Commit Graph

179 Commits

Author SHA1 Message Date
Peter Krempa
20e063c2fd ci: Regenerate gitlab CI config with latest lcitool
The latest 'lcitool' now generates the CI config in a way which
allows users to kick off pipelines with the upstream projects container
environment rather than building a throwaway updated environment each
time and enables a gitlab feature to time individual script lines.
Pull it into libvirt.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2023-03-01 14:42:19 +01:00
Peter Krempa
5d59142122 ci: Regenerate gitlab config with latest lcitool
The 'cirrus-run' and 'check-dco' containers are now exported as
':latest' instead of ':master'.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-03-01 11:57:37 +01:00
Erik Skultety
917749314c ci: Test with latest Avocado again
Test with the following fix:
https://github.com/avocado-framework/avocado/pull/5567/commits

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-08 16:36:10 +01:00
Erik Skultety
ad00beffa6 ci: integration: Set an expiration on logs artifacts
The default expiry time is 30 days. Since the RPM artifacts coming from
the previous pipeline stages are set to expire in 1 day we can set the
failed integration job log artifacts to the same value. The sentiment
here is that if an integration job legitimately failed (i.e. not with
an infrastructure failure) unless it was fixed in the meantime it will
fail the next day with the scheduled pipeline again, meaning, that even
if the older log artifacts are removed, they'll be immediately
replaced with fresh ones.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-01-12 09:57:52 +01:00
Erik Skultety
3ebfeaa206 ci: Refresh and add Fedora 37 target
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2023-01-09 14:53:34 +01:00
Erik Skultety
c9a65eb8a6 ci: integration: Lock the Avocado version to 98.0 for now
Avocado 99.0 causes the TCK test suite to fail with the nwfilter tests
(which is another Bash framework underneath). Until the culprit is
identified and fixed in Avocado, let's lock the version to 98.0 which
worked with the test suite just fine.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-11-16 10:14:20 +01:00
Daniel P. Berrangé
539e851c5d ci: regenerate with lcitool manifest
Two notable changes:

 * the macOS platform has switched from x86_64 to aarch64
 * if a new pipeline starts before a previous one finishes,
   jobs marked 'interruptible: true' will be auto-cancelled

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-14 17:22:31 +00:00
Erik Skultety
5597ae9609 ci: integration: Bundle only failed Avocado test results
Latest versions of Avocado create 'by-status' symlink shortcuts to test
results, IOW:

 # this is the main test results directory containing all data
 $ ls <path>/avocado/job-results/latest/test-results/
 01-scripts_networks_050-transient-lifecycle.t
 02-scripts_networks_051-transient-autostart.t
 ...
 22-scripts_networks_400-guest-bandwidth.t
 by_status/

 # list only the failed tests
 $ ls -l <path>/avocado/job-results/latest/test-results/by-status/FAIL
 19-scripts_networks_360-guest-network-vepa.t ->
    <path>/avocado/job-results/latest/test-results/19-scripts_networks_360-guest-network-vepa.t

Therefore, let's bundle only the failed ones, it's going to make the
log artifacts more obvious when looking for libvirt errors.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-25 09:40:44 +02:00
Erik Skultety
2b26127397 ci: integration: Create the avocado logs artifact dir conditionally
Don't create an avocado directory in the resulting log artifacts
if Avocado didn't even run (e.g. libvirt errored out on service
restart).

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-25 09:40:44 +02:00
Erik Skultety
5243dcea65 ci: integration: Use 'set +e' in the log collecting job
All 'script' blocks are defined as 'set -e' and so a single failed
return value means we won't collect some of the logs. Because of
the nature of the original job's failure some of the log sources
might not be available, but that's fine, however, the gitlab
after_script job cannot finish prematurely.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-25 09:40:44 +02:00
Erik Skultety
124eb56342 ci: integration: Only create a coredump log when a core exists
It could be quite confusing looking at the job log artifacts and having
an empty coredump log in there, IOW it doesn't really give much
confidence that the reporting mechanism actually works.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-25 09:40:44 +02:00
Erik Skultety
1df36ecbd0 ci: integration: Fix the test on avocado directory existence
It's a directory, so -d should be used with 'test'.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-25 09:40:43 +02:00
Erik Skultety
ddc4898080 ci: integration: Add an extra level of quoting for augeas set options
Both log filters and log outputs expect string values, however, augeas
apparently requires an extra level of quotes apart from the ones we
pass via shell (see comment [1]) to work properly, otherwise augeas
ignores the value and returns 0.
Without this fix we don't set libvirt's log level to debug, we don't
set logging to a file and hence we don't include the logs in CI
artifacts in case the test suite fails.

