Skip to content

Commit

Permalink
Merge pull request #447 from Altinity/customizations/24.3.5-fips
Browse files Browse the repository at this point in the history
24.3.5 FIPS Pre-release
  • Loading branch information
Enmk authored Aug 31, 2024
2 parents df58460 + 5978424 commit f030c60
Show file tree
Hide file tree
Showing 15 changed files with 166 additions and 109 deletions.
23 changes: 22 additions & 1 deletion .github/workflows/regression.yml
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,16 @@ name: Regression test workflow - Release
REGRESSION_GCS_URI:
description: gcs uri used for regression tests.
required: true

CHECKS_DATABASE_HOST:
description: database host name to upload regression test results to clickhouse.
required: true
CHECKS_DATABASE_USER:
description: database user name to upload regression test results to clickhouse.
required: true
CHECKS_DATABASE_PASSWORD:
description: database password to upload regression test results to clickhouse.
required: true

env:
# Force the stdout and stderr streams to be unbuffered
PYTHONUNBUFFERED: 1
Expand All @@ -93,6 +102,9 @@ env:
AWS_DEFAULT_REGION: ${{ secrets.AWS_REPORT_REGION }}
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
CHECKS_DATABASE_HOST: ${{ secrets.CHECKS_DATABASE_HOST }}
CHECKS_DATABASE_USER: ${{ secrets.CHECKS_DATABASE_USER }}
CHECKS_DATABASE_PASSWORD: ${{ secrets.CHECKS_DATABASE_PASSWORD }}
args: --test-to-end
--no-colors
--local
Expand Down Expand Up @@ -174,6 +186,7 @@ jobs:
python3
-u ${{ env.SUITE }}/regression.py
--clickhouse-binary-path ${{ env.clickhouse_binary_path }}
--clickhouse-version ${{ env.version }}
--attr project="$GITHUB_REPOSITORY" project.id="$GITHUB_REPOSITORY_ID" package="${{ env.clickhouse_binary_path }}" version="${{ env.version }}" user.name="$GITHUB_ACTOR" repository="https://github.com/Altinity/clickhouse-regression" commit.hash="$(git rev-parse HEAD)" job.id="$GITHUB_RUN_ID" job.url="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" arch="$(uname -i)"
${{ env.args }} || EXITCODE=$?;
.github/add_link_to_logs.sh;
Expand Down Expand Up @@ -225,6 +238,7 @@ jobs:
python3
-u alter/regression.py
--clickhouse-binary-path ${{ env.clickhouse_binary_path }}
--clickhouse-version ${{ env.version }}
--only "/alter/${{ matrix.ONLY }} partition/*"
--attr project="$GITHUB_REPOSITORY" project.id="$GITHUB_REPOSITORY_ID" package="${{ env.clickhouse_binary_path }}" version="${{ env.version }}" user.name="$GITHUB_ACTOR" repository="https://github.com/Altinity/clickhouse-regression" commit.hash="$(git rev-parse HEAD)" job.id="$GITHUB_RUN_ID" job.url="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" arch="$(uname -i)"
${{ env.args }} || EXITCODE=$?;
Expand Down Expand Up @@ -277,6 +291,7 @@ jobs:
python3
-u ${{ env.SUITE }}/benchmark.py
--clickhouse-binary-path ${{ env.clickhouse_binary_path }}
--clickhouse-version ${{ env.version }}
--storage ${{ matrix.STORAGE }}
--gcs-uri ${{ secrets.REGRESSION_GCS_URI }}
--gcs-key-id ${{ secrets.REGRESSION_GCS_KEY_ID }}
Expand Down Expand Up @@ -333,6 +348,7 @@ jobs:
-u ${{ env.SUITE }}/regression.py
--ssl
--clickhouse-binary-path ${{ env.clickhouse_binary_path }}
--clickhouse-version ${{ env.version }}
--attr project="$GITHUB_REPOSITORY" project.id="$GITHUB_REPOSITORY_ID" package="${{ env.clickhouse_binary_path }}" version="${{ env.version }}" user.name="$GITHUB_ACTOR" repository="https://github.com/Altinity/clickhouse-regression" commit.hash="$(git rev-parse HEAD)" job.id="$GITHUB_RUN_ID" job.url="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" arch="$(uname -i)"
