Skip to content
default

feat: update Linux to 6.18.32 #14122

Sign in to view logs

feat: update Linux to 6.18.32

feat: update Linux to 6.18.32 #14122

Workflow file for this run

.github/workflows/ci.yaml at 9919ff7
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2026-05-11T14:12:46Z by kres 1762ab2.
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
"on":
push:
branches:
- main
- release-*
tags:
- v*
pull_request:
branches:
- main
- release-*
name: default
jobs:
base-lint:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: lint
run: |
make lint
base-unit-tests:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: unit-tests
run: |
make unit-tests
- name: unit-tests-fips
run: |
make unit-tests-fips
- name: unit-tests-race
run: |
make unit-tests-race
- name: coverage
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # version: v6.0.0
with:
files: _out/coverage.txt
token: ${{ secrets.CODECOV_TOKEN }}
timeout-minutes: 3
default:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && github.event_name == 'pull_request'
outputs:
labels: ${{ steps.retrieve-pr-labels.outputs.result }}
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: external-artifacts
run: |
make external-artifacts
- name: generate
run: |
make generate docs
- name: uki-certs
env:
PLATFORM: linux/amd64
run: |
make uki-certs
- name: check-dirty
run: |
make check-dirty
- name: build
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl kernel sd-boot sd-stub initramfs installer-base imager talos integration-test
- name: talosctl-cni-bundle
run: |
make talosctl-cni-bundle
- name: sbom
run: |
make sbom
- name: iso
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
run: |
make iso secureboot-iso
- name: images-essential
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: Generate executable list
run: |
find _out -type f -executable > _out/executable-artifacts
- name: save artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-artifacts
path: |
_out
retention-days: "5"
- name: Retrieve PR labels
id: retrieve-pr-labels
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # version: v9.0.0
with:
retries: "3"
script: |
if (context.eventName != "pull_request") { return "[]" }
const resp = await github.rest.issues.get({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
})
return resp.data.labels.map(label => label.name)
e2e-docker-short:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: e2e-docker
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
run: |
make e2e-docker
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-e2e-docker-short
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
e2e-iso:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: e2e-iso
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
run: |
sudo -E make e2e-iso
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-e2e-iso
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
e2e-qemu-short:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: e2e-qemu
env:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-qemu-short
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
WITH_CONFIG_PATCH: '@hack/test/patches/image-verification.yaml'
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-e2e-qemu-short
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
grype-scan:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: login-to-registry
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # version: v4.1.0
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
username: ${{ github.repository_owner }}
- name: local-grype-scan-result
env:
DEST: _out
run: |
make local-grype-scan-result
- name: target-grype-validate
run: |
make target-grype-validate
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-grype-scan-result
path: |
_out/grype-scan.log
retention-days: "5"
integration-airgapped:
name: ${{ matrix.test }}
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
strategy:
matrix:
include:
- test: e2e-airgapped-no-proxy
withAirgapped: no-proxy
withClusterDiscovery: "false"
- test: e2e-airgapped-http-proxy
withAirgapped: http-proxy
withConfigPatch: '@hack/test/patches/image-verification.yaml'
- test: e2e-airgapped-secure-proxy
withAirgapped: secure-http-proxy
withConfigPatch: '@hack/test/patches/image-verification.yaml'
- test: e2e-airgapped-reverse-proxy
withAirgapped: https-reverse-proxy
withConfigPatch: '@hack/test/patches/image-verification.yaml'
fail-fast: false
max-parallel: 2
needs:
- default
steps:
- name: check-pr-labels
id: check-pr-labels
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/airgapped') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
run: "true"
- name: gather-system-info
id: system-info
if: steps.check-pr-labels.conclusion == 'success'
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
if: steps.check-pr-labels.conclusion == 'success'
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
if: steps.check-pr-labels.conclusion == 'success'
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
if: steps.check-pr-labels.conclusion == 'success'
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
if: steps.check-pr-labels.conclusion == 'success'
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
if: steps.check-pr-labels.conclusion == 'success'
run: |
make ci-temp-release-tag
- name: integration-images-list
if: steps.check-pr-labels.conclusion == 'success'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
run: |
make integration-images-list
- name: ${{ matrix.test }}
if: steps.check-pr-labels.conclusion == 'success'
env:
GITHUB_STEP_NAME: ${{ github.job}}-${{ matrix.test }}
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
WITH_AIRGAPPED: ${{ matrix.withAirgapped }}
WITH_CLUSTER_DISCOVERY: ${{ matrix.withClusterDiscovery }}
WITH_CONFIG_PATCH: ${{ matrix.withConfigPatch }}
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always() && steps.check-pr-labels.conclusion == 'success'
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-airgapped-${{ matrix.test }}
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
/tmp/airgapped*.log
retention-days: "5"
integration-aws-amd64:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: generic
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-amd64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
- integration-build-aws-image
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Mask secrets
run: |
echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')"
- name: Set secrets for job
run: |
sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV"
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-aws-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: e2e-aws-prepare
env:
E2E_AWS_TARGET: default
IMAGE_REGISTRY: registry.dev.siderolabs.io
TARGET_ARCH: amd64
run: |
make e2e-aws-prepare
- name: checkout contrib
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/contrib
ref: main
repository: siderolabs/contrib
- name: setup tf
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # version: v4.0.0
with:
terraform_wrapper: "false"
- name: tf apply
env:
TF_E2E_ACTION: apply
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
- name: e2e-aws
run: |
make e2e-aws
- name: tf destroy
if: always()
env:
TF_E2E_ACTION: destroy
TF_E2E_REFRESH_ON_DESTROY: "false"
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
integration-aws-arm64:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: generic
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-arm64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
- integration-build-aws-image
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Mask secrets
run: |
echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')"
- name: Set secrets for job
run: |
sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV"
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-aws-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: e2e-aws-prepare
env:
E2E_AWS_TARGET: default
IMAGE_REGISTRY: registry.dev.siderolabs.io
TARGET_ARCH: arm64
run: |
make e2e-aws-prepare
- name: checkout contrib
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/contrib
ref: main
repository: siderolabs/contrib
- name: setup tf
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # version: v4.0.0
with:
terraform_wrapper: "false"
- name: tf apply
env:
TF_E2E_ACTION: apply
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
- name: e2e-aws
run: |
make e2e-aws
- name: tf destroy
if: always()
env:
TF_E2E_ACTION: destroy
TF_E2E_REFRESH_ON_DESTROY: "false"
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
integration-aws-nvidia-nonfree-lts-amd64:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: generic
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-nonfree-lts-amd64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-nonfree')
needs:
- default
- integration-build-aws-image
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Mask secrets
run: |
echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')"
- name: Set secrets for job
run: |
sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV"
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-aws-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: checkout extensions
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/extensions
