github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2026-03-18 02:32:26 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: github:3.28.0
Branches Tags
github:main github:dependabot/cargo/src/agent/tracing-667a7af472 github:dependabot/cargo/src/agent/tracing-95423bd0ce github:dependabot/cargo/src/agent/clap-e796154cfe github:dependabot/cargo/src/agent/clap-f572f62cb7 github:mahuber/nv-initrd-delete github:dependabot/cargo/src/agent/const_format-0.2.35 github:dependabot/cargo/src/tools/kata-ctl/strum-0.27.1 github:dependabot/cargo/src/agent/strum-0.27.1 github:zizmor-update-to-1.20 github:dependabot/go_modules/src/runtime/github.com/go-openapi/runtime-0.29.2 github:topic/re-enable-sandbox-api-tests github:sprt/fidencio/conf-local-storage github:topic/genpolicy-distribute-different-settings-rather-than-patching-for-ci github:dependabot/go_modules/src/runtime/github.com/containerd/containerd/api-1.10.0 github:topic/build-kernel-do-not-expected-a-modules-tarball-for-vanilla-kernel github:dependabot/go_modules/src/runtime/k8s.io/cri-api-0.35.2 github:dependabot/cargo/src/tools/kata-ctl/toml-0.9.8 github:dependabot/cargo/src/tools/agent-ctl/toml-0.9.11spec-1.1.0 github:dependabot/cargo/src/libs/toml-1.0.3 github:dependabot/cargo/src/agent/toml-0.9.6 github:dependabot/go_modules/src/runtime/github.com/go-openapi/errors-0.22.6 github:dependabot/cargo/src/agent/tokio-c49fc46c2e github:dependabot/cargo/src/agent/tracing-9421c2f3ac github:topic/tests-try-crio github:topic/tests-lower-the-load-on-aks github:sprt/disable-pmem github:topic/ci-lower-secrets-required github:disable-guest-empty-dir github:topic/oras-cache-still-not-working github:bump-to-go-1.25 github:topic/re-enable-sandboxapi-tests github:topic/main-no-cache github:topic/kata-deploy-upgrade github:copilot/replace-gperf-url-with-urls github:dependabot/github_actions/actions/attest-build-provenance-3.2.0 github:dependabot/github_actions/docker/login-action-3.7.0 github:stale-issues-by-date github:dependabot/github_actions/tim-actions/wip-check-1.1.0 github:dependabot/go_modules/src/runtime/github.com/containerd/containerd/api-1.9.0 github:dependabot/github_actions/actions/download-artifact-7.0.0 github:topic/arm64-increase-runner-timeout github:decouple-kernel-rootfs github:topic/ovmf-tdx github:dependabot/cargo/kvm-ioctls-0.24.0 github:ci-test github:topic/move-builder-images-to-quay.io github:runtime-rs-stability-test github:runtime-rs-policy-debug github:numa-topology github:topic/stability-rs github:dependabot/cargo/vmm-sys-util-0.15.0 github:dependabot/cargo/vm-memory-0.16.2 github:fupan_test github:topic/tests-experimental-force-guest-pull-test-authenticated-registries github:fupan_tests github:dependabot/cargo/src/agent/tracing-subscriber-0.3.20 github:fupan_nontee_test github:sprt-patch-2 github:sprt/test-pr-up github:sprt/cleanup-policy-settings github:fix-create-container-timeout github:zvonkok-patch-1 github:amd64-nvidia-gpu-cicd-part2 github:burgerdev/codegen-test github:kata-tests-gh-cli-trigger github:topic/wainersm-ci_setup_kubectl github:topic/wainersm/fix_coco_stability_tests github:sprt/remove-ci-env github:revert-11466-blockfile github:saul/updateimg github:sprt/fix-validate-ok-to-test github:sprt-patch-1
github:3.28.0 github:3.27.0 github:3.26.0 github:3.25.0 github:3.24.0 github:3.23.0 github:3.22.0 github:3.21.0 github:3.20.0 github:3.19.1 github:3.19.0 github:3.18.0 github:3.17.0 github:3.16.0 github:3.15.0 github:3.14.0 github:3.13.0 github:3.12.0 github:3.11.0 github:3.10.1 github:3.10.0 github:3.9.0 github:3.8.0 github:3.7.0 github:3.6.0 github:3.5.0 github:3.4.0 github:release-3.4.0 github:3.3.0-test github:3.3.0 github:CC-0.8.1 github:CC-0.8.0 github:3.2.0 github:3.3.0-alpha0 github:3.2.0-rc0 github:3.2.0-alpha4 github:CC-0.7.0 github:3.1.3 github:CC-0.6.0 github:3.2.0-alpha3 github:3.2.0-alpha2 github:3.1.2 github:3.2.0-alpha1 github:3.1.1 github:CC-0.5.0 github:3.2.0-alpha0 github:3.1.0 github:CC-0.4.0 github:3.0.2 github:3.1.0-rc0 github:CC-0.3.0 github:3.0.1 github:3.1.0-alpha1 github:CC-0.2.0 github:3.0.0 github:3.1.0-alpha0 github:2.5.2 github:3.0.0-rc1 github:3.0.0-rc0 github:3.0.0-alpha1 github:untagged-b5b6198308b02e3a2666 github:2.5.1 github:3.0.0-alpha0 github:2.5.0 github:2.4.3 github:2.5.0-rc0 github:2.4.2 github:2.5.0-alpha2 github:2.5.0-alpha1 github:2.4.1 github:2.4.0 github:2.5.0-alpha0 github:2.4.0-rc0 github:2.3.3 github:2.3.2 github:2.4.0-alpha2 github:2.3.1 github:2.4.0-alpha1 github:2.3.0 github:2.4.0-alpha0 github:2.3.0-rc1 github:2.2.3 github:2.3.0-rc0 github:2.2.2 github:2.3.0-alpha2 github:2.2.1 github:2.3.0-alpha1 github:2.3.0-alpha0 github:2.2.0 github:2.2.0-rc0 github:2.2.0-alpha1 github:2.1.1 github:2.2.0-alpha0 github:2.1.0 github:2.0.4 github:2.1.0-rc0 github:2.0.3 github:2.1.0-alpha2 github:2.1.0-alpha0 github:2.1.0-alpha1 github:2.1-alpha1 github:2.0.2 github:1.13.0-alpha0 github:2.0.1 github:1.12.1 github:2.1-alpha0 github:1.11.5 github:1.12.0 github:1.12.0-rc0 github:1.11.4 github:1.10.8 github:2.0.0 github:2.0.0-rc1 github:untagged-c2a61792b39392572d0f github:2.0.0-rc0 github:1.11.3 github:1.10.7 github:1.12.0-alpha1 github:2.0.0-alpha3 github:1.10.6 github:1.11.2 github:1.12.0-alpha0 github:2.0.0-alpha2 github:1.10.5 github:1.11.1 github:2.0.0-alpha1 github:1.11.0 github:1.10.4 github:1.9.7 github:1.10.3 github:1.11.0-rc0 github:1.9.6 github:1.11.0-alpha1 github:1.10.1 github:1.9.5 github:1.11.0-alpha0 github:1.9.4 github:1.10.0 github:1.9.3 github:1.10.0-rc0 github:1.9.0-rc0 github:1.9.0-alpha2 github:1.9.0-alpha0 github:stable-1.8.2 github:stable-1.8-test.0
