Skip to content

Use security.devlxd.images with VMs where applicable (#305) #569

Use security.devlxd.images with VMs where applicable (#305)

Use security.devlxd.images with VMs where applicable (#305) #569

Workflow file for this run

name: Tests
on:
push:
pull_request:
schedule:
- cron: '38 6 * * *'
workflow_dispatch:
inputs:
ubuntu-releases:
description: List of Ubuntu releases to run the tests against. In JSON format, i.e. '["22.04", "24.04"]'.
type: string
default: '["20.04", "22.04", "24.04"]'
snap-tracks:
description: List of snap tracks to run the tests. In JSON format, i.e. '["latest/stable", "5.0/candidate"]'.
type: string
default: '["latest/edge"]'
self-hosted-runner:
type: boolean
description: Whether to use self-hosted runners to run the jobs.
default: false
tmate-debug:
description: Use tmate debugging session on integration test failure.
type: boolean
default: false
tmate-timeout:
description: Timeout in minutes to keep tmate debugging session.
type: number
default: 30
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
# XXX: scheduled runs should not cancel manually triggered ones
cancel-in-progress: ${{ !contains(github.event_name, 'schedule')}}
defaults:
run:
# Make sure bash is always invoked with `-eo pipefail`
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell
shell: bash
jobs:
code-tests:
name: Code
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# A non-shallow clone is needed for the Differential ShellCheck
fetch-depth: 0
- name: yamllint
uses: ibiqlik/action-yamllint@v3
with:
file_or_dir: .github/workflows/
- id: ShellCheck
name: Differential ShellCheck
uses: redhat-plumbers-in-action/differential-shellcheck@v5
with:
token: ${{ secrets.GITHUB_TOKEN }}
strict-check-on-push: true
if: github.event_name == 'pull_request'
- name: Upload artifact with ShellCheck defects in SARIF format
uses: actions/upload-artifact@v4
with:
name: Differential ShellCheck SARIF
path: ${{ steps.ShellCheck.outputs.sarif }}
if: github.event_name == 'pull_request'
system-tests:
env:
PURGE_LXD: "1"
name: ${{ matrix.test }} (${{ matrix.track }} - ${{ matrix.os }})
runs-on: ubuntu-${{ matrix.os }}
permissions:
# need that to manipulate caches
actions: write
strategy:
fail-fast: false
matrix:
os: ${{ fromJSON(inputs.ubuntu-releases || '["20.04", "22.04", "24.04"]') }}
track: ${{ fromJSON(inputs.snap-tracks || '["latest/edge", "5.21/edge", "5.0/edge", "4.0/edge"]') }}
test:
- cgroup
- cluster
- container
- container-copy
- conversion
- cpu-vm
- devlxd-container
- devlxd-vm
- docker
- efi-vars-editor-vm
- interception
- network-bridge-firewall
- network-ovn
- network-routed
- pylxd
- snapd
- storage-buckets
- storage-disks-vm
- "storage-vm btrfs"
- "storage-vm ceph"
- "storage-vm dir"
- "storage-vm lvm"
- "storage-vm lvm-thin"
- "storage-vm zfs"
- storage-volumes-vm
- tpm-vm
- vm
- vm-migration
- vm-nesting
include:
- test: qemu-external-vm
track: "latest/edge"
os: "24.04"
exclude:
# not compatible with 4.0/*
- test: container-copy
track: "4.0/edge"
- test: conversion
track: "4.0/edge"
- test: cpu-vm
track: "4.0/edge"
- test: devlxd-vm
track: "4.0/edge"
- test: efi-vars-editor-vm
track: "4.0/edge"
- test: network-bridge-firewall
os: 20.04
track: "4.0/edge"
- test: network-ovn
track: "4.0/edge"
# https://github.com/canonical/pylxd/issues/590
- test: pylxd
track: "4.0/edge"
- test: storage-buckets
track: "4.0/edge"
- test: storage-disks-vm
track: "4.0/edge"
- test: "storage-vm dir"
track: "4.0/edge"
- test: "storage-vm btrfs"
track: "4.0/edge"
- test: "storage-vm ceph"
track: "4.0/edge"
- test: "storage-vm lvm"
track: "4.0/edge"
- test: "storage-vm lvm-thin"
track: "4.0/edge"
- test: "storage-vm zfs"
track: "4.0/edge"
- test: storage-volumes-vm
track: "4.0/edge"
- test: tpm-vm
track: "4.0/edge"
# not compatible with 5.0/*
- test: efi-vars-editor-vm # not compatible with 5.0/*
track: "5.0/edge"
# waiting for integration with microceph
- test: "storage-vm ceph"
# skip track/os combinaisons that are too far appart
- track: "4.0/edge"
