neonvm: add smoke test to check that neonvmd is running in the vm #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-images | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| # 'skip' is kind of silly. it exists because we can't actually *skip* this job from e2e-test, | ||
| # otherwise the follow-up job that needs it wouldn't be able to run. So instead we pretend the | ||
| # job completed successfully, but actually do nothing... | ||
| skip: | ||
| description: 'Changes this action to perform a no-op' | ||
| type: boolean | ||
| required: false | ||
| tag: | ||
| description: 'Tag to use for the Docker images' | ||
| type: string | ||
| required: true | ||
| kernel-image: | ||
| description: 'Kernel image for the VMs embedded in neonvm-runner. If not specified, a kernel will be built from source' | ||
| type: string | ||
| required: false | ||
| build-cluster-autoscaler: | ||
| description: 'Build the custom cluster-autoscaler image' | ||
| type: boolean | ||
| required: false | ||
| controller-preserve-runner-pods: | ||
| description: 'ONLY USE FOR E2E TESTS: Set neonvm-controller to never delete VM runner pods' | ||
| type: boolean | ||
| required: false | ||
| upload-to-ecr: | ||
| description: 'Should images be uploaded to neon ECR' | ||
| type: boolean | ||
| required: false | ||
| outputs: | ||
| controller: | ||
| description: 'neonvm-controller image' | ||
| value: ${{ jobs.tags.outputs.controller }} | ||
| vxlan-controller: | ||
| description: 'neonvm-vxlan-controller image' | ||
| value: ${{ jobs.tags.outputs.vxlan-controller }} | ||
| runner: | ||
| description: 'neonvm-runner image' | ||
| value: ${{ jobs.tags.outputs.runner }} | ||
| scheduler: | ||
| description: 'autoscale-scheduler image' | ||
| value: ${{ jobs.tags.outputs.scheduler }} | ||
| autoscaler-agent: | ||
| description: 'autoscaler-agent image' | ||
| value: ${{ jobs.tags.outputs.autoscaler-agent }} | ||
| daemon: | ||
| description: 'neonvm-daemon image' | ||
| value: ${{ jobs.tags.outputs.daemon }} | ||
| env: | ||
| IMG_CONTROLLER: "neondatabase/neonvm-controller" | ||
| IMG_VXLAN_CONTROLLER: "neondatabase/neonvm-vxlan-controller" | ||
| IMG_RUNNER: "neondatabase/neonvm-runner" | ||
| IMG_DAEMON: "neondatabase/neonvm-daemon" | ||
| IMG_KERNEL: "neondatabase/vm-kernel" | ||
| IMG_SCHEDULER: "neondatabase/autoscale-scheduler" | ||
| IMG_AUTOSCALER_AGENT: "neondatabase/autoscaler-agent" | ||
| IMG_CLUSTER_AUTOSCALER: "neondatabase/cluster-autoscaler-neonvm" | ||
| ECR_DEV: "369495373322.dkr.ecr.eu-central-1.amazonaws.com" | ||
| ECR_PROD: "093970136003.dkr.ecr.eu-central-1.amazonaws.com" | ||
| # Why localhost? We use a local registry so that when docker/build-push-action tries to pull the | ||
| # image we built locally, it'll actually have a place to pull from. | ||
| # | ||
| # Otherwise, if we just try to use a local image, it fails trying to pull it from dockerhub. | ||
| # See https://github.com/moby/buildkit/issues/2343 for more information. | ||
| GO_BASE_IMG: "localhost:5000/neondatabase/autoscaling-go-base:dev" | ||
| defaults: | ||
| run: | ||
| shell: bash -euo pipefail {0} | ||
| jobs: | ||
| tags: | ||
| outputs: | ||
| controller: ${{ steps.show-tags.outputs.controller }} | ||
| vxlan-controller: ${{ steps.show-tags.outputs.vxlan-controller }} | ||
| runner: ${{ steps.show-tags.outputs.runner }} | ||
| scheduler: ${{ steps.show-tags.outputs.scheduler }} | ||