...
compare: github:kata-tests-gh-cli-trigger
Branches Tags
github:main github:dependabot/cargo/src/agent/tracing-667a7af472 github:dependabot/cargo/src/agent/tracing-95423bd0ce github:dependabot/cargo/src/agent/clap-e796154cfe github:dependabot/cargo/src/agent/clap-f572f62cb7 github:mahuber/nv-initrd-delete github:dependabot/cargo/src/agent/const_format-0.2.35 github:dependabot/cargo/src/tools/kata-ctl/strum-0.27.1 github:dependabot/cargo/src/agent/strum-0.27.1 github:zizmor-update-to-1.20 github:dependabot/go_modules/src/runtime/github.com/go-openapi/runtime-0.29.2 github:topic/re-enable-sandbox-api-tests github:sprt/fidencio/conf-local-storage github:topic/genpolicy-distribute-different-settings-rather-than-patching-for-ci github:dependabot/go_modules/src/runtime/github.com/containerd/containerd/api-1.10.0 github:topic/build-kernel-do-not-expected-a-modules-tarball-for-vanilla-kernel github:dependabot/go_modules/src/runtime/k8s.io/cri-api-0.35.2 github:dependabot/cargo/src/tools/kata-ctl/toml-0.9.8 github:dependabot/cargo/src/tools/agent-ctl/toml-0.9.11spec-1.1.0 github:dependabot/cargo/src/libs/toml-1.0.3 github:dependabot/cargo/src/agent/toml-0.9.6 github:dependabot/go_modules/src/runtime/github.com/go-openapi/errors-0.22.6 github:dependabot/cargo/src/agent/tokio-c49fc46c2e github:dependabot/cargo/src/agent/tracing-9421c2f3ac github:topic/tests-try-crio github:topic/tests-lower-the-load-on-aks github:sprt/disable-pmem github:topic/ci-lower-secrets-required github:disable-guest-empty-dir github:topic/oras-cache-still-not-working github:bump-to-go-1.25 github:topic/re-enable-sandboxapi-tests github:topic/main-no-cache github:topic/kata-deploy-upgrade github:copilot/replace-gperf-url-with-urls github:dependabot/github_actions/actions/attest-build-provenance-3.2.0 github:dependabot/github_actions/docker/login-action-3.7.0 github:stale-issues-by-date github:dependabot/github_actions/tim-actions/wip-check-1.1.0 github:dependabot/go_modules/src/runtime/github.com/containerd/containerd/api-1.9.0 github:dependabot/github_actions/actions/download-artifact-7.0.0 github:topic/arm64-increase-runner-timeout github:decouple-kernel-rootfs github:topic/ovmf-tdx github:dependabot/cargo/kvm-ioctls-0.24.0 github:ci-test github:topic/move-builder-images-to-quay.io github:runtime-rs-stability-test github:runtime-rs-policy-debug github:numa-topology github:topic/stability-rs github:dependabot/cargo/vmm-sys-util-0.15.0 github:dependabot/cargo/vm-memory-0.16.2 github:fupan_test github:topic/tests-experimental-force-guest-pull-test-authenticated-registries github:fupan_tests github:dependabot/cargo/src/agent/tracing-subscriber-0.3.20 github:fupan_nontee_test github:sprt-patch-2 github:sprt/test-pr-up github:sprt/cleanup-policy-settings github:fix-create-container-timeout github:zvonkok-patch-1 github:amd64-nvidia-gpu-cicd-part2 github:burgerdev/codegen-test github:kata-tests-gh-cli-trigger github:topic/wainersm-ci_setup_kubectl github:topic/wainersm/fix_coco_stability_tests github:sprt/remove-ci-env github:revert-11466-blockfile github:saul/updateimg github:sprt/fix-validate-ok-to-test github:sprt-patch-1
github:3.28.0 github:3.27.0 github:3.26.0 github:3.25.0 github:3.24.0 github:3.23.0 github:3.22.0 github:3.21.0 github:3.20.0 github:3.19.1 github:3.19.0 github:3.18.0 github:3.17.0 github:3.16.0 github:3.15.0 github:3.14.0 github:3.13.0 github:3.12.0 github:3.11.0 github:3.10.1 github:3.10.0 github:3.9.0 github:3.8.0 github:3.7.0 github:3.6.0 github:3.5.0 github:3.4.0 github:release-3.4.0 github:3.3.0-test github:3.3.0 github:CC-0.8.1 github:CC-0.8.0 github:3.2.0 github:3.3.0-alpha0 github:3.2.0-rc0 github:3.2.0-alpha4 github:CC-0.7.0 github:3.1.3 github:CC-0.6.0 github:3.2.0-alpha3 github:3.2.0-alpha2 github:3.1.2 github:3.2.0-alpha1 github:3.1.1 github:CC-0.5.0 github:3.2.0-alpha0 github:3.1.0 github:CC-0.4.0 github:3.0.2 github:3.1.0-rc0 github:CC-0.3.0 github:3.0.1 github:3.1.0-alpha1 github:CC-0.2.0 github:3.0.0 github:3.1.0-alpha0 github:2.5.2 github:3.0.0-rc1 github:3.0.0-rc0 github:3.0.0-alpha1 github:untagged-b5b6198308b02e3a2666 github:2.5.1 github:3.0.0-alpha0 github:2.5.0 github:2.4.3 github:2.5.0-rc0 github:2.4.2 github:2.5.0-alpha2 github:2.5.0-alpha1 github:2.4.1 github:2.4.0 github:2.5.0-alpha0 github:2.4.0-rc0 github:2.3.3 github:2.3.2 github:2.4.0-alpha2 github:2.3.1 github:2.4.0-alpha1 github:2.3.0 github:2.4.0-alpha0 github:2.3.0-rc1 github:2.2.3 github:2.3.0-rc0 github:2.2.2 github:2.3.0-alpha2 github:2.2.1 github:2.3.0-alpha1 github:2.3.0-alpha0 github:2.2.0 github:2.2.0-rc0 github:2.2.0-alpha1 github:2.1.1 github:2.2.0-alpha0 github:2.1.0 github:2.0.4 github:2.1.0-rc0 github:2.0.3 github:2.1.0-alpha2 github:2.1.0-alpha0 github:2.1.0-alpha1 github:2.1-alpha1 github:2.0.2 github:1.13.0-alpha0 github:2.0.1 github:1.12.1 github:2.1-alpha0 github:1.11.5 github:1.12.0 github:1.12.0-rc0 github:1.11.4 github:1.10.8 github:2.0.0 github:2.0.0-rc1 github:untagged-c2a61792b39392572d0f github:2.0.0-rc0 github:1.11.3 github:1.10.7 github:1.12.0-alpha1 github:2.0.0-alpha3 github:1.10.6 github:1.11.2 github:1.12.0-alpha0 github:2.0.0-alpha2 github:1.10.5 github:1.11.1 github:2.0.0-alpha1 github:1.11.0 github:1.10.4 github:1.9.7 github:1.10.3 github:1.11.0-rc0 github:1.9.6 github:1.11.0-alpha1 github:1.10.1 github:1.9.5 github:1.11.0-alpha0 github:1.9.4 github:1.10.0 github:1.9.3 github:1.10.0-rc0 github:1.9.0-rc0 github:1.9.0-alpha2 github:1.9.0-alpha0 github:stable-1.8.2 github:stable-1.8-test.0

