From 681334eae86ff1039dd60bbb43da40705450b906 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Tue, 10 Jun 2025 01:18:40 +0800 Subject: [PATCH 01/37] Run some test --- .github/workflows/test.yaml | 153 ++++++++++++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 0000000..d32be58 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,153 @@ +# SPDX-License-Identifier: Apache-2.0 +# SPDX-FileCopyrightText: Canonical Ltd. +name: smoke +on: + push: + branches: ["main"] + pull_request: + workflow_call: + inputs: + snapd-channel: + description: 'Store channel of the snapd snap' + type: string + default: 'latest/beta' + required: true + lxd-channel: + description: 'Store channel of the lxd snap' + type: string + default: 'latest/stable' + required: true + snapcraft-channel: + description: 'Store channel of the snapcraft snap' + type: string + default: 'latest/stable' + required: true + image-garden-channel: + description: 'Store channel of the image-garden snap' + type: string + default: 'latest/edge' + required: true +jobs: + canary: + runs-on: [self-hosted, linux, AMD64, X64, large, noble] + steps: + - name: Inspect the system + run: | + set -x + uname -a + free -m + nproc + snap version + groups + ip addr list + ls -l /dev/kvm || true + echo "http_proxy=${http_proxy:-}" + echo "https_proxy=${https_proxy:-}" + - name: Checkout code + uses: actions/checkout@v4 + # This is essential for git restore-mtime to work correctly. + with: + fetch-depth: 0 + - name: Cache downloaded snaps + uses: actions/cache@v4 + with: + path: .image-garden/cache-*/snaps + key: snaps + - name: Cache downloaded virtual machine images + uses: actions/cache@v4 + with: + path: ~/snap/image-garden/common/cache/dl + key: image-garden-dl-ubuntu-cloud-24.04 + - name: Cache customized virtual machine images + uses: actions/cache@v4 + with: + path: .image-garden + key: image-garden-img-ubuntu-cloud-24.04-${{ hashFiles('.image-garden.mk') }} + - name: Make permissions on /dev/kvm more lax + run: sudo chmod -v 666 /dev/kvm + - name: Work around a bug in snapd suspend logic + run: | + sudo mkdir -p /etc/systemd/system/snapd.service.d + ( + echo "[Service]" + echo "Environment=SNAPD_STANDBY_WAIT=15m" + ) | sudo tee /etc/systemd/system/snapd.service.d/standby.conf + sudo systemctl daemon-reload + sudo systemctl restart snapd.service + - name: Install image-garden snap + run: | + export X_SPREAD_SNAP_CACHE_DIR="$(pwd)"/.image-garden/cache-"$(uname -m)"/snaps + ./bin/snap-install snapd + ./bin/snap-install core24 + ./bin/snap-install --devmode image-garden "${{ inputs.image-garden-channel || 'latest/edge' }}" + # Disable apt-cacher-ng because it cannot be yet configured to use a proxy itself. + # See https://gitlab.com/zygoon/image-garden/-/issues/30 + sudo systemctl disable --now snap.image-garden.apt-cacher-ng.service + - name: Use spread from image-garden snap + run: sudo snap alias image-garden.spread spread + - name: Restore mtime of .image-garden.mk + run: | + # Disable man page updates which is time-consuming. + echo "set man-db/auto-update false" | sudo debconf-communicate + sudo DEBIAN_FRONTEND=noninteractive dpkg-reconfigure man-db + # Download the deb and install it by hand. + wget http://ftp.us.debian.org/debian/pool/main/g/git-mestrelion-tools/git-restore-mtime_2022.12-1_all.deb + sudo dpkg -i git-restore-mtime_2022.12-1_all.deb + rm -f git-restore-mtime_2022.12-1_all.deb + # sudo apt update + # sudo apt install -y git-restore-mtime + git restore-mtime .image-garden.mk + ls -l .image-garden.mk + - name: Make the virtual machine image (dry run) + run: | + mkdir -p ~/snap/image-garden/common/cache/dl + ls -lR ~/snap/image-garden/common/cache/dl + ls -lR .image-garden + image-garden make --debug --dry-run ubuntu-cloud-24.04."$(uname -m)".qcow2 + - name: Make the virtual machine image + run: image-garden make ubuntu-cloud-24.04."$(uname -m)".qcow2 ubuntu-cloud-24.04."$(uname -m)".run ubuntu-cloud-24.04.user-data ubuntu-cloud-24.04.meta-data ubuntu-cloud-24.04.seed.iso + - name: Ensure snap cache exists + run: mkdir -p .image-garden/cache-"$(uname -m)"/snaps + - name: Show snap cache (before testing) + run: ls -lR .image-garden/cache-"$(uname -m)"/snaps + - name: Start tcpdump + run: | + sudo tcpdump -i any -s 65535 -w capture.pcap & + echo $! > tcpdump.pid + - name: Run integration tests + run: | + # Export variables that spread picks up from the host. + export X_SPREAD_SNAPD_CHANEL="${{ inputs.snapd-channel || 'latest/beta' }}" + export X_SPREAD_LXD_CHANNEL="${{ inputs.lxd-channel || 'latest/stable' }}" + export X_SPREAD_SNAPCRAFT_CHANEL="${{ inputs.snapcraft-channel || 'latest/stable' }}" + # Run integration tests. + spread -v garden:ubuntu-cloud-24.04: + - name: Stop tcpdump + if: failure() + run: | + PID=$(cat tcpdump.pid) + if [ -n "$PID" ]; then + sudo kill -2 "$PID" || true + fi + sleep 1 + - name: Upload tcpdump capture + if: failure() + uses: actions/upload-artifact@v4 + with: + name: tcpdump + path: capture.pcap + - name: Show snap cache (after testing) + if: always() + run: ls -lR .image-garden/cache-"$(uname -m)"/snaps + - name: Show logs + if: failure() + run: | + for f in .image-garden/*.log; do + echo "********************************" + echo "$f" + echo "********************************" + echo + cat "$f" + echo + echo + done From 9079dda30cb638b1208a8856f71a89df1a00caca Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Tue, 10 Jun 2025 01:20:50 +0800 Subject: [PATCH 02/37] Run some test --- .github/workflows/test.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index d32be58..fe84411 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -48,6 +48,8 @@ jobs: # This is essential for git restore-mtime to work correctly. with: fetch-depth: 0 + repository: canonical/snapd-smoke-tests + ref: tweak/self-hosted-runners - name: Cache downloaded snaps uses: actions/cache@v4 with: From b1daf6926ad3d25465be6343053018aecde04517 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Wed, 25 Jun 2025 15:22:26 +0800 Subject: [PATCH 03/37] Update integration-tests.yaml --- .github/workflows/integration-tests.