CI: fix build and processing results

The expectation was that we'd need an ssh key with a passphrase.
The github way to leverage an ssh-agent is through webfactory [0 and
they insist that since the key is uploaded to github that suffices. The
passphrase is not supported so remove it.

The local user ssh-agent is not used or leveraged by github actions,
and so we in order to automatically push onto kdevops-results-archive
you will need to leverage github repository secrets for the key, once
that is installed you will also need to add the public key to the
kdevops-repository-results as a "deploy" key.

 - fstests.yml:
   - use webfactory/ssh-agent v0.9.0
   - simplify the way we look for zip files on artifacts, just use a glob
   - fix the fstests.yml kdevops path for the zip file
 - kdevops_archive:
    - reduce scope and use github repo private secrets
    - add debug info about archive files

Signed-off-by: Luis Chamberlain <[email protected]>

Author: mcgrof

.github/workflows/fstests.yml

@@ -17,6 +17,9 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
+      - name: Set kdevops path
+        run: echo "KDEVOPS_PATH=$GITHUB_WORKSPACE" >> $GITHUB_ENV
+
       - name: Configure git
         run: |
           git config --global --add safe.directory '*'
@@ -51,25 +54,23 @@ jobs:
           cd kdevops
           make journal-dump
 
+      - name: Start SSH Agent
+        if: always()  # Ensure this step runs even if previous steps failed
+        uses: webfactory/[email protected]
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
       - name: Build our kdevops archive results
         if: always() # This ensures the step runs even if previous steps failed
         run: |
-          cd kdevops
           make ci-archive
 
-      - name: Find and kdevops results zip file
-        if: always() # This ensures the step runs even if previous steps failed
-        run: |
-          ZIP_FILE=$(find kdevops/archive -name "*.zip" -type f | head -n 1)
-          echo "Found zip file: $ZIP_FILE"
-          echo "KDEVOPS_ARTIFACT_PATH=$ZIP_FILE" >> $GITHUB_ENV
-
       - name: Upload our kdevops results archive
         if: always() # This ensures the step runs even if previous steps failed
         uses: actions/upload-artifact@v4
         with:
           name: kdevops-ci-results
-          path: ${{ env.KDEVOPS_ARTIFACT_PATH }}
+          path: ${{ env.KDEVOPS_PATH }}/archive/*.zip
 
       # Ensure make destroy always runs, even on failure
       - name: Run kdevops make destroy

playbooks/roles/kdevops_archive/defaults/main.yml

@@ -11,12 +11,6 @@ kdevops_results_archive_dir: "{{ topdir_path }}/../{{ kdevops_results_name }}"
 kdevops_archive_mirror_present: false
 kdevops_archive_host: "{{ kdevops_results_repo_path.split(':')[0] }}"
 kdevops_archive: "/mirror/{{ kdevops_results_name }}.git"
-kdevops_archive_key_loaded: False
-kdevops_archive_key_name: "kdevops_archive"
-kdevops_archive_identity_file: "/home/gh/.ssh/{{ kdevops_archive }}"
-kdevops_archive_key_detected: False
-kdevops_archive_key_fingerprint: ""
-kdevops_archive_key_has_passphrase: False
 kdevops_archive_demo: False
 bootlinux_tree_set_by_cli: False
 kdevops_archive_base: "selftests/gh/linux-modules-kpd/20241021"

playbooks/roles/kdevops_archive/tasks/main.yml

@@ -112,154 +112,42 @@
     chdir: "{{ topdir_path }}"
   when: ci_results.stdout_lines | length > 0
 
-- name: Create our archive/ tar.xz for our test results
+- name: Create our archive/ xz file for kdevops-results-archive
   archive:
     path: "{{ kdevops_results_local }}"
     dest: "{{ kdevops_results }}/{{ target_linux_ref }}.xz"
     format: xz
     remove: no
 
-- name: Create the same zip archive as well
+- name: Create the same archive/ zip file for web CI artifacts
   archive:
     path: "{{ kdevops_results_local }}"
     dest: "{{ kdevops_results }}/{{ target_linux_ref }}.zip"
     format: zip
     remove: no
 
