ci: Merge all Prow CI "build" scripts into one

Regroup all CI scripts that build an RHCOS image and test it into a
single one to avoid duplication. This will also simplify future CI
changes.

ci/build-test-qemu.sh

@@ -1,12 +1,2 @@
 #!/bin/bash
-set -xeuo pipefail
-# This script is the entrypoint for PRs to this repo via OpenShift Prow.
-dn=$(dirname $0)
-# Prow jobs don't support adding emptydir today
-export COSA_SKIP_OVERLAY=1
-# Create a temporary cosa workdir if COSA_DIR is not set.
-cosa_dir="${COSA_DIR:-$(mktemp -d)}"
-echo "Using $cosa_dir for build"
-cd "$cosa_dir"
-cosa init --transient /src
-exec ${dn}/prow-build-test-qemu.sh
+true

ci/build-test.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+true

ci/prow-build-test-qemu.sh

@@ -1,71 +1,2 @@
 #!/bin/bash
-set -xeuo pipefail
-# This script is called via build-test-qemu.sh which is the main Prow
-# entrypoint for PRs to this repo, as well as for PRs on other repos,
-# mainly coreos-assembler.  It assumes that `cosa init` has been run.
-
-REDIRECTOR_URL="https://rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com/art/storage/releases/"
-
-# record information about cosa + rpm-ostree
-if test -d /cosa; then
-    jq . < /cosa/coreos-assembler-git.json
-fi
-rpm-ostree --version
-
-# We generate .repo files which write to the source, but
-# we captured the source as part of the Docker build.
-# In OpenShift default SCC we'll run as non-root, so we need
-# to make a new copy of the source.  TODO fix cosa to be happy
-# if src/config already exists instead of wanting to reference
-# it or clone it.  Or we could write our .repo files to a separate
-# place.
-if test '!' -w src/config; then
-    git clone --recurse src/config src/config.writable
-    rm src/config -rf
-    mv src/config.writable src/config
-fi
-
-#
-# NOTE: If you are adjusting how the repos are fetched in this script, you
-#        must also make the same change in the `prow-build.sh` script
-#
-# Grab the raw value of `mutate-os-release` and use sed to convert the value
-# to X-Y format
-ocpver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]')
-ocpver_mut=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]' | sed 's|\.|-|')
-prev_build_url=${REDIRECTOR_URL}/rhcos-${ocpver}/
-# we want to use RHEL 8.5 for testing until we can start using 8.6
-# see https://github.com/openshift/release/pull/26193
-curl -L http://base-"${ocpver_mut}"-rhel85.ocp.svc.cluster.local > src/config/ocp.repo
-# fetch the 8.6 appstream repo to enable building of extensions
-# see: https://github.com/openshift/os/issues/795
-curl -Ls http://base-"${ocpver_mut}"-rhel86.ocp.svc.cluster.local | grep -A 3 rhel-8-appstream | sed '1,3 s/rhel-8-appstream/rhel-86-appstream/g' >> src/config/ocp.repo
-cosa buildfetch --url=${prev_build_url}
-cosa fetch
-cosa build
-cosa buildextend-extensions
-cosa kola --basic-qemu-scenarios
-kola run-upgrade -b rhcos -v --find-parent-image --qemu-image-dir tmp/ --output-dir tmp/kola-upgrade
-cosa kola run --parallel 2
-# Build metal + installer now so we can test them
-cosa buildextend-metal
-cosa buildextend-metal4k
-cosa buildextend-live
-# compress the metal and metal4k images now so we're testing
-# installs with the image format we ship
-cosa compress --artifact=metal --artifact=metal4k
-# Running testiso scenarios on metal artifact
-# Skip the following scenarios: iso-install,iso-offline-install,iso-live-login,iso-as-disk
-# See: https://github.com/openshift/os/issues/666
-kola testiso -S --scenarios pxe-install,pxe-offline-install --output-dir tmp/kola-metal
-# iso-install scenario to sanity-check the metal4k media
-# Skip all the testiso scenarios for metal4k + UEFI
-# See: https://github.com/openshift/os/issues/666
-# kola testiso -S --qemu-native-4k --qemu-multipath --scenarios iso-install --output-dir tmp/kola-metal4k
-# if [ $(uname -i) = x86_64 ] || [ $(uname -i) = aarch64 ]; then
-#     mkdir -p tmp/kola-uefi
-#     kola testiso -S --qemu-firmware uefi --scenarios iso-live-login,iso-as-disk --output-dir tmp/kola-uefi/insecure
-#     if [ $(uname -i) = x86_64 ]; then
-#         kola testiso -S --qemu-firmware uefi-secure --scenarios iso-live-login,iso-as-disk --output-dir tmp/kola-uefi/secure
-#     fi
-# fi
+true

