Extend internal GCP library to allow deleting Compute Node image and
instance. In addition provide function to load service account
credentials file content from the environment.
Change names used for GCP image and instance in `api.sh` integration
test to make them predictable. This is important, so that cloud-cleaner
can identify potentially left over resources and clean them up. Use the
same approach for generating predictable, but run-specific, test ID as
in GenerateCIArtifactName() from internal/test/helpers.go. Use SHA224
to generate a hash from the string, because it can contain characters
not allowed by GCP for resource name (specifically "_" e.g. in "x86_64").
SHA-224 was picked because it generates short enough output and it is
future proof for use in RHEL (unlike MD5 or SHA-1).
Refactor cloud-cleaner to clean up GCP resources and also to run cleanup
for each cloud in a separate goroutine.
Modify run_cloud_cleaner.sh to be able to run in environment in which
AZURE_CREDS is not defined.
Always run cloud-cleaner after integration tests for rhel8, rhel84 and
cs8, which test GCP.
Define DISTRO_CODE for each integration testing stage in Jenkinsfile.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
by defining the COMPOSE_URL environment variable! This will allow
testing more flavors of internal releases.
The rest is renaming files and variables to reflect the fact that
we're running tests against internal trees, not only nightlies.
Move the container build to the same phase as the RPM builds. This does not make a huge difference, but should
shave off about two minutes of total CI runtime.
Mockbuild using systemd-nspawn currently fails on Fedora 34. The
workaround is to use "simple" isolation method - the traditional
chroot() call.
Reported as: https://bugzilla.redhat.com/show_bug.cgi?id=1931452
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Refactor test/cases/api.sh to incorporate testing of cloudapi with
multiple cloud providers as the target. Since all variables in Bash are
by default global, don't declare them as empty in advance. The only
place where underclared variables can be potentially expanded are the
cleanup functions. Ensure that there are no unbound variables expanded
inside cleanup functions. Rename all AWS-specific variables to
contain "AWS_" prefix to make their purpose explicit.
Modify provision.sh to append the GCP credentials file path to the
worker configuration.
Add GCP api.sh test case to integration tests in Jenkins and run it only
if the appropriate GCP credentials environment variable is defined. Run
the GCP test case for RHEL images.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
We are gaining new ostree features that overlap to a great deal
with the current ones. We still need to keep the current features
for backwards compatibility, so add another test run that does the
same but using new API.
For now this simply uses the `url` parameter rather than `parent`
to build update commits. Further changes will be made in follow-up
commits.
Use `curl` rather than `composer-cli` as we have a chicken-and-egg
problem where we can't land this feature without tests, but
`composer-cli` can't add support for it without having it first in
`composer`.
https://github.com/osbuild/osbuild-composer/pull/1228 was merged with
a failing Schutzbot's pipeline. The failure is caused because `var` apparently
isn't a right Groovy syntax. Let's use the right word `def` instead.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
The image definition is shared with the latest RHEL 8.y one (8.4 currently).
I expect that we the introduction of 8.5 support, we point the centos 8
distro at it.
The test repositories and manifests use the official CentOS composes. From
what I can tell, they are persistent. This is not guaranteed though, so we
might need to switch to RPMRepo at some point.
The "classic" CentOS 8 should also be buildable but due to the chicken and egg
issue (this commit will get into Centos "8.4" but Centos "8.4" isn't a thing
yet), we cannot test it and therefore it might be broken.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
- even if they don't exist sometimes but ignore the errors
- make the nightly repository with a higher priority
- override rhel-8*.json files so that newly built images will
also consume the nightly content
because -tests.rpm isn't shipped with the distro the prepare
script downloads it from Brew, trying to match the same version
that exists in the actual nightly compose. Then prepares a repo on
S3 for the subsequent test jobs to use!
Use AWS_CREDS for ~/.s3cmd
- use detect_build_cause() funtion and set a global env.BUILD_CAUSE
variable for use in conditionals
- add a cron job trigger - this will work together with the
GitHub pull request trigger
- use conditional blocks for all steps we want to be executed
outside of cron jobs
- only EL8 jobs will be executed unconditionally, both in cron
and for PRs. The preparation stage for cron jobs makes sure to
use the same name for osbuild-mock.repo so that the jobs can
unstash it later!
We can now send webhook data to an SQS queue at AWS without signing the
request with credentials. This allows us to trigger Schutzbot from
forks and from branches on the main repository.
Signed-off-by: Major Hayden <major@redhat.com>
With our limited number of machines in OpenStack, we cannot run unlimited jobs
in parallel. When there's a lot of activity in the repository, there's a high
probability that a job must wait for a free VM for quite a long. In these cases,
tests commonly fail due to the timeout.
I decided to prolong the timeout to 12 hours. This should lower the amount of
these kinds of jobs.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
This changes the following:
- Only produce one container. There is no particular benefit to
supporting several different base containers, so unify on ubi
as that is what we need ourselves.
- Build directly from git. Now that the RPM we include in our
container does not have any dependencies and only contains a
couple of executables, the indirection via RPM has less value.
Eventually the value will be reduced even further as we merge
the entrypoint into the main binary and move dnf-json into the
worker, leaving us with only a go binary. The only potential
benefit might be that the build environment of RPMs is more
clearly defined, but there is no real reason to believe that
our mockbuild is any better than using the UBI golang build
container.
This simplifies the container builds, and brings us more in line
with what is done in image-builder, and what is needed to deploy
to openshift.
We do not yet build all our packages for aarch64, so this would
fall back on the RPMs in the repository. In `main` that seems to
work, as osbuild-composer exists in the base repositoires. Though
we obviously want to test the most recent commit, not the released
RPM, so this is maksing the problem.