ref: main
repository: siderolabs/extensions
- name: set variables
run: |
cat _out/talos-metadata >> "$GITHUB_ENV"
- name: build extensions
env:
PLATFORM: linux/amd64
PUSH: "true"
REGISTRY: registry.dev.siderolabs.io
run: |
make nvidia-container-toolkit-lts nonfree-kmod-nvidia-lts extensions-metadata -C _out/extensions
- name: e2e-aws-prepare
env:
E2E_AWS_TARGET: nvidia-nonfree-lts
EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata
IMAGE_REGISTRY: registry.dev.siderolabs.io
TARGET_ARCH: amd64
run: |
make e2e-aws-prepare
- name: checkout contrib
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/contrib
ref: main
repository: siderolabs/contrib
- name: setup tf
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # version: v4.0.0
with:
terraform_wrapper: "false"
- name: tf apply
env:
TF_E2E_ACTION: apply
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
- name: e2e-aws-nvidia
env:
EXTRA_TEST_ARGS: -talos.extensions.nvidia
INTEGRATION_TEST_RUN: TestIntegration/api.ExtensionsSuiteNVIDIA
run: |
make e2e-aws
- name: tf destroy
if: always()
env:
TF_E2E_ACTION: destroy
TF_E2E_REFRESH_ON_DESTROY: "false"
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
integration-aws-nvidia-nonfree-lts-arm64:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: generic
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-nonfree-lts-arm64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-nonfree')
needs:
- default
- integration-build-aws-image
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Mask secrets
run: |
echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')"
- name: Set secrets for job
run: |
sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV"
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-aws-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: checkout extensions
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/extensions
ref: main
repository: siderolabs/extensions
- name: set variables
run: |
cat _out/talos-metadata >> "$GITHUB_ENV"
- name: build extensions
env:
PLATFORM: linux/arm64
PUSH: "true"
REGISTRY: registry.dev.siderolabs.io
run: |
make nvidia-container-toolkit-lts nonfree-kmod-nvidia-lts extensions-metadata -C _out/extensions
- name: e2e-aws-prepare
env:
E2E_AWS_TARGET: nvidia-nonfree-lts
EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata
IMAGE_REGISTRY: registry.dev.siderolabs.io
TARGET_ARCH: arm64
run: |
make e2e-aws-prepare
- name: checkout contrib
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/contrib
ref: main
repository: siderolabs/contrib
- name: setup tf
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # version: v4.0.0
with:
terraform_wrapper: "false"
- name: tf apply
env:
TF_E2E_ACTION: apply
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
- name: e2e-aws-nvidia
env:
EXTRA_TEST_ARGS: -talos.extensions.nvidia -talos.verifyukibooted=false
INTEGRATION_TEST_RUN: TestIntegration/api.ExtensionsSuiteNVIDIA
run: |
make e2e-aws
- name: tf destroy
if: always()
env:
TF_E2E_ACTION: destroy
TF_E2E_REFRESH_ON_DESTROY: "false"
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
integration-aws-nvidia-nonfree-production-amd64:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: generic
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-nonfree-production-amd64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-nonfree')
needs:
- default
- integration-build-aws-image
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Mask secrets
run: |
echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')"
- name: Set secrets for job
run: |
sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV"
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-aws-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: checkout extensions
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/extensions
ref: main
repository: siderolabs/extensions
- name: set variables
run: |
cat _out/talos-metadata >> "$GITHUB_ENV"
- name: build extensions
env:
PLATFORM: linux/amd64
PUSH: "true"
REGISTRY: registry.dev.siderolabs.io
run: |
make nvidia-container-toolkit-production nonfree-kmod-nvidia-production extensions-metadata -C _out/extensions
- name: e2e-aws-prepare
env:
E2E_AWS_TARGET: nvidia-nonfree-production
EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata
IMAGE_REGISTRY: registry.dev.siderolabs.io
TARGET_ARCH: amd64
run: |
make e2e-aws-prepare
- name: checkout contrib
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/contrib
ref: main
repository: siderolabs/contrib
- name: setup tf
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # version: v4.0.0
with:
terraform_wrapper: "false"
- name: tf apply
env:
TF_E2E_ACTION: apply
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
- name: e2e-aws-nvidia
env:
EXTRA_TEST_ARGS: -talos.extensions.nvidia
INTEGRATION_TEST_RUN: TestIntegration/api.ExtensionsSuiteNVIDIA
run: |
make e2e-aws
- name: tf destroy
if: always()
env:
TF_E2E_ACTION: destroy
TF_E2E_REFRESH_ON_DESTROY: "false"
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
integration-aws-nvidia-nonfree-production-arm64:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: generic
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-nonfree-production-arm64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-nonfree')
needs:
- default
- integration-build-aws-image
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Mask secrets
run: |
echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')"
- name: Set secrets for job
run: |
sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV"
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-aws-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: checkout extensions
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/extensions
ref: main
repository: siderolabs/extensions
- name: set variables
run: |
cat _out/talos-metadata >> "$GITHUB_ENV"
- name: build extensions
env:
PLATFORM: linux/arm64
PUSH: "true"
REGISTRY: registry.dev.siderolabs.io
run: |
make nvidia-container-toolkit-production nonfree-kmod-nvidia-production extensions-metadata -C _out/extensions
- name: e2e-aws-prepare
env:
E2E_AWS_TARGET: nvidia-nonfree-production
EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata
IMAGE_REGISTRY: registry.dev.siderolabs.io
TARGET_ARCH: arm64
run: |
make e2e-aws-prepare
- name: checkout contrib
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/contrib
ref: main
repository: siderolabs/contrib
- name: setup tf
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # version: v4.0.0
with:
terraform_wrapper: "false"
- name: tf apply
env:
TF_E2E_ACTION: apply
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
- name: e2e-aws-nvidia
env:
EXTRA_TEST_ARGS: -talos.extensions.nvidia -talos.verifyukibooted=false
INTEGRATION_TEST_RUN: TestIntegration/api.ExtensionsSuiteNVIDIA
run: |
make e2e-aws
- name: tf destroy
if: always()
env:
TF_E2E_ACTION: destroy
TF_E2E_REFRESH_ON_DESTROY: "false"
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
integration-aws-nvidia-oss-lts-amd64:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: generic
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-oss-lts-amd64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-oss')
needs:
- default
- integration-build-aws-image
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Mask secrets
run: |
echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')"
- name: Set secrets for job
run: |
sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV"
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-aws-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: checkout extensions
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/extensions
ref: main
repository: siderolabs/extensions
- name: set variables
run: |
cat _out/talos-metadata >> "$GITHUB_ENV"
- name: build extensions
env:
PLATFORM: linux/amd64
PUSH: "true"
REGISTRY: registry.dev.siderolabs.io
run: |
make nvidia-container-toolkit-lts nvidia-open-gpu-kernel-modules-lts extensions-metadata -C _out/extensions
- name: e2e-aws-prepare
env:
E2E_AWS_TARGET: nvidia-oss-lts
EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata
IMAGE_REGISTRY: registry.dev.siderolabs.io
TARGET_ARCH: amd64
run: |
make e2e-aws-prepare
- name: checkout contrib
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/contrib
ref: main
repository: siderolabs/contrib
- name: setup tf
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # version: v4.0.0
with:
terraform_wrapper: "false"
- name: tf apply
env:
TF_E2E_ACTION: apply
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
- name: e2e-aws-nvidia
env:
EXTRA_TEST_ARGS: -talos.extensions.nvidia -talos.verifyukibooted=false
INTEGRATION_TEST_RUN: TestIntegration/api.ExtensionsSuiteNVIDIA
run: |
make e2e-aws
- name: tf destroy
if: always()
env:
TF_E2E_ACTION: destroy
TF_E2E_REFRESH_ON_DESTROY: "false"
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
integration-aws-nvidia-oss-lts-arm64:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: generic
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-oss-lts-arm64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-oss')
needs:
- default
- integration-build-aws-image
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Mask secrets
run: |
echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')"
- name: Set secrets for job
run: |
sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV"
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-aws-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: checkout extensions
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/extensions
ref: main
repository: siderolabs/extensions
- name: set variables
run: |
cat _out/talos-metadata >> "$GITHUB_ENV"
- name: build extensions
env:
PLATFORM: linux/arm64
PUSH: "true"
REGISTRY: registry.dev.siderolabs.io
run: |
make nvidia-container-toolkit-lts nvidia-open-gpu-kernel-modules-lts extensions-metadata -C _out/extensions
- name: e2e-aws-prepare
env:
E2E_AWS_TARGET: nvidia-oss-lts
EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata
IMAGE_REGISTRY: registry.dev.siderolabs.io
TARGET_ARCH: arm64
run: |
make e2e-aws-prepare
- name: checkout contrib
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/contrib
ref: main
repository: siderolabs/contrib
- name: setup tf
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # version: v4.0.0
with:
terraform_wrapper: "false"
- name: tf apply
env:
TF_E2E_ACTION: apply
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
- name: e2e-aws-nvidia
env:
EXTRA_TEST_ARGS: -talos.extensions.nvidia -talos.verifyukibooted=false
INTEGRATION_TEST_RUN: TestIntegration/api.ExtensionsSuiteNVIDIA
run: |
make e2e-aws
- name: tf destroy
if: always()
env:
TF_E2E_ACTION: destroy
TF_E2E_REFRESH_ON_DESTROY: "false"
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
integration-aws-nvidia-oss-production-amd64:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: generic
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-oss-production-amd64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-oss')
needs:
- default
- integration-build-aws-image
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Mask secrets
run: |
echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')"
- name: Set secrets for job
run: |
sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV"
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-aws-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: checkout extensions
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/extensions
ref: main
repository: siderolabs/extensions
- name: set variables
run: |
cat _out/talos-metadata >> "$GITHUB_ENV"
- name: build extensions
env:
PLATFORM: linux/amd64
PUSH: "true"
REGISTRY: registry.dev.siderolabs.io
run: |
make nvidia-container-toolkit-production nvidia-open-gpu-kernel-modules-production extensions-metadata -C _out/extensions
- name: e2e-aws-prepare
env:
E2E_AWS_TARGET: nvidia-oss-production
EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata
IMAGE_REGISTRY: registry.dev.siderolabs.io
TARGET_ARCH: amd64
run: |
make e2e-aws-prepare
- name: checkout contrib
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/contrib
ref: main
repository: siderolabs/contrib
- name: setup tf
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # version: v4.0.0
with:
terraform_wrapper: "false"
- name: tf apply
env:
TF_E2E_ACTION: apply
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
- name: e2e-aws-nvidia
env:
EXTRA_TEST_ARGS: -talos.extensions.nvidia -talos.verifyukibooted=false
INTEGRATION_TEST_RUN: TestIntegration/api.ExtensionsSuiteNVIDIA
run: |
make e2e-aws
- name: tf destroy
if: always()
env:
TF_E2E_ACTION: destroy
TF_E2E_REFRESH_ON_DESTROY: "false"
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
integration-aws-nvidia-oss-production-arm64:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: generic
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-oss-production-arm64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-oss')
needs:
- default
- integration-build-aws-image
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Mask secrets
run: |
echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')"
- name: Set secrets for job
run: |
sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV"
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-aws-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: checkout extensions
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/extensions
ref: main
repository: siderolabs/extensions
- name: set variables
run: |
cat _out/talos-metadata >> "$GITHUB_ENV"
- name: build extensions
env:
PLATFORM: linux/arm64
PUSH: "true"
REGISTRY: registry.dev.siderolabs.io
run: |
make nvidia-container-toolkit-production nvidia-open-gpu-kernel-modules-production extensions-metadata -C _out/extensions
- name: e2e-aws-prepare
env:
E2E_AWS_TARGET: nvidia-oss-production
EXTENSIONS_METADATA_FILE: _out/extensions/_out/extensions-metadata
IMAGE_REGISTRY: registry.dev.siderolabs.io
TARGET_ARCH: arm64
run: |
make e2e-aws-prepare
- name: checkout contrib
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/contrib
ref: main
repository: siderolabs/contrib
- name: setup tf
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # version: v4.0.0
with:
terraform_wrapper: "false"
- name: tf apply
env:
TF_E2E_ACTION: apply
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
- name: e2e-aws-nvidia
env:
EXTRA_TEST_ARGS: -talos.extensions.nvidia -talos.verifyukibooted=false
INTEGRATION_TEST_RUN: TestIntegration/api.ExtensionsSuiteNVIDIA
run: |
make e2e-aws
- name: tf destroy
if: always()
env:
TF_E2E_ACTION: destroy
TF_E2E_REFRESH_ON_DESTROY: "false"
TF_E2E_TEST_TYPE: aws
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
integration-build-aws-image:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-amd64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-arm64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-oss') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-nonfree') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-oss-lts-amd64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-oss-lts-arm64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-oss-production-amd64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-oss-production-arm64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-nonfree-lts-amd64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-nonfree-lts-arm64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-nonfree-production-amd64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/aws-nvidia-nonfree-production-arm64') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: image-aws
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64,linux/arm64
run: |
make image-aws
- name: Generate executable list
run: |
find _out -type f -executable > _out/executable-artifacts
- name: save artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-aws-artifacts
path: |
_out
retention-days: "1"
integration-build-enforcing:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc-1') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc-3') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc-4') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu-default') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu-enforcing') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu-encrypted-vip') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu-race') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/conformance') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/conformance-default') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/conformance-enforcing') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/trusted-boot') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/trusted-boot-default') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/trusted-boot-enforcing') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: images-essential-enforcing
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX_OUT: -enforcing
run: |
make images-essential
- name: Generate executable list
run: |
find _out -type f -executable > _out/executable-artifacts
- name: save artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-enforcing-artifacts
path: |
_out
retention-days: "1"
integration-cilium:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/cilium') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: e2e-cilium
env:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-cilium
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
WITH_CONFIG_PATCH: '@hack/test/patches/cilium-no-kubeproxy.yaml'
WITH_CUSTOM_CNI: cilium
WITH_FIREWALL: accept
run: |
sudo -E make e2e-qemu
- name: e2e-cilium-strict
env:
CILIUM_INSTALL_TYPE: strict
GITHUB_STEP_NAME: ${{ github.job}}-e2e-cilium-strict
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
WITH_CONFIG_PATCH: '@hack/test/patches/cilium-kubeproxy.yaml'
WITH_CUSTOM_CNI: cilium
WITH_FIREWALL: accept
run: |
sudo -E make e2e-qemu
- name: e2e-cilium-strict-kubespan
env:
CILIUM_INSTALL_TYPE: strict
GITHUB_STEP_NAME: ${{ github.job}}-e2e-cilium-strict-kubespan
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
WITH_CONFIG_PATCH: '@hack/test/patches/cilium-kubeproxy.yaml'
WITH_CUSTOM_CNI: cilium
WITH_FIREWALL: accept
WITH_KUBESPAN: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-cilium
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-cloud-images:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: generic
