test(node): add nested GuestOS upgrade orchestrator check and diagnos… #1085
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Testing | |
| on: | |
| push: | |
| branches: | |
| - "hotfix-*" | |
| - "rc--*" | |
| workflow_dispatch: | |
| # new commits interrupt any running workflow on the same branch | |
| concurrency: | |
| group: ${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| env: | |
| CI_COMMIT_SHA: ${{ github.sha }} | |
| CI_JOB_NAME: ${{ github.job }} | |
| CI_PROJECT_DIR: ${{ github.workspace }} | |
| BRANCH_NAME: ${{ github.event.workflow_run.head_branch || github.ref_name }} | |
| CI_RUN_ID: ${{ github.run_id }} | |
| jobs: | |
| # This job is not run, but just used to set anchor references for other jobs | |
| anchor-setup: | |
| if: false | |
| name: Anchor Setup | |
| runs-on: &dind-large-setup | |
| labels: dind-large | |
| container: &container-setup | |
| image: ghcr.io/dfinity/ic-build@sha256:19aa596f49db34ece26a1a2903e6fabcd8766025b3dc543546fbef341ef910a2 | |
| options: >- | |
| -e NODE_NAME --privileged --cgroupns host | |
| steps: | |
| - &checkout | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_branch }} | |
| ci-main: | |
| name: CI Main | |
| uses: ./.github/workflows/ci-main.yml | |
| secrets: inherit | |
| with: | |
| commit-sha: ${{ github.sha }} | |
| # Run some extra system tests that are skipped on CI Main. | |
| # Those test suites would overwhelm a runner, so each is run | |
| # as a separate job. | |
| release-system-tests: | |
| name: Release System Tests | |
| runs-on: *dind-large-setup | |
| container: *container-setup | |
| timeout-minutes: 180 | |
| steps: | |
| - *checkout | |
| - name: Run Bazel System Tests | |
| uses: ./.github/actions/bazel | |
| with: | |
| run: | | |
| bazel test \ | |
| --config=stamped \ | |
| --config=flaky_retry \ | |
| --test_tag_filters=system_test_large \ | |
| //rs/tests/... \ | |
| --keep_going | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| dependency-scan-release-cut: | |
| name: Dependency Scan for Release | |
| runs-on: *dind-large-setup | |
| container: *container-setup | |
| timeout-minutes: 180 | |
| env: | |
| SHELL_WRAPPER: "/usr/bin/time" | |
| CI_PROJECT_PATH: ${{ github.repository }} | |
| CI_PIPELINE_ID: ${{ github.run_id }} | |
| CI_COMMIT_SHA: ${{ github.sha }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} | |
| SLACK_PSEC_BOT_OAUTH_TOKEN: ${{ secrets.SLACK_PSEC_BOT_OAUTH_TOKEN }} | |
| REPO_NAME: ${{ github.repository }} | |
| steps: | |
| - *checkout | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Setup python deps | |
| id: setup-python-deps | |
| shell: bash | |
| run: | | |
| # Ignore externally-managed-environment pip error, install packages system-wide. | |
| PIP_BREAK_SYSTEM_PACKAGES=1 pip3 install --ignore-installed -r requirements.txt | |
| - name: Dependency Scan for Release | |
| id: dependency-scan-release-cut | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| export PYTHONPATH=$PWD/ci/src:$PWD/ci/src/dependencies | |
| cd ci/src/dependencies/ | |
| $SHELL_WRAPPER python3 job/bazel_rust_ic_scanner_release_job.py | |
| setup-guest-os-qualification: | |
| name: Setting up guest os qualification pipeline | |
| runs-on: *dind-large-setup | |
| container: *container-setup | |
| timeout-minutes: 180 | |
| outputs: | |
| matrix: ${{ steps.generate.outputs.output }} | |
| steps: | |
| - name: Sparse checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_branch }} | |
| sparse-checkout: "ci/scripts/determine-initial-guest-os-versions.py" | |
| - id: generate | |
| name: Fetch beginning versions for qualification | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| OUTPUT=$(python ci/scripts/determine-initial-guest-os-versions.py) | |
| echo "output=$OUTPUT" >> $GITHUB_OUTPUT | |
| guest-os-qualification: | |
| name: Qualifying ${{ matrix.version }} -> ${{ github.sha }} | |
| needs: setup-guest-os-qualification | |
| strategy: | |
| matrix: ${{ fromJson(needs.setup-guest-os-qualification.outputs.matrix) }} | |
| runs-on: *dind-large-setup | |
| container: *container-setup | |
| timeout-minutes: 180 | |
| steps: | |
| - *checkout | |
| - name: Run qualification for version ${{ matrix.version }} from the tip of the branch | |
| uses: ./.github/actions/bazel | |
| with: | |
| bazel-bep-artifact-name: ${{ github.job }}-${{ matrix.version }}-${{ github.action }}-bep | |
| run: | | |
| bazel test \ | |
| --config=stamped \ | |
| --config=flaky_retry \ | |
| --test_tag_filters= \ | |
| //rs/tests/dre:guest_os_qualification_colocate \ | |
| --test_env=OLD_VERSION=${{ matrix.version }} \ | |
| --keep_going --test_timeout=7200 | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| repro-check: | |
| name: Repro check for ${{ github.sha }} | |
| uses: ./.github/workflows/repro-check.yml | |
| needs: [ci-main] | |
| with: | |
| github_sha: ${{ github.sha }} |