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration-tests.yaml b/.github/workflows/integration-tests.yaml index bffe2c6..e205c34 100644 --- a/.github/workflows/integration-tests.yaml +++ b/.github/workflows/integration-tests.yaml @@ -75,14 +75,19 @@ jobs: run: | timeout 60 gpg -vvv --keyserver hkp://keyserver.ubuntu.com --recv-keys E1DE584A8CCA52DC29550F18ABAC58F075A17EFA + - name: Test SSH + run: | + printf "" | timeout 60 nc github.com 22 | head -n 1 | grep SSH + - name: Test Access Logs run: | sudo snap logs aproxy.aproxy | grep -Fq "example.com:80" sudo snap logs aproxy.aproxy | grep -Fq "example.com:443" sudo snap logs aproxy.aproxy | grep -Fq "keyserver.ubuntu.com:11371" + sudo snap logs aproxy.aproxy | grep -Fq "[0-9.]+:22" - name: Show Access Logs - if: failure() + if: always() run: | sudo snap logs aproxy.aproxy -n=all From dca5af8e8d0fae0975526d02b118ff80533d583f Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Wed, 25 Jun 2025 15:28:01 +0800 Subject: [PATCH 04/37] Update integration-tests.yaml --- .github/workflows/integration-tests.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration-tests.yaml b/.github/workflows/integration-tests.yaml index 8e82f07..0413f02 100644 --- a/.github/workflows/integration-tests.yaml +++ b/.github/workflows/integration-tests.yaml @@ -43,12 +43,12 @@ jobs: table ip aproxy { chain prerouting { type nat hook prerouting priority dstnat; policy accept; - ip daddr != \$private-ips tcp dport { 80, 443, 11371, 4242 } counter dnat to \$default-ip:\$aproxy-port + ip daddr != \$private-ips tcp dport { 80, 443, 11371, 4242, 22 } counter dnat to \$default-ip:\$aproxy-port } chain output { type nat hook output priority -100; policy accept; - ip daddr != \$private-ips tcp dport { 80, 443, 11371, 4242 } counter dnat to \$default-ip:\$aproxy-port + ip daddr != \$private-ips tcp dport { 80, 443, 11371, 4242, 22 } counter dnat to \$default-ip:\$aproxy-port } } EOF From 97fa3ef5d5e22de957af43afc414ff76bbb8c9fe Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Thu, 3 Jul 2025 14:14:26 +0800 Subject: [PATCH 05/37] Run e2e test --- .github/workflows/tests.yaml | 126 ++++++++++++++++++++++++++++++----- 1 file changed, 108 insertions(+), 18 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index c59b4d7..2e15b7f 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -1,27 +1,117 @@ -name: Tests +# Copyright 2025 Canonical Ltd. +# See LICENSE file for licensing details. + +name: Run End-to-End test on: pull_request: workflow_call: jobs: - test: - name: Run Tests - runs-on: ubuntu-latest - + e2e-test: + name: End-to-End Test Run + runs-on: [ self-hosted, linux, x64, jammy, large ] steps: - - uses: actions/checkout@v2 - - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.21 - - - name: Ensure No Formatting Changes + - name: Configure aproxy run: | - go fmt ./... - git diff --exit-code - - - name: Build and Test + sudo snap refresh aproxy + + sudo nft -f - << EOF + define default-ip = $(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+') + define private-ips = { 10.0.0.0/8, 127.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16 } + define aproxy-port = $(sudo snap get aproxy listen | cut -d ":" -f 2) + table ip aproxy + flush table ip aproxy + table ip aproxy { + set exclude { + type ipv4_addr; + flags interval; auto-merge; + elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } + } + chain prerouting { + type nat hook prerouting priority dstnat; policy accept; + ip daddr != @exclude tcp dport { 0-3127, 3129-65535 } counter dnat to \$default-ipv4:\$aproxy-port + } + chain output { + type nat hook output priority -100; policy accept; + ip daddr != @exclude tcp dport { 0-3127, 3129-65535 } counter dnat to \$default-ipv4:\$aproxy-port + } + } + EOF + - name: Hostname is set to "github-runner" + run: sudo hostnamectl hostname | grep github-runner + # Below is a series of simple tests to assess the functionality of the newly spawned runner. + - name: Echo hello world + run: echo "hello world" + - name: File permission for /usr/local/bin + run: ls -ld /usr/local/bin | grep drwxrwxrwx + - name: Test file permission for /usr/local/bin + run: touch /usr/local/bin/test_file + # "Install microk8s" step will test if the proxies settings are correct. + - name: Proxy set in /etc/environment + run: cat /etc/environment + # "Update apt in python docker container" step will test docker default proxy settings due to + # pulling the python image. + - name: Proxy set in docker daemon + run: | + [[ -z "${http_proxy}" && -z "${HTTP_PROXY}" ]] \ + || sudo cat /etc/systemd/system/docker.service.d/http-proxy.conf | grep HTTP_PROXY + # "Update apt in python docker container" step will test docker client default proxy settings. + - name: Proxy set in docker client + run: | + [[ -z "${http_proxy}" && -z "${HTTP_PROXY}" ]] \ + || cat /home/ubuntu/.docker/config.json | grep httpProxy + - name: test network connectivity + run: | + timeout 60 curl --noproxy "*" http://example.com -svS -o /dev/null + timeout 60 curl --noproxy "*" https://example.com -svS -o /dev/null + - name: test aproxy logs + run: | + sudo snap logs aproxy.aproxy | grep -Fq "example.com:80" + sudo snap logs aproxy.aproxy | grep -Fq "example.com:443" + - name: Install microk8s + run: sudo snap install microk8s --classic + - name: Wait for microk8s + timeout-minutes: 10 + run: microk8s status --wait-ready + - name: Deploy nginx for testing + run: microk8s kubectl create deployment nginx --image=nginx + - name: Wait for nginx to be ready + run: microk8s kubectl rollout status deployment/nginx --timeout=30m + - name: Update apt in python docker container + run: docker run python:3.10-slim apt-get update + - name: Docker version + run: docker