Don't use --accept-certificate when consuming token
#1337
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| push: | |
| pull_request: | |
| schedule: | |
| - cron: '38 6 * * *' | |
| workflow_dispatch: | |
| inputs: | |
| ubuntu-releases: | |
| description: List of Ubuntu releases to run the tests against. In JSON format, i.e. '["22.04", "24.04"]'. | |
| type: string | |
| default: '["20.04", "22.04", "24.04"]' | |
| snap-tracks: | |
| description: List of snap tracks to run the tests. In JSON format, i.e. '["latest/stable", "5.0/candidate"]'. | |
| type: string | |
| default: '["latest/edge"]' | |
| self-hosted-runner: | |
| type: boolean | |
| description: Whether to use self-hosted runners to run the jobs. | |
| default: false | |
| tmate-debug: | |
| description: Use tmate debugging session on integration test failure. | |
| type: boolean | |
| default: false | |
| tmate-timeout: | |
| description: Timeout in minutes to keep tmate debugging session. | |
| type: number | |
| default: 30 | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }} | |
| # XXX: scheduled runs should not cancel manually triggered ones | |
| cancel-in-progress: ${{ !contains(github.event_name, 'schedule')}} | |
| defaults: | |
| run: | |
| # Make sure bash is always invoked with `-eo pipefail` | |
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell | |
| shell: bash | |
| jobs: | |
| code-tests: | |
| name: Code | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| # A non-shallow clone is needed for the Differential ShellCheck | |
| fetch-depth: 0 | |
| - name: yamllint | |
| uses: ibiqlik/action-yamllint@v3 | |
| with: | |
| file_or_dir: .github/workflows/ | |
| - id: ShellCheck | |
| name: Differential ShellCheck | |
| uses: redhat-plumbers-in-action/differential-shellcheck@v5 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| strict-check-on-push: true | |
| if: github.event_name == 'pull_request' | |
| - name: Upload artifact with ShellCheck defects in SARIF format | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: Differential ShellCheck SARIF | |
| path: ${{ steps.ShellCheck.outputs.sarif }} | |
| if: github.event_name == 'pull_request' | |
| system-tests: | |
| env: | |
| PURGE_LXD: "1" | |
| name: ${{ matrix.test }} (${{ matrix.track }} - ${{ matrix.os }}) | |
| runs-on: ubuntu-${{ matrix.os }} | |
| permissions: | |
| # need that to manipulate caches | |
| actions: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: ${{ fromJSON(inputs.ubuntu-releases || '["20.04", "22.04", "24.04"]') }} | |
| track: ${{ fromJSON(inputs.snap-tracks || '["latest/edge", "5.21/edge", "5.0/edge", "4.0/edge"]') }} | |
| test: | |
| - cgroup | |
| - cluster | |
| - container | |
| - container-copy | |
| - conversion | |
| - cpu-vm | |
| - devlxd-vm | |
| - devlxd-container | |
| - docker | |
| - efi-vars-editor-vm | |
| - interception | |
| - pylxd | |
| - network-bridge-firewall | |
| - network-ovn | |
| - network-routed | |
| - snapd | |
| - storage-buckets | |
| - storage-disks-vm | |
| - "storage-vm dir" | |
| - "storage-vm btrfs" | |
| - "storage-vm ceph" | |
| - "storage-vm lvm" | |
| - "storage-vm lvm-thin" | |
| - "storage-vm zfs" | |
| - storage-volumes-vm | |
| - tpm-vm | |
| - vm-nesting | |
| - vm-migration | |
| include: | |
| - test: qemu-external-vm | |
| track: "latest/edge" | |
| os: "24.04" | |
| exclude: | |
| # not compatible with 4.0/* | |
| - test: container-copy | |
| track: "4.0/edge" | |
| - test: conversion | |
| track: "4.0/edge" | |
| - test: cpu-vm | |
| track: "4.0/edge" | |
| - test: devlxd-vm | |
| track: "4.0/edge" | |
| - test: efi-vars-editor-vm | |
| track: "4.0/edge" | |
| - test: network-bridge-firewall | |
| os: 20.04 | |
| track: "4.0/edge" | |
| - test: network-ovn | |
| track: "4.0/edge" | |
| # https://github.com/canonical/pylxd/issues/590 | |
| - test: pylxd | |
| track: "4.0/edge" | |
| - test: storage-buckets | |
| track: "4.0/edge" | |
| - test: storage-disks-vm | |
| track: "4.0/edge" | |
| - test: "storage-vm dir" | |
| track: "4.0/edge" | |
| - test: "storage-vm btrfs" | |
| track: "4.0/edge" | |
| - test: "storage-vm ceph" | |
| track: "4.0/edge" | |
| - test: "storage-vm lvm" | |
| track: "4.0/edge" | |
| - test: "storage-vm lvm-thin" | |
| track: "4.0/edge" | |
| - test: "storage-vm zfs" | |
| track: "4.0/edge" | |
| - test: storage-volumes-vm | |
| track: "4.0/edge" | |
| - test: tpm-vm | |
| track: "4.0/edge" | |
| # not compatible with 5.0/* | |
| - test: efi-vars-editor-vm # not compatible with 5.0/* | |
| track: "5.0/edge" | |
| # waiting for integration with microceph | |
| - test: "storage-vm ceph" | |
| # skip track/os combinaisons that are too far appart | |
