From 9c3ebad9fd7a62418fc6748364a23d27ff1c3ff7 Mon Sep 17 00:00:00 2001 From: Noel Georgi Date: Tue, 23 Apr 2024 23:31:44 +0530 Subject: [PATCH] chore(ci): kresify gh actions Kresify, only handle gh workflows. Signed-off-by: Noel Georgi --- .conform.yaml | 7 + .drone.jsonnet | 1184 ------------- .github/workflows/ci.yaml | 1540 +++++++++++++++++ .github/workflows/integration-aws-cron.yaml | 70 + .../integration-aws-nvidia-nonfree-cron.yaml | 97 ++ .../integration-aws-nvidia-oss-cron.yaml | 97 ++ .github/workflows/integration-azure-cron.yaml | 77 + .../workflows/integration-cilium-cron.yaml | 66 + .../integration-cloud-images-cron.yaml | 45 + .../integration-equinix-metal-cron.yaml | 69 + .../integration-extensions-cron.yaml | 68 + .../integration-image-factory-cron.yaml | 101 ++ .../workflows/integration-images-cron.yaml | 36 + .github/workflows/integration-misc-cron.yaml | 114 ++ .../integration-provision-0-cron.yaml | 45 + .../integration-provision-1-cron.yaml | 45 + .../integration-provision-2-cron.yaml | 45 + .github/workflows/integration-qemu-cron.yaml | 35 + .../workflows/integration-qemu-csi-cron.yaml | 42 + .../integration-qemu-encrypted-vip-cron.yaml | 38 + .../workflows/integration-qemu-race-cron.yaml | 52 + ...integration-reproducibility-test-cron.yaml | 42 + .../integration-trusted-boot-cron.yaml | 38 + .github/workflows/slack-notify.yaml | 112 ++ .kres.yaml | 1066 ++++++++++++ .secrets.yaml | 89 + .sops.yaml | 13 + Makefile | 38 +- hack/test/e2e-aws-prepare.sh | 12 +- hack/test/e2e-cloud-tf.sh | 56 + hack/test/e2e-docker.sh | 4 +- hack/test/e2e-image-factory.sh | 2 +- hack/test/e2e-iso.sh | 4 +- hack/test/e2e-qemu.sh | 2 +- hack/test/e2e.sh | 8 +- hack/test/provision-tests.sh | 31 +- 36 files changed, 4152 insertions(+), 1238 deletions(-) delete mode 100644 .drone.jsonnet create mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/integration-aws-cron.yaml create mode 100644 .github/workflows/integration-aws-nvidia-nonfree-cron.yaml create mode 100644 .github/workflows/integration-aws-nvidia-oss-cron.yaml create mode 100644 .github/workflows/integration-azure-cron.yaml create mode 100644 .github/workflows/integration-cilium-cron.yaml create mode 100644 .github/workflows/integration-cloud-images-cron.yaml create mode 100644 .github/workflows/integration-equinix-metal-cron.yaml create mode 100644 .github/workflows/integration-extensions-cron.yaml create mode 100644 .github/workflows/integration-image-factory-cron.yaml create mode 100644 .github/workflows/integration-images-cron.yaml create mode 100644 .github/workflows/integration-misc-cron.yaml create mode 100644 .github/workflows/integration-provision-0-cron.yaml create mode 100644 .github/workflows/integration-provision-1-cron.yaml create mode 100644 .github/workflows/integration-provision-2-cron.yaml create mode 100644 .github/workflows/integration-qemu-cron.yaml create mode 100644 .github/workflows/integration-qemu-csi-cron.yaml create mode 100644 .github/workflows/integration-qemu-encrypted-vip-cron.yaml create mode 100644 .github/workflows/integration-qemu-race-cron.yaml create mode 100644 .github/workflows/integration-reproducibility-test-cron.yaml create mode 100644 .github/workflows/integration-trusted-boot-cron.yaml create mode 100644 .github/workflows/slack-notify.yaml create mode 100644 .kres.yaml create mode 100644 .secrets.yaml create mode 100644 .sops.yaml create mode 100755 hack/test/e2e-cloud-tf.sh diff --git a/.conform.yaml b/.conform.yaml index 45c20ad3ca..27fe281476 100644 --- a/.conform.yaml +++ b/.conform.yaml @@ -1,3 +1,7 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-02T14:45:40Z by kres fcfe226-dirty. + policies: - type: commit spec: @@ -34,15 +38,18 @@ policies: - talosctl - kernel - security + - ci - ^v1.8 - type: license spec: skipPaths: - .git/ + - testdata/ includeSuffixes: - .go excludeSuffixes: - .pb.go + - .pb.gw.go - _string.go - _enumer.go - _string_linux.go diff --git a/.drone.jsonnet b/.drone.jsonnet deleted file mode 100644 index 00353e9b68..0000000000 --- a/.drone.jsonnet +++ /dev/null @@ -1,1184 +0,0 @@ -// This file contains the logic for building our CI for Drone. The idea here is -// that we create a pipeline for all of the major tasks we need to perform -// (e.g. builds, E2E testing, conformance testing, releases). Each pipeline -// after the default builds on a previous pipeline. -// Generate with `drone jsonnet --source ./hack/drone.jsonnet --stream --format` -// Sign with `drone sign siderolabs/talos --save` - -local build_container = 'autonomy/build-container:latest'; -local downstream_image = 'ghcr.io/siderolabs/drone-downstream:v1.2.0-33-g2306176'; -local local_registry = 'registry.dev.talos-systems.io'; - -local volumes = { - dockersock: { - pipeline: { - name: 'dockersock', - temp: {}, - }, - step: { - name: $.dockersock.pipeline.name, - path: '/var/run', - }, - }, - - outerdockersock: { - pipeline: { - name: 'outerdockersock', - host: { - path: '/var/ci-docker', - }, - }, - step: { - name: $.outerdockersock.pipeline.name, - path: '/var/outer-run', - }, - }, - - docker: { - pipeline: { - name: 'docker', - temp: {}, - }, - step: { - name: $.docker.pipeline.name, - path: '/root/.docker/buildx', - }, - }, - - kube: { - pipeline: { - name: 'kube', - temp: {}, - }, - step: { - name: $.kube.pipeline.name, - path: '/root/.kube', - }, - }, - - dev: { - pipeline: { - name: 'dev', - host: { - path: '/dev', - }, - }, - step: { - name: $.dev.pipeline.name, - path: '/dev', - }, - }, - - tmp: { - pipeline: { - name: 'tmp', - temp: { - medium: 'memory', - }, - }, - step: { - name: $.tmp.pipeline.name, - path: '/tmp', - }, - }, - - ForStep(): [ - self.dockersock.step, - self.outerdockersock.step, - self.docker.step, - self.kube.step, - self.dev.step, - self.tmp.step, - ], - - ForPipeline(): [ - self.dockersock.pipeline, - self.outerdockersock.pipeline, - self.docker.pipeline, - self.kube.pipeline, - self.dev.pipeline, - self.tmp.pipeline, - ], -}; - -// Step standardizes the creation of build steps. The name of the step is used -// as the target when building the make command unless with_make is set to false. For example, if name equals -// "test", the resulting step command will be "make test". This is done to -// encourage alignment between this file and the Makefile, and gives us a -// standardized structure that should make things easier to reason about if we -// know that each step is essentially a Makefile target. -local Step(name, image='', target='', privileged=false, depends_on=[], environment={}, extra_volumes=[], with_make=true, entrypoint=null, extra_commands=[], resources={}, when={}) = { - local make = if target == '' then std.format('make %s', name) else std.format('make %s', target), - - local commands = if with_make then [make] + extra_commands else extra_commands, - - local common_env_vars = { - PLATFORM: 'linux/amd64,linux/arm64', - }, - - name: name, - image: if image == '' then build_container else image, - pull: 'always', - entrypoint: entrypoint, - commands: commands, - resources: resources, - privileged: privileged, - environment: common_env_vars + environment, - volumes: volumes.ForStep() + extra_volumes, - depends_on: [x.name for x in depends_on], - when: when, -}; - -// TriggerDownstream is a helper function for creating a step that triggers a -// downstream pipeline. It is used to standardize the creation of these steps. -local TriggerDownstream(name, target, repositories, image='', params=[], depends_on=[], when={}) = { - name: name, - image: if image == '' then downstream_image else image, - settings: { - server: 'https://ci.dev.talos-systems.io/', - token: { - from_secret: 'drone_token', - }, - repositories: repositories, - last_successful: true, - block: true, - params: params, - deploy: target, - }, - depends_on: [x.name for x in depends_on], - when: when, -}; - -// This provides the docker service. -local docker = { - name: 'docker', - image: 'docker:26.1-dind', - entrypoint: ['dockerd'], - privileged: true, - command: [ - '--dns=8.8.8.8', - '--dns=8.8.4.4', - '--mtu=1450', - '--log-level=error', - ], - // Set resource requests to ensure that only three builds can be performed at a - // time. We set it on the service so that we get the scheduling restricitions - // while still allowing parallel steps. - resources: { - requests: { - cpu: 12000, - memory: '18GiB', - }, - }, - volumes: volumes.ForStep(), -}; - -// Pipeline is a way to standardize the creation of pipelines. It supports -// using and existing pipeline as a base. -local Pipeline(name, steps=[], depends_on=[], with_docker=true, disable_clone=false, type='kubernetes') = { - kind: 'pipeline', - type: type, - name: name, - [if type == 'digitalocean' then 'token']: { - from_secret: 'digitalocean_token', - }, - // See https://slugs.do-api.dev/. - [if type == 'digitalocean' then 'server']: { - image: 'ubuntu-20-04-x64', - size: 'c-32', - region: 'nyc3', - }, - [if with_docker then 'services']: [docker], - [if disable_clone then 'clone']: { - disable: true, - }, - steps: steps, - volumes: volumes.ForPipeline(), - depends_on: [x.name for x in depends_on], -}; - -local creds_env_vars = { - // AWS creds - AWS_ACCESS_KEY_ID: { from_secret: 'aws_access_key_id' }, - AWS_SECRET_ACCESS_KEY: { from_secret: 'aws_secret_access_key' }, - AWS_SVC_ACCT: { from_secret: 'aws_svc_acct' }, - // Azure creds - AZURE_SUBSCRIPTION_ID: { from_secret: 'azure_subscription_id' }, - AZURE_STORAGE_ACCOUNT: { from_secret: 'az_storage_account' }, - AZURE_CLIENT_ID: { from_secret: 'az_storage_user' }, // using old variable name not to break existing release branch pipelines - AZURE_CLIENT_SECRET: { from_secret: 'az_storage_pass' }, // using old variable name not to break existing release branch pipelines - AZURE_TENANT_ID: { from_secret: 'azure_tenant_id' }, - // TODO(andrewrynhard): Rename this to the GCP convention. - GCE_SVC_ACCT: { from_secret: 'gce_svc_acct' }, - PACKET_AUTH_TOKEN: { from_secret: 'packet_auth_token' }, - EM_API_TOKEN: { from_secret: 'em_api_token' }, - EM_PROJECT_ID: { from_secret: 'em_project_id' }, - GITHUB_TOKEN: { from_secret: 'ghcr_token' }, // Use GitHub API token to avoid rate limiting on CAPI -> GitHub calls. -}; - -// Sets up the CI environment -local setup_ci = Step( - 'setup-ci', - with_make=false, - privileged=true, - extra_commands=[ - 'setup-ci', - ], - environment={ - BUILDKIT_FLAVOR: 'cross', - }, -); - -// Default pipeline. -local external_artifacts = Step('external-artifacts', depends_on=[setup_ci]); -local generate = Step('generate', target='generate docs', depends_on=[setup_ci]); -local uki_certs = Step('uki-certs', depends_on=[generate], environment={ PLATFORM: 'linux/amd64' }); -local check_dirty = Step('check-dirty', depends_on=[generate, external_artifacts, uki_certs]); -local build = Step('build', target='talosctl-all kernel sd-boot sd-stub initramfs installer imager talos _out/integration-test-linux-amd64', depends_on=[check_dirty], environment={ IMAGE_REGISTRY: local_registry, PUSH: true }); -local lint = Step('lint', depends_on=[build]); -local talosctl_cni_bundle = Step('talosctl-cni-bundle', depends_on=[build, lint]); -local iso = Step('iso', target='iso secureboot-iso', depends_on=[build], environment={ IMAGE_REGISTRY: local_registry }); -local images_essential = Step('images-essential', target='images-essential', depends_on=[iso], environment={ IMAGE_REGISTRY: local_registry }); -local unit_tests = Step('unit-tests', target='unit-tests unit-tests-race', depends_on=[build, lint]); -local e2e_docker = Step('e2e-docker-short', depends_on=[build, unit_tests], target='e2e-docker', environment={ SHORT_INTEGRATION_TEST: 'yes', IMAGE_REGISTRY: local_registry }); -local e2e_qemu = Step('e2e-qemu-short', privileged=true, target='e2e-qemu', depends_on=[build, unit_tests, talosctl_cni_bundle], environment={ IMAGE_REGISTRY: local_registry, SHORT_INTEGRATION_TEST: 'yes' }, when={ event: ['pull_request'] }); -local e2e_iso = Step('e2e-iso', privileged=true, target='e2e-iso', depends_on=[build, unit_tests, iso, talosctl_cni_bundle], when={ event: ['pull_request'] }, environment={ IMAGE_REGISTRY: local_registry }); -local release_notes = Step('release-notes', depends_on=[e2e_docker, e2e_qemu]); - -local coverage = Step( - 'coverage', - with_make=false, - environment={ - CODECOV_TOKEN: { from_secret: 'codecov_token' }, - }, - extra_commands=[ - '/usr/local/bin/codecov -f _out/coverage.txt -X fix', - ], - when={ - event: ['pull_request'], - }, - depends_on=[unit_tests], -); - -local push = Step( - 'push', - environment={ - GHCR_USERNAME: { from_secret: 'ghcr_username' }, - GHCR_PASSWORD: { from_secret: 'ghcr_token' }, - PLATFORM: 'linux/amd64,linux/arm64', - }, - depends_on=[ - e2e_docker, - e2e_qemu, - ], - when={ - event: { - exclude: [ - 'pull_request', - 'promote', - 'cron', - ], - }, - } -); - -local push_latest = Step( - 'push-latest', - environment={ - GHCR_USERNAME: { from_secret: 'ghcr_username' }, - GHCR_PASSWORD: { from_secret: 'ghcr_token' }, - PLATFORM: 'linux/amd64,linux/arm64', - }, - depends_on=[ - push, - ], - when={ - branch: [ - 'main', - ], - event: [ - 'push', - ], - }, -); - -local save_artifacts = Step( - 'save-artifacts', - with_make=false, - environment=creds_env_vars, - depends_on=[ - build, - images_essential, - iso, - talosctl_cni_bundle, - ], - extra_commands=[ - 'az login --service-principal -u "$${AZURE_CLIENT_ID}" -p "$${AZURE_CLIENT_SECRET}" --tenant "$${AZURE_TENANT_ID}"', - 'az storage container create --metadata ci=true -n ${CI_COMMIT_SHA}${DRONE_TAG//./-}', - 'az storage blob upload-batch --overwrite -s _out -d ${CI_COMMIT_SHA}${DRONE_TAG//./-}', - ] -); - -local load_artifacts = Step( - 'load-artifacts', - with_make=false, - environment=creds_env_vars, - depends_on=[ - setup_ci, - ], - extra_commands=[ - 'az login --service-principal -u "$${AZURE_CLIENT_ID}" -p "$${AZURE_CLIENT_SECRET}" --tenant "$${AZURE_TENANT_ID}"', - 'mkdir -p _out/', - 'az storage blob download-batch --overwrite -d _out -s ${CI_COMMIT_SHA}${DRONE_TAG//./-}', - 'chmod +x _out/clusterctl _out/integration-test-linux-amd64 _out/module-sig-verify-linux-amd64 _out/kubectl _out/kubestr _out/helm _out/cilium _out/talosctl*', - ] -); - -// ExtensionsStep is a helper function for creating a step that builds the -// extensions and runs the e2e tests for the extensions which can be set to be skipped. -local ExtensionsStep(with_e2e=true) = - // builds the extensions - local extensions_build = TriggerDownstream( - 'extensions-build', - 'e2e-talos', - ['siderolabs/extensions@main'], - params=[ - std.format('REGISTRY=%s', local_registry), - 'PLATFORM=linux/amd64', - 'BUCKET_PATH=${CI_COMMIT_SHA}${DRONE_TAG//./-}', - '_out/talos-metadata', // params passed from file with KEY=VALUE format - ], - depends_on=[load_artifacts], - ); - - // here we need to wait for the extensions build to finish - local extensions_artifacts = Step( - 'extensions-artifacts', - with_make=false, - environment=creds_env_vars, - depends_on=[ - setup_ci, - extensions_build, - ], - extra_commands=[ - 'az login --service-principal -u "$${AZURE_CLIENT_ID}" -p "$${AZURE_CLIENT_SECRET}" --tenant "$${AZURE_TENANT_ID}"', - 'az storage blob download -f _out/extensions-metadata -n extensions-metadata -c ${CI_COMMIT_SHA}${DRONE_TAG//./-}', - ] - ); - - // generates the extension list patch manifest - local extensions_patch_manifest = Step( - 'installer-with-extensions', - environment={ IMAGE_REGISTRY: local_registry }, - depends_on=[ - extensions_artifacts, - ] - ); - - local e2e_extensions = Step('e2e-extensions', target='e2e-qemu', privileged=true, depends_on=[extensions_patch_manifest], environment={ - QEMU_MEMORY_WORKERS: '4096', - WITH_CONFIG_PATCH_WORKER: '@_out/extensions-patch.yaml', - IMAGE_REGISTRY: local_registry, - QEMU_EXTRA_DISKS: '3', - SHORT_INTEGRATION_TEST: 'yes', - EXTRA_TEST_ARGS: '-talos.extensions.qemu', - }); - - local step_targets = [extensions_build, extensions_artifacts, extensions_patch_manifest, e2e_extensions]; - local targets = if with_e2e then step_targets else [extensions_build, extensions_artifacts]; - - targets; - - -local default_steps = [ - setup_ci, - external_artifacts, - generate, - uki_certs, - check_dirty, - build, - lint, - talosctl_cni_bundle, - iso, - images_essential, - unit_tests, - save_artifacts, - coverage, - e2e_iso, - e2e_qemu, - e2e_docker, - release_notes, - push, - push_latest, -]; - -local default_trigger = { - trigger: { - event: { - exclude: [ - 'tag', - 'promote', - 'cron', - ], - }, - branch: { - exclude: [ - 'renovate/*', - 'dependabot/*', - ], - }, - }, -}; - -local cron_trigger(schedules) = { - trigger: { - cron: { - include: schedules, - }, - }, -}; - -local default_pipeline = Pipeline('default', default_steps) + default_trigger; - -local default_cron_pipeline = Pipeline('cron-default', default_steps) + cron_trigger(['thrice-daily', 'nightly']); - -// Full integration pipeline. - -local default_pipeline_steps = [ - setup_ci, - load_artifacts, -]; - -local integration_qemu = Step('e2e-qemu', privileged=true, depends_on=[load_artifacts], environment={ IMAGE_REGISTRY: local_registry }); - -local integration_extensions = [step for step in ExtensionsStep()]; - -local integration_qemu_trusted_boot = Step('e2e-qemu-trusted-boot', target='e2e-qemu', privileged=true, depends_on=[load_artifacts], environment={ - IMAGE_REGISTRY: local_registry, - VIA_MAINTENANCE_MODE: 'true', - WITH_TRUSTED_BOOT_ISO: 'true', - EXTRA_TEST_ARGS: '-talos.trustedboot', -}); - -local integration_factory_16_iso = Step('factory-1.6-iso', target='e2e-image-factory', privileged=true, depends_on=[load_artifacts], environment={ - FACTORY_BOOT_METHOD: 'iso', - FACTORY_VERSION: 'v1.6.0', - FACTORY_SCHEMATIC: '376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba', - KUBERNETES_VERSION: '1.29.0', - FACTORY_UPGRADE: 'true', - FACTORY_UPGRADE_SCHEMATIC: 'cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f', - FACTORY_UPGRADE_VERSION: 'v1.6.1', -}); - -local integration_factory_16_image = Step('factory-1.6-image', depends_on=[integration_factory_16_iso], target='e2e-image-factory', privileged=true, environment={ - FACTORY_BOOT_METHOD: 'disk-image', - FACTORY_VERSION: 'v1.6.0', - FACTORY_SCHEMATIC: '376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba', - KUBERNETES_VERSION: '1.29.0', - FACTORY_UPGRADE: 'true', - FACTORY_UPGRADE_SCHEMATIC: 'cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f', - FACTORY_UPGRADE_VERSION: 