version + - name: Check python alias for python3 + run: python --version + - name: pip version + run: python3 -m pip --version + - name: npm version + run: npm --version + - name: shellcheck version + run: shellcheck --version + - name: jq version + run: jq --version + - name: yq version + run: yq --version + - name: apt update + run: sudo apt-get update -y + # Use pipx for 24.04 noble, check-jsonschema breaks OS system packages. + - name: install pipx + run: sudo apt-get install -y pipx + - name: install check-jsonschema + run: python3 -m pip install check-jsonschema || pipx install check-jsonschema + - name: unzip version + run: unzip -v + - name: gh version + run: gh --version + # `check-jsonschema` is installed using pip. The directory `~/.local/bin` needs to be added to PATH. + # ~/.local/bin is added to path runner env through in scripts/env.j2 + - name: test check-jsonschema + run: check-jsonschema --version + - name: show aproxy logs + if: always() run: | - go test -race ./... + sudo snap get aproxy + sudo snap logs aproxy.aproxy -n=all + sudo nft list ruleset From bae18b81e8e5a0f458cdde2ed2111f4a322708fc Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Thu, 3 Jul 2025 14:15:32 +0800 Subject: [PATCH 06/37] Run e2e test --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 2e15b7f..3379e1c 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -17,7 +17,7 @@ jobs: sudo snap refresh aproxy sudo nft -f - << EOF - define default-ip = $(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+') + define default-ipv4 = $(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+') define private-ips = { 10.0.0.0/8, 127.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16 } define aproxy-port = $(sudo snap get aproxy listen | cut -d ":" -f 2) table ip aproxy From af2d6935a9246219761d97e2a91e5ea6a69918be Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Thu, 3 Jul 2025 14:43:16 +0800 Subject: [PATCH 07/37] Run e2e test --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 3379e1c..2c343dc 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -18,7 +18,7 @@ jobs: sudo nft -f - << EOF define default-ipv4 = $(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+') - define private-ips = { 10.0.0.0/8, 127.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16 } + define private-ips = { 127.0.0.0/8, 10.0.0.0/8, 127.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16 } define aproxy-port = $(sudo snap get aproxy listen | cut -d ":" -f 2) table ip aproxy flush table ip aproxy From 4b0d90027ac74336f5e64629c182c0def7c621ff Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Thu, 3 Jul 2025 14:56:00 +0800 Subject: [PATCH 08/37] Run e2e test --- .github/workflows/tests.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 2c343dc..1529a21 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -18,7 +18,6 @@ jobs: sudo nft -f - << EOF define default-ipv4 = $(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+') - define private-ips = { 127.0.0.0/8, 10.0.0.0/8, 127.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16 } define aproxy-port = $(sudo snap get aproxy listen | cut -d ":" -f 2) table ip aproxy flush table ip aproxy @@ -26,7 +25,7 @@ jobs: set exclude { type ipv4_addr; flags interval; auto-merge; - elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } + elements = { 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } } chain prerouting { type nat hook prerouting priority dstnat; policy accept; From 72e8a5e71720421d5fe2951bb7dfe8626bd66c3d Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Thu, 10 Jul 2025 20:35:47 +0800 Subject: [PATCH 09/37] Update tests --- .github/workflows/tests.yaml | 109 ++++++----------------------------- 1 file changed, 19 insertions(+), 90 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 1529a21..983f57c 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -10,104 +10,33 @@ on: jobs: e2e-test: name: End-to-End Test Run - runs-on: [ self-hosted, linux, x64, jammy, large ] + runs-on: [ self-hosted, linux, x64, edge ] steps: - - name: Configure aproxy + - name: ssh_config.d run: | - sudo snap refresh aproxy - - sudo nft -f - << EOF - define default-ipv4 = $(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+') - define aproxy-port = $(sudo snap get aproxy listen | cut -d ":" -f 2) - table ip aproxy - flush table ip aproxy - table ip aproxy { - set exclude { - type ipv4_addr; - flags interval; auto-merge; - elements = { 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } - } - chain prerouting { - type nat hook prerouting priority dstnat; policy accept; - ip daddr != @exclude tcp dport { 0-3127, 3129-65535 } counter dnat to \$default-ipv4:\$aproxy-port - } - chain output { - type nat hook output priority -100; policy accept; - ip daddr != @exclude tcp dport { 0-3127, 3129-65535 } counter dnat to \$default-ipv4:\$aproxy-port - } - } - EOF - - name: Hostname is set to "github-runner" - run: sudo hostnamectl hostname | grep github-runner - # Below is a series of simple tests to assess the functionality of the newly spawned runner. - - name: Echo hello world - run: echo "hello world" - - name: File permission for /usr/local/bin - run: ls -ld /usr/local/bin | grep drwxrwxrwx - - name: Test file permission for /usr/local/bin - run: touch /usr/local/bin/test_file - # "Install microk8s" step will test if the proxies settings are correct. - - name: Proxy set in /etc/environment - run: cat /etc/environment - # "Update apt in python docker container" step will test docker default proxy settings due to - # pulling the python image. - - name: Proxy set in docker daemon + ls -lah /etc/ssh/ssh_config.d/ + - name: check aproxy run: | - [[ -z "${http_proxy}" && -z "${HTTP_PROXY}" ]] \ - || sudo cat /etc/systemd/system/docker.service.d/http-proxy.conf | grep HTTP_PROXY - # "Update apt in python docker container" step will test docker client default proxy settings. - - name: