-
Notifications
You must be signed in to change notification settings - Fork 105
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci: Merge all Prow CI "build" scripts into one
Regroup all CI scripts that build an RHCOS image and test it into a single one to avoid duplication. This will also simplify future CI changes.
- Loading branch information
Showing
17 changed files
with
201 additions
and
196 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,2 @@ | ||
#!/bin/bash | ||
set -xeuo pipefail | ||
# This script is the entrypoint for PRs to this repo via OpenShift Prow. | ||
dn=$(dirname $0) | ||
# Prow jobs don't support adding emptydir today | ||
export COSA_SKIP_OVERLAY=1 | ||
# Create a temporary cosa workdir if COSA_DIR is not set. | ||
cosa_dir="${COSA_DIR:-$(mktemp -d)}" | ||
echo "Using $cosa_dir for build" | ||
cd "$cosa_dir" | ||
cosa init --transient /src | ||
exec ${dn}/prow-build-test-qemu.sh | ||
true |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,71 +1,2 @@ | ||
#!/bin/bash | ||
set -xeuo pipefail | ||
# This script is called via build-test-qemu.sh which is the main Prow | ||
# entrypoint for PRs to this repo, as well as for PRs on other repos, | ||
# mainly coreos-assembler. It assumes that `cosa init` has been run. | ||
|
||
REDIRECTOR_URL="https://rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com/art/storage/releases/" | ||
|
||
# record information about cosa + rpm-ostree | ||
if test -d /cosa; then | ||
jq . < /cosa/coreos-assembler-git.json | ||
fi | ||
rpm-ostree --version | ||
|
||
# We generate .repo files which write to the source, but | ||
# we captured the source as part of the Docker build. | ||
# In OpenShift default SCC we'll run as non-root, so we need | ||
# to make a new copy of the source. TODO fix cosa to be happy | ||
# if src/config already exists instead of wanting to reference | ||
# it or clone it. Or we could write our .repo files to a separate | ||
# place. | ||
if test '!' -w src/config; then | ||
git clone --recurse src/config src/config.writable | ||
rm src/config -rf | ||
mv src/config.writable src/config | ||
fi | ||
|
||
# | ||
# NOTE: If you are adjusting how the repos are fetched in this script, you | ||
# must also make the same change in the `prow-build.sh` script | ||
# | ||
# Grab the raw value of `mutate-os-release` and use sed to convert the value | ||
# to X-Y format | ||
ocpver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]') | ||
ocpver_mut=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]' | sed 's|\.|-|') | ||
prev_build_url=${REDIRECTOR_URL}/rhcos-${ocpver}/ | ||
# we want to use RHEL 8.5 for testing until we can start using 8.6 | ||
# see https://github.com/openshift/release/pull/26193 | ||
curl -L http://base-"${ocpver_mut}"-rhel85.ocp.svc.cluster.local > src/config/ocp.repo | ||
# fetch the 8.6 appstream repo to enable building of extensions | ||
# see: https://github.com/openshift/os/issues/795 | ||
curl -Ls http://base-"${ocpver_mut}"-rhel86.ocp.svc.cluster.local | grep -A 3 rhel-8-appstream | sed '1,3 s/rhel-8-appstream/rhel-86-appstream/g' >> src/config/ocp.repo | ||
cosa buildfetch --url=${prev_build_url} | ||
cosa fetch | ||
cosa build | ||
cosa buildextend-extensions | ||
cosa kola --basic-qemu-scenarios | ||
kola run-upgrade -b rhcos -v --find-parent-image --qemu-image-dir tmp/ --output-dir tmp/kola-upgrade | ||
cosa kola run --parallel 2 | ||
# Build metal + installer now so we can test them | ||
cosa buildextend-metal | ||
cosa buildextend-metal4k | ||
cosa buildextend-live | ||
