From 9c5fd95e53c2ea43412bfb1bd307c25e6fdcfa94 Mon Sep 17 00:00:00 2001 From: tuti Date: Mon, 30 Dec 2024 11:23:05 -0800 Subject: [PATCH 1/4] update pipelines to be parameterized --- .semaphore/release/hashrelease.yml | 1 - .semaphore/semaphore-scheduled-builds.yml | 16 ++++++++++++++++ .semaphore/semaphore.yml | 16 ++++++++++++++++ .semaphore/semaphore.yml.d/03-promotions.yml | 16 ++++++++++++++++ 4 files changed, 48 insertions(+), 1 deletion(-) diff --git a/.semaphore/release/hashrelease.yml b/.semaphore/release/hashrelease.yml index 42885a5426b..97802eb9f6b 100644 --- a/.semaphore/release/hashrelease.yml +++ b/.semaphore/release/hashrelease.yml @@ -64,7 +64,6 @@ blocks: jobs: - name: Build and publish hashrelease commands: - - if [[ ${SEMAPHORE_WORKFLOW_TRIGGERED_BY_SCHEDULE} == "true" ]]; then export BUILD_CONTAINER_IMAGES=true; export PUBLISH_IMAGES=true; fi - make hashrelease prologue: commands: diff --git a/.semaphore/semaphore-scheduled-builds.yml b/.semaphore/semaphore-scheduled-builds.yml index 49aed5d51ba..4381e8a95a5 100644 --- a/.semaphore/semaphore-scheduled-builds.yml +++ b/.semaphore/semaphore-scheduled-builds.yml @@ -43,6 +43,22 @@ promotions: # Manual promotion for publishing a hashrelease. - name: Publish hashrelease pipeline_file: release/hashrelease.yml + parameters: + env_vars: + - required: true + options: + - true + - false + default_value: false + description: Build container images instead of using images from the image promotion jobs + name: BUILD_CONTAINER_IMAGES + - required: true + options: + - true + - false + default_value: false + description: Publish container images built + name: PUBLISH_IMAGES # Manual promotion for publishing a release. - name: Publish official release pipeline_file: release/release.yml diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 230ad7e3dd9..4453e63d769 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -43,6 +43,22 @@ promotions: # Manual promotion for publishing a hashrelease. - name: Publish hashrelease pipeline_file: release/hashrelease.yml + parameters: + env_vars: + - required: true + options: + - true + - false + default_value: false + description: Build container images instead of using images from the image promotion jobs + name: BUILD_CONTAINER_IMAGES + - required: true + options: + - true + - false + default_value: false + description: Publish container images built + name: PUBLISH_IMAGES # Manual promotion for publishing a release. - name: Publish official release pipeline_file: release/release.yml diff --git a/.semaphore/semaphore.yml.d/03-promotions.yml b/.semaphore/semaphore.yml.d/03-promotions.yml index d5f3343dbea..21265bc46b4 100644 --- a/.semaphore/semaphore.yml.d/03-promotions.yml +++ b/.semaphore/semaphore.yml.d/03-promotions.yml @@ -2,6 +2,22 @@ promotions: # Manual promotion for publishing a hashrelease. - name: Publish hashrelease pipeline_file: release/hashrelease.yml + parameters: + env_vars: + - required: true + options: + - true + - false + default_value: false + description: Build container images instead of using images from the image promotion jobs + name: BUILD_CONTAINER_IMAGES + - required: true + options: + - true + - false + default_value: false + description: Publish container images built + name: PUBLISH_IMAGES # Manual promotion for publishing a release. - name: Publish official release pipeline_file: release/release.yml From eaea61ff8a995d3823b3e2151ddb59556ad72416 Mon Sep 17 00:00:00 2001 From: tuti Date: Mon, 30 Dec 2024 11:24:17 -0800 Subject: [PATCH 2/4] removed semaphore scheduled build pipeline this is not being used anymore --- .semaphore/.gitattributes | 1 - .semaphore/generate-semaphore-yaml.sh | 3 +- .semaphore/semaphore-scheduled-builds.yml | 790 ---------------------- 3 files changed, 1 insertion(+), 793 deletions(-) delete mode 100644 .semaphore/semaphore-scheduled-builds.yml diff --git a/.semaphore/.gitattributes b/.semaphore/.gitattributes index 2145d51400f..20bea8f0998 100644 --- a/.semaphore/.gitattributes +++ b/.semaphore/.gitattributes @@ -1,2 +1 @@ semaphore.yml linguist-generated=true -semaphore-scheduled-builds.yml linguist-generated=true diff --git a/.semaphore/generate-semaphore-yaml.sh b/.semaphore/generate-semaphore-yaml.sh index aa47be4b4ad..823b13f5b03 100755 --- a/.semaphore/generate-semaphore-yaml.sh +++ b/.semaphore/generate-semaphore-yaml.sh @@ -1,6 +1,6 @@ #!