tests: Do not 'fips-mode-setup' to enable FIPS on RHEL 10 #65
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Run integration tests in Testing Farm | |
on: | |
issue_comment: | |
types: | |
- created | |
permissions: | |
contents: read | |
# This is required for the ability to create/update the Pull request status | |
statuses: write | |
jobs: | |
prepare_vars: | |
name: Get info from role and PR to determine if and how to test | |
# The concurrency key is used to prevent multiple workflows from running at the same time | |
concurrency: | |
# group name contains reponame-pr_num to allow simualteneous runs in different PRs | |
group: testing-farm-${{ github.event.repository.name }}-${{ github.event.issue.number }} | |
cancel-in-progress: true | |
# Let's schedule tests only on user request. NOT automatically. | |
# Only repository owner or member can schedule tests | |
if: | | |
github.event.issue.pull_request | |
&& contains(github.event.comment.body, '[citest]') | |
&& (contains(fromJson('["OWNER", "MEMBER", "COLLABORATOR", "CONTRIBUTOR"]'), github.event.comment.author_association) | |
|| contains('systemroller', github.event.comment.user.login)) | |
runs-on: ubuntu-latest | |
outputs: | |
supported_platforms: ${{ steps.supported_platforms.outputs.supported_platforms }} | |
head_sha: ${{ steps.head_sha.outputs.head_sha }} | |
memory: ${{ steps.memory.outputs.memory }} | |
steps: | |
- name: Dump github context | |
run: echo "$GITHUB_CONTEXT" | |
shell: bash | |
env: | |
GITHUB_CONTEXT: ${{ toJson(github) }} | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Get head sha of the PR | |
id: head_sha | |
run: | | |
head_sha=$(gh api "repos/$REPO/pulls/$PR_NO" --jq '.head.sha') | |
echo "head_sha=$head_sha" >> $GITHUB_OUTPUT | |
env: | |
REPO: ${{ github.repository }} | |
PR_NO: ${{ github.event.issue.number }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Checkout PR | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ steps.head_sha.outputs.head_sha }} | |
- name: Get memory | |
id: memory | |
run: | | |
if [ -d tests/provision.fmf ]; then | |
memory=$(grep -rPo ' m: \K(.*)' tests/provision.fmf) | |
fi | |
if [ -n "$memory" ]; then | |
echo "memory=$memory" >> $GITHUB_OUTPUT | |
else | |
echo "memory=2048" >> $GITHUB_OUTPUT | |
fi | |
- name: Get supported platforms | |
id: supported_platforms | |
run: | | |
supported_platforms="" | |
meta_main=meta/main.yml | |
# All Fedora are supported, add latest Fedora versions to supported_platforms | |
if yq '.galaxy_info.galaxy_tags[]' "$meta_main" | grep -qi fedora$; then | |
supported_platforms+=" Fedora-39" | |
supported_platforms+=" Fedora-40" | |
fi | |
# Specific Fedora versions supported | |
if yq '.galaxy_info.galaxy_tags[]' "$meta_main" | grep -qiP 'fedora\d+$'; then | |
for fedora_ver in $(yq '.galaxy_info.galaxy_tags[]' "$meta_main" | grep -iPo 'fedora\K(\d+$)'); do | |
supported_platforms+=" Fedora-$fedora_ver" | |
done | |
fi | |
if yq '.galaxy_info.galaxy_tags[]' "$meta_main" | grep -qi el7; then | |
supported_platforms+=" CentOS-7-latest" | |
fi | |
for ver in 8 9 10; do | |
if yq '.galaxy_info.galaxy_tags[]' "$meta_main" | grep -qi el"$ver"; then | |
supported_platforms+=" CentOS-Stream-$ver" | |
fi | |
done | |
echo "supported_platforms=$supported_platforms" >> $GITHUB_OUTPUT | |
testing-farm: | |
name: ${{ matrix.platform }}/ansible-${{ matrix.ansible_version }} | |
needs: prepare_vars | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- platform: Fedora-39 | |
ansible_version: 2.17 | |
- platform: Fedora-40 | |
ansible_version: 2.17 | |
- platform: CentOS-7-latest | |
ansible_version: 2.9 | |
- platform: CentOS-Stream-8 | |
ansible_version: 2.9 | |
# On CentOS-Stream-8, latest supported Ansible is 2.16 | |
- platform: CentOS-Stream-8 | |
ansible_version: 2.16 | |
- platform: CentOS-Stream-9 | |
ansible_version: 2.17 | |
- platform: CentOS-Stream-10 | |
ansible_version: 2.17 | |
runs-on: ubuntu-latest | |
