-
Notifications
You must be signed in to change notification settings - Fork 105
/
prow-entrypoint.sh
executable file
·193 lines (165 loc) · 6.07 KB
/
prow-entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
#!/bin/bash
set -xeuo pipefail
# Main script acting as entrypoint for all Prow jobs building RHCOS images
# Global variables
REDIRECTOR_URL="https://rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com/art/storage/releases/"
# This function is used to update the /etc/passwd file within the COSA container
# at test-time. The need for this comes from the fact that OpenShift will run a
# container with a randomized user ID by default to enhance security. Because
# COSA runs with an unprivileged user ("builder") instead of (container) root,
# this presents special challenges for file and disk permissions. This particular
# pattern was inspired by:
# - https://cloud.redhat.com/blog/jupyter-on-openshift-part-6-running-as-an-assigned-user-id
# - https://cloud.redhat.com/blog/a-guide-to-openshift-and-uids
setup_user() {
user_id="$(id -u)"
group_id="$(id -g)"
grep -v "^builder" /etc/passwd > /tmp/passwd
echo "builder:x:${user_id}:${group_id}::/home/builder:/bin/bash" >> /tmp/passwd
cat /tmp/passwd > /etc/passwd
rm /tmp/passwd
# Not strictly required, but nice for debugging.
id
whoami
}
cosa_init() {
# Always create a writable copy of the source repo
tmp_src="$(mktemp -d)"
cp -a /src "${tmp_src}/os"
# Either use the COSA_DIR prepared for us or create a temporary cosa workdir
cosa_dir="${COSA_DIR:-$(mktemp -d)}"
echo "Using $cosa_dir for build"
cd "$cosa_dir"
# Setup source tree
cosa init --transient "${tmp_src}/os"
}
# Do a cosa build & cosa build-extensions only
# This is called both as part of the build phase and test phase in Prow thus we
# can not do any kola testing in this function.
cosa_build() {
# Grab the raw value of `mutate-os-release` and use sed to convert the value
# to X-Y format
ocpver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]')
ocpver_mut=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]' | sed 's|\.|-|')
prev_build_url=${REDIRECTOR_URL}/rhcos-${ocpver}/
# Fetch the previous build
cosa buildfetch --url="${prev_build_url}"
# Fetch the repos corresponding to the release we are building
rhelver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["automatic-version-prefix"]' | cut -f2 -d.)
id
whoami
ls -alh "src/config/"
curl -L "http://base-${ocpver_mut}-rhel${rhelver}.ocp.svc.cluster.local" -o "src/config/ocp.repo"
# Build RHCOS & extensions
cosa fetch
cosa build
cosa buildextend-extensions
}
# Make sure the image is at least booting before runnning expensive tests
kola_test_basic() {
cosa kola run basic
}
kola_test_basic_scenarios() {
cosa kola --basic-qemu-scenarios
}
kola_test_upgrade() {
kola run-upgrade -b rhcos -v --find-parent-image --qemu-image-dir tmp/ --output-dir tmp/kola-upgrade
}
kola_test_run() {
cosa kola run --parallel 2
}
kola_test_metal() {
# Build metal + installer now so we can test them
cosa buildextend-metal && cosa buildextend-metal4k && cosa buildextend-live
# Compress the metal and metal4k images now so we're testing
# installs with the image format we ship
cosa compress --artifact=metal --artifact=metal4k
# Run all testiso scenarios on metal artifact
kola testiso -S --scenarios pxe-install,pxe-offline-install,iso-install,iso-offline-install,iso-live-login,iso-as-disk,miniso-install --output-dir tmp/kola-metal
# Run only the iso-install scenario to sanity-check the metal4k media
kola testiso -S --qemu-native-4k --qemu-multipath --scenarios iso-install --output-dir tmp/kola-metal4k
# Run some uefi & secure boot tests
if [[ "$(uname -i)" == "x86_64" ]] || [[ "$(uname -i)" == "aarch64" ]]; then
mkdir -p tmp/kola-uefi
kola testiso -S --qemu-firmware uefi --scenarios iso-live-login,iso-as-disk --output-dir tmp/kola-uefi/insecure
if [[ "$(uname -i)" == "x86_64" ]]; then
kola testiso -S --qemu-firmware uefi-secure --scenarios iso-live-login,iso-as-disk --output-dir tmp/kola-uefi/secure
fi
fi
}
# Basic syntaxt validation for manifests
validate() {
# Create a temporary copy
workdir="$(mktemp -d)"
echo "Using $workdir as working directory"
# Figure out if we are running from the COSA image or directly from the Prow src image
if [[ -d /src/github.com/openshift/os ]]; then
cd "$workdir"
git clone /src/github.com/openshift/os os
elif [[ -d ./.git ]]; then
srcdir="${PWD}"
cd "$workdir"
git clone "${srcdir}" os
else
echo "Could not found source directory"
exit 1
fi
cd os
# First ensure submodules are initialized
git submodule update --init --recursive
# Basic syntax check
./fedora-coreos-config/ci/validate
}
main () {
if [[ "${#}" -ne 1 ]]; then
echo "This script is expected to be called by Prow with the name of the build phase or test to run"
exit 1
fi
# Record information about cosa + rpm-ostree
if [[ -d /cosa ]]; then
jq . < /cosa/coreos-assembler-git.json
fi
rpm-ostree --version
case "${1}" in
"validate")
validate
;;
"build")
cosa_init
cosa_build
;;
"build-test-qemu-kola-basic")
setup_user
cosa_init
cosa_build
kola_test_basic
kola_test_basic_scenarios
;;
"build-test-qemu-kola-all")
setup_user
cosa_init
cosa_build
kola_test_basic
kola_test_run
;;
"build-test-qemu-kola-upgrade")
setup_user
cosa_init
cosa_build
kola_test_basic
kola_test_upgrade
;;
"build-test-qemu-kola-metal")
setup_user
cosa_init
cosa_build
kola_test_basic
kola_test_metal
;;
*)
echo "Unknown test name"
exit 1
;;
esac
}
main "${@}"