Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate reports for OEM and base sysext images, allow reports against last nightly #1169

Merged
merged 32 commits into from
Nov 24, 2023
Merged

Generate reports for OEM and base sysext images, allow reports against last nightly #1169

merged 32 commits into from
Nov 24, 2023

Conversation

krnowak
Copy link
Member

@krnowak krnowak commented Sep 22, 2023
edited
Loading

Needs flatcar/flatcar-build-scripts#149 first. Tested locally.
Needs flatcar/flatcar-build-scripts#153 now.

This does mostly two things:

  • Image changes job prints the changes reports for each of the OEM sysext image and base sysexts too.
  • Image changes job can print the changes reports against previous nightly.

@pothos
Copy link
Member

pothos commented Sep 25, 2023
edited
Loading

Would be good to have a Jenkins and GA run for that

@github-actions
Copy link

github-actions bot commented Sep 25, 2023
edited
Loading

Build action triggered: https://github.com/flatcar/scripts/actions/runs/6970117426

@krnowak
Copy link
Member Author

krnowak commented Sep 26, 2023

Would be good to have a Jenkins and GA run for that

For sure. I was waiting for the flatcar-build-scripts stuff to go in. Will kick off them soon.

@krnowak krnowak temporarily deployed to development September 26, 2023 08:36 — with GitHub Actions Inactive
@krnowak
Copy link
Member Author

krnowak commented Sep 26, 2023

Jenkins: http://jenkins.infra.kinvolk.io:8080/job/container/job/packages_all_arches/2585/cldsv

@krnowak krnowak temporarily deployed to development September 28, 2023 06:04 — with GitHub Actions Inactive
@krnowak krnowak temporarily deployed to development September 28, 2023 16:06 — with GitHub Actions Inactive
@krnowak
Copy link
Member Author

krnowak commented Sep 28, 2023

Jenkins again:

GH is running.

@krnowak krnowak temporarily deployed to development September 29, 2023 05:35 — with GitHub Actions Inactive
@krnowak krnowak temporarily deployed to development October 11, 2023 11:02 — with GitHub Actions Inactive
@krnowak krnowak temporarily deployed to development October 12, 2023 10:34 — with GitHub Actions Inactive
@krnowak krnowak temporarily deployed to development October 12, 2023 15:13 — with GitHub Actions Inactive
@krnowak krnowak marked this pull request as ready for review October 13, 2023 10:09
@krnowak krnowak requested a review from a team October 13, 2023 10:09
@krnowak
Copy link
Member Author

krnowak commented Oct 13, 2023

Seems to be working in general. OEM package reports are not working yet, because there are no such reports on bincache - this PR introduces building such reports. On github the OEM reports are useless, because we build only the qemu images, so azure, vmware, ami and others only have error messages about missing files.

Jenkins: http://jenkins.infra.kinvolk.io:8080/job/container/job/packages_all_arches/2709/cldsv/
Github artifacts (search for image-changes-reports): https://github.com/flatcar/scripts/actions/runs/6497561930?pr=1169