| autoscaler-agent: ${{ steps.show-tags.outputs.autoscaler-agent }} | ||
| cluster-autoscaler: ${{ steps.show-tags.outputs.cluster-autoscaler }} | ||
| daemon: ${{ steps.show-tags.outputs.daemon}} | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - id: show-tags | ||
| run: | | ||
| echo "controller=${{ env.IMG_CONTROLLER }}:${{ inputs.tag }}" | tee -a $GITHUB_OUTPUT | ||
| echo "vxlan-controller=${{ env.IMG_VXLAN_CONTROLLER }}:${{ inputs.tag }}" | tee -a $GITHUB_OUTPUT | ||
| echo "runner=${{ env.IMG_RUNNER }}:${{ inputs.tag }}" | tee -a $GITHUB_OUTPUT | ||
| echo "daemon=${{ env.IMG_DAEMON }}:${{ inputs.tag }}" | tee -a $GITHUB_OUTPUT | ||
| echo "scheduler=${{ env.IMG_SCHEDULER }}:${{ inputs.tag }}" | tee -a $GITHUB_OUTPUT | ||
| echo "autoscaler-agent=${{ env.IMG_AUTOSCALER_AGENT }}:${{ inputs.tag }}" | tee -a $GITHUB_OUTPUT | ||
| echo "cluster-autoscaler=${{ env.IMG_CLUSTER_AUTOSCALER }}:${{ inputs.tag }}" | tee -a $GITHUB_OUTPUT | ||
| vm-kernel: | ||
| # nb: use format(..) to catch both inputs.skip = true AND inputs.skip = 'true'. | ||
| if: ${{ format('{0}', inputs.skip) != 'true' }} | ||
| uses: ./.github/workflows/vm-kernel.yaml | ||
| with: | ||
| tag: ${{ inputs.kernel-image || inputs.tag }} | ||
| return-image-for-tag: ${{ inputs.kernel-image }} | ||
| secrets: inherit | ||
| build: | ||
| # nb: use format(..) to catch both inputs.skip = true AND inputs.skip = 'true'. | ||
| if: ${{ format('{0}', inputs.skip) != 'true' }} | ||
| needs: [ tags, vm-kernel ] | ||
| runs-on: [ self-hosted, large ] | ||
| permissions: | ||
| contents: read # This is required for actions/checkout | ||
| id-token: write # This is required for aws-actions/configure-aws-credentials | ||
| runs-on: [ self-hosted, gen3, large ] | ||
| services: | ||
| registry: | ||
| image: registry:2 | ||
| ports: | ||
| - 5000:5000 | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 # fetch all, so that we also include tags | ||
| - uses: actions/setup-go@v5 | ||
| with: | ||
| go-version-file: 'go.mod' | ||
| # Disable cache on self-hosted runners to avoid /usr/bin/tar errors, see https://github.com/actions/setup-go/issues/403 | ||
| cache: false | ||
| # Sometimes setup-go gets stuck. Without this, it'll keep going until the job gets killed | ||
| timeout-minutes: 10 | ||
| # Use 'git describe' for embedding git information (duplicated from the Makefile) | ||
| - name: get git info | ||
| id: get-git-info | ||
| run: | | ||
| # note: --tags enables matching on lightweight (i.e. not annotated) tags, which normally | ||
| # wouldn't be necessary, except that actions/checkout@v4 does weird things to setup the | ||
| # repository that means that we actually end up checked out with *just* a lightweight tag | ||
| # to the tagged commit. | ||
| echo "info=$(git describe --tags --long --dirty)" >> $GITHUB_OUTPUT | ||
| - name: get CA base git tag | ||
| id: get-ca-tag | ||
| if: ${{ format('{0}', inputs.build-cluster-autoscaler) == 'true' }} | ||
| run: | | ||
| echo "tag=$(cat cluster-autoscaler/ca.tag)" >> $GITHUB_OUTPUT | ||
| - name: set custom docker config directory | ||
| uses: ./.github/actions/set-docker-config-dir | ||
| - uses: docker/setup-buildx-action@v3 | ||
| with: | ||
| driver-opts: network=host | ||
| - name: Login to Dockerhub | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| username: ${{ secrets.NEON_DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }} | ||
