
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Before this change it was only applied to the static-checks, but if
we're already taking the extreme path of skipping the CI, we better
ensure we skip all the actions and not just a few of them.
Fixes: #3471
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The action used for testing kata-deploy is entirely based on the action
used to build the kata-deploy tarball, but while the latter is able to
use the correct branch, the former always uses `main`.
This happens as the `issue_comment`, from GitHub actions, passed the
"default branch" as the GITHUB_REF.
As we're not the first ones to face such a issue, I've decided to take
one of the approaches suggested at one of the checkout's issues,
https://github.com/actions/checkout/issues/331, and take advantage of a
new action provided by the community, which will get the PR where the
comment was made, give us that ref, and that then can be used with the
checkout action, resulting on what we originally wanted.
Fixes: #3443
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Let's take advantage of the "is-organization-member" action and only
allow members who are part of the `kata-containers` organization to
trigger `/test_kata_deploy`.
One caveat with this approach is that for the user to be considered as
part of an organization, they **must** have their "Organization
Visibility" configured as Public (and I think the default is Private).
This was found out and suggested by @jcvenegas!
Fixes: #3130
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Commit 3c9ae7f made /test_kata_deploy run
against HEAD, but it also mistakenly removed all the checks that ensure
/test_kata_deploy only runs when explicitly called.
Mea culpa on this, and let's add the tests back.
Fixes: #3101
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Is the past few releases we ended up hitting issues that could be easily
avoided if `/test_kata_deploy` would use HEAD instead of a specific
tarball.
By the end of the day, we want to ensure kata-deploy works, but before
we cut a release we also want to ensure that the binaries used in that
release are in a good shape. If we don't do that we end up either
having to roll a release back, or to cut a second release in a really
short time (and that's time consuming).
Note: there's code duplication here that could and should be avoided,b
but I sincerely would prefer treating it in a different PR.
Fixes: #3001
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
The main.yaml workflow was created and used only on 1.x. We inherited
it, but we didn't remove it after deprecating the 1.x repos.
While here, let's also update the reference to the `main.yaml` file,
and point to `release.yaml` (the file that's actually used for 2.x).
Fixes: #3033
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
According to https://endoflife.date/go golang 1.15 is not supported
anymore. Let's remove it from out tests, add 1.17.x, and bump the
newest version known to work when building kata to 1.17.3.
Fixes: #3016
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
We need to explicitly call `${GOPATH}/bin/yq` that is installed by
`ci/install_yq.sh`.
Fixes: #3014
Signed-off-by: Manabu Sugimoto <Manabu.Sugimoto@sony.com>
The `kata-agent` binaries inside the Kata Containers images provided
with release are statically linked with the GNU LGPL-2.1 licensed
libseccomp library by default.
Therefore, we attach the complete source code of the libseccomp
to the release page in order to comply with the LGPL-2.1 (6(a)).
In addition, we add the description about the libseccomp license
to the release page.
Fixes: #2922
Signed-off-by: Manabu Sugimoto <Manabu.Sugimoto@sony.com>
This adds a step for installing libseccomp because the kata-agent
supports seccomp feature.
Fixes: #1476
Signed-off-by: Manabu Sugimoto <Manabu.Sugimoto@sony.com>
There is a problem with slash-command-action which is on absence of a slash command
the job fails (instead of simply ignore, i.e., skip). This is documented on
https://github.com/xt0rted/slash-command-action/issues/124. There is a workaround
also documented on that issue, but here instead let's get rid of the action.
In this new implementation all comments sent to the pull request are parsed, if any
starts with "/test_kata-deploy" then the job is triggered.
Fixes#2836
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
The yaml file has an indent issue from line 15.
And the branches filter should be under pull_request_target but
not the pull_request trigger.
Also actions/checkout@v2 does not need the token parameter.
Fixes: #2798
Signed-off-by: bin <bin@hyper.sh>
There's a typo in the file that should receive the output of `cargo
vendor`. We should use forward the output to `.cargo/config` instead of
`.cargo/vendor`.
This was introduced by 21c8511630.
Fixes: #2729
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
While releasing kata-containers 2.3.0-alpha1 we've hit some issues as
the tags attribution is done incorrectly. We want an array of tags to
iterate over, but the currently code is just lost is the parenthesis.
This issue was introduced in a156288c1f.
Fixes: #2725
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
When releasing a tarball, let's *also* add the "stable" & "latest" tags
to the kata-deploy image.
The "stable" tag refers to any official release, while the "latest" tag
refers to any pre-release / release candidate.
Fixes: #2302
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
As part of the release, let's also upload a tarball with the vendored
cargo code. By doing this we allow distros, which usually don't have
access to the internet while performing the builds, to just add the
vendored code as a second source, making the life of the downstream
maintainers slightly easier*.
Fixes: #1203
*: The current workflow requires the downstream maintainer to download
the tarball, unpack it, run `cargo vendor`, create the tarball, etc.