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/cloud-images')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Mask secrets
run: |
echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')"
- name: Set secrets for job
run: |
sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV"
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: images
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64,linux/arm64
run: |
make images
- name: cloud-images
run: |
make cloud-images
integration-conformance-default:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/conformance-default') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/conformance') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
- integration-build-enforcing
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-enforcing-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: conformance-qemu
env:
GITHUB_STEP_NAME: ${{ github.job}}-conformance-qemu
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_CPUS_WORKERS: "6"
QEMU_MEMORY_WORKERS: "4096"
TEST_MODE: fast-conformance
WITH_CONFIG_PATCH: '@hack/test/patches/image-verification.yaml'
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-conformance-default
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-conformance-enforcing:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/conformance-enforcing') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/conformance') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
- integration-build-enforcing
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-enforcing-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: conformance-qemu
env:
EXTRA_TEST_ARGS: -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-conformance-qemu
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_CPUS_WORKERS: "6"
QEMU_MEMORY_WORKERS: "4096"
TAG_SUFFIX_IN: -enforcing
TEST_MODE: fast-conformance
WITH_CONFIG_PATCH: '@hack/test/patches/image-verification.yaml'
WITH_ENFORCING: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-conformance-enforcing
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-embedded:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/embedded') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: e2e-embedded
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
run: |
sudo -E make e2e-embedded
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-embedded
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-extensions:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/extensions') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: checkout extensions
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/extensions
ref: main
repository: siderolabs/extensions
- name: unshallow-extensions
run: |
git -C _out/extensions fetch --prune --unshallow
- name: set variables
run: |
cat _out/talos-metadata >> "$GITHUB_ENV"
- name: build extensions
env:
PLATFORM: linux/amd64
PUSH: "true"
REGISTRY: registry.dev.siderolabs.io
run: |
make all extensions-metadata -C _out/extensions
- name: installer extensions
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
run: |
make installer-with-extensions
- name: e2e-extensions
env:
EXTRA_TEST_ARGS: -talos.extensions.qemu
GITHUB_STEP_NAME: ${{ github.job}}-e2e-extensions
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_EXTRA_DISKS: "3"
QEMU_MEMORY_WORKERS: "4096"
QEMU_WORKERS: "1"
SHORT_INTEGRATION_TEST: "yes"
WITH_CONFIG_PATCH_WORKER: '@_out/installer-extensions-patch.yaml:@hack/test/patches/extensions.yaml:@hack/test/patches/dm-raid-module.yaml'
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-extensions
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-gcp:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: generic
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/gcp') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Mask secrets
run: |
echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')"
- name: Set secrets for job
run: |
sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV"
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: image-gcp
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64,linux/arm64
run: |
make image-gcp
- name: e2e-gcp-prepare
run: |
make e2e-gcp-prepare
- name: checkout contrib
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/contrib
ref: main
repository: siderolabs/contrib
- name: setup tf
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # version: v4.0.0
with:
terraform_wrapper: "false"
- name: tf apply
env:
TF_E2E_ACTION: apply
TF_E2E_TEST_TYPE: gcp
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
- name: e2e-gcp
run: |
make e2e-gcp
- name: tf destroy
if: always()
env:
TF_E2E_ACTION: destroy
TF_E2E_REFRESH_ON_DESTROY: "false"
TF_E2E_TEST_TYPE: gcp
TF_SCRIPT_DIR: _out/contrib
run: |
make e2e-cloud-tf
integration-image-cache:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/image-cache') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: image-cache
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make cache-create
- name: e2e-image-cache
env:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-image-cache
IMAGE_REGISTRY: registry.dev.siderolabs.io
REGISTRY_MIRROR_FLAGS: "no"
SHORT_INTEGRATION_TEST: "yes"
VIA_MAINTENANCE_MODE: "true"
WITH_CONFIG_PATCH: '@hack/test/patches/image-cache.yaml:@hack/test/patches/image-verification.yaml'
WITH_ISO: "true"
run: |
sudo -E make e2e-qemu
- name: e2e-image-cache-disk
env:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-image-cache-disk
IMAGE_REGISTRY: registry.dev.siderolabs.io
REGISTRY_MIRROR_FLAGS: "no"
SHORT_INTEGRATION_TEST: "yes"
USE_DISK_IMAGE: "true"
VIA_MAINTENANCE_MODE: "true"
WITH_CONFIG_PATCH: '@hack/test/patches/image-cache.yaml:@hack/test/patches/image-verification.yaml'
run: |
sudo -E make e2e-qemu
- name: e2e-image-cache-encrypted
env:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-image-cache-encrypted
IMAGE_REGISTRY: registry.dev.siderolabs.io
REGISTRY_MIRROR_FLAGS: "no"
SHORT_INTEGRATION_TEST: "yes"
VIA_MAINTENANCE_MODE: "true"
WITH_CONFIG_PATCH: '@hack/test/patches/image-cache.yaml:@hack/test/patches/image-cache-encrypted.yaml:@hack/test/patches/image-verification.yaml'
WITH_ISO: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-image-cache
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-image-factory:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/image-factory')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: factory-1.12-iso
env:
FACTORY_BOOT_METHOD: iso
FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
FACTORY_UPGRADE: "true"
FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f
FACTORY_UPGRADE_VERSION: v1.12.6
FACTORY_VERSION: v1.12.5
GITHUB_STEP_NAME: ${{ github.job}}-factory-1.12-iso
KUBERNETES_VERSION: 1.35.3
run: |
sudo -E make e2e-image-factory
- name: factory-1.12-image
env:
FACTORY_BOOT_METHOD: disk-image
FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
FACTORY_UPGRADE: "true"
FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f
FACTORY_UPGRADE_VERSION: v1.12.6
FACTORY_VERSION: v1.12.5
GITHUB_STEP_NAME: ${{ github.job}}-factory-1.12-image
KUBERNETES_VERSION: 1.35.3
run: |
sudo -E make e2e-image-factory
- name: factory-1.12-pxe
env:
FACTORY_BOOT_METHOD: ipxe
FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
FACTORY_VERSION: v1.12.6
GITHUB_STEP_NAME: ${{ github.job}}-factory-1.12-pxe
KUBERNETES_VERSION: 1.35.3
run: |
sudo -E make e2e-image-factory
- name: factory-1.12-secureboot
env:
FACTORY_BOOT_METHOD: secureboot-iso
FACTORY_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f
FACTORY_UPGRADE: "true"
FACTORY_UPGRADE_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
FACTORY_UPGRADE_VERSION: v1.12.6
FACTORY_VERSION: v1.12.5
GITHUB_STEP_NAME: ${{ github.job}}-factory-1.12-secureboot
KUBERNETES_VERSION: 1.35.3
run: |
sudo -E make e2e-image-factory
- name: factory-1.11-secureboot
env:
FACTORY_BOOT_METHOD: secureboot-iso
FACTORY_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f
FACTORY_UPGRADE: "true"
FACTORY_UPGRADE_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
FACTORY_UPGRADE_VERSION: v1.11.6
FACTORY_VERSION: v1.11.5
GITHUB_STEP_NAME: ${{ github.job}}-factory-1.11-secureboot
KUBERNETES_VERSION: 1.34.3
run: |
sudo -E make e2e-image-factory
- name: factory-1.11-iso
env:
FACTORY_BOOT_METHOD: iso
FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
FACTORY_UPGRADE: "true"
FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f
FACTORY_UPGRADE_VERSION: v1.11.6
FACTORY_VERSION: v1.11.5
GITHUB_STEP_NAME: ${{ github.job}}-factory-1.11-iso
KUBERNETES_VERSION: 1.34.3
run: |
sudo -E make e2e-image-factory
- name: factory-1.10-iso
env:
FACTORY_BOOT_METHOD: iso
FACTORY_SCHEMATIC: 376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba
FACTORY_UPGRADE: "true"
FACTORY_UPGRADE_SCHEMATIC: cf9b7aab9ed7c365d5384509b4d31c02fdaa06d2b3ac6cc0bc806f28130eff1f
FACTORY_UPGRADE_VERSION: v1.10.9
FACTORY_VERSION: v1.10.8
GITHUB_STEP_NAME: ${{ github.job}}-factory-1.10-iso
KUBERNETES_VERSION: 1.33.7
run: |
sudo -E make e2e-image-factory
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-image-factory
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-images:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: generic
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/images') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: images
