Skip to content

Oracular update for apt-hook #4473

Oracular update for apt-hook

Oracular update for apt-hook #4473

---
name: CI (integration)
on:
pull_request:
# Cancel any in-progress job or run
concurrency:
group: 'ci-${{ github.workflow }}-${{ github.ref }}'
cancel-in-progress: true
defaults:
run:
shell: sh -ex {0}
jobs:
check-secrets:
name: Check secrets
uses: ./.github/workflows/check-secrets-available.yaml
secrets:
SECRET_TO_CHECK: '${{ secrets.PYCLOUDLIB_CONFIG_CONTENTS }}'
package-builds:
name: Packaging
needs: check-secrets
if: ${{ needs.check-secrets.outputs.has-secrets == 'true' }}
runs-on: ubuntu-22.04
strategy:
matrix:
release: ['xenial', 'bionic', 'focal', 'jammy', 'noble']
steps:
- name: Prepare build tools
env:
DEBFULLNAME: GitHub CI Auto Builder
DEBEMAIL: [email protected]
run: |
sudo DEBIAN_FRONTEND=noninteractive apt-get -qy update
sudo DEBIAN_FRONTEND=noninteractive apt-get -qy install --no-install-recommends sbuild schroot ubuntu-dev-tools debootstrap git-buildpackage
sudo sbuild-adduser $USER
cp /usr/share/doc/sbuild/examples/example.sbuildrc /home/$USER/.sbuildrc
- name: Git checkout
uses: actions/checkout@v3
- name: Build package
env:
DEBFULLNAME: GitHub CI Auto Builder
DEBEMAIL: [email protected]
run: |
gbp dch --ignore-branch --snapshot --distribution=${{ matrix.release }}
dch --local=~${{ matrix.release }} ""
if [ \"${{ matrix.release }}\" = \"noble\" ]; then # TODO update this for the new devel after noble is released
SKIP_PROPOSED=""
else
SKIP_PROPOSED="--skip-proposed"
fi
sg sbuild -c "mk-sbuild $SKIP_PROPOSED ${{ matrix.release }}"
sg sbuild -c "sbuild --dist='${{ matrix.release }}' --resolve-alternatives --no-clean-source --nolog --verbose --no-run-lintian --build-dir='${{ runner.temp }}'"
mv ../*.deb '${{ runner.temp }}' # Workaround for Debbug: #990734, drop in Jammy
- name: Archive debs as artifacts
uses: actions/upload-artifact@v4
with:
name: 'ci-debs-${{ matrix.release }}'
path: '${{ runner.temp }}/*.deb'
retention-days: 3
integration-tests:
name: Integration
needs: package-builds
runs-on: ${{ matrix.host_os }}
strategy:
# Disable fail-fast as these jobs are slow, so we want to extract
# as much information as possible from them.
fail-fast: false
matrix:
release: ['bionic', 'focal', 'jammy', 'noble']
platform: ['lxd-container']
host_os: ['ubuntu-22.04']
include:
# xenial lxd containers dont work on hosts >20.04
- release: xenial
platform: lxd-container
host_os: ubuntu-20.04
- release: bionic
platform: aws.pro
host_os: ubuntu-22.04
- release: bionic
platform: gcp.pro
host_os: ubuntu-22.04
- release: bionic
platform: aws.pro-fips
host_os: ubuntu-22.04
- release: focal
platform: lxd-vm
host_os: ubuntu-22.04
steps:
- name: Prepare test tools
run: |
sudo DEBIAN_FRONTEND=noninteractive apt-get -qy update
sudo DEBIAN_FRONTEND=noninteractive apt-get -qy install tox distro-info
sudo adduser $USER lxd
# Jammy GH Action runners have docker installed, which edits iptables
# in a way that is incompatible with lxd.
# https://linuxcontainers.org/lxd/docs/master/howto/network_bridge_firewalld/#prevent-issues-with-lxd-and-docker
sudo iptables -I DOCKER-USER -j ACCEPT
