diff --git a/tests/e2e/scripts/latest_commit.sh b/tests/e2e/scripts/latest_commit.sh index 787bc11df1a..c3145fcc2cb 100755 --- a/tests/e2e/scripts/latest_commit.sh +++ b/tests/e2e/scripts/latest_commit.sh @@ -3,20 +3,25 @@ branch=$1 output_file=$2 # Grabs the last 10 commit SHA's from the given branch, then purges any commits that do not have a passing CI build -iterations=0 -# The VMs take time on startup to hit aws, wait loop until we can -while ! curl -s --fail https://k3s-ci-builds.s3.amazonaws.com > /dev/null; do - ((iterations++)) - if [ "$iterations" -ge 30 ]; then - echo "Unable to hit https://k3s-ci-builds.s3.amazonaws.com" - exit 1 + +# Copied and modified from install.sh +get_commit_artifact_url() { + commit_id=$1 + github_api_url=https://api.github.com/repos/k3s-io/k3s + + if [ -z "${GITHUB_TOKEN}" ]; then + fatal "Installing commit builds requires GITHUB_TOKEN with k3s-io/k3s repo permissions" fi - sleep 1 -done -if [ -n "$GH_TOKEN" ]; then - response=$(curl -s -H "Authorization: token $GH_TOKEN" -H 'Accept: application/vnd.github.v3+json' "https://api.github.com/repos/k3s-io/k3s/commits?per_page=10&sha=$branch") + # GET request to the GitHub API to retrieve the Build workflows associated with the commit that have succeeded + run_id=$(curl -s -H "Authorization: Bearer ${GITHUB_TOKEN}" "${github_api_url}/commits/${commit_id}/check-runs?check_name=build%20%2F%20Build&conclusion=success" | jq -r '[.check_runs | sort_by(.id) | .[].details_url | split("/")[7]] | last') + # Extract the artifact ID for the "k3s-amd64" artifact + GITHUB_ART_URL=$(curl -s -H "Authorization: Bearer ${GITHUB_TOKEN}" "${github_api_url}/actions/runs/${run_id}/artifacts" | jq -r ".artifacts[] | select(.name == \"k3s-amd64\") | .archive_download_url") +} + +if [ -n "$GITHUB_TOKEN" ]; then + response=$(curl -s -H "Authorization: token $GITHUB_TOKEN" -H 'Accept: application/vnd.github.v3+json' "https://api.github.com/repos/k3s-io/k3s/commits?per_page=10&sha=$branch") else response=$(curl -s -H 'Accept: application/vnd.github.v3+json' "https://api.github.com/repos/k3s-io/k3s/commits?per_page=10&sha=$branch") fi @@ -38,8 +43,10 @@ fi read -a commits <<< "$commits_str" for commit in "${commits[@]}"; do - if curl -s --fail https://k3s-ci-builds.s3.amazonaws.com/k3s-$commit.sha256sum > /dev/null; then + get_commit_artifact_url "$commit" + if [ -n "$GITHUB_ART_URL" ]; then echo "$commit" > "$output_file" + echo "Found valid commit: $commit" exit 0 fi done diff --git a/tests/e2e/vagrantdefaults.rb b/tests/e2e/vagrantdefaults.rb index 589e9ea12c3..b41822fd9c0 100644 --- a/tests/e2e/vagrantdefaults.rb +++ b/tests/e2e/vagrantdefaults.rb @@ -25,16 +25,17 @@ def getInstallType(vm, release_version, branch, release_channel='') elsif !release_version.empty? && release_version.start_with?("v1") return "INSTALL_K3S_VERSION=#{release_version}" elsif !release_version.empty? - return "INSTALL_K3S_COMMIT=#{release_version}" + commitDepsInstall(vm) + return "INSTALL_K3S_COMMIT=#{release_version} GITHUB_TOKEN=#{ENV['GITHUB_TOKEN']}" elsif !release_channel.empty? && release_channel != "commit" return "INSTALL_K3S_CHANNEL=#{release_channel}" else - jqInstall(vm) + commitDepsInstall(vm) scripts_location = Dir.exist?("./scripts") ? "./scripts" : "../scripts" # Grabs the last 5 commit SHA's from the given branch, then purges any commits that do not have a passing CI build # MicroOS requires it not be in a /tmp/ or other root system folder - vm.provision "Get latest commit", type: "shell", path: scripts_location +"/latest_commit.sh", env: {GH_TOKEN:ENV['GH_TOKEN']}, args: [branch, "/tmp/k3s_commits"] - return "INSTALL_K3S_COMMIT=$(head\ -n\ 1\ /tmp/k3s_commits)" + vm.provision "Get latest commit", type: "shell", path: scripts_location +"/latest_commit.sh", env: {GITHUB_TOKEN:ENV['GITHUB_TOKEN']}, args: [branch, "/tmp/k3s_commits"] + return "INSTALL_K3S_COMMIT=$(head\ -n\ 1\ /tmp/k3s_commits) GITHUB_TOKEN=#{ENV['GITHUB_TOKEN']}" end end @@ -86,7 +87,7 @@ def getHardenedArg(vm, hardened, scripts_location) end if vm.box.to_s.include?("ubuntu") vm.provision "Install kube-bench", type: "shell", inline: <<-SHELL - export KBV=0.12.0 + export KBV=0.15.0 curl -L "https://github.com/aquasecurity/kube-bench/releases/download/v${KBV}/kube-bench_${KBV}_linux_amd64.deb" -o "kube-bench_${KBV}_linux_amd64.deb" dpkg -i "./kube-bench_${KBV}_linux_amd64.deb" SHELL @@ -94,20 +95,20 @@ def getHardenedArg(vm, hardened, scripts_location) return hardened_arg end -def jqInstall(vm) +def commitDepsInstall(vm) box = vm.box.to_s if box.include?("ubuntu") - vm.provision "Install jq", type: "shell", inline: "apt install -y jq" + vm.provision "Install commit install dependencies", type: "shell", inline: "apt install -y jq unzip" elsif box.include?("Leap") || box.include?("Tumbleweed") - vm.provision "Install jq", type: "shell", inline: "zypper install -y jq" + vm.provision "Install commit install dependencies", type: "shell", inline: "zypper install -y jq unzip" elsif box.include?("rocky") - vm.provision "Install jq", type: "shell", inline: "dnf install -y jq" + vm.provision "Install commit install dependencies", type: "shell", inline: "dnf install -y jq unzip" elsif box.include?("centos") - vm.provision "Install jq", type: "shell", inline: "yum install -y jq" + vm.provision "Install commit install dependencies", type: "shell", inline: "yum install -y jq unzip" elsif box.include?("alpine") - vm.provision "Install jq", type: "shell", inline: "apk add coreutils" + vm.provision "Install commit install dependencies", type: "shell", inline: "apk add coreutils unzip" elsif box.include?("microos") - vm.provision "Install jq", type: "shell", inline: "transactional-update pkg install -y jq" + vm.provision "Install commit install dependencies", type: "shell", inline: "transactional-update pkg install -y jq unzip" vm.provision 'reload', run: 'once' end end