'v1.6.1', -}); - -local integration_factory_16_pxe = Step('factory-1.6-pxe', depends_on=[integration_factory_16_image], target='e2e-image-factory', privileged=true, environment={ - FACTORY_BOOT_METHOD: 'pxe', - FACTORY_VERSION: 'v1.6.1', - FACTORY_SCHEMATIC: '376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba', - KUBERNETES_VERSION: '1.29.0', -}); - -local integration_factory_16_secureboot = Step('factory-1.6-secureboot', depends_on=[integration_factory_16_pxe], target='e2e-image-factory', privileged=true, environment={ - FACTORY_BOOT_METHOD: 'secureboot-iso', - FACTORY_VERSION: 'v1.6.0', - FACTORY_SCHEMATIC: 'cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f', - KUBERNETES_VERSION: '1.29.0', - FACTORY_UPGRADE: 'true', - FACTORY_UPGRADE_SCHEMATIC: '376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba', - FACTORY_UPGRADE_VERSION: 'v1.6.1', -}); - -local integration_factory_15_iso = Step('factory-1.5-iso', depends_on=[integration_factory_16_secureboot], target='e2e-image-factory', privileged=true, environment={ - FACTORY_BOOT_METHOD: 'iso', - FACTORY_VERSION: 'v1.5.5', - FACTORY_SCHEMATIC: '376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba', - KUBERNETES_VERSION: '1.28.5', - FACTORY_UPGRADE: 'true', - FACTORY_UPGRADE_SCHEMATIC: 'cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f', - FACTORY_UPGRADE_VERSION: 'v1.5.5', -}); - -local integration_factory_13_iso = Step('factory-1.3-iso', depends_on=[integration_factory_15_iso], target='e2e-image-factory', privileged=true, environment={ - FACTORY_BOOT_METHOD: 'iso', - FACTORY_VERSION: 'v1.3.7', - FACTORY_SCHEMATIC: '376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba', - KUBERNETES_VERSION: '1.26.5', - FACTORY_UPGRADE: 'true', - FACTORY_UPGRADE_SCHEMATIC: 'cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f', - FACTORY_UPGRADE_VERSION: 'v1.3.7', -}); - -local integration_factory_13_image = Step('factory-1.3-image', depends_on=[integration_factory_13_iso], target='e2e-image-factory', privileged=true, environment={ - FACTORY_BOOT_METHOD: 'disk-image', - FACTORY_VERSION: 'v1.3.7', - FACTORY_SCHEMATIC: '376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba', - KUBERNETES_VERSION: '1.26.5', -}); - - -local build_race = Step('build-race', target='initramfs installer', depends_on=[load_artifacts], environment={ IMAGE_REGISTRY: local_registry, PUSH: true, TAG_SUFFIX: '-race', WITH_RACE: '1', PLATFORM: 'linux/amd64' }); -local integration_qemu_race = Step('e2e-qemu-race', target='e2e-qemu', privileged=true, depends_on=[build_race], environment={ IMAGE_REGISTRY: local_registry, TAG_SUFFIX: '-race' }); - -local integration_provision_tests_prepare = Step('provision-tests-prepare', privileged=true, depends_on=[load_artifacts]); -local integration_provision_tests_track_0 = Step('provision-tests-track-0', privileged=true, depends_on=[integration_provision_tests_prepare], environment={ IMAGE_REGISTRY: local_registry }); -local integration_provision_tests_track_1 = Step('provision-tests-track-1', privileged=true, depends_on=[integration_provision_tests_prepare], environment={ IMAGE_REGISTRY: local_registry }); -local integration_provision_tests_track_2 = Step('provision-tests-track-2', privileged=true, depends_on=[integration_provision_tests_prepare], environment={ IMAGE_REGISTRY: local_registry }); - -local integration_cilium = Step('e2e-cilium', target='e2e-qemu', privileged=true, depends_on=[load_artifacts], environment={ - SHORT_INTEGRATION_TEST: 'yes', - WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: 'yes', - WITH_CUSTOM_CNI: 'cilium', - WITH_FIREWALL: 'accept', - QEMU_WORKERS: '2', - WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}]', - IMAGE_REGISTRY: local_registry, -}); -local integration_cilium_strict = Step('e2e-cilium-strict', target='e2e-qemu', privileged=true, depends_on=[integration_cilium], environment={ - SHORT_INTEGRATION_TEST: 'yes', - WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: 'yes', - WITH_CUSTOM_CNI: 'cilium', - WITH_FIREWALL: 'accept', - QEMU_WORKERS: '2', - CILIUM_INSTALL_TYPE: 'strict', - WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}, {"op": "add", "path": "/cluster/proxy", "value": {"disabled": true}}]', - IMAGE_REGISTRY: local_registry, -}); -local integration_cilium_strict_kubespan = Step('e2e-cilium-strict-kubespan', target='e2e-qemu', privileged=true, depends_on=[integration_cilium_strict], environment={ - SHORT_INTEGRATION_TEST: 'yes', - WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: 'yes', - WITH_CUSTOM_CNI: 'cilium', - WITH_FIREWALL: 'accept', - WITH_KUBESPAN: 'true', - QEMU_WORKERS: '2', - CILIUM_INSTALL_TYPE: 'strict', - WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}, {"op": "add", "path": "/cluster/proxy", "value": {"disabled": true}}]', - IMAGE_REGISTRY: local_registry, -}); - -local integration_firewall = Step('e2e-firewall', target='e2e-qemu', privileged=true, depends_on=[load_artifacts], environment={ - SHORT_INTEGRATION_TEST: 'yes', - WITH_FIREWALL: 'block', - REGISTRY: local_registry, -}); -local integration_network_chaos = Step('e2e-network-chaos', target='e2e-qemu', privileged=true, depends_on=[integration_firewall], environment={ - SHORT_INTEGRATION_TEST: 'yes', - WITH_NETWORK_CHAOS: 'true', - REGISTRY: local_registry, -}); -local integration_canal_reset = Step('e2e-canal-reset', target='e2e-qemu', privileged=true, depends_on=[integration_network_chaos], environment={ - INTEGRATION_TEST_RUN: 'TestIntegration/api.ResetSuite/TestResetWithSpec', - CUSTOM_CNI_URL: 'https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/canal.yaml', - REGISTRY: local_registry, -}); -local integration_bios_cgroupsv1 = Step('e2e-bios-cgroupsv1', target='e2e-qemu', privileged=true, depends_on=[integration_canal_reset], environment={ - SHORT_INTEGRATION_TEST: 'yes', - WITH_UEFI: 'false', - IMAGE_REGISTRY: local_registry, - WITH_CONFIG_PATCH: '[{"op": "add", "path": "/machine/install/extraKernelArgs/-", "value": "talos.unified_cgroup_hierarchy=0"}]', // use cgroupsv1 -}); -local integration_disk_image = Step('e2e-disk-image', target='e2e-qemu', privileged=true, depends_on=[integration_bios_cgroupsv1], environment={ - SHORT_INTEGRATION_TEST: 'yes', - USE_DISK_IMAGE: 'true', - VIA_MAINTENANCE_MODE: 'true', - IMAGE_REGISTRY: local_registry, - WITH_DISK_ENCRYPTION: 'true', -}); -local integration_control_plane_port = Step('e2e-cp-port', target='e2e-qemu', privileged=true, depends_on=[integration_disk_image], environment={ - SHORT_INTEGRATION_TEST: 'yes', - REGISTRY: local_registry, - WITH_CONTROL_PLANE_PORT: '443', -}); -local integration_no_cluster_discovery = Step('e2e-no-cluster-discovery', target='e2e-qemu', privileged=true, depends_on=[integration_control_plane_port], environment={ - SHORT_INTEGRATION_TEST: 'yes', - WITH_CLUSTER_DISCOVERY: 'false', - IMAGE_REGISTRY: local_registry, -}); -local integration_kubespan = Step('e2e-kubespan', target='e2e-qemu', privileged=true, depends_on=[integration_no_cluster_discovery], environment={ - SHORT_INTEGRATION_TEST: 'yes', - WITH_CLUSTER_DISCOVERY: 'true', - WITH_KUBESPAN: 'true', - IMAGE_REGISTRY: local_registry, -}); -local integration_default_hostname = Step('e2e-default-hostname', target='e2e-qemu', privileged=true, depends_on=[integration_kubespan], environment={ - // regression test: make sure Talos works in maintenance mode when no hostname is set - SHORT_INTEGRATION_TEST: 'yes', - IMAGE_REGISTRY: local_registry, - VIA_MAINTENANCE_MODE: 'true', - DISABLE_DHCP_HOSTNAME: 'true', -}); - -local integration_qemu_encrypted_vip = Step('e2e-encrypted-kubespan-vip', target='e2e-qemu', privileged=true, depends_on=[load_artifacts], environment={ - WITH_DISK_ENCRYPTION: 'true', - WITH_VIRTUAL_IP: 'true', - WITH_KUBESPAN: 'true', - IMAGE_REGISTRY: local_registry, -}); - -local integration_qemu_csi = Step('e2e-csi', target='e2e-qemu', privileged=true, depends_on=[load_artifacts], environment={ - IMAGE_REGISTRY: local_registry, - SHORT_INTEGRATION_TEST: 'yes', - QEMU_WORKERS: '3', - QEMU_CPUS_WORKERS: '4', - QEMU_MEMORY_WORKERS: '5120', - QEMU_EXTRA_DISKS: '1', - QEMU_EXTRA_DISKS_SIZE: '12288', - WITH_TEST: 'run_csi_tests', -}); - -local integration_images = Step('images', target='images', depends_on=[load_artifacts], environment={ IMAGE_REGISTRY: local_registry }); -local integration_cloud_images = Step('cloud-images', depends_on=[integration_images], environment=creds_env_vars); - -local integration_reproducibility_test = Step('reproducibility-test', target='reproducibility-test', depends_on=[load_artifacts], environment={ IMAGE_REGISTRY: local_registry }); - -local integration_siderolink = Step('e2e-siderolink', target='e2e-qemu', privileged=true, depends_on=[integration_default_hostname], environment={ - SHORT_INTEGRATION_TEST: 'yes', - WITH_SIDEROLINK_AGENT: 'true', - VIA_MAINTENANCE_MODE: 'true', - REGISTRY: local_registry, -}); - -local integration_siderolink_tunnel = Step('e2e-siderolink-tunnel', target='e2e-qemu', privileged=true, depends_on=[integration_siderolink], environment={ - SHORT_INTEGRATION_TEST: 'yes', - WITH_SIDEROLINK_AGENT: 'tunnel', - VIA_MAINTENANCE_MODE: 'true', - REGISTRY: local_registry, -}); - -local push_edge = { - name: 'push-edge', - image: 'autonomy/build-container:latest', - pull: 'always', - environment: { - GHCR_USERNAME: { from_secret: 'ghcr_username' }, - GHCR_PASSWORD: { from_secret: 'ghcr_token' }, - }, - commands: ['make push-edge'], - volumes: volumes.ForStep(), - when: { - cron: [ - 'nightly', - ], - }, - depends_on: [ - integration_qemu.name, - ], -}; - -local literal_trigger(names) = { - trigger: { - target: { - include: names, - }, - }, -}; - -local integration_trigger(names) = { - trigger: { - target: { - include: ['integration'] + names, - }, - }, -}; - -local integration_pipelines = [ - // regular pipelines, triggered on promote events - Pipeline('integration-qemu', default_pipeline_steps + [integration_qemu, push_edge]) + integration_trigger(['integration-qemu']), - Pipeline('integration-trusted-boot', default_pipeline_steps + [integration_qemu_trusted_boot]) + integration_trigger(['integration-trusted-boot']), - Pipeline('integration-provision-0', default_pipeline_steps + [integration_provision_tests_prepare, integration_provision_tests_track_0]) + integration_trigger(['integration-provision', 'integration-provision-0']), - Pipeline('integration-provision-1', default_pipeline_steps + [integration_provision_tests_prepare, integration_provision_tests_track_1]) + integration_trigger(['integration-provision', 'integration-provision-1']), - Pipeline('integration-provision-2', default_pipeline_steps + [integration_provision_tests_prepare, integration_provision_tests_track_2]) + integration_trigger(['integration-provision', 'integration-provision-2']), - Pipeline('integration-misc', default_pipeline_steps + [ - integration_firewall, - integration_network_chaos, - integration_canal_reset, - integration_bios_cgroupsv1, - integration_disk_image, - integration_control_plane_port, - integration_no_cluster_discovery, - integration_kubespan, - integration_default_hostname, - integration_siderolink, - integration_siderolink_tunnel, - ]) + integration_trigger(['integration-misc']), - Pipeline('integration-extensions', default_pipeline_steps + integration_extensions) + integration_trigger(['integration-extensions']), - Pipeline('integration-cilium', default_pipeline_steps + [integration_cilium, integration_cilium_strict, integration_cilium_strict_kubespan]) + integration_trigger(['integration-cilium']), - Pipeline('integration-qemu-encrypted-vip', default_pipeline_steps + [integration_qemu_encrypted_vip]) + integration_trigger(['integration-qemu-encrypted-vip']), - Pipeline('integration-qemu-race', default_pipeline_steps + [build_race, integration_qemu_race]) + integration_trigger(['integration-qemu-race']), - Pipeline('integration-qemu-csi', default_pipeline_steps + [integration_qemu_csi]) + integration_trigger(['integration-qemu-csi']), - Pipeline('integration-images', default_pipeline_steps + [integration_images]) + integration_trigger(['integration-images']), - Pipeline('integration-reproducibility-test', default_pipeline_steps + [integration_reproducibility_test]) + integration_trigger(['integration-reproducibility']), - Pipeline('integration-cloud-images', default_pipeline_steps + [integration_images, integration_cloud_images]) + literal_trigger(['integration-cloud-images']), - Pipeline('image-factory', default_pipeline_steps + [ - integration_factory_16_iso, - integration_factory_16_image, - integration_factory_16_pxe, - integration_factory_16_secureboot, - integration_factory_15_iso, - integration_factory_13_iso, - integration_factory_13_image, - ]) + literal_trigger(['image-factory']), - - // cron pipelines, triggered on schedule events - Pipeline('cron-integration-qemu', default_pipeline_steps + [integration_qemu, push_edge], [default_cron_pipeline]) + cron_trigger(['thrice-daily', 'nightly']), - Pipeline('cron-integration-provision-0', default_pipeline_steps + [integration_provision_tests_prepare, integration_provision_tests_track_0], [default_cron_pipeline]) + cron_trigger(['thrice-daily', 'nightly']), - Pipeline('cron-integration-provision-1', default_pipeline_steps + [integration_provision_tests_prepare, integration_provision_tests_track_1], [default_cron_pipeline]) + cron_trigger(['thrice-daily', 'nightly']), - Pipeline('cron-integration-provision-2', default_pipeline_steps + [integration_provision_tests_prepare, integration_provision_tests_track_2], [default_cron_pipeline]) + cron_trigger(['thrice-daily', 'nightly']), - Pipeline('cron-integration-misc', default_pipeline_steps + [ - integration_firewall, - integration_network_chaos, - integration_canal_reset, - integration_bios_cgroupsv1, - integration_disk_image, - integration_control_plane_port, - integration_no_cluster_discovery, - integration_kubespan, - integration_default_hostname, - ], [default_cron_pipeline]) + cron_trigger(['thrice-daily', 'nightly']), - Pipeline('cron-integration-extensions', default_pipeline_steps + integration_extensions, [default_cron_pipeline]) + cron_trigger(['nightly']), - Pipeline('cron-integration-cilium', default_pipeline_steps + [integration_cilium, integration_cilium_strict, integration_cilium_strict_kubespan], [default_cron_pipeline]) + cron_trigger(['nightly']), - Pipeline('cron-integration-qemu-encrypted-vip', default_pipeline_steps + [integration_qemu_encrypted_vip], [default_cron_pipeline]) + cron_trigger(['thrice-daily', 'nightly']), - Pipeline('cron-integration-qemu-race', default_pipeline_steps + [build_race, integration_qemu_race], [default_cron_pipeline]) + cron_trigger(['nightly']), - Pipeline('cron-integration-qemu-csi', default_pipeline_steps + [integration_qemu_csi], [default_cron_pipeline]) + cron_trigger(['nightly']), - Pipeline('cron-integration-images', default_pipeline_steps + [integration_images], [default_cron_pipeline]) + cron_trigger(['nightly']), - Pipeline('cron-integration-reproducibility-test', default_pipeline_steps + [integration_reproducibility_test], [default_cron_pipeline]) + cron_trigger(['nightly']), - Pipeline('cron-image-factory', - default_pipeline_steps + [ - integration_factory_16_iso, - integration_factory_16_image, - integration_factory_16_pxe, - integration_factory_16_secureboot, - integration_factory_15_iso, - integration_factory_13_iso, - integration_factory_13_image, - ], - [default_cron_pipeline]) + cron_trigger(['nightly']), -]; - - -// E2E pipeline. -local capi_docker = Step('e2e-docker', depends_on=[load_artifacts], target='e2e-docker', environment={ - IMAGE_REGISTRY: local_registry, - SHORT_INTEGRATION_TEST: 'yes', - INTEGRATION_TEST_RUN: 'XXX', -}); -local e2e_capi = Step('e2e-capi', depends_on=[capi_docker], environment=creds_env_vars); - -local E2EAWS(target) = - local extensions_artifacts = [step for step in ExtensionsStep(with_e2e=false)]; - local depends_on = if std.startsWith(target, 'nvidia') then [load_artifacts] + extensions_artifacts else [load_artifacts]; - local test_num_nodes = if std.startsWith(target, 'nvidia') then 4 else 6; - local extra_test_args = if std.startsWith(target, 'nvidia') then '-talos.extensions.nvidia' else ''; - - local e2e_aws_prepare = Step( - 'e2e-aws-prepare', - depends_on=depends_on, - environment=creds_env_vars { - IMAGE_REGISTRY: local_registry, - E2E_AWS_TARGET: target, - }, - extra_commands=[ - 'az login --service-principal -u "$${AZURE_CLIENT_ID}" -p "$${AZURE_CLIENT_SECRET}" --tenant "$${AZURE_TENANT_ID}"', - 'az storage blob upload-batch --overwrite -s _out --pattern "e2e-aws-generated/*" -d "${CI_COMMIT_SHA}${DRONE_TAG//./-}"', - ] - ); - - local tf_apply = TriggerDownstream( - 'tf-apply', - 'e2e-talos-tf-apply', - ['siderolabs/contrib@main'], - params=[ - 'BUCKET_PATH=${CI_COMMIT_SHA}${DRONE_TAG//./-}', - 'TYPE=aws', - 'AWS_DEFAULT_REGION=us-east-1', - ], - depends_on=[e2e_aws_prepare], - ); - - local e2e_aws_tf_apply_post = Step( - 'e2e-aws-download-artifacts', - with_make=false, - environment=creds_env_vars, - extra_commands=[ - 'az login --service-principal -u "$${AZURE_CLIENT_ID}" -p "$${AZURE_CLIENT_SECRET}" --tenant "$${AZURE_TENANT_ID}"', - 'az storage blob download -f _out/e2e-aws-talosconfig -n e2e-aws-talosconfig -c ${CI_COMMIT_SHA}${DRONE_TAG//./-}', - 'az storage blob download -f _out/e2e-aws-kubeconfig -n e2e-aws-kubeconfig -c ${CI_COMMIT_SHA}${DRONE_TAG//./-}', - ], - depends_on=[tf_apply], - ); - - local e2e_aws = Step( - 'e2e-aws', - depends_on=[e2e_aws_tf_apply_post], - environment=creds_env_vars { - TEST_NUM_NODES: test_num_nodes, - EXTRA_TEST_ARGS: extra_test_args, - } - ); - - local tf_destroy = TriggerDownstream( - 'tf-destroy', - 'e2e-talos-tf-destroy', - ['siderolabs/contrib@main'], - params=[ - 'BUCKET_PATH=${CI_COMMIT_SHA}${DRONE_TAG//./-}', - 'TYPE=aws', - 'AWS_DEFAULT_REGION=us-east-1', - ], - depends_on=[e2e_aws], - when={ - status: [ - 'failure', - 'success', - ], - }, - ); - - local step_targets = [e2e_aws_prepare, tf_apply, e2e_aws_tf_apply_post, e2e_aws, tf_destroy]; - local targets = if std.startsWith(target, 'nvidia') then extensions_artifacts + step_targets else step_targets; - - targets; - -local E2EAzure() = - local depends_on = [load_artifacts]; - - local e2e_azure_prepare = Step( - 'e2e-azure-prepare', - depends_on=depends_on, - environment=creds_env_vars { - IMAGE_REGISTRY: local_registry, - }, - extra_commands=[ - 'az login --service-principal -u "$${AZURE_CLIENT_ID}" -p "$${AZURE_CLIENT_SECRET}" --tenant "$${AZURE_TENANT_ID}"', - 'az storage blob upload-batch --overwrite -s _out --pattern "e2e-azure-generated/*" -d "${CI_COMMIT_SHA}${DRONE_TAG//./-}"', - ] - ); - - local tf_apply = TriggerDownstream( - 'tf-apply', - 'e2e-talos-tf-apply', - ['siderolabs/contrib@main'], - params=[ - 'BUCKET_PATH=${CI_COMMIT_SHA}${DRONE_TAG//./-}', - 'TYPE=azure', - ], - depends_on=[e2e_azure_prepare], - ); - - local e2e_azure_tf_apply_post = Step( - 'e2e-azure-download-artifacts', - with_make=false, - environment=creds_env_vars, - extra_commands=[ - 'az login --service-principal -u "$${AZURE_CLIENT_ID}" -p "$${AZURE_CLIENT_SECRET}" --tenant "$${AZURE_TENANT_ID}"', - 'az storage blob download -f _out/e2e-azure-talosconfig -n e2e-azure-talosconfig -c ${CI_COMMIT_SHA}${DRONE_TAG//./-}', - 'az storage blob download -f _out/e2e-azure-kubeconfig -n e2e-azure-kubeconfig -c ${CI_COMMIT_SHA}${DRONE_TAG//./-}', - ], - depends_on=[tf_apply], - ); - - local e2e_azure = Step( - 'e2e-azure', - depends_on=[e2e_azure_tf_apply_post], - environment=creds_env_vars {} - ); - - local tf_destroy = TriggerDownstream( - 'tf-destroy', - 'e2e-talos-tf-destroy', - ['siderolabs/contrib@main'], - params=[ - 'BUCKET_PATH=${CI_COMMIT_SHA}${DRONE_TAG//./-}', - 'TYPE=azure', - ], - depends_on=[e2e_azure], - when={ - status: [ - 'failure', - 'success', - ], - }, - ); - - local targets = [e2e_azure_prepare, tf_apply, e2e_azure_tf_apply_post, e2e_azure, tf_destroy]; - - targets; - -local E2EEquinixMetal() = - local depends_on = [load_artifacts]; - - local e2e_equinixmetal_prepare = Step( - 'e2e-equinix-metal-prepare', - depends_on=depends_on, - environment=creds_env_vars { - IMAGE_REGISTRY: local_registry, - }, - extra_commands=[ - 'az login --service-principal -u "$${AZURE_CLIENT_ID}" -p "$${AZURE_CLIENT_SECRET}" --tenant "$${AZURE_TENANT_ID}"', - 'az storage blob upload-batch --overwrite -s _out --pattern "e2e-equinix-metal-generated/*" -d "${CI_COMMIT_SHA}${DRONE_TAG//./-}"', - ] - ); - - local tf_apply = TriggerDownstream( - 'tf-apply', - 'e2e-talos-tf-apply', - ['siderolabs/contrib@main'], - params=[ - 'BUCKET_PATH=${CI_COMMIT_SHA}${DRONE_TAG//./-}', - 'TYPE=equinix-metal', - ], - depends_on=[e2e_equinixmetal_prepare], - ); - - local e2e_equinixmetal_tf_apply_post = Step( - 'e2e-equinix-metal-download-artifacts', - with_make=false, - environment=creds_env_vars, - extra_commands=[ - 'az login --service-principal -u "$${AZURE_CLIENT_ID}" -p "$${AZURE_CLIENT_SECRET}" --tenant "$${AZURE_TENANT_ID}"', - 'az storage blob download -f _out/e2e-equinix-metal-talosconfig -n e2e-equinix-metal-talosconfig -c ${CI_COMMIT_SHA}${DRONE_TAG//./-}', - 'az storage blob download -f _out/e2e-equinix-metal-kubeconfig -n e2e-equinix-metal-kubeconfig -c ${CI_COMMIT_SHA}${DRONE_TAG//./-}', - ], - depends_on=[tf_apply], - ); - - local e2e_equinixmetal = Step( - 'e2e-equinix-metal', - depends_on=[e2e_equinixmetal_tf_apply_post], - environment=creds_env_vars {} - ); - - local tf_destroy = TriggerDownstream( - 'tf-destroy', - 'e2e-talos-tf-destroy', - ['siderolabs/contrib@main'], - params=[ - 'BUCKET_PATH=${CI_COMMIT_SHA}${DRONE_TAG//./-}', - 'TYPE=equinix-metal', - 'REFRESH_ON_DESTROY=false', // it's safe to skip refresh on destroy for EM, since we don't read any data from Equinix. - ], - depends_on=[e2e_equinixmetal], - when={ - status: [ - 'failure', - 'success', - ], - }, - ); - - local targets = [e2e_equinixmetal_prepare, tf_apply, e2e_equinixmetal_tf_apply_post, e2e_equinixmetal, tf_destroy]; - - targets; - - -local e2e_aws = [step for step in E2EAWS('default')]; -local e2e_aws_nvidia_oss = [step for step in E2EAWS('nvidia-oss')]; -local e2e_azure = [step for step in E2EAzure()]; -local e2e_equinixmetal = [step for step in E2EEquinixMetal()]; -local e2e_gcp = Step('e2e-gcp', depends_on=[e2e_capi], environment=creds_env_vars); - -local e2e_trigger(names) = { - trigger: { - target: { - include: ['e2e'] + names, - }, - }, -}; - -local e2e_pipelines = [ - // regular pipelines, triggered on promote events - Pipeline('e2e-aws', default_pipeline_steps + e2e_aws) + e2e_trigger(['e2e-aws']), - Pipeline('e2e-aws-nvidia-oss', default_pipeline_steps + e2e_aws_nvidia_oss) + e2e_trigger(['e2e-aws-nvidia-oss']), - Pipeline('e2e-azure', default_pipeline_steps + e2e_azure) + e2e_trigger(['e2e-azure']), - Pipeline('e2e-equinix-metal', default_pipeline_steps + e2e_equinixmetal) + e2e_trigger(['e2e-equinix-metal']), - Pipeline('e2e-gcp', default_pipeline_steps + [capi_docker, e2e_capi, e2e_gcp]) + e2e_trigger(['e2e-gcp']), - - // cron pipelines, triggered on schedule events - Pipeline('cron-e2e-aws', default_pipeline_steps + e2e_aws, [default_cron_pipeline]) + cron_trigger(['thrice-daily', 'nightly']), - Pipeline('cron-e2e-azure', default_pipeline_steps + e2e_azure, [default_cron_pipeline]) + cron_trigger(['thrice-daily', 'nightly']), - Pipeline('cron-e2e-equinix-metal', default_pipeline_steps + e2e_equinixmetal, [default_cron_pipeline]) + cron_trigger(['thrice-daily', 'nightly']), - Pipeline('cron-e2e-gcp', default_pipeline_steps + [capi_docker, e2e_capi, e2e_gcp], [default_cron_pipeline]) + cron_trigger(['thrice-daily', 'nightly']), -]; - -// Conformance pipeline. - -local conformance_k8s_qemu = Step('conformance-k8s-qemu', target='e2e-qemu', privileged=true, depends_on=[load_artifacts], environment={ - QEMU_WORKERS: '2', // conformance test requires >=2 workers - QEMU_CPUS: '4', // conformance test in parallel runs with number of CPUs - TEST_MODE: 'fast-conformance', - IMAGE_REGISTRY: local_registry, -}); - -local conformance_trigger(names) = { - trigger: { - target: { - include: ['conformance'] + names, - }, - }, -}; - -local conformance_pipelines = [ - // regular pipelines, triggered on promote events - Pipeline('conformance-qemu', default_pipeline_steps + [conformance_k8s_qemu]) + conformance_trigger(['conformance-qemu']), - - // cron pipelines, triggered on schedule events - Pipeline('cron-conformance-qemu', default_pipeline_steps + [conformance_k8s_qemu], [default_cron_pipeline]) + cron_trigger(['nightly']), -]; - -// Release pipeline. - -local cloud_images = Step('cloud-images', depends_on=[e2e_docker, e2e_qemu], environment=creds_env_vars); -local images = Step('images', target='images', depends_on=[iso, images_essential, save_artifacts], environment={ IMAGE_REGISTRY: local_registry }); - -// TODO(andrewrynhard): We should run E2E tests on a release. -local release = { - name: 'release', - image: 'plugins/github-release', - settings: { - api_key: { from_secret: 'github_token' }, - draft: true, - note: '_out/RELEASE_NOTES.md', - files: [ - '_out/akamai-amd64.raw.gz', - '_out/akamai-arm64.raw.gz', - '_out/aws-amd64.raw.zst', - '_out/aws-arm64.raw.zst', - '_out/azure-amd64.vhd.zst', - '_out/azure-arm64.vhd.zst', - '_out/cloud-images.json', - '_out/digital-ocean-amd64.raw.gz', - '_out/digital-ocean-arm64.raw.gz', - '_out/exoscale-amd64.qcow2.zst', - '_out/exoscale-arm64.qcow2.zst', - '_out/gcp-amd64.raw.tar.gz', - '_out/gcp-arm64.raw.tar.gz', - '_out/hcloud-amd64.raw.zst', - '_out/hcloud-arm64.raw.zst', - '_out/initramfs-amd64.xz', - '_out/initramfs-arm64.xz', - '_out/metal-amd64.iso', - '_out/metal-arm64.iso', - '_out/metal-amd64.raw.zst', - '_out/metal-arm64.raw.zst', - '_out/nocloud-amd64.raw.zst', - '_out/nocloud-arm64.raw.zst', - '_out/opennebula-amd64.raw.zst', - '_out/opennebula-arm64.raw.zst', - '_out/openstack-amd64.raw.zst', - '_out/openstack-arm64.raw.zst', - '_out/oracle-amd64.qcow2.zst', - '_out/oracle-arm64.qcow2.zst', - '_out/scaleway-amd64.raw.zst', - '_out/scaleway-arm64.raw.zst', - '_out/sd-boot-amd64.efi', - '_out/sd-boot-arm64.efi', - '_out/sd-stub-amd64.efi', - '_out/sd-stub-arm64.efi', - '_out/talosctl-cni-bundle-amd64.tar.gz', - '_out/talosctl-cni-bundle-arm64.tar.gz', - '_out/talosctl-darwin-amd64', - '_out/talosctl-darwin-arm64', - '_out/talosctl-freebsd-amd64', - '_out/talosctl-freebsd-arm64', - '_out/talosctl-linux-amd64', - '_out/talosctl-linux-arm64', - '_out/talosctl-linux-armv7', - '_out/talosctl-windows-amd64.exe', - '_out/upcloud-amd64.raw.zst', - '_out/upcloud-arm64.raw.zst', - '_out/vmware-amd64.ova', - '_out/vmware-arm64.ova', - '_out/vmlinuz-amd64', - '_out/vmlinuz-arm64', - '_out/vultr-amd64.raw.zst', - '_out/vultr-arm64.raw.zst', - ], - checksum: ['sha256', 'sha512'], - }, - when: { - event: ['tag'], - }, - depends_on: [ - build.name, - cloud_images.name, - talosctl_cni_bundle.name, - images.name, - iso.name, - push.name, - release_notes.name, - ], -}; - -local release_steps = default_steps + [ - images, - cloud_images, - release, -]; - -local release_trigger = { - trigger: { - event: [ - 'tag', - ], - ref: { - exclude: [ - 'refs/tags/pkg/**', - ], - }, - }, -}; - -local release_pipeline = Pipeline('release', release_steps) + release_trigger; - -// Notify pipeline. - -local notify = { - name: 'slack', - image: 'plugins/slack', - settings: { - webhook: { from_secret: 'slack_webhook' }, - channel: 'proj-talos-maintainers', - link_names: true, - template: '{{#if build.pull }}\n*{{#success build.status}}✓ Success{{else}}✕ Fail{{/success}}*: {{ repo.owner }}/{{ repo.name }} - \n{{else}}\n*{{#success build.status}}✓ Success{{else}}✕ Fail{{/success}}: {{ repo.owner }}/{{ repo.name }} - Build #{{ build.number }}* (type: `{{ build.event }}`)\n{{/if}}\nCommit: \nBranch: \nAuthor: {{ build.author }}\n<{{ build.link }}|Visit build page>', - }, - when: { - status: [ - 'success', - 'failure', - ], - }, -}; - -local notify_steps = [notify]; - -local notify_trigger = { - trigger: { - status: ['success', 'failure'], - branch: { - exclude: [ - 'renovate/*', - 'dependabot/*', - ], - }, - }, -}; - -local notify_pipeline = Pipeline('notify', notify_steps, [default_pipeline, release_pipeline] + integration_pipelines + e2e_pipelines + conformance_pipelines, false, true) + notify_trigger; - -// Final configuration file definition. - -[ - default_pipeline, - default_cron_pipeline, - release_pipeline, -] + integration_pipelines + e2e_pipelines + conformance_pipelines + [ - notify_pipeline, -] diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000000..8dfbba1ae7 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,1540 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-21T18:46:51Z by kres 04ecdaf. + +name: default +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + push: + branches: + - main + - release-* + tags: + - v* + pull_request: + branches: + - main + - release-* +jobs: + default: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && github.event_name == 'pull_request' + outputs: + labels: ${{ steps.retrieve-pr-labels.outputs.result }} + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: external-artifacts + run: | + make external-artifacts + - name: generate + run: | + make generate docs + - name: uki-certs + env: + PLATFORM: linux/amd64 + run: | + make uki-certs + - name: check-dirty + run: | + make check-dirty + - name: build + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + PLATFORM: linux/amd64,linux/arm64 + PUSH: "true" + run: | + make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer imager talos _out/integration-test-linux-amd64 + - name: lint + run: | + make lint + - name: talosctl-cni-bundle + run: | + make talosctl-cni-bundle + - name: iso + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make iso secureboot-iso + - name: images-essential + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + PLATFORM: linux/amd64,linux/arm64 + run: | + make images-essential + - name: unit-tests + run: | + make unit-tests + - name: unit-tests-race + run: | + make unit-tests-race + - name: coverage + uses: codecov/codecov-action@v4 + with: + files: _out/coverage.txt + token: ${{ secrets.CODECOV_TOKEN }} + timeout-minutes: 3 + - name: Generate executable list + run: | + find _out -type f -executable > _out/executable-artifacts + - name: save artifacts + uses: actions/upload-artifact@v4 + with: + name: artifacts + path: |- + _out + !_out/coverage.txt + retention-days: "5" + - name: Retrieve PR labels + id: retrieve-pr-labels + uses: actions/github-script@v7 + with: + retries: "3" + script: | + if (context.eventName != "pull_request") { return "[]" } + + const resp = await github.rest.issues.get({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + }) + + return resp.data.labels.map(label => label.name) + e2e-docker-short: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-docker + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + run: | + make e2e-docker + e2e-iso: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-iso + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + sudo -E make e2e-iso + e2e-qemu-short: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-qemu + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + run: | + sudo -E make e2e-qemu + integration-aws: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: contains(fromJSON(needs.default.outputs.labels), 'integration/aws') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Mask secrets + run: | + echo -e "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-aws-prepare + env: + E2E_AWS_TARGET: default + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make e2e-aws-prepare + - name: checkout contrib + uses: actions/checkout@v4 + with: + path: _out/contrib + ref: main + repository: siderolabs/contrib + - name: setup tf + uses: hashicorp/setup-terraform@v3 + with: + terraform_wrapper: "false" + - name: tf apply + env: + TF_E2E_ACTION: apply + TF_E2E_TEST_TYPE: aws + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + - name: e2e-aws + run: | + make e2e-aws + - name: tf destroy + if: always() + env: + TF_E2E_ACTION: destroy + TF_E2E_TEST_TYPE: aws + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + integration-aws-nvidia-nonfree: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: contains(fromJSON(needs.default.outputs.labels), 'integration/aws-nvidia-nonfree') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Mask secrets + run: | + echo -e "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: checkout extensions + uses: actions/checkout@v4 + with: + path: _out/extensions + ref: main + repository: siderolabs/extensions + - name: set variables + run: | + cat _out/talos-metadata >> "$GITHUB_ENV" + - name: build extensions + env: + PLATFORM: linux/amd64 + PUSH: "true" + REGISTRY: registry.dev.siderolabs.io + run: | + make nvidia-container-toolkit nonfree-kmod-nvidia extensions-metadata -C _out/extensions + - name: e2e-aws-prepare + env: + E2E_AWS_TARGET: nvidia-nonfree + EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make e2e-aws-prepare + - name: checkout contrib + uses: actions/checkout@v4 + with: + path: _out/contrib + ref: main + repository: siderolabs/contrib + - name: setup tf + uses: hashicorp/setup-terraform@v3 + with: + terraform_wrapper: "false" + - name: tf apply + env: + TF_E2E_ACTION: apply + TF_E2E_TEST_TYPE: aws + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + - name: e2e-aws-nvidia-nonfree + env: + EXTRA_TEST_ARGS: -talos.extensions.nvidia + TEST_NUM_NODES: "4" + run: | + make e2e-aws + - name: tf destroy + if: always() + env: + TF_E2E_ACTION: destroy + TF_E2E_TEST_TYPE: aws + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + integration-aws-nvidia-oss: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: contains(fromJSON(needs.default.outputs.labels), 'integration/aws-nvidia-oss') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Mask secrets + run: | + echo -e "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: checkout extensions + uses: actions/checkout@v4 + with: + path: _out/extensions + ref: main + repository: siderolabs/extensions + - name: set variables + run: | + cat _out/talos-metadata >> "$GITHUB_ENV" + - name: build extensions + env: + PLATFORM: linux/amd64 + PUSH: "true" + REGISTRY: registry.dev.siderolabs.io + run: | + make nvidia-container-toolkit nvidia-open-gpu-kernel-modules extensions-metadata -C _out/extensions + - name: e2e-aws-prepare + env: + E2E_AWS_TARGET: nvidia-oss + EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make e2e-aws-prepare + - name: checkout contrib + uses: actions/checkout@v4 + with: + path: _out/contrib + ref: main + repository: siderolabs/contrib + - name: setup tf + uses: hashicorp/setup-terraform@v3 + with: + terraform_wrapper: "false" + - name: tf apply + env: + TF_E2E_ACTION: apply + TF_E2E_TEST_TYPE: aws + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + - name: e2e-aws-nvidia-oss + env: + EXTRA_TEST_ARGS: -talos.extensions.nvidia + TEST_NUM_NODES: "4" + run: | + make e2e-aws + - name: tf destroy + if: always() + env: + TF_E2E_ACTION: destroy + TF_E2E_TEST_TYPE: aws + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + integration-azure: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: contains(fromJSON(needs.default.outputs.labels), 'integration/azure') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Mask secrets + run: | + echo -e "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-azure-prepare + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make e2e-azure-prepare + - name: checkout contrib + uses: actions/checkout@v4 + with: + path: _out/contrib + ref: main + repository: siderolabs/contrib + - name: setup tf + uses: hashicorp/setup-terraform@v3 + with: + terraform_wrapper: "false" + - name: tf apply + env: + ARM_CLIENT_ID: ${{ env.AZURE_CLIENT_ID }} + ARM_CLIENT_SECRET: ${{ env.AZURE_CLIENT_SECRET }} + ARM_SUBSCRIPTION_ID: ${{ env.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ env.AZURE_TENANT_ID }} + TF_E2E_ACTION: apply + TF_E2E_TEST_TYPE: azure + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + - name: e2e-azure + run: | + make e2e-azure + - name: tf destroy + if: always() + env: + ARM_CLIENT_ID: ${{ env.AZURE_CLIENT_ID }} + ARM_CLIENT_SECRET: ${{ env.AZURE_CLIENT_SECRET }} + ARM_SUBSCRIPTION_ID: ${{ env.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ env.AZURE_TENANT_ID }} + TF_E2E_ACTION: destroy + TF_E2E_TEST_TYPE: azure + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + integration-cilium: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - talos + if: contains(fromJSON(needs.default.outputs.labels), 'integration/cilium') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-cilium + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + QEMU_WORKERS: "2" + SHORT_INTEGRATION_TEST: "yes" + WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}]' + WITH_CUSTOM_CNI: cilium + WITH_FIREWALL: accept + WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: "yes" + run: | + sudo -E make e2e-qemu + - name: e2e-cilium-strict + env: + CILIUM_INSTALL_TYPE: strict + IMAGE_REGISTRY: registry.dev.siderolabs.io + QEMU_WORKERS: "2" + SHORT_INTEGRATION_TEST: "yes" + WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}, {"op": "add", "path": "/cluster/proxy", "value": {"disabled": true}}]' + WITH_CUSTOM_CNI: cilium + WITH_FIREWALL: accept + WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: "yes" + run: | + sudo -E make e2e-qemu + - name: e2e-cilium-strict-kubespan + env: + CILIUM_INSTALL_TYPE: strict + IMAGE_REGISTRY: registry.dev.siderolabs.io + QEMU_WORKERS: "2" + SHORT_INTEGRATION_TEST: "yes" + WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}, {"op": "add", "path": "/cluster/proxy", "value": {"disabled": true}}]' + WITH_CUSTOM_CNI: cilium + WITH_FIREWALL: accept + WITH_KUBESPAN: "true" + WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: "yes" + run: | + sudo -E make e2e-qemu + integration-cloud-images: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: contains(fromJSON(needs.default.outputs.labels), 'integration/cloud-images') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Mask secrets + run: | + echo -e "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: images + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + PLATFORM: linux/amd64,linux/arm64 + run: | + make images + - name: cloud-images + run: | + make cloud-images + integration-equinix-metal: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: contains(fromJSON(needs.default.outputs.labels), 'integration/equinix-metal') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Mask secrets + run: | + echo -e "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-equinix-metal-prepare + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make e2e-equinix-metal-prepare + - name: checkout contrib + uses: actions/checkout@v4 + with: + path: _out/contrib + ref: main + repository: siderolabs/contrib + - name: setup tf + uses: hashicorp/setup-terraform@v3 + with: + terraform_wrapper: "false" + - name: tf apply + env: + TF_E2E_ACTION: apply + TF_E2E_TEST_TYPE: equinix-metal + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + - name: e2e-equinix-metal + run: | + make e2e-equinix-metal + - name: tf destroy + if: always() + env: + TF_E2E_ACTION: destroy + TF_E2E_TEST_TYPE: equinix-metal + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + integration-extensions: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - talos + if: contains(fromJSON(needs.default.outputs.labels), 'integration/extensions') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: checkout extensions + uses: actions/checkout@v4 + with: + path: _out/extensions + ref: main + repository: siderolabs/extensions + - name: set variables + run: | + cat _out/talos-metadata >> "$GITHUB_ENV" + - name: build extensions + env: + PLATFORM: linux/amd64 + PUSH: "true" + REGISTRY: registry.dev.siderolabs.io + run: | + make all extensions-metadata -C _out/extensions + - name: installer extensions + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make installer-with-extensions + - name: e2e-extensions + env: + EXTRA_TEST_ARGS: -talos.extensions.qemu + IMAGE_REGISTRY: registry.dev.siderolabs.io + QEMU_EXTRA_DISKS: "3" + QEMU_MEMORY_WORKERS: "4096" + SHORT_INTEGRATION_TEST: "yes" + WITH_CONFIG_PATCH_WORKER: '@_out/extensions-patch.yaml' + run: | + sudo -E make e2e-qemu + integration-image-factory: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - talos + if: contains(fromJSON(needs.default.outputs.labels), 'integration/image-factory') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: factory-1.6-iso + env: + FACTORY_BOOT_METHOD: iso + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_UPGRADE: "true" + FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + FACTORY_UPGRADE_VERSION: v1.6.1 + FACTORY_VERSION: v1.6.0 + KUBERNETES_VERSION: 1.29.0 + run: | + sudo -E make e2e-image-factory + - name: factory-1.6-image + env: + FACTORY_BOOT_METHOD: disk-image + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_UPGRADE: "true" + FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + FACTORY_UPGRADE_VERSION: v1.6.1 + FACTORY_VERSION: v1.6.0 + KUBERNETES_VERSION: 1.29.0 + run: | + sudo -E make e2e-image-factory + - name: factory-1.6-pxe + env: + FACTORY_BOOT_METHOD: pxe + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_VERSION: v1.6.1 + KUBERNETES_VERSION: 1.29.0 + run: | + sudo -E make e2e-image-factory + - name: factory-1.6-secureboot + env: + FACTORY_BOOT_METHOD: secureboot-iso + FACTORY_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + FACTORY_UPGRADE: "true" + FACTORY_UPGRADE_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_UPGRADE_VERSION: v1.6.1 + FACTORY_VERSION: v1.6.0 + KUBERNETES_VERSION: 1.29.0 + run: | + sudo -E make e2e-image-factory + - name: factory-1.5-iso + env: + FACTORY_BOOT_METHOD: iso + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_UPGRADE: "true" + FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + FACTORY_UPGRADE_VERSION: v1.5.5 + FACTORY_VERSION: v1.5.5 + KUBERNETES_VERSION: 1.28.5 + run: | + sudo -E make e2e-image-factory + - name: factory-1.3-iso + env: + FACTORY_BOOT_METHOD: iso + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_UPGRADE: "true" + FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + FACTORY_UPGRADE_VERSION: v1.3.7 + FACTORY_VERSION: v1.3.7 + KUBERNETES_VERSION: 1.26.5 + run: | + sudo -E make e2e-image-factory + - name: factory-1.3-image + env: + FACTORY_BOOT_METHOD: disk-image + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_VERSION: v1.3.7 + KUBERNETES_VERSION: 1.26.5 + run: | + sudo -E make e2e-image-factory + integration-images: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: contains(fromJSON(needs.default.outputs.labels), 'integration/images') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: images + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + PLATFORM: linux/amd64,linux/arm64 + run: | + make images + integration-misc: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - talos + if: contains(fromJSON(needs.default.outputs.labels), 'integration/misc') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-firewall + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + WITH_FIREWALL: block + run: | + sudo -E make e2e-qemu + - name: e2e-network-chaos + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + WITH_NETWORK_CHAOS: "yes" + run: | + sudo -E make e2e-qemu + - name: e2e-canal-reset + env: + CUSTOM_CNI_URL: https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/canal.yaml + IMAGE_REGISTRY: registry.dev.siderolabs.io + INTEGRATION_TEST_RUN: TestIntegration/api.ResetSuite/TestResetWithSpec + run: | + sudo -E make e2e-qemu + - name: e2e-bios-cgroupsv1 + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + WITH_CONFIG_PATCH: '[{"op": "add", "path": "/machine/install/extraKernelArgs/-", "value": "talos.unified_cgroup_hierarchy=0"}]' + WITH_UEFI: "false" + run: | + sudo -E make e2e-qemu + - name: e2e-disk-image + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + USE_DISK_IMAGE: "true" + VIA_MAINTENANCE_MODE: "true" + WITH_DISK_ENCRYPTION: "true" + run: | + sudo -E make e2e-qemu + - name: e2e-controlplane-port + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + WITH_CONTROL_PLANE_PORT: "443" + run: | + sudo -E make e2e-qemu + - name: e2e-no-cluster-discovery + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + WITH_CLUSTER_DISCOVERY: "false" + run: | + sudo -E make e2e-qemu + - name: e2e-kubespan + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io\ + SHORT_INTEGRATION_TEST: "yes" + WITH_CLUSTER_DISCOVERY: "true" + WITH_KUBESPAN: "true" + run: | + sudo -E make e2e-qemu + - name: e2e-default-hostname + env: + DISABLE_DHCP_HOSTNAME: "true" + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + VIA_MAINTENANCE_MODE: "true" + run: | + sudo -E make e2e-qemu + - name: e2e-siderolink + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + VIA_MAINTENANCE_MODE: "true" + WITH_SIDEROLINK_AGENT: "true" + run: | + sudo -E make e2e-qemu + - name: e2e-siderolink-tunnel + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + VIA_MAINTENANCE_MODE: "true" + WITH_SIDEROLINK_AGENT: tunnel + run: | + sudo -E make e2e-qemu + integration-provision-0: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - talos + if: contains(fromJSON(needs.default.outputs.labels), 'integration/provision') || contains(fromJSON(needs.default.outputs.labels), 'integration/provision-0') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: provision-tests-prepare + run: | + make provision-tests-prepare + - name: provision-tests-track-0 + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + sudo -E make provision-tests-track-0 + integration-provision-1: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - talos + if: contains(fromJSON(needs.default.outputs.labels), 'integration/provision') || contains(fromJSON(needs.default.outputs.labels), 'integration/provision-1') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: provision-tests-prepare + run: | + make provision-tests-prepare + - name: provision-tests-track-1 + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + sudo -E make provision-tests-track-1 + integration-provision-2: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - talos + if: contains(fromJSON(needs.default.outputs.labels), 'integration/provision') || contains(fromJSON(needs.default.outputs.labels), 'integration/provision-2') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: provision-tests-prepare + run: | + make provision-tests-prepare + - name: provision-tests-track-2 + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + sudo -E make provision-tests-track-2 + integration-qemu: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - talos + if: contains(fromJSON(needs.default.outputs.labels), 'integration/qemu') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-qemu + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + sudo -E make e2e-qemu + integration-qemu-csi: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - talos + if: contains(fromJSON(needs.default.outputs.labels), 'integration/qemu-csi') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-qemu-csi + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + QEMU_CPUS_WORKERS: "4" + QEMU_EXTRA_DISKS: "1" + QEMU_EXTRA_DISKS_SIZE: "12288" + QEMU_MEMORY_WORKERS: "5120" + QEMU_WORKERS: "3" + SHORT_INTEGRATION_TEST: "yes" + WITH_TEST: run_csi_tests + run: | + sudo -E make e2e-qemu + integration-qemu-encrypted-vip: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - talos + if: contains(fromJSON(needs.default.outputs.labels), 'integration/qemu-encrypted-vip') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-qemu + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + WITH_DISK_ENCRYPTION: "true" + WITH_KUBESPAN: "true" + WITH_VIRTUAL_IP: "true" + run: | + sudo -E make e2e-qemu + integration-qemu-race: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - talos + if: contains(fromJSON(needs.default.outputs.labels), 'integration/qemu-race') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: build-race + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + PLATFORM: linux/amd64 + PUSH: "true" + TAG_SUFFIX: -race + WITH_RACE: "1" + run: | + make initramfs installer + - name: e2e-qemu-race + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + TAG_SUFFIX: -race + run: | + sudo -E make e2e-qemu + integration-reproducibility-test: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - talos + if: contains(fromJSON(needs.default.outputs.labels), 'integration/reproducibility-test') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: reproducibility-test + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make reproducibility-test + integration-trusted-boot: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - talos + if: contains(fromJSON(needs.default.outputs.labels), 'integration/trusted-boot') + needs: + - default + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: integration-trusted-boot + env: + EXTRA_TEST_ARGS: -talos.trustedboot + IMAGE_REGISTRY: registry.dev.siderolabs.io + VIA_MAINTENANCE_MODE: "true" + WITH_TRUSTED_BOOT_ISO: "true" + run: | + sudo -E make e2e-qemu + push: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && github.event_name != 'pull_request' + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: build + run: | + make talosctl-all kernel sd-boot sd-stub initramfs installer imager talos + - name: release-notes + run: | + make release-notes + - name: login-to-registry + uses: docker/login-action@v3 + with: + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + username: ${{ github.repository_owner }} + - name: push + run: | + make push + - name: push-latest + if: '!startsWith(github.ref, ''refs/tags/'')' + run: | + make push-latest + tag: + permissions: + actions: read + contents: write + issues: read + packages: write + pull-requests: read + runs-on: + - self-hosted + - generic + if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && startsWith(github.ref, 'refs/tags/') + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Mask secrets + run: | + echo -e "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: build + run: | + make talosctl-all kernel sd-boot sd-stub initramfs installer imager talos + - name: release-notes + run: | + make release-notes + - name: login-to-registry + uses: docker/login-action@v3 + with: + password: ${{ secrets.GITHUB_TOKEN }} + registry: ghcr.io + username: ${{ github.repository_owner }} + - name: push + run: | + make push + - name: images + run: | + make images + - name: cloud-images + run: | + make cloud-images + - name: Generate Checksums + run: | + sha256sum _out/akamai-amd64.raw.gz _out/akamai-arm64.raw.gz _out/aws-amd64.raw.zst _out/aws-arm64.raw.zst _out/azure-amd64.vhd.zst _out/azure-arm64.vhd.zst _out/cloud-images.json _out/digital-ocean-amd64.raw.gz _out/digital-ocean-arm64.raw.gz _out/exoscale-amd64.qcow2.zst _out/exoscale-arm64.qcow2.zst _out/gcp-amd64.raw.tar.gz _out/gcp-arm64.raw.tar.gz _out/hcloud-amd64.raw.zst _out/hcloud-arm64.raw.zst _out/initramfs-amd64.xz _out/initramfs-arm64.xz _out/metal-amd64.iso _out/metal-arm64.iso _out/metal-amd64.raw.zst _out/metal-arm64.raw.zst _out/nocloud-amd64.raw.zst _out/nocloud-arm64.raw.zst _out/opennebula-amd64.raw.zst _out/opennebula-arm64.raw.zst _out/openstack-amd64.raw.zst _out/openstack-arm64.raw.zst _out/oracle-amd64.qcow2.zst _out/oracle-arm64.qcow2.zst _out/scaleway-amd64.raw.zst _out/scaleway-arm64.raw.zst _out/sd-boot-amd64.efi _out/sd-boot-arm64.efi _out/sd-stub-amd64.efi _out/sd-stub-arm64.efi _out/talosctl-cni-bundle-amd64.tar.gz _out/talosctl-cni-bundle-arm64.tar.gz _out/talosctl-darwin-amd64 _out/talosctl-darwin-arm64 _out/talosctl-freebsd-amd64 _out/talosctl-freebsd-arm64 _out/talosctl-linux-amd64 _out/talosctl-linux-arm64 _out/talosctl-linux-armv7 _out/talosctl-windows-amd64.exe _out/upcloud-amd64.raw.zst _out/upcloud-arm64.raw.zst _out/vmware-amd64.ova _out/vmware-arm64.ova _out/vmlinuz-amd64 _out/vmlinuz-arm64 _out/vultr-amd64.raw.zst _out/vultr-arm64.raw.zst > _out/sha256sum.txt + sha512sum _out/akamai-amd64.raw.gz _out/akamai-arm64.raw.gz _out/aws-amd64.raw.zst _out/aws-arm64.raw.zst _out/azure-amd64.vhd.zst _out/azure-arm64.vhd.zst _out/cloud-images.json _out/digital-ocean-amd64.raw.gz _out/digital-ocean-arm64.raw.gz _out/exoscale-amd64.qcow2.zst _out/exoscale-arm64.qcow2.zst _out/gcp-amd64.raw.tar.gz _out/gcp-arm64.raw.tar.gz _out/hcloud-amd64.raw.zst _out/hcloud-arm64.raw.zst _out/initramfs-amd64.xz _out/initramfs-arm64.xz _out/metal-amd64.iso _out/metal-arm64.iso _out/metal-amd64.raw.zst _out/metal-arm64.raw.zst _out/nocloud-amd64.raw.zst _out/nocloud-arm64.raw.zst _out/opennebula-amd64.raw.zst _out/opennebula-arm64.raw.zst _out/openstack-amd64.raw.zst _out/openstack-arm64.raw.zst _out/oracle-amd64.qcow2.zst _out/oracle-arm64.qcow2.zst _out/scaleway-amd64.raw.zst _out/scaleway-arm64.raw.zst _out/sd-boot-amd64.efi _out/sd-boot-arm64.efi _out/sd-stub-amd64.efi _out/sd-stub-arm64.efi _out/talosctl-cni-bundle-amd64.tar.gz _out/talosctl-cni-bundle-arm64.tar.gz _out/talosctl-darwin-amd64 _out/talosctl-darwin-arm64 _out/talosctl-freebsd-amd64 _out/talosctl-freebsd-arm64 _out/talosctl-linux-amd64 _out/talosctl-linux-arm64 _out/talosctl-linux-armv7 _out/talosctl-windows-amd64.exe _out/upcloud-amd64.raw.zst _out/upcloud-arm64.raw.zst _out/vmware-amd64.ova _out/vmware-arm64.ova _out/vmlinuz-amd64 _out/vmlinuz-arm64 _out/vultr-amd64.raw.zst _out/vultr-arm64.raw.zst > _out/sha512sum.txt + - name: release + uses: crazy-max/ghaction-github-release@v2 + with: + body_path: _out/RELEASE_NOTES.md + draft: "true" + files: |- + _out/akamai-amd64.raw.gz + _out/akamai-arm64.raw.gz + _out/aws-amd64.raw.zst + _out/aws-arm64.raw.zst + _out/azure-amd64.vhd.zst + _out/azure-arm64.vhd.zst + _out/cloud-images.json + _out/digital-ocean-amd64.raw.gz + _out/digital-ocean-arm64.raw.gz + _out/exoscale-amd64.qcow2.zst + _out/exoscale-arm64.qcow2.zst + _out/gcp-amd64.raw.tar.gz + _out/gcp-arm64.raw.tar.gz + _out/hcloud-amd64.raw.zst + _out/hcloud-arm64.raw.zst + _out/initramfs-amd64.xz + _out/initramfs-arm64.xz + _out/metal-amd64.iso + _out/metal-arm64.iso + _out/metal-amd64.raw.zst + _out/metal-arm64.raw.zst + _out/nocloud-amd64.raw.zst + _out/nocloud-arm64.raw.zst + _out/opennebula-amd64.raw.zst + _out/opennebula-arm64.raw.zst + _out/openstack-amd64.raw.zst + _out/openstack-arm64.raw.zst + _out/oracle-amd64.qcow2.zst + _out/oracle-arm64.qcow2.zst + _out/scaleway-amd64.raw.zst + _out/scaleway-arm64.raw.zst + _out/sd-boot-amd64.efi + _out/sd-boot-arm64.efi + _out/sd-stub-amd64.efi + _out/sd-stub-arm64.efi + _out/talosctl-cni-bundle-amd64.tar.gz + _out/talosctl-cni-bundle-arm64.tar.gz + _out/talosctl-darwin-amd64 + _out/talosctl-darwin-arm64 + _out/talosctl-freebsd-amd64 + _out/talosctl-freebsd-arm64 + _out/talosctl-linux-amd64 + _out/talosctl-linux-arm64 + _out/talosctl-linux-armv7 + _out/talosctl-windows-amd64.exe + _out/upcloud-amd64.raw.zst + _out/upcloud-arm64.raw.zst + _out/vmware-amd64.ova + _out/vmware-arm64.ova + _out/vmlinuz-amd64 + _out/vmlinuz-arm64 + _out/vultr-amd64.raw.zst + _out/vultr-arm64.raw.zst + _out/sha*.txt diff --git a/.github/workflows/integration-aws-cron.yaml