| - name: Login to Docker cache registry | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: cache.neon.build | ||
| username: ${{ secrets.NEON_CI_DOCKERCACHE_USERNAME }} | ||
| password: ${{ secrets.NEON_CI_DOCKERCACHE_PASSWORD }} | ||
| - name: Configure dev AWS credentials | ||
| if: ${{ format('{0}', inputs.upload-to-ecr) == 'true' }} | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: eu-central-1 | ||
| mask-aws-account-id: true | ||
| role-to-assume: ${{ secrets.DEV_GHA_OIDC_ECR_ROLE }} | ||
| - name: Login to dev ECR | ||
| if: ${{ format('{0}', inputs.upload-to-ecr) == 'true' }} | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.ECR_DEV }} | ||
| - name: Configure prod AWS credentials | ||
| if: ${{ format('{0}', inputs.upload-to-ecr) == 'true' }} | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: eu-central-1 | ||
| mask-aws-account-id: true | ||
| role-to-assume: ${{ secrets.PROD_GHA_OIDC_ECR_ROLE }} | ||
| - name: Login to prod ECR | ||
| if: ${{ format('{0}', inputs.upload-to-ecr) == 'true' }} | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.ECR_PROD }} | ||
| - name: Check dependencies | ||
| run: | | ||
| docker version | ||
| docker buildx version | ||
| - name: Load VM kernel | ||
| env: | ||
| IMAGE: ${{ needs.vm-kernel.outputs.image }} | ||
| run: | | ||
| docker pull --quiet $IMAGE | ||
| ID=$(docker create $IMAGE true) | ||
| docker cp ${ID}:/vmlinuz neonvm/hack/kernel/vmlinuz | ||
| docker rm -f ${ID} | ||
| - name: Build go dependencies image | ||
| uses: docker/build-push-action@v6 | ||
| id: build-go-dependencies-image | ||
| with: | ||
| context: . | ||
| platforms: linux/amd64 | ||
| push: true | ||
| file: Dockerfile.go-base | ||
| cache-from: type=registry,ref=cache.neon.build/autoscaling-go-base:cache | ||
| cache-to: ${{ github.ref_name == 'main' && 'type=registry,ref=cache.neon.build/autoscaling-go-base:cache,mode=max' || '' }} | ||
| tags: ${{ env.GO_BASE_IMG }} | ||
| - name: Build and push neonvm-runner image | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| context: . | ||
| platforms: linux/amd64 | ||
| push: true | ||
| file: neonvm/runner/Dockerfile | ||
| cache-from: type=registry,ref=cache.neon.build/neonvm-runner:cache | ||
| cache-to: ${{ github.ref_name == 'main' && 'type=registry,ref=cache.neon.build/neonvm-runner:cache,mode=max' || '' }} | ||
| tags: ${{ needs.tags.outputs.runner }} | ||
| build-args: | | ||
| GO_BASE_IMG=${{ env.GO_BASE_IMG }} | ||
| - name: Build and push neonvm-daemon image | ||
| uses: docker/build-push-action@v3 | ||
| with: | ||
| context: . | ||
| platforms: linux/amd64 | ||
| push: true | ||
| file: neonvm/daemon/Dockerfile | ||
| tags: ${{ needs.tags.outputs.daemon }} | ||
| build-args: | | ||
| GO_BASE_IMG=${{ env.GO_BASE_IMG }} | ||
| - name: Generate neonvm-controller build tags | ||
| id: controller-build-tags | ||
| env: | ||
| PRESERVE_RUNNER_PODS: ${{ inputs.controller-preserve-runner-pods }} | ||
| run: | | ||
| if [ "$PRESERVE_RUNNER_PODS" = 'true' ]; then | ||
| echo "buildtags=nodelete" | tee -a $GITHUB_OUTPUT | ||
| else | ||
| echo "buildtags=" | tee -a $GITHUB_OUTPUT | ||
| fi | ||
| - name: Build and push neonvm-controller image | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| context: . | ||
| platforms: linux/amd64 | ||
| push: true | ||
| file: neonvm/Dockerfile | ||
| cache-from: type=registry,ref=cache.neon.build/neonvm-controller:cache | ||
| cache-to: ${{ github.ref_name == 'main' && 'type=registry,ref=cache.neon.build/neonvm-controller:cache,mode=max' || '' }} | ||
