ci(stability): merge the develop branch

Author: datacore-bolt-ci

.github/workflows/helm-pins.yml

@@ -0,0 +1,13 @@
+name: Helm Pins
+on:
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+  ci:
+    uses: ./.github/workflows/k8s-ci.yml
+    secrets: inherit
+    with:
+      helm-pins: true
+      registry: 'ghcr.io'
+      namespace: 'openebs/helm-pins'

.github/workflows/k8s-ci.yml

@@ -1,18 +1,27 @@
 name: K8s CI
 on:
   workflow_call:
+    inputs:
+      helm-pins:
+        required: false
+        type: boolean
+        default: false
+      registry:
+        required: false
+        type: string
+        default: ghcr.io
+      namespace:
+        required: false
+        type: string
+        default: openebs/helm-pins
 
 jobs:
   k8s-ci:
     runs-on: ubuntu-latest-8-cores
     steps:
-      - name: Bind mount /dev/sda1 to /nix
-        run: |
-          sudo mkdir -p /nix
-          sudo mount --bind /mnt /nix
-          lsblk
       - uses: actions/checkout@v4
         with:
+          fetch-depth: 0
           submodules: recursive
       - uses: cachix/[email protected]
         with:
@@ -33,39 +42,100 @@ jobs:
           sudo dpkg-reconfigure man-db || true
           nix-shell ./scripts/k8s/shell.nix --run "./scripts/k8s/deployer.sh start --label"
       - name: Prepare v-next images and binary
+        if: ${{ !inputs.helm-pins }}
         run: nix-shell ./scripts/python/shell.nix --run "./scripts/python/upgrade-test-helper.sh --build --chart-tag --chart ./chart"
       - name: Load images to kind cluster
+        if: ${{ !inputs.helm-pins }}
         run: nix-shell ./scripts/python/shell.nix --run "./scripts/python/upgrade-test-helper.sh --load"
+      - name: Login to Helm Pins Registry
+        if: ${{ inputs.helm-pins }}
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ inputs.registry }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create Pinned Helm Chart
+        id: pin
+        if: ${{ inputs.helm-pins }}
+        run: |
+          nix-shell ./scripts/helm/shell.nix --run "./scripts/helm/pin.sh --registry ${{ inputs.registry }} --namespace ${{ inputs.namespace }} --kind"
+          if ! git diff --exit-code "./chart"; then
+            echo "update=true" >> $GITHUB_OUTPUT
+          else
+            echo "update=false" >> $GITHUB_OUTPUT
+          fi
       - name: Run pytest
+        if: ${{ inputs.helm-pins && steps.pin.outputs.update == 'true' }}
+        env:
+          CHART_VNEXT_REGISTRY: ${{ inputs.registry }}
+          CHART_VNEXT_NAMESPACE: ${{ inputs.namespace }}
+          CHART_VNEXT_PLUGIN: "./kubectl-plugin/bin/kubectl-mayastor"
+          REUSE_CLUSTER: 1
+          CHART_VNEXT_SKIP: 1
+          CLEAN: 0
+        run: nix-shell ./scripts/python/shell.nix --run "./scripts/python/test.sh"
+      - name: Run pytest
+        if: ${{ !inputs.helm-pins }}
+        env:
+          REUSE_CLUSTER: 1
+          CHART_VNEXT_SKIP: 1
+          CLEAN: 0
+        run: nix-shell ./scripts/python/shell.nix --run "./scripts/python/test.sh"
+      - name: Push Pinned Helm Chart
+        if: ${{ inputs.helm-pins && steps.pin.outputs.update == 'true' }}
         run: |
-          export REUSE_CLUSTER=1
-          export CHART_VNEXT_SKIP=1
-          export CLEAN=0
-          nix-shell ./scripts/python/shell.nix --run "./scripts/python/test.sh"
+          # Push pinned with specific version
+          nix-shell ./scripts/helm/shell.nix --run "./scripts/helm/push-oci.sh -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} --registry ${{ inputs.registry }} --namespace ${{ inputs.namespace }} -k -j"
+          # Push pinned latest
+          nix-shell ./scripts/helm/shell.nix --run "./scripts/helm/pin.sh --registry ${{ inputs.registry }} --namespace ${{ inputs.namespace }} --latest"
+          nix-shell ./scripts/helm/shell.nix --run "./scripts/helm/push-oci.sh -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} --registry ${{ inputs.registry }} --namespace ${{ inputs.namespace }} -k"
       - name: Collect logs
         if: ${{ failure() }}
         run: |
           nix-shell ./scripts/k8s/shell.nix --run "kubectl get pods -A -o wide"
-          nix-shell ./scripts/k8s/shell.nix --run "kubectl -n mayastor logs -l openebs.io/release=mayastor --all-containers=true"
-          nix-shell ./scripts/k8s/shell.nix --run "kubectl -n mayastor logs -l app=upgrade --all-containers=true"
+          nix-shell ./scripts/k8s/shell.nix --run "kubectl -n mayastor logs -l openebs.io/release=mayastor --all-containers=true --tail=-1"
+          nix-shell ./scripts/k8s/shell.nix --run "kubectl -n mayastor logs -l app=upgrade --all-containers=true --tail=-1"
       - name: Upload pytest logs
-        if: always()
+        if: ${{ always() && inputs.helm-pins && steps.pin.outputs.update == 'true' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: pytest-pins.log
+          path: pytest.log
+      - name: Upload pytest logs
+        if: ${{ always() && !inputs.helm-pins }}
         uses: actions/upload-artifact@v4
         with:
           name: pytest.log
           path: pytest.log
       - name: Report pytest results
-        if: always()
+        if: ${{ always() && steps.pin.outputs.update != 'false' }}
         uses: pmeier/pytest-results-action@main
         with:
           path: report.xml
           summary: true
           display-options: a
           fail-on-empty: true
           title: Test results
+      - name: Collect dump
+        if: failure()
+        run: |
+          nix-shell ./scripts/k8s/shell.nix --run "kind export logs ./dump/kind"
+          nix-shell ./scripts/k8s/shell.nix --run "kubectl cluster-info dump --output-directory=./dump/k8s --namespaces=mayastor"
+      - name: Upload cluster dump
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: k8s-dump
+          path: dump
+      # debugging
+  #      - name: Setup tmate session
+  #        if: ${{ failure() }}
+  #        timeout-minutes: 120
+  #        uses: mxschmitt/action-tmate@v3
 