| - track: "4.0/edge" | |
| os: "24.04" | |
| - track: "5.0/edge" | |
| os: "24.04" | |
| - track: "5.0/edge" | |
| os: "20.04" | |
| - track: "5.21/edge" | |
| os: "20.04" | |
| - track: "latest/edge" | |
| os: "20.04" | |
| - track: "latest/edge" | |
| os: "22.04" | |
| - test: "vm-migration" | |
| track: "4.0/edge" | |
| - test: "vm-migration" | |
| track: "5.0/edge" | |
| steps: | |
| - name: Performance tuning | |
| run: | | |
| set -eux | |
| # optimize ext4 FSes for performance, not reliability | |
| for fs in $(findmnt --noheading --type ext4 --list --uniq | awk '{print $1}'); do | |
| # nombcache and data=writeback cannot be changed on remount | |
| sudo mount -o remount,noatime,barrier=0,commit=6000 "${fs}" || cat /proc/self/mountinfo | |
| done | |
| # disable dpkg from calling sync() | |
| echo "force-unsafe-io" | sudo tee /etc/dpkg/dpkg.cfg.d/force-unsafe-io | |
| - name: Reclaim some space (storage tests only) | |
| if: ${{ startsWith(matrix.test, 'storage') || matrix.test == 'vm-nesting' || matrix.test == 'conversion' }} | |
| run: | | |
| set -eux | |
| df -h | |
| sudo snap remove lxd --purge | |
| # Purge older snap revisions that are disabled/superseded by newer revisions of the same snap | |
| snap list --all | while read -r name _ rev _ _ notes _; do | |
| [[ "${notes}" =~ disabled$ ]] && sudo snap remove "${name}" --revision "${rev}" --purge | |
| done || true | |
| # Remove leftover home directories | |
| sudo rm -rf /home/linuxbrew /home/runneradmin | |
| # Remove unneeded directories | |
| sudo rm -rf /opt/google/chrome | |
| sudo rm -rf /opt/hostedtoolcache/CodeQL /opt/hostedtoolcache/PyPy /opt/hostedtoolcache/Python | |
| sudo rm -rf /opt/microsoft/msedge /opt/microsoft/msodbcsql* /opt/microsoft/powershell | |
| sudo rm -rf /root/.sbt | |
| # This was inspired from https://github.com/easimon/maximize-build-space | |
| df -h | |
| # dotnet | |
| sudo rm -rf /usr/share/dotnet | |
| # android | |
| sudo rm -rf /usr/local/lib/android | |
| # haskell | |
| sudo rm -rf /opt/ghc | |
| df -h | |
| - name: Remove docker | |
| run: | | |
| set -eux | |
| sudo apt-get autopurge -y containerd.io docker-ce podman uidmap | |
| sudo ip link delete docker0 | |
| sudo nft flush ruleset || sudo iptables -I DOCKER-USER -j ACCEPT | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # needed for cache key | |
| - name: Get Date | |
| id: get-date | |
| run: | | |
| echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT | |
| shell: bash | |
| # for simplicity, just use one cache directory | |
| # and make it valid for one day | |
| - uses: actions/cache/restore@v4 | |
| id: cache-restore | |
| if: ${{ matrix.test == 'qemu-external-vm' }} | |
| with: | |
| path: /home/runner/work/cache | |
| key: cache-${{ steps.get-date.outputs.date }} | |
| - name: ${{ matrix.test }} (${{ matrix.track }}) | |
| run: | | |
| set -eux | |
| # XXX: prevent accidental usage of `images:` in CI test jobs. | |
| # All tests should be done using officially supported images. | |
| echo '127.0.0.1 images.lxd.canonical.com' | sudo tee /etc/hosts | |
| TEST_SCRIPT="$(echo ${{ matrix.test }} | cut -d " " -f 1)" | |
| EXTRA_ARGS="$(echo ${{ matrix.test }} | cut -d " " -f 2- --only-delimited)" | |
| if [ "${TEST_SCRIPT}" = "cluster" ]; then | |
| dst_track="${{ matrix.track }}" | |
| src_track="$(echo "${dst_track}" | cut -d/ -f1)/stable" | |
| EXTRA_ARGS="${EXTRA_ARGS:-3} ${src_track} ${{ matrix.track }}" | |
| fi | |
| sudo --preserve-env=PURGE_LXD,TEST_IMG ./bin/local-run "tests/${TEST_SCRIPT}" ${{ matrix.track }} ${EXTRA_ARGS:-} | |
| # always update cache as we have our own logic of | |
| # cache invalidation and updates in addition to a date check | |
| - name: Delete previous cache | |
| if: ${{ steps.cache-restore.outputs.cache-hit }} | |
| continue-on-error: true | |
| run: | | |
| gh extension install actions/gh-actions-cache | |
| gh actions-cache delete "cache-${{ steps.get-date.outputs.date }}" --confirm | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: actions/cache/save@v4 | |
| if: ${{ matrix.test == 'qemu-external-vm' }} | |
| with: | |
| path: /home/runner/work/cache | |
| key: cache-${{ steps.get-date.outputs.date }} | |
| - name: Tmate debugging session (self-hosted) | |
| if: ${{ failure() && inputs.tmate-debug && inputs.self-hosted-runner }} | |
| uses: canonical/action-tmate@main | |
| timeout-minutes: ${{ inputs.tmate-timeout }} | |
| - name: Tmate debugging session (gh-hosted) | |
| if: ${{ failure() && inputs.tmate-debug && !inputs.self-hosted-runner }} | |
| uses: mxschmitt/action-tmate@v3 | |
| timeout-minutes: ${{ inputs.tmate-timeout }} |