diff --git a/.github/workflows/e2e_libvirt.yaml b/.github/workflows/e2e_libvirt.yaml index 4670386fd..1ce435b5e 100644 --- a/.github/workflows/e2e_libvirt.yaml +++ b/.github/workflows/e2e_libvirt.yaml @@ -7,7 +7,7 @@ name: (Callable) libvirt e2e tests on: workflow_call: inputs: - qcow2_artifact: + podvm_image: required: true type: string install_directory_artifact: @@ -27,7 +27,7 @@ env: jobs: test: - runs-on: az-ubuntu-2204 + runs-on: ubuntu-latest steps: - name: Checkout Code uses: actions/checkout@v3 @@ -46,10 +46,12 @@ jobs: with: go-version: ${{ env.GO_VERSION }} - - uses: actions/download-artifact@v3 - with: - name: ${{ inputs.qcow2_artifact }} - path: podvm + - name: Extract qcow2 from ${{ inputs.podvm_image }} + run: | + qcow2=$(echo ${{ inputs.podvm_image }} | sed -e "s#.*/\(.*\):.*#\1.qcow2#") + ./hack/download-image.sh ${{ inputs.podvm_image }} . -o ${qcow2} + echo "PODVM_QCOW2=$(pwd)/${qcow2}" >> "$GITHUB_ENV" + working-directory: podvm - name: Get the install directory if: ${{ inputs.install_directory_artifact != '' }} @@ -154,7 +156,7 @@ jobs: export TEST_PROVISION="yes" export TEST_TEARDOWN="no" export TEST_PROVISION_FILE="$PWD/libvirt.properties" - export TEST_PODVM_IMAGE="${PWD}/podvm/${{ inputs.qcow2_artifact }}" + export TEST_PODVM_IMAGE="${{ env.PODVM_QCOW2 }}" export TEST_E2E_TIMEOUT="50m" make test-e2e diff --git a/.github/workflows/e2e_on_pull.yaml b/.github/workflows/e2e_on_pull.yaml index 270eb426e..ae1bd18e0 100644 --- a/.github/workflows/e2e_on_pull.yaml +++ b/.github/workflows/e2e_on_pull.yaml @@ -43,43 +43,31 @@ jobs: # Build the podvm images. # - # Currently it will not build the podvm, instead it downloads the qcow2 file - # from the built image. The file will be archived so that downstream jobs can - # just download the file on their runners. - podvm: - name: podvm + podvm_builder: needs: [authorize] - runs-on: ubuntu-latest - strategy: - fail-fast: true - matrix: - os: - - centos - - ubuntu - provider: - - generic - arch: - - amd64 - env: - registry: quay.io/confidential-containers - podvm_image: podvm-${{ matrix.provider }}-${{ matrix.os }}-${{ matrix.arch }} - qcow2: podvm-${{ matrix.provider }}-${{ matrix.os }}-${{ matrix.arch }}.qcow2 - steps: - - name: Checkout Code - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.event.pull_request.head.sha }} + uses: ./.github/workflows/podvm_builder.yaml + with: + caa_src_ref: ${{ github.event.pull_request.head.sha }} + registry: ghcr.io/${{ github.repository_owner }} + secrets: inherit - - name: Extract the podvm qcow2 - run: ./hack/download-image.sh ${{ env.registry }}/${{ env.podvm_image }} . -o ${{ env.qcow2 }} - working-directory: podvm + podvm_binaries: + needs: [podvm_builder] + uses: ./.github/workflows/podvm_binaries.yaml + with: + caa_src_ref: ${{ github.event.pull_request.head.sha }} + registry: ghcr.io/${{ github.repository_owner }} + builder_img_tag: ci-pr${{ github.event.number }} + secrets: inherit - - uses: actions/upload-artifact@v3 - with: - name: ${{ env.qcow2 }} - path: podvm/${{ env.qcow2 }} - retention-days: 1 + podvm: + needs: [podvm_binaries] + uses: ./.github/workflows/podvm.yaml + with: + caa_src_ref: ${{ github.event.pull_request.head.sha }} + registry: ghcr.io/${{ github.repository_owner }} + binaries_img_tag: ci-pr${{ github.event.number }} + secrets: inherit # Build and push the cloud-api-adaptor image # @@ -175,6 +163,6 @@ jobs: - amd64 uses: ./.github/workflows/e2e_libvirt.yaml with: - qcow2_artifact: podvm-${{ matrix.provider }}-${{ matrix.os }}-${{ matrix.arch }}.qcow2 + podvm_image: ghcr.io/${{ github.repository_owner }}/podvm-${{ matrix.provider }}-${{ matrix.os }}-${{ matrix.arch }}:ci-pr${{ github.event.number }} install_directory_artifact: install_directory git_ref: ${{ github.event.pull_request.head.sha }} \ No newline at end of file diff --git a/.github/workflows/podvm.yaml b/.github/workflows/podvm.yaml index 309059f44..c5db206bd 100644 --- a/.github/workflows/podvm.yaml +++ b/.github/workflows/podvm.yaml @@ -1,6 +1,19 @@ name: Create Pod VM Image on: workflow_call: + inputs: + binaries_img_tag: + default: 'latest' + required: false + type: string + caa_src_ref: + default: '' + required: false + type: string + registry: + default: 'quay.io/confidential-containers' + required: false + type: string jobs: build: @@ -27,6 +40,19 @@ jobs: steps: - name: Checkout Code uses: actions/checkout@v3 + with: + fetch-depth: 0 + ref: ${{ inputs.caa_src_ref }} + + - name: Read properties from versions.yaml + run: | + # There reference to CAA sources will honored if passed to this + # workflow via inputs. + caa_src_ref="${{ inputs.caa_src_ref }}" + [ -n "$caa_src_ref" ] || \ + caa_src_ref="$(yq '.git.cloud-api-adaptor.reference' versions.yaml)" + [ -n "$caa_src_ref" ] + echo "CAA_SRC_REF=${caa_src_ref}" >> $GITHUB_ENV #- name: Set up QEMU # uses: docker/setup-qemu-action@v2 @@ -37,16 +63,38 @@ jobs: - name: Login to Quay container Registry uses: docker/login-action@v2 with: + if: ${{ startsWith(inputs.registry, 'quay.io') }} registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_PASSWORD }} + - name: Login to Github Container Registry + if: ${{ startsWith(inputs.registry, 'ghcr.io') }} + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Determine image tags + run: | + event_name=${{ github.event_name }} + img="${{ inputs.registry }}/podvm-${{ matrix.provider }}-${{ matrix.os }}-${{ matrix.arch }}" + tags="" + + case "$event_name" in + release) + tags="${img}:latest,${img}:${{ github.sha }}" ;; + pull_request|pull_request_target) + tags="${img}:ci-pr${{ github.event.number }}" ;; + esac + + echo "IMG_TAGS=$tags" >> "$GITHUB_ENV" + - name: Build and push uses: docker/build-push-action@v3 with: - tags: | - quay.io/confidential-containers/podvm-${{ matrix.provider }}-${{ matrix.os }}-${{ matrix.arch }}:latest - quay.io/confidential-containers/podvm-${{ matrix.provider }}-${{ matrix.os }}-${{ matrix.arch }}:${{ github.sha }} + tags: ${{ env.IMG_TAGS }} push: true context: podvm platforms: linux/amd64 @@ -57,4 +105,5 @@ jobs: "ARCH=${{ matrix.arch }}" "UBUNTU_IMAGE_URL=" "UBUNTU_IMAGE_CHECKSUM=" - "BINARIES_IMG=quay.io/confidential-containers/podvm-binaries-${{ matrix.os }}-${{ matrix.arch }}" + "BINARIES_IMG=${{ inputs.registry }}/podvm-binaries-${{ matrix.os }}-${{ matrix.arch }}:${{ inputs.binaries_img_tag }}" + "CAA_SRC_REF=${{ env.CAA_SRC_REF }}" diff --git a/.github/workflows/podvm_binaries.yaml b/.github/workflows/podvm_binaries.yaml index 5bda907a2..52f142f7f 100644 --- a/.github/workflows/podvm_binaries.yaml +++ b/.github/workflows/podvm_binaries.yaml @@ -1,6 +1,19 @@ name: Create Pod VM Binaries Image on: workflow_call: + inputs: + builder_img_tag: + default: 'latest' + required: false + type: string + caa_src_ref: + default: '' + required: false + type: string + registry: + default: 'quay.io/confidential-containers' + required: false + type: string jobs: build: @@ -22,6 +35,19 @@ jobs: steps: - name: Checkout Code uses: actions/checkout@v3 + with: + fetch-depth: 0 + ref: ${{ inputs.caa_src_ref }} + + - name: Read properties from versions.yaml + run: | + # There reference to CAA sources will honored if passed to