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64,linux/arm64
run: |
make images
integration-misc-0:
name: ${{ matrix.test }}
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
strategy:
matrix:
include:
- shortIntegrationTest: "yes"
test: e2e-firewall
withFirewall: block
- customCniUrl: https://raw.githubusercontent.com/projectcalico/calico/v3.30.3/manifests/canal.yaml
integrationTestRun: TestIntegration/api.ResetSuite/TestResetWithSpec
test: e2e-canal-reset
- shortIntegrationTest: "yes"
test: e2e-controlplane-port
withConfigPatch: '@hack/test/patches/ephemeral-min-max.yaml'
withControlPlanePort: "443"
- shortIntegrationTest: "yes"
test: e2e-uki-4k
with4kDisk: "true"
withUkiBoot: "true"
- qemuMemoryControlplanes: "4096"
qemuMemoryWorkers: "4096"
shortIntegrationTest: "yes"
test: e2e-flannel-netpol
testMode: network-policy
withConfigPatch: '@hack/test/patches/flannel-netpol.yaml'
fail-fast: false
max-parallel: 2
needs:
- default
steps:
- name: check-pr-labels
id: check-pr-labels
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc-0') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
run: "true"
- name: gather-system-info
id: system-info
if: steps.check-pr-labels.conclusion == 'success'
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
if: steps.check-pr-labels.conclusion == 'success'
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
if: steps.check-pr-labels.conclusion == 'success'
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
if: steps.check-pr-labels.conclusion == 'success'
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
if: steps.check-pr-labels.conclusion == 'success'
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
if: steps.check-pr-labels.conclusion == 'success'
run: |
make ci-temp-release-tag
- name: ${{ matrix.test }}
if: steps.check-pr-labels.conclusion == 'success'
env:
CUSTOM_CNI_URL: ${{ matrix.customCniUrl }}
GITHUB_STEP_NAME: ${{ github.job}}-${{ matrix.test }}
IMAGE_REGISTRY: registry.dev.siderolabs.io
INTEGRATION_TEST_RUN: ${{ matrix.integrationTestRun }}
QEMU_MEMORY_CONTROLPLANES: ${{ matrix.qemuMemoryControlplanes }}
QEMU_MEMORY_WORKERS: ${{ matrix.qemuMemoryWorkers }}
SHORT_INTEGRATION_TEST: ${{ matrix.shortIntegrationTest }}
TEST_MODE: ${{ matrix.testMode }}
WITH_4K_DISK: ${{ matrix.with4kDisk }}
WITH_CONFIG_PATCH: ${{ matrix.withConfigPatch }}
WITH_CONTROL_PLANE_PORT: ${{ matrix.withControlPlanePort }}
WITH_FIREWALL: ${{ matrix.withFirewall }}
WITH_UKI_BOOT: ${{ matrix.withUkiBoot }}
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always() && steps.check-pr-labels.conclusion == 'success'
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-misc-0-${{ matrix.test }}
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-misc-1:
name: ${{ matrix.test }}-${{ matrix.variant }}
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && !cancelled()
strategy:
matrix:
include:
- test: e2e-no-cluster-discovery
variant: default
withClusterDiscovery: "false"
- test: e2e-kubespan
variant: default
withClusterDiscovery: "true"
withKubespan: "true"
- disableDhcpHostname: "true"
test: e2e-default-hostname
variant: default
viaMaintenanceMode: "true"
- qemuMemoryControlplanes: "2048"
qemuMemoryWorkers: "1024"
qemuSystemDiskSize: "10240"
test: e2e-min-requirements
variant: default
- extraTestArgs: -talos.enforcing
tagSuffixIn: -enforcing
test: e2e-no-cluster-discovery
variant: enforcing
withClusterDiscovery: "false"
withEnforcing: "true"
- extraTestArgs: -talos.enforcing
tagSuffixIn: -enforcing
test: e2e-kubespan
variant: enforcing
withClusterDiscovery: "true"
withEnforcing: "true"
withKubespan: "true"
- disableDhcpHostname: "true"
extraTestArgs: -talos.enforcing
tagSuffixIn: -enforcing
test: e2e-default-hostname
variant: enforcing
viaMaintenanceMode: "true"
withEnforcing: "true"
- extraTestArgs: -talos.enforcing
qemuMemoryControlplanes: "2048"
qemuMemoryWorkers: "1024"
qemuSystemDiskSize: "10240"
tagSuffixIn: -enforcing
test: e2e-min-requirements
variant: enforcing
withEnforcing: "true"
fail-fast: false
max-parallel: 2
needs:
- default
- integration-build-enforcing
steps:
- name: check-pr-labels
id: check-pr-labels
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc-1') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
run: "true"
- name: gather-system-info
id: system-info
if: steps.check-pr-labels.conclusion == 'success'
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
if: steps.check-pr-labels.conclusion == 'success'
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
if: steps.check-pr-labels.conclusion == 'success'
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
if: steps.check-pr-labels.conclusion == 'success'
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-enforcing-artifacts
path: _out
- name: Fix artifact permissions
if: steps.check-pr-labels.conclusion == 'success'
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
if: steps.check-pr-labels.conclusion == 'success'
run: |
make ci-temp-release-tag
- name: ${{ matrix.test }}
if: steps.check-pr-labels.conclusion == 'success'
env:
DISABLE_DHCP_HOSTNAME: ${{ matrix.disableDhcpHostname }}
EXTRA_TEST_ARGS: ${{ matrix.extraTestArgs }}
GITHUB_STEP_NAME: ${{ github.job}}-${{ matrix.test }}-${{ matrix.variant }}
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_MEMORY_CONTROLPLANES: ${{ matrix.qemuMemoryControlplanes }}
QEMU_MEMORY_WORKERS: ${{ matrix.qemuMemoryWorkers }}
QEMU_SYSTEM_DISK_SIZE: ${{ matrix.qemuSystemDiskSize }}
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: ${{ matrix.tagSuffixIn }}
VIA_MAINTENANCE_MODE: ${{ matrix.viaMaintenanceMode }}
WITH_CLUSTER_DISCOVERY: ${{ matrix.withClusterDiscovery }}
WITH_ENFORCING: ${{ matrix.withEnforcing }}
WITH_KUBESPAN: ${{ matrix.withKubespan }}
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always() && steps.check-pr-labels.conclusion == 'success'
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-misc-1-${{ matrix.test }}-${{ matrix.variant }}
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-misc-2:
name: ${{ matrix.test }}
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
strategy:
matrix:
include:
- extraTestArgs: -talos.verifyukibooted=false
test: e2e-bios
withUefi: "false"
- extraTestArgs: -talos.verifyukibooted=false
test: e2e-bios-iso
viaMaintenanceMode: "true"
withIso: "true"
withUefi: "false"
- test: e2e-disk-image
useDiskImage: "true"
viaMaintenanceMode: "true"
withDiskEncryption: "true"
withJsonLogs: "false"
- extraTestArgs: -talos.verifyukibooted=false
test: e2e-disk-image-bios
useDiskImage: "true"
viaMaintenanceMode: "true"
withDiskEncryption: "true"
withUefi: "false"
- test: e2e-node-address-v2
withConfigPatch: '@hack/test/patches/node-address-v2.yaml'
- test: e2e-tpm1_2
withTpm12: "true"
- test: e2e-dns-over-tls
withConfigPatch: '@hack/test/patches/dns-over-tls.yaml'
- test: e2e-dns-over-http
withConfigPatch: '@hack/test/patches/dns-over-http.yaml'
fail-fast: false
max-parallel: 2
needs:
- default
steps:
- name: check-pr-labels
id: check-pr-labels
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc-2') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
run: "true"
- name: gather-system-info
id: system-info
if: steps.check-pr-labels.conclusion == 'success'
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
if: steps.check-pr-labels.conclusion == 'success'
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
if: steps.check-pr-labels.conclusion == 'success'
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
if: steps.check-pr-labels.conclusion == 'success'
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
if: steps.check-pr-labels.conclusion == 'success'
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
if: steps.check-pr-labels.conclusion == 'success'
run: |
make ci-temp-release-tag
- name: ${{ matrix.test }}
if: steps.check-pr-labels.conclusion == 'success'
env:
EXTRA_TEST_ARGS: ${{ matrix.extraTestArgs }}
GITHUB_STEP_NAME: ${{ github.job}}-${{ matrix.test }}
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
USE_DISK_IMAGE: ${{ matrix.useDiskImage }}
VIA_MAINTENANCE_MODE: ${{ matrix.viaMaintenanceMode }}
WITH_CONFIG_PATCH: ${{ matrix.withConfigPatch }}
WITH_DISK_ENCRYPTION: ${{ matrix.withDiskEncryption }}
WITH_ISO: ${{ matrix.withIso }}
WITH_JSON_LOGS: ${{ matrix.withJsonLogs }}
WITH_TPM1_2: ${{ matrix.withTpm12 }}
WITH_UEFI: ${{ matrix.withUefi }}
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always() && steps.check-pr-labels.conclusion == 'success'
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-misc-2-${{ matrix.test }}
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-misc-3:
name: ${{ matrix.test }}-${{ matrix.variant }}
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && !cancelled()
strategy:
matrix:
include:
- test: e2e-network-chaos
variant: default
withNetworkChaos: "yes"
- test: e2e-metal-iso
variant: default
withConfigInjectionMethod: metal-iso
- test: e2e-iommu-pcidriverrebind
variant: default
withIommu: "yes"
- extraTestArgs: -talos.enforcing
tagSuffixIn: -enforcing
test: e2e-network-chaos
variant: enforcing
withEnforcing: "true"
withNetworkChaos: "yes"
- extraTestArgs: -talos.enforcing
tagSuffixIn: -enforcing
test: e2e-metal-iso
variant: enforcing
