Skip to content

Commit

Permalink
Strict patch
Browse files Browse the repository at this point in the history
  • Loading branch information
ktsakalozos committed Aug 24, 2022
1 parent e1d115f commit 050b132
Show file tree
Hide file tree
Showing 10 changed files with 659 additions and 71 deletions.
87 changes: 74 additions & 13 deletions .github/workflows/build-snap.yml
Original file line number Diff line number Diff line change
@@ -1,12 +1,17 @@
name: Build MicroK8s snap on PR and push to master

on:
push:
branches:
- master
pull_request:
branches:
- master
- push
- pull_request

### While we work on the strict feature we want the tests to run even if we do put PRs against the master.
### When this work get merged into master the following should be commented in.
# push:
# branches:
# - master
# pull_request:
# branches:
# - master

jobs:
build:
Expand Down Expand Up @@ -47,24 +52,80 @@ jobs:
- name: Running upgrade path test
run: |
set -x
sudo -E UPGRADE_MICROK8S_FROM=latest/edge UPGRADE_MICROK8S_TO=`pwd`/`ls microk8s*.snap` pytest -s ./tests/test-upgrade-path.py
sudo snap remove microk8s --purge
- name: Running addons tests
# Remove the snapd refresh as soon as v2.52 lands
sudo snap refresh snapd --channel=latest/edge
- name: Check branches
run: |
set -x
(cd tests; pytest -s verify-branches.py)
- name: Running addons tests in strict mode
run: |
set -x
sudo snap install *.snap --classic --dangerous
sudo snap install microk8s.snap --dangerous
sudo ./tests/connect-all-interfaces.sh
./tests/smoke-test.sh
export UNDER_TIME_PRESSURE="True"
export SKIP_OPENEBS="True"
export SKIP_PROMETHEUS="False"
(cd tests; pytest -s verify-branches.py)
sudo -E bash -c "cd /var/snap/microk8s/common/addons/core/tests; pytest -s -ra test-addons.py"
sudo microk8s enable community
sudo -E bash -c "cd /var/snap/microk8s/common/addons/community/tests; pytest -s -ra test-addons.py"
grep -Po "Report tarball is at \K.+" |
sudo xargs -I {} mv {} inspection-report-strict-${{ strategy.job-index }}.tar.gz
sudo snap remove microk8s --purge
- name: Running upgrade tests
sudo rm -rf $HOME/.kube
sudo rm -rf $HOME/.config/helm
sudo dmesg | grep 'apparmor="DENIED"' > ./denials-${{ strategy.job-index }}.log
- name: Upload strict inspect tarball
uses: actions/upload-artifact@v2
with:
name: inspection-report-strict-actions
path: ./inspection-report-strict-${{ strategy.job-index }}.tar.gz
- name: Upload AppArmor denials
uses: actions/upload-artifact@v2
with:
name: apparmor-denials
path: ./denials-${{ strategy.job-index }}.log
- name: Running addons tests in devmode
run: |
set -x
sudo snap install *.snap --classic --dangerous
################ Until devmode of docker-support is fixed we skip this part of the tests #######
exit 0
sudo snap install microk8s.snap --devmode --dangerous
sudo ./tests/connect-all-interfaces.sh
./tests/smoke-test.sh
export UNDER_TIME_PRESSURE="True"
sudo -E bash -c "cd /var/snap/microk8s/common/addons/core/ ; UPGRADE_MICROK8S_FROM=latest/edge UPGRADE_MICROK8S_TO=`pwd`/`ls microk8s*.snap` pytest -s ./tests/test-upgrade.py"
export SKIP_OPENEBS="False"
export SKIP_PROMETHEUS="False"
(cd tests; sudo -E pytest -s -ra test-addons.py)
sudo microk8s inspect |
grep -Po "Report tarball is at \K.+" |
sudo xargs -I {} mv {} inspection-report-devmode-${{ strategy.job-index }}.tar.gz
sudo snap remove microk8s --purge
- name: Upload devmode inspect tarball
uses: actions/upload-artifact@v2
with:
name: inspection-report-devmode-actions
path: ./inspection-report-devmode-${{ strategy.job-index }}.tar.gz
- name: Generate AppArmor on failure
run: sudo dmesg | grep 'apparmor="DENIED"' > ./denials-${{ strategy.job-index }}.log
if: failure()
- name: Upload AppArmor denials failure
uses: actions/upload-artifact@v2
with:
name: apparmor-denials
path: ./denials-${{ strategy.job-index }}.log
if: failure()
- name: Generate inspect tarball
run: >
sudo microk8s inspect |
grep -Po "Report tarball is at \K.+" |
sudo xargs -I {} mv {} inspection-report-fail-${{ strategy.job-index }}.tar.gz
if: failure()
- name: Upload inspect tarball
uses: actions/upload-artifact@v2
with:
name: inspection-report-actions
path: ./inspection-report-fail-${{ strategy.job-index }}.tar.gz
if: failure()
9 changes: 8 additions & 1 deletion docs/build.md
Original file line number Diff line number Diff line change
Expand Up @@ -83,9 +83,16 @@ lxc file pull test-build/root/microk8s/microk8s_v1.9.6_amd64.snap .
After copying it, you can install it with:

```shell
snap install microk8s_*_amd64.snap --classic --dangerous
sudo snap install microk8s_latest_amd64.snap --dangerous
```

Finally, you need to connect the interfaces. To this end you can use the `connect-all-interfaces.sh` under the `tests` directory:

```shell
sudo tests/connect-all-interfaces.sh
```


## Assembling the Calico CNI manifest

The calico CNI manifest can be found under `upgrade-scripts/000-switch-to-calico/resources/calico.yaml`.
Expand Down
2 changes: 1 addition & 1 deletion scripts/wrappers/common/cluster/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ def try_set_file_permissions(file):

os.chmod(file, 0o660)
try:
shutil.chown(file, group="microk8s")
shutil.chown(file, group="snap_microk8s")
except LookupError:
# not setting the group means only the current user can access the file
pass
Expand Down
Loading

0 comments on commit 050b132

Please sign in to comment.