3 Commits
3.28.0 ... kata-tests

Author SHA1 Message Date
stevenhorsman
f60dd4891d DO NOT MERGE: Comment out tests for a reduced CI burden 2025-07-17 14:51:19 +01:00
stevenhorsman
01e65b804a WIP: workflows: Trigger CI tests with gh cli 
- We are hitting limitations where gh can only call actions with 20 workflow jobs,
so split out the CI test jobs as separate workflows and call them once the required
artifacts are created.

- Note: This commit updates the test runs to use the source branch
workflows, rather than target branch that we have at the moment,
we need to think about this pretty carefully to check there isn't
any secuirty concerns here (I think there aren't as we are already
vulnerable in this respect)

WIP: Run the workflow on the ref, or the `main` version?
 2025-07-17 14:51:19 +01:00
stevenhorsman
b6d5820434 tests: Add gha-helper function with trigger action 
Add a script for triggering a gha action given the workflow file,
ref and input json, so we can reduce duplicated code in our workflow file
and make it easier to update in a single place
 2025-07-17 14:51:19 +01:00
8 changed files with 693 additions and 448 deletions
Expand all files Collapse all files

7
.github/workflows/ci-devel.yaml vendored
View File

@@ -8,10 +8,11 @@ permissions:
jobs: jobs:
kata-containers-ci-on-push: kata-containers-ci-on-push:
permissions: permissions:
contents: read actions: write
packages: write
id-token: write
attestations: write attestations: write
contents: read
id-token: write
packages: write
uses: ./.github/workflows/ci.yaml uses: ./.github/workflows/ci.yaml
with: with:
commit-hash: ${{ github.sha }} commit-hash: ${{ github.sha }}

7
.github/workflows/ci-nightly.yaml vendored
View File

@@ -13,10 +13,11 @@ permissions:
jobs: jobs:
kata-containers-ci-on-push: kata-containers-ci-on-push:
permissions: permissions:
contents: read actions: write
packages: write
id-token: write
attestations: write attestations: write
contents: read
id-token: write
packages: write
uses: ./.github/workflows/ci.yaml uses: ./.github/workflows/ci.yaml
with: with:
commit-hash: ${{ github.sha }} commit-hash: ${{ github.sha }}

7
.github/workflows/ci-on-push.yaml vendored
View File

@@ -33,10 +33,11 @@ jobs:
needs: skipper needs: skipper
if: ${{ needs.skipper.outputs.skip_build != 'yes' }} if: ${{ needs.skipper.outputs.skip_build != 'yes' }}
permissions: permissions:
contents: read actions: write
packages: write
id-token: write
attestations: write attestations: write
contents: read
id-token: write
packages: write
uses: ./.github/workflows/ci.yaml uses: ./.github/workflows/ci.yaml
with: with:
commit-hash: ${{ github.event.pull_request.head.sha }} commit-hash: ${{ github.event.pull_request.head.sha }}