# compress the metal and metal4k images now so we're testing | ||
# installs with the image format we ship | ||
cosa compress --artifact=metal --artifact=metal4k | ||
# Running testiso scenarios on metal artifact | ||
# Skip the following scenarios: iso-install,iso-offline-install,iso-live-login,iso-as-disk | ||
# See: https://github.com/openshift/os/issues/666 | ||
kola testiso -S --scenarios pxe-install,pxe-offline-install --output-dir tmp/kola-metal | ||
# iso-install scenario to sanity-check the metal4k media | ||
# Skip all the testiso scenarios for metal4k + UEFI | ||
# See: https://github.com/openshift/os/issues/666 | ||
# kola testiso -S --qemu-native-4k --qemu-multipath --scenarios iso-install --output-dir tmp/kola-metal4k | ||
# if [ $(uname -i) = x86_64 ] || [ $(uname -i) = aarch64 ]; then | ||
# mkdir -p tmp/kola-uefi | ||
# kola testiso -S --qemu-firmware uefi --scenarios iso-live-login,iso-as-disk --output-dir tmp/kola-uefi/insecure | ||
# if [ $(uname -i) = x86_64 ]; then | ||
# kola testiso -S --qemu-firmware uefi-secure --scenarios iso-live-login,iso-as-disk --output-dir tmp/kola-uefi/secure | ||
# fi | ||
# fi | ||
true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,53 +1,2 @@ | ||
#!/bin/bash | ||
set -xeuo pipefail | ||
|
||
# Prow jobs don't support adding emptydir today | ||
export COSA_SKIP_OVERLAY=1 | ||
# Create a temporary cosa workdir if COSA_DIR is not set. | ||
cosa_dir="${COSA_DIR:-$(mktemp -d)}" | ||
echo "Using $cosa_dir for build" | ||
cd "$cosa_dir" | ||
cosa init --transient /src | ||
|
||
# This script is called via build.sh which is the main Prow | ||
# entrypoint for PRs to this repo, as well as for PRs on other repos, | ||
# mainly coreos-assembler. It assumes that `cosa init` has been run. | ||
|
||
REDIRECTOR_URL="https://rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com/art/storage/releases/" | ||
|
||
# record information about cosa + rpm-ostree | ||
if test -d /cosa; then | ||
jq . < /cosa/coreos-assembler-git.json | ||
fi | ||
rpm-ostree --version | ||
|
||
# We generate .repo files which write to the source, but | ||
# we captured the source as part of the Docker build. | ||
# In OpenShift default SCC we'll run as non-root, so we need | ||
# to make a new copy of the source. TODO fix cosa to be happy | ||
# if src/config already exists instead of wanting to reference | ||
# it or clone it. Or we could write our .repo files to a separate | ||
# place. | ||
if test '!' -w src/config; then | ||
git clone --recurse src/config src/config.writable | ||
rm src/config -rf | ||
mv src/config.writable src/config | ||
fi | ||
|
||
# | ||
# NOTE: If you are adjusting how the repos are fetched in this script, you | ||
# must also make the same change in the `prow-build-test-qemu.sh` script | ||
# | ||
# Grab the raw value of `mutate-os-release` and use sed to convert the value | ||
# to X-Y format | ||
ocpver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]') | ||
ocpver_mut=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]' | sed 's|\.|-|') | ||
prev_build_url=${REDIRECTOR_URL}/rhcos-${ocpver}/ | ||
|
||
# Fetch RHEL 8.6 repos | ||
curl -L http://base-"${ocpver_mut}"-rhel86.ocp.svc.cluster.local > src/config/ocp.repo | ||
|
||
cosa buildfetch --url=${prev_build_url} | ||
cosa fetch | ||
cosa build | ||
cosa buildextend-extensions | ||
true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,187 @@ | ||
#!/bin/bash | ||
set -xeuo pipefail | ||
|
||
# Main script acting as entrypoint for all Prow jobs building RHCOS images | ||
|
||
# Global variables | ||
REDIRECTOR_URL="https://rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com/art/storage/releases/" | ||
