samcli-vm #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: samcli-vm | |
| on: | |
| schedule: | |
| - cron: '0 8 * * *' | |
| workflow_dispatch: | |
| env: | |
| GO_VERSION: '1.24.x' | |
| PYTHON_VERSION: '3.11' | |
| PYTHON_BINARY: 'python3.11' | |
| AWS_DEFAULT_REGION: "${{ secrets.REGION }}" | |
| BY_CANARY: true # allows full testing | |
| SAM_CLI_DEV: 1 | |
| SAM_CLI_TELEMETRY: 0 | |
| DOCKER_HOST: unix:///Applications/Finch/lima/data/finch/sock/finch.sock | |
| DOCKER_CONFIG: /Users/ec2-user/.finch | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| samcli-vm-test: | |
| runs-on: codebuild-finch-daemon-arm64-2-instance-${{ github.run_id }}-${{ github.run_attempt }} | |
| steps: | |
| - name: Clean macOS runner workspace | |
| run: | | |
| rm -rf ${{ github.workspace }}/* | |
| # Clean up any leftover Finch VM state | |
| su ec2-user -c 'finch vm remove -f' || true | |
| sudo pkill -f socket_vmnet || true | |
| sudo rm -rf /private/var/run/finch-lima/*.sock || true | |
| sudo rm -rf /Applications/Finch/lima/data/finch/_cache || true | |
| # Clean up containers and images via Finch CLI | |
| su ec2-user -c 'finch container prune -f' || true | |
| su ec2-user -c 'finch image prune -a -f' || true | |
| - name: Configure Git for ec2-user | |
| run: | | |
| git config --global --add safe.directory "*" | |
| shell: bash | |
| - name: Set up Go | |
| uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: false | |
| - name: Configure Go for ec2-user | |
| run: | | |
| chown -R ec2-user:staff $GOPATH || true | |
| chown -R ec2-user:staff $RUNNER_TOOL_CACHE/go || true | |
| - name: Install Rosetta 2 | |
| run: su ec2-user -c 'echo "A" | /usr/sbin/softwareupdate --install-rosetta --agree-to-license || true' | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Configure Python for ec2-user | |
| run: | | |
| # Make Python accessible to ec2-user | |
| chown -R ec2-user:staff $(${{ env.PYTHON_BINARY }} -c "import site; print(site.USER_BASE)") || true | |
| # Or symlink to ec2-user's PATH | |
| ln -sf $(which ${{ env.PYTHON_BINARY }}) /usr/local/bin/${{ env.PYTHON_BINARY }} || true | |
| - name: Configure Homebrew for ec2-user | |
| run: | | |
| echo "Creating .brewrc file for ec2-user..." | |
| cat > /Users/ec2-user/.brewrc << 'EOF' | |
| # Homebrew environment setup | |
| export PATH="/opt/homebrew/bin:/opt/homebrew/sbin:$PATH" | |
| export HOMEBREW_PREFIX="/opt/homebrew" | |
| export HOMEBREW_CELLAR="/opt/homebrew/Cellar" | |
| export HOMEBREW_REPOSITORY="/opt/homebrew" | |
| export HOMEBREW_NO_AUTO_UPDATE=1 | |
| EOF | |
| chown ec2-user:staff /Users/ec2-user/.brewrc | |
| # Fix Homebrew permissions | |
| echo "Setting permissions for Homebrew directories..." | |
| mkdir -p /opt/homebrew/Cellar | |
| chown -R ec2-user:staff /opt/homebrew | |
| shell: bash | |
| - name: Install dependencies | |
| run: | | |
| echo "Installing dependencies as ec2-user..." | |
| su ec2-user -c 'source /Users/ec2-user/.brewrc && brew install lz4 automake autoconf libtool yq' | |
| shell: bash | |
| - name: Checkout mainline finch repo | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| ref: main | |
| repository: runfinch/finch | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| submodules: recursive | |
| - name: Checkout finch-daemon PR | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| ref: ${{ github.head_ref }} | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| submodules: recursive | |
| path: finch-daemon-pr | |
| - name: Build and setup Finch VM | |
| run: ./finch-daemon-pr/scripts/build-and-setup-finch-vm.sh | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 | |