Proxy set in docker client + sudo snap get aproxy + - name: check nftables + run: | + sudo nft list ruleset + - name: test TCP connectivity run: | - [[ -z "${http_proxy}" && -z "${HTTP_PROXY}" ]] \ - || cat /home/ubuntu/.docker/config.json | grep httpProxy - - name: test network connectivity + echo hello | nc -q 0 tcpbin.com 4242 + - name: test HTTP run: | timeout 60 curl --noproxy "*" http://example.com -svS -o /dev/null + - name: test HTTPS + run: | timeout 60 curl --noproxy "*" https://example.com -svS -o /dev/null - - name: test aproxy logs + - name: test HKP + run: | + timeout 60 gpg -vvv --keyserver hkp://keyserver.ubuntu.com --recv-keys E1DE584A8CCA52DC29550F18ABAC58F075A17EFA + - name: test SSH run: | - sudo snap logs aproxy.aproxy | grep -Fq "example.com:80" - sudo snap logs aproxy.aproxy | grep -Fq "example.com:443" - - name: Install microk8s - run: sudo snap install microk8s --classic - - name: Wait for microk8s - timeout-minutes: 10 - run: microk8s status --wait-ready - - name: Deploy nginx for testing - run: microk8s kubectl create deployment nginx --image=nginx - - name: Wait for nginx to be ready - run: microk8s kubectl rollout status deployment/nginx --timeout=30m - - name: Update apt in python docker container - run: docker run python:3.10-slim apt-get update - - name: Docker version - run: docker version - - name: Check python alias for python3 - run: python --version - - name: pip version - run: python3 -m pip --version - - name: npm version - run: npm --version - - name: shellcheck version - run: shellcheck --version - - name: jq version - run: jq --version - - name: yq version - run: yq --version - - name: apt update - run: sudo apt-get update -y - # Use pipx for 24.04 noble, check-jsonschema breaks OS system packages. - - name: install pipx - run: sudo apt-get install -y pipx - - name: install check-jsonschema - run: python3 -m pip install check-jsonschema || pipx install check-jsonschema - - name: unzip version - run: unzip -v - - name: gh version - run: gh --version - # `check-jsonschema` is installed using pip. The directory `~/.local/bin` needs to be added to PATH. - # ~/.local/bin is added to path runner env through in scripts/env.j2 - - name: test check-jsonschema - run: check-jsonschema --version + ssh-keyscan gitlab.com >> ~/.ssh/known_hosts + git clone git@gitlab.com:gitlab-org/gitlab.git - name: show aproxy logs if: always() run: | From 680e17b2717227a0cc7c86396a4493d75c87cc89 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Thu, 10 Jul 2025 20:39:55 +0800 Subject: [PATCH 10/37] Update tests --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 983f57c..9b99232 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -10,7 +10,7 @@ on: jobs: e2e-test: name: End-to-End Test Run - runs-on: [ self-hosted, linux, x64, edge ] + runs-on: [ self-hosted, linux, edge ] steps: - name: ssh_config.d run: | From 138df71e822710769a493aaa52792cca07509c26 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Thu, 10 Jul 2025 20:40:46 +0800 Subject: [PATCH 11/37] Update tests --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 9b99232..f7393c2 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -10,7 +10,7 @@ on: jobs: e2e-test: name: End-to-End Test Run - runs-on: [ self-hosted, linux, edge ] + runs-on: [ self-hosted, amd64, edge ] steps: - name: ssh_config.d run: | From 656906bef9b77828d6b8ab4a29c4c96028b97a4e Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Thu, 10 Jul 2025 22:47:27 +0800 Subject: [PATCH 12/37] Update tests --- .github/workflows/tests.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index f7393c2..3d2b2dc 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -36,6 +36,8 @@ jobs: - name: test SSH run: | ssh-keyscan gitlab.com >> ~/.ssh/known_hosts + echo '${{ secrets.GITLAB_SSH_ID_ED25519 }}' > ~/.ssh/id_ed25519 + cd ~ git clone git@gitlab.com:gitlab-org/gitlab.git - name: show aproxy logs if: always() From a57ed69e053eb7d927d3c1493b6c65478fce85d0 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Thu, 10 Jul 2025 22:50:57 +0800 Subject: [PATCH 13/37] Update tests --- .github/workflows/tests.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 3d2b2dc..b758db6 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -37,6 +37,7 @@ jobs: run: | ssh-keyscan gitlab.com >> ~/.ssh/known_hosts echo '${{ secrets.GITLAB_SSH_ID_ED25519 }}' > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 cd ~ git clone git@gitlab.com:gitlab-org/gitlab.git - name: show aproxy logs From 934a2732f6c4720db2ac2059b255b23246262c7d Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Thu, 10 Jul 2025 22:55:33 +0800 Subject: [PATCH 14/37] Update tests --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index b758db6..17a048d 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -39,7 +39,7 @@ jobs: echo '${{ secrets.GITLAB_SSH_ID_ED25519 }}' > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 cd ~ - git clone git@gitlab.com:gitlab-org/gitlab.git + git clone git@gitlab.com:gitlab-org/gitlab-shell.git - name: show aproxy logs if: always() run: | From 86a25ecfbb1f61bca0da6fea3fa672a8159cd1fb Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Thu, 10 Jul 2025 22:56:17 +0800 Subject: [PATCH 15/37] Update tests --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 17a048d..ceb93e2 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -39,7 +39,7 @@ jobs: echo '${{ secrets.GITLAB_SSH_ID_ED25519 }}' > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 cd ~ - git clone git@gitlab.com:gitlab-org/gitlab-shell.git + git clone --progress --verbose git@gitlab.com:gitlab-org/gitlab-shell.git - name: show aproxy logs if: always() run: | From 3f129e39f8b4c64b693abfbf754f47c9904a00db Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Mon, 14 Jul 2025 22:32:55 +0800 Subject: [PATCH 16/37] Update tests --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index ceb93e2..ff4db0e 