diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml deleted file mode 100644 index dd4946313094..000000000000 --- a/.github/actionlint.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright (c) 2024 Red Hat -# -# SPDX-License-Identifier: Apache-2.0 -# -# Configuration file with rules for the actionlint tool. -# -self-hosted-runner: - # Labels of self-hosted runner that linter should ignore - labels: - - arm64-builder - - garm-ubuntu-2004 - - garm-ubuntu-2004-smaller - - garm-ubuntu-2204 - - garm-ubuntu-2304 - - garm-ubuntu-2304-smaller - - garm-ubuntu-2204-smaller - - k8s-ppc64le - - metrics - - ppc64le - - sev - - sev-snp - - s390x - - s390x-large - - tdx diff --git a/.github/cargo-deny-composite-action/cargo-deny-generator.sh b/.github/cargo-deny-composite-action/cargo-deny-generator.sh deleted file mode 100644 index e09c9bd70858..000000000000 --- a/.github/cargo-deny-composite-action/cargo-deny-generator.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# -# Copyright (c) 2022 Red Hat -# -# SPDX-License-Identifier: Apache-2.0 -# - -script_dir=$(dirname "$(readlink -f "$0")") -parent_dir=$(realpath "${script_dir}/../..") -cidir="${parent_dir}/ci" -source "${cidir}/../tests/common.bash" - -cargo_deny_file="${script_dir}/action.yaml" - -cat cargo-deny-skeleton.yaml.in > "${cargo_deny_file}" - -changed_files_status=$(run_get_pr_changed_file_details) -changed_files_status=$(echo "$changed_files_status" | grep "Cargo\.toml$" || true) -changed_files=$(echo "$changed_files_status" | awk '{print $NF}' || true) - -if [ -z "$changed_files" ]; then - cat >> "${cargo_deny_file}" << EOF - - run: echo "No Cargo.toml files to check" - shell: bash -EOF -fi - -for path in $changed_files -do - cat >> "${cargo_deny_file}" << EOF - - - name: ${path} - continue-on-error: true - shell: bash - run: | - pushd $(dirname ${path}) - cargo deny check - popd -EOF -done diff --git a/.github/cargo-deny-composite-action/cargo-deny-skeleton.yaml.in b/.github/cargo-deny-composite-action/cargo-deny-skeleton.yaml.in deleted file mode 100644 index e48d1f6c86b1..000000000000 --- a/.github/cargo-deny-composite-action/cargo-deny-skeleton.yaml.in +++ /dev/null @@ -1,30 +0,0 @@ -# -# Copyright (c) 2022 Red Hat -# -# SPDX-License-Identifier: Apache-2.0 -# - -name: 'Cargo Crates Check' -description: 'Checks every Cargo.toml file using cargo-deny' - -env: - CARGO_TERM_COLOR: always - -runs: - using: "composite" - steps: - - name: Install Rust - uses: actions-rs/toolchain@v1 - with: - profile: minimal - toolchain: nightly - override: true - - - name: Cache - uses: Swatinem/rust-cache@v2 - - - name: Install Cargo deny - shell: bash - run: | - which cargo - cargo install --locked cargo-deny || true diff --git a/.github/workflows/PR-wip-checks.yaml b/.github/workflows/PR-wip-checks.yaml deleted file mode 100644 index 7616b978ce0a..000000000000 --- a/.github/workflows/PR-wip-checks.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name: Pull request WIP checks -on: - pull_request: - types: - - opened - - synchronize - - reopened - - edited - - labeled - - unlabeled - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - pr_wip_check: - runs-on: ubuntu-22.04 - name: WIP Check - steps: - - name: WIP Check - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: tim-actions/wip-check@1c2a1ca6c110026b3e2297bb2ef39e1747b5a755 - with: - labels: '["do-not-merge", "wip", "rfc"]' - keywords: '["WIP", "wip", "RFC", "rfc", "dnm", "DNM", "do-not-merge"]' diff --git a/.github/workflows/add-issues-to-project.yaml b/.github/workflows/add-issues-to-project.yaml deleted file mode 100644 index c7a12ccfd0c7..000000000000 --- a/.github/workflows/add-issues-to-project.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright (c) 2020 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 -# - -name: Add newly created issues to the backlog project - -on: - issues: - types: - - opened - - reopened - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - add-new-issues-to-backlog: - runs-on: ubuntu-22.04 - steps: - - name: Install hub - run: | - HUB_ARCH="amd64" - HUB_VER=$(curl -sL "https://api.github.com/repos/github/hub/releases/latest" |\ - jq -r .tag_name | sed 's/^v//') - curl -sL \ - "https://github.com/github/hub/releases/download/v${HUB_VER}/hub-linux-${HUB_ARCH}-${HUB_VER}.tgz" |\ - tar xz --strip-components=2 --wildcards '*/bin/hub' && \ - sudo install hub /usr/local/bin - - - name: Install hub extension script - run: | - # Clone into a temporary directory to avoid overwriting - # any existing github directory. - pushd $(mktemp -d) &>/dev/null - git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts - sudo install hub-util.sh /usr/local/bin - popd &>/dev/null - - - name: Checkout code to allow hub to communicate with the project - uses: actions/checkout@v4 - - - name: Add issue to issue backlog - env: - GITHUB_TOKEN: ${{ secrets.KATA_GITHUB_ACTIONS_TOKEN }} - run: | - issue=${{ github.event.issue.number }} - - project_name="Issue backlog" - project_type="org" - project_column="To do" - - hub-util.sh \ - add-issue \ - "$issue" \ - "$project_name" \ - "$project_type" \ - "$project_column" diff --git a/.github/workflows/add-pr-sizing-label.yaml b/.github/workflows/add-pr-sizing-label.yaml deleted file mode 100644 index 6058c2a23ff3..000000000000 --- a/.github/workflows/add-pr-sizing-label.yaml +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright (c) 2022 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 -# - -name: Add PR sizing label - -on: - pull_request_target: - types: - - opened - - reopened - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - add-pr-size-label: - runs-on: ubuntu-22.04 - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ github.event.pull_request.base.ref }} - - - name: Install PR sizing label script - run: | - # Clone into a temporary directory to avoid overwriting - # any existing github directory. - pushd $(mktemp -d) &>/dev/null - git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts - sudo install pr-add-size-label.sh /usr/local/bin - popd &>/dev/null - - - name: Add PR sizing label - env: - GITHUB_TOKEN: ${{ secrets.KATA_GITHUB_ACTIONS_PR_SIZE_TOKEN }} - run: | - pr=${{ github.event.number }} - # Removing man-db, workflow kept failing, fixes: #4480 - sudo apt -y remove --purge man-db - sudo apt -y install diffstat patchutils - - pr-add-size-label.sh -p "$pr" diff --git a/.github/workflows/basic-ci-amd64.yaml b/.github/workflows/basic-ci-amd64.yaml deleted file mode 100644 index ad94c13e0729..000000000000 --- a/.github/workflows/basic-ci-amd64.yaml +++ /dev/null @@ -1,380 +0,0 @@ -name: CI | Basic amd64 tests -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-cri-containerd: - strategy: - # We can set this to true whenever we're 100% sure that - # the all the tests are not flaky, otherwise we'll fail - # all the tests due to a single flaky instance. - fail-fast: false - matrix: - containerd_version: ['lts', 'active'] - vmm: ['clh', 'dragonball', 'qemu', 'stratovirt', 'cloud-hypervisor', 'qemu-runtime-rs'] - runs-on: ubuntu-22.04 - env: - CONTAINERD_VERSION: ${{ matrix.containerd_version }} - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/cri-containerd/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/cri-containerd/gha-run.sh install-kata kata-artifacts - - - name: Run cri-containerd tests - timeout-minutes: 10 - run: bash tests/integration/cri-containerd/gha-run.sh run - - run-containerd-stability: - strategy: - fail-fast: false - matrix: - containerd_version: ['lts', 'active'] - vmm: ['clh', 'cloud-hypervisor', 'dragonball', 'qemu', 'stratovirt'] - runs-on: ubuntu-22.04 - env: - CONTAINERD_VERSION: ${{ matrix.containerd_version }} - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/stability/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/stability/gha-run.sh install-kata kata-artifacts - - - name: Run containerd-stability tests - timeout-minutes: 15 - run: bash tests/stability/gha-run.sh run - - run-nydus: - strategy: - # We can set this to true whenever we're 100% sure that - # the all the tests are not flaky, otherwise we'll fail - # all the tests due to a single flaky instance. - fail-fast: false - matrix: - containerd_version: ['lts', 'active'] - vmm: ['clh', 'qemu', 'dragonball', 'stratovirt'] - runs-on: ubuntu-22.04 - env: - CONTAINERD_VERSION: ${{ matrix.containerd_version }} - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/nydus/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/nydus/gha-run.sh install-kata kata-artifacts - - - name: Run nydus tests - timeout-minutes: 10 - run: bash tests/integration/nydus/gha-run.sh run - - run-runk: - runs-on: ubuntu-22.04 - env: - CONTAINERD_VERSION: lts - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/runk/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/runk/gha-run.sh install-kata kata-artifacts - - - name: Run runk tests - timeout-minutes: 10 - run: bash tests/integration/runk/gha-run.sh run - - run-tracing: - strategy: - fail-fast: false - matrix: - vmm: - - clh # cloud-hypervisor - - qemu - # TODO: enable me when https://github.com/kata-containers/kata-containers/issues/9763 is fixed - # TODO: Transition to free runner (see #9940). - if: false - runs-on: garm-ubuntu-2204-smaller - env: - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/functional/tracing/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/functional/tracing/gha-run.sh install-kata kata-artifacts - - - name: Run tracing tests - timeout-minutes: 15 - run: bash tests/functional/tracing/gha-run.sh run - - run-vfio: - strategy: - fail-fast: false - matrix: - vmm: - - clh - - qemu - # TODO: enable with clh when https://github.com/kata-containers/kata-containers/issues/9764 is fixed - # TODO: enable with qemu when https://github.com/kata-containers/kata-containers/issues/9851 is fixed - # TODO: Transition to free runner (see #9940). - if: false - runs-on: garm-ubuntu-2304 - env: - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/functional/vfio/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Run vfio tests - timeout-minutes: 15 - run: bash tests/functional/vfio/gha-run.sh run - - run-docker-tests: - strategy: - # We can set this to true whenever we're 100% sure that - # all the tests are not flaky, otherwise we'll fail them - # all due to a single flaky instance. - fail-fast: false - matrix: - vmm: - - clh - - qemu - - dragonball - - cloud-hypervisor - runs-on: ubuntu-22.04 - env: - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/docker/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/docker/gha-run.sh install-kata kata-artifacts - - - name: Run docker smoke test - timeout-minutes: 5 - run: bash tests/integration/docker/gha-run.sh run - - run-nerdctl-tests: - strategy: - # We can set this to true whenever we're 100% sure that - # all the tests are not flaky, otherwise we'll fail them - # all due to a single flaky instance. - fail-fast: false - matrix: - vmm: - - clh - - dragonball - - qemu - - cloud-hypervisor - runs-on: ubuntu-22.04 - env: - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/nerdctl/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/nerdctl/gha-run.sh install-kata kata-artifacts - - - name: Run nerdctl smoke test - timeout-minutes: 5 - run: bash tests/integration/nerdctl/gha-run.sh run - - - name: Collect artifacts ${{ matrix.vmm }} - if: always() - run: bash tests/integration/nerdctl/gha-run.sh collect-artifacts - continue-on-error: true - - - name: Archive artifacts ${{ matrix.vmm }} - uses: actions/upload-artifact@v4 - with: - name: nerdctl-tests-garm-${{ matrix.vmm }} - path: /tmp/artifacts - retention-days: 1 - - run-kata-agent-apis: - strategy: - fail-fast: false - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/functional/kata-agent-apis/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/functional/kata-agent-apis/gha-run.sh install-kata kata-artifacts - - - name: Run kata agent api tests with agent-ctl - run: bash tests/functional/kata-agent-apis/gha-run.sh run diff --git a/.github/workflows/build-checks.yaml b/.github/workflows/build-checks.yaml deleted file mode 100644 index 8a720b758a4a..000000000000 --- a/.github/workflows/build-checks.yaml +++ /dev/null @@ -1,113 +0,0 @@ -on: - workflow_call: - inputs: - instance: - required: true - type: string - -name: Build checks -jobs: - check: - runs-on: ${{ inputs.instance }} - strategy: - fail-fast: false - matrix: - component: - - agent - - dragonball - - runtime - - runtime-rs - - agent-ctl - - kata-ctl - - runk - - trace-forwarder - - genpolicy - command: - - "make vendor" - - "make check" - - "make test" - - "sudo -E PATH=\"$PATH\" make test" - include: - - component: agent - component-path: src/agent - - component: dragonball - component-path: src/dragonball - - component: runtime - component-path: src/runtime - - component: runtime-rs - component-path: src/runtime-rs - - component: agent-ctl - component-path: src/tools/agent-ctl - - component: kata-ctl - component-path: src/tools/kata-ctl - - component: runk - component-path: src/tools/runk - - component: trace-forwarder - component-path: src/tools/trace-forwarder - - install-libseccomp: no - - component: agent - install-libseccomp: yes - - component: runk - install-libseccomp: yes - - component: genpolicy - component-path: src/tools/genpolicy - steps: - - name: Adjust a permission for repo - run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE $HOME - sudo rm -rf $GITHUB_WORKSPACE/* && echo "GITHUB_WORKSPACE removed" || { sleep 10 && sudo rm -rf $GITHUB_WORKSPACE/*; } - sudo rm -f /tmp/kata_hybrid* # Sometime we got leftover from test_setup_hvsock_failed() - - - name: Checkout the code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Install yq - run: | - ./ci/install_yq.sh - env: - INSTALL_IN_GOPATH: false - - name: Install golang - if: ${{ matrix.component == 'runtime' }} - run: | - ./tests/install_go.sh -f -p - echo "/usr/local/go/bin" >> $GITHUB_PATH - - name: Install rust - if: ${{ matrix.component != 'runtime' }} - run: | - ./tests/install_rust.sh - echo "${HOME}/.cargo/bin" >> $GITHUB_PATH - - name: Install musl-tools - if: ${{ matrix.component != 'runtime' }} - run: sudo apt-get -y install musl-tools - - name: Install devicemapper - if: ${{ matrix.command == 'make check' && matrix.component == 'agent' }} - run: sudo apt-get -y install libdevmapper-dev - - name: Install libseccomp - if: ${{ matrix.command != 'make vendor' && matrix.command != 'make check' && matrix.install-libseccomp == 'yes' }} - run: | - libseccomp_install_dir=$(mktemp -d -t libseccomp.XXXXXXXXXX) - gperf_install_dir=$(mktemp -d -t gperf.XXXXXXXXXX) - ./ci/install_libseccomp.sh "${libseccomp_install_dir}" "${gperf_install_dir}" - echo "Set environment variables for the libseccomp crate to link the libseccomp library statically" - echo "LIBSECCOMP_LINK_TYPE=static" >> $GITHUB_ENV - echo "LIBSECCOMP_LIB_PATH=${libseccomp_install_dir}/lib" >> $GITHUB_ENV - - name: Install protobuf-compiler - if: ${{ matrix.command != 'make vendor' && (matrix.component == 'agent' || matrix.component == 'runk' || matrix.component == 'genpolicy' || matrix.component == 'agent-ctl') }} - run: sudo apt-get -y install protobuf-compiler - - name: Install clang - if: ${{ matrix.command == 'make check' && (matrix.component == 'agent' || matrix.component == 'agent-ctl') }} - run: sudo apt-get -y install clang - - name: Setup XDG_RUNTIME_DIR for the `runtime` tests - if: ${{ matrix.command != 'make vendor' && matrix.command != 'make check' && matrix.component == 'runtime' }} - run: | - XDG_RUNTIME_DIR=$(mktemp -d /tmp/kata-tests-$USER.XXX | tee >(xargs chmod 0700)) - echo "XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR}" >> $GITHUB_ENV - - name: Running `${{ matrix.command }}` for ${{ matrix.component }} - run: | - cd ${{ matrix.component-path }} - ${{ matrix.command }} - env: - RUST_BACKTRACE: "1" - SKIP_GO_VERSION_CHECK: "1" diff --git a/.github/workflows/build-kata-os.yml b/.github/workflows/build-kata-os.yml new file mode 100644 index 000000000000..b7563229434d --- /dev/null +++ b/.github/workflows/build-kata-os.yml @@ -0,0 +1,72 @@ +name: Build Kata OS +run-name: Build Kata OS +on: [push] +jobs: + build: + strategy: + matrix: + runner: [ubuntu-latest, arm-8core-linux] + include: + - runner: ubuntu-latest + arch: amd64 + kernel_version: 6.8 + - runner: arm-8core-linux + arch: arm64 + kernel_version: 6.8 + runs-on: ${{ matrix.runner }} + steps: + - name: Check out repository code + uses: actions/checkout@v4 + - name: Install dependencies + run: sudo apt-get update && sudo apt-get install -y libelf-dev flex bison + - name: Build Ubuntu image ${{ matrix.arch }} + run: cd tools/osbuilder && sudo make USE_DOCKER=true image-ubuntu + - name: Build Kernel ${{ matrix.kernel_version }} + run: | + cd tools/packaging/kernel + sudo ./build-kernel.sh -v ${{ matrix.kernel_version }} setup + sudo ./build-kernel.sh -v ${{ matrix.kernel_version }} build + - name: Bundle artifacts + run: | + cp tools/packaging/kernel/kata-linux-*/vmlinux /tmp/vmlinux + cp tools/osbuilder/kata-containers-image-ubuntu.img /tmp/kata-containers-image-ubuntu.img + cp sbom.json /tmp/sbom.json + mkdir -p /tmp/artifacts + zip -j /tmp/artifacts/artifacts-${{ matrix.arch }}.zip /tmp/vmlinux /tmp/kata-containers-image-ubuntu.img /tmp/sbom.json + cd /tmp/artifacts + sha256sum artifacts-${{ matrix.arch }}.zip > checksum-${{ matrix.arch }}.sha256 + - name: Upload Artifact + uses: actions/upload-artifact@v4 + with: + name: artifacts-${{ matrix.arch }} + path: /tmp/artifacts + retention-days: 1 + release: + runs-on: ubuntu-latest + needs: build + # Only create a release when a new tag is created + if: ${{ startsWith(github.ref, 'refs/tags/') }} + steps: + - name: Check out repository code + uses: actions/checkout@v4 + - name: Download artifacts amd64 + uses: actions/download-artifact@v4 + with: + name: artifacts-amd64 + - name: Download artifacts arm64 + uses: actions/download-artifact@v4 + with: + name: artifacts-arm64 + - name: 'Create New Release' + env: + GH_TOKEN: ${{ secrets.WORKFLOW_TOKEN }} + run: | + RELEASE_VERSION=$(echo ${{ github.ref }} | sed 's/refs\/tags\///') + echo "Creating release $RELEASE_VERSION" + gh release create ${RELEASE_VERSION} -t ${RELEASE_VERSION} --draft + gh release upload "${RELEASE_VERSION}" artifacts-amd64.zip + gh release upload "${RELEASE_VERSION}" artifacts-arm64.zip + gh release upload "${RELEASE_VERSION}" checksum-amd64.sha256 + gh release upload "${RELEASE_VERSION}" checksum-arm64.sha256 + gh release edit ${RELEASE_VERSION} --verify-tag --draft=false + diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml deleted file mode 100644 index 27a00c11da39..000000000000 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ /dev/null @@ -1,221 +0,0 @@ -name: CI | Build kata-static tarball for amd64 -on: - workflow_call: - inputs: - stage: - required: false - type: string - default: test - tarball-suffix: - required: false - type: string - push-to-registry: - required: false - type: string - default: no - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - build-asset: - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - id-token: write - attestations: write - strategy: - matrix: - asset: - - agent - - agent-ctl - - cloud-hypervisor - - cloud-hypervisor-glibc - - coco-guest-components - - firecracker - - genpolicy - - kata-ctl - - kata-manager - - kernel - - kernel-confidential - - kernel-dragonball-experimental - - kernel-nvidia-gpu - - kernel-nvidia-gpu-confidential - - nydus - - ovmf - - ovmf-sev - - pause-image - - qemu - - qemu-snp-experimental - - stratovirt - - rootfs-image - - rootfs-image-confidential - - rootfs-image-mariner - - rootfs-initrd - - rootfs-initrd-confidential - - runk - - trace-forwarder - - virtiofsd - stage: - - ${{ inputs.stage }} - exclude: - - asset: cloud-hypervisor-glibc - stage: release - env: - PERFORM_ATTESTATION: ${{ matrix.asset == 'agent' && inputs.push-to-registry == 'yes' && 'yes' || 'no' }} - steps: - - name: Login to Kata Containers quay.io - if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 # This is needed in order to keep the commit ids history - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Build ${{ matrix.asset }} - id: build - run: | - make "${KATA_ASSET}-tarball" - build_dir=$(readlink -f build) - # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. - env: - KATA_ASSET: ${{ matrix.asset }} - TAR_OUTPUT: ${{ matrix.asset }}.tar.gz - PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} - ARTEFACT_REGISTRY: ghcr.io - ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} - ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - TARGET_BRANCH: ${{ inputs.target-branch }} - RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - - - name: Parse OCI image name and digest - id: parse-oci-segments - if: ${{ env.PERFORM_ATTESTATION == 'yes' }} - run: | - oci_image="$(<"build/${{ matrix.asset }}-oci-image")" - echo "oci-name=${oci_image%@*}" >> "$GITHUB_OUTPUT" - echo "oci-digest=${oci_image#*@}" >> "$GITHUB_OUTPUT" - - - uses: oras-project/setup-oras@v1 - if: ${{ env.PERFORM_ATTESTATION == 'yes' }} - with: - version: "1.2.0" - - # for pushing attestations to the registry - - uses: docker/login-action@v3 - if: ${{ env.PERFORM_ATTESTATION == 'yes' }} - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - uses: actions/attest-build-provenance@v1 - if: ${{ env.PERFORM_ATTESTATION == 'yes' }} - with: - subject-name: ${{ steps.parse-oci-segments.outputs.oci-name }} - subject-digest: ${{ steps.parse-oci-segments.outputs.oci-digest }} - push-to-registry: true - - - name: store-artifact ${{ matrix.asset }} - if: ${{ matrix.stage != 'release' || (matrix.asset != 'agent' && matrix.asset != 'coco-guest-components' && matrix.asset != 'pause-image') }} - uses: actions/upload-artifact@v4 - with: - name: kata-artifacts-amd64-${{ matrix.asset }}${{ inputs.tarball-suffix }} - path: kata-build/kata-static-${{ matrix.asset }}.tar.xz - retention-days: 15 - if-no-files-found: error - - build-asset-shim-v2: - runs-on: ubuntu-22.04 - needs: build-asset - steps: - - name: Login to Kata Containers quay.io - if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 # This is needed in order to keep the commit ids history - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Build shim-v2 - id: build - run: | - make "${KATA_ASSET}-tarball" - build_dir=$(readlink -f build) - # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. - env: - KATA_ASSET: shim-v2 - TAR_OUTPUT: shim-v2.tar.gz - PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} - ARTEFACT_REGISTRY: ghcr.io - ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} - ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - TARGET_BRANCH: ${{ inputs.target-branch }} - RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - - - name: store-artifact shim-v2 - uses: actions/upload-artifact@v4 - with: - name: kata-artifacts-amd64-shim-v2${{ inputs.tarball-suffix }} - path: kata-build/kata-static-shim-v2.tar.xz - retention-days: 15 - if-no-files-found: error - - create-kata-tarball: - runs-on: ubuntu-22.04 - needs: [build-asset, build-asset-shim-v2] - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - name: get-artifacts - uses: actions/download-artifact@v4 - with: - pattern: kata-artifacts-amd64-*${{ inputs.tarball-suffix }} - path: kata-artifacts - merge-multiple: true - - name: merge-artifacts - run: | - ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts versions.yaml - - name: store-artifacts - uses: actions/upload-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-static.tar.xz - retention-days: 15 - if-no-files-found: error diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml deleted file mode 100644 index a4df332892ea..000000000000 --- a/.github/workflows/build-kata-static-tarball-arm64.yaml +++ /dev/null @@ -1,165 +0,0 @@ -name: CI | Build kata-static tarball for arm64 -on: - workflow_call: - inputs: - stage: - required: false - type: string - default: test - tarball-suffix: - required: false - type: string - push-to-registry: - required: false - type: string - default: no - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - build-asset: - runs-on: arm64-builder - strategy: - matrix: - asset: - - agent - - cloud-hypervisor - - firecracker - - kernel - - kernel-dragonball-experimental - - nydus - - qemu - - stratovirt - - rootfs-image - - rootfs-initrd - - virtiofsd - steps: - - name: Login to Kata Containers quay.io - if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 # This is needed in order to keep the commit ids history - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Build ${{ matrix.asset }} - run: | - make "${KATA_ASSET}-tarball" - build_dir=$(readlink -f build) - # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. - env: - KATA_ASSET: ${{ matrix.asset }} - TAR_OUTPUT: ${{ matrix.asset }}.tar.gz - PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} - ARTEFACT_REGISTRY: ghcr.io - ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} - ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - TARGET_BRANCH: ${{ inputs.target-branch }} - RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - - - name: store-artifact ${{ matrix.asset }} - if: ${{ inputs.stage != 'release' || matrix.asset != 'agent' }} - uses: actions/upload-artifact@v4 - with: - name: kata-artifacts-arm64-${{ matrix.asset }}${{ inputs.tarball-suffix }} - path: kata-build/kata-static-${{ matrix.asset }}.tar.xz - retention-days: 15 - if-no-files-found: error - - build-asset-shim-v2: - runs-on: arm64-builder - needs: build-asset - steps: - - name: Login to Kata Containers quay.io - if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 # This is needed in order to keep the commit ids history - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Build shim-v2 - run: | - make "${KATA_ASSET}-tarball" - build_dir=$(readlink -f build) - # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. - env: - KATA_ASSET: shim-v2 - TAR_OUTPUT: shim-v2.tar.gz - PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} - ARTEFACT_REGISTRY: ghcr.io - ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} - ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - TARGET_BRANCH: ${{ inputs.target-branch }} - RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - - - name: store-artifact shim-v2 - uses: actions/upload-artifact@v4 - with: - name: kata-artifacts-arm64-shim-v2${{ inputs.tarball-suffix }} - path: kata-build/kata-static-shim-v2.tar.xz - retention-days: 15 - if-no-files-found: error - - create-kata-tarball: - runs-on: arm64-builder - needs: [build-asset, build-asset-shim-v2] - steps: - - name: Adjust a permission for repo - run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - name: get-artifacts - uses: actions/download-artifact@v4 - with: - pattern: kata-artifacts-arm64-*${{ inputs.tarball-suffix }} - path: kata-artifacts - merge-multiple: true - - name: merge-artifacts - run: | - ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts versions.yaml - - name: store-artifacts - uses: actions/upload-artifact@v4 - with: - name: kata-static-tarball-arm64${{ inputs.tarball-suffix }} - path: kata-static.tar.xz - retention-days: 15 - if-no-files-found: error diff --git a/.github/workflows/build-kata-static-tarball-ppc64le.yaml b/.github/workflows/build-kata-static-tarball-ppc64le.yaml deleted file mode 100644 index 79e7ad5b7878..000000000000 --- a/.github/workflows/build-kata-static-tarball-ppc64le.yaml +++ /dev/null @@ -1,171 +0,0 @@ -name: CI | Build kata-static tarball for ppc64le -on: - workflow_call: - inputs: - stage: - required: false - type: string - default: test - tarball-suffix: - required: false - type: string - push-to-registry: - required: false - type: string - default: no - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - build-asset: - runs-on: ppc64le - strategy: - matrix: - asset: - - agent - - kernel - - qemu - - rootfs-initrd - - virtiofsd - stage: - - ${{ inputs.stage }} - steps: - - name: Prepare the self-hosted runner - run: | - ${HOME}/scripts/prepare_runner.sh - sudo rm -rf $GITHUB_WORKSPACE/* - - - name: Login to Kata Containers quay.io - if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 # This is needed in order to keep the commit ids history - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Build ${{ matrix.asset }} - run: | - make "${KATA_ASSET}-tarball" - build_dir=$(readlink -f build) - # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. - env: - KATA_ASSET: ${{ matrix.asset }} - TAR_OUTPUT: ${{ matrix.asset }}.tar.gz - PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} - ARTEFACT_REGISTRY: ghcr.io - ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} - ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - TARGET_BRANCH: ${{ inputs.target-branch }} - RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - - - name: store-artifact ${{ matrix.asset }} - if: ${{ inputs.stage != 'release' || matrix.asset != 'agent' }} - uses: actions/upload-artifact@v4 - with: - name: kata-artifacts-ppc64le-${{ matrix.asset }}${{ inputs.tarball-suffix }} - path: kata-build/kata-static-${{ matrix.asset }}.tar.xz - retention-days: 1 - if-no-files-found: error - - build-asset-shim-v2: - runs-on: ppc64le - needs: build-asset - steps: - - name: Prepare the self-hosted runner - run: | - ${HOME}/scripts/prepare_runner.sh - sudo rm -rf $GITHUB_WORKSPACE/* - - - name: Login to Kata Containers quay.io - if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 # This is needed in order to keep the commit ids history - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Build shim-v2 - run: | - make "${KATA_ASSET}-tarball" - build_dir=$(readlink -f build) - # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. - env: - KATA_ASSET: shim-v2 - TAR_OUTPUT: shim-v2.tar.gz - PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} - ARTEFACT_REGISTRY: ghcr.io - ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} - ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - TARGET_BRANCH: ${{ inputs.target-branch }} - RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - - - name: store-artifact shim-v2 - uses: actions/upload-artifact@v4 - with: - name: kata-artifacts-ppc64le-shim-v2${{ inputs.tarball-suffix }} - path: kata-build/kata-static-shim-v2.tar.xz - retention-days: 1 - if-no-files-found: error - - create-kata-tarball: - runs-on: ppc64le - needs: [build-asset, build-asset-shim-v2] - steps: - - name: Adjust a permission for repo - run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - name: get-artifacts - uses: actions/download-artifact@v4 - with: - pattern: kata-artifacts-ppc64le-*${{ inputs.tarball-suffix }} - path: kata-artifacts - merge-multiple: true - - name: merge-artifacts - run: | - ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts versions.yaml - - name: store-artifacts - uses: actions/upload-artifact@v4 - with: - name: kata-static-tarball-ppc64le${{ inputs.tarball-suffix }} - path: kata-static.tar.xz - retention-days: 1 - if-no-files-found: error diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml deleted file mode 100644 index 693f81a47823..000000000000 --- a/.github/workflows/build-kata-static-tarball-s390x.yaml +++ /dev/null @@ -1,241 +0,0 @@ -name: CI | Build kata-static tarball for s390x -on: - workflow_call: - inputs: - stage: - required: false - type: string - default: test - tarball-suffix: - required: false - type: string - push-to-registry: - required: false - type: string - default: no - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - build-asset: - runs-on: s390x - permissions: - contents: read - packages: write - id-token: write - attestations: write - strategy: - matrix: - asset: - - agent - - coco-guest-components - - kernel - - kernel-confidential - - pause-image - - qemu - - rootfs-image - - rootfs-image-confidential - - rootfs-initrd - - rootfs-initrd-confidential - - virtiofsd - env: - PERFORM_ATTESTATION: ${{ matrix.asset == 'agent' && inputs.push-to-registry == 'yes' && 'yes' || 'no' }} - steps: - - name: Login to Kata Containers quay.io - if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 # This is needed in order to keep the commit ids history - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Build ${{ matrix.asset }} - id: build - run: | - make "${KATA_ASSET}-tarball" - build_dir=$(readlink -f build) - # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. - env: - KATA_ASSET: ${{ matrix.asset }} - TAR_OUTPUT: ${{ matrix.asset }}.tar.gz - PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} - ARTEFACT_REGISTRY: ghcr.io - ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} - ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - TARGET_BRANCH: ${{ inputs.target-branch }} - RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - - - name: Parse OCI image name and digest - id: parse-oci-segments - if: ${{ env.PERFORM_ATTESTATION == 'yes' }} - run: | - oci_image="$(<"build/${{ matrix.asset }}-oci-image")" - echo "oci-name=${oci_image%@*}" >> "$GITHUB_OUTPUT" - echo "oci-digest=${oci_image#*@}" >> "$GITHUB_OUTPUT" - - # for pushing attestations to the registry - - uses: docker/login-action@v3 - if: ${{ env.PERFORM_ATTESTATION == 'yes' }} - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - uses: actions/attest-build-provenance@v1 - if: ${{ env.PERFORM_ATTESTATION == 'yes' }} - with: - subject-name: ${{ steps.parse-oci-segments.outputs.oci-name }} - subject-digest: ${{ steps.parse-oci-segments.outputs.oci-digest }} - push-to-registry: true - - - name: store-artifact ${{ matrix.asset }} - if: ${{ inputs.stage != 'release' || (matrix.asset != 'agent' && matrix.asset != 'coco-guest-components' && matrix.asset != 'pause-image') }} - uses: actions/upload-artifact@v4 - with: - name: kata-artifacts-s390x-${{ matrix.asset }}${{ inputs.tarball-suffix }} - path: kata-build/kata-static-${{ matrix.asset }}.tar.xz - retention-days: 15 - if-no-files-found: error - - build-asset-boot-image-se: - runs-on: s390x - needs: build-asset - steps: - - uses: actions/checkout@v4 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: get-artifacts - uses: actions/download-artifact@v4 - with: - pattern: kata-artifacts-s390x-*${{ inputs.tarball-suffix }} - path: kata-artifacts - merge-multiple: true - - - name: Place a host key document - run: | - mkdir -p "host-key-document" - cp "${CI_HKD_PATH}" "host-key-document" - env: - CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }} - - - name: Build boot-image-se - run: | - base_dir=tools/packaging/kata-deploy/local-build/ - cp -r kata-artifacts ${base_dir}/build - # Skip building dependant artifacts of boot-image-se-tarball - # because we already have them from the previous build - sed -i 's/\(^boot-image-se-tarball:\).*/\1/g' ${base_dir}/Makefile - make boot-image-se-tarball - build_dir=$(readlink -f build) - sudo cp -r "${build_dir}" "kata-build" - sudo chown -R $(id -u):$(id -g) "kata-build" - env: - HKD_PATH: "host-key-document" - - - name: store-artifact boot-image-se - uses: actions/upload-artifact@v4 - with: - name: kata-artifacts-s390x${{ inputs.tarball-suffix }} - path: kata-build/kata-static-boot-image-se.tar.xz - retention-days: 1 - if-no-files-found: error - - build-asset-shim-v2: - runs-on: s390x - needs: build-asset - steps: - - name: Login to Kata Containers quay.io - if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 # This is needed in order to keep the commit ids history - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Build shim-v2 - id: build - run: | - make "${KATA_ASSET}-tarball" - build_dir=$(readlink -f build) - # store-artifact does not work with symlink - mkdir -p kata-build && cp "${build_dir}"/kata-static-${KATA_ASSET}*.tar.* kata-build/. - env: - KATA_ASSET: shim-v2 - TAR_OUTPUT: shim-v2.tar.gz - PUSH_TO_REGISTRY: ${{ inputs.push-to-registry }} - ARTEFACT_REGISTRY: ghcr.io - ARTEFACT_REGISTRY_USERNAME: ${{ github.actor }} - ARTEFACT_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - TARGET_BRANCH: ${{ inputs.target-branch }} - RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - - - name: store-artifact shim-v2 - uses: actions/upload-artifact@v4 - with: - name: kata-artifacts-s390x-shim-v2${{ inputs.tarball-suffix }} - path: kata-build/kata-static-shim-v2.tar.xz - retention-days: 15 - if-no-files-found: error - - create-kata-tarball: - runs-on: s390x - needs: [build-asset, build-asset-boot-image-se, build-asset-shim-v2] - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - name: get-artifacts - uses: actions/download-artifact@v4 - with: - pattern: kata-artifacts-s390x-*${{ inputs.tarball-suffix }} - path: kata-artifacts - merge-multiple: true - - name: merge-artifacts - run: | - ./tools/packaging/kata-deploy/local-build/kata-deploy-merge-builds.sh kata-artifacts versions.yaml - - name: store-artifacts - uses: actions/upload-artifact@v4 - with: - name: kata-static-tarball-s390x${{ inputs.tarball-suffix }} - path: kata-static.tar.xz - retention-days: 15 - if-no-files-found: error diff --git a/.github/workflows/cargo-deny-runner.yaml b/.github/workflows/cargo-deny-runner.yaml deleted file mode 100644 index 9e18198902df..000000000000 --- a/.github/workflows/cargo-deny-runner.yaml +++ /dev/null @@ -1,30 +0,0 @@ -name: Cargo Crates Check Runner -on: - pull_request: - types: - - opened - - edited - - reopened - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - cargo-deny-runner: - runs-on: ubuntu-22.04 - - steps: - - name: Checkout Code - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: actions/checkout@v4 - - name: Generate Action - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: bash cargo-deny-generator.sh - working-directory: ./.github/cargo-deny-composite-action/ - env: - GOPATH: ${{ runner.workspace }}/kata-containers - - name: Run Action - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: ./.github/cargo-deny-composite-action diff --git a/.github/workflows/ci-coco-stability.yaml b/.github/workflows/ci-coco-stability.yaml deleted file mode 100644 index ec1109cd0c4c..000000000000 --- a/.github/workflows/ci-coco-stability.yaml +++ /dev/null @@ -1,19 +0,0 @@ -name: Kata Containers CoCo Stability Tests Weekly -on: - schedule: - - cron: '0 0 * * 0' - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - kata-containers-ci-on-push: - uses: ./.github/workflows/ci-weekly.yaml - with: - commit-hash: ${{ github.sha }} - pr-number: "weekly" - tag: ${{ github.sha }}-weekly - target-branch: ${{ github.ref_name }} - secrets: inherit diff --git a/.github/workflows/ci-devel.yaml b/.github/workflows/ci-devel.yaml deleted file mode 100644 index a50794bf669f..000000000000 --- a/.github/workflows/ci-devel.yaml +++ /dev/null @@ -1,13 +0,0 @@ -name: Kata Containers CI (manually triggered) -on: - workflow_dispatch: - -jobs: - kata-containers-ci-on-push: - uses: ./.github/workflows/ci.yaml - with: - commit-hash: ${{ github.sha }} - pr-number: "dev" - tag: ${{ github.sha }}-dev - target-branch: ${{ github.ref_name }} - secrets: inherit diff --git a/.github/workflows/ci-nightly-s390x.yaml b/.github/workflows/ci-nightly-s390x.yaml deleted file mode 100644 index f3817520a147..000000000000 --- a/.github/workflows/ci-nightly-s390x.yaml +++ /dev/null @@ -1,21 +0,0 @@ -on: - schedule: - - cron: '0 5 * * *' - -name: Nightly CI for s390x -jobs: - check-internal-test-result: - runs-on: s390x - strategy: - fail-fast: false - matrix: - test_title: - - kata-vfio-ap-e2e-tests - - cc-se-e2e-tests - steps: - - name: Fetch a test result for {{ matrix.test_title }} - run: | - file_name="${TEST_TITLE}-$(date +%Y-%m-%d).log" - /home/${USER}/script/handle_test_log.sh download $file_name - env: - TEST_TITLE: ${{ matrix.test_title }} diff --git a/.github/workflows/ci-nightly.yaml b/.github/workflows/ci-nightly.yaml deleted file mode 100644 index fe1fbde85845..000000000000 --- a/.github/workflows/ci-nightly.yaml +++ /dev/null @@ -1,18 +0,0 @@ -name: Kata Containers Nightly CI -on: - schedule: - - cron: '0 0 * * *' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - kata-containers-ci-on-push: - uses: ./.github/workflows/ci.yaml - with: - commit-hash: ${{ github.sha }} - pr-number: "nightly" - tag: ${{ github.sha }}-nightly - target-branch: ${{ github.ref_name }} - secrets: inherit diff --git a/.github/workflows/ci-on-push.yaml b/.github/workflows/ci-on-push.yaml deleted file mode 100644 index e09905f74d61..000000000000 --- a/.github/workflows/ci-on-push.yaml +++ /dev/null @@ -1,39 +0,0 @@ -name: Kata Containers CI -on: - pull_request_target: - branches: - - 'main' - - 'stable-*' - types: - # Adding 'labeled' to the list of activity types that trigger this event - # (default: opened, synchronize, reopened) so that we can run this - # workflow when the 'ok-to-test' label is added. - # Reference: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target - - opened - - synchronize - - reopened - - labeled - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - skipper: - if: ${{ contains(github.event.pull_request.labels.