|
||
# This function is used to update the /etc/passwd file within the COSA container | ||
# at test-time. The need for this comes from the fact that OpenShift will run a | ||
# container with a randomized user ID by default to enhance security. Because | ||
# COSA runs with an unprivileged user ("builder") instead of (container) root, | ||
# this presents special challenges for file and disk permissions. This particular | ||
# pattern was inspired by: | ||
# - https://cloud.redhat.com/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id | ||
# - https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids | ||
setup_user() { | ||
user_id="$(id -u)" | ||
group_id="$(id -g)" | ||
|
||
grep -v "^builder" /etc/passwd > /tmp/passwd | ||
echo "builder:x:${user_id}:${group_id}::/home/builder:/bin/bash" >> /tmp/passwd | ||
cat /tmp/passwd > /etc/passwd | ||
rm /tmp/passwd | ||
|
||
# Not strictly required, but nice for debugging. | ||
id | ||
whoami | ||
} | ||
|
||
cosa_init() { | ||
# Either use the COSA_DIR prepared for us or create a temporary cosa workdir | ||
cosa_dir="${COSA_DIR:-$(mktemp -d)}" | ||
echo "Using $cosa_dir for build" | ||
cd "$cosa_dir" | ||
cosa init --transient /src | ||
} | ||
|
||
# Do a cosa build & cosa build-extensions only | ||
# This is called both as part of the build phase and test phase in Prow thus we | ||
# can not do any kola testing in this function. | ||
cosa_build() { | ||
# Grab the raw value of `mutate-os-release` and use sed to convert the value | ||
# to X-Y format | ||
ocpver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]') | ||
ocpver_mut=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]' | sed 's|\.|-|') | ||
prev_build_url=${REDIRECTOR_URL}/rhcos-${ocpver}/ | ||
# Fetch the previous build | ||
cosa buildfetch --url="${prev_build_url}" | ||
|
||
# Fetch the repos corresponding to the release we are building | ||
rhelver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["automatic-version-prefix"]' | cut -f2 -d.) | ||
id | ||
whoami | ||
ls -alh "src/config/" | ||
curl -L "http://base-${ocpver_mut}-rhel${rhelver}.ocp.svc.cluster.local" -o "src/config/ocp.repo" | ||
|
||
# Build RHCOS & extensions | ||
cosa fetch | ||
cosa build | ||
cosa buildextend-extensions | ||
} | ||
|
||
# Make sure the image is at least booting before runnning expensive tests | ||
kola_test_basic() { | ||
cosa kola run basic | ||
} | ||
|
||
kola_test_basic_scenarios() { | ||
cosa kola --basic-qemu-scenarios | ||
} | ||
|
||
kola_test_upgrade() { | ||
kola run-upgrade -b rhcos -v --find-parent-image --qemu-image-dir tmp/ --output-dir tmp/kola-upgrade | ||
} | ||
|
||
kola_test_run() { | ||
cosa kola run --parallel 2 | ||
} | ||
|
||
kola_test_metal() { | ||
# Build metal + installer now so we can test them | ||
cosa buildextend-metal && cosa buildextend-metal4k && cosa buildextend-live | ||
|
||
# Compress the metal and metal4k images now so we're testing | ||
# installs with the image format we ship | ||
cosa compress --artifact=metal --artifact=metal4k | ||
|
||
# Run all testiso scenarios on metal artifact | ||
kola testiso -S --scenarios pxe-install,pxe-offline-install,iso-install,iso-offline-install,iso-live-login,iso-as-disk,miniso-install --output-dir tmp/kola-metal | ||
|
||
# Run only the iso-install scenario to sanity-check the metal4k media | ||
kola testiso -S --qemu-native-4k --qemu-multipath --scenarios iso-install --output-dir tmp/kola-metal4k | ||
|
||
# Run some uefi & secure boot tests | ||
if [[ "$(uname -i)" == "x86_64" ]] || [[ "$(uname -i)" == "aarch64" ]]; then | ||
