github: Use Canonical runners for scheduled system tests #2122
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| schedule: | |
| - cron: '0 0 * * 0' # Weekly on Sunday at 00:00 UTC | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| CGO_CFLAGS: -I/home/runner/go/deps/dqlite/include/ | |
| CGO_LDFLAGS: -L/home/runner/go/deps/dqlite/.libs/ | |
| LD_LIBRARY_PATH: /home/runner/go/deps/dqlite/.libs/ | |
| CGO_LDFLAGS_ALLOW: (-Wl,-wrap,pthread_create)|(-Wl,-z,now) | |
| # Use a directory path for the cover files present on every system regardless of the used runner. | |
| GOCOVERDIR: ${{ ( github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' ) && '/tmp/cover' || '' }} | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| defaults: | |
| run: | |
| # Make sure bash is always invoked with `-eo pipefail` | |
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell | |
| shell: bash | |
| jobs: | |
| changes: | |
| name: Changes | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| except_docs: ${{ steps.filter.outputs.except_docs }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Check for changes | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| id: filter | |
| with: | |
| filters: | | |
| except_docs: | |
| # Match all changes except 'doc/**'. | |
| # If no files outside of 'doc/**' are changed except_docs is set to 'false'. | |
| - '!(doc/**)' | |
| code-tests: | |
| name: Code | |
| runs-on: ubuntu-22.04 | |
| needs: [changes] | |
| if: ${{ needs.changes.outputs.except_docs == 'true' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| # A non-shallow clone is needed for the Differential ShellCheck | |
| fetch-depth: 0 | |
| - name: Install Go | |
| uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Check compatibility with min Go version | |
| run: | | |
| set -eux | |
| GOMIN="$(sed -n 's/^GOMIN=\([0-9.]\+\)$/\1/p' Makefile)" | |
| go mod tidy -go="${GOMIN}" | |
| - name: Dependency Review | |
| uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 | |
| if: github.event_name == 'pull_request' | |
| - id: ShellCheck | |
| name: Differential ShellCheck | |
| uses: redhat-plumbers-in-action/differential-shellcheck@cc6721c45a8800cc666de45493545a07a638d121 # v5.4.0 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| strict-check-on-push: true | |
| if: github.event_name == 'pull_request' | |
| - name: Upload artifact with ShellCheck defects in SARIF format | |
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: Differential ShellCheck SARIF | |
| path: ${{ steps.ShellCheck.outputs.sarif }} | |
| if: github.event_name == 'pull_request' | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install --no-install-recommends -y pkg-config autoconf automake libtool make libuv1-dev libsqlite3-dev liblz4-dev | |
| - name: Build | |
| run: | | |
| make deps | |
| make build-test | |
| - name: Run static analysis | |
| run: make check-static | |
| - name: Make GOCOVERDIR | |
| run: mkdir -p "${GOCOVERDIR}" | |
| if: env.GOCOVERDIR != '' | |
| - name: Unit tests | |
| run: | | |
| set -eux | |
| make check-unit | |
| - name: Upload coverage data | |
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: coverage-unit | |
| path: ${{env.GOCOVERDIR}} | |
| if: env.GOCOVERDIR != '' | |
| - name: Upload system test dependencies | |
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: system-test-deps | |
| path: | | |
| /home/runner/go/bin/microcloud | |
| /home/runner/go/bin/microcloudd | |
| /home/runner/go/bin/dqlite | |
| retention-days: 1 | |
| system-tests-core: | |
| env: | |
| DEBUG: "1" | |
| SKIP_VM_LAUNCH: "1" | |
| SNAPSHOT_RESTORE: "1" | |
| name: System (core) | |
| runs-on: ubuntu-22.04 | |
| needs: code-tests | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Test suites that will be combined with the set versions. | |
| # Define this first in the matrix so that it's readable | |
| # after GitHub as formed the name for the respective check. | |
| suite: | |
| - "add" | |
| - "instances" | |
| - "basic" | |
| - "recover" | |
| - "interactive" | |
| - "mismatch" | |
| - "preseed" | |
| # Set of versions to use for the matrix tests. | |
| os: ["24.04"] | |
| microceph: ["latest/edge"] | |
| microovn: ["latest/edge"] | |
| lxd: ["5.21/edge"] | |
| microcloud: ["latest/edge"] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: System test | |
| uses: ./.github/actions/system-test | |
| with: | |
| github_runner: true | |
| system-tests-upgrade: | |
| env: | |
| DEBUG: "1" | |
| SKIP_VM_LAUNCH: "1" | |
| SNAPSHOT_RESTORE: "1" | |
| name: System (upgrade) | |
| runs-on: ubuntu-22.04 | |
| needs: code-tests | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| suite: ["upgrade"] | |
| os: | |
| - "22.04" | |
| - "24.04" | |
| microceph: | |
| - "reef/stable" | |
| - "quincy/stable" | |
| microovn: ["22.03/stable"] | |
| lxd: ["5.21/stable"] | |
| microcloud: ["1/stable"] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: System test | |
| uses: ./.github/actions/system-test | |
| with: | |
| github_runner: true | |
| system-tests-canonical: | |
| env: | |
| DEBUG: "1" | |
| SKIP_VM_LAUNCH: "1" | |