env: | |
ARTIFACTS_DIR_NAME: "tf_${{ github.event.repository.name }}-${{ github.event.issue.number }}_\ | |
${{ matrix.platform }}-${{ matrix.ansible_version }}_\ | |
${{ needs.prepare_vars.outputs.datetime }}/artifacts" | |
ARTIFACT_TARGET_DIR: /srv/pub/alt/${{ vars.LINUXSYSTEMROLES_USER }}/logs | |
steps: | |
- name: Set variables with DATETIME and artifact location | |
id: set_vars | |
run: | | |
printf -v DATETIME '%(%Y%m%d-%H%M%S)T' -1 | |
ARTIFACTS_DIR_NAME="tf_${{ github.event.repository.name }}-${{ github.event.issue.number }}_\ | |
${{ matrix.platform }}-${{ matrix.ansible_version }}_$DATETIME/artifacts" | |
ARTIFACTS_TARGET_DIR=/srv/pub/alt/${{ vars.LINUXSYSTEMROLES_USER }}/logs | |
ARTIFACTS_DIR=$ARTIFACTS_TARGET_DIR/$ARTIFACTS_DIR_NAME | |
ARTIFACTS_URL=https://dl.fedoraproject.org/pub/alt/${{ vars.LINUXSYSTEMROLES_USER }}/logs/$ARTIFACTS_DIR_NAME | |
echo "DATETIME=$DATETIME" >> $GITHUB_OUTPUT | |
echo "ARTIFACTS_DIR=$ARTIFACTS_DIR" >> $GITHUB_OUTPUT | |
echo "ARTIFACTS_URL=$ARTIFACTS_URL" >> $GITHUB_OUTPUT | |
- name: Set commit status as pending | |
if: contains(needs.prepare_vars.outputs.supported_platforms, matrix.platform) | |
uses: myrotvorets/set-commit-status-action@master | |
with: | |
sha: ${{ needs.prepare_vars.outputs.head_sha }} | |
status: pending | |
context: ${{ matrix.platform }}|ansible-${{ matrix.ansible_version }} | |
description: Test started | |
targetUrl: "" | |
- name: Set commit status as success with a description that platform is skipped | |
if: "!contains(needs.prepare_vars.outputs.supported_platforms, matrix.platform)" | |
uses: myrotvorets/set-commit-status-action@master | |
with: | |
sha: ${{ needs.prepare_vars.outputs.head_sha }} | |
status: success | |
context: ${{ matrix.platform }}|ansible-${{ matrix.ansible_version }} | |
description: The role does not support this platform. Skipping. | |
targetUrl: "" | |
- name: Run test in testing farm | |
uses: sclorg/testing-farm-as-github-action@v3 | |
if: contains(needs.prepare_vars.outputs.supported_platforms, matrix.platform) | |
with: | |
git_url: https://github.com/linux-system-roles/tft-tests | |
git_ref: main | |
pipeline_settings: '{ "type": "tmt-multihost" }' | |
environment_settings: '{ "provisioning": { "tags": { "BusinessUnit": "system_roles" } } }' | |
# Keeping ARTIFACTS_URL at the bottom makes the link in logs clickable | |
variables: "ANSIBLE_VER=${{ matrix.ansible_version }};\ | |
REPO_NAME=${{ github.event.repository.name }};\ | |
GITHUB_ORG=${{ github.repository_owner }};\ | |
PR_NUM=${{ github.event.issue.number }};\ | |
ARTIFACTS_DIR=${{ steps.set_vars.outputs.ARTIFACTS_DIR }};\ | |
TEST_LOCAL_CHANGES=false;\ | |
LINUXSYSTEMROLES_USER=${{ vars.LINUXSYSTEMROLES_USER }};\ | |
ARTIFACTS_URL=${{ steps.set_vars.outputs.ARTIFACTS_URL }}" | |
# Note that LINUXSYSTEMROLES_SSH_KEY must be single-line, TF doesn't read multi-line variables fine. | |
secrets: "LINUXSYSTEMROLES_DOMAIN=${{ secrets.LINUXSYSTEMROLES_DOMAIN }};\ | |
LINUXSYSTEMROLES_SSH_KEY=${{ secrets.LINUXSYSTEMROLES_SSH_KEY }}" | |
compose: ${{ matrix.platform }} | |
# There are two blockers for using public ranch: | |
# 1. multihost is not supported in public https://github.com/teemtee/tmt/issues/2620 | |
# 2. Security issue that leaks long secrets - Jira TFT-2698 | |
tf_scope: private | |
api_key: ${{ secrets.TF_API_KEY_RH }} | |
update_pull_request_status: false | |
tmt_hardware: '{ "memory": ">= ${{ needs.prepare_vars.outputs.memory }} MB" }' | |
tmt_plan_filter: "tag:general,storage" | |
- name: Set final commit status | |
uses: myrotvorets/set-commit-status-action@master | |
if: always() && contains(needs.prepare_vars.outputs.supported_platforms, matrix.platform) | |
with: | |
sha: ${{ needs.prepare_vars.outputs.head_sha }} | |
status: ${{ job.status }} | |
context: ${{ matrix.platform }}|ansible-${{ matrix.ansible_version }} | |
description: Test finished | |
targetUrl: ${{ steps.set_vars.outputs.ARTIFACTS_URL }} |