Skip to content
samcli-vm

samcli-vm #38

Sign in to view logs

samcli-vm

samcli-vm #38

Workflow file for this run

.github/workflows/samcli-vm.yaml at 468b83b
name: samcli-vm
on:
schedule:
- cron: '0 8 * * *'
workflow_dispatch:
env:
GO_VERSION: '1.24.x'
PYTHON_VERSION: '3.11'
PYTHON_BINARY: 'python3.11'
AWS_DEFAULT_REGION: "${{ secrets.REGION }}"
BY_CANARY: true # allows full testing
SAM_CLI_DEV: 1
SAM_CLI_TELEMETRY: 0
DOCKER_HOST: unix:///Applications/Finch/lima/data/finch/sock/finch.sock
DOCKER_CONFIG: /Users/ec2-user/.finch
permissions:
id-token: write
contents: read
jobs:
samcli-vm-test:
runs-on: codebuild-finch-daemon-arm64-2-instance-${{ github.run_id }}-${{ github.run_attempt }}
steps:
- name: Clean macOS runner workspace
run: |
rm -rf ${{ github.workspace }}/*
# Clean up any leftover Finch VM state
su ec2-user -c 'finch vm remove -f' || true
sudo pkill -f socket_vmnet || true
sudo rm -rf /private/var/run/finch-lima/*.sock || true
sudo rm -rf /Applications/Finch/lima/data/finch/_cache || true
# Clean up containers and images via Finch CLI
su ec2-user -c 'finch system prune -f' || true
- name: Configure Git for ec2-user
run: |
git config --global --add safe.directory "*"
shell: bash
- name: Set up Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: Configure Go for ec2-user
run: |
chown -R ec2-user:staff $GOPATH || true
chown -R ec2-user:staff $RUNNER_TOOL_CACHE/go || true
- name: Install Rosetta 2
run: su ec2-user -c 'echo "A" | /usr/sbin/softwareupdate --install-rosetta --agree-to-license || true'
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Configure Python for ec2-user
run: |
# Make Python accessible to ec2-user
chown -R ec2-user:staff $(${{ env.PYTHON_BINARY }} -c "import site; print(site.USER_BASE)") || true
# Or symlink to ec2-user's PATH
ln -sf $(which ${{ env.PYTHON_BINARY }}) /usr/local/bin/${{ env.PYTHON_BINARY }} || true
- name: Configure Homebrew for ec2-user
run: |
echo "Creating .brewrc file for ec2-user..."
cat > /Users/ec2-user/.brewrc << 'EOF'
# Homebrew environment setup
export PATH="/opt/homebrew/bin:/opt/homebrew/sbin:$PATH"
export HOMEBREW_PREFIX="/opt/homebrew"
export HOMEBREW_CELLAR="/opt/homebrew/Cellar"
export HOMEBREW_REPOSITORY="/opt/homebrew"
export HOMEBREW_NO_AUTO_UPDATE=1
EOF
chown ec2-user:staff /Users/ec2-user/.brewrc
# Fix Homebrew permissions
echo "Setting permissions for Homebrew directories..."
mkdir -p /opt/homebrew/Cellar
chown -R ec2-user:staff /opt/homebrew
shell: bash
- name: Install dependencies
run: |
echo "Installing dependencies as ec2-user..."
su ec2-user -c 'source /Users/ec2-user/.brewrc && brew install lz4 automake autoconf libtool yq'
shell: bash
- name: Checkout mainline finch repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: main
repository: runfinch/finch
fetch-depth: 0
persist-credentials: false
submodules: recursive
- name: Checkout finch-daemon PR
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ github.head_ref }}
fetch-depth: 0
persist-credentials: false
submodules: recursive
path: finch-daemon-pr
- name: Configure Finch
run: |
echo "Original config:"
su ec2-user -c 'cat ~/.finch/finch.yaml || echo "No config file found"'
echo "Configuring Finch to use QEMU+VZ"
su ec2-user -c 'yq eval ".vmType = \"vz\"" -i ~/.finch/finch.yaml'
su ec2-user -c 'yq eval ".rosetta = false" -i ~/.finch/finch.yaml'
echo "Updated config:"
su ec2-user -c 'cat ~/.finch/finch.yaml'
- name: Build and setup Finch VM
run: ./finch-daemon-pr/scripts/build-and-setup-finch-vm.sh
- name: Verify Finch socket
run: |
