Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: Run the e2e tests on TDX #383

Merged
merged 2 commits into from
Jun 6, 2024
Merged

ci: Run the e2e tests on TDX #383

merged 2 commits into from
Jun 6, 2024

Conversation

fidencio
Copy link
Member

@fidencio fidencio commented Jun 5, 2024

Please, see each commit message for more details.

Although we don't have a TDX machine plugged yet, it'd be good to have this reviewed as the tests won't be able to run before they're merged, as it's relying the pull_request_target event.

Once the TDX machine is ready, I'd be fine on having this one merged (after review, of course).

@fidencio fidencio force-pushed the topic/add-tdx-ci branch from a8dc399 to 4138c98 Compare June 5, 2024 16:34
fidencio added 2 commits June 5, 2024 18:38
@fidencio
ci: Stop testing with "kata-clh" for now
c72659f 
Unless someone opposes to that, I'd like to propose we stop testing with
Cloud Hypervisor for now, as it still doesn't have TEE support.

At the moment TEE support is added, we get back to testing it.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
@fidencio
ci: Add support for testing on a TDX machine
0258d49 
For the TDX machine we're mostly interested on testing whatever will be
tested with the kata-qemu-tdx runtime class, instead of the kata-qemu
one.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
@fidencio fidencio force-pushed the topic/add-tdx-ci branch from 4138c98 to 0258d49 Compare June 5, 2024 16:39
stevenhorsman
stevenhorsman approved these changes Jun 6, 2024
View reviewed changes
.github/workflows/ccruntime_e2e.yaml
- runtimeclass: "kata-qemu"
instance: "tdx"
include:
- runtimeclass: "kata-qemu-tdx"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI I don't think the runtimeclass is actually used in the operator tests at the moment, but that doesn't mean we shouldn't have this code change, I just wanted to flag it up

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ouch.
@wainersm, do you plan to address this at some point soon?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's because we only have an install and uninstall test at the moment, which isn't runtime class unique? I expect that when we add some e2e tests we'd be using the runtimeclass for them

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, the install/uninstall tests don't use the runtimeclass but the operator.sh does check that the expected runtimeclass was installed: https://github.com/confidential-containers/operator/blob/main/tests/e2e/operator.sh#L150

Maybe that check should live in the tests for the sake of clarity?

@stevenhorsman stevenhorsman marked this pull request as draft June 6, 2024 09:02
@fidencio
Copy link
Member Author

fidencio commented Jun 6, 2024

image

@fidencio fidencio marked this pull request as ready for review June 6, 2024 17:35
wainersm
wainersm reviewed Jun 6, 2024
View reviewed changes
.github/workflows/ccruntime_e2e.yaml
@@ -21,14 +21,10 @@ jobs:
matrix:
runtimeclass:
- "kata-qemu"
- "kata-clh"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ack!

wainersm
wainersm approved these changes Jun 6, 2024
View reviewed changes
Copy link
Member

@wainersm wainersm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM @fidencio !

Let's just watch the nightly CI to ensure any issue arise from this change (you know, pull_request_target....)

@wainersm wainersm merged commit 15e862d into confidential-containers:main Jun 6, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevenhorsman stevenhorsman stevenhorsman approved these changes

@wainersm wainersm wainersm approved these changes

Assignees
No one assigned
Labels
ok-to-test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fidencio @wainersm @stevenhorsman