Add PR validation job

Signed-off-by: Simon Davies <[email protected]>

Author: simongdavies

.github/workflows/pr-validation.yml

@@ -0,0 +1,183 @@
+name: PR Validation
+
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+
+env:
+  # Consistent image tag for CI
+  IMAGE_TAG: ci-${{ github.sha }}
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install just
+        uses: extractions/setup-just@v2
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.25'
+          cache-dependency-path: device-plugin/go.sum
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: rustfmt, clippy
+
+      - name: Check formatting
+        run: just fmt-check
+
+      - name: Run linters
+        run: just lint-strict
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install just
+        uses: extractions/setup-just@v2
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.25'
+          cache-dependency-path: device-plugin/go.sum
+
+      - name: Build device plugin
+        run: just plugin-build
+
+  integration:
+    name: Integration Tests
+    runs-on: ubuntu-24.04
+    needs: [lint, build]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.25'
+          cache-dependency-path: device-plugin/go.sum
+
+      - name: Enable KVM
+        run: |
+          echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
+          sudo udevadm control --reload-rules
+          sudo udevadm trigger --name-match=kvm
+          
+          # Verify KVM is available
+          if [ ! -e /dev/kvm ]; then
+            echo "::error::KVM is not available on this runner"
+            exit 1
+          fi
+          ls -la /dev/kvm
+          echo "✓ KVM enabled"
+
+      - name: Install just
+        uses: extractions/setup-just@v2
+
+      - name: Install kind
+        run: |
+          go install sigs.k8s.io/kind@latest
+          echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
+
+      - name: Install kubectl
+        uses: azure/setup-kubectl@v4
+
+      - name: Create KIND cluster
+        run: |
+          just local-up
+          echo "✓ KIND cluster created"
+
+      - name: Build device plugin
+        run: |
+          just plugin-build
+          echo "✓ Device plugin built"
+
+      - name: Push device plugin to local registry
+        run: |
+          just plugin-local-push
+          echo "✓ Device plugin pushed to local registry"
+
+      - name: Deploy device plugin
+        run: |
+          just plugin-local-deploy
+          echo "✓ Device plugin deployed"
+
+      - name: Wait for device plugin to be ready
+        run: |
+          echo "Waiting for device plugin DaemonSet..."
+          kubectl rollout status daemonset/hyperlight-device-plugin -n hyperlight-system --timeout=120s
+          
+          # Wait for node resources to be advertised
+          echo "Waiting for node resources..."
+          for i in {1..30}; do
+            capacity=$(kubectl get nodes -o jsonpath='{.items[0].status.allocatable.hyperlight\.dev/hypervisor}' 2>/dev/null || echo "0")
+            if [ "$capacity" != "0" ] && [ -n "$capacity" ]; then
+              echo "✓ Node advertising $capacity hyperlight.dev/hypervisor devices"
+              break
+            fi
+            echo "Waiting for device plugin to register resources... ($i/30)"
+            sleep 2
+          done
+
+      - name: Run device plugin tests
+        run: |
+          ./scripts/test.sh plugin
+          ./scripts/test.sh nodes
+          ./scripts/test.sh kvm
+          echo "✓ Device plugin tests passed"
+
+      - name: Build Hyperlight app
+        run: |
+          just app-build
+          echo "✓ Hyperlight app built"
+
+      - name: Push Hyperlight app to local registry
+        run: |
+          just app-local-push
+          echo "✓ Hyperlight app pushed to local registry"
+
+      - name: Deploy Hyperlight app
+        run: |
+          just app-local-deploy
+          echo "✓ Hyperlight app deployed"
+
+      - name: Wait for Hyperlight app to be ready
+        run: |
+          echo "Waiting for Hyperlight app deployment..."
+          kubectl rollout status deployment/hyperlight-hello-kvm --timeout=180s
+
+      - name: Validate Hyperlight app output
+        run: |
+          ./scripts/test.sh app
+          echo "✓ Hyperlight app tests passed"
+
+      - name: Show status
+        if: always()
+        run: |
+          echo "=== Pods ==="
+          kubectl get pods -A
+          echo ""
+          echo "=== Device Plugin Logs ==="
+          kubectl logs -n hyperlight-system -l app.kubernetes.io/name=hyperlight-device-plugin --tail=50 || true
+          echo ""
+          echo "=== Hyperlight App Logs ==="
+          kubectl logs -l app=hyperlight-hello --tail=50 || true
+
+      - name: Cleanup
+        if: always()
+        run: |
+          just local-down || true

device-plugin/main.go

@@ -38,7 +38,7 @@ const (
 	serverSock         = pluginapi.DevicePluginPath + "hyperlight.sock"
 	kubeletSock        = pluginapi.KubeletSocket
 	cdiSpecPath        = "/var/run/cdi/hyperlight.json"
-	defaultDeviceCount = 2000 // Conservative default for MSHV; KVM can handle more
+	defaultDeviceCount = 2000  // Conservative default for MSHV; KVM can handle more
 	defaultDeviceUID   = 65534 // Default UID for device node in container (nobody)
 	defaultDeviceGID   = 65534 // Default GID for device node in container (nobody)
 )

justfile

@@ -279,6 +279,86 @@ app-undeploy:
     kubectl delete -f {{hyperlight_app_dir}}/k8s/deployment-kvm.yaml --ignore-not-found
     kubectl delete -f {{hyperlight_app_dir}}/k8s/deployment-mshv.yaml --ignore-not-found
 
