WIP: Merge all Prow CI scripts into one

ci/Dockerfile.build

@@ -0,0 +1,34 @@
+# This stage actually builds the RHCOS OCI image. However, due to
+# limitations within OpenShift CI, we need to do the following:
+# 1. Disable KVM by using the COSA_NO_KVM env var. This is due to OpenShift
+# CI using the default OpenShift Docker Build strategy, which precludes us
+# from mounting /dev/kvm into the build context.
+# 2. Due to a limitation in the version of Buildah that OpenShift Builds
+# uses (at the time of this writing, it uses a v1.23.z version of Buildah),
+# we cannot mount the build context into the container build (e.g., `RUN
+# --mount=type=bind,rw=true,src=.,dst=/buildcontext,bind-propagation=shared
+# <cmd>`), which would allow it to mutate the build context. This is due to
+# https://github.com/containers/buildah/pull/3548 not being present.
+# For now, this necessitates passing this image into the cosa-build image
+# build below to extract the OCI archive and inject it into the
+# ImageStream. However, once the OpenShift CI system is upgraded to use
+# OpenShift 4.11, we can create the RHCOS image in a single shot via this
+# stage.
+FROM build-test-qemu-img:latest
+ENV COSA_DIR=/tmp/cosa
+ENV COSA_SKIP_OVERLAY=1
+RUN mkdir -p "${COSA_DIR}" && \
+  COSA_NO_KVM=1 /src/ci/prow-entrypoint.sh "build" && \
+  rm -rf "${COSA_DIR}/cache"
+# We need to make sure that root can read / write to the COSA_DIR so that
+# when this container is actually run, we have permissions to read and
+# write to the COSA_DIR to allow the Kola tests to run.
+# Note: In Docker BuildKit, this would double the image size because this
+# would create an additional layer. However, since OpenShift Image Builds
+# use Buildah, this is eliminated because it squashes these layers
+# together.
+USER root
+RUN chgrp -Rf root "${COSA_DIR}" && \
+  chmod -Rf g+w "${COSA_DIR}"
+USER builder
+WORKDIR /tmp/cosa

