eden_gcp.yml

---
name: EdenGCP
on:  # yamllint disable-line rule:truthy
  push:
    branches: [master]
# yamllint disable rule:line-length

jobs:
  check-secrets:
    runs-on: ubuntu-22.04
    outputs:
      available: ${{ steps.secrets.outputs.defined }}
    steps:
      - id: secrets
        if: ${{ (env.OVPN_FILE != '') && (env.GCP_PROJECT_ID != '') && (env.GCP_SA_KEY != '') }}
        run: echo "defined=true" >> $GITHUB_OUTPUT
        env:
          OVPN_FILE: ${{ secrets.OVPN_FILE }}
          GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
          GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
  integration:
    name: Integration GCP test (${{ matrix.hv }};${{ matrix.fs }})
    runs-on: ubuntu-22.04
    needs: [check-secrets]
    if: needs.check-secrets.outputs.available == 'true'
    strategy:
      fail-fast: false
      matrix:
        hv: ["kvm", "xen"]
        fs: ["zfs", "ext4"]
    steps:
      - name: get eden
        uses: actions/checkout@v3
      - name: setup go
        uses: actions/setup-go@v3
        with:
          go-version: '1.18'
      - name: Check
        run: |
          for addr in $(ip addr list|sed -En -e 's/.*inet ([0-9.]+).*/\1/p')
          do
              if echo "$addr" | grep -q -E "10.11.(12|13).[0-9]+"; then
                echo "$addr overlaps with test"; exit 1
              fi
              if echo "$addr" | grep -q -E "10.8.0.[0-9]+"; then
                echo "$addr overlaps with vpn"; exit 1
              fi
          done
          sudo df -h
          sudo swapoff -a
          sudo free
      - name: Public IP
        id: ip
        run: |
          PUBLIC_IP=$(curl -s https://api.ipify.org/?format=text)
          if [[ ! $PUBLIC_IP =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then exit 1; fi
          echo "ipv4=$PUBLIC_IP" >> $GITHUB_OUTPUT
      - name: setup packages
        run: |
          sudo apt update
          sudo apt install -y qemu-utils openvpn jq
          echo "$OVPN_FILE" | base64 -d > ./config.ovpn
        env:
          OVPN_FILE: ${{ secrets.OVPN_FILE }}
      - name: Set up Cloud SDK
        uses: google-github-actions/setup-gcloud@v0.6.0
        with:
          project_id: ${{ secrets.GCP_PROJECT_ID }}
      - id: 'gcpauth'
        name: Auth to Google Cloud SDK
        uses: google-github-actions/auth@v0.8.2
        with:
          project_id: ${{ secrets.GCP_PROJECT_ID }}
          credentials_json: ${{ secrets.GCP_SA_KEY }}
          create_credentials_file: true
      - name: set firewall & clean
        run: |
          gcloud compute instances delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q --zone=us-west1-a || echo "not exists"
          gcloud compute images delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q || echo "not exists"
      - name: Connect VPN
        id: connect_vpn
        timeout-minutes: 1
        run: |
          sudo openvpn --config ./config.ovpn --daemon
          until ip -f inet addr show tun0; do sleep 5; ip a; done
          echo "tunnel_ip=$(ip -f inet addr show tun0 | sed -En -e 's/.*inet ([0-9.]+).*/\1/p')" >> $GITHUB_OUTPUT
      - name: build eden
        run: |
          make build
          make build-tests
      - name: pre-setup
        run: |
          ./eden config add default --devmodel GCP
          ./eden config set default --key adam.eve-ip --value ${{ steps.connect_vpn.outputs.tunnel_ip }}
          ./eden config set default --key registry.ip --value ${{ steps.connect_vpn.outputs.tunnel_ip }}
          ./eden config set default --key eve.hv --value ${{ matrix.hv }}
          ./eden config set default --key eve.tpm --value true
          ./eden utils gcp firewall --source-range ${{ steps.ip.outputs.ipv4 }}/32 --name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}"
      - name: setup-ext4
        if: matrix.fs == 'ext4'
        run: ./eden setup -v debug
      - name: setup-zfs
        if: matrix.fs == 'zfs'
        run: |
          ./eden config set default --key=eve.disks --value=4
          ./eden setup -v debug --grub-options='set_global dom0_extra_args "$dom0_extra_args eve_install_zfs_with_raid_level "'
      - name: clean-docker
        run: docker system prune -f -a
      - name: post-setup
        run: |
