-
Notifications
You must be signed in to change notification settings - Fork 105
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
WIP: Merge all Prow CI scripts into one
- Loading branch information
Showing
15 changed files
with
223 additions
and
205 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# This stage actually builds the RHCOS OCI image. However, due to | ||
# limitations within OpenShift CI, we need to do the following: | ||
# 1. Disable KVM by using the COSA_NO_KVM env var. This is due to OpenShift | ||
# CI using the default OpenShift Docker Build strategy, which precludes us | ||
# from mounting /dev/kvm into the build context. | ||
# 2. Due to a limitation in the version of Buildah that OpenShift Builds | ||
# uses (at the time of this writing, it uses a v1.23.z version of Buildah), | ||
# we cannot mount the build context into the container build (e.g., `RUN | ||
# --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared | ||
# <cmd>`), which would allow it to mutate the build context. This is due to | ||
# https://github.com/containers/buildah/pull/3548 not being present. | ||
# For now, this necessitates passing this image into the cosa-build image | ||
# build below to extract the OCI archive and inject it into the | ||
# ImageStream. However, once the OpenShift CI system is upgraded to use | ||
# OpenShift 4.11, we can create the RHCOS image in a single shot via this | ||
# stage. | ||
FROM build-test-qemu-img:latest | ||
ENV COSA_DIR=/tmp/cosa | ||
ENV COSA_SKIP_OVERLAY=1 | ||
RUN mkdir -p "${COSA_DIR}" && \ | ||
COSA_NO_KVM=1 /src/ci/prow-entrypoint.sh "build" && \ | ||
rm -rf "${COSA_DIR}/cache" | ||
# We need to make sure that root can read / write to the COSA_DIR so that | ||
# when this container is actually run, we have permissions to read and | ||
# write to the COSA_DIR to allow the Kola tests to run. | ||
# Note: In Docker BuildKit, this would double the image size because this | ||
# would create an additional layer. However, since OpenShift Image Builds | ||
# use Buildah, this is eliminated because it squashes these layers | ||
# together. | ||
USER root | ||
RUN chgrp -Rf root "${COSA_DIR}" && \ | ||
chmod -Rf g+w "${COSA_DIR}" | ||
USER builder | ||
WORKDIR /tmp/cosa |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,182 @@ | ||
#!/bin/bash | ||
set -xeuo pipefail | ||
|
||
# Main script acting as entrypoint for all Prow jobs | ||
|
||
# Global variables | ||
REDIRECTOR_URL="https://rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com/art/storage/releases/" | ||
|
||
# This script is used to update the /etc/passwd file within the COSA container | ||
# at test-time. The need for this comes from the fact that OpenShift will run a | ||
# container with a randomized user ID by default to enhance security. Because | ||
# COSA runs with an unprivileged user ("builder") instead of (container) root, | ||
# this presents special challenges for file and disk permissions. This particular | ||
# pattern was inspired by: | ||
# - https://cloud.redhat.com/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id | ||
# - https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids | ||
setup_user() { | ||
user_id="$(id -u)" | ||
group_id="$(id -g)" | ||
|
||
cat /etc/passwd | grep -v "^builder" > /tmp/passwd | ||
echo "builder:x:${user_id}:${group_id}::/home/builder:/bin/bash" >> /tmp/passwd | ||
cat /tmp/passwd > /etc/passwd | ||
rm /tmp/passwd | ||
|
||
# Not strictly required, but nice for debugging. | ||
id | ||
whoami | ||
|
||
# # Workaround for how we cache the cosa builds in Prow and juggle users, | ||
# # see also https://github.com/actions/checkout/issues/760#issuecomment-1097461496 | ||
# if test -d src/config; then | ||
# git config --global --add safe.directory $PWD/src/config | ||
# fi | ||
} | ||
|
||
cosa_init() { | ||
# Either use the COSA_DIR prepared for us or create a temporary cosa workdir | ||
cosa_dir="${COSA_DIR:-$(mktemp -d)}" | ||
echo "Using $cosa_dir for build" | ||
cd "$cosa_dir" | ||
cosa init --transient /src | ||
} | ||
|
||
# Do a cosa build & cosa build-extensions only | ||
cosa_build() { | ||
# Grab the raw value of `mutate-os-release` and use sed to convert the value | ||
# to X-Y format | ||
ocpver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]') | ||