${{ env.args }} || EXITCODE=$?;
.github/add_link_to_logs.sh;
Expand Down Expand Up @@ -383,6 +399,7 @@ jobs:
python3
-u ${{ env.SUITE }}/regression.py
--clickhouse-binary-path ${{ env.clickhouse_binary_path }}
--clickhouse-version ${{ env.version }}
--attr project="$GITHUB_REPOSITORY" project.id="$GITHUB_REPOSITORY_ID" package="${{ env.clickhouse_binary_path }}" version="${{ env.version }}" user.name="$GITHUB_ACTOR" repository="https://github.com/Altinity/clickhouse-regression" commit.hash="$(git rev-parse HEAD)" job.id="$GITHUB_RUN_ID" job.url="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" arch="$(uname -i)"
${{ env.args }} || EXITCODE=$?;
.github/add_link_to_logs.sh;
Expand Down Expand Up @@ -429,6 +446,7 @@ jobs:
python3
-u ${{ env.SUITE }}/regression.py
--clickhouse-binary-path ${{ env.clickhouse_binary_path }}
--clickhouse-version ${{ env.version }}
--attr project="$GITHUB_REPOSITORY" project.id="$GITHUB_REPOSITORY_ID" package="${{ env.clickhouse_binary_path }}" version="${{ env.version }}" user.name="$GITHUB_ACTOR" repository="https://github.com/Altinity/clickhouse-regression" commit.hash="$(git rev-parse HEAD)" job.id="$GITHUB_RUN_ID" job.url="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" arch="$(uname -i)"
${{ env.args }} || EXITCODE=$?;
.github/add_link_to_logs.sh;
Expand Down Expand Up @@ -480,6 +498,7 @@ jobs:
python3
-u ${{ env.SUITE }}/regression.py
--clickhouse-binary-path ${{ env.clickhouse_binary_path }}
--clickhouse-version ${{ env.version }}
--storage ${{ matrix.STORAGE }}
--aws-s3-bucket ${{ secrets.REGRESSION_AWS_S3_BUCKET }}
--aws-s3-region ${{ secrets.REGRESSION_AWS_S3_REGION }}
Expand Down Expand Up @@ -536,6 +555,7 @@ jobs:
python3
-u ${{ env.SUITE }}/regression.py
--clickhouse-binary-path ${{ env.clickhouse_binary_path }}
--clickhouse-version ${{ env.version }}
--storage ${{ matrix.STORAGE }}
--gcs-uri ${{ secrets.REGRESSION_GCS_URI }}
--gcs-key-id ${{ secrets.REGRESSION_GCS_KEY_ID }}
Expand Down Expand Up @@ -594,6 +614,7 @@ jobs:
python3
-u ${{ env.SUITE }}/regression.py
--clickhouse-binary-path ${{ env.clickhouse_binary_path }}
--clickhouse-version ${{ env.version }}
--aws-s3-access-key ${{ secrets.REGRESSION_AWS_S3_SECRET_ACCESS_KEY }}
--aws-s3-key-id ${{ secrets.REGRESSION_AWS_S3_KEY_ID }}
--aws-s3-uri https://s3.${{ secrets.REGRESSION_AWS_S3_REGION}}.amazonaws.com/${{ secrets.REGRESSION_AWS_S3_BUCKET }}/data/
Expand Down
184 changes: 93 additions & 91 deletions .github/workflows/release_branches.yml
Original file line number Diff line number Diff line change
Expand Up @@ -83,15 +83,15 @@ jobs:
test_name: Compatibility check (amd64)
runner_type: altinity-on-demand, altinity-type-cpx51, altinity-in-ash, altinity-image-x86-system-ubuntu-22.04
data: ${{ needs.RunConfig.outputs.data }}
CompatibilityCheckAarch64:
needs: [RunConfig, BuilderDebAarch64]
if: ${{ !failure() && !cancelled() }}
uses: ./.github/workflows/reusable_test.yml
secrets: inherit
with:
test_name: Compatibility check (aarch64)
runner_type: altinity-on-demand, altinity-type-cax41, altinity-in-hel1, altinity-image-arm-system-ubuntu-22.04
data: ${{ needs.RunConfig.outputs.data }}
# CompatibilityCheckAarch64:
# needs: [RunConfig, BuilderDebAarch64]
# if: ${{ !failure() && !cancelled() }}
# uses: ./.github/workflows/reusable_test.yml
# secrets: inherit
# with:
# test_name: Compatibility check (aarch64)
# runner_type: altinity-on-demand, altinity-type-cax41, altinity-in-hel1, altinity-image-arm-system-ubuntu-22.04
# data: ${{ needs.RunConfig.outputs.data }}
#########################################################################################
