2019-07-22 19:50:18 +03:00
@Library('github.com/coreos/coreos-ci-lib@master') _
2019-12-13 20:12:53 +03:00
COSA_IMAGE = 'quay.io/coreos-assembler/coreos-assembler:latest'
COSA_BUILDROOT_IMAGE = 'registry.svc.ci.openshift.org/coreos/cosa-buildroot:latest'
2019-07-22 19:50:18 +03:00
stage("Build") {
parallel rpms: {
2019-12-13 20:12:53 +03:00
coreos.pod(image: COSA_BUILDROOT_IMAGE, runAsUser: 0) {
2019-07-22 19:50:18 +03:00
checkout scm
sh """
2019-12-22 01:42:11 +03:00
set -xeuo pipefail
2019-12-13 20:14:32 +03:00
# fetch tags so `git describe` gives a nice NEVRA when building the RPM
git fetch origin --tags
2019-07-22 19:50:18 +03:00
ci/installdeps.sh
git submodule update --init
# We lose sanitizers (all the *san) here by building straight to RPMs, but we can
# restore those through a build opt later on. Being able to stash RPMs directly is
# super nice (and archiving later on will make it easy for anyone to download
# binaries from PRs in the future) and meshes well with the following stages.
export PATH="/root/.cargo/bin:\$PATH"
cargo install cbindgen
cbindgen -c rust/cbindgen.toml -o rpmostree-rust.h rust
cd packaging
make -f Makefile.dist-packaging rpm
2019-12-22 01:42:11 +03:00
mv \$(find . -name '*.rpm') ..
2019-07-22 19:50:18 +03:00
"""
2019-12-13 20:14:32 +03:00
// make it easy for anyone to download the RPMs
2019-12-22 01:42:11 +03:00
archiveArtifacts '*.rpm'
stash excludes: '*.src.rpm', includes: '*.rpm', name: 'rpms'
2019-07-22 19:50:18 +03:00
}
},
codestyle: {
2019-12-13 20:12:53 +03:00
coreos.pod(image: COSA_IMAGE) {
2019-10-03 22:14:11 +03:00
checkout scm
2019-07-22 19:50:18 +03:00
sh """
2019-12-22 01:42:11 +03:00
set -xeuo pipefail
2019-07-22 19:50:18 +03:00
# Jenkins by default only fetches the branch it's testing. Explicitly fetch master
# for ci-commitmessage-submodules.sh
git fetch origin +refs/heads/master:refs/remotes/origin/master
2019-10-03 22:14:11 +03:00
ci/ci-commitmessage-submodules.sh
2019-07-22 19:50:18 +03:00
ci/codestyle.sh
"""
}
},
2019-12-20 22:16:24 +03:00
rust: {
2019-12-13 20:12:53 +03:00
coreos.pod(image: COSA_BUILDROOT_IMAGE, runAsUser: 0) {
2019-07-22 19:50:18 +03:00
checkout scm
sh """
2019-12-22 01:42:11 +03:00
set -xeuo pipefail
2019-09-27 18:06:01 +03:00
ci/msrv.sh
2019-07-22 19:50:18 +03:00
"""
}
}}
tests/compose: Target FCOS 31, move off of PAPR
Again, a lot going on here, but essentially, we adapt the compose tests
to run either privileged or fully unprivileged via supermin, just like
cosa.
I actually got more than halfway through this initially using `cosa
build` directly for testing. But in the end, we simply need more
flexibility than that. We want to be able to manipulate exactly how
rpm-ostree is called, and cosa is very opinionated about this (and may
also change from under us in the future).
(Another big difference for example is that cosa doesn't care about
non-unified mode, whereas we *need* to have coverage for this until we
fully kill it.)
Really, the most important bit we want from there is the
unprivileged-via-supermin bits. So we copy and adapt that here. One
obvious improvement then is sharing this code more easily (e.g. a
`cosa runasroot` or something?)
However, we still use the FCOS manifest (frozen at a specific tag). It's
a realistic example, and because of the lockfiles and pool, we get good
reproducibility.
2019-12-22 01:42:09 +03:00
stage("Test") {
parallel vmcheck: {
2019-12-22 01:42:11 +03:00
def nhosts = 6
def mem = (nhosts * 1024) + 512
coreos.pod(image: COSA_IMAGE, runAsUser: 0, kvm: true, memory: "${mem}Mi", cpu: "${nhosts}") {
stage("Build FCOS") {
checkout scm
unstash 'rpms'
// run this stage first without installing deps, so we match exactly the cosa pkgset
// (+ our built rpm-ostree)
sh """
set -xeuo pipefail
dnf install -y *.rpm
coreos-assembler init --force https://github.com/coreos/fedora-coreos-config
# include our built rpm-ostree in the image
mkdir -p overrides/rpm
mv *.rpm overrides/rpm
coreos-assembler build
"""
}
stage("Install Deps") {
sh """
set -xeuo pipefail
ci/installdeps.sh # really, we just need test deps, but meh...
