Commit Graph

137 Commits

Author SHA1 Message Date
wllenyj
26c043dee7 ci: Add dragonball test
Enhanced Static-Check of CI to support nested virtualization.

Fixes: #5378

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
2022-10-11 00:36:20 +08:00
Peng Tao
102a9dda71 workflow: Revert "workflow: trigger test-kata-deploy with pull_request"
This reverts commit 7676cde0c5.
It turns out that when triggerred from a PR, the docker login command is
failing with
```
Error: Cannot perform an interactive login from a non TTY device
```

Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2022-10-09 11:50:42 +08:00
Greg Kurz
7294e2fa9e Merge pull request #4387 from snir911/tmp-workflow-main
workflow: trigger test-kata-deploy with pull_request and fix workflow_dispatch
2022-09-28 16:42:51 +02:00
Derek Lee
bed4aab7ee github-actions: Add cargo-deny
Adds cargo-deny to scan for vulnerabilities and license issues regarding
rust crates.

GitHub Actions does not have an obvious way to loop over each of the
Cargo.toml files. To avoid hardcoding it, I worked around the problem
using a composite action that first generates the cargo-deny action by
finding all Cargo.toml files before calling this new generated action in
the master workflow.

Uses recommended deny.toml from cargo-deny repo with the following
modifications:

 ignore = ["RUSTSEC-2020-0071"]
  because chrono is dependent on the version of time with the
  vulnerability and there is no simple workaround

 multiple-versions = "allow"
  Because of the above error and other packages, there are instances
  where some crates require different versions of a crate.

 unknown-git = "allow"
  I don't see a particular issue with allowing crates from other repos.
  An alternative would be the manually set each repo we want in an
  allow-git list, but I see this as more of a nuisance that its worth.
  We could leave this as a warning (default), but to avoid clutter I'm
  going to allow it.

If deny.toml needs to be edited in the future, here's the guide:
https://embarkstudios.github.io/cargo-deny/index.html

Fixes #3359

Signed-off-by: Derek Lee <derlee@redhat.com>
2022-08-30 09:30:03 -07:00
Wainer Moschetta
cd5be6d55a Merge pull request #4775 from bookinabox/auto-backport
github-actions: Auto-backporting
2022-08-29 14:08:12 -03:00
Derek Lee
96d9037347 github-actions: Auto-backporting
An implementation of semi-automating the backporting
process.

This implementation has two steps:
1. Checking whether any associated issues are marked as bugs

   If they do, mark with `auto-backport` label

2. On a successful merge, if there is a `auto-backport` label  and there
   are any tags of `backport-to-BRANCHNAME`, it calls an action that
   cherry-picks the commits in the PR and automatically creates a PR to
   those branches.

This action uses https://github.com/sqren/backport-github-action

Fixes #3618

Signed-off-by: Derek Lee <derlee@redhat.com>
2022-08-22 16:19:09 -07:00
Peng Tao
6d6c068692 workflow: trigger release for 3.x releases
So that we can push 3.x artifacts to the release page.

Fixes: #4919
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2022-08-16 17:55:51 +08:00
Bin Liu
99a7b4f3e1 workflow: Revert "static-checks: Allow Merge commit to be >75 chars"
This reverts commit 575df4dc4d.

Fixes: #4871

Signed-off-by: Bin Liu <bin@hyper.sh>
2022-08-11 08:59:02 +08:00
Bin Liu
d14e80e9fd workflow: Revert "docs: modify move-issues-to-in-progress.yaml"
This reverts commit 97d8c6c0fa.

Fixes: #4871

Signed-off-by: Bin Liu <bin@hyper.sh>
2022-08-11 08:58:43 +08:00
Zhongtao Hu
adfad44efe Merge remote-tracking branch 'origin/main' into runtime-rs-merge-tmp
To keep runtime-rs up to date, we will merge main into runtime-rs every
week.

Fixes:#4776
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
2022-08-01 11:12:48 +08:00
Zhongtao Hu
0826a2157d Merge remote-tracking branch 'origin/main' into runtime-rs-1
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
2022-07-11 09:47:23 +08:00
Yuan-Zhuo
13df57c393 build: save lines for repository_owner check
repository_owner check in docs-url-alive-check.yaml now is specified for each step, it can be in job level to save lines.

Fixes: #4611

Signed-off-by: Yuan-Zhuo <yuanzhuo0118@outlook.com>
2022-07-08 10:40:30 +08:00
Peng Tao
3bafafec58 action: extend commit message line limit to 150 bytes
So that we can add move info there and few people use such small
terminals nowadays.

