mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-10-21 11:58:41 +00:00
de98e467b4
22.04 is the default today:
23da668261/README.md
Being more specific will avoid unexpected errors when Github updates the
default.
Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
320 lines
9.8 KiB
YAML
320 lines
9.8 KiB
YAML
name: CI | Run kata coco tests
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
registry:
|
|
required: true
|
|
type: string
|
|
repo:
|
|
required: true
|
|
type: string
|
|
tag:
|
|
required: true
|
|
type: string
|
|
pr-number:
|
|
required: true
|
|
type: string
|
|
commit-hash:
|
|
required: false
|
|
type: string
|
|
target-branch:
|
|
required: false
|
|
type: string
|
|
default: ""
|
|
|
|
jobs:
|
|
run-k8s-tests-on-tdx:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
vmm:
|
|
- qemu-tdx
|
|
snapshotter:
|
|
- nydus
|
|
pull-type:
|
|
- guest-pull
|
|
runs-on: tdx
|
|
env:
|
|
DOCKER_REGISTRY: ${{ inputs.registry }}
|
|
DOCKER_REPO: ${{ inputs.repo }}
|
|
DOCKER_TAG: ${{ inputs.tag }}
|
|
PR_NUMBER: ${{ inputs.pr-number }}
|
|
KATA_HYPERVISOR: ${{ matrix.vmm }}
|
|
KUBERNETES: "vanilla"
|
|
USING_NFD: "true"
|
|
KBS: "true"
|
|
K8S_TEST_HOST_TYPE: "baremetal"
|
|
KBS_INGRESS: "nodeport"
|
|
SNAPSHOTTER: ${{ matrix.snapshotter }}
|
|
PULL_TYPE: ${{ matrix.pull-type }}
|
|
AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }}
|
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Deploy Snapshotter
|
|
timeout-minutes: 5
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter
|
|
|
|
- name: Deploy Kata
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-tdx
|
|
|
|
- name: Uninstall previous `kbs-client`
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client
|
|
|
|
- name: Deploy CoCo KBS
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs
|
|
|
|
- name: Install `kbs-client`
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
|
|
|
|
- name: Run tests
|
|
timeout-minutes: 50
|
|
run: bash tests/integration/kubernetes/gha-run.sh run-tests
|
|
|
|
- name: Delete kata-deploy
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh cleanup-tdx
|
|
|
|
- name: Delete Snapshotter
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter
|
|
|
|
- name: Delete CoCo KBS
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs
|
|
|
|
run-k8s-tests-on-sev:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
vmm:
|
|
- qemu-sev
|
|
snapshotter:
|
|
- nydus
|
|
pull-type:
|
|
- guest-pull
|
|
runs-on: sev
|
|
env:
|
|
DOCKER_REGISTRY: ${{ inputs.registry }}
|
|
DOCKER_REPO: ${{ inputs.repo }}
|
|
DOCKER_TAG: ${{ inputs.tag }}
|
|
PR_NUMBER: ${{ inputs.pr-number }}
|
|
KATA_HYPERVISOR: ${{ matrix.vmm }}
|
|
KUBECONFIG: /home/kata/.kube/config
|
|
KUBERNETES: "vanilla"
|
|
USING_NFD: "false"
|
|
K8S_TEST_HOST_TYPE: "baremetal"
|
|
SNAPSHOTTER: ${{ matrix.snapshotter }}
|
|
PULL_TYPE: ${{ matrix.pull-type }}
|
|
AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }}
|
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Deploy Snapshotter
|
|
timeout-minutes: 5
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter
|
|
|
|
- name: Deploy Kata
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-sev
|
|
|
|
- name: Run tests
|
|
timeout-minutes: 50
|
|
run: bash tests/integration/kubernetes/gha-run.sh run-tests
|
|
|
|
- name: Delete kata-deploy
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh cleanup-sev
|
|
|
|
- name: Delete Snapshotter
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter
|
|
|
|
run-k8s-tests-sev-snp:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
vmm:
|
|
- qemu-snp
|
|
snapshotter:
|
|
- nydus
|
|
pull-type:
|
|
- guest-pull
|
|
runs-on: sev-snp
|
|
env:
|
|
DOCKER_REGISTRY: ${{ inputs.registry }}
|
|
DOCKER_REPO: ${{ inputs.repo }}
|
|
DOCKER_TAG: ${{ inputs.tag }}
|
|
PR_NUMBER: ${{ inputs.pr-number }}
|
|
KATA_HYPERVISOR: ${{ matrix.vmm }}
|
|
KUBECONFIG: /home/kata/.kube/config
|