634
.github/workflows/ci.yaml vendored
View File

@@ -71,112 +71,112 @@ jobs:
secrets: secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-kata-static-tarball-arm64: # build-kata-static-tarball-arm64:
permissions: # permissions:
contents: read # contents: read
packages: write # packages: write
id-token: write # id-token: write
attestations: write # attestations: write
uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml # uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml
with: # with:
tarball-suffix: -${{ inputs.tag }} # tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
publish-kata-deploy-payload-arm64: # publish-kata-deploy-payload-arm64:
needs: build-kata-static-tarball-arm64 # needs: build-kata-static-tarball-arm64
permissions: # permissions:
contents: read # contents: read
packages: write # packages: write
uses: ./.github/workflows/publish-kata-deploy-payload.yaml # uses: ./.github/workflows/publish-kata-deploy-payload.yaml
with: # with:
tarball-suffix: -${{ inputs.tag }} # tarball-suffix: -${{ inputs.tag }}
registry: ghcr.io # registry: ghcr.io
repo: ${{ github.repository_owner }}/kata-deploy-ci # repo: ${{ github.repository_owner }}/kata-deploy-ci
tag: ${{ inputs.tag }}-arm64 # tag: ${{ inputs.tag }}-arm64
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
runner: ubuntu-22.04-arm # runner: ubuntu-22.04-arm
arch: arm64 # arch: arm64
secrets: # secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} # QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-kata-static-tarball-s390x: # build-kata-static-tarball-s390x:
permissions: # permissions:
contents: read # contents: read
packages: write # packages: write
id-token: write # id-token: write
attestations: write # attestations: write
uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml # uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml
with: # with:
tarball-suffix: -${{ inputs.tag }} # tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
secrets: # secrets:
CI_HKD_PATH: ${{ secrets.ci_hkd_path }} # CI_HKD_PATH: ${{ secrets.ci_hkd_path }}
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} # QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-kata-static-tarball-ppc64le: # build-kata-static-tarball-ppc64le:
permissions: # permissions:
contents: read # contents: read
packages: write # packages: write
uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml # uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml
with: # with:
tarball-suffix: -${{ inputs.tag }} # tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
secrets: # secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} # QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-kata-static-tarball-riscv64: # build-kata-static-tarball-riscv64:
permissions: # permissions:
contents: read # contents: read
packages: write # packages: write
id-token: write # id-token: write
attestations: write # attestations: write
uses: ./.github/workflows/build-kata-static-tarball-riscv64.yaml # uses: ./.github/workflows/build-kata-static-tarball-riscv64.yaml
with: # with:
tarball-suffix: -${{ inputs.tag }} # tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
secrets: # secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} # QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
publish-kata-deploy-payload-s390x: # publish-kata-deploy-payload-s390x:
needs: build-kata-static-tarball-s390x # needs: build-kata-static-tarball-s390x
permissions: # permissions:
contents: read # contents: read
packages: write # packages: write
uses: ./.github/workflows/publish-kata-deploy-payload.yaml # uses: ./.github/workflows/publish-kata-deploy-payload.yaml
with: # with:
tarball-suffix: -${{ inputs.tag }} # tarball-suffix: -${{ inputs.tag }}
registry: ghcr.io # registry: ghcr.io
repo: ${{ github.repository_owner }}/kata-deploy-ci # repo: ${{ github.repository_owner }}/kata-deploy-ci
tag: ${{ inputs.tag }}-s390x # tag: ${{ inputs.tag }}-s390x
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
runner: s390x # runner: s390x
arch: s390x # arch: s390x
secrets: # secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} # QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
publish-kata-deploy-payload-ppc64le: # publish-kata-deploy-payload-ppc64le:
needs: build-kata-static-tarball-ppc64le # needs: build-kata-static-tarball-ppc64le
permissions: # permissions:
contents: read # contents: read
packages: write # packages: write
uses: ./.github/workflows/publish-kata-deploy-payload.yaml # uses: ./.github/workflows/publish-kata-deploy-payload.yaml
with: # with:
tarball-suffix: -${{ inputs.tag }} # tarball-suffix: -${{ inputs.tag }}
registry: ghcr.io # registry: ghcr.io
repo: ${{ github.repository_owner }}/kata-deploy-ci # repo: ${{ github.repository_owner }}/kata-deploy-ci
tag: ${{ inputs.tag }}-ppc64le # tag: ${{ inputs.tag }}-ppc64le
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
runner: ppc64le # runner: ppc64le
arch: ppc64le # arch: ppc64le
secrets: # secrets:
QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} # QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
build-and-publish-tee-confidential-unencrypted-image: build-and-publish-tee-confidential-unencrypted-image:
permissions: permissions:
@@ -275,29 +275,61 @@ jobs:
run-kata-monitor-tests: run-kata-monitor-tests:
if: ${{ inputs.skip-test != 'yes' }} if: ${{ inputs.skip-test != 'yes' }}
runs-on: ubuntu-22.04
needs: build-kata-static-tarball-amd64 needs: build-kata-static-tarball-amd64
uses: ./.github/workflows/run-kata-monitor-tests.yaml env:
with: GH_TOKEN: ${{ github.token }}
tarball-suffix: -${{ inputs.tag }} permissions:
commit-hash: ${{ inputs.commit-hash }} actions: write # Permission to trigger the gh workflows
target-branch: ${{ inputs.target-branch }} steps:
- name: Checkout the code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
persist-credentials: false
- name: Trigger kata monitor tests
run: |
./tests/gha-helper.sh trigger-and-check-workflow \
run-kata-monitor-tests.yaml \
${{ github.ref }} \
${{ github.sha }} \
'{
"artifact-run-id":"${{ github.run_id }}",
"tarball-suffix":"-${{ inputs.tag }}",
"commit-hash":"${{ inputs.commit-hash }}",
"target-branch":"${{ inputs.target-branch }}"
}'
run-k8s-tests-on-aks: run-k8s-tests-on-aks:
if: ${{ inputs.skip-test != 'yes' }} if: ${{ inputs.skip-test != 'yes' }}
runs-on: ubuntu-22.04
needs: publish-kata-deploy-payload-amd64 needs: publish-kata-deploy-payload-amd64
uses: ./.github/workflows/run-k8s-tests-on-aks.yaml env:
with: GH_TOKEN: ${{ github.token }}
tarball-suffix: -${{ inputs.tag }} permissions:
registry: ghcr.io actions: write # Permission to trigger the gh workflows
repo: ${{ github.repository_owner }}/kata-deploy-ci steps:
tag: ${{ inputs.tag }}-amd64 - name: Checkout the code
commit-hash: ${{ inputs.commit-hash }} uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
pr-number: ${{ inputs.pr-number }} with:
target-branch: ${{ inputs.target-branch }} fetch-depth: 0
secrets: persist-credentials: false
AZ_APPID: ${{ secrets.AZ_APPID }} - name: Trigger run-k8s-tests-on-aks workflow
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} run: |
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} ./tests/gha-helper.sh trigger-and-check-workflow \
run-k8s-tests-on-aks.yaml \
${{ github.ref }} \
${{ github.sha }} \
'{
"artifact-run-id":"${{ github.run_id }}",
"tarball-suffix":"-${{ inputs.tag }}",
"registry":"ghcr.io",
"repo":"${{ github.repository_owner }}/kata-deploy-ci",
"tag":"${{ inputs.tag }}-amd64",
"commit-hash":"${{ inputs.commit-hash }}",
"pr-number":"${{ inputs.pr-number }}",
"target-branch":"${{ inputs.target-branch }}"
}'
run-k8s-tests-on-amd64: run-k8s-tests-on-amd64:
if: ${{ inputs.skip-test != 'yes' }} if: ${{ inputs.skip-test != 'yes' }}
@@ -311,194 +343,206 @@ jobs:
pr-number: ${{ inputs.pr-number }} pr-number: ${{ inputs.pr-number }}
target-branch: ${{ inputs.target-branch }} target-branch: ${{ inputs.target-branch }}
run-k8s-tests-on-arm64: # run-k8s-tests-on-arm64:
if: ${{ inputs.skip-test != 'yes' }} # if: ${{ inputs.skip-test != 'yes' }}
needs: publish-kata-deploy-payload-arm64 # needs: publish-kata-deploy-payload-arm64
uses: ./.github/workflows/run-k8s-tests-on-arm64.yaml # uses: ./.github/workflows/run-k8s-tests-on-arm64.yaml
with: # with:
registry: ghcr.io # registry: ghcr.io
repo: ${{ github.repository_owner }}/kata-deploy-ci # repo: ${{ github.repository_owner }}/kata-deploy-ci
tag: ${{ inputs.tag }}-arm64 # tag: ${{ inputs.tag }}-arm64
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
pr-number: ${{ inputs.pr-number }} # pr-number: ${{ inputs.pr-number }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
run-kata-coco-tests: run-kata-coco-tests:
if: ${{ inputs.skip-test != 'yes' }} if: ${{ inputs.skip-test != 'yes' }}
runs-on: ubuntu-22.04
needs: needs:
- publish-kata-deploy-payload-amd64 - publish-kata-deploy-payload-amd64
- build-and-publish-tee-confidential-unencrypted-image - build-and-publish-tee-confidential-unencrypted-image
- publish-csi-driver-amd64 - publish-csi-driver-amd64
uses: ./.github/workflows/run-kata-coco-tests.yaml env:
with: GH_TOKEN: ${{ github.token }}
tarball-suffix: -${{ inputs.tag }} permissions:
registry: ghcr.io actions: write # Permission to trigger the gh workflows
repo: ${{ github.repository_owner }}/kata-deploy-ci steps:
tag: ${{ inputs.tag }}-amd64 - name: Checkout the code
commit-hash: ${{ inputs.commit-hash }} uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
pr-number: ${{ inputs.pr-number }} with:
target-branch: ${{ inputs.target-branch }} fetch-depth: 0
secrets: persist-credentials: false