mkdir -p tmp/kola-uefi | ||
kola testiso -S --qemu-firmware uefi --scenarios iso-live-login,iso-as-disk --output-dir tmp/kola-uefi/insecure | ||
if [[ "$(uname -i)" == "x86_64" ]]; then | ||
kola testiso -S --qemu-firmware uefi-secure --scenarios iso-live-login,iso-as-disk --output-dir tmp/kola-uefi/secure | ||
fi | ||
fi | ||
} | ||
|
||
# Basic syntaxt validation for manifests | ||
validate() { | ||
# Create a temporary copy | ||
workdir="$(mktemp -d)" | ||
echo "Using $workdir as working directory" | ||
|
||
# Figure out if we are running from the COSA image or directly from the Prow src image | ||
if [[ -d /src/github.com/openshift/os ]]; then | ||
cd "$workdir" | ||
git clone /src/github.com/openshift/os os | ||
elif [[ -d ./.git ]]; then | ||
srcdir="${PWD}" | ||
cd "$workdir" | ||
git clone "${srcdir}" os | ||
else | ||
echo "Could not found source directory" | ||
exit 1 | ||
fi | ||
cd os | ||
|
||
# First ensure submodules are initialized | ||
git submodule update --init --recursive | ||
# Basic syntax check | ||
./fedora-coreos-config/ci/validate | ||
} | ||
|
||
main () { | ||
if [[ "${#}" -ne 1 ]]; then | ||
echo "This script is expected to be called by Prow with the name of the build phase or test to run" | ||
exit 1 | ||
fi | ||
|
||
# Record information about cosa + rpm-ostree | ||
if [[ -d /cosa ]]; then | ||
jq . < /cosa/coreos-assembler-git.json | ||
fi | ||
rpm-ostree --version | ||
|
||
case "${1}" in | ||
"validate") | ||
validate | ||
;; | ||
"build") | ||
cosa_init | ||
cosa_build | ||
;; | ||
"build-test-qemu-kola-basic") | ||
setup_user | ||
cosa_init | ||
cosa_build | ||
kola_test_basic | ||
kola_test_basic_scenarios | ||
;; | ||
"build-test-qemu-kola-all") | ||
setup_user | ||
cosa_init | ||
cosa_build | ||
kola_test_basic | ||
kola_test_run | ||
;; | ||
"build-test-qemu-kola-upgrade") | ||
setup_user | ||
cosa_init | ||
cosa_build | ||
kola_test_basic | ||
kola_test_upgrade | ||
;; | ||
"build-test-qemu-kola-metal") | ||
setup_user | ||
cosa_init | ||
cosa_build | ||
kola_test_basic | ||
kola_test_metal | ||
;; | ||
*) | ||
echo "Unknown test name" | ||
exit 1 | ||
;; | ||
esac | ||
} | ||
|
||
main "${@}" | ||
|
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,30 +1,2 @@ | ||
#!/bin/bash | ||
|
||
# This script is used to update the /etc/passwd file within the COSA container | ||
# at test-time. The need for this comes from the fact that OpenShift will run a | ||
# container with a randomized user ID by default to enhance security. Because | ||
# COSA runs with an unprivileged user ("builder") instead of (container) root, | ||
# this presents special challenges for file and disk permissions. This particular | ||
# pattern was inspired by: | ||
# - https://cloud.redhat.com/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id | ||
# - https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids | ||
|
||
set -xeuo | ||
|
||
user_id="$(id -u)" | ||
group_id="$(id -g)" | ||
|
||
cat /etc/passwd | grep -v "^builder" > /tmp/passwd | ||
echo "builder:x:${user_id}:${group_id}::/home/builder:/bin/bash" >> /tmp/passwd | ||
cat /tmp/passwd > /etc/passwd | ||
rm /tmp/passwd | ||
|
||
# Not strictly required, but nice for debugging. | ||
id | ||
whoami | ||
|
||
# Workaround for how we cache the cosa builds in Prow and juggle users, | ||
# see also https://github.com/actions/checkout/issues/760#issuecomment-1097461496 | ||
if test -d src/config; then | ||
git config --global --add safe.directory $PWD/src/config | ||
fi | ||
true |
Oops, something went wrong.