From: Oto Šťáva Date: Thu, 25 Jul 2024 13:46:29 +0000 (+0200) Subject: .gitlab-ci: port package testing over from v6 X-Git-Tag: v5.7.5~10^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fenvironments%2Fdocs-develop-pkg-ou2yxf%2Fdeployments%2F4696;p=thirdparty%2Fknot-resolver.git .gitlab-ci: port package testing over from v6 This also takes in the change that the packages are published as artifacts. --- diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index dc8c23b74..4d130f91f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,7 +37,8 @@ stages: - test - respdiff - deploy - - pkgtest + - obs + - pkg # https://docs.gitlab.com/ce/ci/jobs/job_control.html#select-different-runner-tags-for-each-parallel-matrix-job .multi_platform: &multi_platform @@ -379,23 +380,6 @@ test:valgrind: - ${MESON_TEST} --suite unit --suite config --no-suite snowflake --wrap="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" - MESON_TESTTHREADS=1 ${MESON_TEST} --wrap="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" --suite snowflake -pkgtest: - stage: test - trigger: - include: ci/pkgtest.yaml - strategy: depend - needs: - - build-stable - variables: # https://gitlab.nic.cz/help/ci/yaml/README.md#artifact-downloads-to-child-pipelines - PARENT_PIPELINE_ID: $CI_PIPELINE_ID - except: - refs: - - master@knot/knot-resolver - - master@knot/security/knot-resolver - - tags - variables: - - $SKIP_CI == "1" - pytests: <<: *test_flaky needs: @@ -586,7 +570,7 @@ obs:release: obs:odvr: <<: *obs_trigger - stage: pkgtest # last stage to ensure it doesn't block anything + stage: obs # last stage to ensure it doesn't block anything only: - tags variables: @@ -594,9 +578,9 @@ obs:odvr: when: manual # }}} -# pkgtest {{{ +# obs {{{ .deploytest: &deploytest - stage: pkgtest + stage: obs only: variables: - $OBS_REPO =~ /^knot-resolver-devel|knot-dns-devel|knot-resolver-testing$/ @@ -746,35 +730,122 @@ obs:ubuntu2204:x86_64: DISTROTEST_NAME: ubuntu2204 DISTROTEST_REPO: xUbuntu_22.04 -.packagingtest: &packagingtest - stage: pkgtest - only: - refs: - - nightly@knot/knot-resolver - needs: [] +# }}} + +# pkg {{{ +.pkg_deb_extras: &pkg_deb_extras + before_script: + - apt update + +.enable_repo_build: &enable_repo_build + before_script: + - ./scripts/enable-repo-cznic-labs.sh knot-dns + +.pkg_test: &pkg_test + stage: pkg + needs: + - pkg:make-archive tags: - - dind + - lxc - amd64 - variables: - DISTRO: debian_10 script: - - pytest -r fEsxX tests/packaging -k $DISTRO - -packaging:centos_8: - <<: *packagingtest - variables: - DISTRO: centos_8 - -packaging:fedora_31: - <<: *packagingtest - variables: - DISTRO: fedora_31 + # make sure the archive from pkg:make-archive is available + - apkg info cache | grep archive/dev + - apkg install --build-dep + - apkg test --test-dep + artifacts: + expire_in: 1 week + paths: + - pkg/pkgs/ -packaging:fedora_32: - <<: *packagingtest - variables: - DISTRO: fedora_32 +.pkg_test_user: &pkg_test_user + <<: *pkg_test + script: + - apkg info cache | grep archive/dev + - apkg build-dep --test-dep + - apkg make-archive + - chgrp -R test . + - chmod -R g+rwX . + - find -type d -exec chmod g+s {} + + - git config core.sharedRepository group + - sudo -u test git config --global --add safe.directory '*' + - sudo -u test apkg build + - apkg install + - apkg test + +.pkg_test_deb: &pkg_test_deb + <<: *pkg_test + <<: *pkg_deb_extras + +pkg:make-archive: + # archive is created once and reused in other pkg jobs + <<: *pkg_deb_extras + stage: pkg + image: $CI_REGISTRY/packaging/apkg/full/ubuntu-24.04 + tags: + - lxc + - amd64 + needs: [] + artifacts: + paths: + - pkg/ + script: + - apkg build-dep + - apkg make-archive +pkg:debian-12: + <<: *pkg_test_deb + <<: *enable_repo_build + image: $CI_REGISTRY/packaging/apkg/full/debian-12 + +pkg:debian-11: + <<: *pkg_test_deb + <<: *enable_repo_build + image: $CI_REGISTRY/packaging/apkg/full/debian-11 + +pkg:ubuntu-24.04: + <<: *pkg_test_deb + image: $CI_REGISTRY/packaging/apkg/full/ubuntu-24.04 + +pkg:ubuntu-22.04: + <<: *pkg_test_deb + <<: *enable_repo_build + image: $CI_REGISTRY/packaging/apkg/full/ubuntu-22.04 + +pkg:ubuntu-20.04: + <<: *pkg_test_deb + <<: *enable_repo_build + image: $CI_REGISTRY/packaging/apkg/full/ubuntu-20.04 + +pkg:fedora-39: + <<: *pkg_test + image: $CI_REGISTRY/packaging/apkg/full/fedora-39 + +pkg:fedora-38: + <<: *pkg_test + image: $CI_REGISTRY/packaging/apkg/full/fedora-38 + +pkg:alma-9: + <<: *pkg_test + image: $CI_REGISTRY/packaging/apkg/full/alma-9 + +pkg:arch: + <<: *pkg_test_user + image: $CI_REGISTRY/packaging/apkg/full/arch + before_script: + - pacman -Syy + +# RHEL 8 derivatives would need more work due to *default* python being old +#pkg:rocky-8: +# <<: *pkg_test +# image: $CI_REGISTRY/packaging/apkg/full/rocky-8 + +# Leap 15.4 would need more work due to *default* python being old +#pkg:opensuse-15.4: +# <<: *pkg_test +# <<: *enable_repo_build +# image: $CI_REGISTRY/packaging/apkg/full/opensuse-15.4 +# allow_failure: true # SUSE is always special # }}} # docs: {{{ diff --git a/distro/tests/extra/all/control b/distro/tests/extra/all/control new file mode 100644 index 000000000..93b9e04c7 --- /dev/null +++ b/distro/tests/extra/all/control @@ -0,0 +1,19 @@ +{# Tests that kresd can be started with default config and it resolves some domains #} +Tests: systemd_service.sh +Tests-Directory: distro/tests/ +Restrictions: needs-root +{% if distro.match('fedora') -%} +Depends: knot-utils +{% elif distro.match('debian') or distro.match('ubuntu') -%} +Depends: knot-dnsutils +{% elif distro.match('arch') -%} +Depends: knot +{% elif distro.match('rocky', 'centos') -%} +Depends: knot-utils +{% elif distro.match('almalinux') -%} +Depends: knot-utils +{% elif distro.match('opensuse') -%} +Depends: knot-utils +{% else -%} +Depends: unsupported-distro-this-package-does-not-exist-and-the-test-should-fail +{%- endif %} diff --git a/distro/tests/systemd_service.sh b/distro/tests/systemd_service.sh new file mode 100755 index 000000000..6c3540c3d --- /dev/null +++ b/distro/tests/systemd_service.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +# fail fast +set -e + +# check for root +if test "$(id -u)" -ne 0; then + echo "Must be run as root" + exit 1 +fi + +# We will be starting a systemd service, but another tests might do the same +# so this makes sure there is nothing left after we exit +trap "systemctl stop kresd@1.service" EXIT + + +if ! systemctl start kresd@1.service; then + echo + echo "Failed to start service, here is its status:" + systemctl status kresd@1.service || true + echo + echo "kresd@1.service:" + systemctl cat kresd@1.service || true + echo + echo "Checking service user using \`id knot-resolver\`:" + id knot-resolver + exit 1 +else + set +e + + # check that the resolvers are actually running + kdig @127.0.0.1 +edns nic.cz | tee /dev/stderr | grep -qi 'status: NOERROR' + if [ "$?" -ne "0" ]; then + echo "Could not 'kdig' the resolver - is it running?" + exit 1 + fi +fi diff --git a/scripts/enable-repo-cznic-labs.sh b/scripts/enable-repo-cznic-labs.sh new file mode 100755 index 000000000..cbc64c685 --- /dev/null +++ b/scripts/enable-repo-cznic-labs.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# enable CZ.NIC Labs Debian/Ubuntu repos - see https://pkg.labs.nic.cz/doc/ +set -e + +REPO=$1 +if [ -z "${REPO}" ]; then + echo "usage: $0 REPOSITORY" + echo -e "\nPlease see: https://pkg.labs.nic.cz/doc/" + exit 1 +fi +if [ "$(whoami)" != "root" ]; then + echo "ERROR: this script must be run as ROOT" + echo -e "\nTry running with sudo:\n\n sudo $0\n" + exit 2 +fi + +# update apt metadata and install requirements +apt-get update +apt-get install -y apt-transport-https ca-certificates lsb-release wget + +DISTRO=$(lsb_release -si | tr '[:upper:]' '[:lower:]') +CODENAME=$(lsb_release -sc) + +echo "Enabling $REPO repo on $DISTRO $CODENAME..." +# get repo signing key +wget -O /usr/share/keyrings/cznic-labs-pkg.gpg https://pkg.labs.nic.cz/gpg +# create repo entry +echo "deb [signed-by=/usr/share/keyrings/cznic-labs-pkg.gpg] https://pkg.labs.nic.cz/$REPO $CODENAME main" > /etc/apt/sources.list.d/cznic-labs-$REPO.list +# update apt metadata from the new repo +apt-get update