"""
}
stage("Run") {
try {
timeout(time: 30, unit: 'MINUTES') {
sh """
set -xeuo pipefail
fcos=\$(ls builds/latest/*/*.qcow2) # */
ln -sf "\$(realpath \${fcos})" tests/vmcheck/image.qcow2
JOBS=${nhosts} tests/vmcheck.sh
"""
}
} finally {
Rework vmcheck to use `kola spawn`, move off of PAPR
There's a lot going on here, but essentially:
1. We change the `vmcheck` model so that it always operates on an
immutable base image. It takes that image and dynamically launches a
separate VM for each test using `kola spawn`. This means we can drop
a lot of hacks around re-using the same VMs.
2. Following from 1., `vmoverlay` now takes as input a base image,
overlays the built rpm-ostree bits, then creates a new base image. Of
course, we don't have to do this in CI, because we build FCOS with
the freshly built RPMs (so it uses `SKIP_VMOVERLAY=1`). `vmoverlay`
then will be more for the developer case where one doesn't want to
iterate via `cosa build` to test rpm-ostree changes. I say "will"
because the functionality doesn't exist yet; I'd like to enhance
`cosa dev-overlay` to do this. (Note `vmsync` should still works just
as before too.)
3. `vmcheck` can be run without building the tree first, as
`tests/vmcheck.sh`. The `make vmcheck` target still exists though for
finger compatibility and better meshing with `vmoverlay` in the
developer case.
What's really nice about using kola spawn is that it takes care of a lot
of things for us, such as the qemu command, journal and console
gathering, and SSH.
Similarly to the compose testsuites, we're using parallel here to run
multiple vmcheck tests at once. (On developer laptops, we cap
parallelism at `$(nproc) - 1`).
2019-12-13 20:23:41 +03:00
sh """
set -xeuo pipefail
2019-12-22 01:42:11 +03:00
if [ -d vmcheck-logs ]; then
tar -C vmcheck-logs -cf- . | xz -c9 > vmcheck-logs.tar.xz
fi
Rework vmcheck to use `kola spawn`, move off of PAPR
There's a lot going on here, but essentially:
1. We change the `vmcheck` model so that it always operates on an
immutable base image. It takes that image and dynamically launches a
separate VM for each test using `kola spawn`. This means we can drop
a lot of hacks around re-using the same VMs.
2. Following from 1., `vmoverlay` now takes as input a base image,
overlays the built rpm-ostree bits, then creates a new base image. Of
course, we don't have to do this in CI, because we build FCOS with
the freshly built RPMs (so it uses `SKIP_VMOVERLAY=1`). `vmoverlay`
then will be more for the developer case where one doesn't want to
iterate via `cosa build` to test rpm-ostree changes. I say "will"
because the functionality doesn't exist yet; I'd like to enhance
`cosa dev-overlay` to do this. (Note `vmsync` should still works just
as before too.)
3. `vmcheck` can be run without building the tree first, as
`tests/vmcheck.sh`. The `make vmcheck` target still exists though for
finger compatibility and better meshing with `vmoverlay` in the
developer case.
What's really nice about using kola spawn is that it takes care of a lot
of things for us, such as the qemu command, journal and console
gathering, and SSH.
Similarly to the compose testsuites, we're using parallel here to run
multiple vmcheck tests at once. (On developer laptops, we cap
parallelism at `$(nproc) - 1`).
2019-12-13 20:23:41 +03:00
"""
2019-12-22 01:42:11 +03:00
archiveArtifacts allowEmptyArchive: true, artifacts: 'vmcheck-logs.tar.xz'
Rework vmcheck to use `kola spawn`, move off of PAPR
There's a lot going on here, but essentially:
1. We change the `vmcheck` model so that it always operates on an
immutable base image. It takes that image and dynamically launches a
separate VM for each test using `kola spawn`. This means we can drop
a lot of hacks around re-using the same VMs.
2. Following from 1., `vmoverlay` now takes as input a base image,
overlays the built rpm-ostree bits, then creates a new base image. Of
course, we don't have to do this in CI, because we build FCOS with
the freshly built RPMs (so it uses `SKIP_VMOVERLAY=1`). `vmoverlay`
then will be more for the developer case where one doesn't want to
iterate via `cosa build` to test rpm-ostree changes. I say "will"
because the functionality doesn't exist yet; I'd like to enhance
`cosa dev-overlay` to do this. (Note `vmsync` should still works just
as before too.)
3. `vmcheck` can be run without building the tree first, as
`tests/vmcheck.sh`. The `make vmcheck` target still exists though for
finger compatibility and better meshing with `vmoverlay` in the
developer case.
What's really nice about using kola spawn is that it takes care of a lot
of things for us, such as the qemu command, journal and console
gathering, and SSH.
Similarly to the compose testsuites, we're using parallel here to run
multiple vmcheck tests at once. (On developer laptops, we cap
parallelism at `$(nproc) - 1`).
2019-12-13 20:23:41 +03:00
}
2019-12-22 01:42:11 +03:00
}
2019-07-22 19:50:18 +03:00
}
tests/compose: Target FCOS 31, move off of PAPR
Again, a lot going on here, but essentially, we adapt the compose tests
to run either privileged or fully unprivileged via supermin, just like
cosa.