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} - name: Trigger kata-coco-tests for amd64 arch
AZ_APPID: ${{ secrets.AZ_APPID }} run: |
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} ./tests/gha-helper.sh trigger-and-check-workflow \
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} run-kata-coco-tests.yaml \
ITA_KEY: ${{ secrets.ITA_KEY }} ${{ github.ref }} \
${{ github.sha }} \
'{
"artifact-run-id":"${{ github.run_id }}",
"tarball-suffix":"-${{ inputs.tag }}",
"registry":"ghcr.io",
"repo":"${{ github.repository_owner }}/kata-deploy-ci",
"tag":"${{ inputs.tag }}-amd64",
"commit-hash":"${{ inputs.commit-hash }}",
"pr-number":"${{ inputs.pr-number }}",
"target-branch":"${{ inputs.target-branch }}"
}'
run-k8s-tests-on-zvsi: # run-k8s-tests-on-zvsi:
if: ${{ inputs.skip-test != 'yes' }} # if: ${{ inputs.skip-test != 'yes' }}
needs: [publish-kata-deploy-payload-s390x, build-and-publish-tee-confidential-unencrypted-image] # needs: [publish-kata-deploy-payload-s390x, build-and-publish-tee-confidential-unencrypted-image]
uses: ./.github/workflows/run-k8s-tests-on-zvsi.yaml # uses: ./.github/workflows/run-k8s-tests-on-zvsi.yaml
with: # with:
registry: ghcr.io # registry: ghcr.io
repo: ${{ github.repository_owner }}/kata-deploy-ci # repo: ${{ github.repository_owner }}/kata-deploy-ci
tag: ${{ inputs.tag }}-s390x # tag: ${{ inputs.tag }}-s390x
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
pr-number: ${{ inputs.pr-number }} # pr-number: ${{ inputs.pr-number }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
secrets: # secrets:
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} # AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
run-k8s-tests-on-ppc64le: # run-k8s-tests-on-ppc64le:
if: ${{ inputs.skip-test != 'yes' }} # if: ${{ inputs.skip-test != 'yes' }}
needs: publish-kata-deploy-payload-ppc64le # needs: publish-kata-deploy-payload-ppc64le
uses: ./.github/workflows/run-k8s-tests-on-ppc64le.yaml # uses: ./.github/workflows/run-k8s-tests-on-ppc64le.yaml
with: # with:
registry: ghcr.io # registry: ghcr.io
repo: ${{ github.repository_owner }}/kata-deploy-ci # repo: ${{ github.repository_owner }}/kata-deploy-ci
tag: ${{ inputs.tag }}-ppc64le # tag: ${{ inputs.tag }}-ppc64le
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
pr-number: ${{ inputs.pr-number }} # pr-number: ${{ inputs.pr-number }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
run-kata-deploy-tests: # run-kata-deploy-tests:
if: ${{ inputs.skip-test != 'yes' }} # if: ${{ inputs.skip-test != 'yes' }}
needs: [publish-kata-deploy-payload-amd64] # needs: [publish-kata-deploy-payload-amd64]
uses: ./.github/workflows/run-kata-deploy-tests.yaml # uses: ./.github/workflows/run-kata-deploy-tests.yaml
with: # with:
registry: ghcr.io # registry: ghcr.io
repo: ${{ github.repository_owner }}/kata-deploy-ci # repo: ${{ github.repository_owner }}/kata-deploy-ci
tag: ${{ inputs.tag }}-amd64 # tag: ${{ inputs.tag }}-amd64
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
pr-number: ${{ inputs.pr-number }} # pr-number: ${{ inputs.pr-number }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
run-metrics-tests: # run-metrics-tests:
# Skip metrics tests whilst runner is broken # # Skip metrics tests whilst runner is broken
if: false # if: false
# if: ${{ inputs.skip-test != 'yes' }} # # if: ${{ inputs.skip-test != 'yes' }}
needs: build-kata-static-tarball-amd64 # needs: build-kata-static-tarball-amd64
uses: ./.github/workflows/run-metrics.yaml # uses: ./.github/workflows/run-metrics.yaml
with: # with:
registry: ghcr.io # registry: ghcr.io
repo: ${{ github.repository_owner }}/kata-deploy-ci # repo: ${{ github.repository_owner }}/kata-deploy-ci
tag: ${{ inputs.tag }}-amd64 # tag: ${{ inputs.tag }}-amd64
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
pr-number: ${{ inputs.pr-number }} # pr-number: ${{ inputs.pr-number }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
run-basic-amd64-tests: # run-basic-amd64-tests:
if: ${{ inputs.skip-test != 'yes' }} # if: ${{ inputs.skip-test != 'yes' }}
needs: build-kata-static-tarball-amd64 # needs: build-kata-static-tarball-amd64
uses: ./.github/workflows/basic-ci-amd64.yaml # uses: ./.github/workflows/basic-ci-amd64.yaml
with: # with:
tarball-suffix: -${{ inputs.tag }} # tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
run-basic-s390x-tests: # run-basic-s390x-tests:
if: ${{ inputs.skip-test != 'yes' }} # if: ${{ inputs.skip-test != 'yes' }}
needs: build-kata-static-tarball-s390x # needs: build-kata-static-tarball-s390x
uses: ./.github/workflows/basic-ci-s390x.yaml # uses: ./.github/workflows/basic-ci-s390x.yaml
with: # with:
tarball-suffix: -${{ inputs.tag }} # tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
run-cri-containerd-amd64: # run-cri-containerd-amd64:
if: ${{ inputs.skip-test != 'yes' }} # if: ${{ inputs.skip-test != 'yes' }}
needs: build-kata-static-tarball-amd64 # needs: build-kata-static-tarball-amd64
strategy: # strategy:
fail-fast: false # fail-fast: false
matrix: # matrix:
params: [ # params: [
{ containerd_version: lts, vmm: clh }, # { containerd_version: lts, vmm: clh },
{ containerd_version: lts, vmm: dragonball }, # { containerd_version: lts, vmm: dragonball },
{ containerd_version: lts, vmm: qemu }, # { containerd_version: lts, vmm: qemu },
{ containerd_version: lts, vmm: stratovirt }, # { containerd_version: lts, vmm: stratovirt },
{ containerd_version: lts, vmm: cloud-hypervisor }, # { containerd_version: lts, vmm: cloud-hypervisor },
{ containerd_version: lts, vmm: qemu-runtime-rs }, # { containerd_version: lts, vmm: qemu-runtime-rs },
{ containerd_version: active, vmm: clh }, # { containerd_version: active, vmm: clh },
{ containerd_version: active, vmm: dragonball }, # { containerd_version: active, vmm: dragonball },
{ containerd_version: active, vmm: qemu }, # { containerd_version: active, vmm: qemu },
{ containerd_version: active, vmm: stratovirt }, # { containerd_version: active, vmm: stratovirt },
{ containerd_version: active, vmm: cloud-hypervisor }, # { containerd_version: active, vmm: cloud-hypervisor },
{ containerd_version: active, vmm: qemu-runtime-rs }, # { containerd_version: active, vmm: qemu-runtime-rs },
] # ]
uses: ./.github/workflows/run-cri-containerd-tests.yaml # uses: ./.github/workflows/run-cri-containerd-tests.yaml
with: # with:
tarball-suffix: -${{ inputs.tag }} # tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
runner: ubuntu-22.04 # runner: ubuntu-22.04
arch: amd64 # arch: amd64
containerd_version: ${{ matrix.params.containerd_version }} # containerd_version: ${{ matrix.params.containerd_version }}
vmm: ${{ matrix.params.vmm }} # vmm: ${{ matrix.params.vmm }}
run-cri-containerd-s390x: # run-cri-containerd-s390x:
if: ${{ inputs.skip-test != 'yes' }} # if: ${{ inputs.skip-test != 'yes' }}
needs: build-kata-static-tarball-s390x # needs: build-kata-static-tarball-s390x
strategy: # strategy:
fail-fast: false # fail-fast: false
matrix: # matrix:
params: [ # params: [
{ containerd_version: active, vmm: qemu }, # { containerd_version: active, vmm: qemu },
{ containerd_version: active, vmm: qemu-runtime-rs }, # { containerd_version: active, vmm: qemu-runtime-rs },
] # ]
uses: ./.github/workflows/run-cri-containerd-tests.yaml # uses: ./.github/workflows/run-cri-containerd-tests.yaml
with: # with:
tarball-suffix: -${{ inputs.tag }} # tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
runner: s390x-large # runner: s390x-large
arch: s390x # arch: s390x
containerd_version: ${{ matrix.params.containerd_version }} # containerd_version: ${{ matrix.params.containerd_version }}
vmm: ${{ matrix.params.vmm }} # vmm: ${{ matrix.params.vmm }}
run-cri-containerd-tests-ppc64le: # run-cri-containerd-tests-ppc64le:
if: ${{ inputs.skip-test != 'yes' }} # if: ${{ inputs.skip-test != 'yes' }}
needs: build-kata-static-tarball-ppc64le # needs: build-kata-static-tarball-ppc64le
strategy: # strategy:
fail-fast: false # fail-fast: false
matrix: # matrix:
params: [ # params: [
{ containerd_version: active, vmm: qemu }, # { containerd_version: active, vmm: qemu },
] # ]
uses: ./.github/workflows/run-cri-containerd-tests.yaml # uses: ./.github/workflows/run-cri-containerd-tests.yaml
with: # with:
tarball-suffix: -${{ inputs.tag }} # tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
runner: ppc64le # runner: ppc64le
arch: ppc64le # arch: ppc64le
containerd_version: ${{ matrix.params.containerd_version }} # containerd_version: ${{ matrix.params.containerd_version }}
vmm: ${{ matrix.params.vmm }} # vmm: ${{ matrix.params.vmm }}
run-cri-containerd-tests-arm64: # run-cri-containerd-tests-arm64:
if: ${{ inputs.skip-test != 'yes' }} # if: ${{ inputs.skip-test != 'yes' }}
needs: build-kata-static-tarball-arm64 # needs: build-kata-static-tarball-arm64
strategy: # strategy:
fail-fast: false # fail-fast: false
matrix: # matrix:
params: [ # params: [
{ containerd_version: active, vmm: qemu }, # { containerd_version: active, vmm: qemu },
] # ]
uses: ./.github/workflows/run-cri-containerd-tests.yaml # uses: ./.github/workflows/run-cri-containerd-tests.yaml
with: # with:
tarball-suffix: -${{ inputs.tag }} # tarball-suffix: -${{ inputs.tag }}
commit-hash: ${{ inputs.commit-hash }} # commit-hash: ${{ inputs.commit-hash }}
target-branch: ${{ inputs.target-branch }} # target-branch: ${{ inputs.target-branch }}
runner: arm64-non-k8s # runner: arm64-non-k8s
arch: arm64 # arch: arm64
containerd_version: ${{ matrix.params.containerd_version }} # containerd_version: ${{ matrix.params.containerd_version }}
vmm: ${{ matrix.params.vmm }} # vmm: ${{ matrix.params.vmm }}