| SNAPSHOT_RESTORE: "1" | |
| name: System (Canonical) | |
| runs-on: self-hosted-linux-amd64-jammy-large | |
| needs: code-tests | |
| # Run the tests on the Canonical runners only when scheduled. | |
| if: ${{ github.event_name == 'schedule' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| suite: ["instances"] | |
| os: | |
| - "22.04" | |
| - "24.04" | |
| microceph: ["latest/edge"] | |
| microovn: ["latest/edge"] | |
| lxd: ["5.21/edge"] | |
| microcloud: ["latest/edge"] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: System test | |
| uses: ./.github/actions/system-test | |
| with: | |
| github_runner: false | |
| tics: | |
| name: Tiobe TICS | |
| runs-on: ubuntu-22.04 | |
| needs: [system-tests-core, system-tests-upgrade] | |
| if: ${{ ( github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' ) && github.ref_name == 'main' && github.repository == 'canonical/microcloud' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install Go | |
| uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
| with: | |
| go-version: 1.23.x | |
| - name: Download coverage data | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| pattern: coverage-* | |
| path: ${{env.GOCOVERDIR}} | |
| merge-multiple: true | |
| - name: Extract coverage data | |
| run: | | |
| find ${{ env.GOCOVERDIR }}/micro*/cover/ -type f -exec mv {} ${{ env.GOCOVERDIR }} \; | |
| rm -rf ${{ env.GOCOVERDIR }}/micro* | |
| ls -la ${{ env.GOCOVERDIR }} | |
| - name: Download system test dependencies | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: system-test-deps | |
| merge-multiple: true | |
| path: /home/runner/go/bin | |
| - name: Install dependencies | |
| run: | | |
| go install github.com/axw/gocov/gocov@latest | |
| go install github.com/AlekSi/gocov-xml@latest | |
| go install honnef.co/go/tools/cmd/staticcheck@latest | |
| - name: Convert coverage files | |
| run: | | |
| go tool covdata textfmt -i="${GOCOVERDIR}" -o "${GOCOVERDIR}"/coverage.out | |
| gocov convert "${GOCOVERDIR}"/coverage.out > "${GOCOVERDIR}"/coverage.json | |
| gocov-xml < "${GOCOVERDIR}"/coverage.json > "${GOCOVERDIR}"/coverage-go.xml | |
| go tool covdata percent -i="${GOCOVERDIR}" | |
| - name: Run TICS | |
| uses: tiobe/tics-github-action@03294702eb0a8e13c06ff1949c7bb6643b4c60fc # v3.2.1 | |
| with: | |
| mode: qserver | |
| project: microcloud | |
| viewerUrl: https://canonical.tiobe.com/tiobeweb/TICS/api/cfg?name=default | |
| branchdir: ${{ github.workspace }} | |
| ticsAuthToken: ${{ secrets.TICS_AUTH_TOKEN }} | |
| installTics: true | |
| calc: ALL | |
| tmpdir: /tmp/tics | |
| doc-tests: | |
| name: Documentation | |
| uses: canonical/documentation-workflows/.github/workflows/documentation-checks.yaml@main | |
| with: | |
| working-directory: './doc' | |
| makefile: 'Makefile' | |
| snap: | |
| name: Trigger snap edge build | |
| runs-on: ubuntu-22.04 | |
| needs: [code-tests, system-tests-core, system-tests-upgrade, doc-tests] | |
| if: ${{ github.repository == 'canonical/microcloud' && github.event_name == 'push' && github.actor != 'dependabot[bot]' }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Setup Launchpad SSH access | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| LAUNCHPAD_LXD_BOT_KEY: ${{ secrets.LAUNCHPAD_LXD_BOT_KEY }} | |
| run: | | |
| set -eux | |
| mkdir -m 0700 -p ~/.ssh/ | |
| ssh-agent -a "${SSH_AUTH_SOCK}" > /dev/null | |
| ssh-add - <<< "${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}" | |
| ssh-add -L > ~/.ssh/id_ed25519.pub | |
| # In ephemeral environments like GitHub Action runners, relying on TOFU isn't providing any security | |
| # so require the key obtained by `ssh-keyscan` to match the expected hash from https://help.launchpad.net/SSHFingerprints | |
| ssh-keyscan git.launchpad.net >> ~/.ssh/known_hosts | |
| ssh-keygen -qlF git.launchpad.net | grep -xF 'git.launchpad.net RSA SHA256:UNOzlP66WpDuEo34Wgs8mewypV0UzqHLsIFoqwe8dYo' | |
| - name: Install Go | |
| uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Trigger Launchpad snap build | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| TARGET: >- | |
| ${{ fromJson('{ | |
| "main": "latest-edge", | |
| "stable-5.0": "5.0-edge", | |
| }')[github.ref_name] }} | |
| run: | | |
| set -eux | |
| git config --global transfer.fsckobjects true | |
| git config --global user.name "Canonical LXD Bot" | |
| git config --global user.email "[email protected]" | |
| git config --global commit.gpgsign true | |
| git config --global gpg.format "ssh" | |
| git config --global user.signingkey ~/.ssh/id_ed25519.pub | |
| localRev="$(git rev-parse HEAD)" | |
| GOPROXY=direct go install github.com/canonical/lxd-ci/lxd-snapcraft@latest | |
| git clone -b "${TARGET}" git+ssh://[email protected]/~canonical-lxd/microcloud ~/microcloud-pkg-snap-lp | |
| cd ~/microcloud-pkg-snap-lp | |
| lxd-snapcraft -package microcloud -set-version "git-${localRev:0:7}" -set-source-commit "${localRev}" | |
| git add --all | |
| git commit --all --quiet -s --allow-empty -m "Automatic upstream build (${TARGET})" -m "Upstream commit: ${localRev}" | |
| git show | |
| git push --quiet |