withConfigInjectionMethod: metal-iso
withEnforcing: "true"
- extraTestArgs: -talos.enforcing
tagSuffixIn: -enforcing
test: e2e-iommu-pcidriverrebind
variant: enforcing
withEnforcing: "true"
withIommu: "yes"
fail-fast: false
max-parallel: 2
needs:
- default
- integration-build-enforcing
steps:
- name: check-pr-labels
id: check-pr-labels
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc-3') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
run: "true"
- name: gather-system-info
id: system-info
if: steps.check-pr-labels.conclusion == 'success'
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
if: steps.check-pr-labels.conclusion == 'success'
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
if: steps.check-pr-labels.conclusion == 'success'
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
if: steps.check-pr-labels.conclusion == 'success'
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-enforcing-artifacts
path: _out
- name: Fix artifact permissions
if: steps.check-pr-labels.conclusion == 'success'
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
if: steps.check-pr-labels.conclusion == 'success'
run: |
make ci-temp-release-tag
- name: ${{ matrix.test }}
if: steps.check-pr-labels.conclusion == 'success'
env:
EXTRA_TEST_ARGS: ${{ matrix.extraTestArgs }}
GITHUB_STEP_NAME: ${{ github.job}}-${{ matrix.test }}-${{ matrix.variant }}
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: ${{ matrix.tagSuffixIn }}
WITH_CONFIG_INJECTION_METHOD: ${{ matrix.withConfigInjectionMethod }}
WITH_ENFORCING: ${{ matrix.withEnforcing }}
WITH_IOMMU: ${{ matrix.withIommu }}
WITH_NETWORK_CHAOS: ${{ matrix.withNetworkChaos }}
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always() && steps.check-pr-labels.conclusion == 'success'
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-misc-3-${{ matrix.test }}-${{ matrix.variant }}
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-misc-4:
name: ${{ matrix.test }}-${{ matrix.variant }}
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && !cancelled()
strategy:
matrix:
include:
- test: e2e-siderolink
variant: default
viaMaintenanceMode: "true"
withSiderolinkAgent: "true"
- test: e2e-siderolink-tunnel
variant: default
viaMaintenanceMode: "true"
withSiderolinkAgent: tunnel
- test: e2e-siderolink-tls
variant: default
viaMaintenanceMode: "true"
withSiderolinkAgent: wireguard+tls
- test: e2e-apparmor
variant: default
withAppArmorLsmEnabled: "yes"
- test: e2e-k8s-user-namespace
variant: default
withConfigPatch: '@hack/test/patches/usernamespace.yaml'
- extraTestArgs: -talos.enforcing
tagSuffixIn: -enforcing
test: e2e-siderolink
variant: enforcing
viaMaintenanceMode: "true"
withEnforcing: "true"
withSiderolinkAgent: "true"
- extraTestArgs: -talos.enforcing
tagSuffixIn: -enforcing
test: e2e-siderolink-tunnel
variant: enforcing
viaMaintenanceMode: "true"
withEnforcing: "true"
withSiderolinkAgent: tunnel
- extraTestArgs: -talos.enforcing
tagSuffixIn: -enforcing
test: e2e-siderolink-tls
variant: enforcing
viaMaintenanceMode: "true"
withEnforcing: "true"
withSiderolinkAgent: wireguard+tls
- extraTestArgs: -talos.enforcing
tagSuffixIn: -enforcing
test: e2e-k8s-user-namespace
variant: enforcing
withConfigPatch: '@hack/test/patches/usernamespace.yaml'
withEnforcing: "true"
fail-fast: false
max-parallel: 2
needs:
- default
- integration-build-enforcing
steps:
- name: check-pr-labels
id: check-pr-labels
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/misc-4') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
run: "true"
- name: gather-system-info
id: system-info
if: steps.check-pr-labels.conclusion == 'success'
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
if: steps.check-pr-labels.conclusion == 'success'
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
if: steps.check-pr-labels.conclusion == 'success'
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
if: steps.check-pr-labels.conclusion == 'success'
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-enforcing-artifacts
path: _out
- name: Fix artifact permissions
if: steps.check-pr-labels.conclusion == 'success'
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
if: steps.check-pr-labels.conclusion == 'success'
run: |
make ci-temp-release-tag
- name: ${{ matrix.test }}
if: steps.check-pr-labels.conclusion == 'success'
env:
EXTRA_TEST_ARGS: ${{ matrix.extraTestArgs }}
GITHUB_STEP_NAME: ${{ github.job}}-${{ matrix.test }}-${{ matrix.variant }}
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: ${{ matrix.tagSuffixIn }}
VIA_MAINTENANCE_MODE: ${{ matrix.viaMaintenanceMode }}
WITH_APPARMOR_LSM_ENABLED: ${{ matrix.withAppArmorLsmEnabled }}
WITH_CONFIG_PATCH: ${{ matrix.withConfigPatch }}
WITH_ENFORCING: ${{ matrix.withEnforcing }}
WITH_SIDEROLINK_AGENT: ${{ matrix.withSiderolinkAgent }}
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always() && steps.check-pr-labels.conclusion == 'success'
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-misc-4-${{ matrix.test }}-${{ matrix.variant }}
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-provision-0:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/provision-0') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/provision') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: provision-tests-prepare
run: |
make provision-tests-prepare
- name: provision-tests-track
env:
GRPC_ENFORCE_ALPN_ENABLED: "false"
IMAGE_REGISTRY: registry.dev.siderolabs.io
run: |
sudo -E make provision-tests-track-0
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-provision-0
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-provision-1:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/provision-1') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/provision') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: installer-enforcing
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
TAG_SUFFIX_OUT: -enforcing
run: |
make installer
- name: provision-tests-prepare
run: |
make provision-tests-prepare
- name: provision-tests-track
env:
GRPC_ENFORCE_ALPN_ENABLED: "false"
IMAGE_REGISTRY: registry.dev.siderolabs.io
run: |
sudo -E make provision-tests-track-1
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-provision-1
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-provision-2:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/provision-2') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/provision') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: installer-extra-cmdline
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=talos.extra_cmdline=extra-super-cmdline
PLATFORM: linux/amd64,linux/arm64
TAG_SUFFIX_OUT: -extra-cmdline
run: |
make installer
- name: provision-tests-prepare
run: |
make provision-tests-prepare
- name: provision-tests-track
env:
GRPC_ENFORCE_ALPN_ENABLED: "false"
IMAGE_REGISTRY: registry.dev.siderolabs.io
run: |
sudo -E make provision-tests-track-2
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-provision-2
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-provision-3:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/provision-3') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/provision') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: provision-tests-prepare
run: |
make provision-tests-prepare
- name: provision-tests-track
env:
GRPC_ENFORCE_ALPN_ENABLED: "false"
IMAGE_REGISTRY: registry.dev.siderolabs.io
run: |
sudo -E make provision-tests-track-3
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-provision-3
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-qemu-csi-longhorn:
name: ${{ matrix.csi }}
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/'))
strategy:
matrix:
include:
- csi: longhorn
longhornEngine: v2
- csi: longhorn-v1
extraTestArgs: -talos.skip-ephemeral-policy
extraWorkerPatch: :@_out/kubelet-fat-patch.yaml:@hack/test/patches/ephemeral-insecure.yaml
longhornEngine: v1
fail-fast: false
max-parallel: 2
needs:
- default
steps:
- name: check-pr-labels
id: check-pr-labels
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu-csi') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/extensions') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu-csi-longhorn') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
run: "true"
- name: gather-system-info
id: system-info
if: steps.check-pr-labels.conclusion == 'success'
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
if: steps.check-pr-labels.conclusion == 'success'
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
if: steps.check-pr-labels.conclusion == 'success'
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
if: steps.check-pr-labels.conclusion == 'success'
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
if: steps.check-pr-labels.conclusion == 'success'
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
if: steps.check-pr-labels.conclusion == 'success'
run: |
make ci-temp-release-tag
- name: checkout extensions
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
with:
path: _out/extensions
ref: main
repository: siderolabs/extensions
- name: set variables
if: steps.check-pr-labels.conclusion == 'success'
run: |
cat _out/talos-metadata >> "$GITHUB_ENV"
- name: build extensions
if: steps.check-pr-labels.conclusion == 'success'
env:
PLATFORM: linux/amd64