ci/prow-build.sh

@@ -1,53 +1,2 @@
 #!/bin/bash
-set -xeuo pipefail
-
-# Prow jobs don't support adding emptydir today
-export COSA_SKIP_OVERLAY=1
-# Create a temporary cosa workdir if COSA_DIR is not set.
-cosa_dir="${COSA_DIR:-$(mktemp -d)}"
-echo "Using $cosa_dir for build"
-cd "$cosa_dir"
-cosa init --transient /src
-
-# This script is called via build.sh which is the main Prow
-# entrypoint for PRs to this repo, as well as for PRs on other repos,
-# mainly coreos-assembler.  It assumes that `cosa init` has been run.
-
-REDIRECTOR_URL="https://rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com/art/storage/releases/"
-
-# record information about cosa + rpm-ostree
-if test -d /cosa; then
-    jq . < /cosa/coreos-assembler-git.json
-fi
-rpm-ostree --version
-
-# We generate .repo files which write to the source, but
-# we captured the source as part of the Docker build.
-# In OpenShift default SCC we'll run as non-root, so we need
-# to make a new copy of the source.  TODO fix cosa to be happy
-# if src/config already exists instead of wanting to reference
-# it or clone it.  Or we could write our .repo files to a separate
-# place.
-if test '!' -w src/config; then
-    git clone --recurse src/config src/config.writable
-    rm src/config -rf
-    mv src/config.writable src/config
-fi
-
-#
-# NOTE: If you are adjusting how the repos are fetched in this script, you
-#        must also make the same change in the `prow-build-test-qemu.sh` script
-#
-# Grab the raw value of `mutate-os-release` and use sed to convert the value
-# to X-Y format
-ocpver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]')
-ocpver_mut=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]' | sed 's|\.|-|')
-prev_build_url=${REDIRECTOR_URL}/rhcos-${ocpver}/
-
-# Fetch RHEL 8.6 repos
-curl -L http://base-"${ocpver_mut}"-rhel86.ocp.svc.cluster.local > src/config/ocp.repo
-
-cosa buildfetch --url=${prev_build_url}
-cosa fetch
-cosa build
-cosa buildextend-extensions
+true