os: "24.04"
- track: "5.0/edge"
os: "24.04"
- track: "5.0/edge"
os: "20.04"
- track: "5.21/edge"
os: "20.04"
- track: "latest/edge"
os: "20.04"
- track: "latest/edge"
os: "22.04"
- test: "vm-migration"
track: "4.0/edge"
- test: "vm-migration"
track: "5.0/edge"
steps:
- name: Performance tuning
run: |
set -eux
# optimize ext4 FSes for performance, not reliability
for fs in $(findmnt --noheading --type ext4 --list --uniq | awk '{print $1}'); do
# nombcache and data=writeback cannot be changed on remount
sudo mount -o remount,noatime,barrier=0,commit=6000 "${fs}" || cat /proc/self/mountinfo
done
# disable dpkg from calling sync()
echo "force-unsafe-io" | sudo tee /etc/dpkg/dpkg.cfg.d/force-unsafe-io
- name: Reclaim some space (storage tests only)
if: ${{ startsWith(matrix.test, 'storage') || matrix.test == 'vm-nesting' || matrix.test == 'conversion' }}
run: |
set -eux
df -h
sudo snap remove lxd --purge
# Purge older snap revisions that are disabled/superseded by newer revisions of the same snap
snap list --all | while read -r name _ rev _ _ notes _; do
[[ "${notes}" =~ disabled$ ]] && sudo snap remove "${name}" --revision "${rev}" --purge
done || true
# Remove leftover home directories
sudo rm -rf /home/linuxbrew /home/runneradmin
# Remove unneeded directories
sudo rm -rf /opt/google/chrome
sudo rm -rf /opt/hostedtoolcache/CodeQL /opt/hostedtoolcache/PyPy /opt/hostedtoolcache/Python
sudo rm -rf /opt/microsoft/msedge /opt/microsoft/msodbcsql* /opt/microsoft/powershell
sudo rm -rf /root/.sbt
# This was inspired from https://github.com/easimon/maximize-build-space
df -h
# dotnet
sudo rm -rf /usr/share/dotnet
# android
sudo rm -rf /usr/local/lib/android
# haskell
sudo rm -rf /opt/ghc
df -h
- name: Remove docker
run: |
set -eux
sudo apt-get autopurge -y containerd.io docker-ce podman uidmap
sudo ip link delete docker0
sudo nft flush ruleset || sudo iptables -I DOCKER-USER -j ACCEPT
- name: Checkout
uses: actions/checkout@v4
# needed for cache key
- name: Get Date
id: get-date
if: ${{ matrix.test == 'qemu-external-vm' }}
run: |
echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
shell: bash
# for simplicity, just use one cache directory
# and make it valid for one day
- uses: actions/cache/restore@v4
id: cache-restore
if: ${{ matrix.test == 'qemu-external-vm' }}
with:
path: /home/runner/work/cache
key: cache-${{ steps.get-date.outputs.date }}
- name: ${{ matrix.test }} (${{ matrix.track }})
run: |
set -eux
# XXX: prevent accidental usage of `images:` in CI test jobs.
# All tests should be done using officially supported images.
echo '127.0.0.1 images.lxd.canonical.com' | sudo tee /etc/hosts
TEST_SCRIPT="$(echo ${{ matrix.test }} | cut -d " " -f 1)"
EXTRA_ARGS="$(echo ${{ matrix.test }} | cut -d " " -f 2- --only-delimited)"
if [ "${TEST_SCRIPT}" = "cluster" ]; then
dst_track="${{ matrix.track }}"
src_track="$(echo "${dst_track}" | cut -d/ -f1)/stable"
EXTRA_ARGS="${EXTRA_ARGS:-3} ${src_track} ${{ matrix.track }}"
fi
sudo --preserve-env=PURGE_LXD,TEST_IMG ./bin/local-run "tests/${TEST_SCRIPT}" ${{ matrix.track }} ${EXTRA_ARGS:-}
# always update cache as we have our own logic of
# cache invalidation and updates in addition to a date check
- name: Delete previous cache
if: ${{ steps.cache-restore.outputs.cache-hit }}
continue-on-error: true
run: |
gh extension install actions/gh-actions-cache
gh actions-cache delete "cache-${{ steps.get-date.outputs.date }}" --confirm
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/cache/save@v4
if: ${{ matrix.test == 'qemu-external-vm' }}
with:
path: /home/runner/work/cache
key: cache-${{ steps.get-date.outputs.date }}
- name: Tmate debugging session (self-hosted)
if: ${{ failure() && inputs.tmate-debug && inputs.self-hosted-runner }}
uses: canonical/action-tmate@main
timeout-minutes: ${{ inputs.tmate-timeout }}
- name: Tmate debugging session (gh-hosted)
if: ${{ failure() && inputs.tmate-debug && !inputs.self-hosted-runner }}
uses: mxschmitt/action-tmate@v3
timeout-minutes: ${{ inputs.tmate-timeout }}