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -10,7 +10,7 @@ on: jobs: e2e-test: name: End-to-End Test Run - runs-on: [ self-hosted, amd64, edge ] + runs-on: [self-hosted, jammy, x64] steps: - name: ssh_config.d run: | From 163101da6724802f2aa5a97abb0604d14eab5572 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Tue, 22 Jul 2025 20:29:28 +0800 Subject: [PATCH 17/37] Update tests --- .github/workflows/tests.yaml | 53 ++++++++++++++---------------------- 1 file changed, 20 insertions(+), 33 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index ff4db0e..b0e3760 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -10,39 +10,26 @@ on: jobs: e2e-test: name: End-to-End Test Run - runs-on: [self-hosted, jammy, x64] + runs-on: [self-hosted, x64] steps: - - name: ssh_config.d - run: | - ls -lah /etc/ssh/ssh_config.d/ - - name: check aproxy - run: | - sudo snap get aproxy - - name: check nftables - run: | - sudo nft list ruleset - - name: test TCP connectivity - run: | - echo hello | nc -q 0 tcpbin.com 4242 - - name: test HTTP - run: | - timeout 60 curl --noproxy "*" http://example.com -svS -o /dev/null - - name: test HTTPS - run: | - timeout 60 curl --noproxy "*" https://example.com -svS -o /dev/null - - name: test HKP - run: | - timeout 60 gpg -vvv --keyserver hkp://keyserver.ubuntu.com --recv-keys E1DE584A8CCA52DC29550F18ABAC58F075A17EFA - - name: test SSH + - name: install microk8s + run: sudo snap install microk8s --channel=1.32-strict/stable + + - name: update microk8s containerd config run: | - ssh-keyscan gitlab.com >> ~/.ssh/known_hosts - echo '${{ secrets.GITLAB_SSH_ID_ED25519 }}' > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - cd ~ - git clone --progress --verbose git@gitlab.com:gitlab-org/gitlab-shell.git - - name: show aproxy logs - if: always() + MIRROR_CONFIG=/opt/containerd/k8s-containerd/etc/containerd/hosts.d/docker.io + + sudo mkdir -p ${MIRROR_CONFIG} + sudo chown $USER ${MIRROR_CONFIG} + cat << EOF > ${MIRROR_CONFIG}/hosts.toml + [host."$DOCKERHUB_MIRROR"] + capabilities = ["pull", "resolve"] + EOF + + - name: restart microk8s run: | - sudo snap get aproxy - sudo snap logs aproxy.aproxy -n=all - sudo nft list ruleset + sudo snap restart microk8s + + - name: Tmate debugging session (self-hosted) + uses: canonical/action-tmate@main + timeout-minutes: 60 From ec892dc8d39ccc59f1242dd5d9dc16eef31a6381 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Tue, 22 Jul 2025 20:35:32 +0800 Subject: [PATCH 18/37] Update tests --- .github/workflows/tests.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index b0e3760..c8048c2 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -13,7 +13,9 @@ jobs: runs-on: [self-hosted, x64] steps: - name: install microk8s - run: sudo snap install microk8s --channel=1.32-strict/stable + run: | + sudo snap install microk8s --channel=1.32-strict/stable + sudo microk8s status -w - name: update microk8s containerd config run: | From 0b55eff79aebb6a6b61609115d78e8726a86ea76 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Tue, 22 Jul 2025 20:45:32 +0800 Subject: [PATCH 19/37] Update tests --- .github/workflows/tests.yaml | 22 +--------------------- 1 file changed, 1 insertion(+), 21 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index c8048c2..2d46cea 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -10,28 +10,8 @@ on: jobs: e2e-test: name: End-to-End Test Run - runs-on: [self-hosted, x64] + runs-on: [self-hosted, x64. noble] steps: - - name: install microk8s - run: | - sudo snap install microk8s --channel=1.32-strict/stable - sudo microk8s status -w - - - name: update microk8s containerd config - run: | - MIRROR_CONFIG=/opt/containerd/k8s-containerd/etc/containerd/hosts.d/docker.io - - sudo mkdir -p ${MIRROR_CONFIG} - sudo chown $USER ${MIRROR_CONFIG} - cat << EOF > ${MIRROR_CONFIG}/hosts.toml - [host."$DOCKERHUB_MIRROR"] - capabilities = ["pull", "resolve"] - EOF - - - name: restart microk8s - run: | - sudo snap restart microk8s - - name: Tmate debugging session (self-hosted) uses: canonical/action-tmate@main timeout-minutes: 60 From 7297872e4d76ad4b73e136fd5bb2adbaafc9bafe Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Tue, 22 Jul 2025 20:50:48 +0800 Subject: [PATCH 20/37] Update tests --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 2d46cea..9ac4301 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -10,7 +10,7 @@ on: jobs: e2e-test: name: End-to-End Test Run - runs-on: [self-hosted, x64. noble] + runs-on: [self-hosted, linux, amd64, noble, medium] steps: - name: Tmate debugging session (self-hosted) uses: canonical/action-tmate@main From 02b8a3b833720e6e368f5f5dc016a596a3899635 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Tue, 22 Jul 2025 20:58:41 +0800 Subject: [PATCH 21/37] Update tests --- .github/workflows/tests.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 9ac4301..aa23206 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -12,6 +12,23 @@ jobs: name: End-to-End Test Run runs-on: [self-hosted, linux, amd64, noble, medium] steps: + - name: Install microk8s + run: | + sudo snap install microk8s --channel=1.32-strict/stable + + sleep 5 + + MIRROR_CONFIG=/var/snap/microk8s/current/args/certs.d/docker.io/ + + sudo mkdir -p ${MIRROR_CONFIG} + sudo chown $USER ${MIRROR_CONFIG} + cat << EOF > ${MIRROR_CONFIG}/hosts.toml + [host."$DOCKERHUB_MIRROR"] + capabilities = ["pull", "resolve"] + EOF + + sudo snap stop microk8s + sudo snap start microk8s - name: Tmate debugging session (self-hosted) uses: canonical/action-tmate@main timeout-minutes: 60 From df8cbe98012326c026feba208b59825064f011dc Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Tue, 22 Jul 2025 21:04:30 +0800 Subject: [PATCH 22/37] Update tests --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index aa23206..7803fa8 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -22,7 +22,7 @@ jobs: sudo mkdir -p ${MIRROR_CONFIG} sudo chown $USER ${MIRROR_CONFIG} - cat << EOF > ${MIRROR_CONFIG}/hosts.toml + cat << EOF | sudo tee ${MIRROR_CONFIG}/hosts.toml [host."