ocpver_mut=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]' | sed 's|\.|-|') | ||
prev_build_url=${REDIRECTOR_URL}/rhcos-${ocpver}/ | ||
# Fetch the previous build | ||
cosa buildfetch --url=${prev_build_url} | ||
|
||
# Fetch the repos corresponding to the release we are building | ||
rhelver=$(rpm-ostree compose tree --print-only manifest.yaml | jq -r '.["automatic-version-prefix"]' | cut -f2 -d.) | ||
curl -L "http://base-${ocpver_mut}-rhel${rhelver}.ocp.svc.cluster.local" > "src/config/ocp.repo" | ||
|
||
cosa fetch | ||
cosa build | ||
cosa buildextend-extensions | ||
} | ||
|
||
kola_test_basic_all() { | ||
cosa kola --basic-qemu-scenarios | ||
} | ||
|
||
kola_test_upgrade() { | ||
kola run-upgrade -b rhcos -v --find-parent-image --qemu-image-dir tmp/ --output-dir tmp/kola-upgrade | ||
} | ||
|
||
kola_test_run() { | ||
cosa kola run --parallel 2 | ||
} | ||
|
||
kola_test_metal() { | ||
# Build metal + installer now so we can test them | ||
cosa buildextend-metal && cosa buildextend-metal4k && cosa buildextend-live | ||
|
||
# compress the metal and metal4k images now so we're testing | ||
# installs with the image format we ship | ||
cosa compress --artifact=metal --artifact=metal4k | ||
|
||
# Running testiso scenarios on metal artifact | ||
# Skip the following scenarios: iso-install,iso-offline-install,iso-live-login,iso-as-disk | ||
# See: https://github.com/openshift/os/issues/666 | ||
kola testiso -S --scenarios pxe-install,pxe-offline-install --output-dir tmp/kola-metal | ||
# iso-install scenario to sanity-check the metal4k media | ||
# Skip all the testiso scenarios for metal4k + UEFI | ||
# See: https://github.com/openshift/os/issues/666 | ||
# kola testiso -S --qemu-native-4k --qemu-multipath --scenarios iso-install --output-dir tmp/kola-metal4k | ||
# if [ $(uname -i) = x86_64 ] || [ $(uname -i) = aarch64 ]; then | ||
# mkdir -p tmp/kola-uefi | ||
# kola testiso -S --qemu-firmware uefi --scenarios iso-live-login,iso-as-disk --output-dir tmp/kola-uefi/insecure | ||
# if [ $(uname -i) = x86_64 ]; then | ||
# kola testiso -S --qemu-firmware uefi-secure --scenarios iso-live-login,iso-as-disk --output-dir tmp/kola-uefi/secure | ||
# fi | ||
# fi | ||
} | ||
|
||
# Basic syntaxt validation for manifests | ||
validate() { | ||
# Create a temporary copy | ||
workdir="$(mktemp -d)" | ||
echo "Using $workdir as working directory" | ||
cd "$workdir" | ||
git clone /go/src/github.com/openshift/os os | ||
cd os | ||
# First ensure submodules are initialized | ||
git submodule update --init --recursive | ||
# Basic syntax check | ||
./fedora-coreos-config/ci/validate | ||
} | ||
|
||
# Give the newly-built OCI archive a predictable filename to make OCI archive | ||
# extraction / ingestion simpler in Prow. | ||
simplify_ociarchive_path() { | ||
arch="x86_64" | ||
cosa_build_id="$(cat "${COSA_DIR}/builds/builds.json" | jq -r '.builds[0].id')" | ||
current_build_dir="${COSA_DIR}/builds/latest/${arch}" | ||
mv "${current_build_dir}/rhcos-${cosa_build_id}-ostree.${arch}.ociarchive" "${current_build_dir}/rhcos.${arch}.ociarchive" | ||
} | ||
|
||
|
||
|
||
|
||
main () { | ||
if [[ "${#}" -ne 1 ]]; then | ||
echo "This script is expected to be called by Prow with the name of the build phase or test to run" | ||
exit 1 | ||
fi | ||
|
||
# Record information about cosa + rpm-ostree | ||
if test -d /cosa; then | ||
jq . < /cosa/coreos-assembler-git.json | ||
fi | ||
rpm-ostree --version | ||
|
||
case "${1}" in | ||
"validate") | ||
validate | ||
;; | ||
"build") | ||
cosa_init | ||
cosa_build | ||
;; | ||
"build-test-qemu-kola-basic") | ||
setup_user | ||
cosa_init | ||
cosa_build | ||
kola_test_basic | ||
;; | ||
"build-test-qemu-kola-all") | ||
setup_user | ||
cosa_init | ||
cosa_build | ||
kola_test_run | ||
;; | ||
"build-test-qemu-kola-upgrade") | ||
setup_user | ||
cosa_init | ||
cosa_build | ||
kola_test_upgrade | ||
;; | ||
"build-test-qemu-kola-metal") | ||
setup_user | ||
cosa_init | ||
cosa_build | ||
kola_test_metal | ||
;; | ||
"simplify-ociarchive-path") | ||
simplify_ociarchive_path | ||
;; | ||
*) | ||
echo "Unknown test name" | ||
exit 1 | ||
;; | ||
esac | ||
} | ||
|
||
main "${@}" | ||
|
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.