b/.github/workflows/integration-aws-cron.yaml new file mode 100644 index 0000000000..c73dbbd15f --- /dev/null +++ b/.github/workflows/integration-aws-cron.yaml @@ -0,0 +1,70 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-16T11:03:04Z by kres 48517a9. + +name: integration-aws-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 7 * * * +jobs: + default: + runs-on: + - self-hosted + - generic + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Mask secrets + run: | + echo -e "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-aws-prepare + env: + E2E_AWS_TARGET: default + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make e2e-aws-prepare + - name: checkout contrib + uses: actions/checkout@v4 + with: + path: _out/contrib + ref: main + repository: siderolabs/contrib + - name: setup tf + uses: hashicorp/setup-terraform@v3 + with: + terraform_wrapper: "false" + - name: tf apply + env: + TF_E2E_ACTION: apply + TF_E2E_TEST_TYPE: aws + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + - name: e2e-aws + run: | + make e2e-aws + - name: tf destroy + if: always() + env: + TF_E2E_ACTION: destroy + TF_E2E_TEST_TYPE: aws + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf diff --git a/.github/workflows/integration-aws-nvidia-nonfree-cron.yaml b/.github/workflows/integration-aws-nvidia-nonfree-cron.yaml new file mode 100644 index 0000000000..6050027cae --- /dev/null +++ b/.github/workflows/integration-aws-nvidia-nonfree-cron.yaml @@ -0,0 +1,97 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-21T13:52:48Z by kres 0290180. + +name: integration-aws-nvidia-nonfree-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 7 * * * +jobs: + default: + runs-on: + - self-hosted + - generic + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Mask secrets + run: | + echo -e "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: checkout extensions + uses: actions/checkout@v4 + with: + path: _out/extensions + ref: main + repository: siderolabs/extensions + - name: set variables + run: | + cat _out/talos-metadata >> "$GITHUB_ENV" + - name: build extensions + env: + PLATFORM: linux/amd64 + PUSH: "true" + REGISTRY: registry.dev.siderolabs.io + run: | + make nvidia-container-toolkit nonfree-kmod-nvidia extensions-metadata -C _out/extensions + - name: e2e-aws-prepare + env: + E2E_AWS_TARGET: nvidia-nonfree + EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make e2e-aws-prepare + - name: checkout contrib + uses: actions/checkout@v4 + with: + path: _out/contrib + ref: main + repository: siderolabs/contrib + - name: setup tf + uses: hashicorp/setup-terraform@v3 + with: + terraform_wrapper: "false" + - name: tf apply + env: + TF_E2E_ACTION: apply + TF_E2E_TEST_TYPE: aws + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + - name: e2e-aws-nvidia-nonfree + env: + EXTRA_TEST_ARGS: -talos.extensions.nvidia + TEST_NUM_NODES: "4" + run: | + make e2e-aws + - name: tf destroy + if: always() + env: + TF_E2E_ACTION: destroy + TF_E2E_TEST_TYPE: aws + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf diff --git a/.github/workflows/integration-aws-nvidia-oss-cron.yaml b/.github/workflows/integration-aws-nvidia-oss-cron.yaml new file mode 100644 index 0000000000..ee0615c4f9 --- /dev/null +++ b/.github/workflows/integration-aws-nvidia-oss-cron.yaml @@ -0,0 +1,97 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-21T13:52:48Z by kres 0290180. + +name: integration-aws-nvidia-oss-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 7 * * * +jobs: + default: + runs-on: + - self-hosted + - generic + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Mask secrets + run: | + echo -e "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: checkout extensions + uses: actions/checkout@v4 + with: + path: _out/extensions + ref: main + repository: siderolabs/extensions + - name: set variables + run: | + cat _out/talos-metadata >> "$GITHUB_ENV" + - name: build extensions + env: + PLATFORM: linux/amd64 + PUSH: "true" + REGISTRY: registry.dev.siderolabs.io + run: | + make nvidia-container-toolkit nvidia-open-gpu-kernel-modules extensions-metadata -C _out/extensions + - name: e2e-aws-prepare + env: + E2E_AWS_TARGET: nvidia-oss + EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make e2e-aws-prepare + - name: checkout contrib + uses: actions/checkout@v4 + with: + path: _out/contrib + ref: main + repository: siderolabs/contrib + - name: setup tf + uses: hashicorp/setup-terraform@v3 + with: + terraform_wrapper: "false" + - name: tf apply + env: + TF_E2E_ACTION: apply + TF_E2E_TEST_TYPE: aws + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + - name: e2e-aws-nvidia-oss + env: + EXTRA_TEST_ARGS: -talos.extensions.nvidia + TEST_NUM_NODES: "4" + run: | + make e2e-aws + - name: tf destroy + if: always() + env: + TF_E2E_ACTION: destroy + TF_E2E_TEST_TYPE: aws + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf diff --git a/.github/workflows/integration-azure-cron.yaml b/.github/workflows/integration-azure-cron.yaml new file mode 100644 index 0000000000..80759af099 --- /dev/null +++ b/.github/workflows/integration-azure-cron.yaml @@ -0,0 +1,77 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-16T11:03:04Z by kres 48517a9. + +name: integration-azure-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 7 * * * +jobs: + default: + runs-on: + - self-hosted + - generic + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Mask secrets + run: | + echo -e "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-azure-prepare + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make e2e-azure-prepare + - name: checkout contrib + uses: actions/checkout@v4 + with: + path: _out/contrib + ref: main + repository: siderolabs/contrib + - name: setup tf + uses: hashicorp/setup-terraform@v3 + with: + terraform_wrapper: "false" + - name: tf apply + env: + ARM_CLIENT_ID: ${{ env.AZURE_CLIENT_ID }} + ARM_CLIENT_SECRET: ${{ env.AZURE_CLIENT_SECRET }} + ARM_SUBSCRIPTION_ID: ${{ env.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ env.AZURE_TENANT_ID }} + TF_E2E_ACTION: apply + TF_E2E_TEST_TYPE: azure + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + - name: e2e-azure + run: | + make e2e-azure + - name: tf destroy + if: always() + env: + ARM_CLIENT_ID: ${{ env.AZURE_CLIENT_ID }} + ARM_CLIENT_SECRET: ${{ env.AZURE_CLIENT_SECRET }} + ARM_SUBSCRIPTION_ID: ${{ env.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ env.AZURE_TENANT_ID }} + TF_E2E_ACTION: destroy + TF_E2E_TEST_TYPE: azure + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf diff --git a/.github/workflows/integration-cilium-cron.yaml b/.github/workflows/integration-cilium-cron.yaml new file mode 100644 index 0000000000..67737fa8c3 --- /dev/null +++ b/.github/workflows/integration-cilium-cron.yaml @@ -0,0 +1,66 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-16T11:03:04Z by kres 48517a9. + +name: integration-cilium-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 3 * * * +jobs: + default: + runs-on: + - self-hosted + - talos + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-cilium + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + QEMU_WORKERS: "2" + SHORT_INTEGRATION_TEST: "yes" + WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}]' + WITH_CUSTOM_CNI: cilium + WITH_FIREWALL: accept + WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: "yes" + run: | + sudo -E make e2e-qemu + - name: e2e-cilium-strict + env: + CILIUM_INSTALL_TYPE: strict + IMAGE_REGISTRY: registry.dev.siderolabs.io + QEMU_WORKERS: "2" + SHORT_INTEGRATION_TEST: "yes" + WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}, {"op": "add", "path": "/cluster/proxy", "value": {"disabled": true}}]' + WITH_CUSTOM_CNI: cilium + WITH_FIREWALL: accept + WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: "yes" + run: | + sudo -E make e2e-qemu + - name: e2e-cilium-strict-kubespan + env: + CILIUM_INSTALL_TYPE: strict + IMAGE_REGISTRY: registry.dev.siderolabs.io + QEMU_WORKERS: "2" + SHORT_INTEGRATION_TEST: "yes" + WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}, {"op": "add", "path": "/cluster/proxy", "value": {"disabled": true}}]' + WITH_CUSTOM_CNI: cilium + WITH_FIREWALL: accept + WITH_KUBESPAN: "true" + WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: "yes" + run: | + sudo -E make e2e-qemu diff --git a/.github/workflows/integration-cloud-images-cron.yaml b/.github/workflows/integration-cloud-images-cron.yaml new file mode 100644 index 0000000000..9d6c2d3d1f --- /dev/null +++ b/.github/workflows/integration-cloud-images-cron.yaml @@ -0,0 +1,45 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-16T11:03:04Z by kres 48517a9. + +name: integration-cloud-images-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 2 * * * +jobs: + default: + runs-on: + - self-hosted + - generic + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Mask secrets + run: | + echo -e "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: images + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + PLATFORM: linux/amd64,linux/arm64 + run: | + make images + - name: cloud-images + run: | + make cloud-images diff --git a/.github/workflows/integration-equinix-metal-cron.yaml b/.github/workflows/integration-equinix-metal-cron.yaml new file mode 100644 index 0000000000..4fd9ca110f --- /dev/null +++ b/.github/workflows/integration-equinix-metal-cron.yaml @@ -0,0 +1,69 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-16T11:03:04Z by kres 48517a9. + +name: integration-equinix-metal-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 7 * * * +jobs: + default: + runs-on: + - self-hosted + - generic + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Mask secrets + run: | + echo -e "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')" + - name: Set secrets for job + run: | + sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV" + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-equinix-metal-prepare + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make e2e-equinix-metal-prepare + - name: checkout contrib + uses: actions/checkout@v4 + with: + path: _out/contrib + ref: main + repository: siderolabs/contrib + - name: setup tf + uses: hashicorp/setup-terraform@v3 + with: + terraform_wrapper: "false" + - name: tf apply + env: + TF_E2E_ACTION: apply + TF_E2E_TEST_TYPE: equinix-metal + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf + - name: e2e-equinix-metal + run: | + make e2e-equinix-metal + - name: tf destroy + if: always() + env: + TF_E2E_ACTION: destroy + TF_E2E_TEST_TYPE: equinix-metal + TF_SCRIPT_DIR: _out/contrib + run: | + make e2e-cloud-tf diff --git a/.github/workflows/integration-extensions-cron.yaml b/.github/workflows/integration-extensions-cron.yaml new file mode 100644 index 0000000000..1d8a8e0a29 --- /dev/null +++ b/.github/workflows/integration-extensions-cron.yaml @@ -0,0 +1,68 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-21T13:52:48Z by kres 0290180. + +name: integration-extensions-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 6 * * * +jobs: + default: + runs-on: + - self-hosted + - talos + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: checkout extensions + uses: actions/checkout@v4 + with: + path: _out/extensions + ref: main + repository: siderolabs/extensions + - name: set variables + run: | + cat _out/talos-metadata >> "$GITHUB_ENV" + - name: build extensions + env: + PLATFORM: linux/amd64 + PUSH: "true" + REGISTRY: registry.dev.siderolabs.io + run: | + make all extensions-metadata -C _out/extensions + - name: installer extensions + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make installer-with-extensions + - name: e2e-extensions + env: + EXTRA_TEST_ARGS: -talos.extensions.qemu + IMAGE_REGISTRY: registry.dev.siderolabs.io + QEMU_EXTRA_DISKS: "3" + QEMU_MEMORY_WORKERS: "4096" + SHORT_INTEGRATION_TEST: "yes" + WITH_CONFIG_PATCH_WORKER: '@_out/extensions-patch.yaml' + run: | + sudo -E make e2e-qemu diff --git a/.github/workflows/integration-image-factory-cron.yaml b/.github/workflows/integration-image-factory-cron.yaml new file mode 100644 index 0000000000..d20c55cacf --- /dev/null +++ b/.github/workflows/integration-image-factory-cron.yaml @@ -0,0 +1,101 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-16T11:03:04Z by kres 48517a9. + +name: integration-image-factory-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 6 * * * +jobs: + default: + runs-on: + - self-hosted + - talos + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: factory-1.6-iso + env: + FACTORY_BOOT_METHOD: iso + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_UPGRADE: "true" + FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + FACTORY_UPGRADE_VERSION: v1.6.1 + FACTORY_VERSION: v1.6.0 + KUBERNETES_VERSION: 1.29.0 + run: | + sudo -E make e2e-image-factory + - name: factory-1.6-image + env: + FACTORY_BOOT_METHOD: disk-image + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_UPGRADE: "true" + FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + FACTORY_UPGRADE_VERSION: v1.6.1 + FACTORY_VERSION: v1.6.0 + KUBERNETES_VERSION: 1.29.0 + run: | + sudo -E make e2e-image-factory + - name: factory-1.6-pxe + env: + FACTORY_BOOT_METHOD: pxe + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_VERSION: v1.6.1 + KUBERNETES_VERSION: 1.29.0 + run: | + sudo -E make e2e-image-factory + - name: factory-1.6-secureboot + env: + FACTORY_BOOT_METHOD: secureboot-iso + FACTORY_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + FACTORY_UPGRADE: "true" + FACTORY_UPGRADE_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_UPGRADE_VERSION: v1.6.1 + FACTORY_VERSION: v1.6.0 + KUBERNETES_VERSION: 1.29.0 + run: | + sudo -E make e2e-image-factory + - name: factory-1.5-iso + env: + FACTORY_BOOT_METHOD: iso + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_UPGRADE: "true" + FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + FACTORY_UPGRADE_VERSION: v1.5.5 + FACTORY_VERSION: v1.5.5 + KUBERNETES_VERSION: 1.28.5 + run: | + sudo -E make e2e-image-factory + - name: factory-1.3-iso + env: + FACTORY_BOOT_METHOD: iso + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_UPGRADE: "true" + FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + FACTORY_UPGRADE_VERSION: v1.3.7 + FACTORY_VERSION: v1.3.7 + KUBERNETES_VERSION: 1.26.5 + run: | + sudo -E make e2e-image-factory + - name: factory-1.3-image + env: + FACTORY_BOOT_METHOD: disk-image + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_VERSION: v1.3.7 + KUBERNETES_VERSION: 1.26.5 + run: | + sudo -E make e2e-image-factory diff --git a/.github/workflows/integration-images-cron.yaml b/.github/workflows/integration-images-cron.yaml new file mode 100644 index 0000000000..275667f64c --- /dev/null +++ b/.github/workflows/integration-images-cron.yaml @@ -0,0 +1,36 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-16T11:03:04Z by kres 48517a9. + +name: integration-images-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 3 * * * +jobs: + default: + runs-on: + - self-hosted + - generic + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: images + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + PLATFORM: linux/amd64,linux/arm64 + run: | + make images diff --git a/.github/workflows/integration-misc-cron.yaml b/.github/workflows/integration-misc-cron.yaml new file mode 100644 index 0000000000..001d63c382 --- /dev/null +++ b/.github/workflows/integration-misc-cron.yaml @@ -0,0 +1,114 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-16T11:03:04Z by kres 48517a9. + +name: integration-misc-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 5 * * * +jobs: + default: + runs-on: + - self-hosted + - talos + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-firewall + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + WITH_FIREWALL: block + run: | + sudo -E make e2e-qemu + - name: e2e-network-chaos + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + WITH_NETWORK_CHAOS: "yes" + run: | + sudo -E make e2e-qemu + - name: e2e-canal-reset + env: + CUSTOM_CNI_URL: https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/canal.yaml + IMAGE_REGISTRY: registry.dev.siderolabs.io + INTEGRATION_TEST_RUN: TestIntegration/api.ResetSuite/TestResetWithSpec + run: | + sudo -E make e2e-qemu + - name: e2e-bios-cgroupsv1 + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + WITH_CONFIG_PATCH: '[{"op": "add", "path": "/machine/install/extraKernelArgs/-", "value": "talos.unified_cgroup_hierarchy=0"}]' + WITH_UEFI: "false" + run: | + sudo -E make e2e-qemu + - name: e2e-disk-image + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + USE_DISK_IMAGE: "true" + VIA_MAINTENANCE_MODE: "true" + WITH_DISK_ENCRYPTION: "true" + run: | + sudo -E make e2e-qemu + - name: e2e-controlplane-port + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + WITH_CONTROL_PLANE_PORT: "443" + run: | + sudo -E make e2e-qemu + - name: e2e-no-cluster-discovery + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + WITH_CLUSTER_DISCOVERY: "false" + run: | + sudo -E make e2e-qemu + - name: e2e-kubespan + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io\ + SHORT_INTEGRATION_TEST: "yes" + WITH_CLUSTER_DISCOVERY: "true" + WITH_KUBESPAN: "true" + run: | + sudo -E make e2e-qemu + - name: e2e-default-hostname + env: + DISABLE_DHCP_HOSTNAME: "true" + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + VIA_MAINTENANCE_MODE: "true" + run: | + sudo -E make e2e-qemu + - name: e2e-siderolink + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + VIA_MAINTENANCE_MODE: "true" + WITH_SIDEROLINK_AGENT: "true" + run: | + sudo -E make e2e-qemu + - name: e2e-siderolink-tunnel + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: "yes" + VIA_MAINTENANCE_MODE: "true" + WITH_SIDEROLINK_AGENT: tunnel + run: | + sudo -E make e2e-qemu diff --git a/.github/workflows/integration-provision-0-cron.yaml b/.github/workflows/integration-provision-0-cron.yaml new file mode 100644 index 0000000000..4d3b6e5b91 --- /dev/null +++ b/.github/workflows/integration-provision-0-cron.yaml @@ -0,0 +1,45 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-21T13:52:48Z by kres 0290180. + +name: integration-provision-0-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 4 * * * +jobs: + default: + runs-on: + - self-hosted + - talos + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: provision-tests-prepare + run: | + make provision-tests-prepare + - name: provision-tests-track-0 + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + sudo -E