PUSH: "true"
REGISTRY: registry.dev.siderolabs.io
run: |
make iscsi-tools util-linux-tools extensions-metadata -C _out/extensions
- name: installer extensions
if: steps.check-pr-labels.conclusion == 'success'
env:
EXTENSIONS_FILTER_COMMAND: grep -E '/iscsi-tools|util-linux-tools'
IMAGE_REGISTRY: registry.dev.siderolabs.io
run: |
make installer-with-extensions
- name: kubelet-fat-patch
if: steps.check-pr-labels.conclusion == 'success'
run: |
make kubelet-fat-patch
- name: e2e-qemu-csi-longhorn
if: steps.check-pr-labels.conclusion == 'success'
env:
EXTRA_TEST_ARGS: -talos.csi=${{ matrix.csi }} ${{ matrix.extraTestArgs }}
GITHUB_STEP_NAME: ${{ github.job}}-e2e-qemu-csi-longhorn-${{ matrix.csi }}
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_CPUS_WORKERS: "3"
QEMU_EXTRA_DISKS: "1"
QEMU_EXTRA_DISKS_DRIVERS: nvme
QEMU_EXTRA_DISKS_SIZE: "12288"
QEMU_MEMORY_WORKERS: "10240"
QEMU_SYSTEM_DISK_SIZE: "20480"
QEMU_WORKERS: "3"
SHORT_INTEGRATION_TEST: "yes"
WITH_CONFIG_PATCH_CONTROLPLANE: '@hack/test/patches/longhorn-cp.yaml'
WITH_CONFIG_PATCH_WORKER: '@_out/installer-extensions-patch.yaml:@hack/test/patches/longhorn.yaml${{ matrix.extraWorkerPatch }}'
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: steps.check-pr-labels.conclusion == 'success'
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: fio-integration-qemu-csi-longhorn-${{ matrix.csi }}
path: |
/tmp/fio-*.json
retention-days: "180"
- name: save artifacts
if: always() && steps.check-pr-labels.conclusion == 'success'
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-qemu-csi-longhorn-${{ matrix.csi }}
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-qemu-csi-openebs:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu-csi-openebs') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu-csi') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: e2e-qemu-csi
env:
EXTRA_TEST_ARGS: -talos.csi=openebs
GITHUB_STEP_NAME: ${{ github.job}}-e2e-qemu-csi-openebs
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_CPUS_WORKERS: "4"
QEMU_EXTRA_DISKS: "1"
QEMU_EXTRA_DISKS_SIZE: "12288"
QEMU_MEMORY_WORKERS: "8192"
QEMU_WORKERS: "3"
SHORT_INTEGRATION_TEST: "yes"
WITH_CONFIG_PATCH_CONTROLPLANE: '@hack/test/patches/openebs-cp.yaml'
WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/openebs.yaml'
run: |
sudo -E make e2e-qemu
- name: save artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: fio-integration-qemu-csi-openebs
path: |
/tmp/fio-*.json
retention-days: "180"
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-qemu-csi-openebs
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-qemu-csi-rook-ceph:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu-csi-rook-ceph') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu-csi') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: e2e-qemu-csi
env:
EXTRA_TEST_ARGS: -talos.csi=rook-ceph
GITHUB_STEP_NAME: ${{ github.job}}-e2e-qemu-csi-rook-ceph
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_CPUS_WORKERS: "6"
QEMU_EXTRA_DISKS: "1"
QEMU_EXTRA_DISKS_SIZE: "12288"
QEMU_MEMORY_WORKERS: "8192"
QEMU_WORKERS: "3"
SHORT_INTEGRATION_TEST: "yes"
WITH_CONFIG_PATCH_CONTROLPLANE: '@hack/test/patches/rook-ceph.yaml'
run: |
sudo -E make e2e-qemu
- name: save artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: fio-integration-qemu-csi-rook-ceph
path: |
/tmp/fio-*.json
retention-days: "180"
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-qemu-csi-rook-ceph
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-qemu-default:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu-default') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
- integration-build-enforcing
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-enforcing-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: e2e-qemu
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_EXTRA_DISKS: "4"
QEMU_EXTRA_DISKS_DRIVERS: virtiofs,ide,nvme
QEMU_EXTRA_DISKS_SIZE: "10240"
QEMU_EXTRA_DISKS_TAGS: disk0
USER_DISKS_MOUNTS: /var/mnt/extra,/var/mnt/p1,/var/mnt/p2
WITH_CONFIG_PATCH: '@hack/test/patches/image-verification.yaml'
WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml'
WITH_USER_DISK: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-qemu-default
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-qemu-encrypted-vip:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu-encrypted-vip') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
- integration-build-enforcing
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-enforcing-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: e2e-qemu
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_EXTRA_DISKS: "4"
QEMU_EXTRA_DISKS_DRIVERS: virtiofs,ide,nvme
QEMU_EXTRA_DISKS_SIZE: "10240"
QEMU_EXTRA_DISKS_TAGS: disk0
WITH_CONFIG_PATCH: '@hack/test/patches/image-verification.yaml'
WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml'
WITH_DISK_ENCRYPTION: "true"
WITH_KUBESPAN: "true"
WITH_VIRTUAL_IP: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-qemu-encrypted-vip
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-qemu-enforcing:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu-enforcing') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
- integration-build-enforcing
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-enforcing-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: e2e-qemu
env:
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_EXTRA_DISKS: "3"
QEMU_EXTRA_DISKS_DRIVERS: ide,nvme
QEMU_EXTRA_DISKS_SIZE: "10240"
TAG_SUFFIX_IN: -enforcing
USER_DISKS_MOUNTS: /var/mnt/extra,/var/mnt/p1,/var/mnt/p2
WITH_CONFIG_PATCH: '@hack/test/patches/image-verification.yaml'
WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml'
WITH_ENFORCING: "true"
WITH_USER_DISK: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-qemu-enforcing
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-qemu-race:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu-race') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/qemu') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
- integration-build-enforcing
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-enforcing-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: build-race
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
PLATFORM: linux/amd64
PUSH: "true"
TAG_SUFFIX: -race
WITH_RACE: "1"
run: |
make initramfs installer-base imager installer
- name: e2e-qemu
env:
EXTRA_TEST_ARGS: -talos.race
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_EXTRA_DISKS: "4"
QEMU_EXTRA_DISKS_DRIVERS: virtiofs,ide,nvme
QEMU_EXTRA_DISKS_SIZE: "10240"
QEMU_EXTRA_DISKS_TAGS: disk0
QEMU_MEMORY_CONTROLPLANES: "4096"
QEMU_MEMORY_WORKERS: "4096"
TAG_SUFFIX: -race
WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml'
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-qemu-race
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-reproducibility-test:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/reproducibility-test') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: reproducibility-test
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
run: |
make reproducibility-test
integration-trusted-boot-default:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/trusted-boot-default') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/trusted-boot') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
- integration-build-enforcing
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-enforcing-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: integration-trusted-boot
env:
EXTRA_TEST_ARGS: -talos.trustedboot
GITHUB_STEP_NAME: ${{ github.job}}-integration-trusted-boot-default
IMAGE_REGISTRY: registry.dev.siderolabs.io
VIA_MAINTENANCE_MODE: "true"
WITH_CONFIG_PATCH: '@hack/test/patches/image-verification.yaml'
WITH_TRUSTED_BOOT_ISO: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-trusted-boot-default
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-trusted-boot-disk-image:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/trusted-boot-disk-image') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/trusted-boot') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
- integration-build-enforcing
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-enforcing-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: image-secureboot-metal
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
PLATFORM: linux/amd64,linux/arm64
run: |
make image-secureboot-metal
- name: integration-trusted-boot
env:
EXTRA_TEST_ARGS: -talos.trustedboot
GITHUB_STEP_NAME: ${{ github.job}}-integration-trusted-boot-disk-image
IMAGE_REGISTRY: registry.dev.siderolabs.io
VIA_MAINTENANCE_MODE: "true"
WITH_CONFIG_PATCH: '@hack/test/patches/image-verification.yaml'
WITH_TRUSTED_BOOT_DISK_IMAGE: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-trusted-boot-disk-image
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
integration-trusted-boot-enforcing:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/trusted-boot-enforcing') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/trusted-boot') || contains(fromJSON(needs.default.outputs.labels || '[]'), 'integration/release-gate')
needs:
- default
- integration-build-enforcing