*.name, 'ok-to-test') }} - uses: ./.github/workflows/gatekeeper-skipper.yaml - with: - commit-hash: ${{ github.event.pull_request.head.sha }} - target-branch: ${{ github.event.pull_request.base.ref }} - - kata-containers-ci-on-push: - needs: skipper - if: ${{ needs.skipper.outputs.skip_build != 'yes' }} - uses: ./.github/workflows/ci.yaml - with: - commit-hash: ${{ github.event.pull_request.head.sha }} - pr-number: ${{ github.event.pull_request.number }} - tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }} - target-branch: ${{ github.event.pull_request.base.ref }} - skip-test: ${{ needs.skipper.outputs.skip_test }} - secrets: inherit diff --git a/.github/workflows/ci-weekly.yaml b/.github/workflows/ci-weekly.yaml deleted file mode 100644 index 5c89f2ed0622..000000000000 --- a/.github/workflows/ci-weekly.yaml +++ /dev/null @@ -1,86 +0,0 @@ -name: Run the CoCo Kata Containers Stability CI -on: - workflow_call: - inputs: - commit-hash: - required: true - type: string - pr-number: - required: true - type: string - tag: - required: true - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - build-kata-static-tarball-amd64: - uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - - publish-kata-deploy-payload-amd64: - needs: build-kata-static-tarball-amd64 - uses: ./.github/workflows/publish-kata-deploy-payload-amd64.yaml - with: - tarball-suffix: -${{ inputs.tag }} - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-amd64 - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - build-and-publish-tee-confidential-unencrypted-image: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to Kata Containers ghcr.io - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Docker build and push - uses: docker/build-push-action@v5 - with: - tags: ghcr.io/kata-containers/test-images:unencrypted-${{ inputs.pr-number }} - push: true - context: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/ - platforms: linux/amd64 - file: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/Dockerfile - - run-kata-coco-stability-tests: - needs: [publish-kata-deploy-payload-amd64, build-and-publish-tee-confidential-unencrypted-image] - uses: ./.github/workflows/run-kata-coco-stability-tests.yaml - with: - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-amd64 - commit-hash: ${{ inputs.commit-hash }} - pr-number: ${{ inputs.pr-number }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index 285e2ecc5c39..000000000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,246 +0,0 @@ -name: Run the Kata Containers CI -on: - workflow_call: - inputs: - commit-hash: - required: true - type: string - pr-number: - required: true - type: string - tag: - required: true - type: string - target-branch: - required: false - type: string - default: "" - skip-test: - required: false - type: string - default: no - -jobs: - build-kata-static-tarball-amd64: - uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - - publish-kata-deploy-payload-amd64: - needs: build-kata-static-tarball-amd64 - uses: ./.github/workflows/publish-kata-deploy-payload-amd64.yaml - with: - tarball-suffix: -${{ inputs.tag }} - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-amd64 - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - build-kata-static-tarball-arm64: - uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - - publish-kata-deploy-payload-arm64: - needs: build-kata-static-tarball-arm64 - uses: ./.github/workflows/publish-kata-deploy-payload-arm64.yaml - with: - tarball-suffix: -${{ inputs.tag }} - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-arm64 - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - build-kata-static-tarball-s390x: - uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - build-kata-static-tarball-ppc64le: - uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - - publish-kata-deploy-payload-s390x: - needs: build-kata-static-tarball-s390x - uses: ./.github/workflows/publish-kata-deploy-payload-s390x.yaml - with: - tarball-suffix: -${{ inputs.tag }} - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-s390x - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - publish-kata-deploy-payload-ppc64le: - needs: build-kata-static-tarball-ppc64le - uses: ./.github/workflows/publish-kata-deploy-payload-ppc64le.yaml - with: - tarball-suffix: -${{ inputs.tag }} - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-ppc64le - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - build-and-publish-tee-confidential-unencrypted-image: - runs-on: ubuntu-22.04 - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to Kata Containers ghcr.io - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Docker build and push - uses: docker/build-push-action@v5 - with: - tags: ghcr.io/kata-containers/test-images:unencrypted-${{ inputs.pr-number }} - push: true - context: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/ - platforms: linux/amd64, linux/s390x - file: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/Dockerfile - - run-kata-monitor-tests: - if: ${{ inputs.skip-test != 'yes' }} - needs: build-kata-static-tarball-amd64 - uses: ./.github/workflows/run-kata-monitor-tests.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - - run-k8s-tests-on-aks: - if: ${{ inputs.skip-test != 'yes' }} - needs: publish-kata-deploy-payload-amd64 - uses: ./.github/workflows/run-k8s-tests-on-aks.yaml - with: - tarball-suffix: -${{ inputs.tag }} - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-amd64 - commit-hash: ${{ inputs.commit-hash }} - pr-number: ${{ inputs.pr-number }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - run-k8s-tests-on-amd64: - if: ${{ inputs.skip-test != 'yes' }} - needs: publish-kata-deploy-payload-amd64 - uses: ./.github/workflows/run-k8s-tests-on-amd64.yaml - with: - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-amd64 - commit-hash: ${{ inputs.commit-hash }} - pr-number: ${{ inputs.pr-number }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - run-kata-coco-tests: - if: ${{ inputs.skip-test != 'yes' }} - needs: [publish-kata-deploy-payload-amd64, build-and-publish-tee-confidential-unencrypted-image] - uses: ./.github/workflows/run-kata-coco-tests.yaml - with: - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-amd64 - commit-hash: ${{ inputs.commit-hash }} - pr-number: ${{ inputs.pr-number }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - run-k8s-tests-on-zvsi: - if: ${{ inputs.skip-test != 'yes' }} - needs: [publish-kata-deploy-payload-s390x, build-and-publish-tee-confidential-unencrypted-image] - uses: ./.github/workflows/run-k8s-tests-on-zvsi.yaml - with: - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-s390x - commit-hash: ${{ inputs.commit-hash }} - pr-number: ${{ inputs.pr-number }} - target-branch: ${{ inputs.target-branch }} - secrets: inherit - - run-k8s-tests-on-ppc64le: - if: ${{ inputs.skip-test != 'yes' }} - needs: publish-kata-deploy-payload-ppc64le - uses: ./.github/workflows/run-k8s-tests-on-ppc64le.yaml - with: - registry: ghcr.io - repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ inputs.tag }}-ppc64le - commit-hash: ${{ inputs.commit-hash }} - pr-number: ${{ inputs.pr-number }} - target-branch: ${{ inputs.target-branch }} - - run-metrics-tests: - if: ${{ inputs.skip-test != 'yes' }} - needs: build-kata-static-tarball-amd64 - uses: ./.github/workflows/run-metrics.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - - run-basic-amd64-tests: - if: ${{ inputs.skip-test != 'yes' }} - needs: build-kata-static-tarball-amd64 - uses: ./.github/workflows/basic-ci-amd64.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - - run-cri-containerd-tests-s390x: - if: ${{ inputs.skip-test != 'yes' }} - needs: build-kata-static-tarball-s390x - uses: ./.github/workflows/run-cri-containerd-tests-s390x.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} - - run-cri-containerd-tests-ppc64le: - if: ${{ inputs.skip-test != 'yes' }} - needs: build-kata-static-tarball-ppc64le - uses: ./.github/workflows/run-cri-containerd-tests-ppc64le.yaml - with: - tarball-suffix: -${{ inputs.tag }} - commit-hash: ${{ inputs.commit-hash }} - target-branch: ${{ inputs.target-branch }} diff --git a/.github/workflows/cleanup-resources.yaml b/.github/workflows/cleanup-resources.yaml deleted file mode 100644 index d327ad55d61d..000000000000 --- a/.github/workflows/cleanup-resources.yaml +++ /dev/null @@ -1,31 +0,0 @@ -name: Cleanup dangling Azure resources -on: - schedule: - - cron: "0 0 * * *" - workflow_dispatch: - -jobs: - cleanup-resources: - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - - - name: Log into Azure - env: - AZ_APPID: ${{ secrets.AZ_APPID }} - AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} - AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} - AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} - run: bash tests/integration/kubernetes/gha-run.sh login-azure - - - name: Install Python dependencies - run: | - pip3 install --user --upgrade \ - azure-identity==1.16.0 \ - azure-mgmt-resource==23.0.1 - - - name: Cleanup resources - env: - AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} - CLEANUP_AFTER_HOURS: 24 # Clean up resources created more than this many hours ago. - run: python3 tests/cleanup_resources.py diff --git a/.github/workflows/commit-message-check.yaml b/.github/workflows/commit-message-check.yaml deleted file mode 100644 index bb697cbf879b..000000000000 --- a/.github/workflows/commit-message-check.yaml +++ /dev/null @@ -1,101 +0,0 @@ -name: Commit Message Check -on: - pull_request: - types: - - opened - - reopened - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -env: - error_msg: |+ - See the document below for help on formatting commits for the project. - - https://github.com/kata-containers/community/blob/main/CONTRIBUTING.md#patch-format - -jobs: - commit-message-check: - runs-on: ubuntu-22.04 - env: - PR_AUTHOR: ${{ github.event.pull_request.user.login }} - name: Commit Message Check - steps: - - name: Get PR Commits - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - id: 'get-pr-commits' - uses: tim-actions/get-pr-commits@v1.2.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - # Filter out revert commits - # The format of a revert commit is as follows: - # - # Revert "" - # - # The format of a re-re-vert commit as follows: - # - # Reapply "" - filter_out_pattern: '^Revert "|^Reapply "' - - - name: DCO Check - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: tim-actions/dco@2fd0504dc0d27b33f542867c300c60840c6dcb20 - with: - commits: ${{ steps.get-pr-commits.outputs.commits }} - - - name: Commit Body Missing Check - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') && ( success() || failure() ) }} - uses: tim-actions/commit-body-check@v1.0.2 - with: - commits: ${{ steps.get-pr-commits.outputs.commits }} - - - name: Check Subject Line Length - if: ${{ (env.PR_AUTHOR != 'dependabot[bot]') && !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') && ( success() || failure() ) }} - uses: tim-actions/commit-message-checker-with-regex@v0.3.1 - with: - commits: ${{ steps.get-pr-commits.outputs.commits }} - pattern: '^.{0,75}(\n.*)*$' - error: 'Subject too long (max 75)' - post_error: ${{ env.error_msg }} - - - name: Check Body Line Length - if: ${{ (env.PR_AUTHOR != 'dependabot[bot]') && !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') && ( success() || failure() ) }} - uses: tim-actions/commit-message-checker-with-regex@v0.3.1 - with: - commits: ${{ steps.get-pr-commits.outputs.commits }} - # Notes: - # - # - The subject line is not enforced here (see other check), but has - # to be specified at the start of the regex as the action is passed - # the entire commit message. - # - # - This check will pass if the commit message only contains a subject - # line, as other body message properties are enforced elsewhere. - # - # - Body lines *can* be longer than the maximum if they start - # with a non-alphabetic character or if there is no whitespace in - # the line. - # - # This allows stack traces, log files snippets, emails, long URLs, - # etc to be specified. Some of these naturally "work" as they start - # with numeric timestamps or addresses. Emails can but quoted using - # the normal ">" character, markdown bullets ("-", "*") are also - # useful for lists of URLs, but it is always possible to override - # the check by simply space indenting the content you need to add. - # - # - A SoB comment can be any length (as it is unreasonable to penalise - # people with long names/email addresses :) - pattern: '(^[^\n]+$|^.+(\n([a-zA-Z].{0,150}|[^a-zA-Z\n].*|[^\s\n]*|Signed-off-by:.*|))+$)' - error: 'Body line too long (max 150)' - post_error: ${{ env.error_msg }} - - - name: Check Subsystem - if: ${{ (env.PR_AUTHOR != 'dependabot[bot]') && !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') && ( success() || failure() ) }} - uses: tim-actions/commit-message-checker-with-regex@v0.3.1 - with: - commits: ${{ steps.get-pr-commits.outputs.commits }} - pattern: '^[\s\t]*[^:\s\t]+[\s\t]*:' - error: 'Failed to find subsystem in subject' - post_error: ${{ env.error_msg }} diff --git a/.github/workflows/darwin-tests.yaml b/.github/workflows/darwin-tests.yaml deleted file mode 100644 index d3d1c2a38a20..000000000000 --- a/.github/workflows/darwin-tests.yaml +++ /dev/null @@ -1,25 +0,0 @@ -on: - pull_request: - types: - - opened - - edited - - reopened - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -name: Darwin tests -jobs: - test: - runs-on: macos-latest - steps: - - name: Install Go - uses: actions/setup-go@v2 - with: - go-version: 1.22.2 - - name: Checkout code - uses: actions/checkout@v4 - - name: Build utils - run: ./ci/darwin-test.sh diff --git a/.github/workflows/docs-url-alive-check.yaml b/.github/workflows/docs-url-alive-check.yaml deleted file mode 100644 index a13343798155..000000000000 --- a/.github/workflows/docs-url-alive-check.yaml +++ /dev/null @@ -1,32 +0,0 @@ -on: - schedule: - - cron: '0 23 * * 0' - -name: Docs URL Alive Check -jobs: - test: - runs-on: ubuntu-22.04 - # don't run this action on forks - if: github.repository_owner == 'kata-containers' - env: - target_branch: ${{ github.base_ref }} - steps: - - name: Install Go - uses: actions/setup-go@v2 - with: - go-version: 1.22.2 - env: - GOPATH: ${{ runner.workspace }}/kata-containers - - name: Set env - run: | - echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV - echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - path: ./src/github.com/${{ github.repository }} - # docs url alive check - - name: Docs URL Alive Check - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} && make docs-url-alive-check diff --git a/.github/workflows/gatekeeper-skipper.yaml b/.github/workflows/gatekeeper-skipper.yaml deleted file mode 100644 index b3e269575d55..000000000000 --- a/.github/workflows/gatekeeper-skipper.yaml +++ /dev/null @@ -1,52 +0,0 @@ -name: Skipper - -# This workflow sets various "skip_*" output values that can be used to -# determine what workflows/jobs are expected to be executed. Sample usage: -# -# skipper: -# uses: ./.github/workflows/gatekeeper-skipper.yaml -# with: -# commit-hash: ${{ github.event.pull_request.head.sha }} -# target-branch: ${{ github.event.pull_request.base.ref }} -# -# your-workflow: -# needs: skipper -# if: ${{ needs.skipper.outputs.skip_build != 'yes' }} - -on: - workflow_call: - inputs: - commit-hash: - required: true - type: string - target-branch: - required: false - type: string - default: "" - outputs: - skip_build: - value: ${{ jobs.skipper.outputs.skip_build }} - skip_test: - value: ${{ jobs.skipper.outputs.skip_test }} - skip_static: - value: ${{ jobs.skipper.outputs.skip_static }} - - -jobs: - skipper: - runs-on: ubuntu-latest - outputs: - skip_build: ${{ steps.skipper.outputs.skip_build }} - skip_test: ${{ steps.skipper.outputs.skip_test }} - skip_static: ${{ steps.skipper.outputs.skip_static }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - id: skipper - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - run: | - python3 tools/testing/gatekeeper/skips.py | tee -a "$GITHUB_OUTPUT" - shell: /usr/bin/bash -x {0} diff --git a/.github/workflows/gatekeeper.yaml b/.github/workflows/gatekeeper.yaml deleted file mode 100644 index 0cb7396d7019..000000000000 --- a/.github/workflows/gatekeeper.yaml +++ /dev/null @@ -1,44 +0,0 @@ -name: Gatekeeper - -# Gatekeeper uses the "skips.py" to determine which job names/regexps are -# required for given PR and waits for them to either complete or fail -# reporting the status. - -on: - pull_request_target: - types: - - opened - - synchronize - - reopened - - labeled - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - gatekeeper: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 - - id: gatekeeper - env: - TARGET_BRANCH: ${{ github.event.pull_request.base.ref }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - COMMIT_HASH: ${{ github.event.pull_request.head.sha }} - PR_NUMBER: ${{ github.event.pull_request.number }} - run: | - #!