make provision-tests-track-0 diff --git a/.github/workflows/integration-provision-1-cron.yaml b/.github/workflows/integration-provision-1-cron.yaml new file mode 100644 index 0000000000..5206178f6e --- /dev/null +++ b/.github/workflows/integration-provision-1-cron.yaml @@ -0,0 +1,45 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-21T13:52:48Z by kres 0290180. + +name: integration-provision-1-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 4 * * * +jobs: + default: + runs-on: + - self-hosted + - talos + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: provision-tests-prepare + run: | + make provision-tests-prepare + - name: provision-tests-track-1 + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + sudo -E make provision-tests-track-1 diff --git a/.github/workflows/integration-provision-2-cron.yaml b/.github/workflows/integration-provision-2-cron.yaml new file mode 100644 index 0000000000..939b07f6aa --- /dev/null +++ b/.github/workflows/integration-provision-2-cron.yaml @@ -0,0 +1,45 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-21T13:52:48Z by kres 0290180. + +name: integration-provision-2-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 4 * * * +jobs: + default: + runs-on: + - self-hosted + - talos + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: provision-tests-prepare + run: | + make provision-tests-prepare + - name: provision-tests-track-2 + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + sudo -E make provision-tests-track-2 diff --git a/.github/workflows/integration-qemu-cron.yaml b/.github/workflows/integration-qemu-cron.yaml new file mode 100644 index 0000000000..f634591560 --- /dev/null +++ b/.github/workflows/integration-qemu-cron.yaml @@ -0,0 +1,35 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-16T11:03:04Z by kres 48517a9. + +name: integration-qemu-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 3 * * * +jobs: + default: + runs-on: + - self-hosted + - talos + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-qemu + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + sudo -E make e2e-qemu diff --git a/.github/workflows/integration-qemu-csi-cron.yaml b/.github/workflows/integration-qemu-csi-cron.yaml new file mode 100644 index 0000000000..5a98ff1d4b --- /dev/null +++ b/.github/workflows/integration-qemu-csi-cron.yaml @@ -0,0 +1,42 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-16T11:03:04Z by kres 48517a9. + +name: integration-qemu-csi-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 3 * * * +jobs: + default: + runs-on: + - self-hosted + - talos + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-qemu-csi + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + QEMU_CPUS_WORKERS: "4" + QEMU_EXTRA_DISKS: "1" + QEMU_EXTRA_DISKS_SIZE: "12288" + QEMU_MEMORY_WORKERS: "5120" + QEMU_WORKERS: "3" + SHORT_INTEGRATION_TEST: "yes" + WITH_TEST: run_csi_tests + run: | + sudo -E make e2e-qemu diff --git a/.github/workflows/integration-qemu-encrypted-vip-cron.yaml b/.github/workflows/integration-qemu-encrypted-vip-cron.yaml new file mode 100644 index 0000000000..046a795b82 --- /dev/null +++ b/.github/workflows/integration-qemu-encrypted-vip-cron.yaml @@ -0,0 +1,38 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-16T11:03:04Z by kres 48517a9. + +name: integration-qemu-encrypted-vip-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 3 * * * +jobs: + default: + runs-on: + - self-hosted + - talos + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: e2e-qemu + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + WITH_DISK_ENCRYPTION: "true" + WITH_KUBESPAN: "true" + WITH_VIRTUAL_IP: "true" + run: | + sudo -E make e2e-qemu diff --git a/.github/workflows/integration-qemu-race-cron.yaml b/.github/workflows/integration-qemu-race-cron.yaml new file mode 100644 index 0000000000..9ba3451b43 --- /dev/null +++ b/.github/workflows/integration-qemu-race-cron.yaml @@ -0,0 +1,52 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-21T13:52:48Z by kres 0290180. + +name: integration-qemu-race-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 3 * * * +jobs: + default: + runs-on: + - self-hosted + - talos + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: build-race + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + PLATFORM: linux/amd64 + PUSH: "true" + TAG_SUFFIX: -race + WITH_RACE: "1" + run: | + make initramfs installer + - name: e2e-qemu-race + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + TAG_SUFFIX: -race + run: | + sudo -E make e2e-qemu diff --git a/.github/workflows/integration-reproducibility-test-cron.yaml b/.github/workflows/integration-reproducibility-test-cron.yaml new file mode 100644 index 0000000000..2535e0bf32 --- /dev/null +++ b/.github/workflows/integration-reproducibility-test-cron.yaml @@ -0,0 +1,42 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-21T13:52:48Z by kres 0290180. + +name: integration-reproducibility-test-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 2 * * * +jobs: + default: + runs-on: + - self-hosted + - talos + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Set up Docker Buildx + id: setup-buildx + uses: docker/setup-buildx-action@v3 + with: + driver: remote + endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234 + timeout-minutes: 10 + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: reproducibility-test + env: + IMAGE_REGISTRY: registry.dev.siderolabs.io + run: | + make reproducibility-test diff --git a/.github/workflows/integration-trusted-boot-cron.yaml b/.github/workflows/integration-trusted-boot-cron.yaml new file mode 100644 index 0000000000..3653367f54 --- /dev/null +++ b/.github/workflows/integration-trusted-boot-cron.yaml @@ -0,0 +1,38 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-16T11:03:04Z by kres 48517a9. + +name: integration-trusted-boot-cron +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true +"on": + schedule: + - cron: 30 3 * * * +jobs: + default: + runs-on: + - self-hosted + - talos + steps: + - name: checkout + uses: actions/checkout@v4 + - name: Unshallow + run: | + git fetch --prune --unshallow + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: artifacts + path: _out + - name: Fix artifact permissions + run: | + xargs -a _out/executable-artifacts -I {} chmod +x {} + - name: integration-trusted-boot + env: + EXTRA_TEST_ARGS: -talos.trustedboot + IMAGE_REGISTRY: registry.dev.siderolabs.io + VIA_MAINTENANCE_MODE: "true" + WITH_TRUSTED_BOOT_ISO: "true" + run: | + sudo -E make e2e-qemu diff --git a/.github/workflows/slack-notify.yaml b/.github/workflows/slack-notify.yaml new file mode 100644 index 0000000000..4252c41276 --- /dev/null +++ b/.github/workflows/slack-notify.yaml @@ -0,0 +1,112 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-05-16T11:03:04Z by kres 48517a9. + +name: slack-notify +"on": + workflow_run: + workflows: + - default + - integration-qemu-cron + - integration-trusted-boot-cron + - integration-provision-0-cron + - integration-provision-1-cron + - integration-provision-2-cron + - integration-misc-cron + - integration-extensions-cron + - integration-cilium-cron + - integration-qemu-encrypted-vip-cron + - integration-qemu-race-cron + - integration-qemu-csi-cron + - integration-images-cron + - integration-reproducibility-test-cron + - integration-cloud-images-cron + - integration-image-factory-cron + - integration-aws-cron + - integration-aws-nvidia-oss-cron + - integration-aws-nvidia-nonfree-cron + - integration-azure-cron + - integration-equinix-metal-cron + types: + - completed +jobs: + slack-notify: + runs-on: + - self-hosted + - generic + if: github.event.workflow_run.conclusion != 'skipped' + steps: + - name: Get PR number + id: get-pr-number + if: github.event.workflow_run.event == 'pull_request' + env: + GH_TOKEN: ${{ github.token }} + run: | + echo pull_request_number=$(gh pr view -R ${{ github.repository }} ${{ github.event.workflow_run.head_repository.owner.login }}:${{ github.event.workflow_run.head_branch }} --json number --jq .number) >> $GITHUB_OUTPUT + - name: Slack Notify + uses: slackapi/slack-github-action@v1 + with: + channel-id: proj-talos-maintainers + payload: | + { + "attachments": [ + { + "color": "${{ github.event.workflow_run.conclusion == 'success' && '#2EB886' || github.event.workflow_run.conclusion == 'failure' && '#A30002' || '#FFCC00' }}", + "fallback": "test", + "blocks": [ + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "${{ github.event.workflow_run.event == 'pull_request' && format('*Pull Request:* {0} (`{1}`)\n<{2}/pull/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, steps.get-pr-number.outputs.pull_request_number, github.event.workflow_run.display_title) || format('*Build:* {0} (`{1}`)\n<{2}/commit/{3}|{4}>', github.repository, github.ref_name, github.event.repository.html_url, github.sha, github.event.workflow_run.display_title) }}" + }, + { + "type": "mrkdwn", + "text": "*Status:*\n`${{ github.event.workflow_run.conclusion }}`" + } + ] + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Author:*\n`${{ github.actor }}`" + }, + { + "type": "mrkdwn", + "text": "*Event:*\n`${{ github.event.workflow_run.event }}`" + } + ] + }, + { + "type": "divider" + }, + { + "type": "actions", + "elements": [ + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Logs" + }, + "url": "${{ github.event.workflow_run.html_url }}" + }, + { + "type": "button", + "text": { + "type": "plain_text", + "text": "Commit" + }, + "url": "${{ github.event.repository.html_url }}/commit/${{ github.sha }}" + } + ] + } + ] + } + ] + } + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/.kres.yaml b/.kres.yaml new file mode 100644 index 0000000000..0bd60f850c --- /dev/null +++ b/.kres.yaml @@ -0,0 +1,1066 @@ +--- +kind: auto.CI +spec: + compileGHWorkflowsOnly: true +--- +kind: common.SOPS +spec: + enabled: true + config: |- + creation_rules: + - age: age1xrpa9ujxxcj2u2gzfrzv8mxak4rts94a6y60ypurv6rs5cpr4e4sg95f0k + # order: Andrey, Noel, Artem, Utku, Dmitriy + pgp: >- + 15D5721F5F5BAF121495363EFE042E3D4085A811, + CC51116A94490FA6FB3C18EB2401FCAE863A06CA, + 4919F560F0D35F80CF382D76E084A2DF1143C14D, + 966BC282A680D8BB3E8363E865933E76F0549B0D, + AA5213AF261C1977AF38B03A94B473337258BFD5 +--- +kind: common.Repository +spec: + conformScopes: + - apid + - machined + - networkd + - talosctl + - trustd + - talosctl + - kernel + - security + - ci + - ^v1.8 + licenseChecks: + - skipPaths: + - .git/ + - testdata/ + includeSuffixes: + - .go + excludeSuffixes: + - .pb.go + - .pb.gw.go + - _string.go + - _enumer.go + - _string_linux.go + - zz_generated.deepcopy.go + header: | + // This Source Code Form is subject to the terms of the Mozilla Public + // License, v. 2.0. If a copy of the MPL was not distributed with this + // file, You can obtain one at http://mozilla.org/MPL/2.0/. + enforceContexts: + - default + - e2e-iso + - e2e-qemu-short + - e2e-docker-short + - integration-qemu + - integration-trusted-boot + - integration-provision-0 + - integration-provision-1 + - integration-provision-2 + - integration-misc + - integration-extensions + - integration-cilium + - integration-qemu-encrypted-vip + - integration-qemu-race + - integration-qemu-csi + - integration-images + - integration-reproducibility-test + - integration-cloud-images + - integration-image-factory + - integration-aws + - integration-aws-nvidia-oss + - integration-aws-nvidia-nonfree + - integration-azure + - integration-equinix-metal +--- +kind: common.GHWorkflow +spec: + jobs: + - name: default + buildxOptions: + enabled: true + runners: + - self-hosted + - generic + conditions: + - on-pull-request + steps: + - name: external-artifacts + - name: generate + command: generate docs + - name: uki-certs + environment: + PLATFORM: linux/amd64 + - name: check-dirty + - name: build + command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer imager talos _out/integration-test-linux-amd64 + environment: + PLATFORM: linux/amd64,linux/arm64 + IMAGE_REGISTRY: registry.dev.siderolabs.io + PUSH: true + - name: lint + - name: talosctl-cni-bundle + - name: iso + command: iso secureboot-iso + environment: + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: images-essential + environment: + PLATFORM: linux/amd64,linux/arm64 + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: unit-tests + - name: unit-tests-race + - name: coverage + coverageStep: + files: + - _out/coverage.txt + timeoutMinutes: 3 + - name: save-artifacts + artifactStep: + type: upload + artifactPath: _out + additionalArtifacts: + - "!_out/coverage.txt" + - name: push + buildxOptions: + enabled: true + runners: + - self-hosted + - generic + conditions: + - except-pull-request + steps: + - name: build + command: talosctl-all kernel sd-boot sd-stub initramfs installer imager talos + - name: release-notes + - name: login-to-registry + registryLoginStep: + registry: ghcr.io + - name: push + - name: push-latest + conditions: + - not-on-tag + - name: tag + sops: true + buildxOptions: + enabled: true + runners: + - self-hosted + - generic + conditions: + - only-on-tag + steps: + - name: build + command: talosctl-all kernel sd-boot sd-stub initramfs installer imager talos + - name: release-notes + - name: login-to-registry + registryLoginStep: + registry: ghcr.io + - name: push + - name: images + - name: cloud-images + - name: release + releaseStep: + baseDirectory: _out + artifacts: + - akamai-amd64.raw.gz + - akamai-arm64.raw.gz + - aws-amd64.raw.zst + - aws-arm64.raw.zst + - azure-amd64.vhd.zst + - azure-arm64.vhd.zst + - cloud-images.json + - digital-ocean-amd64.raw.gz + - digital-ocean-arm64.raw.gz + - exoscale-amd64.qcow2.zst + - exoscale-arm64.qcow2.zst + - gcp-amd64.raw.tar.gz + - gcp-arm64.raw.tar.gz + - hcloud-amd64.raw.zst + - hcloud-arm64.raw.zst + - initramfs-amd64.xz + - initramfs-arm64.xz + - metal-amd64.iso + - metal-arm64.iso + - metal-amd64.raw.zst + - metal-arm64.raw.zst + - nocloud-amd64.raw.zst + - nocloud-arm64.raw.zst + - opennebula-amd64.raw.zst + - opennebula-arm64.raw.zst + - openstack-amd64.raw.zst + - openstack-arm64.raw.zst + - oracle-amd64.qcow2.zst + - oracle-arm64.qcow2.zst + - scaleway-amd64.raw.zst + - scaleway-arm64.raw.zst + - sd-boot-amd64.efi + - sd-boot-arm64.efi + - sd-stub-amd64.efi + - sd-stub-arm64.efi + - talosctl-cni-bundle-amd64.tar.gz + - talosctl-cni-bundle-arm64.tar.gz + - talosctl-darwin-amd64 + - talosctl-darwin-arm64 + - talosctl-freebsd-amd64 + - talosctl-freebsd-arm64 + - talosctl-linux-amd64 + - talosctl-linux-arm64 + - talosctl-linux-armv7 + - talosctl-windows-amd64.exe + - upcloud-amd64.raw.zst + - upcloud-arm64.raw.zst + - vmware-amd64.ova + - vmware-arm64.ova + - vmlinuz-amd64 + - vmlinuz-arm64 + - vultr-amd64.raw.zst + - vultr-arm64.raw.zst + generateChecksums: true + releaseNotes: RELEASE_NOTES.md + - name: e2e-iso + depends: + - default + runners: + - self-hosted + - generic + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: e2e-iso + withSudo: true + environment: + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: e2e-qemu-short + depends: + - default + runners: + - self-hosted + - generic + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: e2e-qemu + withSudo: true + environment: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: yes + - name: e2e-docker-short + depends: + - default + runners: + - self-hosted + - generic + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: e2e-docker + withSudo: false + environment: + IMAGE_REGISTRY: registry.dev.siderolabs.io + SHORT_INTEGRATION_TEST: yes + - name: integration-qemu + depends: + - default + runners: + - self-hosted + - talos + crons: + - '30 3 * * *' + triggerLabels: + - integration/qemu + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: e2e-qemu + withSudo: true + environment: + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: integration-trusted-boot + depends: + - default + runners: + - self-hosted + - talos + crons: + - '30 3 * * *' + triggerLabels: + - integration/trusted-boot + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: integration-trusted-boot + command: e2e-qemu + withSudo: true + environment: + VIA_MAINTENANCE_MODE: true + WITH_TRUSTED_BOOT_ISO: true + EXTRA_TEST_ARGS: -talos.trustedboot + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: integration-provision-0 + buildxOptions: + enabled: true + depends: + - default + runners: + - self-hosted + - talos + crons: + - '30 4 * * *' + triggerLabels: + - integration/provision + - integration/provision-0 + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: provision-tests-prepare + - name: provision-tests-track-0 + withSudo: true + environment: + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: integration-provision-1 + buildxOptions: + enabled: true + depends: + - default + runners: + - self-hosted + - talos + crons: + - '30 4 * * *' + triggerLabels: + - integration/provision + - integration/provision-1 + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: provision-tests-prepare + - name: provision-tests-track-1 + withSudo: true + environment: + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: integration-provision-2 + buildxOptions: + enabled: true + depends: + - default + runners: + - self-hosted + - talos + crons: + - '30 4 * * *' + triggerLabels: + - integration/provision + - integration/provision-2 + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: provision-tests-prepare + - name: provision-tests-track-2 + withSudo: true + environment: + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: integration-misc + depends: + - default + runners: + - self-hosted + - talos + crons: + - '30 5 * * *' + triggerLabels: + - integration/misc + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: e2e-firewall + command: e2e-qemu + withSudo: true + environment: + SHORT_INTEGRATION_TEST: yes + WITH_FIREWALL: block + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: e2e-network-chaos + command: e2e-qemu + withSudo: true + environment: + SHORT_INTEGRATION_TEST: yes + WITH_NETWORK_CHAOS: yes + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: e2e-canal-reset + command: e2e-qemu + withSudo: true + environment: + INTEGRATION_TEST_RUN: TestIntegration/api.ResetSuite/TestResetWithSpec + CUSTOM_CNI_URL: https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/canal.yaml + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: e2e-bios-cgroupsv1 + command: e2e-qemu + withSudo: true + environment: + SHORT_INTEGRATION_TEST: yes + WITH_UEFI: false + WITH_CONFIG_PATCH: '[{"op": "add", "path": "/machine/install/extraKernelArgs/-", "value": "talos.unified_cgroup_hierarchy=0"}]' #use cgroupsv1 + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: e2e-disk-image + command: e2e-qemu + withSudo: true + environment: + SHORT_INTEGRATION_TEST: yes + USE_DISK_IMAGE: true + VIA_MAINTENANCE_MODE: true + WITH_DISK_ENCRYPTION: true + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: e2e-controlplane-port + command: e2e-qemu + withSudo: true + environment: + SHORT_INTEGRATION_TEST: yes + WITH_CONTROL_PLANE_PORT: 443 + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: e2e-no-cluster-discovery + command: e2e-qemu + withSudo: true + environment: + SHORT_INTEGRATION_TEST: yes + WITH_CLUSTER_DISCOVERY: false + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: e2e-kubespan + command: e2e-qemu + withSudo: true + environment: + SHORT_INTEGRATION_TEST: yes + WITH_CLUSTER_DISCOVERY: true + WITH_KUBESPAN: true + IMAGE_REGISTRY: registry.dev.siderolabs.io\ + - name: e2e-default-hostname + command: e2e-qemu + withSudo: true + environment: + SHORT_INTEGRATION_TEST: yes + VIA_MAINTENANCE_MODE: true + DISABLE_DHCP_HOSTNAME: true + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: e2e-siderolink + command: e2e-qemu + withSudo: true + environment: + SHORT_INTEGRATION_TEST: yes + WITH_SIDEROLINK_AGENT: true + VIA_MAINTENANCE_MODE: true + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: e2e-siderolink-tunnel + command: e2e-qemu + withSudo: true + environment: + SHORT_INTEGRATION_TEST: yes + WITH_SIDEROLINK_AGENT: tunnel + VIA_MAINTENANCE_MODE: true + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: integration-extensions + buildxOptions: + enabled: true + depends: + - default + runners: + - self-hosted + - talos + crons: + - '30 6 * * *' + triggerLabels: + - integration/extensions + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: checkout extensions + checkoutStep: + repository: siderolabs/extensions + ref: main + path: _out/extensions + - name: set variables + nonMakeStep: true + command: cat _out/talos-metadata >> "$GITHUB_ENV" + - name: build extensions + command: all extensions-metadata + arguments: + - -C + - _out/extensions + environment: + PLATFORM: linux/amd64 + PUSH: true + REGISTRY: registry.dev.siderolabs.io + - name: installer extensions + command: installer-with-extensions + environment: + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: e2e-extensions + command: e2e-qemu + withSudo: true + environment: + QEMU_MEMORY_WORKERS: 4096 + WITH_CONFIG_PATCH_WORKER: "@_out/extensions-patch.yaml" + QEMU_EXTRA_DISKS: 3 + SHORT_INTEGRATION_TEST: yes + EXTRA_TEST_ARGS: -talos.extensions.qemu + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: integration-cilium + depends: + - default + runners: + - self-hosted + - talos + crons: + - '30 3 * * *' + triggerLabels: + - integration/cilium + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: e2e-cilium + command: e2e-qemu + withSudo: true + environment: + SHORT_INTEGRATION_TEST: yes + WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: yes + WITH_CUSTOM_CNI: cilium + WITH_FIREWALL: accept + QEMU_WORKERS: 2 + WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}]' + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: e2e-cilium-strict + command: e2e-qemu + withSudo: true + environment: + SHORT_INTEGRATION_TEST: yes + WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: yes + WITH_CUSTOM_CNI: cilium + WITH_FIREWALL: accept + QEMU_WORKERS: 2 + CILIUM_INSTALL_TYPE: strict + WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}, {"op": "add", "path": "/cluster/proxy", "value": {"disabled": true}}]' + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: e2e-cilium-strict-kubespan + command: e2e-qemu + withSudo: true + environment: + SHORT_INTEGRATION_TEST: yes + WITH_SKIP_BOOT_PHASE_FINISHED_CHECK: yes + WITH_CUSTOM_CNI: cilium + WITH_FIREWALL: accept + WITH_KUBESPAN: true + QEMU_WORKERS: 2 + CILIUM_INSTALL_TYPE: strict + WITH_CONFIG_PATCH: '[{"op": "add", "path": "/cluster/network", "value": {"cni": {"name": "none"}}}, {"op": "add", "path": "/cluster/proxy", "value": {"disabled": true}}]' + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: integration-qemu-encrypted-vip + depends: + - default + runners: + - self-hosted + - talos + crons: + - '30 3 * * *' + triggerLabels: + - integration/qemu-encrypted-vip + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: e2e-qemu + withSudo: true + environment: + WITH_DISK_ENCRYPTION: true + WITH_VIRTUAL_IP: true + WITH_KUBESPAN: true + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: integration-qemu-race + buildxOptions: + enabled: true + depends: + - default + runners: + - self-hosted + - talos + crons: + - '30 3 * * *' + triggerLabels: + - integration/qemu-race + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: build-race + command: initramfs installer + environment: + PUSH: true + TAG_SUFFIX: -race + WITH_RACE: 1 + PLATFORM: linux/amd64 + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: e2e-qemu-race + command: e2e-qemu + withSudo: true + environment: + TAG_SUFFIX: -race + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: integration-qemu-csi + depends: + - default + runners: + - self-hosted + - talos + crons: + - '30 3 * * *' + triggerLabels: + - integration/qemu-csi + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: e2e-qemu-csi + command: e2e-qemu + withSudo: true + environment: + SHORT_INTEGRATION_TEST: yes + QEMU_WORKERS: 3 + QEMU_CPUS_WORKERS: 4 + QEMU_MEMORY_WORKERS: 5120 + QEMU_EXTRA_DISKS: 1 + QEMU_EXTRA_DISKS_SIZE: 12288 + WITH_TEST: run_csi_tests + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: integration-images + depends: + - default + runners: + - self-hosted + - generic # this is pretty fast, so we can use generic + crons: + - '30 3 * * *' + triggerLabels: + - integration/images + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: images + environment: + PLATFORM: linux/amd64,linux/arm64 + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: integration-reproducibility-test + buildxOptions: + enabled: true + depends: + - default + runners: + - self-hosted + - talos + crons: + - '30 2 * * *' + triggerLabels: + - integration/reproducibility-test + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: reproducibility-test + environment: + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: integration-cloud-images + sops: true + depends: + - default + runners: + - self-hosted + - generic # this is not compute intensive, so we can use generic + crons: + - '30 2 * * *' + triggerLabels: + - integration/cloud-images + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: images + environment: + PLATFORM: linux/amd64,linux/arm64 + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: cloud-images + - name: integration-image-factory + depends: + - default + runners: + - self-hosted + - talos + crons: + - '30 6 * * *' + triggerLabels: + - integration/image-factory + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: factory-1.6-iso + command: e2e-image-factory + withSudo: true + environment: + FACTORY_BOOT_METHOD: iso + FACTORY_VERSION: v1.6.0 + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + KUBERNETES_VERSION: 1.29.0 + FACTORY_UPGRADE: true + FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + FACTORY_UPGRADE_VERSION: v1.6.1 + - name: factory-1.6-image + command: e2e-image-factory + withSudo: true + environment: + FACTORY_BOOT_METHOD: disk-image + FACTORY_VERSION: v1.6.0 + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + KUBERNETES_VERSION: 1.29.0 + FACTORY_UPGRADE: true + FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + FACTORY_UPGRADE_VERSION: v1.6.1 + - name: factory-1.6-pxe + command: e2e-image-factory + withSudo: true + environment: + FACTORY_BOOT_METHOD: pxe + FACTORY_VERSION: v1.6.1 + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + KUBERNETES_VERSION: 1.29.0 + - name: factory-1.6-secureboot + command: e2e-image-factory + withSudo: true + environment: + FACTORY_BOOT_METHOD: secureboot-iso + FACTORY_VERSION: v1.6.0 + FACTORY_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + KUBERNETES_VERSION: 1.29.0 + FACTORY_UPGRADE: true + FACTORY_UPGRADE_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + FACTORY_UPGRADE_VERSION: v1.6.1 + - name: factory-1.5-iso + command: e2e-image-factory + withSudo: true + environment: + FACTORY_BOOT_METHOD: iso + FACTORY_VERSION: v1.5.5 + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + KUBERNETES_VERSION: 1.28.5 + FACTORY_UPGRADE: true + FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + FACTORY_UPGRADE_VERSION: v1.5.5 + - name: factory-1.3-iso + command: e2e-image-factory + withSudo: true + environment: + FACTORY_BOOT_METHOD: iso + FACTORY_VERSION: v1.3.7 + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + KUBERNETES_VERSION: 1.26.5 + FACTORY_UPGRADE: true + FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f + FACTORY_UPGRADE_VERSION: v1.3.7 + - name: factory-1.3-image + command: e2e-image-factory + withSudo: true + environment: + FACTORY_BOOT_METHOD: disk-image + FACTORY_VERSION: v1.3.7 + FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba + KUBERNETES_VERSION: 1.26.5 + - name: integration-aws + sops: true + depends: + - default + runners: + - self-hosted + - generic # we can use generic here since the tests run against a remote talos cluster + crons: + - '30 7 * * *' + triggerLabels: + - integration/aws + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: e2e-aws-prepare + environment: + E2E_AWS_TARGET: default + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: checkout contrib + checkoutStep: + repository: siderolabs/contrib + ref: main + path: _out/contrib + - name: setup tf + terraformStep: true + - name: tf apply + command: e2e-cloud-tf + environment: + TF_SCRIPT_DIR: _out/contrib + TF_E2E_TEST_TYPE: aws + TF_E2E_ACTION: apply + - name: e2e-aws + - name: tf destroy + command: e2e-cloud-tf + conditions: + - always + environment: + TF_SCRIPT_DIR: _out/contrib + TF_E2E_TEST_TYPE: aws + TF_E2E_ACTION: destroy + - name: integration-aws-nvidia-oss + buildxOptions: + enabled: true + sops: true + depends: + - default + runners: + - self-hosted + - generic # we can use generic here since the tests run against a remote talos cluster + crons: + - '30 7 * * *' + triggerLabels: + - integration/aws-nvidia-oss + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: checkout extensions + checkoutStep: + repository: siderolabs/extensions + ref: main + path: _out/extensions + - name: set variables + nonMakeStep: true + command: cat _out/talos-metadata >> "$GITHUB_ENV" + - name: build extensions + command: nvidia-container-toolkit nvidia-open-gpu-kernel-modules extensions-metadata + arguments: + - -C + - _out/extensions + environment: + PLATFORM: linux/amd64 + PUSH: true + REGISTRY: registry.dev.siderolabs.io + - name: e2e-aws-prepare + environment: + EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata + E2E_AWS_TARGET: nvidia-oss + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: checkout contrib + checkoutStep: + repository: siderolabs/contrib + ref: main + path: _out/contrib + - name: setup tf + terraformStep: true + - name: tf apply + command: e2e-cloud-tf + environment: + TF_SCRIPT_DIR: _out/contrib + TF_E2E_TEST_TYPE: aws + TF_E2E_ACTION: apply + - name: e2e-aws-nvidia-oss + command: e2e-aws + environment: + TEST_NUM_NODES: 4 + EXTRA_TEST_ARGS: -talos.extensions.nvidia + - name: tf destroy + command: e2e-cloud-tf + conditions: + - always + environment: + TF_SCRIPT_DIR: _out/contrib + TF_E2E_TEST_TYPE: aws + TF_E2E_ACTION: destroy + - name: integration-aws-nvidia-nonfree + buildxOptions: + enabled: true + sops: true + depends: + - default + runners: + - self-hosted + - generic # we can use generic here since the tests run against a remote talos cluster + crons: + - '30 7 * * *' + triggerLabels: + - integration/aws-nvidia-nonfree + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: checkout extensions + checkoutStep: + repository: siderolabs/extensions + ref: main + path: _out/extensions + - name: set variables + nonMakeStep: true + command: cat _out/talos-metadata >> "$GITHUB_ENV" + - name: build extensions + command: nvidia-container-toolkit nonfree-kmod-nvidia extensions-metadata + arguments: + - -C + - _out/extensions + environment: + PLATFORM: linux/amd64 + PUSH: true + REGISTRY: registry.dev.siderolabs.io + - name: e2e-aws-prepare + environment: + EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata + E2E_AWS_TARGET: nvidia-nonfree + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: checkout contrib + checkoutStep: + repository: siderolabs/contrib + ref: main + path: _out/contrib + - name: setup tf + terraformStep: true + - name: tf apply + command: e2e-cloud-tf + environment: + TF_SCRIPT_DIR: _out/contrib + TF_E2E_TEST_TYPE: aws + TF_E2E_ACTION: apply + - name: e2e-aws-nvidia-nonfree + command: e2e-aws + environment: + TEST_NUM_NODES: 4 + EXTRA_TEST_ARGS: -talos.extensions.nvidia + - name: tf destroy + command: e2e-cloud-tf + conditions: + - always + environment: + TF_SCRIPT_DIR: _out/contrib + TF_E2E_TEST_TYPE: aws + TF_E2E_ACTION: destroy + - name: integration-azure + sops: true + depends: + - default + runners: + - self-hosted + - generic # we can use generic here since the tests run against a remote talos cluster + crons: + - '30 7 * * *' + triggerLabels: + - integration/azure + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: e2e-azure-prepare + environment: + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: checkout contrib + checkoutStep: + repository: siderolabs/contrib + ref: main + path: _out/contrib + - name: setup tf + terraformStep: true + - name: tf apply + command: e2e-cloud-tf + environment: + TF_SCRIPT_DIR: _out/contrib + TF_E2E_TEST_TYPE: azure + TF_E2E_ACTION: apply + ARM_SUBSCRIPTION_ID: ${{ env.AZURE_SUBSCRIPTION_ID }} + ARM_CLIENT_ID: ${{ env.AZURE_CLIENT_ID }} + ARM_CLIENT_SECRET: ${{ env.AZURE_CLIENT_SECRET }} + ARM_TENANT_ID: ${{ env.AZURE_TENANT_ID }} + - name: e2e-azure + - name: tf destroy + command: e2e-cloud-tf + conditions: + - always + environment: + TF_SCRIPT_DIR: _out/contrib + TF_E2E_TEST_TYPE: azure + TF_E2E_ACTION: destroy + ARM_SUBSCRIPTION_ID: ${{ env.AZURE_SUBSCRIPTION_ID }} + ARM_CLIENT_ID: ${{ env.AZURE_CLIENT_ID }} + ARM_CLIENT_SECRET: ${{ env.AZURE_CLIENT_SECRET }} + ARM_TENANT_ID: ${{ env.AZURE_TENANT_ID }} + - name: integration-equinix-metal + sops: true + depends: + - default + runners: + - self-hosted + - generic # we can use generic here since the tests run against a remote talos cluster + crons: + - '30 7 * * *' + triggerLabels: + - integration/equinix-metal + steps: + - name: download-artifacts + artifactStep: + type: download + artifactPath: _out + - name: e2e-equinix-metal-prepare + environment: + IMAGE_REGISTRY: registry.dev.siderolabs.io + - name: checkout contrib + checkoutStep: + repository: siderolabs/contrib + ref: main + path: _out/contrib + - name: setup tf + terraformStep: true + - name: tf apply + command: e2e-cloud-tf + environment: + TF_SCRIPT_DIR: _out/contrib + TF_E2E_TEST_TYPE: equinix-metal + TF_E2E_ACTION: apply + - name: e2e-equinix-metal + - name: tf destroy + command: e2e-cloud-tf + conditions: + - always + environment: + TF_SCRIPT_DIR: _out/contrib + TF_E2E_TEST_TYPE: equinix-metal + TF_E2E_ACTION: destroy diff --git a/.secrets.yaml b/.secrets.yaml new file mode 100644 index 0000000000..b496fe706f --- /dev/null +++ b/.secrets.yaml @@ -0,0 +1,89 @@ +secrets: + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:AeXmU6IET6Mu1m7RrGbUxKYfeGw=,iv:ivTCvzsvlMDeRi1Xo+Xig+q/MFjinRT25oTQ4dTpD5w=,tag:ZgeWJ9306rFP2QCfn13XEQ==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:jOYsF4j5MuwJnUDW+m2TQxCaf1DOH+6QeAwtkBI2UKSCepG0ptHuzw==,iv:bYHZmQZly0S0fpRTQ6VwbafDYxH18jmfn6T/0/KQuqQ=,tag:55xc/fyBbb96QYzlohkZ+A==,type:str] + AWS_DEFAULT_REGION: ENC[AES256_GCM,data:Q7KZm7eenYFn,iv:VuzTTfAHe9FOTcqrGiJU9qdNixTxszm23rSXuNDB3cA=,tag:eGbIm8M/1Lsl0aoa9NanOQ==,type:str] + AZURE_SUBSCRIPTION_ID: ENC[AES256_GCM,data:vSY8xRgtR/ZGaztRyKUZsPUfFOJF2Nn5Zj8uO4q4Xm/uMKHA,iv:gImkSQLPnK2lDs8BpKP/y5qtYUTQREBXPR+LiUz8RQU=,tag:CVeHJ5YOz6BW8M7JDgQHYQ==,type:str] + AZURE_CLIENT_ID: ENC[AES256_GCM,data:sr2EhYwKjlsHYatqEoDXcm3yp5W8kzLyU4wpUPVvIwquxfM/,iv:ZMqoaG+F9JCfpUUbH6S0vvpwUmrfbCNpv4EJzFkb7Ng=,tag:RN5psxUWFa0SHroi4iqPHQ==,type:str] + AZURE_CLIENT_SECRET: ENC[AES256_GCM,data:DXH6XWJ1hfdrJJ2ue7Oq2cKsZKjuIAVACCBXRrp86EjrMY/4I9StnA==,iv:GHFK7zQmBQNUHOQvozGigW1pvfbFxaOZQR/HJc58XD4=,tag:1ciek8BjoJjTjIaoImJj6Q==,type:str] + AZURE_TENANT_ID: ENC[AES256_GCM,data:dZapmCqJeTx9C0us38mxDpPbdxBn39fJOmIc+5MgnAI6esT5,iv:s/GuStsQKgdc/6jpq2YMAE9GggLH/xGfrDzzgk/4kmQ=,tag:+dVM3/Joq3OA/opmSU6TSA==,type:str] + EM_PROJECT_ID: ENC[AES256_GCM,data:nPVZ+Uoul/W7UpxIoeMP1n3YhuEjq3fNKD+zoso4FBP2Obd0,iv:SSF8KZBczWvCJjZpvDo60mnoM21CrzdmmKs2reLi8w0=,tag:VKjsQSHqiQY+IzkIXO70MA==,type:str] + EM_API_TOKEN: ENC[AES256_GCM,data:PnNDZTRDTubebmtAuH1sAuEp5ZwzVie5WA0AhCUk26M=,iv:5MdcOwY+QrIdkFgCXcs2rBGCXQBnhi/EDxTPWr/vCMs=,tag:mcQ9qrWPYMaPalzr/GV7pQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1xrpa9ujxxcj2u2gzfrzv8mxak4rts94a6y60ypurv6rs5cpr4e4sg95f0k + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvL24xdzZ5WVF6Mmxxa0NW + TnFSM00xWHFYRHJhbmxZU09hWG0weFNBdkdFCmVrQ1pxd2hJWkltMHo1S0dvMWwr + QXlMN1FCbTc3ajZQVS9xNXNtUDB0NEkKLS0tIHdtbmd3NG9Kdlo1VzdqMENVcVkr + ZE0zRWwxVzBLL3Q1WW1FNmVvc0txZm8K+GkjAq/WSduuDrsbeyqVi29Pj2IL25mA + a11K/HVqTCU834uHQXjpN3keJS23v5BJGZCpOwVXyZX8f1yAm/ZQAA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-06T06:16:37Z" + mac: ENC[AES256_GCM,data:q3NlR1Yi/4J/aCZUbatqL50gW7FPCMrYhYXSZWaZz4f+MLqzV+ymk4dO2QvS7ssgIX7TUVXjR2ClXgl+U3p31rqeVm8o8+LQPimJJnaQ0JrbO8tRZP3sQrQ4tghOKM1hFO/sz/52NTvoxl9OS9qIsq38fM+LUor4gEFekBQEyow=,iv:tZu7y6uezwvUFeHq4DdgNI0izg7DWspDIbzUxKTIBDs=,tag:PvYXbzD4HcWOP1Jw+zmHmA==,type:str] + pgp: + - created_at: "2024-04-29T17:03:17Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4D/dYBJRlWfQISAQdAG/X828buETcY2yNXRA2dORhwHSfBk25lhTMOesAozk0w + 42HQ4ZHV/xc/a9QsfX5pqAZgWbXUGce473RSMfbx3Xd2qnurqhOxyJ41xIQ2U1RX + 0l4BQKFt84pgtGHzVdmOsqGzn+kHVxeL9vmsNmC8GGiTGOt/YlLepTwN/0lxl9YC + CtPehgXh1HEjPF6+97KEe/LsIqsEusiBvnz7ieF5bzpt0rhje0mG/yRPpHdE3tzp + =eUa+ + -----END PGP MESSAGE----- + fp: 15D5721F5F5BAF121495363EFE042E3D4085A811 + - created_at: "2024-04-29T17:03:17Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4D+EORkHurkvgSAQdAc9l7LbjRnrmSkDnnqyjJgRso3exRZoFeHPvhd5FS3C8w + fa5KZkhoTCx9G19FFMOFksjLlCRVET7iN4/eI51KOuQ2XAj1PfG+fLPMucNtU7xz + 0l4Baqj1OkL2vF+u0r1OHpZO3R+8h0N1sMoN/4tgQc58ClNCSrslrUiclZXv1brN + yX+sK8AtlxiBl9f5DIVqA5v+emtHx38OvR3o9iX8JppYuChmnU6a2mHy0cjwEgM/ + =xkKE + -----END PGP MESSAGE----- + fp: CC51116A94490FA6FB3C18EB2401FCAE863A06CA + - created_at: "2024-04-29T17:03:17Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DCsA/BhMt3V4SAQdAdsc6wpQaH5PxlLbUgJ1AtQQLAfzW8N8u9tMoYUsw9Cww + jfAQCIpFjOCcKn2EfQzb/KXSHHiAFBx0BYF4kEoEnclyytkBtny1O14eZMVp0Ja0 + 0l4BAEzpCeHkgxS19TghHguj7dmRvwk+C3U/qZR0Yd5F8okK3OyLGxE8SzOCC+Ex + YZ2LiEerDzj7N3SxdzRBtYgpturs0TUlZwbO2jWvb92LrCg+fwZTDf+FXBMKJMgJ + =F891 + -----END PGP MESSAGE----- + fp: 4919F560F0D35F80CF382D76E084A2DF1143C14D + - created_at: "2024-04-29T17:03:17Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMAxQwM84t19oOAQgApMfAt5Si/Uo/Mk5VoOXvRXljrdRAkr7NXcRgw7aR99oR + oMp6M6yd6mMej840Vchrd5QPavMd6Pyrepebip50QViXzZKub4uw7ulSXr9Yy0Oa + cuVL7kimrjQE/3RfZfU4sHzoZUioz3lmfD1tVz7dCTxTp/wlJlb/68sZRG6fS/vE + KXjTf4P7IccTb5UWj8XMXcIaFrZ29MiHW/SBVeiYUkJk9gx37hTffz9lFKPx7iAN + MTZrbrqgyo5ZjM/z17j+F4I9M9eXaxld6fysFsuLHGmsZSvOrUSem8Db0gjr6hIi + ryv2tktT3HOuwhtSD9LuSa8Fkht5eOK9xu9E2MZSPtJeASK9n4FBaX+29mdtsW3z + +W7z1+hI/rWA6wVbJr/3h7gn0Z72/AlTcGqMJnITx73cBZTib30oMGtWWZ5dRBGU + TUeLQF8E0j4W7JMC+pDSUI71mMksoD+ihysJ3If96w== + =tZQw + -----END PGP MESSAGE----- + fp: 966BC282A680D8BB3E8363E865933E76F0549B0D + - created_at: "2024-04-29T17:03:17Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DzfZC0UNQ1VgSAQdAIOqJfm6hMsqYmTZtTbI1akgjnyMqXpK39iBZNx+HtzEw + DFLS/aioTT3QTndbSCtv4zlh5GqlhfMZrstgWBNhta0g4gxifX9VKWG2PUns4RX3 + 0l4BO3JwpHIV23X56gt9/H94GtuebNOaoNRLW7WmqpclpLV9Z3gm9Q0FOBeUGCPX + JDYt0QL0rcqIGPAcxEgLcx42vxHtUWfGcYGBugRbKVQ1xiEPZUAZgYAC5WqeKne2 + =lE3W + -----END PGP MESSAGE----- + fp: AA5213AF261C1977AF38B03A94B473337258BFD5 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000000..8f6ca07e6d --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,13 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2024-04-29T16:25:51Z by kres ebc009d-dirty. + +creation_rules: + - age: age1xrpa9ujxxcj2u2gzfrzv8mxak4rts94a6y60ypurv6rs5cpr4e4sg95f0k + # order: Andrey, Noel, Artem, Utku, Dmitriy + pgp: >- + 15D5721F5F5BAF121495363EFE042E3D4085A811, + CC51116A94490FA6FB3C18EB2401FCAE863A06CA, + 4919F560F0D35F80CF382D76E084A2DF1143C14D, + 966BC282A680D8BB3E8363E865933E76F0549B0D, + AA5213AF261C1977AF38B03A94B473337258BFD5 \ No newline at end of file diff --git a/Makefile b/Makefile index 1575bff0ab..c780e3834e 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,6 @@ IMAGE_REGISTRY ?