this + # workflow via inputs. + caa_src_ref="${{ inputs.caa_src_ref }}" + [ -n "$caa_src_ref" ] || \ + caa_src_ref="$(yq '.git.cloud-api-adaptor.reference' versions.yaml)" + [ -n "$caa_src_ref" ] + echo "CAA_SRC_REF=${caa_src_ref}" >> $GITHUB_ENV #- name: Set up QEMU # uses: docker/setup-qemu-action@v2 @@ -37,18 +63,40 @@ jobs: password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Quay container Registry + if: ${{ startsWith(inputs.registry, 'quay.io') }} uses: docker/login-action@v2 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_PASSWORD }} + - name: Login to Github Container Registry + if: ${{ startsWith(inputs.registry, 'ghcr.io') }} + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Determine image tags + run: | + event_name=${{ github.event_name }} + img="${{ inputs.registry }}/podvm-binaries-${{ matrix.os }}-${{ matrix.arch }}" + tags="" + + case "$event_name" in + release) + tags="${img}:latest,${img}:${{ github.sha }}" ;; + pull_request|pull_request_target) + tags="${img}:ci-pr${{ github.event.number }}" ;; + esac + + echo "IMG_TAGS=$tags" >> "$GITHUB_ENV" + - name: Build and push uses: docker/build-push-action@v3 with: - tags: | - quay.io/confidential-containers/podvm-binaries-${{ matrix.os }}-${{ matrix.arch }}:latest - quay.io/confidential-containers/podvm-binaries-${{ matrix.os }}-${{ matrix.arch }}:${{ github.sha }} + tags: ${{ env.IMG_TAGS }} push: true context: podvm platforms: linux/amd64 @@ -56,5 +104,7 @@ jobs: podvm/${{ matrix.dockerfile }} build-args: | "ARCH=${{ matrix.arch }}" + "BUILDER_IMG=${{ inputs.registry }}/podvm-builder-${{ matrix.os }}:${{ inputs.builder_img_tag }}" + "CAA_SRC_REF=${{ env.CAA_SRC_REF }}" "UBUNTU_IMAGE_URL=" "UBUNTU_IMAGE_CHECKSUM=" diff --git a/.github/workflows/podvm_builder.yaml b/.github/workflows/podvm_builder.yaml index 7a669d326..b9ecedfd3 100644 --- a/.github/workflows/podvm_builder.yaml +++ b/.github/workflows/podvm_builder.yaml @@ -1,6 +1,15 @@ name: Create Pod VM Builder Image on: workflow_call: + inputs: + caa_src_ref: + default: '' + required: false + type: string + registry: + default: 'quay.io/confidential-containers' + required: false + type: string jobs: build: @@ -23,6 +32,9 @@ jobs: steps: - name: Checkout Code uses: actions/checkout@v3 + with: + fetch-depth: 0 + ref: ${{ inputs.caa_src_ref }} - name: Read properties from versions.yaml run: | @@ -42,7 +54,11 @@ jobs: [ -n "$caa_src" ] echo "CAA_SRC=${caa_src}" >> $GITHUB_ENV - caa_src_ref="$(yq '.git.cloud-api-adaptor.reference' versions.yaml)" + # There reference to CAA sources will honored if passed to this + # workflow via inputs. + caa_src_ref="${{ inputs.caa_src_ref }}" + [ -n "$caa_src_ref" ] || \ + caa_src_ref="$(yq '.git.cloud-api-adaptor.reference' versions.yaml)" [ -n "$caa_src_ref" ] echo "CAA_SRC_REF=${caa_src_ref}" >> $GITHUB_ENV @@ -68,18 +84,40 @@ jobs: password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Quay container Registry + if: ${{ startsWith(inputs.registry, 'quay.io') }} uses: docker/login-action@v2 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_PASSWORD }} + - name: Login to Github Container Registry + if: ${{ startsWith(inputs.registry, 'ghcr.io') }} + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Determine image tags + run: | + event_name=${{ github.event_name }} + img="${{ inputs.registry }}/podvm-builder-${{ matrix.os }}" + tags="" + + case "$event_name" in + release) + tags="${img}:latest,${img}:${{ github.sha }}" ;; + pull_request|pull_request_target) + tags="${img}:ci-pr${{ github.event.number }}" ;; + esac + + echo "IMG_TAGS=$tags" >> "$GITHUB_ENV" + - name: Build and push uses: docker/build-push-action@v3 with: - tags: | - quay.io/confidential-containers/podvm-builder-${{ matrix.os }}:latest - quay.io/confidential-containers/podvm-builder-${{ matrix.os }}:${{ github.sha }} + tags: ${{ env.IMG_TAGS }} push: true context: podvm platforms: linux/amd64 diff --git a/.github/workflows/podvm_on_pull.yaml b/.github/workflows/podvm_on_pull.yaml new file mode 100644 index 000000000..db051a1bb --- /dev/null +++ b/.github/workflows/podvm_on_pull.yaml @@ -0,0 +1,30 @@ +name: podvm_on_pull +on: + workflow_dispatch: + +jobs: + podvm_builder: + uses: ./.github/workflows/podvm_builder.yaml + with: + #caa_src_ref: ${{ github.sha }} + caa_src_ref: ${{ github.ref }} + registry: ghcr.io/${{ github.repository_owner }} + secrets: inherit + podvm_binaries: + needs: [podvm_builder] + uses: ./.github/workflows/podvm_binaries.yaml + with: + #caa_src_ref: ${{ github.sha }} + caa_src_ref: ${{ github.ref }} + registry: ghcr.io/${{ github.repository_owner }} + builder_img_tag: ci-pr${{ github.event.number }} + secrets: inherit + podvm: + needs: [podvm_binaries] + uses: ./.github/workflows/podvm.yaml + with: + #caa_src_ref: ${{ github.sha }} + caa_src_ref: ${{ github.ref }} + registry: ghcr.io/${{ github.repository_owner }} + binaries_img_tag: ci-pr${{ github.event.number }} + secrets: inherit \ No newline at end of file diff --git a/README.md b/README.md index 86be81149..1f90077c0 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Introduction -This repository contains the implementation of Kata [remote hypervisor](https://github.com/kata-containers/kata-containers/tree/CCv0). +This repository contains the implementation of Kata Containers [remote hypervisor](https://github.com/kata-containers/kata-containers/tree/CCv0). Kata remote hypervisor enables creation of Kata VMs on any environment without requiring baremetal servers or nested virtualization support. diff --git a/podvm/Dockerfile.podvm b/podvm/Dockerfile.podvm index 84aecd59d..40fbeb8f2 100644 --- a/podvm/Dockerfile.podvm +++ b/podvm/Dockerfile.podvm @@ -35,7 +35,7 @@ RUN if [ -n "${CAA_SRC}" ]; then \ if [ -n "${CAA_SRC_REF}" ]; then \ cd cloud-api-adaptor && \ git fetch origin ${CAA_SRC_REF} && \ - git checkout FETCH_HEAD -b ${CAA_SRC_REF} ;\ + git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\ fi # Installs add-ons for foreign target, if required RUN ./cloud-api-adaptor/podvm/hack/cross-build-extras.sh diff --git a/podvm/Dockerfile.podvm.centos b/podvm/Dockerfile.podvm.centos index 81b48edec..f04e14603 100644 --- a/podvm/Dockerfile.podvm.centos +++ b/podvm/Dockerfile.podvm.centos @@ -33,7 +33,7 @@ RUN if [ -n "${CAA_SRC}" ]; then \ if [ -n "${CAA_SRC_REF}" ]; then \ cd cloud-api-adaptor && \ git fetch origin ${CAA_SRC_REF} && \ - git checkout FETCH_HEAD -b ${CAA_SRC_REF} ;\ + git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\ fi # Defaults to CentOS 8-stream x86_64 image. These variables can be overriden as needed diff --git a/podvm/Dockerfile.podvm.rhel b/podvm/Dockerfile.podvm.rhel index 353a9342c..9e3f87f84 100644 --- a/podvm/Dockerfile.podvm.rhel +++ b/podvm/Dockerfile.podvm.rhel @@ -31,7 +31,7 @@ RUN if [ -n "${CAA_SRC}" ]; then \ if [ -n "${CAA_SRC_REF}" ]; then \ cd cloud-api-adaptor && \ git fetch origin ${CAA_SRC_REF} && \ - git checkout FETCH_HEAD -b ${CAA_SRC_REF} ;\ + git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\ fi ARG IMAGE_URL="/tmp/rhel.qcow2" diff --git a/podvm/Dockerfile.podvm_binaries b/podvm/Dockerfile.podvm_binaries index 5fed2da51..925f6e6fd 100644 --- a/podvm/Dockerfile.podvm_binaries +++ b/podvm/Dockerfile.podvm_binaries @@ -32,7 +32,7 @@ RUN if [ -n "${CAA_SRC}" ]; then \ if [ -n "${CAA_SRC_REF}" ]; then \ cd cloud-api-adaptor && \ git fetch origin ${CAA_SRC_REF} && \ - git checkout FETCH_HEAD -b ${CAA_SRC_REF} ;\ + git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\ fi # Installs add-ons for foreign target, if required RUN ./cloud-api-adaptor/podvm/hack/cross-build-extras.sh diff --git a/podvm/Dockerfile.podvm_binaries.centos b/podvm/Dockerfile.podvm_binaries.centos index d33448302..f03b9bd54 100644 --- a/podvm/Dockerfile.podvm_binaries.centos +++ b/podvm/Dockerfile.podvm_binaries.centos @@ -32,7 +32,7 @@ RUN if [ -n "${CAA_SRC}" ]; then \ if [ -n "${CAA_SRC_REF}" ]; then \ cd cloud-api-adaptor && \ git fetch origin ${CAA_SRC_REF} && \ - git checkout FETCH_HEAD -b ${CAA_SRC_REF} ;\ + git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\ fi RUN cd cloud-api-adaptor/podvm && \ diff --git a/podvm/Dockerfile.podvm_binaries.rhel b/podvm/Dockerfile.podvm_binaries.rhel index 06c8786b2..cd0b7833e 100644 --- a/podvm/Dockerfile.podvm_binaries.rhel +++ b/podvm/Dockerfile.podvm_binaries.rhel @@ -32,7 +32,7 @@ RUN if [ -n "${CAA_SRC}" ]; then \ if [ -n "${CAA_SRC_REF}" ]; then \ cd cloud-api-adaptor && \ git fetch origin ${CAA_SRC_REF} && \ - git checkout FETCH_HEAD -b ${CAA_SRC_REF} ;\ + git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\ fi RUN cd cloud-api-adaptor/podvm && \ diff --git a/podvm/Dockerfile.podvm_builder b/podvm/Dockerfile.podvm_builder index 883706c71..13ef4db17 100644 --- a/podvm/Dockerfile.podvm_builder +++ b/podvm/Dockerfile.podvm_builder @@ -63,7 +63,15 @@ RUN echo $CAA_SRC RUN echo $CAA_SRC_REF -RUN git clone ${CAA_SRC} -b ${CAA_SRC_REF} cloud-api-adaptor +RUN if [ -n "${CAA_SRC}" ]; then \ + rm -rf cloud-api-adaptor && \ + git clone ${CAA_SRC} cloud-api-adaptor;\ + fi && \ + if [ -n "${CAA_SRC_REF}" ]; then \ + cd cloud-api-adaptor && \ + git fetch origin ${CAA_SRC_REF} && \ + git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\ + fi RUN git clone ${KATA_SRC} kata-containers RUN cd kata-containers && git checkout ${KATA_SRC_BRANCH} diff --git a/podvm/Dockerfile.podvm_builder.centos b/podvm/Dockerfile.podvm_builder.centos index 031b43e36..cb8f454fc 100644 --- a/podvm/Dockerfile.podvm_builder.centos +++ b/podvm/Dockerfile.podvm_builder.centos @@ -64,7 +64,15 @@ RUN echo $CAA_SRC RUN echo $CAA_SRC_REF -RUN git clone ${CAA_SRC} -b ${CAA_SRC_REF} cloud-api-adaptor +RUN if [ -n "${CAA_SRC}" ]; then \ + rm -rf cloud-api-adaptor && \ + git clone ${CAA_SRC} cloud-api-adaptor;\ + fi && \ + if [ -n "${CAA_SRC_REF}" ]; then \ + cd cloud-api-adaptor && \ + git fetch origin ${CAA_SRC_REF} && \ + git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\ + fi RUN git clone ${KATA_SRC} kata-containers RUN cd kata-containers && git checkout ${KATA_SRC_BRANCH} diff --git a/podvm/Dockerfile.podvm_builder.rhel b/podvm/Dockerfile.podvm_builder.rhel index d6eaea66f..b90a68b12 100644 --- a/podvm/Dockerfile.podvm_builder.rhel +++ b/podvm/Dockerfile.podvm_builder.rhel @@ -60,7 +60,15 @@ RUN echo $CAA_SRC RUN echo $CAA_SRC_REF -RUN git clone ${CAA_SRC} -b ${CAA_SRC_REF} cloud-api-adaptor +RUN if [ -n "${CAA_SRC}" ]; then \ + rm -rf cloud-api-adaptor && \ + git clone ${CAA_SRC} cloud-api-adaptor;\ + fi && \ + if [ -n "${CAA_SRC_REF}" ]; then \ + cd cloud-api-adaptor && \ + git fetch origin ${CAA_SRC_REF} && \ + git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\ + fi RUN git clone ${KATA_SRC} kata-containers RUN cd kata-containers && git checkout ${KATA_SRC_BRANCH}