Fixes: #4596
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2022-07-06 11:19:08 +08:00
Derek Lee
433816cca2 ci/cd: update check-commit-message
Recently added check-commit-message to the tests repository. Minor
changes were also made to action. For consistency's sake, copied changes
over to here as well.

tests - https://github.com/kata-containers/tests/pull/4878

Minor Changes:
   1. Body length check is now 75 and consistent with guidelines
   2. Lines without spaces are not counted in body length check

Fixes #4559

Signed-off-by: Derek Lee <derlee@redhat.com>
2022-06-29 16:55:43 -07:00
Zhongtao Hu
f3907aa127 runtime-rs:Merge remote-tracking branch 'origin/main' into runtime-rs-newv
Fixes:#4536
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
2022-06-28 20:58:40 +08:00
Chao Wu
86123f49f2 Merge branch 'main' into runtime-rs
In order to keep update with the main, we will update runtime-rs every
week.

Fixes: #4485
Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
2022-06-20 10:01:58 +08:00
Zvonko Kaiser
9941588c00 workflow: Removing man-db, workflow kept failing
Fixes: #4480

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
2022-06-17 04:55:12 -07:00
James O. D. Hunt
90a7763ac6 snap: Fix debug cli option
`snap`/`snapcraft` seems to have changed recently. Since `snap`
auto-updates all `snap` packages and since we use the `snapcraft` `snap`
for building snaps, this is impacting all our CI jobs which now show:

```
Installing Snapcraft for Linux…
snapcraft 7.0.4 from Canonical* installed

Run snapcraft -d snap --destructive-mode
Usage: snapcraft [options] command [args]...
Try 'snapcraft pack -h' for help.
Error: unrecognized arguments: -d
Error: Process completed with exit code 1.
```

Move the debug option to make it a sub-command (long) option to resolve
this issue.

Fixes: #4457.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2022-06-15 10:00:56 +01:00
Zhongtao Hu
97d8c6c0fa docs: modify move-issues-to-in-progress.yaml
change issue backlog to runtime-rs

Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
2022-06-10 18:27:49 +08:00
Liu Jiang
575df4dc4d static-checks: Allow Merge commit to be >75 chars
Some generated merge commit messages are >75 chars
Allow these to not trigger the subject line length failure

Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2022-06-10 18:25:24 +08:00
Snir Sheriber
7676cde0c5 workflow: trigger test-kata-deploy with pull_request
event that changes VERSION (i.e. a release PR)

Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
2022-06-09 18:17:47 +03:00
Snir Sheriber
f10827357e workflow: require PR num input on test-kata-deploy workflow_dispatch
this will require to set a PR number when triggering the test-kata-deploy workflow manually
also make sure user variables are set correctly when workflow_dispatch is used

Fixes: #4349
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
2022-06-09 18:14:43 +03:00
Snir Sheriber
8b57bf97ab workflows: add workflow_dispatch triggering to test-kata-deploy
This will allow to trigger the test-kata-deploy workflow manually from
any branch instead of using always the one that is defined on main

See: https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/

Fixes: #4349
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
2022-06-01 16:21:01 +03:00
Fupan Li
856c8e81f1 Merge pull request #4220 from liubin/fix/4219
ci: Don't run Docs URL Alive Check workflow on forks
2022-05-17 12:19:55 +08:00
Fabiano Fidêncio
a475956abd workflows: Add support for building virtiofsd
As already done for the other assets we rely on, let's build (well, pull
in this very specific case) the virtiofsd binary, as we're relying on
its standlone rust version from now on.

Fixes: #4234

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-05-13 11:37:36 +02:00
Bin Liu
7bc4ab68c3 ci: Don't run Docs URL Alive Check workflow on forks
This workflow is a scheduled job that runs at 23:00
every Sunday, it should only run the main repo
but not the forked ones.

Fixes: #4219

Signed-off-by: Bin Liu <bin@hyper.sh>
2022-05-09 11:54:25 +08:00
Fabiano Fidêncio
3606923ac8 workflows,release: Ship *all* the rust vendored code
Instead of only vendoring the code needed by the agent, let's ensure we
vendor all the needed rust code, and let's do it using the newly
introduced enerate_vendor.sh script.

