search

kata-containers / tests

Kata Containers tests, CI, and metrics
https://katacontainers.io/
Apache License 2.0
139 stars 196 forks source link

CCv0: Merge main into CCv0 branch #5700

Closed stevenhorsman closed 1 year ago

stevenhorsman commented 1 year ago

Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #5699

Signed-off-by: stevenhorsman steven@uk.ibm.com

stevenhorsman commented 1 year ago 
$ git diff --stat upstream/main -- . ':!*/vendor/*' > out.txt
 .ci/ci_job_flags.sh                                |  70 ++-
 .ci/configure_containerd_for_kata.sh               |   4 +
 .ci/configure_crio_for_kata.sh                     |   3 +
 .ci/install_cloud_hypervisor.sh                    |   8 +-
 .ci/install_cni_plugins.sh                         |   2 +-
 .ci/install_kata.sh                                |  20 +
 .ci/install_kata_image.sh                          |  37 +-
 .ci/install_kata_kernel.sh                         |  28 +-
 .ci/install_ovmf_sev.sh                            |  28 ++
 .ci/install_qemu.sh                                |  24 +-
 .ci/install_runtime.sh                             |  71 +--
 .ci/install_td_shim.sh                             |  25 +
 .ci/install_tdvf.sh                                |  24 +
 .ci/install_virtiofsd.sh                           |   2 +-
 .ci/jenkins_job_build.sh                           |  10 +-
 .ci/lib.sh                                         |  40 +-
 .ci/resolve-kata-dependencies.sh                   |  44 +-
 .ci/run.sh                                         |  24 +-
 .ci/setup.sh                                       |   1 +
 .ci/setup_env_ubuntu.sh                            |   4 +-
 .ci/static-checks.sh                               |   9 +-
 .github/workflows/commit-message-check.yaml        |   4 +-
 Makefile                                           |  21 +-
 README.md                                          |  10 +-
 cmd/check-spelling/data/projects.txt               |   1 +
 cmd/github-labels/labels.yaml.in                   |   4 +-
 cmd/pmemctl/pmemctl.sh                             |   2 +-
 functional/kata-monitor/run.sh                     |   1 +
 .../s390x/aa-offline_fs_kbc-resources.json         |   4 +
 .../x86_64/aa-offline_fs_kbc-resources.json        |   4 +
 .../aa-offline_fs_kbc-resources.json.in            |  12 +
 .../fixtures/offline-fs-kbc/auth.json.in           |   7 +
 .../s390x/aa-offline_fs_kbc-resources.json         |   8 +
 .../x86_64/aa-offline_fs_kbc-resources.json        |   8 +
 .../fixtures/quay_verification/s390x/public.gpg    |  41 ++
 .../quay_verification/s390x/signatures.tar         | Bin 0 -> 1930 bytes
 .../fixtures/quay_verification/x86_64/public.gpg   |  30 ++
 .../quay_verification/x86_64/signatures.tar        | Bin 0 -> 2157 bytes
 .../fixtures/registries.d/quay.io.yaml             |   4 +
 integration/confidential/lib.sh                    | 355 ++++++++++++++
 integration/containerd/confidential/agent_api.bats |  82 ++++
 .../containerd/confidential/agent_image.bats       | 148 ++++++
 integration/containerd/confidential/asserts.sh     |  77 +++
 .../fixtures/agent-configuration-no-exec.toml      |  46 ++
 .../confidential/fixtures/container-config.yaml    |  11 +
 .../fixtures/container-config_authenticated.yaml   |   9 +
 .../fixtures/container-config_cosigned-other.yaml  |  11 +
 .../fixtures/container-config_cosigned.yaml        |  11 +
 .../container-config_signed-protected-other.yaml   |  11 +
 .../container-config_unsigned-protected.yaml       |  11 +
 .../container-config_unsigned-unprotected.yaml     |  11 +
 .../confidential/fixtures/pod-config.yaml.in       |  12 +
 integration/containerd/confidential/lib.sh         | 163 +++++++
 integration/containerd/confidential/run_tests.sh   |  21 +
 .../containerd/confidential/tests_common.sh        | 106 ++++
 integration/containerd/cri/integration-tests.sh    |  12 +-
 integration/kubernetes/cleanup_bare_metal_env.sh   |   3 +
 .../kubernetes/confidential/agent_image.bats       | 243 +++++++++
 .../confidential/agent_image_encrypted.bats        |  81 +++
 .../confidential/fixtures/pod-config.yaml.in       |  14 +
 .../confidential/fixtures/service.yaml.in          |  35 ++
 integration/kubernetes/confidential/lib.sh         | 120 +++++
 integration/kubernetes/confidential/sev.bats       | 541 +++++++++++++++++++++
 integration/kubernetes/e2e_conformance/setup.sh    |   2 +-
 integration/kubernetes/tests_common.sh             |   0
 integration/nydus/nydus-sandbox.yaml               |   1 +
 integration/nydus/nydus_tests.sh                   |   2 +
 lib/common.bash                                    | 158 ++++++
 versions.yaml                                      |   7 +-
 69 files changed, 2851 insertions(+), 92 deletions(-)
stevenhorsman commented 1 year ago

/test

stevenhorsman commented 1 year ago

/test-sev

stevenhorsman commented 1 year ago

/test

stevenhorsman commented 1 year ago

/test /test-tdx

stevenhorsman commented 1 year ago

/test-ubuntu

stevenhorsman commented 1 year ago

/test-ubuntu

stevenhorsman commented 1 year ago

/test-tdx

stevenhorsman commented 1 year ago

@arronwy - are you able to check the TDX jobs and let me know what the cause of the failure is, thanks!

fidencio commented 1 year ago

TDX tests are failing due to measured boot being broken, I'll take a stab at this one.

fidencio commented 1 year ago

/test-tdx

fidencio commented 1 year ago

After the rebuild the TDX CLH test passed. My understand is that TDX QEMU is not passing, and I will have a sync with Arron on how to solve this one. Is SNP working? If not, please, go ahead and proceed with the merge.

Thanks for the work and for pining us here.