Fix support for E2E commit installs

Signed-off-by: Derek Nola <derek.nola@suse.com>

tests/e2e/scripts/latest_commit.sh

@@ -3,20 +3,25 @@
 branch=$1
 output_file=$2
 # Grabs the last 10 commit SHA's from the given branch, then purges any commits that do not have a passing CI build
-iterations=0
 
-# The VMs take time on startup to hit aws, wait loop until we can
-while ! curl -s --fail https://k3s-ci-builds.s3.amazonaws.com > /dev/null; do
-    ((iterations++))
-    if [ "$iterations" -ge 30 ]; then
-        echo "Unable to hit https://k3s-ci-builds.s3.amazonaws.com"
-        exit 1
+
+# Copied and modified from install.sh
+get_commit_artifact_url() {
+    commit_id=$1
+    github_api_url=https://api.github.com/repos/k3s-io/k3s
+
+    if [ -z "${GITHUB_TOKEN}" ]; then
+        fatal "Installing commit builds requires GITHUB_TOKEN with k3s-io/k3s repo permissions"
     fi
-    sleep 1
-done
 
-if [ -n "$GH_TOKEN" ]; then
-    response=$(curl -s -H "Authorization: token $GH_TOKEN" -H 'Accept: application/vnd.github.v3+json' "https://api.github.com/repos/k3s-io/k3s/commits?per_page=10&sha=$branch")
+    # GET request to the GitHub API to retrieve the Build workflows associated with the commit that have succeeded
+    run_id=$(curl -s -H "Authorization: Bearer ${GITHUB_TOKEN}" "${github_api_url}/commits/${commit_id}/check-runs?check_name=build%20%2F%20Build&conclusion=success" | jq -r '[.check_runs | sort_by(.id) | .[].details_url | split("/")[7]] | last')
+    # Extract the artifact ID for the "k3s-amd64" artifact
+    GITHUB_ART_URL=$(curl -s -H "Authorization: Bearer ${GITHUB_TOKEN}" "${github_api_url}/actions/runs/${run_id}/artifacts" | jq -r ".artifacts[] | select(.name == \"k3s-amd64\") | .archive_download_url")
+}
+
+if [ -n "$GITHUB_TOKEN" ]; then
+    response=$(curl -s -H "Authorization: token $GITHUB_TOKEN" -H 'Accept: application/vnd.github.v3+json' "https://api.github.com/repos/k3s-io/k3s/commits?per_page=10&sha=$branch")
 else
     response=$(curl -s -H 'Accept: application/vnd.github.v3+json' "https://api.github.com/repos/k3s-io/k3s/commits?per_page=10&sha=$branch")
 fi
@@ -38,8 +43,10 @@ fi
 read -a commits <<< "$commits_str"
 
 for commit in "${commits[@]}"; do
-    if curl -s --fail https://k3s-ci-builds.s3.amazonaws.com/k3s-$commit.sha256sum > /dev/null; then
+    get_commit_artifact_url "$commit"
+    if [ -n "$GITHUB_ART_URL" ]; then
         echo "$commit" > "$output_file"
+        echo "Found valid commit: $commit"
         exit 0
     fi
 done

tests/e2e/vagrantdefaults.rb

@@ -25,16 +25,17 @@ def getInstallType(vm, release_version, branch, release_channel='')
   elsif !release_version.empty? && release_version.start_with?("v1")
     return "INSTALL_K3S_VERSION=#{release_version}"
   elsif !release_version.empty?
-    return "INSTALL_K3S_COMMIT=#{release_version}"
+    commitDepsInstall(vm)
+    return "INSTALL_K3S_COMMIT=#{release_version} GITHUB_TOKEN=#{ENV['GITHUB_TOKEN']}"
   elsif !release_channel.empty? && release_channel != "commit"
     return "INSTALL_K3S_CHANNEL=#{release_channel}"
   else
-    jqInstall(vm)
+    commitDepsInstall(vm)
     scripts_location = Dir.exist?("./scripts") ? "./scripts" : "../scripts" 
     # Grabs the last 5 commit SHA's from the given branch, then purges any commits that do not have a passing CI build
     # MicroOS requires it not be in a /tmp/ or other root system folder
-    vm.provision "Get latest commit", type: "shell", path: scripts_location +"/latest_commit.sh", env: {GH_TOKEN:ENV['GH_TOKEN']}, args: [branch, "/tmp/k3s_commits"]
-    return "INSTALL_K3S_COMMIT=$(head\ -n\ 1\ /tmp/k3s_commits)"
+    vm.provision "Get latest commit", type: "shell", path: scripts_location +"/latest_commit.sh", env: {GITHUB_TOKEN:ENV['GITHUB_TOKEN']}, args: [branch, "/tmp/k3s_commits"]
+    return "INSTALL_K3S_COMMIT=$(head\ -n\ 1\ /tmp/k3s_commits) GITHUB_TOKEN=#{ENV['GITHUB_TOKEN']}"
   end
 end
 
@@ -86,7 +87,7 @@ def getHardenedArg(vm, hardened, scripts_location)
   end
   if vm.box.to_s.include?("ubuntu")
     vm.provision "Install kube-bench", type: "shell", inline: <<-SHELL
-    export KBV=0.12.0
+    export KBV=0.15.0
     curl -L "https://github.com/aquasecurity/kube-bench/releases/download/v${KBV}/kube-bench_${KBV}_linux_amd64.deb" -o "kube-bench_${KBV}_linux_amd64.deb"
     dpkg -i "./kube-bench_${KBV}_linux_amd64.deb"
     SHELL
@@ -94,20 +95,20 @@ def getHardenedArg(vm, hardened, scripts_location)
   return hardened_arg
 end
 
-def jqInstall(vm)
+def commitDepsInstall(vm)
   box = vm.box.to_s
   if box.include?("ubuntu")
-    vm.provision "Install jq", type: "shell", inline: "apt install -y jq"
+    vm.provision "Install commit install dependencies", type: "shell", inline: "apt install -y jq unzip"
   elsif box.include?("Leap") || box.include?("Tumbleweed")
-    vm.provision "Install jq", type: "shell", inline: "zypper install -y jq"
+    vm.provision "Install commit install dependencies", type: "shell", inline: "zypper install -y jq unzip"
   elsif box.include?("rocky")
-    vm.provision "Install jq", type: "shell", inline: "dnf install -y jq"
+    vm.provision "Install commit install dependencies", type: "shell", inline: "dnf install -y jq unzip"
   elsif box.include?("centos")
-    vm.provision "Install jq", type: "shell", inline: "yum install -y jq"
+    vm.provision "Install commit install dependencies", type: "shell", inline: "yum install -y jq unzip"
   elsif box.include?("alpine")
-    vm.provision "Install jq", type: "shell", inline: "apk add coreutils"
+    vm.provision "Install commit install dependencies", type: "shell", inline: "apk add coreutils unzip"
   elsif box.include?("microos")
-    vm.provision "Install jq", type: "shell", inline: "transactional-update pkg install -y jq"
+    vm.provision "Install commit install dependencies", type: "shell", inline: "transactional-update pkg install -y jq unzip"
     vm.provision 'reload', run: 'once'
   end 
 end