Fixes: #3973

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-03-29 12:37:00 +02:00
Greg Kurz
154c8b03d3 tools/packaging/kata-deploy: Copy install_yq.sh in a dedicated script
'make kata-tarball' sometimes fails early with:

cp: cannot create regular file '[...]/tools/packaging/kata-deploy/local-build/dockerbuild/install_yq.sh': File exists

This happens because all assets are built in parallel using the same
`kata-deploy-binaries-in-docker.sh` script, and thus all try to copy
the `install_yq.sh` script to the same location with the `cp` command.
This is a well known race condition that cannot be avoided without
serialization of `cp` invocations.

Move the copying of `install_yq.sh` to a separate script and ensure
it is called *before* parallel builds. Make the presence of the copy
a prerequisite for each sub-build so that they still can be triggered
individually. Update the GH release workflow to also call this script
before calling `kata-deploy-binaries-in-docker.sh`.

Fixes #3756

Signed-off-by: Greg Kurz <groug@kaod.org>
2022-03-25 15:59:24 +01:00
Fabiano Fidêncio
aa6886f1ed Merge pull request #2482 from Bevisy/main-815
ci: Weekly check whether the docs url is alive
2022-03-21 17:15:40 +01:00
Gabriela Cervantes
62351637da action: Update link for format patch documentation
This PR updates the link for the format patch documentation for the
commit message check.

Fixes #3900

Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
2022-03-15 16:11:43 +00:00
James O. D. Hunt
4b1e2f527e CI: Update GHA secret name
Change the secret used by the GitHub Action  that adds the PR size
label to one with the correct set of privileges.

Fixes: #3856.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2022-03-08 17:06:16 +00:00
James O. D. Hunt
6a850899c9 CI: Create GHA to add PR sizing label
Created a new GitHub Action workflow file that adds a sizing label to
each PR.

Fixes: #3841.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
2022-03-08 14:11:17 +00:00
Eric Ernst
4afb278fe2 ci: add github action to exercise darwin build, unit tests
There are a few outstanding changes required to build the runtime on
Darwin.

Let's add a GitHub action to exercise build and unit tests of the
packages which we do expect to work. Eventually this should be dropped
and we can run any Darwin specific tests, or just add MacOS to the
matrix for our static check OSes.

Fixes: #3778

Signed-off-by: Eric Ernst <eric_ernst@apple.com>
2022-02-28 08:01:53 -08:00
Fabiano Fidêncio
2c35d8cb8e workflows: Stop building the experimental kernel
Let's stop building the experimental kernel as, currently, we have
all the needed contents as part of the vanilla kernel.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-02-18 10:41:08 +01:00
Fabiano Fidêncio
88a70d32ba Revert "workflows: Ensure a label change re-triggers the actions"
This reverts commit 7a879164bd, as it's
been proved that re-triggering the checks at every single change is more
painful than having to close / re-open a PR in case we ever use the
`force-skip-ci` label again.

Fixes: #2804

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-02-04 00:01:21 +01:00
Eric Ernst
c78ffe4cc8 Merge pull request #3587 from egernst/kata-test-deploy-action
kata-deploy: for testing, make sure we use the PR branch
2022-02-02 12:09:11 -08:00
Eric Ernst
89047901b3 kata-deploy-push: only run if PR modifying tools path
Since we are using this to exercise any changes to osbuilder or
packaging scripts, let's make sure that we only run the test in that
case.

Similarly, don't run for every single push. Just run this workflow for
pull requests.

Fixes: #3594

Signed-off-by: Eric Ernst <eric_ernst@apple.com>
2022-02-02 10:16:18 -08:00
Eric Ernst
24796d2f25 kata-deploy: for testing, make sure we use the PR branch
Since we are already checking that only an admin is triggering the job,
let's go ahead and make sure we are testing against the PR itself. This
will ensure that we are exercising changes to kata-deploy tooling, which
is important for this test.

While at it, cleanup and simplify some of the tarball creation.

Fixes: #3586

Signed-off-by: Eric Ernst <eric_ernst@apple.com>
2022-02-01 10:53:30 -08:00
Tim Zhang
5083ae65a0 workflows: stop checking revert commit
The commit message of a revert commit usually generated by
`git revert`, we should consider this as legal.

Consider the commit as the merge commit if the subject
starts with 'Reject "'

Follow the pr kata-containers/tests/#3938, the suttle diffrence
is we skip all commit checks for revert commit including fixes checking
and subsystem checking. Because the commit was reverted must have passed
the check so the revert-commit should have the Fixes and Subsystem.