#################################### ORDINARY BUILDS ####################################
#########################################################################################
Expand All @@ -106,17 +106,17 @@ jobs:
data: ${{ needs.RunConfig.outputs.data }}
# always rebuild on release branches to be able to publish from any commit
force: true
BuilderDebAarch64:
needs: [RunConfig, BuildDockers]
if: ${{ !failure() && !cancelled() }}
uses: ./.github/workflows/reusable_build.yml
secrets: inherit
with:
build_name: package_aarch64
checkout_depth: 0
data: ${{ needs.RunConfig.outputs.data }}
# always rebuild on release branches to be able to publish from any commit
force: true
# BuilderDebAarch64:
# needs: [RunConfig, BuildDockers]
# if: ${{ !failure() && !cancelled() }}
# uses: ./.github/workflows/reusable_build.yml
# secrets: inherit
# with:
# build_name: package_aarch64
# checkout_depth: 0
# data: ${{ needs.RunConfig.outputs.data }}
# # always rebuild on release branches to be able to publish from any commit
# force: true
BuilderDebAsan:
needs: [RunConfig, BuildDockers]
if: ${{ !failure() && !cancelled() }}
Expand Down Expand Up @@ -168,31 +168,33 @@ jobs:
data: ${{ needs.RunConfig.outputs.data }}
# always rebuild on release branches to be able to publish from any commit
force: true
BuilderBinDarwinAarch64:
needs: [RunConfig, BuildDockers]
if: ${{ !failure() && !cancelled() }}
uses: ./.github/workflows/reusable_build.yml
secrets: inherit
with:
build_name: binary_darwin_aarch64
checkout_depth: 0
data: ${{ needs.RunConfig.outputs.data }}
# always rebuild on release branches to be able to publish from any commit
force: true
# BuilderBinDarwinAarch64:
# needs: [RunConfig, BuildDockers]
# if: ${{ !failure() && !cancelled() }}
# uses: ./.github/workflows/reusable_build.yml
# secrets: inherit
# with:
# build_name: binary_darwin_aarch64
# checkout_depth: 0
# data: ${{ needs.RunConfig.outputs.data }}
# # always rebuild on release branches to be able to publish from any commit
# force: true

############################################################################################
##################################### Docker images #######################################
############################################################################################
DockerServerImage:
needs: [RunConfig, BuilderDebRelease, BuilderDebAarch64]
needs: [RunConfig, BuilderDebRelease]
if: ${{ !failure() && !cancelled() }}
uses: ./.github/workflows/reusable_test.yml
secrets: inherit
with:
test_name: Docker server image
runner_type: altinity-on-demand, altinity-type-cpx41, altinity-in-ash, altinity-image-x86-system-ubuntu-22.04
data: ${{ needs.RunConfig.outputs.data }}

DockerKeeperImage:
needs: [RunConfig, BuilderDebRelease, BuilderDebAarch64]
needs: [RunConfig, BuilderDebRelease]
if: ${{ !failure() && !cancelled() }}
uses: ./.github/workflows/reusable_test.yml
secrets: inherit
Expand All @@ -209,7 +211,7 @@ jobs:
needs:
- RunConfig
- BuilderDebRelease
- BuilderDebAarch64
# - BuilderDebAarch64
- BuilderDebAsan
- BuilderDebTsan
- BuilderDebUBsan
Expand All @@ -227,7 +229,7 @@ jobs:
needs:
- RunConfig
- BuilderBinDarwin
- BuilderBinDarwinAarch64
# - BuilderBinDarwinAarch64
uses: ./.github/workflows/reusable_test.yml
secrets: inherit
with:
Expand All @@ -238,9 +240,9 @@ jobs:
if: ${{ !failure() && !cancelled() }}
needs:
- BuilderBinDarwin
- BuilderBinDarwinAarch64
# - BuilderBinDarwinAarch64
- BuilderDebRelease
- BuilderDebAarch64
# - BuilderDebAarch64
runs-on: [self-hosted, altinity-on-demand, altinity-setup-reporter, altinity-type-cax11, altinity-in-hel1, altinity-image-arm-system-ubuntu-22.04]
steps:
- name: Debug
Expand Down Expand Up @@ -279,17 +281,17 @@ jobs:
data: ${{ needs.RunConfig.outputs.data }}
run_command: |
python3 install_check.py "$CHECK_NAME"
InstallPackagesTestAarch64:
needs: [RunConfig, BuilderDebAarch64]
if: ${{ !failure() && !cancelled() }}
uses: ./.github/workflows/reusable_test.yml
secrets: inherit
with:
test_name: Install packages (arm64)
runner_type: altinity-on-demand, altinity-type-cax41, altinity-in-hel1, altinity-image-arm-system-ubuntu-22.04
data: ${{ needs.RunConfig.outputs.data }}
run_command: |
python3 install_check.py "$CHECK_NAME"
# InstallPackagesTestAarch64:
# needs: [RunConfig, BuilderDebAarch64]
# if: ${{ !failure() && !cancelled() }}
# uses: ./.github/workflows/reusable_test.yml
# secrets: inherit
# with:
# test_name: Install packages (arm64)
# runner_type: altinity-on-demand, altinity-type-cax41, altinity-in-hel1, altinity-image-arm-system-ubuntu-22.04
# data: ${{ needs.RunConfig.outputs.data }}
# run_command: |
# python3 install_check.py "$CHECK_NAME"
##############################################################################################
########################### FUNCTIONAl STATELESS TESTS #######################################
##############################################################################################
Expand All @@ -302,15 +304,15 @@ jobs:
test_name: Stateless tests (release)
runner_type: altinity-on-demand, altinity-type-cpx51, altinity-in-ash, altinity-image-x86-system-ubuntu-22.04
data: ${{ needs.RunConfig.outputs.data }}
FunctionalStatelessTestAarch64:
needs: [RunConfig, BuilderDebAarch64]
if: ${{ !failure() && !cancelled() }}
uses: ./.github/workflows/reusable_test.yml
secrets: inherit
with:
test_name: Stateless tests (aarch64)
runner_type: altinity-on-demand, altinity-type-cax41, altinity-in-hel1, altinity-image-arm-system-ubuntu-22.04
data: ${{ needs.RunConfig.outputs.data }}
# FunctionalStatelessTestAarch64:
# needs: [RunConfig, BuilderDebAarch64]
# if: ${{ !failure() && !cancelled() }}
# uses: ./.github/workflows/reusable_test.yml
# secrets: inherit
# with:
# test_name: Stateless tests (aarch64)
# runner_type: altinity-on-demand, altinity-type-cax41, altinity-in-hel1, altinity-image-arm-system-ubuntu-22.04
# data: ${{ needs.RunConfig.outputs.data }}
FunctionalStatelessTestAsan:
needs: [RunConfig, BuilderDebAsan]
if: ${{ !failure() && !cancelled() }}
Expand Down Expand Up @@ -368,15 +370,15 @@ jobs:
test_name: Stateful tests (release)
runner_type: altinity-on-demand, altinity-type-cpx51, altinity-in-ash, altinity-image-x86-system-ubuntu-22.04
data: ${{ needs.RunConfig.outputs.data }}
FunctionalStatefulTestAarch64:
needs: [RunConfig, BuilderDebAarch64]
if: ${{ !failure() && !cancelled() }}
uses: ./.github/workflows/reusable_test.yml
secrets: inherit
with:
test_name: Stateful tests (aarch64)
runner_type: altinity-on-demand, altinity-type-cax41, altinity-in-hel1, altinity-image-arm-system-ubuntu-22.04
data: ${{ needs.RunConfig.outputs.data }}
# FunctionalStatefulTestAarch64:
# needs: [RunConfig, BuilderDebAarch64]
# if: ${{ !failure() && !cancelled() }}
# uses: ./.github/workflows/reusable_test.yml
# secrets: inherit
# with:
# test_name: Stateful tests (aarch64)
# runner_type: altinity-on-demand, altinity-type-cax41, altinity-in-hel1, altinity-image-arm-system-ubuntu-22.04
# data: ${{ needs.RunConfig.outputs.data }}
FunctionalStatefulTestAsan:
needs: [RunConfig, BuilderDebAsan]
if: ${{ !failure() && !cancelled() }}
Expand Down Expand Up @@ -519,19 +521,19 @@ jobs:
secrets: inherit
with:
runner_type: altinity-on-demand, altinity-type-cpx51, altinity-image-x86-app-docker-ce, altinity-setup-regression
commit: c5e1513a2214ee33696c29717935e0a94989ac2a
arch: release
build_sha: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
RegressionTestsAarch64:
needs: [BuilderDebAarch64]
if: ${{ !failure() && !cancelled() }}
uses: ./.github/workflows/regression.yml
secrets: inherit
with:
runner_type: altinity-on-demand, altinity-type-cax41, altinity-image-arm-app-docker-ce, altinity-setup-regression
commit: c5e1513a2214ee33696c29717935e0a94989ac2a
arch: aarch64
commit: 0c78d66f01dd08f324c57ae2efec5cd6bd7d19e3
arch: release
build_sha: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
# RegressionTestsAarch64:
# needs: [BuilderDebAarch64]
# if: ${{ !failure() && !cancelled() }}
# uses: ./.github/workflows/regression.yml
# secrets: inherit
# with:
# runner_type: altinity-on-demand, altinity-type-cax41, altinity-image-arm-app-docker-ce, altinity-setup-regression
# commit: c5e1513a2214ee33696c29717935e0a94989ac2a
# arch: aarch64
# build_sha: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
SignRelease:
needs: [RunConfig, BuilderDebRelease]
if: ${{ !failure() && !cancelled() }}
Expand All @@ -541,15 +543,15 @@ jobs:
test_name: Sign release
runner_type: altinity-on-demand, altinity-type-cpx41, altinity-in-ash, altinity-image-x86-system-ubuntu-22.04
data: ${{ needs.RunConfig.outputs.data }}
SignAarch64:
needs: [RunConfig, BuilderDebAarch64]
if: ${{ !failure() && !cancelled() }}
uses: ./.github/workflows/reusable_sign.yml
secrets: inherit
with:
test_name: Sign aarch64
runner_type: altinity-on-demand, altinity-type-cpx41, altinity-in-ash, altinity-image-x86-system-ubuntu-22.04
data: ${{ needs.RunConfig.outputs.data }}
# SignAarch64:
# needs: [RunConfig, BuilderDebAarch64]
# if: ${{ !failure() && !cancelled() }}
# uses: ./.github/workflows/reusable_sign.yml
# secrets: inherit
# with:
# test_name: Sign aarch64
# runner_type: altinity-on-demand, altinity-type-cpx41, altinity-in-ash, altinity-image-x86-system-ubuntu-22.04
# data: ${{ needs.RunConfig.outputs.data }}
FinishCheck:
if: ${{ !failure() && !cancelled() }}
needs:
Expand All @@ -560,14 +562,14 @@ jobs:
- MarkReleaseReady
- FunctionalStatelessTestDebug
- FunctionalStatelessTestRelease
- FunctionalStatelessTestAarch64
# - FunctionalStatelessTestAarch64
- FunctionalStatelessTestAsan
- FunctionalStatelessTestTsan
- FunctionalStatelessTestMsan
- FunctionalStatelessTestUBsan
- FunctionalStatefulTestDebug
- FunctionalStatefulTestRelease
- FunctionalStatefulTestAarch64
# - FunctionalStatefulTestAarch64
- FunctionalStatefulTestAsan
- FunctionalStatefulTestTsan
- FunctionalStatefulTestMsan
Expand All @@ -581,9 +583,9 @@ jobs:
- IntegrationTestsTsan
- IntegrationTestsRelease
- CompatibilityCheckX86
- CompatibilityCheckAarch64
# - CompatibilityCheckAarch64
- RegressionTestsRelease
- RegressionTestsAarch64
# - RegressionTestsAarch64
- SignRelease
runs-on: [self-hosted, altinity-on-demand, altinity-type-cax11, altinity-image-arm-system-ubuntu-22.04, altinity-setup-regression]
steps:
Expand Down
Loading

0 comments on commit f030c60

Please sign in to comment.