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Download artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # version: v8.0.1
with:
name: talos-enforcing-artifacts
path: _out
- name: Fix artifact permissions
run: |
xargs -a _out/executable-artifacts -I {} chmod +x {}
- name: ci-temp-release-tag
run: |
make ci-temp-release-tag
- name: secureboot-iso
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
run: |
make secureboot-iso
- name: integration-trusted-boot
env:
EXTRA_TEST_ARGS: -talos.trustedboot -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-integration-trusted-boot-enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_CONFIG_PATCH: '@hack/test/patches/image-verification.yaml'
WITH_ENFORCING: "true"
WITH_TRUSTED_BOOT_ISO: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts
if: always()
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # version: v7.0.1
with:
name: talos-logs-integration-trusted-boot-enforcing
path: |-
/tmp/logs-*.tar.gz
/tmp/support-*.zip
retention-days: "5"
push:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && github.event_name != 'pull_request' && !startsWith(github.ref, 'refs/tags/')
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: build
env:
PLATFORM: linux/amd64,linux/arm64
run: |
make talosctl-all kernel sd-boot sd-stub initramfs installer-base imager talos
- name: release-notes
run: |
make release-notes
- name: login-to-registry
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # version: v4.1.0
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
username: ${{ github.repository_owner }}
- name: push
env:
PLATFORM: linux/amd64,linux/arm64
run: |
make push
- name: push-latest
if: github.ref == 'refs/heads/main'
env:
PLATFORM: linux/amd64,linux/arm64
run: |
make push-latest
release-metadata-check:
permissions:
actions: read
contents: write
issues: read
packages: write
pull-requests: read
runs-on:
group: generic
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && github.event_name == 'pull_request'
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: release-metadata-check
env:
GH_TOKEN: ${{ github.token }}
PR_TITLE: ${{ github.event.pull_request.title }}
run: |
make release-metadata-check
tag:
permissions:
actions: read
contents: write
id-token: write
issues: read
packages: write
pull-requests: read
runs-on:
group: large
if: (!startsWith(github.head_ref, 'renovate/') && !startsWith(github.head_ref, 'dependabot/')) && startsWith(github.ref, 'refs/tags/')
steps:
- name: gather-system-info
id: system-info
uses: kenchan0130/actions-system-info@59699597e84e80085a750998045983daa49274c4 # version: v1.4.0
continue-on-error: true
- name: print-system-info
run: |
MEMORY_GB=$((${{ steps.system-info.outputs.totalmem }}/1024/1024/1024))
OUTPUTS=(
"CPU Core: ${{ steps.system-info.outputs.cpu-core }}"
"CPU Model: ${{ steps.system-info.outputs.cpu-model }}"
"Hostname: ${{ steps.system-info.outputs.hostname }}"
"NodeName: ${NODE_NAME}"
"Kernel release: ${{ steps.system-info.outputs.kernel-release }}"
"Kernel version: ${{ steps.system-info.outputs.kernel-version }}"
"Name: ${{ steps.system-info.outputs.name }}"
"Platform: ${{ steps.system-info.outputs.platform }}"
"Release: ${{ steps.system-info.outputs.release }}"
"Total memory: ${MEMORY_GB} GB"
)
for OUTPUT in "${OUTPUTS[@]}";do
echo "${OUTPUT}"
done
continue-on-error: true
- name: checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # version: v6.0.2
- name: Unshallow
run: |
git fetch --prune --unshallow
- name: Set up Docker Buildx
id: setup-buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # version: v4.0.0
with:
driver: remote
endpoint: tcp://buildkit-amd64.ci.svc.cluster.local:1234
timeout-minutes: 10
- name: Mask secrets
run: |
echo "$(sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | "::add-mask::" + .value')"
- name: Set secrets for job
run: |
sops -d .secrets.yaml | yq -e '.secrets | to_entries[] | .key + "=" + .value' >> "$GITHUB_ENV"
- name: build
env:
PLATFORM: linux/amd64,linux/arm64
run: |
make talosctl-all kernel sd-boot sd-stub initramfs installer-base imager talos talosctl-cni-bundle
- name: release-notes
run: |
make release-notes
- name: sbom
run: |
make sbom
- name: login-to-registry
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # version: v4.1.0
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
username: ${{ github.repository_owner }}
- name: push
env:
PLATFORM: linux/amd64,linux/arm64
run: |
make push
- name: images
env:
PLATFORM: linux/amd64,linux/arm64
run: |
make images
- name: Sign artifacts
run: |
cosign sign-blob --bundle _out/initramfs-amd64.xz.bundle --yes _out/initramfs-amd64.xz
cosign sign-blob --bundle _out/initramfs-arm64.xz.bundle --yes _out/initramfs-arm64.xz
cosign sign-blob --bundle _out/metal-amd64.iso.bundle --yes _out/metal-amd64.iso
cosign sign-blob --bundle _out/metal-arm64.iso.bundle --yes _out/metal-arm64.iso
cosign sign-blob --bundle _out/metal-amd64-uki.efi.bundle --yes _out/metal-amd64-uki.efi
cosign sign-blob --bundle _out/metal-arm64-uki.efi.bundle --yes _out/metal-arm64-uki.efi
cosign sign-blob --bundle _out/metal-amd64.raw.zst.bundle --yes _out/metal-amd64.raw.zst
cosign sign-blob --bundle _out/metal-arm64.raw.zst.bundle --yes _out/metal-arm64.raw.zst
cosign sign-blob --bundle _out/talos-arm64.spdx.json.bundle --yes _out/talos-arm64.spdx.json
cosign sign-blob --bundle _out/talos-amd64.spdx.json.bundle --yes _out/talos-amd64.spdx.json
cosign sign-blob --bundle _out/talos-container-arm64.spdx.json.bundle --yes _out/talos-container-arm64.spdx.json
cosign sign-blob --bundle _out/talos-container-amd64.spdx.json.bundle --yes _out/talos-container-amd64.spdx.json
cosign sign-blob --bundle _out/talosctl-cni-bundle-amd64.tar.gz.bundle --yes _out/talosctl-cni-bundle-amd64.tar.gz
cosign sign-blob --bundle _out/talosctl-cni-bundle-arm64.tar.gz.bundle --yes _out/talosctl-cni-bundle-arm64.tar.gz
cosign sign-blob --bundle _out/talosctl-darwin-amd64.bundle --yes _out/talosctl-darwin-amd64
cosign sign-blob --bundle _out/talosctl-darwin-arm64.bundle --yes _out/talosctl-darwin-arm64
cosign sign-blob --bundle _out/talosctl-freebsd-amd64.bundle --yes _out/talosctl-freebsd-amd64
cosign sign-blob --bundle _out/talosctl-freebsd-arm64.bundle --yes _out/talosctl-freebsd-arm64
cosign sign-blob --bundle _out/talosctl-linux-amd64.bundle --yes _out/talosctl-linux-amd64
cosign sign-blob --bundle _out/talosctl-linux-arm64.bundle --yes _out/talosctl-linux-arm64
cosign sign-blob --bundle _out/talosctl-linux-armv7.bundle --yes _out/talosctl-linux-armv7
cosign sign-blob --bundle _out/talosctl-linux-riscv64.bundle --yes _out/talosctl-linux-riscv64
cosign sign-blob --bundle _out/talosctl-windows-amd64.exe.bundle --yes _out/talosctl-windows-amd64.exe
cosign sign-blob --bundle _out/talosctl-windows-arm64.exe.bundle --yes _out/talosctl-windows-arm64.exe
cosign sign-blob --bundle _out/vmlinuz-amd64.bundle --yes _out/vmlinuz-amd64
cosign sign-blob --bundle _out/vmlinuz-arm64.bundle --yes _out/vmlinuz-arm64
- name: Generate Checksums
run: |
cd _out
sha256sum initramfs-amd64.xz initramfs-arm64.xz metal-amd64.iso metal-arm64.iso metal-amd64-uki.efi metal-arm64-uki.efi metal-amd64.raw.zst metal-arm64.raw.zst talos-arm64.spdx.json talos-amd64.spdx.json talos-container-arm64.spdx.json talos-container-amd64.spdx.json talosctl-cni-bundle-amd64.tar.gz talosctl-cni-bundle-arm64.tar.gz talosctl-darwin-amd64 talosctl-darwin-arm64 talosctl-freebsd-amd64 talosctl-freebsd-arm64 talosctl-linux-amd64 talosctl-linux-arm64 talosctl-linux-armv7 talosctl-linux-riscv64 talosctl-windows-amd64.exe talosctl-windows-arm64.exe vmlinuz-amd64 vmlinuz-arm64 > sha256sum.txt
sha512sum initramfs-amd64.xz initramfs-arm64.xz metal-amd64.iso metal-arm64.iso metal-amd64-uki.efi metal-arm64-uki.efi metal-amd64.raw.zst metal-arm64.raw.zst talos-arm64.spdx.json talos-amd64.spdx.json talos-container-arm64.spdx.json talos-container-amd64.spdx.json talosctl-cni-bundle-amd64.tar.gz talosctl-cni-bundle-arm64.tar.gz talosctl-darwin-amd64 talosctl-darwin-arm64 talosctl-freebsd-amd64 talosctl-freebsd-arm64 talosctl-linux-amd64 talosctl-linux-arm64 talosctl-linux-armv7 talosctl-linux-riscv64 talosctl-windows-amd64.exe talosctl-windows-arm64.exe vmlinuz-amd64 vmlinuz-arm64 > sha512sum.txt
- name: Sign checksums
run: |
cd _out
cosign sign-blob --bundle sha256sum.txt.bundle --yes sha256sum.txt
cosign sign-blob --bundle sha512sum.txt.bundle --yes sha512sum.txt
- name: release
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # version: v3.0.0
with:
body_path: _out/RELEASE_NOTES.md
draft: "true"
files: |-
_out/initramfs-amd64.xz
_out/initramfs-arm64.xz
_out/metal-amd64.iso
_out/metal-arm64.iso
_out/metal-amd64-uki.efi
_out/metal-arm64-uki.efi
_out/metal-amd64.raw.zst
_out/metal-arm64.raw.zst
_out/talos-arm64.spdx.json
_out/talos-amd64.spdx.json
_out/talos-container-arm64.spdx.json
_out/talos-container-amd64.spdx.json
_out/talosctl-cni-bundle-amd64.tar.gz
_out/talosctl-cni-bundle-arm64.tar.gz
_out/talosctl-darwin-amd64
_out/talosctl-darwin-arm64
_out/talosctl-freebsd-amd64
_out/talosctl-freebsd-arm64
_out/talosctl-linux-amd64
_out/talosctl-linux-arm64
_out/talosctl-linux-armv7
_out/talosctl-linux-riscv64
_out/talosctl-windows-amd64.exe
_out/talosctl-windows-arm64.exe
_out/vmlinuz-amd64
_out/vmlinuz-arm64
_out/sha*.txt
_out/*.bundle