/bin/bash -for out_file in semaphore.yml semaphore-scheduled-builds.yml; do +for out_file in semaphore.yml; do echo "# !! WARNING, DO NOT EDIT !! This file is generated from semaphore.yml.tpl." >$out_file echo "# To update, modify the template and then run 'make gen-semaphore-yaml'." >>$out_file @@ -13,4 +13,3 @@ for out_file in semaphore.yml semaphore-scheduled-builds.yml; do done sed -i "s/\${FORCE_RUN}/false/g" semaphore.yml -sed -i "s/\${FORCE_RUN}/true/g" semaphore-scheduled-builds.yml diff --git a/.semaphore/semaphore-scheduled-builds.yml b/.semaphore/semaphore-scheduled-builds.yml deleted file mode 100644 index 4381e8a95a5..00000000000 --- a/.semaphore/semaphore-scheduled-builds.yml +++ /dev/null @@ -1,790 +0,0 @@ -# !! WARNING, DO NOT EDIT !! This file is generated from semaphore.yml.tpl. -# To update, modify the template and then run 'make gen-semaphore-yaml'. -version: v1.0 -name: Calico -execution_time_limit: - hours: 4 -agent: - machine: - type: f1-standard-2 - os_image: ubuntu2204 -auto_cancel: - running: - when: "branch != 'master'" - queued: - when: "branch != 'master'" -global_job_config: - secrets: - - name: docker-hub - prologue: - commands: - - checkout - - export REPO_DIR="$(pwd)" - - mkdir artifacts - # Semaphore is doing shallow clone on a commit without tags. - # unshallow it for GIT_VERSION:=$(shell git describe --tags --dirty --always) - - retry git fetch --unshallow - # Semaphore mounts a copy-on-write FS as /var/lib/docker in order to provide a pre-loaded cache of - # some images. However, the cache is not useful to us and the copy-on-write FS is a big problem given - # how much we churn docker containers during the build. Disable it. - - sudo systemctl stop docker - - sudo umount /var/lib/docker && sudo killall qemu-nbd || true - - sudo systemctl start docker - - echo $DOCKERHUB_PASSWORD | docker login --username "$DOCKERHUB_USERNAME" --password-stdin - # Disable initramfs update to save space on the Semaphore VM (and we don't need it because we're not going to reboot). - - sudo apt-get install -y -u crudini - - sudo crudini --set /etc/initramfs-tools/update-initramfs.conf '' update_initramfs no - - cat /etc/initramfs-tools/update-initramfs.conf - epilogue: - commands: - - cd "$REPO_DIR" - - .semaphore/publish-artifacts -promotions: - # Manual promotion for publishing a hashrelease. - - name: Publish hashrelease - pipeline_file: release/hashrelease.yml - parameters: - env_vars: - - required: true - options: - - true - - false - default_value: false - description: Build container images instead of using images from the image promotion jobs - name: BUILD_CONTAINER_IMAGES - - required: true - options: - - true - - false - default_value: false - description: Publish container images built - name: PUBLISH_IMAGES - # Manual promotion for publishing a release. - - name: Publish official release - pipeline_file: release/release.yml - # Cleanup after ourselves if we are stopped-short. - - name: Cleanup - pipeline_file: cleanup.yml - auto_promote: - when: "result = 'stopped'" - # Rerun failed jobs - - name: Rerun failed jobs - pipeline_file: rerun_failed_jobs.yml - # Have separate promotions for publishing images so we can re-run - # them individually if they fail, and so we can run them in parallel. - - name: Push apiserver images - pipeline_file: push-images/apiserver.yml - auto_promote: - when: "branch =~ 'master|release-.*'" - - name: Push ALP images - pipeline_file: push-images/alp.yml - auto_promote: - when: "branch =~ 'master|release-'" - - name: Push calicoctl images - pipeline_file: push-images/calicoctl.yml - auto_promote: - when: "branch =~ 'master|release-'" - - name: Push calico-node images - pipeline_file: push-images/node.yml - auto_promote: - when: "branch =~ 'master|release-'" - - name: Push cni-plugin images - pipeline_file: push-images/cni-plugin.yml - auto_promote: - when: "branch =~ 'master|release-'" - - name: Push key-cert-provisioner images - pipeline_file: push-images/key-cert-provisioner.yml - auto_promote: - when: "branch =~ 'master|release-'" - - name: Push kube-controllers images - pipeline_file: push-images/kube-controllers.yml - auto_promote: - when: "branch =~ 'master|release-'" - - name: Push pod2daemon images - pipeline_file: push-images/pod2daemon.yml - auto_promote: - when: "branch =~ 'master|release-'" - - name: Push typha images - pipeline_file: push-images/typha.yml - auto_promote: - when: "branch =~ 'master|release-'" - - name: Publish openstack packages - pipeline_file: push-images/packaging.yaml - auto_promote: - when: "branch =~ 'master'" - - name: Run Fossa scans - pipeline_file: license-scanning/fossa-scan.yml - auto_promote: - when: "branch =~ 'master|release-.*'" -blocks: -- name: Prerequisites - dependencies: [] - task: - jobs: - - name: Pre-flight checks - commands: - - make ci-preflight-checks -- name: apiserver - run: - when: "true or change_in(['/*', '/libcalico-go/', '/api/', '/apiserver/', '/hack/test/certs/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - execution_time_limit: - minutes: 30 - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd apiserver - jobs: - - name: make ci - commands: - - ../.semaphore/run-and-monitor make-ci.log make ci - - name: Build binary - matrix: - - env_var: ARCH - values: - - arm64 - - ppc64le - - s390x - commands: - - ../.semaphore/run-and-monitor image-$ARCH.log make build ARCH=$ARCH -- name: API - run: - when: "true or change_in(['/*', '/api/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - execution_time_limit: - minutes: 30 - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd api - jobs: - - name: make ci - commands: - - ../.semaphore/run-and-monitor make-ci.log make ci -- name: app-policy - run: - when: "true or change_in(['/*', '/app-policy/', '/felix/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd app-policy - jobs: - - name: app-policy tests - commands: - - ../.semaphore/run-and-monitor ci.log make ci -- name: calicoctl - run: - when: "true or change_in(['/*', '/calicoctl/', '/libcalico-go/', '/api/', '/hack/test/certs/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd calicoctl - jobs: - - name: calicoctl tests - commands: - - ../.semaphore/run-and-monitor ci.log make ci -- name: cni-plugin - run: - when: "true or change_in(['/*', '/cni-plugin/', '/libcalico-go/', '/hack/test/certs/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd cni-plugin - jobs: - - name: cni-plugin tests - commands: - - ../.semaphore/run-and-monitor ci.log make ci - - name: build windows cni-plugin images - commands: - - ../.semaphore/run-and-monitor ci.log make image-windows -- name: "cni-plugin: Windows" - run: - when: "true or change_in(['/*', '/cni-plugin/', '/libcalico-go/', '/process/testing/winfv-cni-plugin/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - cni-plugin - task: - secrets: - - name: banzai-secrets - prologue: - commands: - # Prepare azure configuration. - - az login --service-principal -u "${AZ_SP_ID}" -p "${AZ_SP_PASSWORD}" --tenant "${AZ_TENANT_ID}" --output none - - export AZURE_SUBSCRIPTION_ID=$AZ_SUBSCRIPTION_ID - - export AZURE_TENANT_ID=$AZ_TENANT_ID - - export AZURE_CLIENT_ID=$AZ_SP_ID - - export AZURE_CLIENT_SECRET=$AZ_SP_PASSWORD - - export AZURE_RESOURCE_GROUP=${USER}-capz-win-cni-${SEMAPHORE_WORKFLOW_ID:0:8}-rg - - export REPORT_DIR=/home/semaphore/calico/process/testing/winfv-cni-plugin/report - - export LOGS_DIR=~/fv.log - - export SHORT_WORKFLOW_ID=$(echo ${SEMAPHORE_WORKFLOW_ID} | sha256sum | cut -c -8) - - export CLUSTER_NAME=sem-${SEMAPHORE_PROJECT_NAME}-pr${SEMAPHORE_GIT_PR_NUMBER}-${SHORT_WORKFLOW_ID} - - export SUFFIX=${CLUSTER_NAME} - - cd cni-plugin - - ../.semaphore/run-and-monitor build.log make bin/windows/calico.exe bin/windows/calico-ipam.exe bin/windows/win-fv.exe - epilogue: - always: - commands: - - artifact push job ${REPORT_DIR} --destination semaphore/test-results --expire-in ${SEMAPHORE_ARTIFACT_EXPIRY} || true - - artifact push job ${LOGS_DIR} --destination semaphore/logs --expire-in ${SEMAPHORE_ARTIFACT_EXPIRY} || true - - cd ~/calico/process/testing/winfv-cni-plugin/aso && make dist-clean - env_vars: - - name: SEMAPHORE_ARTIFACT_EXPIRY - value: 2w - - name: AZURE_LOCATION - value: eastus2 - - name: KUBE_VERSION - value: v1.29.7 - jobs: - - name: Containerd - Windows FV - execution_time_limit: - minutes: 60 - commands: - - ../.semaphore/run-and-monitor win-fv-containerd.log ./.semaphore/run-win-fv.sh -- name: confd - run: - when: "true or change_in(['/*', '/api/', '/libcalico-go/', '/confd/', '/hack/test/certs/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd confd - jobs: - - name: "confd: CI" - execution_time_limit: - minutes: 60 - commands: - - ../.semaphore/run-and-monitor ci.log make ci -- name: crypto - run: - when: "true or change_in(['/lib.Makefile', '/crypto/'])" - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd crypto - jobs: - - name: "crypto tests" - commands: - - ../.semaphore/run-and-monitor ci.log make ci -- name: e2e tests - run: - when: "true or change_in(['/*', '/api/', '/libcalico-go/', '/typha/', '/felix/', '/confd/', '/bird/', '/pod2daemon/', '/node/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - agent: - machine: - type: f1-standard-4 - os_image: ubuntu2004 - jobs: - - name: sig-network conformance - env_vars: - - name: E2E_FOCUS - value: "sig-network.*Conformance" - commands: - - .semaphore/run-and-monitor e2e-test.log make e2e-test -- name: "Felix: Build" - run: - when: "true or change_in(['/*', '/api/', '/libcalico-go/', '/typha/', '/felix/', '/hack/test/certs/', '/cni-plugin/pkg/dataplane/linux/dataplane_linux.go'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd felix - - cache restore go-pkg-cache - - cache restore go-mod-cache - jobs: - - name: Build and run UT, k8sfv - execution_time_limit: - minutes: 60 - commands: - - make build image fv-prereqs - - "cache store bin-${SEMAPHORE_GIT_SHA} bin" - - "cache store fv.test-${SEMAPHORE_GIT_SHA} fv/fv.test" - - cache store go-pkg-cache .go-pkg-cache - - "cache store go-mod-cache ${HOME}/go/pkg/mod/cache" - - docker save -o /tmp/calico-felix.tar calico/felix:latest-amd64 - - "cache store felix-image-${SEMAPHORE_GIT_SHA} /tmp/calico-felix.tar" - - docker save -o /tmp/felixtest-typha.tar felix-test/typha:latest-amd64 - - "cache store felixtest-typha-image-${SEMAPHORE_GIT_SHA} /tmp/felixtest-typha.tar" - - ../.semaphore/run-and-monitor ut.log make ut - - ../.semaphore/run-and-monitor k8sfv-typha.log make k8sfv-test JUST_A_MINUTE=true USE_TYPHA=true - - ../.semaphore/run-and-monitor k8sfv-no-typha.log make k8sfv-test JUST_A_MINUTE=true USE_TYPHA=false - - name: Static checks - execution_time_limit: - minutes: 60 - commands: - - ../.semaphore/run-and-monitor static-checks.log make static-checks -- name: "Felix: multi-arch build" - run: - when: "true or change_in(['/*', '/api/', '/libcalico-go/', '/typha/', '/felix/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - "Felix: Build" - task: - prologue: - commands: - - cd felix - - cache restore go-pkg-cache - - cache restore go-mod-cache - jobs: - - name: Build binary - matrix: - - env_var: ARCH - values: - - ppc64le - - s390x - commands: - # Only building the code, not the image here because the felix image is now only used for FV tests, which - # only run on AMD64 at the moment. - - ../.semaphore/run-and-monitor build-$ARCH.log make build ARCH=$ARCH -- name: "Felix: Build - native arm64 runner" - run: - when: "true or change_in(['/*', '/api/', '/libcalico-go/', '/typha/', '/felix/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - "Felix: Build" - task: - agent: - machine: - type: s1-aws-arm64-2 - prologue: - commands: - - cd felix - - cache restore go-pkg-cache - - cache restore go-mod-cache - jobs: - - name: Build binary - commands: - - ../.semaphore/run-and-monitor build-arm64.log make build ARCH=arm64 -- name: "Felix: Build Windows binaries" - run: - when: "true or change_in(['/*', '/api/', '/libcalico-go/', '/typha/', '/felix/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - jobs: - - name: Build Windows binaries - commands: - - cd felix - - make bin/calico-felix.exe fv/win-fv.exe -- name: "Felix: Windows FV capz" - run: - when: "false or change_in(['/*', '/api/', '/libcalico-go/', '/typha/', '/felix/', '/node', '/hack/test/certs/', '/process/testing/winfv-felix/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: ["Felix: Build Windows binaries"] - task: - secrets: - - name: banzai-secrets - - name: private-repo - prologue: - commands: - - az login --service-principal -u "${AZ_SP_ID}" -p "${AZ_SP_PASSWORD}" --tenant "${AZ_TENANT_ID}" --output none - - export REPORT_DIR=/home/semaphore/report - - export AZURE_SUBSCRIPTION_ID=$AZ_SUBSCRIPTION_ID - - export AZURE_TENANT_ID=$AZ_TENANT_ID - - export AZURE_CLIENT_ID=$AZ_SP_ID - - export AZURE_CLIENT_SECRET=$AZ_SP_PASSWORD - - export AZURE_SUBSCRIPTION_ID_B64="$(echo -n "$AZ_SUBSCRIPTION_ID" | base64 | tr -d '\n')" - - export AZURE_TENANT_ID_B64="$(echo -n "$AZ_TENANT_ID" | base64 | tr -d '\n')" - - export AZURE_CLIENT_ID_B64="$(echo -n "$AZ_SP_ID" | base64 | tr -d '\n')" - - export AZURE_CLIENT_SECRET_B64="$(echo -n "$AZ_SP_PASSWORD" | base64 | tr -d '\n')" - - cd felix - epilogue: - always: - commands: - - artifact push job ${REPORT_DIR} --destination test-results --expire-in ${SEMAPHORE_ARTIFACT_EXPIRY} || true - env_vars: - - name: FV_PROVISIONER - value: "capz" - - name: FV_TYPE - value: "calico-felix" - - name: SEMAPHORE_ARTIFACT_EXPIRY - value: 2w - - name: CONTAINERD_VERSION - value: 1.7.22 - jobs: - - name: CAPZ - Windows FV - commands: - - ./.semaphore/run-win-fv -- name: "Felix: FV Tests" - run: - when: "true or change_in(['/*', '/api/', '/libcalico-go/', '/typha/', '/felix/', '/cni-plugin/pkg/dataplane/linux/dataplane_linux.go'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - "Felix: Build" - task: - agent: - machine: - type: f1-standard-4 - os_image: ubuntu2004 - prologue: - commands: - - cd felix - - cache restore go-pkg-cache - - cache restore go-mod-cache - - "cache restore bin-${SEMAPHORE_GIT_SHA}" - - "cache restore fv.test-${SEMAPHORE_GIT_SHA}" - - "cache restore felix-image-${SEMAPHORE_GIT_SHA}" - - "cache restore felixtest-typha-image-${SEMAPHORE_GIT_SHA}" - - |- - if [ -s /etc/docker/daemon.json ]; then - sudo sed -i '$d' /etc/docker/daemon.json && sudo sed -i '$s/$/,/' /etc/docker/daemon.json && sudo bash -c ' cat >> /etc/docker/daemon.json << EOF - "ipv6": true, - "fixed-cidr-v6": "2001:db8:1::/64" - } - EOF - ' ; else sudo bash -c ' cat > /etc/docker/daemon.json << EOF - { - "ipv6": true, - "fixed-cidr-v6": "2001:db8:1::/64" - } - EOF - ' ; fi - - sudo systemctl restart docker - # Load in the docker images pre-built by the build job. - - docker load -i /tmp/calico-felix.tar - - docker tag calico/felix:latest-amd64 felix:latest-amd64 - - rm /tmp/calico-felix.tar - - docker load -i /tmp/felixtest-typha.tar - - docker tag felix-test/typha:latest-amd64 typha:latest-amd64 - - rm /tmp/felixtest-typha.tar - # Pre-loading the IPIP module prevents a flake where the first felix to use IPIP loads the module and - # routing in that first felix container chooses different source IPs than the tests are expecting. - - sudo modprobe ipip - jobs: - - name: FV Test matrix - execution_time_limit: - minutes: 120 - commands: - - make check-wireguard - - ../.semaphore/run-and-monitor fv-${SEMAPHORE_JOB_INDEX}.log make fv-no-prereqs FV_BATCHES_TO_RUN="${SEMAPHORE_JOB_INDEX}" FV_NUM_BATCHES=${SEMAPHORE_JOB_COUNT} - parallelism: 3 - - name: nftables FV Test matrix - execution_time_limit: - minutes: 120 - env_vars: - - name: FELIX_FV_NFTABLES - value: "Enabled" - commands: - - make check-wireguard - - ../.semaphore/run-and-monitor fv-${SEMAPHORE_JOB_INDEX}.log make fv-no-prereqs FV_BATCHES_TO_RUN="${SEMAPHORE_JOB_INDEX}" FV_NUM_BATCHES=${SEMAPHORE_JOB_COUNT} - parallelism: 3 - epilogue: - always: - commands: - - ./.semaphore/collect-artifacts - - ./.semaphore/publish-artifacts - - test-results publish /home/semaphore/calico/felix/report/fv_suite.xml --name "felix-fv-${SEMAPHORE_JOB_INDEX}" || true - - test-results publish /home/semaphore/calico/felix/report/fv_nft_suite.xml --name "felix-fv-nft-${SEMAPHORE_JOB_INDEX}" || true -- name: "Felix: BPF UT/FV tests on new kernel" - run: - when: "true