Although this doesn't look like a ridiculous amount of work, it's better
if we can have it in an automated fashion.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
The github static checks action has a section heading called "Building
rust". It doesn't actually build rust, though, just installs it with
rustup. Correct the misleading message.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
make kata-tarball is the main way to
build a kata in a single host. Lets
test it to make sure it works on every PR.
Fixes: #2416
Signed-off-by: Carlos Venegas <jose.carlos.venegas.munoz@intel.com>
- Run kata-deploy tarball generation action on every PR.
- Use kata-deploy makefile targets.
Signed-off-by: Carlos Venegas <jose.carlos.venegas.munoz@intel.com>
As quay.io is becoming our de-facto image registry, let's actually push
the kata-deploy release to it. This commit should've been part of
9fa1febfd9 but ended up slipping out.
Fixes: #2306
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
9fa1febfd9 added the support to also push
the image to quay.io. However, we didn't try explicitly pass quay.io as
the registry server, causing then to login to fail.
Fixes: #2306
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Now that the project owns https://quay.io/kata-containers, let's also
push our images there and start making it our primary image repository.
Fixes: #2306
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
This is not the most beautiful solution, but when do the check on every
single step we ensure the test at least started, and consequently will
succeed.
Without this the tests wouldn't even start, making any PR using the
`force-skip-ci` label not mergeable.
Fixes: #2362
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Looking at the changes that could cause the static-checks not to run
when a PR is updated I think 7db8a85a1f
could be the one that introduced such a regression.
Let's (try to) fix this by enforcing the workflow to run also when the
PR has been "edited" and "synchronized".
Fixes: #2343
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Tarballs are generated on push and merge events.
push: Allows get a tarball from the PR and use locally.
merge: After a PR is merged we have a quick way to get latest
kata-tarball.
The tarball can be downloaded from github page only.
Fixes: #1710
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Instead of calling the ci/static-checks.sh script directly, it was changed the
workflow to call `make static-checks`. And because the `static-checks` target
depends on build, the build step in the workflow is not longer needed.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Seems that we get different results when running it with go 1.13.
Instead of figuring out why it doesn't work as expected with an EOL
version of go, let's just not run the tests on go versions that are
already dead.
https://endoflife.date/go
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Let's ensure we always have the go vendored code up-to-date and that the
rust vendor does actually work.
Fixes: #2159
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
The snap/snapcraft.yaml set AGENT_VERSION to the current VERSION. The osbuilder script
will try to checkout the AGENT_VERSION tag. Let's ensure that all tags and branches
are fetched by the github's checkout action so the tag checkout does not fail.
Fixes#2052
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
`/test-kata-deploy` command does **not** work, and the output returned
is:
```
Error: Comment didn't contain a valid slash command
```
So, why does this happen?
This is the regex used: `^\/([\w]+)\b *(.*)?$`, being the important part
of the command "\/([\w]+)\b", with the rest being arguments to it.
Okay, `\w` is the key here, as `\w` means: a-z, A-Z, 0-9, including the
_.
Our command is `/test-kata-deploy`, and `-` is not present as part of
`\w`. Knowing this we need to update the command to something like:
`/test_kata_deploy`
Fixes: #1645
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
This partially reverts commit 1cce930071.
As mentioned in #1635, the malformed yaml wouldn't allow us to actually
test changes that were supposed to be test by this action.
So, this is now reverted and adapted accordingly.
Main differences from what we had before:
* As it tests kata-deploy itself, not the statically built binaries,
let's just use the binaries from 2.0.0 release;
* Adapt download and deploy location to the
`kata-containers/kata-containers` repo, as the original action was
based on 1.x repos;
Fixes: #1640
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Currently the action is not running because it's broken, and it was
broken by 50fea9f.
Sadly, I cannot just test a fix on a PR as every single time we end up
triggering what's currently on main, rather than triggering the content
of the PR itself.
With this in mind, let me just remove the file and re-add it as part of
a new PR and, hopefully, have it tested in this way.
Sorry for the breakage, by the way.
Fixes: #1634
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
The recent switch to an async rust agent broke the `agent-ctl` tool.
However, we didn't notice because that isn't being built by the CI.
Fix the breakage by passing a ttRPC context to all ttRPC API calls and
also build the tool as part of the static checks CI.
Fixes: #1471.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
There's no more NEMU, for some time already. Considering this, let's
just remove any mention to it as part of our project.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
There's no reason to ship qemu & qemu-virtiofs when the former already
includes vitiofs support (and that's the default for 2.x deployments).
In case we will enable experimental qemu DAX support, we should add a
new target, a "qemu-experimental" target, as Carlos has been working on.
Fixes: #1424
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
We're currently running kata-deploy-test for every issue opened, for
every comment in the issue. Issues, themselves, shouldn't be triggering
those as they can't cause any code change.
With this in mind, let's restrict ourselves to run those on
pull-requests only.
Fixes: #1341
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Stable and candidate snapcraft's channels are used to release Kata
Containers 1.x and 2.x respectively. Alpha and RC releases shouldn't
be pushed to the snap store because there are not enough channels
for all the releases of Kata Containers 1.x and 2.x.
fixes#1303
Signed-off-by: Julio Montes <julio.montes@intel.com>
This PR updates the ubuntu version from 18.04 to 20.04 that will be
used for the github actions.
