feat: add rancher integration pipeline

[FrankYang0529]

Problem:

Solution:

Related Issue(s):

harvester/harvester#7889

Test plan:

Additional documentation or context

[Copilot]

Pull Request Overview

This PR introduces a new GitHub Actions workflow for Rancher integration that automates version patching, building Harvester artifacts, and running integration tests.

• Adds a workflow to patch RKE2 and Rancher versions, build artifacts, and deploy/test clusters.
• Includes steps for cloning ipxe-examples, performing cluster setup, running tests, and collecting logs.

[innobead]

What's the purpose for this?

[FrankYang0529]

I copy this from

harvester-installer/.github/workflows/vagrant-install.yaml

Lines 47 to 53 in 6973fcd

	- name: Remove OVMF.fd line if needed
	working-directory: ${{ steps.ipxe.outputs.VAGRANT_HOME }}
	run: |
	if [ ! -f /usr/share/qemu/OVMF.fd ]; then
	echo "Remove libvirt loader: can't find UEFI firmware"
	sed 's/libvirt.loader.*/#libvirt.loader = /' Vagrantfile
	fi

. @bk201 do you know why we need this in CI? Does it avoid UEFI firmware not found error?

[bk201]

If the OVMF file is present in the system, the VM will run in UEFI mode, otherwise, it will run in legacy BIOS mode. Not every runner has the file presented.

[innobead]

If some snippets are resuable, suggest creating util scripts or workflows, then share them with each other. In addition, please also add comments to clarify the purpose, or prefer making the step name self-explantory. It will be good for understanding.

[innobead]

Can we make a reusable workflow which can be used in both workflow to reduce duplicated implementation here? Basically, have a job running the reusbale workflow, then start the different steps in another job.

[innobead]

Check files exist on provisioned hosts

nit: The name is quite general, can we make them specific? What files should exist. check_files.sh is also too common.

[FrankYang0529]

Since check_files.sh is used in other workflow, I will update the naming in the next PR.

[innobead]

Should we move this just after Setup cluster?

[FrankYang0529]

I prefer to keep it after terraform check. If it checks rancher-system-agent just after setup cluster, the cluster may not be ready.

[innobead]

I see, then it can be part of tests.

[innobead]

The ultimate goal is to automatically detect the versions of Rancher and RKE2, and then run these workflows.

There are a few things we need to improve later.

• Create a matrix strategy outlining which versions to run in the workflow. For instance: Harvester 1.5/Rancher 2.11/RKE2 1.32, we only need to execute pipelines for supported branches and the head. Currently, these are head/1.6, 1.5, 1.4, and 1.3. To conserve resources, we will only run head, n, and n-1, which means head, 1.5, and 1.4.
• Schedule a daily cron job to check for any new releases (just released on the day) of Rancher or RKE2, and run the testing pipeline as needed. You may require an additional step/job initially to determine them. If no new releases are available, there's no need to execute anything.
• W/ above improvements, still ensure the capability to run manually by entering upstream versions

[innobead]

Just a few minor feedback. After resolving them, we can merge this first, so you can verify and fine-tune this later.

[innobead]

This should be create_version_file.sh instead?

BTW, can we simplify the upgrade operation as follows? When creating a new version or upgrade, apply it directly.

- name: Start file server
  run: |
    python3 -m http.server 8000 --bind 0.0.0.0 &

- name: Create the upgrade version
  working-directory: ./ci/upgrade
  run: |
    ./create_version.sh

- name: Create the upgrade
  working-directory: ./ci/upgrade
  run: |
    ./create_upgrade.sh

[innobead]

Can we move this to check_rancher_system_agent.sh? I would like to move all checks and tests under the terraform folder to make them consistent as the existing test scripts like test_terraform_vm.sh.

[innobead]

ditto, move this to check_login.sh

[innobead]

check_rke2_cert_rotation.sh