From 9848c3e985e22eb1c4c8eadafcb7c776995a9dba Mon Sep 17 00:00:00 2001 From: Evan Lezar Date: Fri, 28 Feb 2025 17:25:21 +0200 Subject: [PATCH] [no-relnote] Use github actions from main Signed-off-by: Evan Lezar --- .github/workflows/ci.yaml | 53 +++++++++++++++ .github/workflows/code_scanning.yaml | 5 +- .github/workflows/e2e.yaml | 98 ++++++++++++++++++++++++++++ .github/workflows/golang.yaml | 5 +- .github/workflows/image.yaml | 64 +++++++----------- 5 files changed, 177 insertions(+), 48 deletions(-) create mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/e2e.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 00000000..4efcaf2a --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,53 @@ +# Copyright 2025 NVIDIA CORPORATION +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: CI Pipeline + +on: + push: + branches: + - "pull-request/[0-9]+" + - main + - release-* + +jobs: + code-scanning: + uses: ./.github/workflows/code_scanning.yaml + + variables: + runs-on: ubuntu-latest + outputs: + version: ${{ steps.version.outputs.version }} + steps: + - name: Generate Commit Short SHA + id: version + run: echo "version=$(echo $GITHUB_SHA | cut -c1-8)" >> "$GITHUB_OUTPUT" + + golang: + uses: ./.github/workflows/golang.yaml + + image: + uses: ./.github/workflows/image.yaml + needs: [variables, golang, code-scanning] + secrets: inherit + with: + version: ${{ needs.variables.outputs.version }} + build_multi_arch_images: ${{ github.ref_name == 'main' || startsWith(github.ref_name, 'release-') }} + + e2e-test: + needs: [image, variables] + secrets: inherit + uses: ./.github/workflows/e2e.yaml + with: + version: ${{ needs.variables.outputs.version }} diff --git a/.github/workflows/code_scanning.yaml b/.github/workflows/code_scanning.yaml index 214c432e..39774a59 100644 --- a/.github/workflows/code_scanning.yaml +++ b/.github/workflows/code_scanning.yaml @@ -15,6 +15,7 @@ name: "CodeQL" on: + workflow_call: {} pull_request: types: - opened @@ -22,10 +23,6 @@ on: branches: - main - release-* - push: - branches: - - main - - release-* jobs: analyze: diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml new file mode 100644 index 00000000..3209e10a --- /dev/null +++ b/.github/workflows/e2e.yaml @@ -0,0 +1,98 @@ +# Copyright 2025 NVIDIA CORPORATION +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: End-to-end Tests + +on: + workflow_call: + inputs: + version: + required: true + type: string + secrets: + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true + AWS_SSH_KEY: + required: true + E2E_SSH_USER: + required: true + SLACK_BOT_TOKEN: + required: true + SLACK_CHANNEL_ID: + required: true + +jobs: + e2e-tests: + runs-on: linux-amd64-cpu4 + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Calculate build vars + id: vars + run: | + echo "COMMIT_SHORT_SHA=${GITHUB_SHA:0:8}" >> $GITHUB_ENV + echo "LOWERCASE_REPO_OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | awk '{print tolower($0)}')" >> $GITHUB_ENV + GOLANG_VERSION=$(./hack/golang-version.sh) + echo "GOLANG_VERSION=${GOLANG_VERSION##GOLANG_VERSION := }" >> $GITHUB_ENV + + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GOLANG_VERSION }} + + - name: Set up Holodeck + uses: NVIDIA/holodeck@v0.2.6 + with: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws_ssh_key: ${{ secrets.AWS_SSH_KEY }} + holodeck_config: "tests/e2e/infra/aws.yaml" + + - name: Get public dns name + id: holodeck_public_dns_name + uses: mikefarah/yq@master + with: + cmd: yq '.status.properties[] | select(.name == "public-dns-name") | .value' /github/workspace/.cache/holodeck.yaml + + - name: Run e2e tests + env: + IMAGE_NAME: ghcr.io/nvidia/container-toolkit + VERSION: ${{ inputs.version }} + SSH_KEY: ${{ secrets.AWS_SSH_KEY }} + E2E_SSH_USER: ${{ secrets.E2E_SSH_USER }} + E2E_SSH_HOST: ${{ steps.holodeck_public_dns_name.outputs.result }} + E2E_INSTALL_CTK: "true" + run: | + e2e_ssh_key=$(mktemp) + echo "$SSH_KEY" > "$e2e_ssh_key" + chmod 600 "$e2e_ssh_key" + export E2E_SSH_KEY="$e2e_ssh_key" + + make -f tests/e2e/Makefile test + + - name: Send Slack alert notification + if: ${{ failure() }} + uses: slackapi/slack-github-action@v2.0.0 + with: + method: chat.postMessage + token: ${{ secrets.SLACK_BOT_TOKEN }} + payload: | + channel: ${{ secrets.SLACK_CHANNEL_ID }} + text: | + :x: On repository ${{ github.repository }}, the Workflow *${{ github.workflow }}* has failed. + + Details: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} diff --git a/.github/workflows/golang.yaml b/.github/workflows/golang.yaml index 6822dfae..0a7e07d9 100644 --- a/.github/workflows/golang.yaml +++ b/.github/workflows/golang.yaml @@ -15,6 +15,7 @@ name: Golang on: + workflow_call: {} pull_request: types: - opened @@ -22,10 +23,6 @@ on: branches: - main - release-* - push: - branches: - - main - - release-* jobs: check: diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index e63ea840..b338b69c 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -16,21 +16,18 @@ name: image on: - pull_request: - types: - - opened - - synchronize - branches: - - main - - release-* - push: - branches: - - main - - release-* + workflow_call: + inputs: + version: + required: true + type: string + build_multi_arch_images: + required: true + type: string jobs: packages: - runs-on: ubuntu-latest + runs-on: linux-amd64-cpu4 strategy: matrix: target: @@ -41,7 +38,7 @@ jobs: - centos7-x86_64 - centos8-ppc64le ispr: - - ${{github.event_name == 'pull_request'}} + - ${{ github.ref_name != 'main' && !startsWith( github.ref_name, 'release-' ) }} exclude: - ispr: true target: ubuntu18.04-arm64 @@ -52,20 +49,25 @@ jobs: - ispr: true target: centos8-ppc64le fail-fast: false + steps: - uses: actions/checkout@v4 name: Check out code + - name: Set up QEMU uses: docker/setup-qemu-action@v3 with: image: tonistiigi/binfmt:master + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: build ${{ matrix.target }} packages run: | sudo apt-get install -y coreutils build-essential sed git bash make echo "Building packages" ./scripts/build-packages.sh ${{ matrix.target }} + - name: 'Upload Artifacts' uses: actions/upload-artifact@v4 with: @@ -74,7 +76,7 @@ jobs: path: ${{ github.workspace }}/dist/* image: - runs-on: ubuntu-latest + runs-on: linux-amd64-cpu4 strategy: matrix: dist: @@ -82,7 +84,7 @@ jobs: - ubi8 - packaging ispr: - - ${{github.event_name == 'pull_request'}} + - ${{ github.ref_name != 'main' && !startsWith( github.ref_name, 'release-' ) }} exclude: - ispr: true dist: ubi8 @@ -90,36 +92,15 @@ jobs: steps: - uses: actions/checkout@v4 name: Check out code - - name: Calculate build vars - id: vars - run: | - echo "COMMIT_SHORT_SHA=${GITHUB_SHA:0:8}" >> $GITHUB_ENV - echo "LOWERCASE_REPO_OWNER=$(echo "${GITHUB_REPOSITORY_OWNER}" | awk '{print tolower($0)}')" >> $GITHUB_ENV - REPO_FULL_NAME="${{ github.event.pull_request.head.repo.full_name }}" - echo "${REPO_FULL_NAME}" - echo "LABEL_IMAGE_SOURCE=https://github.com/${REPO_FULL_NAME}" >> $GITHUB_ENV - - PUSH_ON_BUILD="false" - BUILD_MULTI_ARCH_IMAGES="false" - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - if [[ "${{ github.actor }}" != "dependabot[bot]" && "${{ github.event.pull_request.head.repo.full_name }}" == "${{ github.repository }}" ]]; then - # For non-fork PRs that are not created by dependabot we do push images - PUSH_ON_BUILD="true" - fi - elif [[ "${{ github.event_name }}" == "push" ]]; then - # On push events we do generate images and enable muilti-arch builds - PUSH_ON_BUILD="true" - BUILD_MULTI_ARCH_IMAGES="true" - fi - echo "PUSH_ON_BUILD=${PUSH_ON_BUILD}" >> $GITHUB_ENV - echo "BUILD_MULTI_ARCH_IMAGES=${BUILD_MULTI_ARCH_IMAGES}" >> $GITHUB_ENV - name: Set up QEMU uses: docker/setup-qemu-action@v3 with: image: tonistiigi/binfmt:master + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Get built packages uses: actions/download-artifact@v4 with: @@ -133,10 +114,13 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Build image env: - IMAGE_NAME: ghcr.io/${LOWERCASE_REPO_OWNER}/container-toolkit - VERSION: ${COMMIT_SHORT_SHA} + IMAGE_NAME: ghcr.io/nvidia/container-toolkit + VERSION: ${{ inputs.version }} + PUSH_ON_BUILD: "true" + BUILD_MULTI_ARCH_IMAGES: ${{ inputs.build_multi_arch_images }} run: | echo "${VERSION}" make -f deployments/container/Makefile build-${{ matrix.dist }}