Fixes#1295
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
There were still issues. Tested in fork, verified environment variable
passing works as before now.
Fixes: #1273
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
Run static checks prior to building the agent.Checks
fail if run after since the compilation process
produces new rust code.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
According to the new snap document
`docs/install/snap-installation-guide.md`, Kata Containers 2.x should
be available in the snapcraft `candidate` channel.
fixes#1174
Signed-off-by: Julio Montes <julio.montes@intel.com>
Correct the link in the GitHub action commit message check showing users how to format all commits.
Fixes: #1053
Signed-off-by: AIsland <yuchunyu01@inspur.com>
Use Github actions to build and release the snap package automatically
when a new tag is pushed.
fixes#1006
Signed-off-by: Julio Montes <julio.montes@intel.com>
Run the snap CI on every PR is not needed. Don't run the snap CI
on PRs that don't change the source code (*.go/*.rs), a configuration
file or Makefile.
fixes#896
Signed-off-by: Julio Montes <julio.montes@intel.com>
Pull over kata-deploy-test from the 1.x packaging repository. This is
intended to be used for testing any changes to the kata-deploy
scripting, and does not exercise any new source code changes.
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
Add github action to test that the snap package was generated
correctly, this CI don't test the snap, it just build it.
fixes#838
Signed-off-by: Julio Montes <julio.montes@intel.com>
Overly long commit lines are annoying. But sometimes,
we need to be able to force the use of long lines
(for example to reference a URL).
Ironically, I can't refer to the URL that explains this
because of ... the long line check! Hence:
```sh
$ cat <<EOT | tr -d '\n'; echo
See: https://github.com/kata-containers/tests/tree/master/
cmd/checkcommits#handling-long-lines
EOT
```
Maximum body length updated to 150 bytes for parity with:
https://github.com/kata-containers/tests/pull/2848Fixes: #687.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
A PR now needs *two* labels to be applied before it can be merged.
One label must be a backport label from the list below and the other
a forward port label:
- backport labels:
`needs-backport`, `no-backport-needed`, `backport`.
- forward-port labels:
`needs-forward-port`, `no-forward-port-needed`, `forward-port`.
This is to make the maintainer think carefully before merging a PR
and hopefully maximise efficient porting.
Related: https://github.com/kata-containers/kata-containers/issues/634Fixes: #639.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add GitHub actions to:
- Add newly-created issues to the issue backlog project.
- Move issues with a linked PR into the "In progress" column
of the issue backlog project.
Related: https://github.com/kata-containers/kata-containers/issues/512Fixes: #637.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
\h is not a valid metacharacter in javascript which is used in
github-action.
Use \s\t to replace it.
Fixes: #551
Signed-off-by: Tim Zhang <tim@hyper.sh>
If the line comprises of only a single word,
it may be something like a URL (it's certainly very unlikely to be a
normal word if the default lengths are being used), so length
checks won't be applied to it.
Signed-off-by: Tim Zhang <tim@hyper.sh>
The Fixes checking should pass as long as one of the commits of
pull-request pass the check.
update depdent github-action commit-message-checker-with-regex to v0.3.1
shortlog:
d6d9770 commit-message-checker-with-regex: Add input one_pass_all_pass
Fixes: #519
Signed-off-by: Tim Zhang <tim@hyper.sh>
The commit checks does not need to wait for CI dependencies to be
installed, It's a waste of time. we need show errors ASAP.
And we should display as many problems as possible at once
Fixes: #487
Signed-off-by: Tim Zhang <tim@hyper.sh>
Since actions can access the github token, lets use a
particular version of sha rather than using master.
Fixes: #437
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
(cherry picked from commit 57b64f35e0)
Action performs a check to verify PR raised has commits
that are signed-off.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
(cherry picked from commit 1b157e5015)
Use github actions for performing WIP checks on PRs.
The action checks for keywords in subject line
as well labels.
Fixes: #437
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
(cherry picked from commit 0d96145c29)
gather job needs to take all build jobs into account, including
building of the experimental kernel and CLH. Added.
Fixes: #103
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
You cannot pass environment variables easily between steps/jobs.
Updated flow to define and set step outputs, and use the outputs of the
corresponding steps later in the flow, rather than env variables (which
never worked correctly - whoops).
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Try to move all the common bash logic from the actions toml file
to separate scripts and call these scripts instead.
Note the repo itself is now checked out to get access to
these scripts.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Once kata-deploy completes successfully, this job will upload
kata static tarball to the release page using GIT_UPLOAD_TOKEN
secret.
Signed-off-by: Jose Carlos Venegas Munoz<jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Many changes introduced by Archana Shinde.
This workflow will:
1. get a list of artifacts from the packaging repo
2. In parallel, build each of the applicable artifacts
3. Consolidate the build artifacts from <2>
4. Test the artifacts in a docker image on AKS
5. Push the verified docker image to dockerhub
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