| with: | |
| role-to-assume: ${{ secrets.SAMCLI_VM_ROLE_SYNC }} | |
| role-session-name: samcli-finch-vm-sequential-tests | |
| aws-region: ${{ secrets.REGION }} | |
| role-duration-seconds: 14400 | |
| - name: Install Docker CLI for SAM CLI compatibility | |
| run: | | |
| echo "Checking Docker CLI installation..." | |
| if ! su ec2-user -c 'which docker' > /dev/null 2>&1; then | |
| echo "Installing Docker CLI..." | |
| su ec2-user -c 'source /Users/ec2-user/.brewrc && brew install --formula docker' | |
| else | |
| echo "Docker CLI already installed" | |
| fi | |
| shell: bash | |
| - name: Checkout SAM CLI | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: aws/aws-sam-cli | |
| submodules: recursive | |
| path: aws-sam-cli | |
| - name: Set up SAM CLI from source | |
| run: | | |
| # Move to ec2-user home and change ownership | |
| sudo rm -rf /Users/ec2-user/aws-sam-cli || true | |
| sudo mv aws-sam-cli /Users/ec2-user/aws-sam-cli | |
| sudo chown -R ec2-user:staff /Users/ec2-user/aws-sam-cli | |
| # Install and setup (use full path) | |
| su ec2-user -c 'cd /Users/ec2-user/aws-sam-cli && ${{ env.PYTHON_BINARY }} -m pip install --upgrade pip --user' | |
| su ec2-user -c 'cd /Users/ec2-user/aws-sam-cli && SAM_CLI_DEV=1 ${{ env.PYTHON_BINARY }} -m pip install -e ".[dev]" --user' | |
| su ec2-user -c 'cd /Users/ec2-user/aws-sam-cli && export PATH="/Users/ec2-user/Library/Python/${{ env.PYTHON_VERSION }}/bin:$PATH" && samdev --version' | |
| shell: bash | |
| - name: Run unit tests | |
| timeout-minutes: 30 | |
| run: ./finch-daemon-pr/scripts/samcli-vm/run-unit-tests.sh | |
| - name: Patch SAM CLI for Docker image cleanup | |
| run: | | |
| # Apply patch to handle ImageNotFound exceptions for all Docker tests | |
| su ec2-user -c 'cd /Users/ec2-user/aws-sam-cli && patch -p1 tests/integration/local/invoke/test_integrations_cli.py < ${{ github.workspace }}/finch-daemon-pr/scripts/samcli-vm/invoke-teardown.patch' | |
| shell: bash | |
| - name: Run invoke tests | |
| timeout-minutes: 40 | |
| run: ./finch-daemon-pr/scripts/samcli-vm/run-invoke-tests.sh | |
| - name: Run start-api tests | |
| timeout-minutes: 70 | |
| run: ./finch-daemon-pr/scripts/samcli-vm/run-start-api-tests.sh | |
| - name: Run sync tests | |
| timeout-minutes: 20 | |
| run: ./finch-daemon-pr/scripts/samcli-vm/run-sync-tests.sh | |
| - name: Run package tests | |
| timeout-minutes: 10 | |
| run: ./finch-daemon-pr/scripts/samcli-vm/run-package-tests.sh | |
| - name: Run start-lambda tests | |
| timeout-minutes: 30 | |
| run: ./finch-daemon-pr/scripts/samcli-vm/run-start-lambda-tests.sh | |
| # ensuring resources are clean post-test | |
| cleanup: | |
| runs-on: codebuild-finch-daemon-arm64-2-instance-${{ github.run_id }}-${{ github.run_attempt }} | |
| needs: samcli-vm-test | |
| if: always() | |
| steps: | |
| - name: Final cleanup | |
| run: | | |
| # Stop and remove VM | |
| su ec2-user -c 'finch vm stop' || true | |
| su ec2-user -c 'finch vm remove -f' || true | |
| # Clean up processes and sockets | |
| sudo pkill -f socket_vmnet || true | |
| sudo pkill -f finch-daemon || true | |
| sudo rm -rf /private/var/run/finch-lima/*.sock || true | |
| # Clean up cache and temporary files | |
| sudo rm -rf /Applications/Finch/lima/data/finch/_cache || true | |
| sudo rm -rf /tmp/finch-* || true | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df | |
| with: | |
| role-to-assume: ${{ secrets.SAMCLI_VM_ROLE_SYNC }} | |
| role-session-name: cleanup | |
| aws-region: ${{ secrets.REGION }} | |
| - name: Comprehensive AWS resource cleanup | |
| timeout-minutes: 10 | |
| run: ./scripts/cleanup-aws-resources.sh |