ci/prow-entrypoint.sh

@@ -0,0 +1,182 @@
+#!/bin/bash
+set -xeuo pipefail
+
+# Main script acting as entrypoint for all Prow jobs
+
+# Global variables
+REDIRECTOR_URL="https://rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com/art/storage/releases/"
+
+# This script is used to update the /etc/passwd file within the COSA container
+# at test-time. The need for this comes from the fact that OpenShift will run a
+# container with a randomized user ID by default to enhance security. Because
+# COSA runs with an unprivileged user ("builder") instead of (container) root,
+# this presents special challenges for file and disk permissions. This particular
+# pattern was inspired by:
+# - https://cloud.redhat.com/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id
+# - https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids
+setup_user() {
+    user_id="$(id -u)"
+    group_id="$(id -g)"
+
+    cat /etc/passwd | grep -v "^builder" > /tmp/passwd
+    echo "builder:x:${user_id}:${group_id}::/home/builder:/bin/bash" >> /tmp/passwd
+    cat /tmp/passwd > /etc/passwd
+    rm /tmp/passwd
+
+    # Not strictly required, but nice for debugging.
+    id
+    whoami
+
+    # # Workaround for how we cache the cosa builds in Prow and juggle users,
+    # # see also https://github.com/actions/checkout/issues/760#issuecomment-1097461496
+    # if test -d src/config; then
+    #     git config --global --add safe.directory $PWD/src/config
+    # fi
+}
+
+cosa_init() {
+     # Either use the COSA_DIR prepared for us or create a temporary cosa workdir
+    cosa_dir="${COSA_DIR:-$(mktemp -d)}"
+    echo "Using $cosa_dir for build"
+    cd "$cosa_dir"
+    cosa init --transient /src
+}
+
+# Do a cosa build & cosa build-extensions only
+cosa_build() {
+    # Grab the raw value of `mutate-os-release` and use sed to convert the value
+    # to X-Y format
+    ocpver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]')
+    ocpver_mut=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]' | sed 's|\.|-|')
+    prev_build_url=${REDIRECTOR_URL}/rhcos-${ocpver}/
+    # Fetch the previous build
+    cosa buildfetch --url=${prev_build_url}
+
+    # Fetch the repos corresponding to the release we are building
+    rhelver=$(rpm-ostree compose tree --print-only manifest.yaml | jq -r '.["automatic-version-prefix"]' | cut -f2 -d.)
+    curl -L "http://base-${ocpver_mut}-rhel${rhelver}.ocp.svc.cluster.local" > "src/config/ocp.repo"
+
+    cosa fetch
+    cosa build
+    cosa buildextend-extensions
+}
+
+kola_test_basic_all() {
+    cosa kola --basic-qemu-scenarios
+}
+
+kola_test_upgrade() {
+    kola run-upgrade -b rhcos -v --find-parent-image --qemu-image-dir tmp/ --output-dir tmp/kola-upgrade
+}
+
+kola_test_run() {
+    cosa kola run --parallel 2
+}
+
+kola_test_metal() {
+    # Build metal + installer now so we can test them
+    cosa buildextend-metal && cosa buildextend-metal4k && cosa buildextend-live
+
+    # compress the metal and metal4k images now so we're testing
+    # installs with the image format we ship
+    cosa compress --artifact=metal --artifact=metal4k
+
+    # Running testiso scenarios on metal artifact
+    # Skip the following scenarios: iso-install,iso-offline-install,iso-live-login,iso-as-disk
+    # See: https://github.com/openshift/os/issues/666
+    kola testiso -S --scenarios pxe-install,pxe-offline-install --output-dir tmp/kola-metal
+    # iso-install scenario to sanity-check the metal4k media
+    # Skip all the testiso scenarios for metal4k + UEFI
+    # See: https://github.com/openshift/os/issues/666
+    # kola testiso -S --qemu-native-4k --qemu-multipath --scenarios iso-install --output-dir tmp/kola-metal4k
+    # if [ $(uname -i) = x86_64 ] || [ $(uname -i) = aarch64 ]; then
+    #     mkdir -p tmp/kola-uefi
+    #     kola testiso -S --qemu-firmware uefi --scenarios iso-live-login,iso-as-disk --output-dir tmp/kola-uefi/insecure
+    #     if [ $(uname -i) = x86_64 ]; then
+    #         kola testiso -S --qemu-firmware uefi-secure --scenarios iso-live-login,iso-as-disk --output-dir tmp/kola-uefi/secure
+    #     fi
+    # fi
+}
+
+# Basic syntaxt validation for manifests
+validate() {
+    # Create a temporary copy
+    workdir="$(mktemp -d)"
+    echo "Using $workdir as working directory"
+    cd "$workdir"
+    git clone /go/src/github.com/openshift/os os
+    cd os
+    # First ensure submodules are initialized
+    git submodule update --init --recursive
+    # Basic syntax check
+    ./fedora-coreos-config/ci/validate
+}
+
+# Give the newly-built OCI archive a predictable filename to make OCI archive
+# extraction / ingestion simpler in Prow.
+simplify_ociarchive_path() {
+    arch="x86_64"
+    cosa_build_id="$(cat "${COSA_DIR}/builds/builds.json" | jq -r '.builds[0].id')"
+    current_build_dir="${COSA_DIR}/builds/latest/${arch}"
+    mv "${current_build_dir}/rhcos-${cosa_build_id}-ostree.${arch}.ociarchive" "${current_build_dir}/rhcos.${arch}.ociarchive"
+}
+
+
+
+
+main () {
+    if [[ "${#}" -ne 1 ]]; then
+        echo "This script is expected to be called by Prow with the name of the build phase or test to run"
+        exit 1
+    fi
+
+    # Record information about cosa + rpm-ostree
+    if test -d /cosa; then
+        jq . < /cosa/coreos-assembler-git.json
+    fi
+    rpm-ostree --version
+
+    case "${1}" in
+        "validate")
+            validate
+            ;;
+        "build")
+            cosa_init
+            cosa_build
+            ;;
+        "build-test-qemu-kola-basic")
+            setup_user
+            cosa_init
+            cosa_build
+            kola_test_basic
+            ;;
+        "build-test-qemu-kola-all")
+            setup_user
+            cosa_init
+            cosa_build
+            kola_test_run
+            ;;
+        "build-test-qemu-kola-upgrade")
+            setup_user
+            cosa_init
+            cosa_build
+            kola_test_upgrade
+            ;;
+        "build-test-qemu-kola-metal")
+            setup_user
+            cosa_init
+            cosa_build
+            kola_test_metal
+            ;;
+        "simplify-ociarchive-path")
+            simplify_ociarchive_path
+            ;;
+        *)
+            echo "Unknown test name"
+            exit 1
+            ;;
+    esac
+}
+
+main "${@}"
+