or change_in(['/*', '/api/', '/libcalico-go/', '/typha/', '/felix/', '/cni-plugin/pkg/dataplane/linux/dataplane_linux.go'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd felix - - export GOOGLE_APPLICATION_CREDENTIALS=$HOME/secrets/secret.google-service-account-key.json - - export SHORT_WORKFLOW_ID=$(echo ${SEMAPHORE_WORKFLOW_ID} | sha256sum | cut -c -8) - - export ZONE=europe-west3-c - - export VM_PREFIX=sem-${SEMAPHORE_PROJECT_NAME}-${SHORT_WORKFLOW_ID}-felix-ipt- - - echo VM_PREFIX=${VM_PREFIX} - - export REPO_NAME=$(basename $(pwd)) - - export NUM_FV_BATCHES=8 - - export RUN_UT=true - - export FV_FOCUS=BPF-SAFE - - mkdir artifacts - - ./.semaphore/create-test-vms ${VM_PREFIX} - jobs: - - name: UT/FV tests on new kernel - execution_time_limit: - minutes: 180 - commands: - - ./.semaphore/run-tests-on-vms ${VM_PREFIX} - epilogue: - always: - commands: - - ./.semaphore/collect-artifacts-from-vms ${VM_PREFIX} - - ./.semaphore/publish-artifacts - - ./.semaphore/clean-up-vms ${VM_PREFIX} - secrets: - - name: google-service-account-for-gce -- name: "Felix: BPF UT/FV tests on new kernel (nftables)" - run: - when: "true or change_in(['/*', '/api/', '/libcalico-go/', '/typha/', '/felix/', '/cni-plugin/pkg/dataplane/linux/dataplane_linux.go'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd felix - - export GOOGLE_APPLICATION_CREDENTIALS=$HOME/secrets/secret.google-service-account-key.json - - export SHORT_WORKFLOW_ID=$(echo ${SEMAPHORE_WORKFLOW_ID} | sha256sum | cut -c -8) - - export ZONE=europe-west3-c - - export VM_PREFIX=sem-${SEMAPHORE_PROJECT_NAME}-${SHORT_WORKFLOW_ID}-felix-nft- - - echo VM_PREFIX=${VM_PREFIX} - - export REPO_NAME=$(basename $(pwd)) - - export NUM_FV_BATCHES=4 - - export RUN_UT=false - - export FV_FOCUS='_BPF_.*ct=true' - - mkdir artifacts - - ./.semaphore/create-test-vms ${VM_PREFIX} - jobs: - - name: UT/FV tests on new kernel - env_vars: - - name: FELIX_FV_NFTABLES - value: "Enabled" - execution_time_limit: - minutes: 180 - commands: - - ./.semaphore/run-tests-on-vms ${VM_PREFIX} - epilogue: - always: - commands: - - ./.semaphore/collect-artifacts-from-vms ${VM_PREFIX} - - ./.semaphore/publish-artifacts - - ./.semaphore/clean-up-vms ${VM_PREFIX} - secrets: - - name: google-service-account-for-gce -- name: kube-controllers - run: - when: "true or change_in(['/*', '/api/', '/libcalico-go/', '/kube-controllers/', '/hack/test/certs/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd kube-controllers - jobs: - - name: "kube-controllers: tests" - commands: - - ../.semaphore/run-and-monitor ci.log make ci -- name: libcalico-go - run: - when: "true or change_in(['/*', '/api/', '/libcalico-go/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd libcalico-go - jobs: - - name: "libcalico-go: tests" - commands: - - ../.semaphore/run-and-monitor make-ci.log make ci -- name: "Node: Build" - run: - when: "true or change_in(['/*', '/api/', '/libcalico-go/', '/typha/', '/felix/', '/confd/', '/bird/', '/pod2daemon/', '/node/', '/hack/test/certs/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - agent: - machine: - type: f1-standard-4 - os_image: ubuntu2004 - prologue: - commands: - - cd node - jobs: - - name: "Node: CI" - commands: - - ../.semaphore/run-and-monitor ci.log make ci -- name: "Node: multi-arch build" - run: - when: "true or change_in(['/felix/', '/confd/', '/node/'])" - dependencies: - - "Node: Build" - task: - prologue: - commands: - - cd node - jobs: - - name: Build image - matrix: - - env_var: ARCH - values: - - ppc64le - - s390x - commands: - - ../.semaphore/run-and-monitor image-$ARCH.log make image ARCH=$ARCH - - name: Build Windows archive - commands: - - ../.semaphore/run-and-monitor build-windows-archive.log make build-windows-archive - - name: Build Windows image - commands: - - ../.semaphore/run-and-monitor build-windows-image.log make image-windows -- name: "Node: Build - native arm64 runner" - run: - when: "true or change_in(['/felix/', '/confd/', '/node/'])" - dependencies: - - "Node: Build" - task: - agent: - machine: - type: s1-aws-arm64-2 - prologue: - commands: - - cd node - jobs: - - name: Build image - commands: - - ../.semaphore/run-and-monitor build-arm64.log make image ARCH=arm64 -- name: "Node: kind-cluster tests" - run: - when: "true or change_in(['/*', '/api/', '/libcalico-go/', '/typha/', '/felix/', '/confd/', '/bird/', '/pod2daemon/', '/node/', '/hack/test/certs/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd node - - export GOOGLE_APPLICATION_CREDENTIALS=$HOME/secrets/secret.google-service-account-key.json - - export SHORT_WORKFLOW_ID=$(echo ${SEMAPHORE_WORKFLOW_ID} | sha256sum | cut -c -8) - - export ZONE=europe-west3-c - - export VM_PREFIX=sem-${SEMAPHORE_PROJECT_NAME}-${SHORT_WORKFLOW_ID}-kind- - - echo VM_PREFIX=${VM_PREFIX} - - export REPO_NAME=$(basename $(pwd)) - - export VM_DISK_SIZE=80GB - - mkdir artifacts - - ../.semaphore/vms/create-test-vms ${ZONE} ${VM_PREFIX} - jobs: - - name: "Node: kind-cluster tests" - execution_time_limit: - minutes: 120 - commands: - - ../.semaphore/vms/run-tests-on-vms ${ZONE} ${VM_PREFIX} - epilogue: - always: - commands: - - ../.semaphore/vms/publish-artifacts - - ../.semaphore/vms/clean-up-vms ${ZONE} ${VM_PREFIX} - - test-results publish ./report/*.xml --name "node-kind-tests" || true - secrets: - - name: google-service-account-for-gce -- name: pod2daemon - run: - when: "true or change_in(['/*', '/pod2daemon/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd pod2daemon - jobs: - - name: pod2daemon tests - commands: - - ../.semaphore/run-and-monitor ci.log make ci - - test-results publish ./report/*.xml --name "pod2daemon-ut-tests" || true -- name: Typha - run: - when: "true or change_in(['/*', '/api/', '/libcalico-go/', '/typha/', '/hack/test/certs/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd typha - jobs: - - name: "Typha: UT and FV tests" - commands: - - ../.semaphore/run-and-monitor make-ci.log make ci EXCEPT=k8sfv-test - epilogue: - always: - commands: - - | - for f in /home/semaphore/calico/typha/report/*; do - NAME=$(basename $f) - test-results compile --name typha-$NAME $f $NAME.json || true - done - for f in /home/semaphore/calico/typha/pkg/report/*; do - NAME=$(basename $f) - test-results compile --name typha-$NAME $f $NAME.json || true - done - test-results combine *.xml.json report.json || true - artifact push job report.json -d test-results/junit.json || true - artifact push workflow report.json -d test-results/${SEMAPHORE_PIPELINE_ID}/${SEMAPHORE_JOB_ID}.json || true - - test-results publish /home/semaphore/calico/felix/report/k8sfv_suite.xml --name "typha-k8sfv" || true -- name: key-cert-provisioner - run: - when: "true or change_in(['/*', '/key-cert-provisioner/'], {exclude: ['/**/.gitignore', '/**/README.md', '/**/LICENSE']})" - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd key-cert-provisioner - jobs: - - name: key-cert-provisioner tests - commands: - - ../.semaphore/run-and-monitor ci.log make ci -- name: "OpenStack integration (Yoga)" - run: - when: "true or change_in(['/networking-calico/'])" - dependencies: - - Prerequisites - task: - agent: - machine: - type: f1-standard-2 - os_image: ubuntu2004 - prologue: - commands: - - cd networking-calico - jobs: - - name: "Unit and FV tests (tox) on Yoga" - commands: - - ../.semaphore/run-and-monitor tox.log make tox-yoga - - name: "Mainline ST (DevStack + Tempest) on Yoga" - commands: - # For some reason python3-wrapt is pre-installed on a Semaphore ubuntu2004 node, but with - # a version (1.11.2) that is different from the version that OpenStack needs (1.13.3), and - # this was causing the DevStack setup to fail, because pip doesn't know how to uninstall - # or replace the existing version. Happily we do know that, so let's do it upfront here. - - sudo apt-get remove -y python3-wrapt || true - - git checkout -b devstack-test - - export LIBVIRT_TYPE=qemu - - export UPPER_CONSTRAINTS_FILE=https://releases.openstack.org/constraints/upper/yoga - - export NC_PLUGIN_REPO=$(dirname $(pwd)) - - export NC_PLUGIN_REF=$(git rev-parse --abbrev-ref HEAD) - - sudo git config --system --add safe.directory ${NC_PLUGIN_REPO}/.git - - TEMPEST=true DEVSTACK_BRANCH=unmaintained/yoga ./devstack/bootstrap.sh - epilogue: - on_fail: - commands: - - mkdir logs - - sudo journalctl > logs/journalctl.txt - - artifact push job --expire-in 1d logs -- name: release tooling - run: - when: "true or change_in(['/*', '/release/'], {exclude: ['/**/.gitignore', '/**/*.md', '/**/LICENSE']})" - execution_time_limit: - minutes: 30 - dependencies: - - Prerequisites - task: - prologue: - commands: - - cd release - jobs: - - name: ci - commands: - - ../.semaphore/run-and-monitor release-ci.log make ci - - name: build binary - commands: - - ../.semaphore/run-and-monitor release-build.log make build - - cache store release-${SEMAPHORE_GIT_SHA} bin -after_pipeline: - task: - jobs: - - name: Reports - commands: - - test-results gen-pipeline-report --force From f6140624b70ff9f08d2867dbda93f9073aa707d5 Mon Sep 17 00:00:00 2001 From: tuti Date: Mon, 30 Dec 2024 11:31:14 -0800 Subject: [PATCH 3/4] fix CI --- .semaphore/semaphore.yml | 16 +++++++--------- .semaphore/semaphore.yml.d/03-promotions.yml | 16 +++++++--------- 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 4453e63d769..9b991da833f 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -45,19 +45,17 @@ promotions: pipeline_file: release/hashrelease.yml parameters: env_vars: - - required: true + - required: false options: - - true - - false - default_value: false + - "true" + - "false" description: Build container images instead of using images from the image promotion jobs name: BUILD_CONTAINER_IMAGES - - required: true + - required: false options: - - true - - false - default_value: false - description: Publish container images built + - "true" + - "false" + description: Publish container images built when BUILD_CONTAINER_IMAGES == true name: PUBLISH_IMAGES # Manual promotion for publishing a release. - name: Publish official release diff --git a/.semaphore/semaphore.yml.d/03-promotions.yml b/.semaphore/semaphore.yml.d/03-promotions.yml index 21265bc46b4..f8eb1d6feac 100644 --- a/.semaphore/semaphore.yml.d/03-promotions.yml +++ b/.semaphore/semaphore.yml.d/03-promotions.yml @@ -4,19 +4,17 @@ promotions: pipeline_file: release/hashrelease.yml parameters: env_vars: - - required: true + - required: false options: - - true - - false - default_value: false + - "true" + - "false" description: Build container images instead of using images from the image promotion jobs name: BUILD_CONTAINER_IMAGES - - required: true + - required: false options: - - true - - false - default_value: false - description: Publish container images built + - "true" + - "false" + description: Publish container images built when BUILD_CONTAINER_IMAGES == true name: PUBLISH_IMAGES # Manual promotion for publishing a release. - name: Publish official release From 139f25d1e7d2cecd0c3f821fbeeab00486ea0dbe Mon Sep 17 00:00:00 2001 From: tuti Date: Mon, 30 Dec 2024 12:18:00 -0800 Subject: [PATCH 4/4] address review feedback --- .semaphore/generate-semaphore-yaml.sh | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/.semaphore/generate-semaphore-yaml.sh b/.semaphore/generate-semaphore-yaml.sh index 823b13f5b03..b58bb0e1830 100755 --- a/.semaphore/generate-semaphore-yaml.sh +++ b/.semaphore/generate-semaphore-yaml.sh @@ -1,15 +1,14 @@ #!/bin/bash -for out_file in semaphore.yml; do - echo "# !! WARNING, DO NOT EDIT !! This file is generated from semaphore.yml.tpl." >$out_file - echo "# To update, modify the template and then run 'make gen-semaphore-yaml'." >>$out_file +out_file=semaphore.yml +echo "# !! WARNING, DO NOT EDIT !! This file is generated from semaphore.yml.tpl." >$out_file +echo "# To update, modify the template and then run 'make gen-semaphore-yaml'." >>$out_file - cat semaphore.yml.d/01-preamble.yml >>$out_file - cat semaphore.yml.d/02-global_job_config.yml >>$out_file - cat semaphore.yml.d/03-promotions.yml >>$out_file +cat semaphore.yml.d/01-preamble.yml >>$out_file +cat semaphore.yml.d/02-global_job_config.yml >>$out_file +cat semaphore.yml.d/03-promotions.yml >>$out_file - echo "blocks:" >>$out_file - cat semaphore.yml.d/blocks/*.yml >>$out_file -done +echo "blocks:" >>$out_file +cat semaphore.yml.d/blocks/*.yml >>$out_file sed -i "s/\${FORCE_RUN}/false/g" semaphore.yml