43
.github/workflows/run-k8s-tests-on-aks.yaml vendored
View File

@@ -2,6 +2,11 @@ name: CI | Run kubernetes tests on AKS
on: on:
workflow_call: workflow_call:
inputs: inputs:
artifact-run-id:
description: "The run id where the artifact was uploaded"
required: false
type: string
default: ${{ github.run_id }}
tarball-suffix: tarball-suffix:
required: false required: false
type: string type: string
@@ -32,6 +37,41 @@ on:
required: true required: true
AZ_SUBSCRIPTION_ID: AZ_SUBSCRIPTION_ID:
required: true required: true
workflow_dispatch:
inputs:
artifact-run-id:
description: "The workflow run id where the artifact was uploaded"
required: true
type: string
tarball-suffix:
description: "The suffix of the kata tarball to use"
required: false
type: string
registry:
description: "The oci container registry to install kata-deploy from"
required: true
type: string
repo:
description: "The oci container repository/image to install kata-deploy from"
required: true
type: string
tag:
description: "The oci container image tag to install kata-deploy using"
required: true
type: string
pr-number:
description: "Identifier used to distinguish between PRs/dev/nightly tests"
required: true
type: string
commit-hash:
description: "The code to checkout for testing"
required: false
type: string
target-branch:
description: "The target branch to rebase on and ensure the tests are up-to-date"
required: false
type: string
default: ""
permissions: permissions:
@@ -101,6 +141,9 @@ jobs:
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with: with:
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
run-id: ${{ inputs.artifact-run-id }}
github-token: ${{ github.token }}
repository: ${{ github.repository}}
path: kata-artifacts path: kata-artifacts
- name: Install kata - name: Install kata