ci/prow-entrypoint.sh

@@ -0,0 +1,172 @@
+#!/bin/bash
+set -xeuo pipefail
+
+# Main script acting as entrypoint for all Prow jobs building RHCOS images
+
+# Global variables
+REDIRECTOR_URL="https://rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com/art/storage/releases/"
+
+# This function is used to update the /etc/passwd file within the COSA container
+# at test-time. The need for this comes from the fact that OpenShift will run a
+# container with a randomized user ID by default to enhance security. Because
+# COSA runs with an unprivileged user ("builder") instead of (container) root,
+# this presents special challenges for file and disk permissions. This particular
+# pattern was inspired by:
+# - https://cloud.redhat.com/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id
+# - https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids
+setup_user() {
+    user_id="$(id -u)"
+    group_id="$(id -g)"
+
+    cat /etc/passwd | grep -v "^builder" > /tmp/passwd
+    echo "builder:x:${user_id}:${group_id}::/home/builder:/bin/bash" >> /tmp/passwd
+    cat /tmp/passwd > /etc/passwd
+    rm /tmp/passwd
+
+    # Not strictly required, but nice for debugging.
+    id
+    whoami
+}
+
+cosa_init() {
+     # Either use the COSA_DIR prepared for us or create a temporary cosa workdir
+    cosa_dir="${COSA_DIR:-$(mktemp -d)}"
+    echo "Using $cosa_dir for build"
+    cd "$cosa_dir"
+    cosa init --transient /src
+}
+
+# Do a cosa build & cosa build-extensions only
+# This is called both as part of the build phase and test phase in Prow thus we
+# can not do any kola testing in this function.
+cosa_build() {
+    # Grab the raw value of `mutate-os-release` and use sed to convert the value
+    # to X-Y format
+    ocpver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]')
+    ocpver_mut=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]' | sed 's|\.|-|')
+    prev_build_url=${REDIRECTOR_URL}/rhcos-${ocpver}/
+    # Fetch the previous build
+    cosa buildfetch --url=${prev_build_url}
+
+    # Fetch the repos corresponding to the release we are building
+    rhelver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["automatic-version-prefix"]' | cut -f2 -d.)
+    curl -L "http://base-${ocpver_mut}-rhel${rhelver}.ocp.svc.cluster.local" > "src/config/ocp.repo"
+
+    # Build RHCOS & extensions
+    cosa fetch
+    cosa build
+    cosa buildextend-extensions
+}
+
+# Make sure the image is at least booting before runnning expensive tests
+kola_test_basic() {
+    cosa kola run basic
+}
+
+kola_test_basic_scenarios() {
+    cosa kola --basic-qemu-scenarios
+}
+
+kola_test_upgrade() {
+    kola run-upgrade -b rhcos -v --find-parent-image --qemu-image-dir tmp/ --output-dir tmp/kola-upgrade
+}
+
+kola_test_run() {
+    cosa kola run --parallel 2
+}
+
+kola_test_metal() {
+    # Build metal + installer now so we can test them
+    cosa buildextend-metal && cosa buildextend-metal4k && cosa buildextend-live
+
+    # Compress the metal and metal4k images now so we're testing
+    # installs with the image format we ship
+    cosa compress --artifact=metal --artifact=metal4k
+
+    # Run all testiso scenarios on metal artifact
+    kola testiso -S --scenarios pxe-install,pxe-offline-install,iso-install,iso-offline-install,iso-live-login,iso-as-disk,miniso-install --output-dir tmp/kola-metal
+
+    # Run only the iso-install scenario to sanity-check the metal4k media
+    kola testiso -S --qemu-native-4k --qemu-multipath --scenarios iso-install --output-dir tmp/kola-metal4k
+
+    # Run some uefi & secure boot tests
+    if [ $(uname -i) = x86_64 ] || [ $(uname -i) = aarch64 ]; then
+        mkdir -p tmp/kola-uefi
+        kola testiso -S --qemu-firmware uefi --scenarios iso-live-login,iso-as-disk --output-dir tmp/kola-uefi/insecure
+        if [ $(uname -i) = x86_64 ]; then
+            kola testiso -S --qemu-firmware uefi-secure --scenarios iso-live-login,iso-as-disk --output-dir tmp/kola-uefi/secure
+        fi
+    fi
+}
+
+# Basic syntaxt validation for manifests
+validate() {
+    # Create a temporary copy
+    workdir="$(mktemp -d)"
+    echo "Using $workdir as working directory"
+    cd "$workdir"
+    git clone /go/src/github.com/openshift/os os
+    cd os
+    # First ensure submodules are initialized
+    git submodule update --init --recursive
+    # Basic syntax check
+    ./fedora-coreos-config/ci/validate
+}
+
+main () {
+    if [[ "${#}" -ne 1 ]]; then
+        echo "This script is expected to be called by Prow with the name of the build phase or test to run"
+        exit 1
+    fi
+
+    # Record information about cosa + rpm-ostree
+    if [[ -d /cosa ]]; then
+        jq . < /cosa/coreos-assembler-git.json
+    fi
+    rpm-ostree --version
+
+    case "${1}" in
+        "validate")
+            validate
+            ;;
+        "build")
+            cosa_init
+            cosa_build
+            ;;
+        "build-test-qemu-kola-basic")
+            setup_user
+            cosa_init
+            cosa_build
+            kola_test_basic
+            kola_test_basic_scenarios
+            ;;
+        "build-test-qemu-kola-all")
+            setup_user
+            cosa_init
+            cosa_build
+            kola_test_basic
+            kola_test_run
+            ;;
+        "build-test-qemu-kola-upgrade")
+            setup_user
+            cosa_init
+            cosa_build
+            kola_test_basic
+            kola_test_upgrade
+            ;;
+        "build-test-qemu-kola-metal")
+            setup_user
+            cosa_init
+            cosa_build
+            kola_test_basic
+            kola_test_metal
+            ;;
+        *)
+            echo "Unknown test name"
+            exit 1
+            ;;
+    esac
+}
+
+main "${@}"
+