$DOCKERHUB_MIRROR"] capabilities = ["pull", "resolve"] EOF From f617ab7c40324e54d8cc37b378528b17c999a7e8 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Tue, 22 Jul 2025 22:09:39 +0800 Subject: [PATCH 23/37] Update tests --- .github/workflows/tests.yaml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 7803fa8..9ac4301 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -12,23 +12,6 @@ jobs: name: End-to-End Test Run runs-on: [self-hosted, linux, amd64, noble, medium] steps: - - name: Install microk8s - run: | - sudo snap install microk8s --channel=1.32-strict/stable - - sleep 5 - - MIRROR_CONFIG=/var/snap/microk8s/current/args/certs.d/docker.io/ - - sudo mkdir -p ${MIRROR_CONFIG} - sudo chown $USER ${MIRROR_CONFIG} - cat << EOF | sudo tee ${MIRROR_CONFIG}/hosts.toml - [host."$DOCKERHUB_MIRROR"] - capabilities = ["pull", "resolve"] - EOF - - sudo snap stop microk8s - sudo snap start microk8s - name: Tmate debugging session (self-hosted) uses: canonical/action-tmate@main timeout-minutes: 60 From ad695c958bdf80cfdbe77982ae2b11d775135b94 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Mon, 11 Aug 2025 19:17:10 +0800 Subject: [PATCH 24/37] Update tests --- .github/workflows/tests.yaml | 36 ++++++++++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 9ac4301..aa298ca 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -10,8 +10,36 @@ on: jobs: e2e-test: name: End-to-End Test Run - runs-on: [self-hosted, linux, amd64, noble, medium] + strategy: + matrix: + runs-on: + - self-hosted-linux-amd64-jammy-large + - self-hosted-linux-arm64-jammy-large + runs-on: [self-hosted, ${{ matrix.runs-on }}] steps: - - name: Tmate debugging session (self-hosted) - uses: canonical/action-tmate@main - timeout-minutes: 60 + - name: Test HTTP + run: | + timeout 60 curl --noproxy "*" http://example.com -svS -o /dev/null + + - name: Test HTTPS + run: | + timeout 60 curl --noproxy "*" https://example.com -svS -o /dev/null + + - name: Test HKP + run: | + timeout 60 gpg -vvv --keyserver hkp://keyserver.ubuntu.com --recv-keys E1DE584A8CCA52DC29550F18ABAC58F075A17EFA + + - name: Test SSH + run: | + printf "" | timeout 60 nc github.com 22 | head -n 1 | grep SSH + + - name: Test SSH (Launchpad) + run: printf "" | timeout 60 nc git.launchpad.net 22 | head -n 1 | grep SSH + + - name: Test Git protocol + run: timeout 120 git clone git://git.launchpad.net/ubuntu/+source/bash + + - name: Show Access Logs + if: always() + run: | + sudo snap logs aproxy.aproxy -n=all From 10ff77e80d9d8fe4338544efdec2b1a6c51a80ae Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Mon, 11 Aug 2025 19:19:15 +0800 Subject: [PATCH 25/37] Update tests --- .github/workflows/tests.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index aa298ca..7d46d52 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -17,6 +17,11 @@ jobs: - self-hosted-linux-arm64-jammy-large runs-on: [self-hosted, ${{ matrix.runs-on }}] steps: + - name: Revert Configuration + run: | + cat /etc/ssh/ssh_config.d/git.launchpad.net.conf /etc/ssh/ssh_config.d/github.com.conf /usr/local/bin/gitproxy + rm -rf /etc/ssh/ssh_config.d/git.launchpad.net.conf /etc/ssh/ssh_config.d/github.com.conf /usr/local/bin/gitproxy + git config --global --unset core.gitproxy - name: Test HTTP run: | timeout 60 curl --noproxy "*" http://example.com -svS -o /dev/null From f2b7e16f16a1fafc4c2eca217cdb5550e0ec8c38 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Mon, 11 Aug 2025 19:21:02 +0800 Subject: [PATCH 26/37] Update tests --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 7d46d52..cded883 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -15,7 +15,7 @@ jobs: runs-on: - self-hosted-linux-amd64-jammy-large - self-hosted-linux-arm64-jammy-large - runs-on: [self-hosted, ${{ matrix.runs-on }}] + runs-on: ${{ matrix.runs-on }} steps: - name: Revert Configuration run: | From c60955ae2a65d3e5ba5929c82ea02dfce59505d9 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Mon, 11 Aug 2025 19:21:54 +0800 Subject: [PATCH 27/37] Update tests --- .github/workflows/test.yaml | 155 ----------------------------------- .github/workflows/tests.yaml | 4 +- 2 files changed, 2 insertions(+), 157 deletions(-) delete mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml deleted file mode 100644 index fe84411..0000000 --- a/.github/workflows/test.yaml +++ /dev/null @@ -1,155 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 -# SPDX-FileCopyrightText: Canonical Ltd. -name: smoke -on: - push: - branches: ["main"] - pull_request: - workflow_call: - inputs: - snapd-channel: - description: 'Store channel of the snapd snap' - type: string - default: 'latest/beta' - required: true - lxd-channel: - description: 'Store channel of the lxd snap' - type: string - default: 'latest/stable' - required: true - snapcraft-channel: - description: 'Store channel of the snapcraft snap' - type: string - default: 'latest/stable' - required: true - image-garden-channel: - description: 'Store channel of the image-garden snap' - type: string - default: 'latest/edge' - required: true -jobs: - canary: - runs-on: [self-hosted, linux, AMD64, X64, large, noble] - steps: - - name: Inspect the system - run: | - set -x - uname -a - free -m - nproc - snap version - groups - ip addr list - ls -l /dev/kvm || true - echo "http_proxy=${http_proxy:-}" - echo "https_proxy=${https_proxy:-}" - - name: Checkout code - uses: actions/checkout@v4 - # This is essential for git restore-mtime to work correctly. - with: - fetch-depth: 0 - repository: canonical/snapd-smoke-tests - ref: tweak/self-hosted-runners - - name: Cache downloaded snaps - uses: actions/cache@v4 - with: - path: .image-garden/cache-*/snaps - key: snaps - - name: Cache downloaded virtual machine images - uses: actions/cache@v4 - with: - path: ~/snap/image-garden/common/cache/dl - key: image-garden-dl-ubuntu-cloud-24.04 - - name: Cache customized virtual machine images - uses: actions/cache@v4 - with: - path: .image-garden - key: image-garden-img-ubuntu-cloud-24.04-${{ hashFiles('.image-garden.mk') }} - - name: Make permissions on /dev/kvm more lax - run: sudo chmod -v 666 /dev/kvm - - name: Work around a bug in snapd suspend logic - run: | - sudo mkdir -p /etc/systemd/system/snapd.service.d - ( - echo "[Service]" - echo "Environment=SNAPD_STANDBY_WAIT=15m" - ) | sudo tee /etc/systemd/system/snapd.service.d/standby.conf - sudo systemctl daemon-reload - sudo systemctl restart snapd.service - - name: Install image-garden snap - run: | - export X_SPREAD_SNAP_CACHE_DIR="$(pwd)"/.image-garden/cache-"$(uname -m)"/snaps - ./bin/snap-install snapd - ./bin/snap-install core24 - ./bin/snap-install --devmode image-garden "${{ inputs.image-garden-channel || 'latest/edge' }}" - # Disable apt-cacher-ng because it cannot be yet configured to use a proxy itself. - # See https://gitlab.com/zygoon/image-garden/-/issues/30 - sudo systemctl disable --now snap.image-garden.apt-cacher-ng.service - - name: Use spread from image-garden snap - run: sudo snap alias image-garden.spread spread - - name: Restore mtime of .image-garden.mk - run: | - # Disable man page updates which is time-consuming. - echo "set man-db/auto-update false" | sudo debconf-communicate - sudo DEBIAN_FRONTEND=noninteractive dpkg-reconfigure man-db - # Download the deb and install it by hand. - wget http://ftp.us.debian.org/debian/pool/main/g/git-mestrelion-tools/git-restore-mtime_2022.12-1_all.deb - sudo dpkg -i git-restore-mtime_2022.12-1_all.deb - rm -f git-restore-mtime_2022.12-1_all.deb - # sudo apt update - # sudo apt install -y git-restore-mtime - git restore-mtime .image-garden.mk - ls -l .image-garden.mk - - name: Make the virtual machine image (dry run) - run: | - mkdir -p ~/snap/image-garden/common/cache/dl - ls -lR ~/snap/image-garden/common/cache/dl - ls -lR .image-garden - image-garden make --debug --dry-run ubuntu-cloud-24.04."$(uname -m)".qcow2 - - name: Make the virtual machine image - run: image-garden make ubuntu-cloud-24.04."$(uname -m)".qcow2 ubuntu-cloud-24.04."$(uname -m)".run ubuntu-cloud-24.04.user-data ubuntu-cloud-24.04.meta-data ubuntu-cloud-24.04.seed.iso - - name: Ensure snap cache exists - run: mkdir -p .image-garden/cache-"$(uname -m)"/snaps - - name: Show snap cache (before testing) - run: ls -lR .image-garden/cache-"$(uname -m)"/snaps - - name: Start tcpdump - run: | - sudo tcpdump -i any -s 65535 -w capture.pcap & - echo $! > tcpdump.pid - - name: Run integration tests - run: | - # Export variables that spread picks up from the host. - export X_SPREAD_SNAPD_CHANEL="${{ inputs.snapd-channel || 'latest/beta' }}" - export X_SPREAD_LXD_CHANNEL="${{ inputs.lxd-channel || 'latest/stable' }}" - export X_SPREAD_SNAPCRAFT_CHANEL="${{ inputs.snapcraft-channel || 'latest/stable' }}" - # Run integration tests. - spread -v garden:ubuntu-cloud-24.04: - - name: Stop tcpdump - if: failure() - run: | - PID=$(cat tcpdump.pid) - if [ -n "$PID" ]; then - sudo kill -2 "$PID" || true - fi - sleep 1 - - name: Upload tcpdump capture - if: failure() - uses: actions/upload-artifact@v4 - with: - name: tcpdump - path: capture.pcap - - name: Show snap cache (after testing) - if: always() - run: ls -lR .image-garden/cache-"$(uname -m)"/snaps - - name: Show logs - if: failure() - run: | - for f in .image-garden/*.log; do - echo "********************************" - echo "$f" - echo "********************************" - echo - cat "$f" - echo - echo - done diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index cded883..06cb9eb 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -20,8 +20,8 @@ jobs: - name: Revert Configuration run: | cat /etc/ssh/ssh_config.d/git.launchpad.net.conf /etc/ssh/ssh_config.d/github.com.conf /usr/local/bin/gitproxy - rm -rf /etc/ssh/ssh_config.d/git.launchpad.net.conf /etc/ssh/ssh_config.d/github.com.conf /usr/local/bin/gitproxy - git config --global --unset core.gitproxy + sudo rm -rf /etc/ssh/ssh_config.d/git.launchpad.net.conf /etc/ssh/ssh_config.d/github.com.conf /usr/local/bin/gitproxy + sudo git config --global --unset core.gitproxy - name: Test HTTP run: | timeout 60 curl --noproxy "*" http://example.com -svS -o /dev/null From b83d0c37efc43008c10846423b8ae791555b0aaa Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Mon, 11 Aug 2025 19:23:40 +0800 Subject: [PATCH 28/37] Update tests --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 06cb9eb..e3b51d4 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -21,7 +21,7 @@ jobs: run: | cat /etc/ssh/ssh_config.d/git.launchpad.net.conf /etc/ssh/ssh_config.d/github.com.conf /usr/local/bin/gitproxy sudo rm -rf /etc/ssh/ssh_config.d/git.launchpad.net.conf /etc/ssh/ssh_config.d/github.com.conf /usr/local/bin/gitproxy - sudo git config --global --unset core.gitproxy + git config --global --unset core.gitproxy - name: Test HTTP run: | timeout 60 curl --noproxy "*" http://example.com -svS -o /dev/null From 3c300c4a71562b77fe74bfb40bbaed00cf493cf4 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Mon, 11 Aug 2025 19:24:54 +0800 Subject: [PATCH 29/37] Update tests --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index e3b51d4..d80b258 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -42,7 +42,7 @@ jobs: run: printf "" | timeout 60 nc git.launchpad.net 22 | head -n 1 | grep SSH - name: Test Git protocol - run: timeout 120 git clone git://git.launchpad.net/ubuntu/+source/bash + run: timeout 120 git clone git://git.launchpad.net/ubuntu/+source/bash -vvv - name: Show Access Logs if: always() From 8c55ba408f40ac2d0614f5d6b0a72ae7adbe907c Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Mon, 11 Aug 2025 19:30:44 +0800 Subject: [PATCH 30/37] Update tests --- .github/workflows/tests.