diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..e852d5a7 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,47 @@ +--- +name: Build DTS +on: + workflow_call: + inputs: + cacheless: + type: boolean + required: true + +jobs: + build: + runs-on: + labels: dts-builder + steps: + - name: Checkout meta-dts repo + uses: actions/checkout@v4 + with: + path: "meta-dts" + - name: Prepare cache-less build configuration + if: ${{ inputs.cacheless }} + shell: bash + run: | + sed -i '/cache.yml/d' meta-dts/kas.yml + - name: Build DTS image + shell: bash + id: build_image + run: | + for attempt in {1..5}; do + if kas-container build meta-dts/kas.yml; then + echo "Build command succeeded on attempt $attempt" + break + else + echo "Build command failed on attempt $attempt" + if [ $attempt -lt 5 ]; then + sleep 5 + fi + fi + done + continue-on-error: true + - name: Report build command + run: | + if [ ${{ steps.build_image.outcome }} == 'failure' ]; then + echo "All build attempts failed." + exit 1 + else + echo "At least one build attempt succeeded." + fi diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index be01d0f0..4af11cf9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,38 +8,9 @@ on: jobs: build: - name: Build system image - runs-on: - labels: dts-builder - steps: - - name: Checkout meta-dts repo - uses: actions/checkout@v2 - with: - path: "meta-dts" - - name: Build DTS image - shell: bash - id: build_image - run: | - for attempt in {1..5}; do - if kas-container build meta-dts/kas.yml; then - echo "Build command succeeded on attempt $attempt" - break - else - echo "Build command failed on attempt $attempt" - if [ $attempt -lt 5 ]; then - sleep 5 - fi - fi - done - continue-on-error: true - - name: Report build command - run: | - if [ ${{ steps.build_image.outcome }} == 'failure' ]; then - echo "All build attempts failed." - exit 1 - else - echo "At least one build attempt succeeded." - fi + uses: ./.github/workflows/build.yml + with: + cacheless: false deploy-images: name: Deploy DTS artifacts on boot.dasharo.com and GitHub Release if: ${{ always() && contains(join(needs.*.result, ','), 'success') }} @@ -161,4 +132,4 @@ jobs: rm -rf ~/.ssh/dts-ci-key rm -rf dts-release-cicd-pipeline rm -f ~/.ssh/gitea_dts_release_cicd - rm -rf build + rm -rf build meta-dts diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml index d6af155a..f5e2f923 100644 --- a/.github/workflows/develop.yml +++ b/.github/workflows/develop.yml @@ -7,38 +7,9 @@ on: jobs: build: - name: Build system image - runs-on: - labels: dts-builder - steps: - - name: Checkout meta-dts repo - uses: actions/checkout@v2 - with: - path: "meta-dts" - - name: Build DTS image - shell: bash - id: build_image - run: | - for attempt in {1..5}; do - if kas-container build meta-dts/kas.yml; then - echo "Build command succeeded on attempt $attempt" - break - else - echo "Build command failed on attempt $attempt" - if [ $attempt -lt 5 ]; then - sleep 5 - fi - fi - done - continue-on-error: true - - name: Report build command - run: | - if [ ${{ steps.build_image.outcome }} == 'failure' ]; then - echo "All build attempts failed." - exit 1 - else - echo "At least one build attempt succeeded." - fi + uses: ./.github/workflows/build.yml + with: + cacheless: false deploy-images: name: Deploy DTS artifacts on boot.dasharo.com if: ${{ always() && contains(join(needs.*.result, ','), 'success') }} @@ -152,4 +123,4 @@ jobs: rm -rf ~/.ssh/dts-ci-key rm -rf dts-release-cicd-pipeline rm -f ~/.ssh/gitea_dts_release_cicd - rm -rf build + rm -rf build meta-dts diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..e6d8951a --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,130 @@ +--- +name: Run DTS tests +on: + pull_request: + branches: + - 'main' +jobs: + build-dts: + uses: ./.github/workflows/build.yml + with: + cacheless: false + run-tests: + name: Run DTS tests + if: ${{ github.head_ref == 'develop' && contains(join(needs.*.result, ','), 'success') }} + needs: build + runs-on: + labels: dts-builder + steps: + - name: Checkout OSFV repo + uses: actions/checkout@v4 + with: + repository: 'Dasharo/open-source-firmware-validation' + path: 'open-source-firmware-validation' + submodules: 'recursive' + ref: 'develop' + - name: Run IPXE server + shell: bash + run: | + mkdir ipxe + cp build/tmp/deploy/images/genericx86-64/dts-base-image-genericx86-64.cpio.gz ipxe + cp build/tmp/deploy/images/genericx86-64/bzImage ipxe + echo -e "\n + #!ipxe\n + imgfetch --name file_kernel bzImage\n + imgfetch --name file_initrd dts-base-image-genericx86-64.cpio.gz\n + kernel file_kernel root=/dev/nfs initrd=file_initrd\n + boot" > ipxe/dts.ipxe + cd ipxe && python3-m http.server 4321 & + - name: Install requirements + shell: bash + run: | + cd open-source-firmware-validation + python3 -m virtualenv venv + source