331
.github/workflows/run-kata-coco-tests.yaml vendored
View File

@@ -2,6 +2,11 @@ name: CI | Run kata coco tests
on: on:
workflow_call: workflow_call:
inputs: inputs:
artifact-run-id:
description: "The run id where the artifact was uploaded"
required: false
type: string
default: ${{ github.run_id }}
tarball-suffix: tarball-suffix:
required: false required: false
type: string type: string
@@ -35,181 +40,216 @@ on:
required: true required: true
ITA_KEY: ITA_KEY:
required: true required: true
workflow_dispatch:
inputs:
artifact-run-id:
description: "The workflow run id where the artifact was uploaded"
required: true
type: string
tarball-suffix:
description: "The suffix of the kata tarball to use"
required: false
type: string
registry:
description: "The oci container registry to install kata-deploy from"
required: true
type: string
repo:
description: "The oci container repository/image to install kata-deploy from"
required: true
type: string
tag:
description: "The oci container image tag to install kata-deploy using"
required: true
type: string
pr-number:
description: "Identifier used to distinguish between PRs/dev/nightly tests"
required: true
type: string
commit-hash:
description: "The code to checkout for testing"
required: false
type: string
target-branch:
description: "The target branch to rebase on and ensure the tests are up-to-date"
required: false
type: string
default: ""
permissions: permissions:
contents: read contents: read
id-token: write id-token: write
jobs: jobs:
run-k8s-tests-on-tdx: # run-k8s-tests-on-tdx:
strategy: # strategy:
fail-fast: false # fail-fast: false
matrix: # matrix:
vmm: # vmm:
- qemu-tdx # - qemu-tdx
snapshotter: # snapshotter:
- nydus # - nydus
pull-type: # pull-type:
- guest-pull # - guest-pull
runs-on: tdx # runs-on: tdx
env: # env:
DOCKER_REGISTRY: ${{ inputs.registry }} # DOCKER_REGISTRY: ${{ inputs.registry }}
DOCKER_REPO: ${{ inputs.repo }} # DOCKER_REPO: ${{ inputs.repo }}
DOCKER_TAG: ${{ inputs.tag }} # DOCKER_TAG: ${{ inputs.tag }}
GH_PR_NUMBER: ${{ inputs.pr-number }} # GH_PR_NUMBER: ${{ inputs.pr-number }}
KATA_HYPERVISOR: ${{ matrix.vmm }} # KATA_HYPERVISOR: ${{ matrix.vmm }}
KUBERNETES: "vanilla" # KUBERNETES: "vanilla"
USING_NFD: "true" # USING_NFD: "true"
KBS: "true" # KBS: "true"
K8S_TEST_HOST_TYPE: "baremetal" # K8S_TEST_HOST_TYPE: "baremetal"
KBS_INGRESS: "nodeport" # KBS_INGRESS: "nodeport"
SNAPSHOTTER: ${{ matrix.snapshotter }} # SNAPSHOTTER: ${{ matrix.snapshotter }}
PULL_TYPE: ${{ matrix.pull-type }} # PULL_TYPE: ${{ matrix.pull-type }}
AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }} # AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} # AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
ITA_KEY: ${{ secrets.ITA_KEY }} # ITA_KEY: ${{ secrets.ITA_KEY }}
AUTO_GENERATE_POLICY: "yes" # AUTO_GENERATE_POLICY: "yes"
steps: # steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: # with:
ref: ${{ inputs.commit-hash }} # ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # fetch-depth: 0
persist-credentials: false # persist-credentials: false
- name: Rebase atop of the latest target branch # - name: Rebase atop of the latest target branch
run: | # run: |
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" # ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
env: # env:
TARGET_BRANCH: ${{ inputs.target-branch }} # TARGET_BRANCH: ${{ inputs.target-branch }}
- name: Deploy Snapshotter # - name: Deploy Snapshotter
timeout-minutes: 5 # timeout-minutes: 5
run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter # run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter
- name: Deploy Kata # - name: Deploy Kata
timeout-minutes: 10 # timeout-minutes: 10
run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-tdx # run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-tdx
- name: Uninstall previous `kbs-client` # - name: Uninstall previous `kbs-client`
timeout-minutes: 10 # timeout-minutes: 10
run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client # run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client
- name: Deploy CoCo KBS # - name: Deploy CoCo KBS
timeout-minutes: 10 # timeout-minutes: 10
run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs # run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs
- name: Install `kbs-client` # - name: Install `kbs-client`
timeout-minutes: 10 # timeout-minutes: 10
run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client # run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
- name: Deploy CSI driver # - name: Deploy CSI driver
timeout-minutes: 5 # timeout-minutes: 5
run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver # run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver
- name: Run tests # - name: Run tests
timeout-minutes: 100 # timeout-minutes: 100
run: bash tests/integration/kubernetes/gha-run.sh run-tests # run: bash tests/integration/kubernetes/gha-run.sh run-tests
- name: Delete kata-deploy # - name: Delete kata-deploy
if: always() # if: always()
run: bash tests/integration/kubernetes/gha-run.sh cleanup-tdx # run: bash tests/integration/kubernetes/gha-run.sh cleanup-tdx
- name: Delete Snapshotter # - name: Delete Snapshotter
if: always() # if: always()
run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter # run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter
- name: Delete CoCo KBS # - name: Delete CoCo KBS
if: always() # if: always()
run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs # run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs
- name: Delete CSI driver # - name: Delete CSI driver
timeout-minutes: 5 # timeout-minutes: 5
run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver # run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver
run-k8s-tests-sev-snp: # run-k8s-tests-sev-snp:
strategy: # strategy:
fail-fast: false # fail-fast: false
matrix: # matrix:
vmm: # vmm:
- qemu-snp # - qemu-snp
snapshotter: # snapshotter:
- nydus # - nydus
pull-type: # pull-type:
- guest-pull # - guest-pull
runs-on: sev-snp # runs-on: sev-snp
env: # env:
DOCKER_REGISTRY: ${{ inputs.registry }} # DOCKER_REGISTRY: ${{ inputs.registry }}
DOCKER_REPO: ${{ inputs.repo }} # DOCKER_REPO: ${{ inputs.repo }}
DOCKER_TAG: ${{ inputs.tag }} # DOCKER_TAG: ${{ inputs.tag }}
GH_PR_NUMBER: ${{ inputs.pr-number }} # GH_PR_NUMBER: ${{ inputs.pr-number }}
KATA_HYPERVISOR: ${{ matrix.vmm }} # KATA_HYPERVISOR: ${{ matrix.vmm }}
KUBECONFIG: /home/kata/.kube/config # KUBECONFIG: /home/kata/.kube/config
KUBERNETES: "vanilla" # KUBERNETES: "vanilla"
USING_NFD: "false" # USING_NFD: "false"
KBS: "true" # KBS: "true"
KBS_INGRESS: "nodeport" # KBS_INGRESS: "nodeport"
K8S_TEST_HOST_TYPE: "baremetal" # K8S_TEST_HOST_TYPE: "baremetal"
SNAPSHOTTER: ${{ matrix.snapshotter }} # SNAPSHOTTER: ${{ matrix.snapshotter }}
PULL_TYPE: ${{ matrix.pull-type }} # PULL_TYPE: ${{ matrix.pull-type }}
AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }} # AUTHENTICATED_IMAGE_USER: ${{ vars.AUTHENTICATED_IMAGE_USER }}
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} # AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
AUTO_GENERATE_POLICY: "yes" # AUTO_GENERATE_POLICY: "yes"
steps: # steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: # with:
ref: ${{ inputs.commit-hash }} # ref: ${{ inputs.commit-hash }}
fetch-depth: 0 # fetch-depth: 0
persist-credentials: false # persist-credentials: false
- name: Rebase atop of the latest target branch # - name: Rebase atop of the latest target branch
run: | # run: |
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" # ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
env: # env:
TARGET_BRANCH: ${{ inputs.target-branch }} # TARGET_BRANCH: ${{ inputs.target-branch }}
- name: Deploy Snapshotter # - name: Deploy Snapshotter
timeout-minutes: 5 # timeout-minutes: 5
run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter # run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter
- name: Deploy Kata # - name: Deploy Kata
timeout-minutes: 10 # timeout-minutes: 10
run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-snp # run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-snp
- name: Uninstall previous `kbs-client` # - name: Uninstall previous `kbs-client`
timeout-minutes: 10 # timeout-minutes: 10
run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client # run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client
- name: Deploy CoCo KBS # - name: Deploy CoCo KBS
timeout-minutes: 10 # timeout-minutes: 10
run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs # run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs
- name: Install `kbs-client` # - name: Install `kbs-client`
timeout-minutes: 10 # timeout-minutes: 10
run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client # run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
- name: Deploy CSI driver # - name: Deploy CSI driver
timeout-minutes: 5 # timeout-minutes: 5
run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver # run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver
- name: Run tests # - name: Run tests
timeout-minutes: 50 # timeout-minutes: 50
run: bash tests/integration/kubernetes/gha-run.sh run-tests # run: bash tests/integration/kubernetes/gha-run.sh run-tests
- name: Delete kata-deploy # - name: Delete kata-deploy
if: always() # if: always()
run: bash tests/integration/kubernetes/gha-run.sh cleanup-snp # run: bash tests/integration/kubernetes/gha-run.sh cleanup-snp
- name: Delete Snapshotter # - name: Delete Snapshotter
if: always() # if: always()
run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter # run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter
- name: Delete CoCo KBS # - name: Delete CoCo KBS
if: always() # if: always()
run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs # run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs
- name: Delete CSI driver # - name: Delete CSI driver
timeout-minutes: 5 # timeout-minutes: 5
run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver # run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver
# Generate jobs for testing CoCo on non-TEE environments # Generate jobs for testing CoCo on non-TEE environments
run-k8s-tests-coco-nontee: run-k8s-tests-coco-nontee:
@@ -263,6 +303,9 @@ jobs:
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with: with:
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
run-id: ${{ inputs.artifact-run-id }}
github-token: ${{ github.token }}
repository: ${{ github.repository}}
path: kata-artifacts path: kata-artifacts
- name: Install kata - name: Install kata