@krnowak krnowak temporarily deployed to development October 25, 2023 13:40 — with GitHub Actions Inactive
@krnowak krnowak mentioned this pull request Oct 26, 2023
Merged
@krnowak krnowak temporarily deployed to development October 26, 2023 15:46 — with GitHub Actions Inactive
@krnowak krnowak changed the title Generate reports for OEM sysext images, allow reports against last nightly Generate reports for OEM and base sysext images, allow reports against last nightly Oct 26, 2023
@krnowak
.github/ci: Fix clobbering of parameters and env vars
202b905
@krnowak
.github/ci: Run image reports job after vms job
c03d372 
It shows changes also in OEM images and these are built in vms step.
@krnowak
overlay coreos-base/common-oem-files: Add some arch info about OEM
a7853de 
For now we don't have a single place where we could learn about which
OEMs with a sysext image gets built for certain architecture. So add
it for now to the coreos-base/common-oem-files package. Missing
architecture info for an OEM that gets built only in a certain arch is
not going to be fatal for the image changes job - we will just get a
report for this OEM with messages about failures to download some
files.
@krnowak
ci-automation/image-changes: Filter out OEM IDs not built for an arch
d373052 
This is to limit the amount of reports consisting purely of failures,
because some files were missing. And those files will be missing,
because an OEM might not even have any image for certain arches (like
digitalocean has no arm64 images).
@krnowak
.github/ci: Fix artifacts paths
5b3e90e
@krnowak
ci-automation/image-changes: Source version.txt
ead79f9 
This avoid messing with quotes.
@krnowak
.github/ci, ci-automation/image-changes: Print diffs for base sysexts
dabb547
@krnowak
ci-automation: List built base sysext explicitly
c5b8a80 
Instead of depending on default value of build_image's base_sysext
parameter, create a file that explicitly lists which base sysexts will
be built for each architecture. The file can be sourced by other
scripts that need this kind of information. Currently, image.sh and
image_changes.sh use this file.
@krnowak
overlay, ci-automation: Factor out OEMID info to a separate file
f542807 
Image changes job needs a list of OEMIDs that are built for a specific
architecture. Similar information already existed in the
coreos-base/common-oem-files ebuild, so factor it out to a separate
file, so the image changes job does not need to source the entire
ebuild (or process it in other way), but rather source the smaller
file.
@krnowak
overlay, ci-automation: Another attempt at providing OEMID info
8a75eba 
Please read the comment at the top of the coreos-base/common-oem-files
ebuild for details.
@krnowak
overlay coreos-base/common-oem-files: Move hack description down
9a780a3 
EAPI needs to be defined within first 24 lines, so the description
would push the definition too much down as it needs to happen after
possible declaration of EAPI as local for the source case.
@krnowak
overlay, ci-automation: Try making common-oem-files a valid ebuild
71eed26 
Assignment of EAPI must be the first non-comment, non-blank line in
the ebuild, otherwise portage masks it as corrupted.
@krnowak
.github/ci: Report about base sysexts for against last nightly too
0490c9c
@krnowak
.github/ci: Deduplicate the image changes job
89f0cba
@krnowak
ci-automation/image-changes, .github/ci: Further deduplication
810306c
@krnowak
.github/ci: AAAARGH!
c9b9864
@krnowak
ci-automation/image-changes: Meh
00dad31
@krnowak
.github/ci: Install python3-packaging package
a39e53a 
show-fixed-kernel-cves.py script from flatcar-build-scripts requires
this package:

Traceback (most recent call last):
  File "/home/runner/actions-runner/_work/scripts/scripts/flatcar-build-scripts/show-fixed-kernel-cves.py", line 29, in <module>
    from packaging import version
ModuleNotFoundError: No module named 'packaging'
@krnowak
ci-automation/image-changes: Avoid swallowing errors
a87a882
@krnowak
ci-automation/base-sysexts: Simplify
3d4ddf8 
No need in making it arch-specific.
@krnowak
Copy link
Member Author

krnowak commented Nov 21, 2023

Just one note: On one hand it would be nice to do a hard error when encountering an error but on the other hand this means one wouldn't see the full output. It's ok to leave it as is but I fear it might be broken and people just skip over it because the script gives no final error. Examples are the use of source <(curl…) or local var=$(cmd) that silence errors.

I have split local var=$(cmd) into local var; var=$(cmd) and replaced the use of <(curl…) with curling to a temporary file and sourcing it. I kept <(printf … | sort) as I don't expect it to fail.

@krnowak
Copy link
Member Author

krnowak commented Nov 21, 2023

Oh, yeah, backporting is tricky with the sysext stuff… Maybe some hacky if-else cases could prevent further divergence but I if I recall correctly this ship has sailed already for the image change job and it's already not easy to apply patches cleanly on the Stable/LTS branches, or?

I decided to not do the backporting as the advantages of doing it are rather slim - once a version hits a LTS/stable/beta/alpha channel, the image changes job is of limited use - almost nothing changes there comparing to the previous nightly in the channel. The important changes (like kernel version and kernel config changes and the like) are still printed.

Instead I went with a cut-off version of 3795 in jenkins os to decide whether to kick off two image-changes jobs or just one.

@krnowak
Copy link
Member Author

krnowak commented Nov 21, 2023

CI: http://jenkins.infra.kinvolk.io:8080/job/container/job/packages_all_arches/2964/cldsv/

@krnowak krnowak requested a review from pothos November 23, 2023 13:04
@krnowak
Copy link
Member Author

krnowak commented Nov 23, 2023

CI has passed. So for versions <3795, we will do the old stuff (image changes against last release, done after the image job, no changes in base sysexts and OEM sysexts), while for newer versions the new stuff (image changes against last release and last nightly, done after vms job, display changes in base sysexts and OEM sysexts).

@krnowak krnowak merged commit 7b19e92 into main Nov 24, 2023
1 check failed
@krnowak krnowak deleted the krnowak/image-changes branch November 24, 2023 09:29
@github-actions github-actions bot mentioned this pull request Dec 22, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pothos pothos Awaiting requested review from pothos

Assignees
No one assigned
Labels
main
Projects
None yet
Milestone
No milestone
2 participants
@krnowak @pothos