Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable basic CI for s390x #576

Merged
merged 5 commits into from
Jun 13, 2024
Merged

Enable basic CI for s390x #576

merged 5 commits into from
Jun 13, 2024

Conversation

BbolroC
Copy link
Member

@BbolroC BbolroC commented Jun 10, 2024
edited
Loading

The following workflows are enabled by a self-hosted runner named s390x-runner-01 registered to the coco org:

  • attestation agent
  • confidential data hub
  • API server rest
  • image-rs

ocicrypt-rs is not included for the enablement this time because a base build image runetest/compilation-testing does not support s390x.

The changes are verified via a private runner:

This PR will enable the community to run tests natively for each component.

The rationale for a post-action script at the end of each workflow

  1. A self-hosted runner for s390x cannot be instantiated and used instantly on request, rather should be ready/running 24/7. It is inevitable to institute a hook for the management over test runs.
  2. The management script could be committed to the repo, but it wouldn't be flexible enough to deal with an environmental issue on the runner.

The script is managed internally, but all commands in the script will be transparently tracked by set -x.

Signed-off-by: Hyounggyu Choi Hyounggyu.Choi@ibm.com

@BbolroC BbolroC requested a review from sameo as a code owner June 10, 2024 19:50
@BbolroC BbolroC mentioned this pull request Jun 10, 2024
Merged
1 task
@Xynnn007
Copy link
Member

Hi @BbolroC Seems that no runners pick this up?

@Xynnn007 Xynnn007 mentioned this pull request Jun 11, 2024
Open
@BbolroC BbolroC force-pushed the enable-ci-for-s390x branch 5 times, most recently from 7d22ac4 to 09a3477 Compare June 11, 2024 08:25
@BbolroC
Copy link
Member Author

BbolroC commented Jun 11, 2024
edited
Loading

I introduced concurrency.cancel-in-progress at the 2nd from the last commit because running existing actions when a PR is updated is not resource-efficient.

Update: The tag of the runner for ac_occlum_sgx has been updated from self-hosted to sgx at the last commit.

@BbolroC BbolroC force-pushed the enable-ci-for-s390x branch 3 times, most recently from 983e66c to a6a4ebe Compare June 11, 2024 10:15
@BbolroC
Copy link
Member Author

BbolroC commented Jun 11, 2024

A job image-rs build / Check (1.72.0, s390x) (pull_request) fails due to the following:

You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: [https://www.docker.com/increase-rate-limit](https://www.docker.com/increase-rate-limit])

I was wondering if we could get away from docker.io, which is a hell for CI.

@Xynnn007
Copy link
Member

A job image-rs build / Check (1.72.0, s390x) (pull_request) fails due to the following:

You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: [https://www.docker.com/increase-rate-limit](https://www.docker.com/increase-rate-limit])

I was wondering if we could get away from docker.io, which is a hell for CI.

I am with this. Opened an issue for this #578

@BbolroC
GHA: Enable attestation confidential data hub for s390x
47eaaf7 
This commit makes the existing build/test for CDH running on s390x natively.
An element called `Dummy` is added to enum `EnvelopeArgs` to avoid the
unreachable pattern for match. The platform specific implementation will be
instituted afterwards.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
@BbolroC
GHA: Enable API server rest workflow for s390x
e8f9f54 
This commit makes the existing build/test for API server rest
running on s390x natively.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
@BbolroC
GHA: Enable image-rs workflow for s390x
64fe97a 
This commit makes the existing build/test for image-rs running
on s390x natively. Due to limitation on enablement for the platform,
checks for enclave and nydus are selectivly excluded.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
@BbolroC
Copy link
Member Author

BbolroC commented Jun 12, 2024

@Xynnn007 I think there is an environmental issue for occlum_sgx_ci around checking out the repo.

fitzthum
fitzthum approved these changes Jun 12, 2024
View reviewed changes
Copy link
Member

@fitzthum fitzthum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fitzthum
Copy link
Member

SGX tests failing, but I think that might be the result of the recent rename of the runner? this PR updates the name. cc @Xynnn007

@BbolroC BbolroC changed the title Enable basic CI for s390x WIP Enable basic CI for s390x Jun 13, 2024
@BbolroC
Copy link
Member Author

BbolroC commented Jun 13, 2024

Hold on, please. I will enable the AA test for s390x as ghcr.io/confidential-containers/staged-images/kbs:latest has been published for s390x. I have added WIP to the title. Thanks.

@BbolroC BbolroC changed the title WIP Enable basic CI for s390x Enable basic CI for s390x Jun 13, 2024
@BbolroC
GHA: Enable attestation agent workflow for s390x
ebf3163 
This commit make the existing build/test for attestation agent running
on s390x. The build option is configured to use `se-attester`.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
@Xynnn007
Copy link
Member

SGX tests failing, but I think that might be the result of the recent rename of the runner? this PR updates the name. cc @Xynnn007

GH jobs are not normal on the machine. I am looking into this.

@BbolroC
Copy link
Member Author

BbolroC commented Jun 13, 2024
edited
Loading

Update: The tag of the runner for ac_occlum_sgx has been updated from self-hosted to sgx at the last commit.

@Xynnn007 and I have decided not to include the change of the tag in this PR. This will be handled separately.

@Xynnn007
Copy link
Member

Xynnn007 commented Jun 13, 2024
edited
Loading

@Xynnn007 and I have decided not to include the change of the tag in this PR. This will be handled separately.

Related issue #581

@BbolroC
GHA: Introduce concurrency.cancel-in-progress
fdccb7f 
Running existing actions when a PR is updated is not resource-efficient.
The change cancels previous runs to optimize resource utilization.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
Xynnn007
Xynnn007 approved these changes Jun 13, 2024
View reviewed changes
Copy link
Member

@Xynnn007 Xynnn007 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@Xynnn007 Xynnn007 merged commit 3f2fd79 into confidential-containers:main Jun 13, 2024
15 checks passed
@BbolroC BbolroC deleted the enable-ci-for-s390x branch June 13, 2024 10:14
BbolroC added a commit to BbolroC/cc-guest-components that referenced this pull request Aug 2, 2024
@BbolroC
GHA: Introduce concurrency.cancel-in-progress
ba479f2 
Some of the workflows do not consider `cancel-in-progress`.
As mentioned in confidential-containers#576, it is not an optimal use of resources
to keep running existing actions upon PR updates.

This commit introduces the concurrency concept to them.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
BbolroC added a commit to BbolroC/cc-guest-components that referenced this pull request Aug 2, 2024
@BbolroC
GHA: Introduce concurrency.cancel-in-progress
c351d32 
Some of the workflows do not consider `cancel-in-progress`.
As mentioned in confidential-containers#576, it is not an optimal use of resources
to keep running existing actions upon PR updates.

This commit introduces the concurrency concept to them.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
BbolroC added a commit to BbolroC/cc-guest-components that referenced this pull request Aug 2, 2024
@BbolroC
GHA: Introduce concurrency.cancel-in-progress
8543403 
Some of the workflows do not consider `cancel-in-progress`.
As mentioned in confidential-containers#576, it is not an optimal use of resources
to keep running existing actions upon PR updates.

This commit introduces the concurrency concept to them.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
BbolroC added a commit that referenced this pull request Aug 2, 2024
@BbolroC
GHA: Introduce concurrency.cancel-in-progress
06d0c7e 
Some of the workflows do not consider `cancel-in-progress`.
As mentioned in #576, it is not an optimal use of resources
to keep running existing actions upon PR updates.

This commit introduces the concurrency concept to them.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fitzthum fitzthum fitzthum approved these changes

@Xynnn007 Xynnn007 Xynnn007 approved these changes

@sameo sameo Awaiting requested review from sameo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@BbolroC @Xynnn007 @fitzthum