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index d80b258..81840be 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -15,6 +15,7 @@ jobs: runs-on: - self-hosted-linux-amd64-jammy-large - self-hosted-linux-arm64-jammy-large + - self-hosted-linux-s390x-noble-edge runs-on: ${{ matrix.runs-on }} steps: - name: Revert Configuration From bbafa8dae9be252b3fc9f0d46deab6cf5087b102 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Fri, 15 Aug 2025 18:10:11 +0800 Subject: [PATCH 31/37] Update tests --- .github/workflows/tests.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 81840be..9e2b8c5 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -23,6 +23,11 @@ jobs: cat /etc/ssh/ssh_config.d/git.launchpad.net.conf /etc/ssh/ssh_config.d/github.com.conf /usr/local/bin/gitproxy sudo rm -rf /etc/ssh/ssh_config.d/git.launchpad.net.conf /etc/ssh/ssh_config.d/github.com.conf /usr/local/bin/gitproxy git config --global --unset core.gitproxy + + - name: Test repo-compliance + run: | + curl -vvv --noproxy '*' --connect-timeout 60 https://repo-policy-compliance.canonical.com/health + - name: Test HTTP run: | timeout 60 curl --noproxy "*" http://example.com -svS -o /dev/null From 63ac415be9a8fe0f734227b8241b4e51094b0397 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Fri, 15 Aug 2025 18:11:47 +0800 Subject: [PATCH 32/37] Update tests --- .github/workflows/tests.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 9e2b8c5..dfe55a8 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -18,12 +18,6 @@ jobs: - self-hosted-linux-s390x-noble-edge runs-on: ${{ matrix.runs-on }} steps: - - name: Revert Configuration - run: | - cat /etc/ssh/ssh_config.d/git.launchpad.net.conf /etc/ssh/ssh_config.d/github.com.conf /usr/local/bin/gitproxy - sudo rm -rf /etc/ssh/ssh_config.d/git.launchpad.net.conf /etc/ssh/ssh_config.d/github.com.conf /usr/local/bin/gitproxy - git config --global --unset core.gitproxy - - name: Test repo-compliance run: | curl -vvv --noproxy '*' --connect-timeout 60 https://repo-policy-compliance.canonical.com/health From 8380923964d733fbc7b0c06283de316ae78bb5c2 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Fri, 15 Aug 2025 18:13:16 +0800 Subject: [PATCH 33/37] Update tests --- .github/workflows/tests.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index dfe55a8..f464696 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -41,9 +41,6 @@ jobs: - name: Test SSH (Launchpad) run: printf "" | timeout 60 nc git.launchpad.net 22 | head -n 1 | grep SSH - - name: Test Git protocol - run: timeout 120 git clone git://git.launchpad.net/ubuntu/+source/bash -vvv - - name: Show Access Logs if: always() run: | From 1d78e1291aa1e27542504fca405f506f5e405e75 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Mon, 22 Sep 2025 15:39:52 +0800 Subject: [PATCH 34/37] Update integration-tests.yaml --- .github/workflows/integration-tests.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration-tests.yaml b/.github/workflows/integration-tests.yaml index 0413f02..86ba80f 100644 --- a/.github/workflows/integration-tests.yaml +++ b/.github/workflows/integration-tests.yaml @@ -43,12 +43,12 @@ jobs: table ip aproxy { chain prerouting { type nat hook prerouting priority dstnat; policy accept; - ip daddr != \$private-ips tcp dport { 80, 443, 11371, 4242, 22 } counter dnat to \$default-ip:\$aproxy-port + ct state new ip daddr != \$private-ips tcp dport { 80, 443, 11371, 4242, 22 } counter dnat to \$default-ip:\$aproxy-port } chain output { type nat hook output priority -100; policy accept; - ip daddr != \$private-ips tcp dport { 80, 443, 11371, 4242, 22 } counter dnat to \$default-ip:\$aproxy-port + ct state new ip daddr != \$private-ips tcp dport { 80, 443, 11371, 4242, 22 } counter dnat to \$default-ip:\$aproxy-port } } EOF From f90a8c0cce192ec88b4f86b3131ab9d99d938215 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Thu, 13 Nov 2025 16:30:05 +0800 Subject: [PATCH 35/37] Modify test workflow with new runners and certification test Updated the test workflow to include new self-hosted runners and added a step to test certification.canonical.com. --- .github/workflows/tests.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index f464696..8e7bfbb 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -13,11 +13,15 @@ jobs: strategy: matrix: runs-on: - - self-hosted-linux-amd64-jammy-large - - self-hosted-linux-arm64-jammy-large + - self-hosted-linux-amd64-noble-large + - self-hosted-linux-arm64-noble-large - self-hosted-linux-s390x-noble-edge runs-on: ${{ matrix.runs-on }} steps: + - name: Test certification.canonical.com + run: | + curl -vvv -x http://egress.ps7.internal:3128 https://certification.canonical.com + - name: Test repo-compliance run: | curl -vvv --noproxy '*' --connect-timeout 60 https://repo-policy-compliance.canonical.com/health From 4503aecc02440b913e20ba4c4cc4186f52328bc1 Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Thu, 13 Nov 2025 16:31:29 +0800 Subject: [PATCH 36/37] Simplify job runner to use self-hosted only --- .github/workflows/tests.yaml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 8e7bfbb..b8b95ec 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -10,13 +10,7 @@ on: jobs: e2e-test: name: End-to-End Test Run - strategy: - matrix: - runs-on: - - self-hosted-linux-amd64-noble-large - - self-hosted-linux-arm64-noble-large - - self-hosted-linux-s390x-noble-edge - runs-on: ${{ matrix.runs-on }} + runs-on: [self-hosted] steps: - name: Test certification.canonical.com run: | From fb23532269db6e06c1458c01529098089a699b5a Mon Sep 17 00:00:00 2001 From: Weii Wang Date: Thu, 13 Nov 2025 16:33:25 +0800 Subject: [PATCH 37/37] Update tests.yaml --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index b8b95ec..ce5da43 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -10,7 +10,7 @@ on: jobs: e2e-test: name: End-to-End Test Run - runs-on: [self-hosted] + runs-on: self-hosted-linux-amd64-jammy-large steps: - name: Test certification.canonical.com run: |