venv/bin/activate + pip install -r requirements.txt + - name: Run QEMU + shell: bash + id: run_qemu + run: | + cd open-source-firmware-validation/scripts/ci + mkdir qemu-data + touch qemu-data/hdd.qcow + ./qemu-run.sh nographic os & + - name: Create directory for logs + shell: bash + id: log_dirs + run: | + timestamp=$(date -u +%Y-%m-%dT%H:%M:%S%Z) + directory="/tmp/dts-test-ci-${timestamp}" + mkdir $directory + echo "directory=$directory" >> "$GITHUB_OUTPUT" + - name: Run tests + shell: bash + env: + LOG_DIR: ${{ steps.log_dirs.outputs.directory }} + run: | + cd open-source-firmware-validation + source venv/bin/activate + # This file is already present on dts-builder. + # It contains credentials for DPP subscriptions. + # It has the following form: + # DPP_PASSWORD="..." + # _DOWNLOADS="download key" + # _LOGS="logs key" + # (...) + source ~/.secrets/dpp-keys + ip_addr=$(ip -o -4 addr list eno2 | awk '{print $4}' | cut -d/ -f1) + + robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no \ + -v dpp_password:$DPP_PASSWORD -v dpp_download_key:$MSI_DOWNLOAD \ + -v dpp_logs_key:$MSI_LOGS -v netboot_utilities_support:True \ + -v dts_ipxe_link:http://${ip_addr}:4321/dts.ipxe + -i "msi" dts/dts-e2e.robot 2>&1 | tee $LOG_DIR/output_msi.log | grep "| PASS |\|| FAIL |" + + robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no \ + -v dpp_password:$DPP_PASSWORD -v dpp_download_key:$MSI_HEADS_DOWNLOAD \ + -v dpp_logs_key:$MSI_HEADS_LOGS -v netboot_utilities_support:True \ + -v dts_ipxe_link:http://${ip_addr}:4321/dts.ipxe + -i "msi_heads" dts/dts-e2e.robot 2>&1 | tee $LOG_DIR/output_msi_heads.log | grep "| PASS |\|| FAIL |" + + robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no \ + -v dpp_password:$DPP_PASSWORD -v dpp_download_key:$OPTIPLEX_DOWNLOAD \ + -v dpp_logs_key:$OPTIPLEX_LOGS -v netboot_utilities_support:True \ + -v dts_ipxe_link:http://${ip_addr}:4321/dts.ipxe + -i "optiplex" dts/dts-e2e.robot 2>&1 | tee $LOG_DIR/output_optiplex.log | grep "| PASS |\|| FAIL |" + + robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no \ + -v dpp_password:$DPP_PASSWORD -v dpp_download_key:$NOVACUSTOM_HEADS_DOWNLOAD \ + -v dpp_logs_key:$NOVACUSTOM_HEADS_LOGS -v netboot_utilities_support:True \ + -v dts_ipxe_link:http://${ip_addr}:4321/dts.ipxe + -i "novacustom_heads" dts/dts-e2e.robot 2>&1 | tee $LOG_DIR/output_nc_heads.log | grep "| PASS |\|| FAIL |" + + robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no \ + -v dpp_password:$DPP_PASSWORD -v dpp_download_key:$PCENGINES_DOWNLOAD \ + -v dpp_logs_key:$PCENGINES_LOGS -v netboot_utilities_support:True \ + -v dts_ipxe_link:http://${ip_addr}:4321/dts.ipxe + -i "pcengines" dts/dts-e2e.robot 2>&1 | tee $LOG_DIR/output_pcengines.log | grep "| PASS |\|| FAIL |" + + robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no \ + -v dpp_password:$DPP_PASSWORD -v dpp_download_key:$PCENGINES_SEABIOS_DOWNLOAD \ + -v dpp_logs_key:$PCENGINES_SEABIOS_LOGS -v netboot_utilities_support:True \ + -v dts_ipxe_link:http://${ip_addr}:4321/dts.ipxe + -i "pcengines_seabios" dts/dts-e2e.robot 2>&1 | tee $LOG_DIR/output_pcengines_seabios.log | grep "| PASS |\|| FAIL |" + - name: Copy log + shell: bash + env: + LOG_DIR: ${{ steps.log_dirs.outputs.directory }} + run: | + cp open-source-firmware-validation/log.html $LOG_DIR/log.html + cleanup: + name: Cleanup + if: always() + needs: run-tests + runs-on: + labels: dts-builder + steps: + - name: Cleanup after tests + shell: bash + run: | + rm -rf open-source-firmware-validation meta-dts build ipxe diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index 333e6942..88e12d81 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -7,49 +7,9 @@ on: jobs: build: - name: Build system image without using cache - runs-on: - labels: dts-builder - steps: - - name: Prepare SSH key - shell: bash - env: - SSH_KEY: ${{secrets.SSH_KEY}} - run: | - echo -e ${SSH_KEY} > ~/.ssh/dts-ci-key - chmod 600 ~/.ssh/dts-ci-key - - name: Checkout meta-dts repo - uses: actions/checkout@v2 - with: - path: "meta-dts" - - name: Prepare cache-less build configuration - shell: bash - run: | - sed -i '/cache.yml/d' meta-dts/kas.yml - - name: Build DTS image - shell: bash - id: build_image - run: | - for attempt in {1..5}; do - if kas-container build meta-dts/kas.yml; then - echo "Build command succeeded on attempt $attempt" - break - else - echo "Build command failed on attempt $attempt" - if [ $attempt -lt 5 ]; then - sleep 5 - fi - fi - done - continue-on-error: true - - name: Report build command - run: | - if [ ${{ steps.build_image.outcome }} == 'failure' ]; then - echo "All build attempts failed." - exit 1 - else - echo "At least one build attempt succeeded." - fi + uses: ./.github/workflows/build.yml + with: + cacheless: true deploy-cache: name: Deploy cache on cache.dasharo.com if: always()