27
.github/workflows/run-kata-monitor-tests.yaml vendored
View File

@@ -2,6 +2,11 @@ name: CI | Run kata-monitor tests
on: on:
workflow_call: workflow_call:
inputs: inputs:
artifact-run-id:
description: "The run id where the artifact was uploaded"
required: false
type: string
default: ${{ github.run_id }}
tarball-suffix: tarball-suffix:
required: false required: false
type: string type: string
@@ -12,6 +17,25 @@ on:
required: false required: false
type: string type: string
default: "" default: ""
workflow_dispatch:
inputs:
artifact-run-id:
description: "The workflow run id where the artifact was uploaded"
required: true
type: string
tarball-suffix:
description: "Identifier used to distinguish between PRs/dev/nightly tests"
required: false
type: string
commit-hash:
description: "The code to checkout for testing"
required: false
type: string
target-branch:
description: "The target branch to rebase on and ensure the tests are up-to-date"
required: false
type: string
default: ""
permissions: permissions:
contents: read contents: read
@@ -59,6 +83,9 @@ jobs:
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with: with:
name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
run-id: ${{ inputs.artifact-run-id }}
github-token: ${{ github.token }}
repository: ${{ github.repository}}
path: kata-artifacts path: kata-artifacts
- name: Install kata - name: Install kata

85
tests/gha-helper.sh Executable file
View File

@@ -0,0 +1,85 @@
#!/usr/bin/env bash
#
# Copyright (c) 2025 IBM Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
set -o errexit
set -o nounset
set -o pipefail
[[ -n "${DEBUG:-}" ]] && set -o xtrace
function trigger_and_check_workflow() {
workflow=$1
ref=$2
sha=$3
input_json=$4
trigger_workflow "${workflow}" "${ref}" "${sha}" "${input_json}"
wait_for_workflow_result "${workflow}" "${sha}"
}
function trigger_workflow() {
workflow=$1
ref=$2
sha=$3
input_json=$4
echo "${input_json}" | gh workflow run "${workflow}" --ref "${ref}" --json
local max_tries=5
local interval=15
local i=0
echo "::group::waiting"
while true; do
url=$(gh run list --workflow="${workflow}" --json headSha,url \
--jq '.[] | select(.headSha == "'"${sha}"'") | .url')
[[ -n "${url}" ]] && break
i=$((i + 1))
[ ${i} -lt ${max_tries} ] && echo "url of workflow not found, retrying in ${interval} seconds" 1>&2 || break
sleep "${interval}"
done
echo "::endgroup::"
echo "Triggered workflow: ${url}"
}
function wait_for_workflow_result() {
workflow=$1
sha=$2
local max_tries=60
local interval=120
local i=0
echo "::group::waiting"
while true; do
conclusion=$(gh run list --workflow="${workflow}" --json headSha,conclusion \
--jq '.[] | select(.headSha == "'"${sha}"'") | .conclusion')
case "${conclusion}" in
"success") echo "::endgroup::\nJob finished successfully" && exit 0;;
"cancelled") echo "::endgroup::\nJJob cancelled" && exit 4;;
"failure") echo "::endgroup::\nJJob failed" && exit 8;;
*) ;;
esac
i=$((i + 1))
[ ${i} -lt ${max_tries} ] && echo "conclusion of workflow is ${conclusion}, retrying in ${interval} seconds" 1>&2 || break
sleep "${interval}"
done
echo "Waiting for the workflow to succeed timed out"
exit 16
}
function main() {
action="${1:-}"
case "${action}" in
trigger-workflow) trigger_workflow "${@:2}";;
trigger-and-check-workflow) trigger_and_check_workflow "${@:2}";;
wait-for-workflow-result) wait_for_workflow_result "${@:2}";;
*) >&2 echo "Invalid argument"; exit 2 ;;
esac
}
main "$@"