/usr/bin/env bash -x - mapfile -t lines < <(python3 tools/testing/gatekeeper/skips.py -t) - export REQUIRED_JOBS="${lines[0]}" - export REQUIRED_REGEXPS="${lines[1]}" - export REQUIRED_LABELS="${lines[2]}" - echo "REQUIRED_JOBS: $REQUIRED_JOBS" - echo "REQUIRED_REGEXPS: $REQUIRED_REGEXPS" - echo "REQUIRED_LABELS: $REQUIRED_LABELS" - python3 tools/testing/gatekeeper/jobs.py - exit $? - shell: /usr/bin/bash -x {0} diff --git a/.github/workflows/kata-runtime-classes-sync.yaml b/.github/workflows/kata-runtime-classes-sync.yaml deleted file mode 100644 index ae3935872b95..000000000000 --- a/.github/workflows/kata-runtime-classes-sync.yaml +++ /dev/null @@ -1,36 +0,0 @@ -on: - pull_request: - types: - - opened - - edited - - reopened - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - kata-deploy-runtime-classes-check: - runs-on: ubuntu-22.04 - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Ensure the split out runtime classes match the all-in-one file - run: | - pushd tools/packaging/kata-deploy/runtimeclasses/ - echo "::group::Combine runtime classes" - for runtimeClass in `find . -type f \( -name "*.yaml" -and -not -name "kata-runtimeClasses.yaml" \) | sort`; do - echo "Adding ${runtimeClass} to the resultingRuntimeClasses.yaml" - cat ${runtimeClass} >> resultingRuntimeClasses.yaml; - done - echo "::endgroup::" - echo "::group::Displaying the content of resultingRuntimeClasses.yaml" - cat resultingRuntimeClasses.yaml - echo "::endgroup::" - echo "" - echo "::group::Displaying the content of kata-runtimeClasses.yaml" - cat kata-runtimeClasses.yaml - echo "::endgroup::" - echo "" - diff resultingRuntimeClasses.yaml kata-runtimeClasses.yaml diff --git a/.github/workflows/move-issues-to-in-progress.yaml b/.github/workflows/move-issues-to-in-progress.yaml deleted file mode 100644 index b59544f8f599..000000000000 --- a/.github/workflows/move-issues-to-in-progress.yaml +++ /dev/null @@ -1,91 +0,0 @@ -# Copyright (c) 2020 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 -# - -name: Move issues to "In progress" in backlog project when referenced by a PR - -on: - pull_request_target: - types: - - opened - - reopened - -jobs: - move-linked-issues-to-in-progress: - runs-on: ubuntu-22.04 - steps: - - name: Install hub - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - HUB_ARCH="amd64" - HUB_VER=$(curl -sL "https://api.github.com/repos/github/hub/releases/latest" |\ - jq -r .tag_name | sed 's/^v//') - curl -sL \ - "https://github.com/github/hub/releases/download/v${HUB_VER}/hub-linux-${HUB_ARCH}-${HUB_VER}.tgz" |\ - tar xz --strip-components=2 --wildcards '*/bin/hub' && \ - sudo install hub /usr/local/bin - - - name: Install hub extension script - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - # Clone into a temporary directory to avoid overwriting - # any existing github directory. - pushd $(mktemp -d) &>/dev/null - git clone --single-branch --depth 1 "https://github.com/kata-containers/.github" && cd .github/scripts - sudo install hub-util.sh /usr/local/bin - popd &>/dev/null - - - name: Checkout code to allow hub to communicate with the project - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ github.event.pull_request.base.ref }} - - - name: Move issue to "In progress" - if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - env: - GITHUB_TOKEN: ${{ secrets.KATA_GITHUB_ACTIONS_TOKEN }} - run: | - pr=${{ github.event.pull_request.number }} - - linked_issue_urls=$(hub-util.sh \ - list-issues-for-pr "$pr" |\ - grep -v "^\#" |\ - cut -d';' -f3 || true) - - # PR doesn't have any linked issues, handle it only if it exists - [ -z "$linked_issue_urls" ] && { - echo "::warning::No linked issues for PR $pr" - exit 0 - } - - project_name="Issue backlog" - project_type="org" - project_column="In progress" - - for issue_url in $(echo "$linked_issue_urls") - do - issue=$(echo "$issue_url"| awk -F\/ '{print $NF}' || true) - - [ -z "$issue" ] && { - echo "::error::Cannot determine issue number from $issue_url for PR $pr" - exit 1 - } - - # Move the issue to the correct column on the project board - hub-util.sh \ - move-issue \ - "$issue" \ - "$project_name" \ - "$project_type" \ - "$project_column" - done diff --git a/.github/workflows/payload-after-push.yaml b/.github/workflows/payload-after-push.yaml deleted file mode 100644 index a0507b3d2c4c..000000000000 --- a/.github/workflows/payload-after-push.yaml +++ /dev/null @@ -1,107 +0,0 @@ -name: CI | Publish Kata Containers payload -on: - push: - branches: - - main - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - -jobs: - build-assets-amd64: - uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml - with: - commit-hash: ${{ github.sha }} - push-to-registry: yes - target-branch: ${{ github.ref_name }} - secrets: inherit - - build-assets-arm64: - uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml - with: - commit-hash: ${{ github.sha }} - push-to-registry: yes - target-branch: ${{ github.ref_name }} - secrets: inherit - - build-assets-s390x: - uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml - with: - commit-hash: ${{ github.sha }} - push-to-registry: yes - target-branch: ${{ github.ref_name }} - secrets: inherit - - build-assets-ppc64le: - uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml - with: - commit-hash: ${{ github.sha }} - push-to-registry: yes - target-branch: ${{ github.ref_name }} - secrets: inherit - - publish-kata-deploy-payload-amd64: - needs: build-assets-amd64 - uses: ./.github/workflows/publish-kata-deploy-payload-amd64.yaml - with: - commit-hash: ${{ github.sha }} - registry: quay.io - repo: kata-containers/kata-deploy-ci - tag: kata-containers-latest-amd64 - target-branch: ${{ github.ref_name }} - secrets: inherit - - publish-kata-deploy-payload-arm64: - needs: build-assets-arm64 - uses: ./.github/workflows/publish-kata-deploy-payload-arm64.yaml - with: - commit-hash: ${{ github.sha }} - registry: quay.io - repo: kata-containers/kata-deploy-ci - tag: kata-containers-latest-arm64 - target-branch: ${{ github.ref_name }} - secrets: inherit - - publish-kata-deploy-payload-s390x: - needs: build-assets-s390x - uses: ./.github/workflows/publish-kata-deploy-payload-s390x.yaml - with: - commit-hash: ${{ github.sha }} - registry: quay.io - repo: kata-containers/kata-deploy-ci - tag: kata-containers-latest-s390x - target-branch: ${{ github.ref_name }} - secrets: inherit - - publish-kata-deploy-payload-ppc64le: - needs: build-assets-ppc64le - uses: ./.github/workflows/publish-kata-deploy-payload-ppc64le.yaml - with: - commit-hash: ${{ github.sha }} - registry: quay.io - repo: kata-containers/kata-deploy-ci - tag: kata-containers-latest-ppc64le - target-branch: ${{ github.ref_name }} - secrets: inherit - - publish-manifest: - runs-on: ubuntu-22.04 - needs: [publish-kata-deploy-payload-amd64, publish-kata-deploy-payload-arm64, publish-kata-deploy-payload-s390x, publish-kata-deploy-payload-ppc64le] - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - name: Push multi-arch manifest - run: | - ./tools/packaging/release/release.sh publish-multiarch-manifest - env: - KATA_DEPLOY_IMAGE_TAGS: "kata-containers-latest" - KATA_DEPLOY_REGISTRIES: "quay.io/kata-containers/kata-deploy-ci" diff --git a/.github/workflows/publish-kata-deploy-payload-amd64.yaml b/.github/workflows/publish-kata-deploy-payload-amd64.yaml deleted file mode 100644 index c0d4f3133722..000000000000 --- a/.github/workflows/publish-kata-deploy-payload-amd64.yaml +++ /dev/null @@ -1,66 +0,0 @@ -name: CI | Publish kata-deploy payload for amd64 -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - kata-payload: - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - - - name: Login to Kata Containers quay.io - if: ${{ inputs.registry == 'quay.io' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - name: Login to Kata Containers ghcr.io - if: ${{ inputs.registry == 'ghcr.io' }} - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: build-and-push-kata-payload - id: build-and-push-kata-payload - run: | - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz \ - ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} diff --git a/.github/workflows/publish-kata-deploy-payload-arm64.yaml b/.github/workflows/publish-kata-deploy-payload-arm64.yaml deleted file mode 100644 index 5a6737f7ae5b..000000000000 --- a/.github/workflows/publish-kata-deploy-payload-arm64.yaml +++ /dev/null @@ -1,71 +0,0 @@ -name: CI | Publish kata-deploy payload for arm64 -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - kata-payload: - runs-on: arm64-builder - steps: - - name: Adjust a permission for repo - run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-arm64${{ inputs.tarball-suffix }} - - - name: Login to Kata Containers quay.io - if: ${{ inputs.registry == 'quay.io' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - name: Login to Kata Containers ghcr.io - if: ${{ inputs.registry == 'ghcr.io' }} - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: build-and-push-kata-payload - id: build-and-push-kata-payload - run: | - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz \ - ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} - diff --git a/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml b/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml deleted file mode 100644 index 04f423d3e47e..000000000000 --- a/.github/workflows/publish-kata-deploy-payload-ppc64le.yaml +++ /dev/null @@ -1,75 +0,0 @@ -name: CI | Publish kata-deploy payload for ppc64le -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - kata-payload: - runs-on: ppc64le - steps: - - name: Prepare the self-hosted runner - run: | - ${HOME}/scripts/prepare_runner.sh - sudo rm -rf $GITHUB_WORKSPACE/* - - - name: Adjust a permission for repo - run: | - sudo chown -R $USER:$USER $GITHUB_WORKSPACE - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-ppc64le${{ inputs.tarball-suffix }} - - - name: Login to Kata Containers quay.io - if: ${{ inputs.registry == 'quay.io' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - name: Login to Kata Containers ghcr.io - if: ${{ inputs.registry == 'ghcr.io' }} - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: build-and-push-kata-payload - id: build-and-push-kata-payload - run: | - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz \ - ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} diff --git a/.github/workflows/publish-kata-deploy-payload-s390x.yaml b/.github/workflows/publish-kata-deploy-payload-s390x.yaml deleted file mode 100644 index 3ad8ba65adaa..000000000000 --- a/.github/workflows/publish-kata-deploy-payload-s390x.yaml +++ /dev/null @@ -1,66 +0,0 @@ -name: CI | Publish kata-deploy payload for s390x -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - kata-payload: - runs-on: s390x - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-s390x${{ inputs.tarball-suffix }} - - - name: Login to Kata Containers quay.io - if: ${{ inputs.registry == 'quay.io' }} - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - name: Login to Kata Containers ghcr.io - if: ${{ inputs.registry == 'ghcr.io' }} - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: build-and-push-kata-payload - id: build-and-push-kata-payload - run: | - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz \ - ${{ inputs.registry }}/${{ inputs.repo }} ${{ inputs.tag }} diff --git a/.github/workflows/release-amd64.yaml b/.github/workflows/release-amd64.yaml deleted file mode 100644 index 4ac868cdf263..000000000000 --- a/.github/workflows/release-amd64.yaml +++ /dev/null @@ -1,59 +0,0 @@ -name: Publish Kata release artifacts for amd64 -on: - workflow_call: - inputs: - target-arch: - required: true - type: string - -jobs: - build-kata-static-tarball-amd64: - uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml - with: - push-to-registry: yes - stage: release - secrets: inherit - - kata-deploy: - needs: build-kata-static-tarball-amd64 - runs-on: ubuntu-22.04 - steps: - - name: Login to Kata Containers docker.io - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64 - - - name: build-and-push-kata-deploy-ci-amd64 - id: build-and-push-kata-deploy-ci-amd64 - run: | - # We need to do such trick here as the format of the $GITHUB_REF - # is "refs/tags/" - tag=$(echo $GITHUB_REF | cut -d/ -f3-) - if [ "${tag}" = "main" ]; then - tag=$(./tools/packaging/release/release.sh release-version) - tags=(${tag} "latest") - else - tags=(${tag}) - fi - for tag in ${tags[@]}; do - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ - "${tag}-${{ inputs.target-arch }}" - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ - "${tag}-${{ inputs.target-arch }}" - done diff --git a/.github/workflows/release-arm64.yaml b/.github/workflows/release-arm64.yaml deleted file mode 100644 index 5003606e1ade..000000000000 --- a/.github/workflows/release-arm64.yaml +++ /dev/null @@ -1,59 +0,0 @@ -name: Publish Kata release artifacts for arm64 -on: - workflow_call: - inputs: - target-arch: - required: true - type: string - -jobs: - build-kata-static-tarball-arm64: - uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml - with: - push-to-registry: yes - stage: release - secrets: inherit - - kata-deploy: - needs: build-kata-static-tarball-arm64 - runs-on: arm64-builder - steps: - - name: Login to Kata Containers docker.io - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-arm64 - - - name: build-and-push-kata-deploy-ci-arm64 - id: build-and-push-kata-deploy-ci-arm64 - run: | - # We need to do such trick here as the format of the $GITHUB_REF - # is "refs/tags/" - tag=$(echo $GITHUB_REF | cut -d/ -f3-) - if [ "${tag}" = "main" ]; then - tag=$(./tools/packaging/release/release.sh