- name: Refresh LXD
if: matrix.platform == 'lxd-container' || matrix.platform == 'lxd-vm'
run: sudo snap refresh --channel latest/stable lxd
- name: Initialize LXD
if: matrix.platform == 'lxd-container' || matrix.platform == 'lxd-vm'
run: sudo lxd init --auto
- name: Git checkout
uses: actions/checkout@v3
- name: Retrieve debs
uses: actions/[email protected]
with:
name: 'ci-debs-${{ matrix.release }}'
path: '${{ runner.temp }}'
- name: Canonicalize deb filenames
working-directory: '${{ runner.temp }}'
run: |
ln -s ubuntu-advantage-tools*.deb ubuntu-advantage-tools-${{ matrix.release }}.deb
ln -s ubuntu-advantage-pro*.deb ubuntu-advantage-pro-${{ matrix.release }}.deb
- name: Behave
env:
PYCLOUDLIB_CONFIG_CONTENTS: '${{ secrets.PYCLOUDLIB_CONFIG_CONTENTS }}'
GOOGLE_APPLICATION_CREDENTIALS_CONTENTS: '${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_CONTENTS }}'
SSH_PRIVATE_KEY: '${{ secrets.SSH_PRIVATE_KEY }}'
SSH_PUBLIC_KEY: '${{ secrets.SSH_PUBLIC_KEY }}'
UACLIENT_BEHAVE_DEBS_PATH: '${{ runner.temp }}'
UACLIENT_BEHAVE_ARTIFACT_DIR: '${{ runner.temp }}/artifacts/behave-${{ matrix.platform }}-${{ matrix.release }}'
UACLIENT_BEHAVE_SNAPSHOT_STRATEGY: '1'
UACLIENT_BEHAVE_INSTALL_FROM: 'prebuilt'
UACLIENT_BEHAVE_CONTRACT_TOKEN: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN }}'
UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING }}'
UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING_EXPIRED: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING_EXPIRED }}'
UACLIENT_BEHAVE_LANDSCAPE_REGISTRATION_KEY: '${{ secrets.UACLIENT_BEHAVE_LANDSCAPE_REGISTRATION_KEY }}'
UACLIENT_BEHAVE_LANDSCAPE_API_ACCESS_KEY: '${{ secrets.UACLIENT_BEHAVE_LANDSCAPE_API_ACCESS_KEY }}'
UACLIENT_BEHAVE_LANDSCAPE_API_SECRET_KEY: '${{ secrets.UACLIENT_BEHAVE_LANDSCAPE_API_SECRET_KEY }}'
run: |
PYCLOUDLIB_CONFIG="$(mktemp --tmpdir="${{ runner.temp }}" pycloudlib.toml.XXXXXXXXXX)"
GCE_CREDENTIALS_PATH="$(mktemp --tmpdir="${{ runner.temp }}" gcloud.json.XXXXXXXXXX)"
export PYCLOUDLIB_CONFIG
export GCE_CREDENTIALS_PATH
# Dump secrets using a subshell to avoid leaks due to xtrace.
# Use printf as dash's echo always interpretes control sequences (e.g. \n).
sh -c 'printf "%s\n" "$PYCLOUDLIB_CONFIG_CONTENTS" > "$PYCLOUDLIB_CONFIG"'
sh -c 'printf "%s\n" "$GOOGLE_APPLICATION_CREDENTIALS_CONTENTS" > "$GCE_CREDENTIALS_PATH"'
# SSH keys (should match what specified in pycloudlib.toml)
mkdir -p ~/.ssh
touch ~/.ssh/cloudinit_id_rsa
chmod 600 ~/.ssh/cloudinit_id_rsa
sh -c 'printf "%s\n" "$SSH_PRIVATE_KEY" > ~/.ssh/cloudinit_id_rsa'
sh -c 'printf "%s\n" "$SSH_PUBLIC_KEY" > ~/.ssh/cloudinit_id_rsa.pub'
sg lxd -c "tox -e behave -- -D machine_types=${{ matrix.platform }} -D releases=${{ matrix.release }} --tags=-slow --tags=-upgrade --tags=-no_gh --tags=-vpn"
- name: Archive test artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: 'ci-behave-${{ matrix.release }}'
path: '${{ runner.temp }}/artifacts/behave*'
retention-days: 7