| tags: ${{ needs.tags.outputs.controller }} | ||
| build-args: | | ||
| GO_BASE_IMG=${{ env.GO_BASE_IMG }} | ||
| VM_RUNNER_IMAGE=${{ needs.tags.outputs.runner }} | ||
| BUILDTAGS=${{ steps.controller-build-tags.outputs.buildtags }} | ||
| - name: Build and push neonvm-vxlan-controller image | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| context: . | ||
| platforms: linux/amd64 | ||
| push: true | ||
| file: neonvm/tools/vxlan/Dockerfile | ||
| cache-from: type=registry,ref=cache.neon.build/neonvm-vxlan-controller:cache | ||
| cache-to: ${{ github.ref_name == 'main' && 'type=registry,ref=cache.neon.build/neonvm-vxlan-controller:cache,mode=max' || '' }} | ||
| tags: ${{ needs.tags.outputs.vxlan-controller }} | ||
| build-args: | | ||
| GO_BASE_IMG=${{ env.GO_BASE_IMG }} | ||
| - name: Build and push autoscale-scheduler image | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| context: . | ||
| platforms: linux/amd64 | ||
| push: true | ||
| file: build/autoscale-scheduler/Dockerfile | ||
| cache-from: type=registry,ref=cache.neon.build/autoscale-scheduler:cache | ||
| cache-to: ${{ github.ref_name == 'main' && 'type=registry,ref=cache.neon.build/autoscale-scheduler:cache,mode=max' || '' }} | ||
| tags: ${{ needs.tags.outputs.scheduler }} | ||
| build-args: | | ||
| GO_BASE_IMG=${{ env.GO_BASE_IMG }} | ||
| GIT_INFO=${{ steps.get-git-info.outputs.info }}:${{ inputs.tag }} | ||
| - name: Build and push autoscaler-agent image | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| context: . | ||
| platforms: linux/amd64 | ||
| push: true | ||
| file: build/autoscaler-agent/Dockerfile | ||
| cache-from: type=registry,ref=cache.neon.build/autoscaler-agent:cache | ||
| cache-to: ${{ github.ref_name == 'main' && 'type=registry,ref=cache.neon.build/autoscaler-agent:cache,mode=max' || '' }} | ||
| tags: ${{ needs.tags.outputs.autoscaler-agent }} | ||
| build-args: | | ||
| GO_BASE_IMG=${{ env.GO_BASE_IMG }} | ||
| GIT_INFO=${{ steps.get-git-info.outputs.info }} | ||
| - name: Build and push cluster-autoscaler image | ||
| uses: docker/build-push-action@v6 | ||
| if: ${{ format('{0}', inputs.build-cluster-autoscaler) == 'true' }} | ||
| with: | ||
| context: cluster-autoscaler | ||
| platforms: linux/amd64 | ||
| push: true | ||
| tags: ${{ needs.tags.outputs.cluster-autoscaler }} | ||
| cache-from: type=registry,ref=cache.neon.build/cluster-autoscaler-neonvm:cache | ||
| cache-to: ${{ github.ref_name == 'main' && 'type=registry,ref=cache.neon.build/cluster-autoscaler-neonvm:cache,mode=max' || '' }} | ||
| build-args: | | ||
| CA_GIT_TAG=${{ steps.get-ca-tag.outputs.tag }} | ||
| - name: Copy all images to ECR | ||
| if: ${{ format('{0}', inputs.upload-to-ecr) == 'true' }} | ||
| run: | | ||
| for image in \ | ||
| neonvm-controller \ | ||
| neonvm-vxlan-controller \ | ||
| neonvm-runner \ | ||
| neonvm-daemon \ | ||
| vm-kernel \ | ||
| autoscale-scheduler \ | ||
| autoscaler-agent \ | ||
| cluster-autoscaler-neonvm \ | ||
| ; do | ||
| echo Copy ${image}:${{ inputs.tag }} to dev ECR | ||
| docker buildx imagetools create -t ${{ env.ECR_DEV }}/${image}:${{ inputs.tag }} \ | ||
| neondatabase/${image}:${{ inputs.tag }} | ||
| echo Copy ${image}:${{ inputs.tag }} to prod ECR | ||
| docker buildx imagetools create -t ${{ env.ECR_PROD }}/${image}:${{ inputs.tag }} \ | ||
| neondatabase/${image}:${{ inputs.tag }} | ||
| done | ||