+# =============================================================================
+# CI / Testing
+# =============================================================================
+
+# Run the full CI test suite locally (simulates PR validation workflow)
+ci-test:
+    #!/usr/bin/env bash
+    set -euo pipefail
+    
+    echo "========================================"
+    echo "  Hyperlight CI Test Suite"
+    echo "========================================"
+    echo ""
+    echo "This simulates the GitHub Actions PR validation workflow."
+    echo ""
+    
+    # Check KVM
+    if [ ! -e /dev/kvm ]; then
+        echo "❌ /dev/kvm not found - CI tests require KVM"
+        exit 1
+    fi
+    echo "✓ KVM available"
+    echo ""
+    
+    # Step 1: Check formatting
+    echo "=== Step 1/8: Check formatting ==="
+    just fmt-check
+    echo ""
+    
+    # Step 2: Run linters
+    echo "=== Step 2/8: Run linters ==="
+    just lint-strict
+    echo ""
+    
+    # Step 3: Create KIND cluster
+    echo "=== Step 3/8: Create KIND cluster ==="
+    just local-up
+    echo ""
+    
+    # Step 4: Build device plugin
+    echo "=== Step 4/8: Build device plugin ==="
+    just plugin-build
+    echo ""
+    
+    # Step 5: Push and deploy device plugin
+    echo "=== Step 5/8: Deploy device plugin ==="
+    just plugin-local-push
+    just plugin-local-deploy
+    echo ""
+    
+    # Step 6: Wait for device plugin and run tests
+    echo "=== Step 6/8: Test device plugin ==="
+    kubectl rollout status daemonset/hyperlight-device-plugin -n hyperlight-system --timeout=120s
+    sleep 5  # Give kubelet time to update node resources
+    {{project_root}}/scripts/test.sh plugin
+    {{project_root}}/scripts/test.sh nodes
+    {{project_root}}/scripts/test.sh kvm
+    echo ""
+    
+    # Step 7: Build Hyperlight app
+    echo "=== Step 7/8: Build Hyperlight app ==="
+    just app-build
+    echo ""
+    
+    # Step 8: Deploy and test Hyperlight app
+    echo "=== Step 8/8: Deploy and test Hyperlight app ==="
+    just app-local-push
+    just app-local-deploy
+    kubectl rollout status deployment/hyperlight-hello-kvm --timeout=180s
+    {{project_root}}/scripts/test.sh app
+    echo ""
+    
+    echo "========================================"
+    echo "  ✓ All CI tests passed!"
+    echo "========================================"
+
+# Run the full CI test suite and cleanup afterwards
+ci-test-clean: ci-test
+    just local-down
+
 # =============================================================================
 # Development
 # =============================================================================
@@ -288,11 +368,41 @@ fmt:
     cd {{device_plugin_dir}} && go fmt ./...
     cd {{hyperlight_app_dir}} && cargo fmt --all
 
+# Check formatting without modifying files (for CI)
+fmt-check:
+    #!/usr/bin/env bash
+    set -euo pipefail
+    echo "Checking Go formatting..."
+    cd {{device_plugin_dir}}
+    if [ -n "$(gofmt -l .)" ]; then
+        echo "❌ Go code is not formatted. Run 'just fmt'"
+        gofmt -d .
+        exit 1
+    fi
+    echo "✓ Go code formatted"
+    
+    echo "Checking Rust formatting..."
+    cd {{hyperlight_app_dir}}
+    cargo fmt --all -- --check
+    echo "✓ Rust code formatted"
+
 # Run linters (Go + Rust host only - guest is no_std)
 lint:
     cd {{device_plugin_dir}} && go vet ./...
     cd {{hyperlight_app_dir}}/host && cargo clippy
 
+# Run linters with warnings as errors (for CI)
+lint-strict:
+    #!/usr/bin/env bash
+    set -euo pipefail
+    echo "Running Go vet..."
+    cd {{device_plugin_dir}} && go vet ./...
+    echo "✓ Go vet passed"
+    
+    echo "Running Rust clippy with strict warnings..."
+    cd {{hyperlight_app_dir}}/host && cargo clippy -- -D warnings
+    echo "✓ Rust clippy passed"
+
 # Check prerequisites
 check:
     #!/usr/bin/env bash