Fixes: #3568
Fixes: kata-containers/tests#3934

Signed-off-by: Tim Zhang <tim@hyper.sh>
2022-01-29 11:45:20 +08:00
Binbin Zhang
168fadf1de ci: Weekly check whether the docs url is alive
Weekly check(at 23:00 every Sunday) whether the docs url is ALIVE, so that
we can find the failed url in time

Fixes #815

Signed-off-by: Binbin Zhang <binbin36520@gmail.com>
2022-01-20 19:56:15 +08:00
Fabiano Fidêncio
3924470c8f workflows: Use base instead of head ref for kata-deploy-test
Although I've done tests on my own fork using `head_ref` and those
worked, it seems those only worked as the PR was coming from exactly the
same repository as the target one.

Let's switch to base_ref, instead, which we for sure have as part of our
repo.

The downside of this is that we run the test with the last merged PR,
rather than with the "to-be-approved" PR, but that's a limitation we've
always had.

Fixes: #3482

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-01-20 11:04:14 +01:00
Fabiano Fidêncio
c3785f6665 workflows: Fix typo in kata-deploy-push action
A `:` was missed when d87ab14fa7 was
introduced.

Fixes: #3485

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-01-19 11:05:58 +01:00
Fabiano Fidêncio
7a879164bd workflows: Ensure a label change re-triggers the actions
This is needed in order to ensure that, for instance, if `force-skip-ci`
label is either added or removed later, the jobs related to the actions
will be restarted and accordingly checked.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-01-18 14:39:01 +01:00
Fabiano Fidêncio
d87ab14fa7 workflows: Ensure force-skip-ci skips all actions
Before this change it was only applied to the static-checks, but if
we're already taking the extreme path of skipping the CI, we better
ensure we skip all the actions and not just a few of them.

Fixes: #3471

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-01-18 14:37:32 +01:00
Fabiano Fidêncio
fc64643437 workflows: Use the correct branch ref on test kata-deploy
The action used for testing kata-deploy is entirely based on the action
used to build the kata-deploy tarball, but while the latter is able to
use the correct branch, the former always uses `main`.

This happens as the `issue_comment`, from GitHub actions, passed the
"default branch" as the GITHUB_REF.

As we're not the first ones to face such a issue, I've decided to take
one of the approaches suggested at one of the checkout's issues,
https://github.com/actions/checkout/issues/331, and take advantage of a
new action provided by the community, which will get the PR where the
comment was made, give us that ref, and that then can be used with the
checkout action, resulting on what we originally wanted.

Fixes: #3443

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-01-17 23:23:26 +01:00
Fabiano Fidêncio
5e7c1a290f workflows: only allow org members to run /test_kata_deploy
Let's take advantage of the "is-organization-member" action and only
allow members who are part of the `kata-containers` organization to
trigger `/test_kata_deploy`.

One caveat with this approach is that for the user to be considered as
part of an organization, they **must** have their "Organization
Visibility" configured as Public (and I think the default is Private).

This was found out and suggested by @jcvenegas!

Fixes: #3130

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2021-11-26 23:02:51 +01:00
Fabiano Fidêncio
a7c08aa4b6 workflows: Add back the checks for running test-kata-deploy
Commit 3c9ae7f made /test_kata_deploy run
against HEAD, but it also mistakenly removed all the checks that ensure
/test_kata_deploy only runs when explicitly called.

Mea culpa on this, and let's add the tests back.

Fixes: #3101

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2021-11-22 18:33:10 +01:00
Fabiano Fidêncio
3c9ae7fb4b kata-deploy: Ensure we test HEAD with /test_kata_deploy
Is the past few releases we ended up hitting issues that could be easily
avoided if `/test_kata_deploy` would use HEAD instead of a specific
tarball.

By the end of the day, we want to ensure kata-deploy works, but before
we cut a release we also want to ensure that the binaries used in that
release are in a good shape.  If we don't do that we end up either
having to roll a release back, or to cut a second release in a really
short time (and that's time consuming).

Note: there's code duplication here that could and should be avoided,b
but I sincerely would prefer treating it in a different PR.

Fixes: #3001

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2021-11-18 23:38:55 +01:00
Fabiano Fidêncio
a3b3c85ec3 workflows: Remove non-used main.yaml
The main.yaml workflow was created and used only on 1.x.  We inherited
it, but we didn't remove it after deprecating the 1.x repos.

While here, let's also update the reference to the `main.yaml` file,
and point to `release.yaml` (the file that's actually used for 2.x).

Fixes: #3033

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2021-11-12 18:17:11 +01:00
Fabiano Fidêncio
c0aea3f662 Merge pull request #3017 from fidencio/wip/bump-golang
versions: bump golang to 1.17.x
2021-11-11 16:57:50 +01:00