[1] https://github.com/hercules-team/augeas/issues/301#issuecomment-143699880

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-25 09:40:43 +02:00
Erik Skultety
045e642d29 ci: integration: Add virtnetworkd to the list of restarted services
It was missing from the set. While at it, order the daemon set
alphabetically.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-25 09:40:43 +02:00
Peter Krempa
bb0bec4827 ci: Install python RPMs from libvirt/libvirt-python CI artifacts
After addition of the new libvirt-client-qemu sub-package which is using
python bindings (thus creating a circular dependency between the libvirt
and libvirt-python projects) the integration jobs fail with:

  Error:
   Problem: conflicting requests
    - nothing provides python3-libvirt >= 8.9.0-1.el9 needed by libvirt-client-qemu-8.9.0-1.el9.x86_64

The libvirt-python project now provides the RPMs in artifacts:
 https://gitlab.com/libvirt/libvirt-python/-/merge_requests/96

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2022-10-13 12:23:01 +02:00
Daniel P. Berrangé
491d918502 ci: refresh with latest lcitool manifest
This refresh switches the CI for contributors to be triggered by merge
requests. Pushing to a branch in a fork will no longer run CI pipelines,
in order to avoid consuming CI minutes. To regain the original behaviour
contributors can opt-in to a pipeline on push

   git push <remote> -o ci.variable=RUN_PIPELINE=1

This variable can also be set globally on the repository, through the
web UI options Settings -> CI/CD -> Variables, though this is not
recommended. Upstream repo pushes to branches will run CI.

The use of containers has changed in this update, with only the upstream
repo creating containers, in order to avoid consuming contributors'
limited storage quotas. A fork with existing container images may delete
them. Containers will be rebuilt upstream when pushing commits with CI
changes to the default branch. Any other scenario with CI changes will
simply install build pre-requisite packages in a throaway environment,
using the ci/buildenv/ scripts. These scripts may also be used on a
contributor's local machines.

With pipelines triggered by merge requests, it is also now possible to
workaround the inability of contributors to run pipelines if they have
run out of CI quota. A project member can trigger a pipeline from the
merge request, which will run in context of upstream, however, note
this should only be done after reviewing the code for any malicious
CI changes.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-10-06 05:15:54 -04:00
Erik Skultety
0327bbb767 ci: integration: Update the perl CI job names
libvirt-derived repos recently changed the way how and when CI
containers are built and for that a different naming scheme was adopted
to differentiate between the 2. Update the integration pipeline config
to reflect this change.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-10-06 10:47:56 +02:00
Pavel Hrdina
84d9279aef ci: refresh generated files
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-10-03 12:05:20 +02:00
Daniel P. Berrangé
c83c6e4e7a ci: refresh with latest lcitool manifest
This updates the FreeBSD 13 image to 13.1 which should fix the
symbol lookup errors seen in CI recently.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-09-14 10:54:15 -04:00
Peter Krempa
5598ce16d5 ci: Regenerate dockerfiles after 'sheepdog' removal
After support for the sheepdog storage driver backend was removed we
don't need to install it any longer in the containers.