          ./eden utils gcp image --image-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}" upload
          ./eden utils gcp vm --image-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} --vm-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}" run
          ./eden start
          sleep 100
          BWD=$(./eden utils gcp vm get-ip --vm-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}") || { echo "cannot obtain IP"; exit 1; }
          echo "the IP is $BWD"
          ./eden utils gcp firewall -k "${{ steps.gcpauth.outputs.credentials_file_path }}" --source-range $BWD --name eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} || { echo "cannot set firewall"; exit 1; }
          ./eden eve onboard
          echo > tests/workflow/testdata/eden_stop.txt
      - name: Test
        run: |
          EDEN_TEST=gcp ./eden test tests/workflow -v debug
      - name: Collect info
        if: ${{ failure() }}
        uses: ./.github/actions/collect-info
        with:
          working-directory: ${{ github.workspace }}
      - name: Collect logs
        if: ${{ always() }}
        run: |
          ./eden log --format json > trace.log || echo "no log"
          ./eden info --format json > info.log || echo "no info"
          ./eden metric --format json > metric.log || echo "no metric"
          ./eden netstat --format json > netstat.log || echo "no netstat"
          docker logs eden_adam > adam.log 2>&1 || echo "no adam log"
          ./eden utils gcp vm log --vm-name eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -k "${{ steps.gcpauth.outputs.credentials_file_path }}" > console.log || echo "no device log"
      - name: Clean
        if: ${{ always() }}
        run: |
          gcloud compute firewall-rules delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} || echo "not exists"
          gcloud compute firewall-rules delete eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} || echo "not exists"
          gcloud compute instances delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q --zone=us-west1-a || echo "not exists"
          gcloud compute images delete eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}} -q || echo "not exists"
          gsutil -o "Credentials:gs_service_key_file=${{ steps.gcpauth.outputs.credentials_file_path }}" rm gs://eve-live/eve-eden-actions-${{ matrix.hv }}-${{ matrix.fs }}-${{github.run_number}}.img.tar.gz || echo "not exists"
      - name: Log counting
        if: ${{ always() }}
        run: |
          echo "::group::Total errors"
          echo "$(jq '.severity' trace.log|grep err|wc -l)"
          echo "::endgroup::"
          echo "::group::Errors by source"
          echo "errors by source: $(jq -s 'map(select(.severity|contains("err")))|group_by(.source)|map({"source": .[0].source, "total":length})|sort_by(.total)|reverse[]' trace.log)"
          echo "::endgroup::"
          echo "::group::Error log content duplicates"
          echo "$(jq -s 'map(select(.severity | contains("err")))|group_by(.content)|map(select(length>1))' trace.log)"
          echo "::endgroup::"
          echo "::group::Error log function filename duplicates"
          echo "$(jq -s 'map(select(.severity | contains("err")))|group_by(.filename)|map(select(length>10))|map({"source": .[0].source, "filename": .[0].filename, "function": .[0].function, "content": [.[].content], "total":length})|sort_by(.total)| reverse[]' trace.log)"
          echo "::endgroup::"
          echo "::group::Segfaults"
          echo "$(jq -s 'map(select(.content | contains("segfault at")))' trace.log)"|tee segfaults.log
          [ "$(jq length segfaults.log)" -gt 0 ] && echo "::warning::segfaults found, you can see them in Log counting->Segfaults section"
          echo "::endgroup::"
      - name: Store raw test results
        if: ${{ always() }}
        uses: actions/upload-artifact@v3
        with:
          name: eden-report-${{ matrix.hv }}-${{ matrix.fs }}
          path: |
            ${{ github.workspace }}/eve-info.tar.gz
            ${{ github.workspace }}/trace.log
            ${{ github.workspace }}/info.log
            ${{ github.workspace }}/adam.log
            ${{ github.workspace }}/netstat.log
            ${{ github.workspace }}/metric.log
            ${{ github.workspace }}/console.log