-
Notifications
You must be signed in to change notification settings - Fork 20
472 lines (413 loc) · 18.7 KB
/
scheduled_e2e_test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
name: Scheduled End-to-End Test
# Development shifts toward OpenStack support.
# These test is for local LXD and is ran weekly.
on:
schedule:
- cron: "15 4 * * 2"
workflow_dispatch:
jobs:
build-charm:
name: Build Charm
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Remove Unnecessary Components
run: |
rm -rf .git
rm -rf .github
- name: Write lxd-profile.yaml
run: |
cat << EOF > ./lxd-profile.yaml
config:
security.nesting: true
security.privileged: true
raw.lxc: |
lxc.apparmor.profile=unconfined
lxc.mount.auto=proc:rw sys:rw cgroup:rw
lxc.cgroup.devices.allow=a
lxc.cap.drop=
devices:
kmsg:
path: /dev/kmsg
source: /dev/kmsg
type: unix-char
EOF
- name: Cache github-runner Charm
uses: actions/cache@v4
id: cache-charm
with:
path: github-runner_ubuntu-22.04-amd64.charm
key: github-runner-charm-${{ hashFiles('**/*') }}
- name: Setup LXD
if: steps.cache-charm.outputs.cache-hit != 'true'
uses: canonical/setup-lxd@main
- name: Install charmcraft
if: steps.cache-charm.outputs.cache-hit != 'true'
run: sudo snap install charmcraft --classic
- name: Pack github-runner Charm
if: steps.cache-charm.outputs.cache-hit != 'true'
run: charmcraft pack || ( cat ~/.local/state/charmcraft/log/* && exit 1 )
- name: Upload github-runner Charm
uses: actions/upload-artifact@v4
with:
name: dangerous-test-only-github-runner_ubuntu-22.04-amd64.charm
path: github-runner_ubuntu-22.04-amd64.charm
run-id:
name: Generate Run ID
runs-on: ubuntu-latest
outputs:
run-id: ${{ steps.run-id.outputs.run-id }}
steps:
- name: Generate Run ID
id: run-id
run: |
echo "run-id=e2e-$(LC_ALL=C tr -dc 'a-z' < /dev/urandom | head -c4)" >> $GITHUB_OUTPUT
deploy-e2e-test-runner:
name: Deploy End-to-End Test Runner (${{ matrix.event.name }})
runs-on: ubuntu-latest
needs: [build-charm, run-id]
strategy:
matrix:
event:
- name: pull_request
abbreviation: pr
- name: workflow_dispatch
abbreviation: wd
- name: push
abbreviation: push
- name: schedule
abbreviation: sd
- name: issues
abbreviation: is
steps:
- name: Setup Lxd Juju Controller
uses: charmed-kubernetes/actions-operator@main
with:
juju-channel: 3.1/stable
provider: lxd
- name: Install GitHub Cli
run: which gh || sudo apt install gh -y
- name: Check rate limit
env:
GH_TOKEN: ${{ (matrix.event.name == 'issues' || matrix.event.name == 'schedule') && secrets.E2E_TESTING_TOKEN || secrets.GITHUB_TOKEN }}
run: |
# Check rate limit, this check does not count against the primary rate limit:
# https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28#checking-the-status-of-your-rate-limit
gh api \
--method GET \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" --jq ".resources.core" \
/rate_limit
- name: Create Testing Juju Model
run: juju add-model testing
- name: Set Testing Model Proxy Configuration
run: |
juju model-config juju-http-proxy=$http_proxy
juju model-config juju-https-proxy=$https_proxy
juju model-config juju-no-proxy=$no_proxy
- name: Change Testing Model Logging Level
run: juju model-config logging-config="<root>=INFO;unit=DEBUG"
- name: Download github-runner Charm
uses: actions/download-artifact@v4
with:
name: dangerous-test-only-github-runner_ubuntu-22.04-amd64.charm
- name: Enable br_netfilter
run: sudo modprobe br_netfilter
- name: Generate Runner Name
id: runner-name
run: echo name=${{ matrix.event.abbreviation }}-${{ needs.run-id.outputs.run-id }}${{ github.run_attempt }} >> $GITHUB_OUTPUT
- name: Copy github-runner Charm
run: |
cp github-runner_ubuntu-22.04-amd64.charm /home/$USER/github-runner_ubuntu-22.04-amd64.charm
- name: Deploy github-runner Charm (Pull Request, Workflow Dispatch and Push)
if: matrix.event.name == 'workflow_dispatch' || matrix.event.name == 'push' || matrix.event.name == 'pull_request'