release-version) - tags=(${tag} "latest") - else - tags=(${tag}) - fi - for tag in ${tags[@]}; do - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ - "${tag}-${{ inputs.target-arch }}" - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ - "${tag}-${{ inputs.target-arch }}" - done diff --git a/.github/workflows/release-ppc64le.yaml b/.github/workflows/release-ppc64le.yaml deleted file mode 100644 index 36f0379de53c..000000000000 --- a/.github/workflows/release-ppc64le.yaml +++ /dev/null @@ -1,64 +0,0 @@ -name: Publish Kata release artifacts for ppc64le -on: - workflow_call: - inputs: - target-arch: - required: true - type: string - -jobs: - build-kata-static-tarball-ppc64le: - uses: ./.github/workflows/build-kata-static-tarball-ppc64le.yaml - with: - push-to-registry: yes - stage: release - secrets: inherit - - kata-deploy: - needs: build-kata-static-tarball-ppc64le - runs-on: ppc64le - steps: - - name: Prepare the self-hosted runner - run: | - bash ${HOME}/scripts/prepare_runner.sh - sudo rm -rf $GITHUB_WORKSPACE/* - - - name: Login to Kata Containers docker.io - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-ppc64le - - - name: build-and-push-kata-deploy-ci-ppc64le - id: build-and-push-kata-deploy-ci-ppc64le - run: | - # We need to do such trick here as the format of the $GITHUB_REF - # is "refs/tags/" - tag=$(echo $GITHUB_REF | cut -d/ -f3-) - if [ "${tag}" = "main" ]; then - tag=$(./tools/packaging/release/release.sh release-version) - tags=(${tag} "latest") - else - tags=(${tag}) - fi - for tag in ${tags[@]}; do - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ - "${tag}-${{ inputs.target-arch }}" - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ - "${tag}-${{ inputs.target-arch }}" - done diff --git a/.github/workflows/release-s390x.yaml b/.github/workflows/release-s390x.yaml deleted file mode 100644 index 4d54c90e024b..000000000000 --- a/.github/workflows/release-s390x.yaml +++ /dev/null @@ -1,59 +0,0 @@ -name: Publish Kata release artifacts for s390x -on: - workflow_call: - inputs: - target-arch: - required: true - type: string - -jobs: - build-kata-static-tarball-s390x: - uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml - with: - push-to-registry: yes - stage: release - secrets: inherit - - kata-deploy: - needs: build-kata-static-tarball-s390x - runs-on: s390x - steps: - - name: Login to Kata Containers docker.io - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - uses: actions/checkout@v4 - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-s390x - - - name: build-and-push-kata-deploy-ci-s390x - id: build-and-push-kata-deploy-ci-s390x - run: | - # We need to do such trick here as the format of the $GITHUB_REF - # is "refs/tags/" - tag=$(echo $GITHUB_REF | cut -d/ -f3-) - if [ "${tag}" = "main" ]; then - tag=$(./tools/packaging/release/release.sh release-version) - tags=(${tag} "latest") - else - tags=(${tag}) - fi - for tag in ${tags[@]}; do - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "docker.io/katadocker/kata-deploy" \ - "${tag}-${{ inputs.target-arch }}" - ./tools/packaging/kata-deploy/local-build/kata-deploy-build-and-upload-payload.sh \ - $(pwd)/kata-static.tar.xz "quay.io/kata-containers/kata-deploy" \ - "${tag}-${{ inputs.target-arch }}" - done diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml deleted file mode 100644 index 128a4cbdab99..000000000000 --- a/.github/workflows/release.yaml +++ /dev/null @@ -1,189 +0,0 @@ -name: Release Kata Containers -on: - workflow_dispatch - -jobs: - release: - runs-on: ubuntu-22.04 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Create a new release - run: | - ./tools/packaging/release/release.sh create-new-release - env: - GH_TOKEN: ${{ github.token }} - - build-and-push-assets-amd64: - needs: release - uses: ./.github/workflows/release-amd64.yaml - with: - target-arch: amd64 - secrets: inherit - - build-and-push-assets-arm64: - needs: release - uses: ./.github/workflows/release-arm64.yaml - with: - target-arch: arm64 - secrets: inherit - - build-and-push-assets-s390x: - needs: release - uses: ./.github/workflows/release-s390x.yaml - with: - target-arch: s390x - secrets: inherit - - build-and-push-assets-ppc64le: - needs: release - uses: ./.github/workflows/release-ppc64le.yaml - with: - target-arch: ppc64le - secrets: inherit - - publish-multi-arch-images: - runs-on: ubuntu-22.04 - needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le] - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Login to Kata Containers docker.io - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 - with: - registry: quay.io - username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} - password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }} - - - name: Get the image tags - run: | - release_version=$(./tools/packaging/release/release.sh release-version) - echo "KATA_DEPLOY_IMAGE_TAGS=$release_version latest" >> "$GITHUB_ENV" - - - name: Publish multi-arch manifest on docker.io and quay.io - run: | - ./tools/packaging/release/release.sh publish-multiarch-manifest - env: - KATA_DEPLOY_REGISTRIES: "quay.io/kata-containers/kata-deploy docker.io/katadocker/kata-deploy" - - upload-multi-arch-static-tarball: - needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le] - runs-on: ubuntu-22.04 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Set KATA_STATIC_TARBALL env var - run: | - tarball=$(pwd)/kata-static.tar.xz - echo "KATA_STATIC_TARBALL=${tarball}" >> "$GITHUB_ENV" - - - name: Download amd64 artifacts - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64 - - - name: Upload amd64 static tarball to GitHub - run: | - ./tools/packaging/release/release.sh upload-kata-static-tarball - env: - GH_TOKEN: ${{ github.token }} - ARCHITECTURE: amd64 - - - name: Download arm64 artifacts - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-arm64 - - - name: Upload arm64 static tarball to GitHub - run: | - ./tools/packaging/release/release.sh upload-kata-static-tarball - env: - GH_TOKEN: ${{ github.token }} - ARCHITECTURE: arm64 - - - name: Download s390x artifacts - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-s390x - - - name: Upload s390x static tarball to GitHub - run: | - ./tools/packaging/release/release.sh upload-kata-static-tarball - env: - GH_TOKEN: ${{ github.token }} - ARCHITECTURE: s390x - - - name: Download ppc64le artifacts - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-ppc64le - - - name: Upload ppc64le static tarball to GitHub - run: | - ./tools/packaging/release/release.sh upload-kata-static-tarball - env: - GH_TOKEN: ${{ github.token }} - ARCHITECTURE: ppc64le - - upload-versions-yaml: - needs: release - runs-on: ubuntu-22.04 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Upload versions.yaml to GitHub - run: | - ./tools/packaging/release/release.sh upload-versions-yaml-file - env: - GH_TOKEN: ${{ github.token }} - - upload-cargo-vendored-tarball: - needs: release - runs-on: ubuntu-22.04 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Generate and upload vendored code tarball - run: | - ./tools/packaging/release/release.sh upload-vendored-code-tarball - env: - GH_TOKEN: ${{ github.token }} - - upload-libseccomp-tarball: - needs: release - runs-on: ubuntu-22.04 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Download libseccomp tarball and upload it to GitHub - run: | - ./tools/packaging/release/release.sh upload-libseccomp-tarball - env: - GH_TOKEN: ${{ github.token }} - - publish-release: - needs: [ build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le, publish-multi-arch-images, upload-multi-arch-static-tarball, upload-versions-yaml, upload-cargo-vendored-tarball, upload-libseccomp-tarball ] - runs-on: ubuntu-22.04 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Publish a release - run: | - ./tools/packaging/release/release.sh publish-release - env: - GH_TOKEN: ${{ github.token }} diff --git a/.github/workflows/run-cri-containerd-tests-ppc64le.yaml b/.github/workflows/run-cri-containerd-tests-ppc64le.yaml deleted file mode 100644 index 8a8a8e9c6640..000000000000 --- a/.github/workflows/run-cri-containerd-tests-ppc64le.yaml +++ /dev/null @@ -1,67 +0,0 @@ -name: CI | Run cri-containerd tests on ppc64le -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-cri-containerd: - strategy: - # We can set this to true whenever we're 100% sure that - # the all the tests are not flaky, otherwise we'll fail - # all the tests due to a single flaky instance - fail-fast: false - matrix: - containerd_version: ['active'] - vmm: ['qemu'] - runs-on: ppc64le - env: - CONTAINERD_VERSION: ${{ matrix.containerd_version }} - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - name: Adjust a permission for repo - run: sudo chown -R $USER:$USER $GITHUB_WORKSPACE - - - name: Prepare the self-hosted runner - run: | - bash ${HOME}/scripts/prepare_runner.sh cri-containerd - sudo rm -rf $GITHUB_WORKSPACE/* - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/cri-containerd/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-ppc64le${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/cri-containerd/gha-run.sh install-kata kata-artifacts - - - name: Run cri-containerd tests - run: bash tests/integration/cri-containerd/gha-run.sh run - - - name: Cleanup actions for the self hosted runner - run: ${HOME}/scripts/cleanup_runner.sh diff --git a/.github/workflows/run-cri-containerd-tests-s390x.yaml b/.github/workflows/run-cri-containerd-tests-s390x.yaml deleted file mode 100644 index 7a8f70bbbbd5..000000000000 --- a/.github/workflows/run-cri-containerd-tests-s390x.yaml +++ /dev/null @@ -1,56 +0,0 @@ -name: CI | Run cri-containerd tests -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-cri-containerd: - strategy: - # We can set this to true whenever we're 100% sure that - # the all the tests are not flaky, otherwise we'll fail - # all the tests due to a single flaky instance - fail-fast: false - matrix: - containerd_version: ['active'] - vmm: ['qemu', 'qemu-runtime-rs'] - runs-on: s390x-large - env: - CONTAINERD_VERSION: ${{ matrix.containerd_version }} - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/cri-containerd/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-s390x${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/cri-containerd/gha-run.sh install-kata kata-artifacts - - - name: Run cri-containerd tests - run: bash tests/integration/cri-containerd/gha-run.sh run diff --git a/.github/workflows/run-k8s-tests-on-aks.yaml b/.github/workflows/run-k8s-tests-on-aks.yaml deleted file mode 100644 index 0677e47c74ef..000000000000 --- a/.github/workflows/run-k8s-tests-on-aks.yaml +++ /dev/null @@ -1,128 +0,0 @@ -name: CI | Run kubernetes tests on AKS -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - pr-number: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-k8s-tests: - strategy: - fail-fast: false - matrix: - host_os: - - ubuntu - vmm: - - clh - - dragonball - - qemu - - qemu-runtime-rs - - stratovirt - - cloud-hypervisor - instance-type: - - small - - normal - include: - - host_os: cbl-mariner - vmm: clh - instance-type: small - genpolicy-pull-method: oci-distribution - auto-generate-policy: yes - - host_os: cbl-mariner - vmm: clh - instance-type: small - genpolicy-pull-method: containerd - auto-generate-policy: yes - - host_os: cbl-mariner - vmm: clh - instance-type: normal - auto-generate-policy: yes - runs-on: ubuntu-22.04 - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - GH_PR_NUMBER: ${{ inputs.pr-number }} - KATA_HOST_OS: ${{ matrix.host_os }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBERNETES: "vanilla" - USING_NFD: "false" - K8S_TEST_HOST_TYPE: ${{ matrix.instance-type }} - GENPOLICY_PULL_METHOD: ${{ matrix.genpolicy-pull-method }} - AUTO_GENERATE_POLICY: ${{ matrix.auto-generate-policy }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/kubernetes/gha-run.sh install-kata-tools kata-artifacts - - - name: Download Azure CLI - run: bash tests/integration/kubernetes/gha-run.sh install-azure-cli - - - name: Log into the Azure account - run: bash tests/integration/kubernetes/gha-run.sh login-azure - env: - AZ_APPID: ${{ secrets.AZ_APPID }} - AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} - AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} - AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} - - - name: Create AKS cluster - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh create-cluster - - - name: Install `bats` - run: bash tests/integration/kubernetes/gha-run.sh install-bats - - - name: Install `kubectl` - run: bash tests/integration/kubernetes/gha-run.sh install-kubectl - - - name: Download credentials for the Kubernetes CLI to use them - run: bash tests/integration/kubernetes/gha-run.sh get-cluster-credentials - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-aks - - - name: Run tests - timeout-minutes: 60 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Delete AKS cluster - if: always() - run: bash tests/integration/kubernetes/gha-run.sh delete-cluster diff --git a/.github/workflows/run-k8s-tests-on-amd64.yaml b/.github/workflows/run-k8s-tests-on-amd64.yaml deleted file mode 100644 index 338e923f299c..000000000000 --- a/.github/workflows/run-k8s-tests-on-amd64.yaml +++ /dev/null @@ -1,107 +0,0 @@ -name: CI | Run kubernetes tests on amd64 -on: - workflow_call: - inputs: - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - pr-number: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-k8s-tests-amd64: - strategy: - fail-fast: false - matrix: - vmm: - - clh #cloud-hypervisor - - dragonball - - fc #firecracker - - qemu - - cloud-hypervisor - container_runtime: - - containerd - snapshotter: - - devmapper - k8s: - - k3s - include: - - vmm: qemu - container_runtime: crio - snapshotter: "" - k8s: k0s - runs-on: ubuntu-22.04 - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - PR_NUMBER: ${{ inputs.pr-number }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBERNETES: ${{ matrix.k8s }} - KUBERNETES_EXTRA_PARAMS: ${{ matrix.container_runtime != 'crio' && '' || '--cri-socket remote:unix:///var/run/crio/crio.sock --kubelet-extra-args --cgroup-driver="systemd"' }} - SNAPSHOTTER: ${{ matrix.snapshotter }} - USING_NFD: "false" - K8S_TEST_HOST_TYPE: all - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Configure CRI-O - if: matrix.container_runtime == 'crio' - run: bash tests/integration/kubernetes/gha-run.sh setup-crio - - - name: Deploy ${{ matrix.k8s }} - run: bash tests/integration/kubernetes/gha-run.sh deploy-k8s - - - name: Configure the ${{ matrix.snapshotter }} snapshotter - if: matrix.snapshotter != '' - run: bash tests/integration/kubernetes/gha-run.sh configure-snapshotter - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata - - - name: Install `bats` - run: bash tests/integration/kubernetes/gha-run.sh install-bats - - - name: Run tests - timeout-minutes: 30 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Collect artifacts ${{ matrix.vmm }} - if: always() - run: bash tests/integration/kubernetes/gha-run.sh collect-artifacts - continue-on-error: true - - - name: Archive artifacts ${{ matrix.vmm }} - uses: actions/upload-artifact@v4 - with: - name: k8s-tests-${{ matrix.vmm }}-${{ matrix.snapshotter }}-${{ matrix.k8s }}-${{ matrix.instance }}-${{ inputs.tag }} - path: /tmp/artifacts - retention-days: 1 - - - name: Delete kata-deploy - if: always() - run: bash tests/integration/kubernetes/gha-run.sh cleanup diff --git a/.github/workflows/run-k8s-tests-on-ppc64le.yaml b/.github/workflows/run-k8s-tests-on-ppc64le.yaml deleted file mode 100644 index e8d7d929dc91..000000000000 --- a/.github/workflows/run-k8s-tests-on-ppc64le.yaml +++ /dev/null @@ -1,82 +0,0 @@ -name: CI | Run kubernetes tests on Power(ppc64le) -on: - workflow_call: - inputs: - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - pr-number: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-k8s-tests: - strategy: - fail-fast: false - matrix: - vmm: - - qemu - k8s: - - kubeadm - runs-on: k8s-ppc64le - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - PR_NUMBER: ${{ inputs.pr-number }} - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBERNETES: ${{ matrix.k8s }} - USING_NFD: "false" - TARGET_ARCH: "ppc64le" - steps: - - name: Prepare the self-hosted runner - run: | - bash ${HOME}/scripts/prepare_runner.sh kubernetes - sudo rm -rf $GITHUB_WORKSPACE/* - - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install golang - run: | - ./tests/install_go.sh -f -p - echo "/usr/local/go/bin" >> $GITHUB_PATH - - - name: Prepare the runner for k8s cluster creation - run: bash ${HOME}/scripts/k8s_cluster_cleanup.sh - - - name: Create k8s cluster using kubeadm - run: bash ${HOME}/scripts/k8s_cluster_create.sh - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-kubeadm - - - name: Run tests - timeout-minutes: 30 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Delete cluster and post cleanup actions - run: bash ${HOME}/scripts/k8s_cluster_cleanup.sh diff --git a/.github/workflows/run-k8s-tests-on-zvsi.yaml b/.github/workflows/run-k8s-tests-on-zvsi.yaml deleted file mode 100644 index 10928bb8dc5b..000000000000 --- a/.github/workflows/run-k8s-tests-on-zvsi.yaml +++ /dev/null @@ -1,141 +0,0 @@ -name: CI | Run kubernetes tests on IBM Cloud Z virtual server instance (zVSI) -on: - workflow_call: - inputs: - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - pr-number: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-k8s-tests: - strategy: - fail-fast: false - matrix: - snapshotter: - - overlayfs - - devmapper - - nydus - vmm: - - qemu - - qemu-runtime-rs - - qemu-coco-dev - k8s: - - k3s - include: - - snapshotter: devmapper - pull-type: default - using-nfd: true - deploy-cmd: configure-snapshotter - - snapshotter: nydus - pull-type: guest-pull - using-nfd: false - deploy-cmd: deploy-snapshotter - exclude: - - snapshotter: overlayfs - vmm: qemu - - snapshotter: overlayfs - vmm: qemu-coco-dev - - snapshotter: devmapper - vmm: qemu-runtime-rs - - snapshotter: devmapper - vmm: qemu-coco-dev - - snapshotter: nydus - vmm: qemu - - snapshotter: nydus - vmm: qemu-runtime-rs - runs-on: s390x-large - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - PR_NUMBER: ${{ inputs.pr-number }} - GH_PR_NUMBER: ${{ inputs.pr-number }} - KATA_HOST_OS: "ubuntu" - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBERNETES: ${{ matrix.k8s }} - PULL_TYPE: ${{ matrix.pull-type }} - SNAPSHOTTER: ${{ matrix.snapshotter }} - USING_NFD: ${{ matrix.using-nfd }} - TARGET_ARCH: "s390x" - AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }} - AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Set SNAPSHOTTER to empty if overlayfs - run: echo "SNAPSHOTTER=" >> $GITHUB_ENV - if: ${{ matrix.snapshotter == 'overlayfs' }} - - - name: Set KBS and KBS_INGRESS if qemu-coco-dev - run: | - echo "KBS=true" >> $GITHUB_ENV - echo "KBS_INGRESS=nodeport" >> $GITHUB_ENV - if: ${{ matrix.vmm == 'qemu-coco-dev' }} - - - name: Deploy ${{ matrix.k8s }} - run: bash tests/integration/kubernetes/gha-run.sh deploy-k8s - - # qemu-runtime-rs only works with overlayfs - # See: https://github.com/kata-containers/kata-containers/issues/10066 - - name: Configure the ${{ matrix.snapshotter }} snapshotter - run: bash tests/integration/kubernetes/gha-run.sh ${{ matrix.deploy-cmd }} - if: ${{ matrix.snapshotter != 'overlayfs' }} - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-zvsi - - - name: Uninstall previous `kbs-client` - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client - if: ${{ matrix.vmm == 'qemu-coco-dev' }} - - - name: Deploy CoCo KBS - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs - if: ${{ matrix.vmm == 'qemu-coco-dev' }} - - - name: Install `kbs-client` - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client - if: ${{ matrix.vmm == 'qemu-coco-dev' }} - - - name: Run tests - timeout-minutes: 60 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Delete kata-deploy - if: always() - run: bash tests/integration/kubernetes/gha-run.sh cleanup-zvsi - - - name: Delete CoCo KBS - if: always() - run: | - if [ "${KBS}" == "true" ]; then - bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs - fi diff --git a/.github/workflows/run-kata-coco-stability-tests.yaml b/.github/workflows/run-kata-coco-stability-tests.yaml deleted file mode 100644 index bb4362c8468a..000000000000 --- a/.github/workflows/run-kata-coco-stability-tests.yaml +++ /dev/null @@ -1,113 +0,0 @@ -name: CI | Run Kata CoCo k8s Stability Tests -on: - workflow_call: - inputs: - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - pr-number: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - # Generate jobs for testing CoCo on non-TEE environments - run-stability-k8s-tests-coco-nontee: - strategy: - fail-fast: false - matrix: - vmm: - - qemu-coco-dev - snapshotter: - - nydus - pull-type: - - guest-pull - runs-on: ubuntu-latest - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - GH_PR_NUMBER: ${{ inputs.pr-number }} - KATA_HOST_OS: ${{ matrix.host_os }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - # Some tests rely on that variable to run (or not) - KBS: "true" - # Set the KBS ingress handler (empty string disables handling) - KBS_INGRESS: "aks" - KUBERNETES: "vanilla" - PULL_TYPE: ${{ matrix.pull-type }} - AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }} - AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} - SNAPSHOTTER: ${{ matrix.snapshotter }} - USING_NFD: "false" - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Download Azure CLI - run: bash tests/integration/kubernetes/gha-run.sh install-azure-cli - - - name: Log into the Azure account - run: bash tests/integration/kubernetes/gha-run.sh login-azure - env: - AZ_APPID: ${{ secrets.AZ_APPID }} - AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} - AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} - AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} - - - name: Create AKS cluster - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh create-cluster - - - name: Install `bats` - run: bash tests/integration/kubernetes/gha-run.sh install-bats - - - name: Install `kubectl` - run: bash tests/integration/kubernetes/gha-run.sh install-kubectl - - - name: Download credentials for the Kubernetes CLI to use them - run: bash tests/integration/kubernetes/gha-run.sh get-cluster-credentials - - - name: Deploy Snapshotter - timeout-minutes: 5 - run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-aks - - - name: Deploy CoCo KBS - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs - - - name: Install `kbs-client` - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client - - - name: Run stability tests - timeout-minutes: 300 - run: bash tests/stability/gha-stability-run.sh run-tests - - - name: Delete AKS cluster - if: always() - run: bash tests/integration/kubernetes/gha-run.sh delete-cluster diff --git a/.github/workflows/run-kata-coco-tests.yaml b/.github/workflows/run-kata-coco-tests.yaml deleted file mode 100644 index e76584a1af88..000000000000 --- a/.github/workflows/run-kata-coco-tests.yaml +++ /dev/null @@ -1,323 +0,0 @@ -name: CI | Run kata coco tests -on: - workflow_call: - inputs: - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - pr-number: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-k8s-tests-on-tdx: - strategy: - fail-fast: false - matrix: - vmm: - - qemu-tdx - snapshotter: - - nydus - pull-type: - - guest-pull - runs-on: tdx - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - PR_NUMBER: ${{ inputs.pr-number }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBERNETES: "vanilla" - USING_NFD: "true" - KBS: "true" - K8S_TEST_HOST_TYPE: "baremetal" - KBS_INGRESS: "nodeport" - SNAPSHOTTER: ${{ matrix.snapshotter }} - PULL_TYPE: ${{ matrix.pull-type }} - AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }} - AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} - ITA_KEY: ${{ secrets.ITA_KEY }} - AUTO_GENERATE_POLICY: "yes" - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Deploy Snapshotter - timeout-minutes: 5 - run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-tdx - - - name: Uninstall previous `kbs-client` - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client - - - name: Deploy CoCo KBS - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs - - - name: Install `kbs-client` - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client - - - name: Run tests - timeout-minutes: 100 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Delete kata-deploy - if: always() - run: bash tests/integration/kubernetes/gha-run.sh cleanup-tdx - - - name: Delete Snapshotter - if: always() - run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter - - - name: Delete CoCo KBS - if: always() - run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs - - run-k8s-tests-on-sev: - strategy: - fail-fast: false - matrix: - vmm: - - qemu-sev - snapshotter: - - nydus - pull-type: - - guest-pull - runs-on: sev - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - PR_NUMBER: ${{ inputs.pr-number }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBECONFIG: /home/kata/.kube/config - KUBERNETES: "vanilla" - USING_NFD: "false" - K8S_TEST_HOST_TYPE: "baremetal" - SNAPSHOTTER: ${{ matrix.snapshotter }} - PULL_TYPE: ${{ matrix.pull-type }} - AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }} - AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} - AUTO_GENERATE_POLICY: "yes" - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Deploy Snapshotter - timeout-minutes: 5 - run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-sev - - - name: Run tests - timeout-minutes: 50 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Delete kata-deploy - if: always() - run: bash tests/integration/kubernetes/gha-run.sh cleanup-sev - - - name: Delete Snapshotter - if: always() - run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter - - run-k8s-tests-sev-snp: - strategy: - fail-fast: false - matrix: - vmm: - - qemu-snp - snapshotter: - - nydus - pull-type: - - guest-pull - runs-on: sev-snp - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - PR_NUMBER: ${{ inputs.pr-number }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBECONFIG: /home/kata/.kube/config - KUBERNETES: "vanilla" - USING_NFD: "false" - KBS: "true" - KBS_INGRESS: "nodeport" - K8S_TEST_HOST_TYPE: "baremetal" - SNAPSHOTTER: ${{ matrix.snapshotter }} - PULL_TYPE: ${{ matrix.pull-type }} - AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }} - AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} - AUTO_GENERATE_POLICY: "yes" - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Deploy Snapshotter - timeout-minutes: 5 - run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-snp - - - name: Uninstall previous `kbs-client` - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh uninstall-kbs-client - - - name: Deploy CoCo KBS - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs - - - name: Install `kbs-client` - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client - - - name: Run tests - timeout-minutes: 50 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Delete kata-deploy - if: always() - run: bash tests/integration/kubernetes/gha-run.sh cleanup-snp - - - name: Delete Snapshotter - if: always() - run: bash tests/integration/kubernetes/gha-run.sh cleanup-snapshotter - - - name: Delete CoCo KBS - if: always() - run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs - - # Generate jobs for testing CoCo on non-TEE environments - run-k8s-tests-coco-nontee: - strategy: - fail-fast: false - matrix: - vmm: - - qemu-coco-dev - snapshotter: - - nydus - pull-type: - - guest-pull - runs-on: ubuntu-22.04 - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - GH_PR_NUMBER: ${{ inputs.pr-number }} - KATA_HOST_OS: ${{ matrix.host_os }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - # Some tests rely on that variable to run (or not) - KBS: "true" - # Set the KBS ingress handler (empty string disables handling) - KBS_INGRESS: "aks" - KUBERNETES: "vanilla" - PULL_TYPE: ${{ matrix.pull-type }} - AUTHENTICATED_IMAGE_USER: ${{ secrets.AUTHENTICATED_IMAGE_USER }} - AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }} - SNAPSHOTTER: ${{ matrix.snapshotter }} - USING_NFD: "false" - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Download Azure CLI - run: bash tests/integration/kubernetes/gha-run.sh install-azure-cli - - - name: Log into the Azure account - run: bash tests/integration/kubernetes/gha-run.sh login-azure - env: - AZ_APPID: ${{ secrets.AZ_APPID }} - AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} - AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} - AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} - - - name: Create AKS cluster - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh create-cluster - - - name: Install `bats` - run: bash tests/integration/kubernetes/gha-run.sh install-bats - - - name: Install `kubectl` - run: bash tests/integration/kubernetes/gha-run.sh install-kubectl - - - name: Download credentials for the Kubernetes CLI to use them - run: bash tests/integration/kubernetes/gha-run.sh get-cluster-credentials - - - name: Deploy Snapshotter - timeout-minutes: 5 - run: bash tests/integration/kubernetes/gha-run.sh deploy-snapshotter - - - name: Deploy Kata - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-aks - - - name: Deploy CoCo KBS - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh deploy-coco-kbs - - - name: Install `kbs-client` - timeout-minutes: 10 - run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client - - - name: Run tests - timeout-minutes: 60 - run: bash tests/integration/kubernetes/gha-run.sh run-tests - - - name: Delete AKS cluster - if: always() - run: bash tests/integration/kubernetes/gha-run.sh delete-cluster diff --git a/.github/workflows/run-kata-deploy-tests-on-aks.yaml b/.github/workflows/run-kata-deploy-tests-on-aks.yaml deleted file mode 100644 index b397e8a87174..000000000000 --- a/.github/workflows/run-kata-deploy-tests-on-aks.yaml +++ /dev/null @@ -1,91 +0,0 @@ -name: CI | Run kata-deploy tests on AKS -on: - workflow_call: - inputs: - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - pr-number: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-kata-deploy-tests: - strategy: - fail-fast: false - matrix: - host_os: - - ubuntu - vmm: - - clh - - dragonball - - qemu - - qemu-runtime-rs - include: - - host_os: cbl-mariner - vmm: clh - runs-on: ubuntu-22.04 - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - GH_PR_NUMBER: ${{ inputs.pr-number }} - KATA_HOST_OS: ${{ matrix.host_os }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBERNETES: "vanilla" - USING_NFD: "false" - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Download Azure CLI - run: bash tests/functional/kata-deploy/gha-run.sh install-azure-cli - - - name: Log into the Azure account - run: bash tests/functional/kata-deploy/gha-run.sh login-azure - env: - AZ_APPID: ${{ secrets.AZ_APPID }} - AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }} - AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }} - AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} - - - name: Create AKS cluster - timeout-minutes: 10 - run: bash tests/functional/kata-deploy/gha-run.sh create-cluster - - - name: Install `bats` - run: bash tests/functional/kata-deploy/gha-run.sh install-bats - - - name: Install `kubectl` - run: bash tests/functional/kata-deploy/gha-run.sh install-kubectl - - - name: Download credentials for the Kubernetes CLI to use them - run: bash tests/functional/kata-deploy/gha-run.sh get-cluster-credentials - - - name: Run tests - run: bash tests/functional/kata-deploy/gha-run.sh run-tests - - - name: Delete AKS cluster - if: always() - run: bash tests/functional/kata-deploy/gha-run.sh delete-cluster diff --git a/.github/workflows/run-kata-deploy-tests-on-garm.yaml b/.github/workflows/run-kata-deploy-tests-on-garm.yaml deleted file mode 100644 index c315bfa3a1b6..000000000000 --- a/.github/workflows/run-kata-deploy-tests-on-garm.yaml +++ /dev/null @@ -1,69 +0,0 @@ -name: CI | Run kata-deploy tests on GARM -on: - workflow_call: - inputs: - registry: - required: true - type: string - repo: - required: true - type: string - tag: - required: true - type: string - pr-number: - required: true - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-kata-deploy-tests: - strategy: - fail-fast: false - matrix: - vmm: - - clh - - qemu - k8s: - - k0s - - k3s - - rke2 - # TODO: There are a couple of vmm/k8s combination failing (https://github.com/kata-containers/kata-containers/issues/9854) - # and we will put the entire kata-deploy-tests on GARM on maintenance. - # TODO: Transition to free runner (see #9940). - if: false - runs-on: garm-ubuntu-2004-smaller - env: - DOCKER_REGISTRY: ${{ inputs.registry }} - DOCKER_REPO: ${{ inputs.repo }} - DOCKER_TAG: ${{ inputs.tag }} - PR_NUMBER: ${{ inputs.pr-number }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - KUBERNETES: ${{ matrix.k8s }} - USING_NFD: "false" - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Deploy ${{ matrix.k8s }} - run: bash tests/functional/kata-deploy/gha-run.sh deploy-k8s - - - name: Install `bats` - run: bash tests/functional/kata-deploy/gha-run.sh install-bats - - - name: Run tests - run: bash tests/functional/kata-deploy/gha-run.sh run-tests diff --git a/.github/workflows/run-kata-monitor-tests.yaml b/.github/workflows/run-kata-monitor-tests.yaml deleted file mode 100644 index 575c0c797827..000000000000 --- a/.github/workflows/run-kata-monitor-tests.yaml +++ /dev/null @@ -1,64 +0,0 @@ -name: CI | Run kata-monitor tests -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-monitor: - strategy: - fail-fast: false - matrix: - vmm: - - qemu - container_engine: - - crio - - containerd - # TODO: enable when https://github.com/kata-containers/kata-containers/issues/9853 is fixed - #include: - # - container_engine: containerd - # containerd_version: lts - exclude: - # TODO: enable with containerd when https://github.com/kata-containers/kata-containers/issues/9761 is fixed - - container_engine: containerd - vmm: qemu - runs-on: ubuntu-22.04 - env: - CONTAINER_ENGINE: ${{ matrix.container_engine }} - #CONTAINERD_VERSION: ${{ matrix.containerd_version }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/functional/kata-monitor/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/functional/kata-monitor/gha-run.sh install-kata kata-artifacts - - - name: Run kata-monitor tests - run: bash tests/functional/kata-monitor/gha-run.sh run diff --git a/.github/workflows/run-metrics.yaml b/.github/workflows/run-metrics.yaml deleted file mode 100644 index 37fde9af42cc..000000000000 --- a/.github/workflows/run-metrics.yaml +++ /dev/null @@ -1,94 +0,0 @@ -name: CI | Run test metrics -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - setup-kata: - name: Kata Setup - runs-on: metrics - env: - GOPATH: ${{ github.workspace }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/metrics/gha-run.sh install-kata kata-artifacts - - run-metrics: - needs: setup-kata - strategy: - # We can set this to true whenever we're 100% sure that - # the all the tests are not flaky, otherwise we'll fail - # all the tests due to a single flaky instance. - fail-fast: false - matrix: - vmm: ['clh', 'qemu', 'stratovirt'] - max-parallel: 1 - runs-on: metrics - env: - GOPATH: ${{ github.workspace }} - KATA_HYPERVISOR: ${{ matrix.vmm }} - steps: - - name: enabling the hypervisor - run: bash tests/metrics/gha-run.sh enabling-hypervisor - - - name: run launch times test - run: bash tests/metrics/gha-run.sh run-test-launchtimes - - - name: run memory foot print test - run: bash tests/metrics/gha-run.sh run-test-memory-usage - - - name: run memory usage inside container test - run: bash tests/metrics/gha-run.sh run-test-memory-usage-inside-container - - - name: run blogbench test - run: bash tests/metrics/gha-run.sh run-test-blogbench - - - name: run tensorflow test - run: bash tests/metrics/gha-run.sh run-test-tensorflow - - - name: run fio test - run: bash tests/metrics/gha-run.sh run-test-fio - - - name: run iperf test - run: bash tests/metrics/gha-run.sh run-test-iperf - - - name: run latency test - run: bash tests/metrics/gha-run.sh run-test-latency - - - name: make metrics tarball ${{ matrix.vmm }} - run: bash tests/metrics/gha-run.sh make-tarball-results - - - name: archive metrics results ${{ matrix.vmm }} - uses: actions/upload-artifact@v4 - with: - name: metrics-artifacts-${{ matrix.vmm }} - path: results-${{ matrix.vmm }}.tar.gz - retention-days: 1 - if-no-files-found: error diff --git a/.github/workflows/run-runk-tests.yaml b/.github/workflows/run-runk-tests.yaml deleted file mode 100644 index 20b265575e6f..000000000000 --- a/.github/workflows/run-runk-tests.yaml +++ /dev/null @@ -1,46 +0,0 @@ -name: CI | Run runk tests -on: - workflow_call: - inputs: - tarball-suffix: - required: false - type: string - commit-hash: - required: false - type: string - target-branch: - required: false - type: string - default: "" - -jobs: - run-runk: - runs-on: ubuntu-22.04 - env: - CONTAINERD_VERSION: lts - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.commit-hash }} - fetch-depth: 0 - - - name: Rebase atop of the latest target branch - run: | - ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch" - env: - TARGET_BRANCH: ${{ inputs.target-branch }} - - - name: Install dependencies - run: bash tests/integration/runk/gha-run.sh install-dependencies - - - name: get-kata-tarball - uses: actions/download-artifact@v4 - with: - name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} - path: kata-artifacts - - - name: Install kata - run: bash tests/integration/runk/gha-run.sh install-kata kata-artifacts - - - name: Run runk tests - run: bash tests/integration/runk/gha-run.sh run diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml deleted file mode 100644 index a54d7b924d68..000000000000 --- a/.github/workflows/stale.yaml +++ /dev/null @@ -1,17 +0,0 @@ -name: 'Automatically close stale PRs' -on: - schedule: - - cron: '0 0 * * *' - workflow_dispatch: - -jobs: - stale: - runs-on: ubuntu-22.04 - steps: - - uses: actions/stale@v9 - with: - stale-pr-message: 'This PR has been opened without with no activity for 180 days. Comment on the issue otherwise it will be closed in 7 days' - days-before-pr-stale: 180 - days-before-pr-close: 7 - days-before-issue-stale: -1 - days-before-issue-close: -1 diff --git a/.github/workflows/static-checks-self-hosted.yaml b/.github/workflows/static-checks-self-hosted.yaml deleted file mode 100644 index 943240df312c..000000000000 --- a/.github/workflows/static-checks-self-hosted.yaml +++ /dev/null @@ -1,34 +0,0 @@ -on: - pull_request: - types: - - opened - - synchronize - - reopened - - labeled # a workflow runs only when the 'ok-to-test' label is added - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -name: Static checks self-hosted -jobs: - skipper: - if: ${{ contains(github.event.pull_request.labels.*.name, 'ok-to-test') }} - uses: ./.github/workflows/gatekeeper-skipper.yaml - with: - commit-hash: ${{ github.event.pull_request.head.sha }} - target-branch: ${{ github.event.pull_request.base.ref }} - - build-checks: - needs: skipper - if: ${{ needs.skipper.outputs.skip_static != 'yes' }} - strategy: - fail-fast: false - matrix: - instance: - - "arm-no-k8s" - - "s390x" - - "ppc64le" - uses: ./.github/workflows/build-checks.yaml - with: - instance: ${{ matrix.instance }} diff --git a/.github/workflows/static-checks.yaml b/.github/workflows/static-checks.yaml deleted file mode 100644 index cf3340596724..000000000000 --- a/.github/workflows/static-checks.yaml +++ /dev/null @@ -1,125 +0,0 @@ -on: - pull_request: - types: - - opened - - edited - - reopened - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -name: Static checks -jobs: - skipper: - uses: ./.github/workflows/gatekeeper-skipper.yaml - with: - commit-hash: ${{ github.event.pull_request.head.sha }} - target-branch: ${{ github.event.pull_request.base.ref }} - - check-kernel-config-version: - needs: skipper - if: ${{ needs.skipper.outputs.skip_static != 'yes' }} - runs-on: ubuntu-22.04 - steps: - - name: Checkout the code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Ensure the kernel config version has been updated - run: | - kernel_dir="tools/packaging/kernel/" - kernel_version_file="${kernel_dir}kata_config_version" - modified_files=$(git diff --name-only origin/$GITHUB_BASE_REF..HEAD) - if git diff --name-only origin/$GITHUB_BASE_REF..HEAD "${kernel_dir}" | grep "${kernel_dir}"; then - echo "Kernel directory has changed, checking if $kernel_version_file has been updated" - if echo "$modified_files" | grep -v "README.md" | grep "${kernel_dir}" >>"/dev/null"; then - echo "$modified_files" | grep "$kernel_version_file" >>/dev/null || ( echo "Please bump version in $kernel_version_file" && exit 1) - else - echo "Readme file changed, no need for kernel config version update." - fi - echo "Check passed" - fi - - build-checks: - needs: skipper - if: ${{ needs.skipper.outputs.skip_static != 'yes' }} - uses: ./.github/workflows/build-checks.yaml - with: - instance: ubuntu-22.04 - - build-checks-depending-on-kvm: - runs-on: ubuntu-22.04 - needs: skipper - if: ${{ needs.skipper.outputs.skip_static != 'yes' }} - strategy: - fail-fast: false - matrix: - component: - - runtime-rs - include: - - component: runtime-rs - command: "sudo -E env PATH=$PATH LIBC=gnu SUPPORT_VIRTUALIZATION=true make test" - - component: runtime-rs - component-path: src/dragonball - steps: - - name: Checkout the code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Install system deps - run: | - sudo apt-get install -y build-essential musl-tools - - name: Install yq - run: | - sudo -E ./ci/install_yq.sh - env: - INSTALL_IN_GOPATH: false - - name: Install rust - run: | - export PATH="$PATH:/usr/local/bin" - ./tests/install_rust.sh - - name: Running `${{ matrix.command }}` for ${{ matrix.component }} - run: | - export PATH="$PATH:${HOME}/.cargo/bin" - cd ${{ matrix.component-path }} - ${{ matrix.command }} - env: - RUST_BACKTRACE: "1" - - static-checks: - runs-on: ubuntu-22.04 - needs: skipper - if: ${{ needs.skipper.outputs.skip_static != 'yes' }} - strategy: - fail-fast: false - matrix: - cmd: - - "make static-checks" - env: - GOPATH: ${{ github.workspace }} - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - path: ./src/github.com/${{ github.repository }} - - name: Install yq - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} - ./ci/install_yq.sh - env: - INSTALL_IN_GOPATH: false - - name: Install golang - run: | - cd ${GOPATH}/src/github.com/${{ github.repository }} - ./tests/install_go.sh -f -p - echo "/usr/local/go/bin" >> $GITHUB_PATH - - name: Install system dependencies - run: | - sudo apt-get -y install moreutils hunspell hunspell-en-gb hunspell-en-us pandoc - - name: Run check - run: | - export PATH=${PATH}:${GOPATH}/bin - cd ${GOPATH}/src/github.com/${{ github.repository }} && ${{ matrix.cmd }}