   k8s-ci-vm:
     runs-on: ubuntu-latest-8-cores
+    if: ${{ !inputs.helm-pins }}
     steps:
       - uses: actions/checkout@v4
       - uses: cachix/[email protected]

.github/workflows/nightly-ci.yml

@@ -5,12 +5,15 @@ on:
 jobs:
   ci:
     uses: ./.github/workflows/pr-ci.yml
+  helm-pins:
+    uses: ./.github/workflows/helm-pins.yml
+    secrets: inherit
   nightly-ci:
     if: ${{ success() }}
     needs:
       - ci
+      - helm-pins
     runs-on: ubuntu-latest
     steps:
       - name: CI succeeded
         run: exit 0
-

.github/workflows/pr-ci.yml

@@ -29,4 +29,3 @@ jobs:
     steps:
       - name: CI succeeded
         run: exit 0
-

.gitignore

@@ -27,3 +27,5 @@ tests/bdd/venv
 pytest.log
 #/tests/bdd/chart-vnext/
 /chart/kubectl-plugin
+/report.xml
+

chart/shell.nix

@@ -12,5 +12,6 @@ pkgs.mkShell {
     semver-tool
     yq-go
     jq
+    oras
   ];
 }

k8s/upgrade/src/plugin/constants.rs

@@ -69,9 +69,6 @@ pub(crate) const DEFAULT_IMAGE_REGISTRY: &str = "docker.io";
 /// The upgrade job will use the UPGRADE_JOB_IMAGE_NAME image (below) with this tag.
 pub(crate) const UPGRADE_JOB_IMAGE_TAG: &str = "develop";
 
-/// Upgrade job container image repository.
-pub(crate) const UPGRADE_JOB_IMAGE_REPO: &str = constants::UPGRADE_JOB_IMAGE_REPO;
-
 pub(crate) use constants::upgrade_job_img;
 
 /// Upgrade job name suffix.

k8s/upgrade/src/plugin/upgrade.rs

@@ -5,7 +5,7 @@ use crate::plugin::{
         DEFAULT_IMAGE_REGISTRY, DEFAULT_RELEASE_NAME, IO_ENGINE_POD_LABEL, MAX_RETRY_ATTEMPTS,
         UPGRADE_CONFIG_MAP_MOUNT_PATH, UPGRADE_CONFIG_MAP_NAME_SUFFIX,
         UPGRADE_JOB_CLUSTERROLEBINDING_NAME_SUFFIX, UPGRADE_JOB_CLUSTERROLE_NAME_SUFFIX,
-        UPGRADE_JOB_IMAGE_REPO, UPGRADE_JOB_NAME_SUFFIX, UPGRADE_JOB_SERVICEACCOUNT_NAME_SUFFIX,
+        UPGRADE_JOB_NAME_SUFFIX, UPGRADE_JOB_SERVICEACCOUNT_NAME_SUFFIX,
     },
     error, objects,
     user_prompt::{
@@ -83,6 +83,10 @@ pub struct UpgradeArgs {
     #[clap(global = true, long)]
     registry: Option<String>,
 