|
KUBERNETES: "vanilla"
|
|
USING_NFD: "false"
|
|
KBS: "true"
|
|
KBS_INGRESS: "nodeport"
|
|
K8S_TEST_HOST_TYPE: "baremetal"
|
|
SNAPSHOTTER: ${{ matrix.snapshotter }}
|
|
PULL_TYPE: ${{ matrix.pull-type }}
|
|
AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }}
|
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Deploy Snapshotter
|
|
timeout-minutes: 5
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter
|
|
|
|
- name: Deploy Kata
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-snp
|
|
|
|
- name: Uninstall previous `kbs-client`
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client
|
|
|
|
- name: Deploy CoCo KBS
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs
|
|
|
|
- name: Install `kbs-client`
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
|
|
|
|
- name: Run tests
|
|
timeout-minutes: 50
|
|
run: bash tests/integration/kubernetes/gha-run.sh run-tests
|
|
|
|
- name: Delete kata-deploy
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh cleanup-snp
|
|
|
|
- name: Delete Snapshotter
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter
|
|
|
|
- name: Delete CoCo KBS
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs
|
|
|
|
# Generate jobs for testing CoCo on non-TEE environments
|
|
run-k8s-tests-coco-nontee:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
vmm:
|
|
- qemu-coco-dev
|
|
snapshotter:
|
|
- nydus
|
|
pull-type:
|
|
- guest-pull
|
|
runs-on: ubuntu-22.04
|
|
env:
|
|
DOCKER_REGISTRY: ${{ inputs.registry }}
|
|
DOCKER_REPO: ${{ inputs.repo }}
|
|
DOCKER_TAG: ${{ inputs.tag }}
|
|
GH_PR_NUMBER: ${{ inputs.pr-number }}
|
|
KATA_HOST_OS: ${{ matrix.host_os }}
|
|
KATA_HYPERVISOR: ${{ matrix.vmm }}
|
|
# Some tests rely on that variable to run (or not)
|
|
KBS: "true"
|
|
# Set the KBS ingress handler (empty string disables handling)
|
|
KBS_INGRESS: "aks"
|
|
KUBERNETES: "vanilla"
|
|
PULL_TYPE: ${{ matrix.pull-type }}
|
|
AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }}
|
|
AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
|
|
SNAPSHOTTER: ${{ matrix.snapshotter }}
|
|
USING_NFD: "false"
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ inputs.commit-hash }}
|
|
fetch-depth: 0
|
|
|
|
- name: Rebase atop of the latest target branch
|
|
run: |
|
|
./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
|
|
env:
|
|
TARGET_BRANCH: ${{ inputs.target-branch }}
|
|
|
|
- name: Download Azure CLI
|
|
run: bash tests/integration/kubernetes/gha-run.sh install-azure-cli
|
|
|
|
- name: Log into the Azure account
|
|
run: bash tests/integration/kubernetes/gha-run.sh login-azure
|
|
env:
|
|
AZ_APPID: ${{ secrets.AZ_APPID }}
|
|
AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
|
|
AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
|
|
AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
|
|
|
|
- name: Create AKS cluster
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh create-cluster
|
|
|
|
- name: Install `bats`
|
|
run: bash tests/integration/kubernetes/gha-run.sh install-bats
|
|
|
|
- name: Install `kubectl`
|
|
run: bash tests/integration/kubernetes/gha-run.sh install-kubectl
|
|
|
|
- name: Download credentials for the Kubernetes CLI to use them
|
|
run: bash tests/integration/kubernetes/gha-run.sh get-cluster-credentials
|
|
|
|
- name: Deploy Snapshotter
|
|
timeout-minutes: 5
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter
|
|
|
|
- name: Deploy Kata
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-aks
|
|
|
|
- name: Deploy CoCo KBS
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs
|
|
|
|
- name: Install `kbs-client`
|
|
timeout-minutes: 10
|
|
run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
|
|
|
|
- name: Run tests
|
|
timeout-minutes: 60
|
|
run: bash tests/integration/kubernetes/gha-run.sh run-tests
|
|
|
|
- name: Delete AKS cluster
|
|
if: always()
|
|
run: bash tests/integration/kubernetes/gha-run.sh delete-cluster
|