Regenerate the dockerfiles after:
https://gitlab.com/libvirt/libvirt-ci/-/merge_requests/314

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2022-09-01 16:29:15 +02:00
Andrea Bolognani
915d566f42 ci: Switch from macOS 11 to macOS 12
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-08-24 11:07:19 +02:00
Andrea Bolognani
3173cdf43b ci: Refresh generated files
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-08-24 11:07:06 +02:00
Peter Krempa
2700787d0a ci: Drop Debian 10
Debian 10 reaches EOL in August of 2022.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-08-11 14:38:31 +02:00
Peter Krempa
41c92a1325 ci: Move active Debian-10 jobs to Debian-11
Debian 10 will reach EOL in august of 2022 and thus libvirt will no
longer target it. Move CI jobs over to Debian-11.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-08-11 14:38:30 +02:00
Peter Krempa
619d825a18 ci: Move builds from alpine-314 to alpine-315
'lcitool' dropped alpine-314

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2022-07-25 10:50:08 +02:00
Peter Krempa
7cd8f51b97 ci: Regenerate files with new lcitool
Apart from other changes this fixes failures with builds on FreeBSD.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-07-11 15:53:54 +02:00
Andrea Bolognani
ae2dabe5ed ci: Move upstream QEMU integration test to Fedora 36
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2022-06-09 14:41:44 +02:00
Andrea Bolognani
4a4b7f2854 ci: Add Fedora 36 to integration tests
This requires publishing the RPMs as artifacts from the regular
build job.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2022-06-09 14:41:40 +02:00
Erik Skultety
d1e3247675 ci: integration: Set 'safe.directory' when installing QEMU from git
Since a fix for CVE-2022-24765 was released every git command is now
checked against the context repo in which it's supposed to run
resulting in a fatal error if the repo is owned by other user than the
one running the git command.
This means that in order to be able to do 'sudo make install', we have
to set the 'safe.directory' for the root user. This is because QEMU
runs 'git submodule update' automatically on 'make install'.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2022-06-09 13:38:17 +02:00
Erik Skultety
3b943f0c43 ci: integration: SELinux relabel the QEMU we installed from git
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2022-06-09 13:38:13 +02:00
Daniel P. Berrangé
8b8fd1bc67 ci: eliminate many cross arch CI builds
We currently build cross-arch containers for all three Debian
releases (10, 11, Sid), and do libvirt builds covering each
arch. This is overkill in terms of the number of problems it
identifies. The most important aspect of cross arch builds is
to find problems with 32-bit builds and problems with big
endian builds.

With this in mind the cross arch jobs are altered as follows

 - Debian 10
     - build the containers by default
     - build armv7 (32-bit) & s390x (big endian)
     - other arch builds manual

 - Debian 11 / Sid
     - container builds all optional
     - arch builds all optional

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2022-05-31 17:23:04 +02:00
Daniel P. Berrangé
bb9abaed26 ci: move Ubuntu GCC santizers build to 20.04
We currently build on Ubuntu 22.04 twice, for GCC and CLang
with santizers turned on. Moving the GCC santizers build
to 20.04 lets us cull one of the 22.04 jobs

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2022-05-31 17:23:04 +02:00
Daniel P. Berrangé
b7565a2145 ci: disable native builds on certain distros
Currently we do native builds on all distros that are covered
by the support matrix. This reduces that such that we mostly
only run builds on the newest (ie bleeding edge non-released)
version and the oldest version. The effect is that cut out
builds on the newest release version. This is acceptable,
because that version is sandwiched between two versions we
do still test, so unlikely to have failures not already
identified by other jobs.

This has the effect of disabling:

  - AlmaLinux 8 GCC - still has a CLang build
    and CentOS 8 Stream also gives coverage

  - Debian 11 - still has a Debian 10 and Sid
    build

  - Alpine 3.15 - still has a Alpine 3.14 and Edge
    build

Ideally Fedora 35 would be disabled too, but we rely on that
for the integration tests.

The Ubuntu jobs will be handled in the next patch.

The containers are still built since this is cheap-ish.

The build jobs can also be triggered manually if desired.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2022-05-31 17:23:04 +02:00
Daniel P. Berrangé
1c5bc460d3 ci: refresh with lcitool manifest
This refreshes the containers bringing in new behaviour when
builds/containers are disabled.