run: |
juju deploy /home/$USER/github-runner_ubuntu-22.04-amd64.charm \
${{ steps.runner-name.outputs.name }} \
--base [email protected] \
--config path=${{ secrets.E2E_TESTING_REPO }} \
--config token=${{ secrets.E2E_TESTING_TOKEN }} \
--config virtual-machines=1 \
--config denylist=10.0.0.0/8 \
--config test-mode=insecure
- name: Checkout branch (Issues, Schedule)
if: matrix.event.name == 'issues' || matrix.event.name == 'schedule'
uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
token: ${{ secrets.E2E_TESTING_TOKEN }}
- name: Create temporary orphan branch (Issues, Schedule)
if: matrix.event.name == 'issues' || matrix.event.name == 'schedule'
run: |
# We dont need all content for the test, so create an orphan branch.
git checkout --orphan ${{ steps.runner-name.outputs.name }}
git reset
WF_FILE=".github/workflows/schedule_issues_test.yaml"
# Replace workflow event in schedule_issues_test.yaml
if [[ ${{ matrix.event.name }} == 'schedule' ]]; then
sed -i "s/workflow_dispatch:/schedule:\n - cron: '*\/5 * * * *'/" $WF_FILE
else
sed -i "s/workflow_dispatch:/issues:\n types: [opened]/" $WF_FILE
fi
git add $WF_FILE
git config user.name github-actions
git config user.email [email protected]
git commit -m"Add ${{matrix.event.name}} workflow"
git push origin ${{ steps.runner-name.outputs.name }}
- name: Deploy github-runner Charm (Issues, Schedule)
if: matrix.event.name == 'issues' || matrix.event.name == 'schedule'
env:
GH_TOKEN: ${{ secrets.E2E_TESTING_TOKEN }}
run: |
# GitHub does not allow to create multiple forks of the same repo under the same user,
# so we need to create a new repository and push the branch to it.
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/user/repos \
-f name=${{ steps.runner-name.outputs.name }}
TESTING_REPO=${{ secrets.E2E_TESTING_TOKEN_ORG }}/${{ steps.runner-name.outputs.name }}
# Create registration token in order to allow listing of runner binaries
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
repos/${TESTING_REPO}/actions/runners/registration-token
# Push the orphan branch to the newly created repo.
git pull origin ${{ steps.runner-name.outputs.name }}
git remote add testing https://github.com/${TESTING_REPO}.git
git push testing ${{ steps.runner-name.outputs.name }}:main
juju deploy /home/$USER/github-runner_ubuntu-22.04-amd64.charm \
${{ steps.runner-name.outputs.name }} \
--base [email protected] \
--config path=$TESTING_REPO \
--config token=${{ secrets.E2E_TESTING_TOKEN }} \
--config virtual-machines=1 \
--config denylist=10.0.0.0/8 \
--config test-mode=insecure
- name: Watch github-runner (Pull Request)
if: matrix.event.name == 'pull_request'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
timeout-minutes: 30
run: |
juju debug-log --replay --tail &
while :; do
JOBS=$(gh api \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/${{ secrets.E2E_TESTING_REPO }}/actions/runs/$GITHUB_RUN_ID/attempts/$GITHUB_RUN_ATTEMPT/jobs)
CONCLUSION=$(echo $JOBS | jq -r '.jobs[] | select(.name == "End-to-End Test / End-to-End Test Run") | .conclusion')
STATUS=$(echo $JOBS | jq -r '.jobs[] | select(.name == "End-to-End Test / End-to-End Test Run") | .status')
if [[ $STATUS != "queued" && $STATUS != "in_progress" ]]; then
break
fi
sleep 10
done
if [[ $STATUS != "completed" || $CONCLUSION != "success" ]]; then
echo "test workflow failed with status: $STATUS, conclusion: $CONCLUSION"
kill $(jobs -p)
exit 1
fi
- name: Trigger workflow (Workflow Dispatch and Push)
if: matrix.event.name == 'workflow_dispatch' || matrix.event.name == 'push'
env:
# push requires E2E_TESTING_TOKEN, because if GITHUB_TOKEN is used, no workflow is triggered for a push:
# https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
GH_TOKEN: ${{ matrix.event.name == 'workflow_dispatch' && secrets.GITHUB_TOKEN || secrets.E2E_TESTING_TOKEN }}