I actually got more than halfway through this initially using `cosa
build` directly for testing. But in the end, we simply need more
flexibility than that. We want to be able to manipulate exactly how
rpm-ostree is called, and cosa is very opinionated about this (and may
also change from under us in the future).
(Another big difference for example is that cosa doesn't care about
non-unified mode, whereas we *need* to have coverage for this until we
fully kill it.)
Really, the most important bit we want from there is the
unprivileged-via-supermin bits. So we copy and adapt that here. One
obvious improvement then is sharing this code more easily (e.g. a
`cosa runasroot` or something?)
However, we still use the FCOS manifest (frozen at a specific tag). It's
a realistic example, and because of the lockfiles and pool, we get good
reproducibility.
2019-12-22 01:42:09 +03:00
},
compose: {
2019-12-22 01:42:11 +03:00
def jobs = 5
def mem = (jobs * 2048) + 512
coreos.pod(image: COSA_IMAGE, runAsUser: 0, emptyDirs: ["/srv/tmpdir"], kvm: true, memory: "${mem}Mi", cpu: "${jobs}") {
checkout scm
unstash 'rpms'
stage("Install Deps") {
tests/compose: Target FCOS 31, move off of PAPR
Again, a lot going on here, but essentially, we adapt the compose tests
to run either privileged or fully unprivileged via supermin, just like
cosa.
I actually got more than halfway through this initially using `cosa
build` directly for testing. But in the end, we simply need more
flexibility than that. We want to be able to manipulate exactly how
rpm-ostree is called, and cosa is very opinionated about this (and may
also change from under us in the future).
(Another big difference for example is that cosa doesn't care about
non-unified mode, whereas we *need* to have coverage for this until we
fully kill it.)
Really, the most important bit we want from there is the
unprivileged-via-supermin bits. So we copy and adapt that here. One
obvious improvement then is sharing this code more easily (e.g. a
`cosa runasroot` or something?)
However, we still use the FCOS manifest (frozen at a specific tag). It's
a realistic example, and because of the lockfiles and pool, we get good
reproducibility.
2019-12-22 01:42:09 +03:00
sh """
set -xeuo pipefail
2019-12-22 01:42:11 +03:00
ci/installdeps.sh # really, we just need test deps, but meh...
dnf install -y *.rpm # install our built rpm-ostree
tests/compose: Target FCOS 31, move off of PAPR
Again, a lot going on here, but essentially, we adapt the compose tests
to run either privileged or fully unprivileged via supermin, just like
cosa.
I actually got more than halfway through this initially using `cosa
build` directly for testing. But in the end, we simply need more
flexibility than that. We want to be able to manipulate exactly how
rpm-ostree is called, and cosa is very opinionated about this (and may
also change from under us in the future).
(Another big difference for example is that cosa doesn't care about
non-unified mode, whereas we *need* to have coverage for this until we
fully kill it.)
Really, the most important bit we want from there is the
unprivileged-via-supermin bits. So we copy and adapt that here. One
obvious improvement then is sharing this code more easily (e.g. a
`cosa runasroot` or something?)
However, we still use the FCOS manifest (frozen at a specific tag). It's
a realistic example, and because of the lockfiles and pool, we get good
reproducibility.
2019-12-22 01:42:09 +03:00
"""
}
2019-12-22 01:42:11 +03:00
stage("Run") {
try {
2020-01-27 18:23:50 +03:00
timeout(time: 45, unit: 'MINUTES') {
2019-12-22 01:42:11 +03:00
sh """
set -xeuo pipefail
mkdir compose-logs
TMPDIR=/srv/tmpdir JOBS=${jobs} ./tests/compose.sh
"""
}
} finally {
sh """
set -xeuo pipefail
if [ -d compose-logs ]; then
tar -C compose-logs -cf- . | xz -c9 > compose-logs.tar.xz
fi
"""
archiveArtifacts allowEmptyArchive: true, artifacts: 'compose-logs.tar.xz'
}
}
}
tests/compose: Target FCOS 31, move off of PAPR
Again, a lot going on here, but essentially, we adapt the compose tests
to run either privileged or fully unprivileged via supermin, just like
cosa.
I actually got more than halfway through this initially using `cosa
build` directly for testing. But in the end, we simply need more
flexibility than that. We want to be able to manipulate exactly how
rpm-ostree is called, and cosa is very opinionated about this (and may
also change from under us in the future).
(Another big difference for example is that cosa doesn't care about
non-unified mode, whereas we *need* to have coverage for this until we
fully kill it.)
Really, the most important bit we want from there is the
unprivileged-via-supermin bits. So we copy and adapt that here. One
obvious improvement then is sharing this code more easily (e.g. a
`cosa runasroot` or something?)
However, we still use the FCOS manifest (frozen at a specific tag). It's
a realistic example, and because of the lockfiles and pool, we get good
reproducibility.
2019-12-22 01:42:09 +03:00
}}