= $(REGISTRY) IMAGE_TAG ?= $(TAG)$(TAG_SUFFIX) BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD) REGISTRY_AND_USERNAME := $(IMAGE_REGISTRY)/$(USERNAME) -DOCKER_LOGIN_ENABLED ?= true NAME = Talos CLOUD_IMAGES_EXTRA_ARGS ?= "" @@ -22,6 +21,9 @@ PKGS_PREFIX ?= ghcr.io/siderolabs PKGS ?= v1.8.0-alpha.0-16-g9ebfd1b EXTRAS ?= v1.8.0-alpha.0-1-g01ad9f5 +KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest +CONFORMANCE_IMAGE ?= ghcr.io/siderolabs/conform:latest + PKG_FHS ?= $(PKGS_PREFIX)/fhs:$(PKGS) PKG_CA_CERTIFICATES ?= $(PKGS_PREFIX)/ca-certificates:$(PKGS) PKG_CRYPTSETUP ?= $(PKGS_PREFIX)/cryptsetup:$(PKGS) @@ -84,7 +86,6 @@ ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') TALOSCTL_DEFAULT_TARGET := talosctl-$(OPERATING_SYSTEM) TALOSCTL_EXECUTABLE := $(PWD)/$(ARTIFACTS)/$(TALOSCTL_DEFAULT_TARGET)-$(ARCH) INTEGRATION_TEST_DEFAULT_TARGET := integration-test-$(OPERATING_SYSTEM) -MODULE_SIG_VERIFY_DEFAULT_TARGET := module-sig-verify-$(OPERATING_SYSTEM) INTEGRATION_TEST_PROVISION_DEFAULT_TARGET := integration-test-provision-$(OPERATING_SYSTEM) # renovate: datasource=github-releases depName=kubernetes/kubernetes KUBECTL_VERSION ?= v1.30.1 @@ -403,7 +404,7 @@ talosctl-cni-bundle: ## Creates a compressed tarball that includes CNI bundle fo cloud-images: ## Uploads cloud images (AMIs, etc.) to the cloud registry. @docker run --rm -v $(PWD):/src -w /src \ -e TAG=$(TAG) -e ARTIFACTS=$(ARTIFACTS) -e ABBREV_TAG=$(ABBREV_TAG) \ - -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SVC_ACCT \ + -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY \ -e AZURE_SUBSCRIPTION_ID -e AZURE_CLIENT_ID -e AZURE_CLIENT_SECRET -e AZURE_TENANT_ID \ golang:$(GO_VERSION) \ ./hack/cloud-image-uploader.sh $(CLOUD_IMAGES_EXTRA_ARGS) @@ -456,9 +457,6 @@ $(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64: $(ARTIFACTS)/$(INTEGRATION_TEST_PROVISION_DEFAULT_TARGET)-amd64: @$(MAKE) local-$(INTEGRATION_TEST_PROVISION_DEFAULT_TARGET) DEST=$(ARTIFACTS) PLATFORM=linux/amd64 WITH_RACE=true NAME=Client -$(ARTIFACTS)/$(MODULE_SIG_VERIFY_DEFAULT_TARGET)-amd64: - @$(MAKE) local-$(MODULE_SIG_VERIFY_DEFAULT_TARGET) DEST=$(ARTIFACTS) PLATFORM=linux/amd64 - $(ARTIFACTS)/kubectl: @mkdir -p $(ARTIFACTS) @curl -L -o $(ARTIFACTS)/kubectl "$(KUBECTL_URL)" @@ -484,7 +482,7 @@ $(ARTIFACTS)/cilium: @curl -L "$(CILIUM_CLI_URL)" | tar xzf - -C $(ARTIFACTS) cilium @chmod +x $(ARTIFACTS)/cilium -external-artifacts: $(ARTIFACTS)/kubectl $(ARTIFACTS)/clusterctl $(ARTIFACTS)/kubestr $(ARTIFACTS)/helm $(ARTIFACTS)/cilium $(ARTIFACTS)/$(MODULE_SIG_VERIFY_DEFAULT_TARGET)-amd64 +external-artifacts: $(ARTIFACTS)/kubectl $(ARTIFACTS)/clusterctl $(ARTIFACTS)/kubestr $(ARTIFACTS)/helm $(ARTIFACTS)/cilium e2e-%: $(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64 external-artifacts ## Runs the E2E test for the specified platform (e.g. e2e-docker). @$(MAKE) hack-test-$@ \ @@ -497,8 +495,6 @@ e2e-%: $(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64 external-artifacts ARTIFACTS=$(ARTIFACTS) \ TALOSCTL=$(PWD)/$(ARTIFACTS)/$(TALOSCTL_DEFAULT_TARGET)-amd64 \ INTEGRATION_TEST=$(PWD)/$(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64 \ - MODULE_SIG_VERIFY=$(PWD)/$(ARTIFACTS)/$(MODULE_SIG_VERIFY_DEFAULT_TARGET)-amd64 \ - KERNEL_MODULE_SIGNING_PUBLIC_KEY=$(PWD)/$(ARTIFACTS)/signing_key.x509 \ SHORT_INTEGRATION_TEST=$(SHORT_INTEGRATION_TEST) \ CUSTOM_CNI_URL=$(CUSTOM_CNI_URL) \ KUBECTL=$(PWD)/$(ARTIFACTS)/kubectl \ @@ -526,9 +522,9 @@ provision-tests-track-%: REGISTRY=$(IMAGE_REGISTRY) \ ARTIFACTS=$(ARTIFACTS) -installer-with-extensions: $(ARTIFACTS)/extensions-metadata +installer-with-extensions: $(ARTIFACTS)/extensions/_out/extensions-metadata $(MAKE) image-installer \ - IMAGER_ARGS="--base-installer-image=$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG) $(shell cat $(ARTIFACTS)/extensions-metadata | grep -vE 'tailscale|xen-guest-agent|nvidia' | xargs -n 1 echo --system-extension-image)" + IMAGER_ARGS="--base-installer-image=$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG) $(shell cat $(ARTIFACTS)/extensions/_out/extensions-metadata | grep -vE 'tailscale|xen-guest-agent|nvidia' | xargs -n 1 echo --system-extension-image)" crane push $(ARTIFACTS)/installer-amd64.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-amd64-extensions echo -n "$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-amd64-extensions" | jq -Rs -f hack/test/extensions/extension-patch-filter.jq | yq eval ".[] | split_doc" -P > $(ARTIFACTS)/extensions-patch.yaml @@ -557,27 +553,27 @@ release-artifacts: # Utilities +.PHONY: rekres +rekres: + @docker pull $(KRES_IMAGE) + @docker run --rm --net=host --user $(shell id -u):$(shell id -g) -v $(PWD):/src -w /src -e GITHUB_TOKEN $(KRES_IMAGE) + .PHONY: conformance -conformance: ## Performs policy checks against the commit and source code. - docker run --rm -it -v $(PWD):/src -w /src ghcr.io/siderolabs/conform:latest enforce +conformance: + @docker pull $(CONFORMANCE_IMAGE) + @docker run --rm -it -v $(PWD):/src -w /src $(CONFORMANCE_IMAGE) enforce .PHONY: release-notes release-notes: ARTIFACTS=$(ARTIFACTS) ./hack/release.sh $@ $(ARTIFACTS)/RELEASE_NOTES.md $(TAG) -.PHONY: login -login: ## Logs in to the configured container registry. -ifeq ($(DOCKER_LOGIN_ENABLED), true) - @docker login --username "$(GHCR_USERNAME)" --password "$(GHCR_PASSWORD)" $(IMAGE_REGISTRY) -endif - -push: login ## Pushes the installer, imager, talos and talosctl images to the configured container registry with the generated tag. +push: ## Pushes the installer, imager, talos and talosctl images to the configured container registry with the generated tag. @$(MAKE) installer PUSH=true @$(MAKE) imager PUSH=true @$(MAKE) talos PUSH=true @$(MAKE) talosctl-image PUSH=true -push-%: login ## Pushes the installer, imager, talos and talosctl images to the configured container registry with the specified tag (e.g. push-latest). +push-%: ## Pushes the installer, imager, talos and talosctl images to the configured container registry with the specified tag (e.g. push-latest). @$(MAKE) push IMAGE_TAG=$* .PHONY: clean diff --git a/hack/test/e2e-aws-prepare.sh b/hack/test/e2e-aws-prepare.sh index 20d1f20d77..9e11932d72 100755 --- a/hack/test/e2e-aws-prepare.sh +++ b/hack/test/e2e-aws-prepare.sh @@ -19,16 +19,16 @@ function get_ami_id() { function cloud_image_upload_with_extensions() { case "${1}" in nvidia-oss) - EXTENSIONS=$(jq -R < _out/extensions-metadata | jq -rs 'map(select(. | contains("nvidia") and (contains("nvidia-fabricmanager") or contains("nonfree-kmod-nvidia") | not))) | .[] |= "--system-extension-image=" + . | join(" ")') + EXTENSIONS=$(jq -R < "${EXTENSIONS_METADATA_FILE}" | jq -rs 'map(select(. | contains("nvidia") and (contains("nvidia-fabricmanager") or contains("nonfree-kmod-nvidia") | not))) | .[] |= "--system-extension-image=" + . | join(" ")') ;; nvidia-oss-fabricmanager) - EXTENSIONS=$(jq -R < _out/extensions-metadata | jq -rs 'map(select(. | contains("nvidia") and (contains("nonfree-kmod-nvidia") | not))) | .[] |= "--system-extension-image=" + . | join(" ")') + EXTENSIONS=$(jq -R < "${EXTENSIONS_METADATA_FILE}" | jq -rs 'map(select(. | contains("nvidia") and (contains("nonfree-kmod-nvidia") | not))) | .[] |= "--system-extension-image=" + . | join(" ")') ;; - nvidia-proprietary) - EXTENSIONS=$(jq -R < _out/extensions-metadata | jq -rs 'map(select(. | contains("nvidia") and (contains("nvidia-fabricmanager") or contains("nvidia-open-gpu-kernel-modules") | not))) | .[] |= "--system-extension-image=" + . | join(" ")') + nvidia-nonfree) + EXTENSIONS=$(jq -R < "${EXTENSIONS_METADATA_FILE}" | jq -rs 'map(select(. | contains("nvidia") and (contains("nvidia-fabricmanager") or contains("nvidia-open-gpu-kernel-modules") | not))) | .[] |= "--system-extension-image=" + . | join(" ")') ;; - nvidia-proprietary-fabricmanager) - EXTENSIONS=$(jq -R < _out/extensions-metadata | jq -rs 'map(select(. | contains("nvidia") and (contains("nvidia-open-gpu-kernel-modules") | not))) | .[] |= "--system-extension-image=" + . | join(" ")') + nvidia-nonfree-fabricmanager) + EXTENSIONS=$(jq -R < "${EXTENSIONS_METADATA_FILE}" | jq -rs 'map(select(. | contains("nvidia") and (contains("nvidia-open-gpu-kernel-modules") | not))) | .[] |= "--system-extension-image=" + . | join(" ")') ;; *) ;; diff --git a/hack/test/e2e-cloud-tf.sh b/hack/test/e2e-cloud-tf.sh new file mode 100755 index 0000000000..1d0bc9424f --- /dev/null +++ b/hack/test/e2e-cloud-tf.sh @@ -0,0 +1,56 @@ +#!/usr/bin/env bash + +set -eou pipefail + +source ./hack/test/e2e.sh + +# This script is used to run the end-to-end tests on a cloud provider using Terraform. + +if [[ "${CI}" != "true" ]]; then + echo "This script is only meant to be run in CI." + exit 1 +fi + +BUCKET_NAME="talos-ci-e2e" + +cp "${TF_SCRIPT_DIR}/hack/backend-aws.tf" "${TF_SCRIPT_DIR}/examples/terraform/${TF_E2E_TEST_TYPE}/backend.tf" + +cp "${ARTIFACTS}/e2e-${TF_E2E_TEST_TYPE}-generated"/* "${TF_SCRIPT_DIR}/examples/terraform/${TF_E2E_TEST_TYPE}" + +terraform -chdir="${TF_SCRIPT_DIR}/examples/terraform/${TF_E2E_TEST_TYPE}" \ + init \ + -backend-config="bucket=${BUCKET_NAME}" \ + -backend-config="key=cloud-tf/${TF_E2E_TEST_TYPE}-${GITHUB_SHA}-terraform.tfstate" + +case "${TF_E2E_ACTION}" in + "apply") + terraform -chdir="${TF_SCRIPT_DIR}/examples/terraform/${TF_E2E_TEST_TYPE}" \ + apply \ + -auto-approve \ + -var-file="vars.json" + + terraform -chdir="${TF_SCRIPT_DIR}/examples/terraform/${TF_E2E_TEST_TYPE}" \ + output \ + -raw \ + talosconfig > "${ARTIFACTS}/e2e-${TF_E2E_TEST_TYPE}-talosconfig" + + terraform -chdir="${TF_SCRIPT_DIR}/examples/terraform/${TF_E2E_TEST_TYPE}" \ + output \ + -raw \ + kubeconfig > "${ARTIFACTS}/e2e-${TF_E2E_TEST_TYPE}-kubeconfig" + ;; + "destroy") + terraform -chdir="${TF_SCRIPT_DIR}/examples/terraform/${TF_E2E_TEST_TYPE}" \ + apply \ + -destroy \ + -auto-approve \ + -var-file="vars.json" \ + -refresh="${TF_E2E_REFRESH_ON_DESTROY:-true}" + + aws s3api delete-object --bucket "${BUCKET_NAME}" --key "cloud-tf/${TF_E2E_TEST_TYPE}-${GITHUB_SHA}-terraform.tfstate" + ;; + *) + echo "Unsupported action: ${TF_E2E_ACTION}" + exit 1 + ;; +esac diff --git a/hack/test/e2e-docker.sh b/hack/test/e2e-docker.sh index 9c8972928e..6c2f288300 100755 --- a/hack/test/e2e-docker.sh +++ b/hack/test/e2e-docker.sh @@ -17,11 +17,11 @@ function create_cluster { --image="${IMAGE}" \ --controlplanes=1 \ --workers=1 \ - --mtu=1450 \ + --mtu=1430 \ --memory=2048 \ --cpus=2.0 \ --with-init-node=false \ - ${REGISTRY_MIRROR_FLAGS} \ + "${REGISTRY_MIRROR_FLAGS[@]}" \ --crashdump "${TALOSCTL}" config node 10.5.0.2 diff --git a/hack/test/e2e-image-factory.sh b/hack/test/e2e-image-factory.sh index ee6b70c8d6..9225f073d5 100755 --- a/hack/test/e2e-image-factory.sh +++ b/hack/test/e2e-image-factory.sh @@ -48,7 +48,7 @@ function create_cluster { --controlplanes=3 \ --workers="${QEMU_WORKERS:-1}" \ --disk=15360 \ - --mtu=1450 \ + --mtu=1430 \ --memory=2048 \ --memory-workers="${QEMU_MEMORY_WORKERS:-2048}" \ --cpus="${QEMU_CPUS:-2}" \ diff --git a/hack/test/e2e-iso.sh b/hack/test/e2e-iso.sh index dd702308dd..103aaac81f 100755 --- a/hack/test/e2e-iso.sh +++ b/hack/test/e2e-iso.sh @@ -19,7 +19,7 @@ function create_cluster { --iso-path=${ARTIFACTS}/metal-amd64.iso \ --controlplanes=1 \ --workers=0 \ - --mtu=1450 \ + --mtu=1430 \ --memory=2048 \ --cpus=2.0 \ --cidr=172.20.2.0/24 \ @@ -27,7 +27,7 @@ function create_cluster { --install-image=${REGISTRY:-ghcr.io}/siderolabs/installer:${TAG} \ --cni-bundle-url=${ARTIFACTS}/talosctl-cni-bundle-'${ARCH}'.tar.gz \ --crashdump \ - ${REGISTRY_MIRROR_FLAGS} + "${REGISTRY_MIRROR_FLAGS[@]}" "${TALOSCTL}" config node "${NODE}" } diff --git a/hack/test/e2e-qemu.sh b/hack/test/e2e-qemu.sh index d655602cb2..10fb221d83 100755 --- a/hack/test/e2e-qemu.sh +++ b/hack/test/e2e-qemu.sh @@ -173,7 +173,7 @@ function create_cluster { --disk=15360 \ --extra-disks="${QEMU_EXTRA_DISKS:-0}" \ --extra-disks-size="${QEMU_EXTRA_DISKS_SIZE:-5120}" \ - --mtu=1450 \ + --mtu=1430 \ --memory=2048 \ --memory-workers="${QEMU_MEMORY_WORKERS:-2048}" \ --cpus="${QEMU_CPUS:-2}" \ diff --git a/hack/test/e2e.sh b/hack/test/e2e.sh index 7c245f41fd..824c25a517 100755 --- a/hack/test/e2e.sh +++ b/hack/test/e2e.sh @@ -12,8 +12,6 @@ # - ARTIFACTS # - TALOSCTL # - INTEGRATION_TEST -# - MODULE_SIG_VERIFY -# - KERNEL_MODULE_SIGNING_PUBLIC_KEY # - SHORT_INTEGRATION_TEST # - CUSTOM_CNI_URL # - KUBECTL @@ -108,7 +106,7 @@ function create_cluster_capi { # Wait for nodes to check in timeout=$(($(date +%s) + TIMEOUT)) - until ${KUBECTL} get nodes -o go-template='{{ len .items }}' | grep ${NUM_NODES} >/dev/null; do + until ${KUBECTL} get nodes -o go-template='{{ len .items }}' | grep "${NUM_NODES}" >/dev/null; do [[ $(date +%s) -gt $timeout ]] && exit 1 ${KUBECTL} get nodes -o wide && : sleep 10 @@ -210,7 +208,7 @@ function build_registry_mirrors { if [[ "${CI:-false}" == "true" ]]; then REGISTRY_MIRROR_FLAGS=() - for registry in docker.io registry.k8s.io quay.io gcr.io ghcr.io registry.dev.talos-systems.io; do + for registry in docker.io registry.k8s.io quay.io gcr.io ghcr.io; do local service="registry-${registry//./-}.ci.svc" addr=$(python3 -c "import socket; print(socket.gethostbyname('${service}'))") @@ -218,7 +216,7 @@ function build_registry_mirrors { done else # use the value from the environment, if present - REGISTRY_MIRROR_FLAGS=(${REGISTRY_MIRROR_FLAGS:-}) + REGISTRY_MIRROR_FLAGS=("${REGISTRY_MIRROR_FLAGS:-}") fi } diff --git a/hack/test/provision-tests.sh b/hack/test/provision-tests.sh index 678b9818fd..4b50506874 100755 --- a/hack/test/provision-tests.sh +++ b/hack/test/provision-tests.sh @@ -2,46 +2,45 @@ set -eoux pipefail +INTEGRATION_TEST_FLAGS=() + case "${CI:-false}" in true) - mirror_flag="" + MIRROR_FLAG=() - for registry in docker.io k8s.gcr.io registry.k8s.io quay.io gcr.io ghcr.io registry.dev.talos-systems.io; do + for registry in docker.io k8s.gcr.io registry.k8s.io quay.io gcr.io ghcr.io; do service="registry-${registry//./-}.ci.svc" - addr=`python3 -c "import socket; print(socket.gethostbyname('${service}'))"` - - if [[ ! -z "${mirror_flag}" ]]; then - mirror_flag="${mirror_flag}," - fi + addr=$(python3 -c "import socket; print(socket.gethostbyname('${service}'))") - mirror_flag="${mirror_flag}${registry}=http://${addr}:5000" + MIRROR_FLAG+=("${registry}=http://${addr}:5000") done - INTEGRATION_TEST_FLAGS="-talos.provision.target-installer-registry=${REGISTRY} -talos.provision.registry-mirror ${mirror_flag}" + MIRROR_FLAGS="${MIRROR_FLAG[*]}" + + INTEGRATION_TEST_FLAGS+=("-talos.provision.target-installer-registry=${REGISTRY}" "-talos.provision.registry-mirror=${MIRROR_FLAGS// /,}") ;; *) - INTEGRATION_TEST_FLAGS= ;; esac if [ "${INTEGRATION_TEST_RUN:-undefined}" != "undefined" ]; then - INTEGRATION_TEST_FLAGS="${INTEGRATION_TEST_FLAGS} -test.run ${INTEGRATION_TEST_RUN}" + INTEGRATION_TEST_FLAGS+=("-test.run=${INTEGRATION_TEST_RUN}") fi if [ "${INTEGRATION_TEST_TRACK:-undefined}" != "undefined" ]; then - INTEGRATION_TEST_FLAGS="${INTEGRATION_TEST_FLAGS} -talos.provision.cidr 172.$(( ${INTEGRATION_TEST_TRACK} + 21 )).0.0/24" + INTEGRATION_TEST_FLAGS+=("-talos.provision.cidr=172.$(( INTEGRATION_TEST_TRACK + 21 )).0.0/24") fi case "${CUSTOM_CNI_URL:-false}" in false) ;; *) - INTEGRATION_TEST_FLAGS="${INTEGRATION_TEST_FLAGS} -talos.provision.custom-cni-url=${CUSTOM_CNI_URL}" + INTEGRATION_TEST_FLAGS+=("-talos.provision.custom-cni-url=${CUSTOM_CNI_URL}") ;; esac "${INTEGRATION_TEST}" -test.v \ -talos.talosctlpath "${TALOSCTL}" \ - -talos.provision.mtu 1450 \ - -talos.provision.cni-bundle-url ${ARTIFACTS}/talosctl-cni-bundle-'${ARCH}'.tar.gz \ - ${INTEGRATION_TEST_FLAGS} + -talos.provision.mtu 1430 \ + -talos.provision.cni-bundle-url "${ARTIFACTS}/talosctl-cni-bundle-\${ARCH}.tar.gz" \ + "${INTEGRATION_TEST_FLAGS[@]}"