-- name: Get SSH configuration for the kdevops archive repo
-  ansible.builtin.command: ssh -G {{ kdevops_results_repo_url_user }}@{{ kdevops_results_repo_path }}
-  register: ssh_archive_config_repo
-  changed_when: false
-
-- name: Extract kdevops archive repo IdentityFile
-  vars:
-    identity_file_lines: "{{ ssh_archive_config_repo.stdout_lines | select('match', '^identityfile ') }}"
-    identity_file_raw: "{{ identity_file_lines | first | regex_replace('^identityfile (.*)$', '\\1') }}"
-  ansible.builtin.set_fact:
-    kdevops_archive_identity_file: "{{ identity_file_raw | regex_replace('^~', lookup('env', 'HOME')) }}"
-
-- name: Check if the key used for the kdevops archive repo is installed
-  ansible.builtin.set_fact:
-    kdevops_archive_key_detected: "{{ kdevops_archive_key_name in (kdevops_archive_identity_file | basename) }}"
-
-- name: Inform user of how to set up the kdevops archive repo key
-  ansible.builtin.debug:
-    msg: |
-      ssh key archive test for {{ kdevops_results_repo_url }}:
-      We ran:
-
-        ssh -G {{ kdevops_results_repo_url_user }}@{{ kdevops_results_repo_path }} | grep identityfile
-
-      Missing key name: '{{ kdevops_archive_key_name }}'
-      Current IdentityFile:
-        {{ kdevops_archive_identity_file }}
-
-      To set up automatic kdevops repo archiving install something like
-      the following key for host {{ kdevops_archive_host }}:
-
-      Host {{ kdevops_results_repo_path }}
-          User {{ kdevops_results_repo_url_user }}
-          Hostname {{ kdevops_archive_host }}
-          IdentityFile {{ lookup('env', 'HOME') }}/.ssh/{{ kdevops_archive_key_name }}
-
-
-      Create the key first with something like:
-
-        ssh-keygen -t ed25519 -C "{{ kdevops_results_repo_url_user}}@{{ kdevops_results_repo_path }}" -f {{ lookup('env', 'HOME') }}/.ssh/{{ kdevops_archive_key_name }}
-
-      Then install it as deploy key for {{ kdevops_results_repo_path}}:
-
-      https://docs.github.com/en/authentication/connecting-to-github-with-ssh/managing-deploy-keys#deploy-keys
-
-      And then add the above to your {{ lookup('env', 'HOME') }}/.ssh/config
-
-  when:
-    - 'not kdevops_archive_key_detected|bool'
-    - 'bootlinux_tree_set_by_cli|bool'
-
-- name: Gracefully end if key is not found for automatic kdevops archiving
-  meta: end_play
-  when:
-    - not kdevops_archive_key_detected
-
-- name: Check if the detected kdevops archive repo key exists
-  ansible.builtin.stat:
-    path: "{{ kdevops_archive_identity_file }}"
-  register: ssh_key_file_lookup
-
-- name: Inform user of configured but not created key
-  ansible.builtin.debug:
-    msg: |
-      Key to be used missing: {{ kdevops_archive_identity_file }}
-      Create the key with something like:
-        ssh-keygen -t ed25519 -C "{{ kdevops_results_repo_url_user}}@{{ kdevops_results_repo_path }}" -f {{ lookup('env', 'HOME') }}/.ssh/{{ kdevops_archive_key_name }}
-  when:
-    - not ssh_key_file_lookup.stat.exists
-
-- name: Gracefully end if key does not exist
-  meta: end_play
-  when:
-    - not ssh_key_file_lookup.stat.exists
+- name: Find archive files to verify
+  find:
+    paths: "{{ kdevops_results }}"
+    patterns:
+      - "*.zip"
+      - "*.xz"
+  register: archive_files
 
-- name: Check if kdevops results archive ssh key has a passphrase
-  ansible.builtin.command:
-    cmd: "ssh-keygen -y -f {{ kdevops_archive_identity_file }}"
-  register: ssh_key_check
-  ignore_errors: yes
+- name: Get archive file stat
+  stat:
+    path: "{{ item.path }}"
+  register: archive_stats
+  loop: "{{ archive_files.files }}"
   changed_when: false
-  failed_when: false
   no_log: true
 
-- name: Set fact about SSH key passphrase status
-  ansible.builtin.set_fact:
-    kdevops_archive_key_has_passphrase: "{{ ssh_key_check.rc != 0 }}"
-
-- name: Inform user if key did not have a passphrase
-  ansible.builtin.debug:
-    msg: |
-      ssh key archive {{ kdevops_archive_identity_file }} for {{ kdevops_results_repo_url }}
-      does not have a passphrase. This not secure and not allowed. Giving up.
-  when:
-    - 'not kdevops_archive_key_has_passphrase|bool'
-
-- name: End if key did not have passphrase set up
-  meta: end_play
-  when:
-    - 'not kdevops_archive_key_has_passphrase|bool'
-
-- name: Gracefully end if the user did not set up a kdevops archive repo key
-  meta: end_play
-  when: not kdevops_archive_key_detected
-
-- name: Get fingerprint of the identity file for {{ kdevops_archive_key_name }}
-  ansible.builtin.command: ssh-keygen -lf "{{ kdevops_archive_identity_file }}"
-  register: kdevops_archive_fingerprint_output
-  changed_when: false
-  when:
-    - 'kdevops_archive_key_detected|bool'
-
-- name: Extract the {{ kdevops_archive_key_name }} fingerprint
-  ansible.builtin.set_fact:
-    kdevops_archive_key_fingerprint: "{{ kdevops_archive_fingerprint_output.stdout.split()[1] }}"
-  when:
-    - 'kdevops_archive_key_detected|bool'
-
-- name: List keys in ssh-agent
-  ansible.builtin.command: ssh-add -l
-  register: kdevops_archive_ssh_add_list
-  changed_when: false
-  when:
-    - 'kdevops_archive_key_detected|bool'
-
-- name: Check if key is loaded in ssh-agent
-  ansible.builtin.set_fact:
-    kdevops_archive_key_loaded: "{{ kdevops_archive_key_fingerprint in kdevops_archive_ssh_add_list.stdout }}"
-
-- name: Inform when we are achiving
-  ansible.builtin.debug:
-    msg: "Achievement unlocked: kdevops archive key set up, automatic kdevops archiving enabled."
-  when:
-    - 'kdevops_archive_key_loaded|bool'
+- name: Display archive file information
+  debug:
+    msg: "{{ item.stat.path }} ({{ (item.stat.size / 1024 / 1024) | round(2) }}MB)"
+  loop: "{{ archive_stats.results }}"
+  loop_control:
+    label: "{{ item.stat.path | basename }}"
 
 - name: Check if kdevops-results-archive directory exists
   stat: