forked from runfinch/finch-daemon
-
Notifications
You must be signed in to change notification settings - Fork 0
254 lines (216 loc) · 9.41 KB
/
samcli-vm.yaml
File metadata and controls
254 lines (216 loc) · 9.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
name: samcli-vm
on:
pull_request:
branches:
- main
paths:
- 'scripts/samcli-vm/**'
- 'scripts/cleanup-aws-resources.sh'
- 'scripts/validate-test-results.sh'
- '.github/workflows/samcli-vm.yaml'
schedule:
- cron: '0 8 * * *'
workflow_dispatch:
env:
GO_VERSION: '1.24.11'
# python version should match https://github.com/aws/aws-sam-cli/blame/develop/tests/integration/testdata/durable/template.yaml
PYTHON_VERSION: '3.13'
PYTHON_BINARY: 'python3.13'
AWS_DEFAULT_REGION: "${{ secrets.REGION }}"
BY_CANARY: true # allows full testing
SAM_CLI_DEV: 1
SAM_CLI_TELEMETRY: 0
DOCKER_HOST: unix:///Applications/Finch/lima/data/finch/sock/finch.sock
DOCKER_CONFIG: /Users/ec2-user/.finch
permissions:
id-token: write
contents: read
jobs:
samcli-vm-test:
runs-on: codebuild-finch-daemon-arm64-2-instance-${{ github.run_id }}-${{ github.run_attempt }}
steps:
- name: Clean macOS runner workspace
run: |
# taken from test-pkg workflow in finch
sudo rm -rf /Applications/Finch
sudo rm -rf /opt/finch
su ec2-user -c 'rm -rf ~/.finch'
sudo rm -rf ./_output
if pgrep '^qemu-system'; then
sudo pkill '^qemu-system'
fi
if pgrep '^socket_vmnet'; then
sudo pkill '^socket_vmnet'
fi
- name: Configure Git for ec2-user
run: |
git config --global --add safe.directory "*"
shell: bash
- name: Set up Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version: ${{ env.GO_VERSION }}
cache: false
- name: Configure Go for ec2-user
run: |
chown -R ec2-user:staff $GOPATH || true
chown -R ec2-user:staff $RUNNER_TOOL_CACHE/go || true
- name: Install Rosetta 2
run: su ec2-user -c 'echo "A" | /usr/sbin/softwareupdate --install-rosetta --agree-to-license || true'
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Configure Python for ec2-user
run: |
# Make Python accessible to ec2-user
chown -R ec2-user:staff $(${{ env.PYTHON_BINARY }} -c "import site; print(site.USER_BASE)") || true
# Or symlink to ec2-user's PATH
ln -sf $(which ${{ env.PYTHON_BINARY }}) /usr/local/bin/${{ env.PYTHON_BINARY }} || true
- name: Configure Homebrew for ec2-user
run: |
echo "Creating .brewrc file for ec2-user..."
cat > /Users/ec2-user/.brewrc << 'EOF'
# Homebrew environment setup
export PATH="/opt/homebrew/bin:/opt/homebrew/sbin:$PATH"
export HOMEBREW_PREFIX="/opt/homebrew"
export HOMEBREW_CELLAR="/opt/homebrew/Cellar"
export HOMEBREW_REPOSITORY="/opt/homebrew"
export HOMEBREW_NO_AUTO_UPDATE=1
EOF
chown ec2-user:staff /Users/ec2-user/.brewrc
# Fix Homebrew permissions
echo "Setting permissions for Homebrew directories..."
mkdir -p /opt/homebrew/Cellar
chown -R ec2-user:staff /opt/homebrew
shell: bash
- name: Install dependencies
run: |
echo "Installing dependencies as ec2-user..."
su ec2-user -c 'source /Users/ec2-user/.brewrc && brew install lz4 automake autoconf libtool yq'
shell: bash
- name: Checkout mainline finch repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: main
repository: runfinch/finch
submodules: recursive
- name: Checkout finch-daemon
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
path: finch-daemon-pr
- name: Make & install Finch
run: |
chown -R ec2-user:staff "$GITHUB_WORKSPACE"
su ec2-user -c "cd $GITHUB_WORKSPACE && make clean && make FINCH_OS_IMAGE_LOCATION_ROOT=/Applications/Finch && make install PREFIX=Applications/Finch"
su ec2-user -c "ls -lah /Applications/Finch"
- name: Make Finch Daemon
run: |
su ec2-user -c "cd $GITHUB_WORKSPACE/finch-daemon-pr && STATIC=1 GOPROXY=direct GOOS=linux GOARCH=\$(go env GOARCH) make"
su ec2-user -c "cp $GITHUB_WORKSPACE/finch-daemon-pr/bin/finch-daemon /Applications/Finch/finch-daemon/finch-daemon"
- name: Initializing Finch VM
run: |
su ec2-user -c 'finch vm init'
su ec2-user -c 'while ! finch vm status | grep -q "Running"; do echo "Waiting for VM..."; sleep 5; done'
- name: Pinging Finch Daemon socket
run: |
su ec2-user -c 'LIMA_HOME=/Applications/Finch/lima/data /Applications/Finch/lima/bin/limactl shell finch curl --unix-socket /var/run/finch.sock -X GET http:/v1.41/version'
- name: Verify Finch socket
run: |
# Test socket connectivity
if su ec2-user -c 'curl -s --unix-socket /Applications/Finch/lima/data/finch/sock/finch.sock http://localhost/version' > /dev/null; then
echo "✓ Finch daemon is accessible"
else
echo "✗ Finch daemon connection failed"
ls -la /Applications/Finch/lima/data/finch/sock/ || echo "Socket directory not found"
exit 1
fi
- name: Ensure Docker is not available (force Finch usage)
run: |
echo "Ensuring Docker is not accessible to force SAM CLI to use Finch..."
# Remove docker binaries from PATH
sudo rm -f /usr/local/bin/docker /opt/homebrew/bin/docker || true
# Verify docker is not accessible
if su ec2-user -c 'which docker' > /dev/null 2>&1; then
echo "WARNING: Docker is still accessible"
su ec2-user -c 'which docker'
else
echo "SUCCESS: Docker is not accessible - SAM CLI will use Finch"
fi
shell: bash
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
with:
role-to-assume: ${{ secrets.SAMCLI_VM_ROLE_SYNC }}
role-session-name: samcli-finch-vm-sequential-tests
aws-region: ${{ secrets.REGION }}
role-duration-seconds: 14400
- name: Get latest SAM CLI tag
id: sam-tag
run: |
TAG=$(curl -s https://api.github.com/repos/aws/aws-sam-cli/releases/latest | jq -r .tag_name)
echo "tag=$TAG" >> $GITHUB_OUTPUT
- name: Checkout SAM CLI
uses: actions/checkout@v4
with:
repository: aws/aws-sam-cli
submodules: recursive
path: aws-sam-cli
ref: ${{ steps.sam-tag.outputs.tag }}
- name: Set up SAM CLI from source
run: |
# Move to ec2-user home and change ownership
sudo rm -rf /Users/ec2-user/aws-sam-cli || true
sudo mv aws-sam-cli /Users/ec2-user/aws-sam-cli
sudo chown -R ec2-user:staff /Users/ec2-user/aws-sam-cli
# Install and setup (use full path)
su ec2-user -c 'cd /Users/ec2-user/aws-sam-cli && ${{ env.PYTHON_BINARY }} -m pip install --upgrade pip --user'
su ec2-user -c 'cd /Users/ec2-user/aws-sam-cli && SAM_CLI_DEV=1 ${{ env.PYTHON_BINARY }} -m pip install -e ".[dev]" --user'
su ec2-user -c 'cd /Users/ec2-user/aws-sam-cli && export PATH="/Users/ec2-user/Library/Python/${{ env.PYTHON_VERSION }}/bin:$PATH" && samdev --version'
shell: bash
- name: Run unit tests
run: ./finch-daemon-pr/scripts/samcli-vm/run-unit-tests.sh
- name: Run invoke tests
timeout-minutes: 50
run: ./finch-daemon-pr/scripts/samcli-vm/run-invoke-tests.sh
- name: Run start-api tests
timeout-minutes: 80
run: ./finch-daemon-pr/scripts/samcli-vm/run-start-api-tests.sh
- name: Run sync tests
timeout-minutes: 30
run: ./finch-daemon-pr/scripts/samcli-vm/run-sync-tests.sh
- name: Run package tests
timeout-minutes: 15
run: ./finch-daemon-pr/scripts/samcli-vm/run-package-tests.sh
- name: Run start-lambda tests
timeout-minutes: 40
run: ./finch-daemon-pr/scripts/samcli-vm/run-start-lambda-tests.sh
# ensuring resources are clean post-test
cleanup:
runs-on: codebuild-finch-daemon-arm64-2-instance-${{ github.run_id }}-${{ github.run_attempt }}
needs: samcli-vm-test
if: always()
steps:
- name: Final cleanup
run: |
# Stop and remove VM
su ec2-user -c 'finch vm stop' || true
su ec2-user -c 'finch vm remove -f' || true
# Clean up processes and sockets
sudo pkill -f socket_vmnet || true
sudo pkill -f finch-daemon || true
sudo rm -rf /private/var/run/finch-lima/*.sock || true
# Clean up cache and temporary files
sudo rm -rf /Applications/Finch/lima/data/finch/_cache || true
sudo rm -rf /tmp/finch-* || true
- name: Checkout repository
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df
with:
role-to-assume: ${{ secrets.SAMCLI_VM_ROLE_SYNC }}
role-session-name: cleanup
aws-region: ${{ secrets.REGION }}
- name: Comprehensive AWS resource cleanup
timeout-minutes: 10
run: ./scripts/cleanup-aws-resources.sh