Instead of deleting the job entirely, the job still exists
but is set to be a manual job. It won't affect the pipeline
result, but can be triggered by the developer if they wish
to test a specific scenario.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2022-05-31 17:23:04 +02:00
Martin Kletzander
76802e5dc6 ci: Refresh generated files
Notable changes:

* 'lcitool manifest' now generates absolute include paths

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2022-05-27 13:35:33 +02:00
Andrea Bolognani
be1d39f6bd ci: Don't mark any Fedora 36 job as optional
It's a stable distro, so we expect all jobs to succeed.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2022-05-26 16:41:23 +02:00
Andrea Bolognani
1234ea1d38 ci: Move MinGW jobs to Fedora 36
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2022-05-26 16:41:20 +02:00
Andrea Bolognani
a6f7ed6e72 ci: Add Fedora 36
The target is intentionally not added to the integration tests
at this time, because the corresponding VM template is not yet
available on the runner. A later patch will take care of that.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2022-05-26 16:41:19 +02:00
Andrea Bolognani
c000499c4f ci: Refresh generated files
Notable changes:

  * 'lcitool manifest' now generates GitLab CI rules spread
    across a bunch of files;

  * container images are built less frequently for the main
    repository.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2022-05-26 16:41:17 +02:00
Andrea Bolognani
af89e4b8f8 ci: Drop Fedora 34
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2022-05-26 16:41:14 +02:00
Andrea Bolognani
40d78e47e5 docs: Update URL for MinGW
The MinGW-w64 project has effectively replaced the original
MinGW project, and distributions such as Fedora have been shipping
packages based on the former for years now.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-05-24 12:19:15 +02:00
Andrea Bolognani
7f403bc251 syntax-check: Enforce sc_prohibit_backslash_alignment everywhere
Basically all files in the repository are already passing the
check, except for syntax-check.mk itself. Fix that, and stop
limiting the files on which the test is performed.

These changes have been generated by running

  $ sed -Ei 's/[ '$'\t'']+\\$/ \\/g' $(git grep -El '[ '$'\t'']+\\$')

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-05-24 11:09:51 +02:00
Erik Skultety
b7fa48081d ci: Add a Fedora integration test job utilizing upstream QEMU
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-05-12 11:12:26 +02:00
Erik Skultety
80ffd571a8 ci: Add a new integration job template for the upstream QEMU scenario
YAML anchors don't work with Shell condition structures, so we cannot
simply reference the QEMU build template YAML anchor conditionally and
hence have everything as part of a single job template.
Instead, we have to "subclass" the .integration_tests template and
inject the QEMU building bits explicitly.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-05-12 11:12:26 +02:00
Erik Skultety
de98075faf ci: Introduce a template for upstream QEMU build
This was heavily inspired by QEMU's upstream CI buildtest-template.yml.
Rather than referencing QEMU's template directly (which GitLab can do),
this patch resorts to hard-coding the build steps ourselves, solely
because there's no guarantee QEMU will keep either the template file
name or the template name from which the build steps were mostly copied
from.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-05-12 11:12:26 +02:00
Erik Skultety
72887b8f59 ci: Break off the integration_tests template into more templates
There's quite a lot happening in the .integration_tests template
already even without adding upstream QEMU build into the mix.
Let's break the template into more pieces which can then reference
in the .integration_tests template when putting all the pieces back
together using YAML anchors.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-05-12 11:12:26 +02:00
Erik Skultety
387932771a ci: Separate the integration job template to a separate file
Future patches will do more code extraction from the existing template
using YAML anchors so it'd be better that the templates would live
separately from job definitions.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2022-05-12 11:12:26 +02:00
Andrea Bolognani
0495f841ee ci: Move clang/asan/ubsan jobs to Ubuntu 22.04
Using an updated toolchain means we're likely to catch more
issues.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-05-06 15:25:18 +02:00
Andrea Bolognani
29ee8c1d2e ci: Add Ubuntu 22.04
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-05-06 11:13:12 +02:00
Andrea Bolognani
1e25a480f5 ci: Refresh configuration
Notable changes:

  * use the most recent point release for FreeBSD 12.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2022-05-06 11:13:05 +02:00