run: |
# Base any future branches on the current branch.
REF_SHA=$(gh api \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/${{ secrets.E2E_TESTING_REPO }}/git/ref/heads/$GITHUB_REF_NAME \
--jq .object.sha) || (echo "Failed to get REF_SHA using $GITHUB_REF_NAME" && false)
# Create a temporary reference/branch
# For push, this should trigger the "Push Event Tests" workflow automatically
# because the test is run for branches matching the pattern "push-e2e-*"
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/${{ secrets.E2E_TESTING_REPO }}/git/refs \
-f ref='refs/heads/${{ steps.runner-name.outputs.name }}' \
-f sha=$REF_SHA
# For workflow_dispatch, we need to trigger the "Workflow Dispatch Tests" workflow manually
if ${{ matrix.event.name == 'workflow_dispatch' }}; then
gh workflow run workflow_dispatch_test.yaml \
-R ${{ secrets.E2E_TESTING_REPO }} \
--ref ${{ steps.runner-name.outputs.name }} \
-f runner=${{ steps.runner-name.outputs.name }}
fi
- name: Watch github-runner (Workflow Dispatch and Push)
if: matrix.event.name == 'workflow_dispatch' || matrix.event.name == 'push'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
juju debug-log --replay --tail &
get-workflow-status() {
# Search recent workflow runs for the one designated by the run-id ref
output=$(gh run list \
-R ${{ secrets.E2E_TESTING_REPO }} \
-L 100 \
--json headBranch,status \
--jq '[.[] | select(.headBranch=="${{ steps.runner-name.outputs.name }}")]')
# Workflows that have not started have no status
if [ $(echo "$output" | jq 'length') -eq 0 ]
then
echo "not_started"
else
# Parse output with jq to get the status field of the first object
status=$(echo "$output" | jq -r '.[0].status')
echo "$status"
fi
}
# Wait for the workflow to start while checking its status
for i in {1..360}
do
status=$(get-workflow-status)
echo "workflow status: $status"
if [[ $status != "not_started" && $status != "queued" && $status != "in_progress" ]]; then
break
fi
sleep 10
done
# Make sure the workflow was completed or else consider it failed
conclusion=$(gh run list \
-R ${{ secrets.E2E_TESTING_REPO }} \
-L 100 \
--json headBranch,conclusion \
--jq '.[] | select(.headBranch=="${{ steps.runner-name.outputs.name }}") | .conclusion')
if [[ $status != "completed" || $conclusion != "success" ]]; then
echo "test workflow failed with status: $status, conclusion: $conclusion"
kill $(jobs -p)
exit 1
else
echo "Workflow completed with status: $status, conclusion: $conclusion, run-id: ${{ steps.runner-name.outputs.name }}"
kill $(jobs -p)
fi
- name: Trigger workflow and watch github-runner (Issues, Schedule)
if: matrix.event.name == 'issues' || matrix.event.name == 'schedule'
env:
GH_TOKEN: ${{ secrets.E2E_TESTING_TOKEN }}
run: |
juju debug-log --replay --tail &
TESTING_REPO=${{ secrets.E2E_TESTING_TOKEN_ORG }}/${{ steps.runner-name.outputs.name }}
# For issues, we need to trigger the workflow by opening an issue
if ${{ matrix.event.name == 'issues' }}; then
gh api \
--method POST \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/${TESTING_REPO}/issues \
-f title="Test issue ${{ steps.runner-name.outputs.name }}"
fi
get-workflow-status() {
# Search recent workflow runs for the one designated by the run-id ref
output=$(gh run list \
-R ${TESTING_REPO} \
-L 100 \
--json headBranch,status,createdAt \
--jq '[.[] | select(.headBranch=="main")] | sort_by(.createdAt)')