As of this PR, the build would fail though: We are now build
UBI containers, where osbuild-composer does not exist, and we have
split the RPM into the new osbuild-composer-core, which does not
yet exist in any base repository.
koji and ansible are not in RHEL repositories. Depending on them breaks RHEL
gating (see OSCI-1541): It tries to build a custom image with -tests package
in it but in the build environment there's no EPEL.
This commit makes the RPM independent from EPEL. However, we still need koji
and ansible, so the provision script now enables EPEL and installs the packages
from there. This is not nice but we have to live with that until OSCI-1541 is
solved.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
koji-osbuild-tests depends on koji which is not available in RHEL. As we need
to get rid of EPEL from deploy.sh (see the following commit), we need a
mechanism to preinstall EPEL before koji-osbuild-tests is installed. This
commit introduces pre_install_packages to Schutzfile - a simple way to
install packages before ${PROJECT}-tests is installed.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Add a Dockerfile that creates a container based on Fedora with
osbuild-composer deployed. Create a suitable entrypoint that runs
osbuild-composer in the container and creates the required sockets
without systemd.
To test this, build the container via:
docker build ./containers/osbuild-composer
Then create your certificates in /etc/osbuild-composer/. Then run
composer with something like:
docker run --rm -v /etc/osbuild-composer:/etc/osbuild-composer <id>
(Where <id> is the container ID returned by `docker build`.)
All tests in /usr/libexec/tests/osbuild-composer should be able to run without
any arguments. This was not a case of libvirt.sh - it required two arguments
set by some Jenkinsfile logic.
This commit moves test/cases/libvirt.sh to tools/libvirt_test.sh and extracts
the logic controlling the test case from Jenkinsfile to test/cases/libvirt.sh.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
This commit enables:
- mockbuild for F33 aarch64
- base tests for F33 aarch64
- ami image test for F33 aarch64
This is mostly a MVP - enabling more tests would require more work than I have
a capacity for right now. Still, it gives us at least some coverage for
alt-arches. Most importantly, base tests build qcow2 and image tests build ami
so we have at least some trust that image building for aarch64 works.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
22c9f6a introduced a new environment variable to api.sh,
AWS_API_TEST_SHARE_ACCOUNT, but only set it in the RHEL 8 tests.
Seems like the corresponding branch was not rebased to a version which
already had those 8.4 tests:
https://github.com/osbuild/osbuild-composer/pull/1098
Generalize deploy.sh to allow setting up reverse dependency tests. Those
need the same setup for osbuild and osbuild-composer (i.e., the ones
under test), and in addition need the -tests package of the dependant
project.
Add test runs for koji-osbuild for all operating systems in Jenkinsfile.
Use a commit in koji-osbuild for which a repository was pushed to s3 in
the right format.
heredocs make control flow hard to read. Pull writing the repo file into
its own function and use it for setting up osbuild and osbuild-composer
repos.
x86_64 and aarch64 rhel 8.4 images support hybrid boot. qcow2 images are
now tested with both BIOS and UEFI boot. The Jenkinsfile now specifies
which boot type is supported when calling run_tests. For the qemu tests,
this boot type can be passed as an option so the test can boot using
UEFI.
In order to boot using uefi from a rhel machine, we must pass the --boot
uefi flag as well as tell libvirt where the variable store template is.
Since we are not testing secureboot, we must pass
nvram_template=/usr/share/edk2/ovmf/OVMF_VARS.fd to the --boot flag.
This is the location of our non-secureboot varstore template.
rhel 8.4 tests are added. The configs are based off of those used for
rhel 8.3. The Schutzbot Mockbuild, Base, Image, Integration, and OSTree
tests are added for 8.4. Repo overrides are added for the rhel 8.4 tests
so that the tests use rpmrepo snapshots.
The mockbuild uses the jenkins rhel84-nightly-repo credential to
override the rhel mock template's repos with rhel 8.4 nightly repos.
These repos are stored in a credential because they are internal links.
The image tests and koji tests need a special distro selector since the
rhel-8 test cases are only for rhel 8 versions less than 8.4. The rhel
8.4 tests are named with the rhel-84 pattern whereas the other rhel 8
versions have the rhel-8 pattern.
Also, instead of having only rhel-8 and rhel-8-beta repo configs for the
tests, we now have a specific repo config for each rhel release we test.
The repo is also now pulled from an rpmrepo snapshot. For whichever
distro is being tested, the approriate repo config will be copied to
/etc/osbuild-composer/repositories as rhel-8 and rhel-8-beta since this
is the naming osbuild-composer looks for. For testing purposes, the
rhel-8 and rhel-8-beta repo should be the same since eventually all rhel
releases will go from beta to not beta. The fedora repo overrides are
already done in tools/provision.sh so the rhel override is set there as
well. Currently, only rhel 8.4 requires an override.
Running `make srpm` on the host can have different results from building
the SRPM in mock.
Stop using the Makefile altogether for this, which is meant for
developer convenience only. The interface is clear: a tarball generated
from `git archive` and defining the `commit` variable. Less stuff to
install on the host, too.
To make sure we test against what we will release with, use osbuild from
the target distro rather than rebuilding it.
The only exception is in RHEL8.3, where we are not rebasing any longer,
but expect users who use new osbulid-composer from upstream to use it
with new osbuild from upstream too. In this case, use the RPM from
osbuild upstream, for now pinned to the same version as was in the
submodule.
This introduces a new configuration file: Schutzfile, which is meant
to contain the full test-matrix. For now it only points to the upstream
osbuild commit to add to the distro we are testing against (only relevant
for 8.3).
The submodule is now unused and is therefore removed. The produced repos
now only contain osbuild-composer, osbuild is never built as part of
osbuild-composer CI.
Signed-off-by: Tom Gundersen <teg@jklm.no>