# Test socket connectivity
if su ec2-user -c 'curl -s --unix-socket /Applications/Finch/lima/data/finch/sock/finch.sock http://localhost/version' > /dev/null; then
echo "✓ Finch daemon is accessible"
else
echo "✗ Finch daemon connection failed"
ls -la /Applications/Finch/lima/data/finch/sock/ || echo "Socket directory not found"
exit 1
fi
- name: Ensure Docker is not available (force Finch usage)
run: |
echo "Ensuring Docker is not accessible to force SAM CLI to use Finch..."
# Remove docker binaries from PATH
sudo rm -f /usr/local/bin/docker /opt/homebrew/bin/docker || true
# Verify docker is not accessible
if su ec2-user -c 'which docker' > /dev/null 2>&1; then
echo "WARNING: Docker is still accessible"
su ec2-user -c 'which docker'
else
echo "SUCCESS: Docker is not accessible - SAM CLI will use Finch"
fi
shell: bash
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
with:
role-to-assume: ${{ secrets.SAMCLI_VM_ROLE_SYNC }}
role-session-name: samcli-finch-vm-sequential-tests
aws-region: ${{ secrets.REGION }}
role-duration-seconds: 14400
- name: Get latest SAM CLI tag
id: sam-tag
run: |
TAG=$(curl -s https://api.github.com/repos/aws/aws-sam-cli/releases/latest | jq -r .tag_name)
echo "tag=$TAG" >> $GITHUB_OUTPUT
- name: Checkout SAM CLI
uses: actions/checkout@v4
with:
repository: aws/aws-sam-cli
submodules: recursive
path: aws-sam-cli
ref: ${{ steps.sam-tag.outputs.tag }}
- name: Set up SAM CLI from source
run: |
# Move to ec2-user home and change ownership
sudo rm -rf /Users/ec2-user/aws-sam-cli || true
sudo mv aws-sam-cli /Users/ec2-user/aws-sam-cli
sudo chown -R ec2-user:staff /Users/ec2-user/aws-sam-cli
# Install and setup (use full path)
su ec2-user -c 'cd /Users/ec2-user/aws-sam-cli && ${{ env.PYTHON_BINARY }} -m pip install --upgrade pip --user'
su ec2-user -c 'cd /Users/ec2-user/aws-sam-cli && SAM_CLI_DEV=1 ${{ env.PYTHON_BINARY }} -m pip install -e ".[dev]" --user'
su ec2-user -c 'cd /Users/ec2-user/aws-sam-cli && export PATH="/Users/ec2-user/Library/Python/${{ env.PYTHON_VERSION }}/bin:$PATH" && samdev --version'
shell: bash
- name: Run unit tests
run: ./finch-daemon-pr/scripts/samcli-vm/run-unit-tests.sh
- name: Run invoke tests
timeout-minutes: 40
run: ./finch-daemon-pr/scripts/samcli-vm/run-invoke-tests.sh
- name: Run start-api tests
timeout-minutes: 60
run: ./finch-daemon-pr/scripts/samcli-vm/run-start-api-tests.sh
- name: Run sync tests
timeout-minutes: 20
run: ./finch-daemon-pr/scripts/samcli-vm/run-sync-tests.sh
- name: Run package tests
timeout-minutes: 5
run: ./finch-daemon-pr/scripts/samcli-vm/run-package-tests.sh
- name: Run start-lambda tests
timeout-minutes: 20
run: ./finch-daemon-pr/scripts/samcli-vm/run-start-lambda-tests.sh
# ensuring resources are clean post-test
cleanup:
runs-on: codebuild-finch-daemon-arm64-2-instance-${{ github.run_id }}-${{ github.run_attempt }}
needs: samcli-vm-test
if: always()
steps:
- name: Final cleanup
run: |
# Stop and remove VM
su ec2-user -c 'finch vm stop' || true
su ec2-user -c 'finch vm remove -f' || true
# Clean up processes and sockets
sudo pkill -f socket_vmnet || true
sudo pkill -f finch-daemon || true
sudo rm -rf /private/var/run/finch-lima/*.sock || true
# Clean up cache and temporary files
sudo rm -rf /Applications/Finch/lima/data/finch/_cache || true
sudo rm -rf /tmp/finch-* || true
- name: Checkout repository
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df
with:
role-to-assume: ${{ secrets.SAMCLI_VM_ROLE_SYNC }}
role-session-name: cleanup
aws-region: ${{ secrets.REGION }}
- name: Comprehensive AWS resource cleanup
timeout-minutes: 10
run: ./scripts/cleanup-aws-resources.sh