+    /// Specify the container namespace for the upgrade-job image.
+    #[clap(global = true, long)]
+    repo_namespace: Option<String>,
+
     /// Allow upgrade from stable versions to unstable versions. This is implied when the
     /// '--skip-upgrade-path-validation-for-unsupported-version' option is used.
     #[clap(global = true, long, hide = true)]
@@ -138,6 +142,7 @@ impl UpgradeArgs {
     pub fn new() -> Self {
         Self {
             registry: None,
+            repo_namespace: None,
             allow_unstable: false,
             dry_run: false,
             skip_data_plane_restart: false,
@@ -710,17 +715,21 @@ impl UpgradeResources {
                     let img = ImageProperties::try_from(rest_deployment)?;
                     let set_file = create_helm_set_file_args(args, set_file_map).await?;
 
-                    // Image registry override check.
+                    // Image registry/namespace override check.
                     let registry: &str = match args.registry {
                         Some(ref registry_override) => registry_override,
                         None => img.registry(),
                     };
+                    let namespace: &str = match args.repo_namespace {
+                        Some(ref namespace) => namespace,
+                        None => img.namespace(),
+                    };
 
                     let upgrade_deploy = objects::upgrade_job(
                         ns,
                         upgrade_image_concat(
                             registry,
-                            UPGRADE_JOB_IMAGE_REPO,
+                            namespace,
                             &upgrade_job_img(),
                             upgrade_job_image_tag.as_str(),
                         ),
@@ -884,6 +893,7 @@ pub(crate) async fn is_upgrade_job_completed(ns: &str) -> error::Result<bool> {
 struct ImageProperties {
     pull_secrets: Option<Vec<k8s_openapi::api::core::v1::LocalObjectReference>>,
     registry: String,
+    namespace: String,
     pull_policy: Option<String>,
 }
 
@@ -912,16 +922,18 @@ impl TryFrom<Deployment> for ImageProperties {
         if image_sections.is_empty() || image_sections.len() == 1 {
             return error::ReferenceDeploymentInvalidImage.fail();
         }
-
-        let registry = match image_sections.len() {
-            3 => image_sections[0],
-            _ => DEFAULT_IMAGE_REGISTRY,
-        }
-        .to_string();
+        // todo: isn't the registry always explicitly shown anyway?
+        let (registry, namespace) = if image_sections.len() >= 3 {
+            let namespace = image_sections[1..image_sections.len() - 1].join("/");
+            (image_sections[0], namespace)
+        } else {
+            (DEFAULT_IMAGE_REGISTRY, image_sections[0].to_string())
+        };
 
         Ok(Self {
             pull_secrets: pod_spec.image_pull_secrets.clone(),
-            registry,
+            registry: registry.to_string(),
+            namespace,
             pull_policy: container.image_pull_policy.clone(),
         })
     }
@@ -936,6 +948,10 @@ impl ImageProperties {
         self.registry.as_str()
     }
 
+    fn namespace(&self) -> &str {
+        self.namespace.as_str()
+    }
+
     fn pull_policy(&self) -> Option<String> {
         self.pull_policy.clone()
     }

nix/pkgs/images/default.nix

@@ -58,6 +58,7 @@ let
     # Script doesn't need to be used with main branch `--alias-tag <main-branch-style-tag>`.
     # The repo chart is already prepared.
     if [[ "$(semver validate ${tag})" == "valid" ]] &&
+      [[ ! ${tag} =~ ^(v?[0-9]+\.[0-9]+\.[0-9]+-pin-(dev|devrel).([0-9]+))$ ]] &&
       [[ ! ${tag} =~ ^(v?[0-9]+\.[0-9]+\.[0-9]+-0-(main|release)-unstable(-[0-9]+){6}-0)$ ]]; then
       CHART_FILE=build/chart/Chart.yaml build/scripts/helm/publish-chart-yaml.sh --app-tag ${tag} --override-index ""
     fi

scripts/helm/chart-version.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]:-"$0"}")")"
+ROOT_DIR="$SCRIPT_DIR/../.."
+CHART_DIR="$ROOT_DIR/chart"
+CHART="$CHART_DIR/Chart.yaml"
+HELM="helm"
+
+source "$ROOT_DIR/scripts/utils/helm.sh"
+
+echo -n "$(helm_chart_version)"