ci/set-openshift-user.sh

@@ -1,30 +1,2 @@
 #!/bin/bash
-
-# This script is used to update the /etc/passwd file within the COSA container
-# at test-time. The need for this comes from the fact that OpenShift will run a
-# container with a randomized user ID by default to enhance security. Because
-# COSA runs with an unprivileged user ("builder") instead of (container) root,
-# this presents special challenges for file and disk permissions. This particular
-# pattern was inspired by:
-# - https://cloud.redhat.com/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id
-# - https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids
-
-set -xeuo
-
-user_id="$(id -u)"
-group_id="$(id -g)"
-
-cat /etc/passwd | grep -v "^builder" > /tmp/passwd
-echo "builder:x:${user_id}:${group_id}::/home/builder:/bin/bash" >> /tmp/passwd
-cat /tmp/passwd > /etc/passwd
-rm /tmp/passwd
-
-# Not strictly required, but nice for debugging.
-id
-whoami
-
-# Workaround for how we cache the cosa builds in Prow and juggle users,
-# see also https://github.com/actions/checkout/issues/760#issuecomment-1097461496
-if test -d src/config; then
-    git config --global --add safe.directory $PWD/src/config
-fi
+true

ci/test-qemu-firmware-uefi.sh

@@ -1,6 +1,3 @@
 #!/bin/bash
 set -xeuo
-/src/ci/set-openshift-user.sh
-/src/ci/prow-build.sh
-cosa kola run --qemu-firmware=uefi basic
-
+/src/ci/prow-entrypoint.sh "build-test-qemu-kola-basic"

ci/test-qemu-kola-upgrade.sh

@@ -1,6 +1,3 @@
 #!/bin/bash
 set -xeuo
-/src/ci/set-openshift-user.sh
-/src/ci/prow-build.sh
-kola run-upgrade -b rhcos -v --find-parent-image --qemu-image-dir tmp/ --output-dir tmp/kola-upgrade
-
+/src/ci/prow-entrypoint.sh "build-test-qemu-kola-upgrade"

ci/test-qemu-kola.sh

@@ -1,6 +1,3 @@
 #!/bin/bash
 set -xeuo
-/src/ci/set-openshift-user.sh
-/src/ci/prow-build.sh
-cosa kola run --parallel 2
-
+/src/ci/prow-entrypoint.sh "build-test-qemu-kola-all"

ci/test-qemu-metal.sh

@@ -1,8 +1,3 @@
 #!/bin/bash
 set -xeuo
-/src/ci/set-openshift-user.sh
-/src/ci/prow-build.sh
-cosa buildextend-metal && cosa buildextend-metal4k && cosa buildextend-live
-cosa compress --artifact=metal --artifact=metal4k
-kola testiso -S --scenarios pxe-install,pxe-offline-install --output-dir tmp/kola-metal
-
+/src/ci/prow-entrypoint.sh "build-test-qemu-kola-metal"

ci/test-qemu-nvme.sh

@@ -1,6 +1,3 @@
 #!/bin/bash
 set -xeuo
-/src/ci/set-openshift-user.sh
-/src/ci/prow-build.sh
-cosa kola run --qemu-nvme=true basic
-
+true