# Workflows that have not started have no status
if [ $(echo "$output" | jq 'length') -eq 0 ]
then
echo "not_started"
else
# Parse output with jq to get the status field of the first object
status=$(echo "$output" | jq -r '.[0].status')
echo "$status"
fi
}
# Wait for the workflow to start while checking its status
for i in {1..360}
do
status=$(get-workflow-status)
echo "workflow status: $status"
if [[ $status != "not_started" && $status != "queued" && $status != "in_progress" ]]; then
break
fi
sleep 10
done
# Make sure the workflow was completed or else consider it failed
runs=$(gh api \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/${TESTING_REPO}/actions/runs \
--jq '[.workflow_runs[] | select(.head_branch=="main")] | sort_by(.created_at)')
conclusion=$(echo $runs | jq -r '.[0].conclusion')
wf_run_id=$(echo $runs | jq -r '.[0].id')
logs_filename=${{matrix.event.name}}-workflow-logs.zip
# We retrieve the logs because the testing repo is deleted at the end of the test
gh api \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/${TESTING_REPO}/actions/runs/${wf_run_id}/logs > ${logs_filename} \
|| (echo "Failed to retrieve logs from schedule tests" && rm ${logs_filename})
if [[ $status != "completed" || $conclusion != "success" ]]; then
echo "test workflow failed with status: $status, conclusion: $conclusion"
kill $(jobs -p)
exit 1
else
echo "Workflow completed with status: $status, conclusion: $conclusion, run-id: ${{ steps.runner-name.outputs.name }}"
kill $(jobs -p)
fi
- name: Upload test logs (Issues, Schedule)
if: always() && (matrix.event.name == 'issues' || matrix.event.name == 'schedule')
uses: actions/upload-artifact@v4
with:
name: ${{matrix.event.name}}-workflow-logs.zip
path: ${{matrix.event.name}}-workflow-logs.zip
if-no-files-found: ignore
- name: Show Firewall Rules
run: |
juju ssh ${{ steps.runner-name.outputs.name }}/0 sudo nft list ruleset
- name: Clean Up (Workflow Dispatch and Push)
if: always() && (matrix.event.name == 'workflow_dispatch' || matrix.event.name == 'push')
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh api \
--method DELETE \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"/repos/${{ secrets.E2E_TESTING_REPO }}/git/refs/heads/${{ steps.runner-name.outputs.name }}"
echo "Deleted ref ${{ steps.runner-name.outputs.name }}"
- name: Clean Up (Issues, Schedule)
if: always() && (matrix.event.name == 'issues' || matrix.event.name == 'schedule')
env:
GH_TOKEN: ${{ secrets.E2E_TESTING_TOKEN }}
run: |
set +e
gh api \
--method DELETE \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"/repos/${{ secrets.E2E_TESTING_REPO }}/git/refs/heads/${{ steps.runner-name.outputs.name }}" \
&& echo "Deleted ref ${{ steps.runner-name.outputs.name }}"
TESTING_REPO=${{ secrets.E2E_TESTING_TOKEN_ORG }}/${{ steps.runner-name.outputs.name }}
set -e
gh api \
--method DELETE \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"/repos/${TESTING_REPO}"
echo "Deleted repo ${TESTING_REPO}"
e2e-test:
name: End-to-End Test
needs: [build-charm, run-id]
uses: ./.github/workflows/e2e_test_run.yaml
with:
runner-tag: "pr-${{ needs.run-id.outputs.run-id }}${{ github.run_attempt}}"
runner-virt-type: "lxd"
required_status_checks:
name: Required E2E Test Status Checks
runs-on: ubuntu-latest
needs:
- deploy-e2e-test-runner
if: always() && !cancelled()
timeout-minutes: 5
steps:
- run: |
[ '${{ needs.deploy-e2e-test-runner.result }}' = 'success' ] || (echo deploy-e2e-test-runner failed && false)