Skip to content

VM-deploy

VM-deploy #2065

Workflow file for this run

---
# This is a basic workflow to help you get started with Actions
name: "VM-deploy"
# Controls when the action will run.
on:
# Triggers the workflow on push or pull request events
push:
pull_request:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
deploy_classic:
# The type of runner that the job will run on
runs-on: "ubuntu-24.04"
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Checkout $GITHUB_WORKSPACE
uses: actions/checkout@v4
# Run errands
- name: Run errands
run: |
sudo rm -f /opt/pipx_bin/ansible*
sudo apt -q update
sudo apt -y install ansible bridge-utils apparmor-utils wget \
python3-pip python3-setuptools python3-wheel \
python3-venv yamllint python3-jinja2 python3-yaml \
python3-selenium python3-requests python3-bs4
sudo pip3 install --break-system-packages webdriver-manager
git clone https://github.com/dw/mitogen.git ~/mitogen
cat docker/hosts | sudo tee -a /etc/hosts
wget --quiet https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
sudo apt install ./google-chrome-stable_current_amd64.deb
# Create date output to seconds
- name: Get Date
id: get-date
run: echo "date=$(/bin/date -u '+%Y%m%d%k%M%S')" >> $GITHUB_OUTPUT
# Restore cache based no fake time key (allways miss)
- name: Setup cache
id: cache-docker
uses: actions/cache@v4
with:
path: ~/docker-save
key: docker-save-${{ steps.get-date.outputs.date }}
restore-keys: docker-save-
# Useful for debugging
- name: Show versions
run: |
python3 --version
ansible --version
# apparmor is by default enabled for binaries _in_ the containers and is restricting
# mysql from reading tls keys
- name: Disable apparmor
run: |
sudo aa-status --json | jq '
.profiles | to_entries
| map( select( (.key | startswith("/") ) and .value=="enforce") | .key )
| .[]
' | grep -vE 'totem|pidgin|passt' | \
while read -r profile; do
sudo aa-complain "$profile" || true
done
# Install Ansible modules
- name: Install Ansible modules
run: |
ansible-galaxy role install -r requirements.yml
ansible-galaxy collection install -r requirements.yml
# Restore docker cache
- name: Restore docker cache
run: docker load -i ~/docker-save/scz-base-cache.tar || true
# Get scz-base-cache ImageID
- name: Get scz-base-cache ImageID
id: scz-base-cache-id
run: >
ID=$(docker image list scz-base-cache -q)
echo "ID=$ID" >> $GITHUB_OUTPUT
# Start containers without deploy
- name: Start containers
shell: bash
env:
SKIP_ANSIBLE: 1
run: "./start-vm --classic"
# Clean up old docker cruft
- name: Clean up old docker cruft
run: |
docker system prune -f --all
docker image prune -f --all
docker volume prune -f
docker buildx prune -f
# Get scz-base ImageID
- name: Get scz-base ImageID
id: scz-base-id
run: >
ID=$(docker image list scz-base -q) &&
echo "ID=$ID" >> $GITHUB_OUTPUT
# Save docker cache
- name: Save docker cache
run: >
mkdir -p ~/docker-save &&
docker tag scz-base scz-base-cache &&
docker save scz-base-cache -o ~/docker-save/scz-base-cache.tar &&
ls -lh ~/docker-save || true
if: steps.scz-base-cache-id.outputs.ID != steps.scz-base-id.outputs.ID
# Deploy components
- name: Run start-vm
shell: bash
run: "./start-vm --classic"
# Deploy components again for idempotency
- name: Run start-vm --diff
env:
REEANTRANT: 1
run: "./start-vm --classic --diff"
- name: Run idempotency check...
run: /usr/bin/python3 ./scripts/check-idempotency-status
# Run SBS logintest
- name: Run SBS logintest
run: /usr/bin/python3 ./scripts/sbs-login.py
- name: Save screenshot of error
uses: actions/upload-artifact@v4
with:
name: "sbs-logintest"
path: |
screenshot.png
page.html
console.txt
if: failure()
- name: Show journal output
run: >
ansible -v -i environments/vm/inventory --become "all" -m command -a "/bin/sh -c '
echo ====journal===;
journalctl -n200;
'"
if: failure()
- name: Show apache output
run: >
ansible -v -i environments/vm/inventory --become "all" -m command -a "/bin/sh -c '
if [ -e /var/log/apache2/error.log ]; then
echo ===apache errorlog===;
cat /var/log/apache2/error.log;
fi;
'"
if: failure()
- name: Show sbs output
run: >
ansible -v -i environments/vm/inventory --become "sbs" -m command -a "/bin/sh -c '
journalctl -u sram-sbs
'"
if: failure()
- name: Show apt output
run: >
ansible -v -i environments/vm/inventory --become "all" -m command -a "/bin/sh -c '
echo ===apt log===; cat /var/log/apt/term.log
'"
if: failure()
- name: Show netstat output
run: >
ansible -v -i environments/vm/inventory --become "all" -m command -a "/bin/sh -c '
echo ===netstat===; netstat -lnp
'"
if: failure()
# Setup tmate session
- name: Setup tmate session
env:
ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG}}
if: ${{ failure() && env.ACTIONS_STEP_DEBUG == 'true' }}
uses: mxschmitt/action-tmate@v3
with:
limit-access-to-actor: true
timeout-minutes: 60