Mac Workflows initial concept with podman-e2e-mac workflow, scheduler and template

Signed-off-by: Ondrej Dockal <[email protected]>

Author: odockal

.github/workflows/mac-dummy-template.yaml

@@ -0,0 +1,37 @@
+# This example workflow represents an independent dummy workflow serves as a template for
+# other possible workflows getting information for creating a Mac host from its parent scheduler job
+name: Dummy Mac Template Job
+
+on:
+  workflow_call:
+    secrets:
+      env_vars:
+        required: true
+
+jobs:
+  dummy-mac-job:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+
+    steps:
+      - name: Decode credentials as environment variables
+        env:
+          env_vars: ${{ secrets.env_vars }}
+        run: |
+          for i in $env_vars; do
+            i=$(echo $i | sed 's/=.*//g')=$(echo ${i#*=} | base64 -di | base64 -di)
+            echo ::add-mask::${i#*=}
+            printf '%s\n' "$i" >> $GITHUB_ENV
+          done
+      - name: Validate credentials
+        run: |
+          # Secrets are now available as masked environment variable.
+          echo $HOST_ID # or ${{ env.HOST_ID }}
+
+      - name: Run tests
+        run: |
+          echo "Testing like a devil"
+
+      - name: Archive artifacts
+        run: |
+          echo "archiving..."

.github/workflows/mac-scheduler.yaml

@@ -0,0 +1,119 @@
+# Idea of this Mac based workflows is as follows:
+# Main job (this one), controlls the schedulling of the associated jobs. 
+# It also creates an initial request for a host machine on AWS and grants the access to the machine to the particular jobs.
+# Associated jobs has their own scheduller that must be agreed upon outside of this job. 
+# Once the external job is started, it requires this job to get access to the secrets require to connect to the machine using qenvs project
+# At the end of the day, another schedulled trigger runs a clean up job that will destroy the instance and free up resources.
+
+# Questions
+# 1. Should we rely on providing a concrete time frames to a various jobs/teams to make use of the machine?
+# 2. Jobs could be run in a sequence, one after another. Every job would need to have a timeout set so we can execute all in 24 hours
+# 3. How can we make use of an access information if the jobs are done and we still have a dedicated time on the machine?
+# 4. What teams to include? This sound like totally different project/repo
+
+
+# Solution of passing secrets is based on https://github.com/orgs/community/discussions/13082
+
+name: Mac Workflow Scheduler
+
+# env:
+#   CRON_START: '1 10 * * 4' # “At 10:01 on Thursday.”
+#   CRON_END: '10 10 * * 4' # “At 10:10 on Thursday.”
+
+# on:
+#   schedule: 
+#   - cron: '1 10 * * 4' # “At 10:01 on Thursday.”
+#   - cron: '10 10 * * 4' # “At 10:10 on Thursday.”
+
+on:
+  workflow_dispatch:
+
+jobs:
+  createHostJob:
+    runs-on: ubuntu-latest
+    # if: ${{ github.event_name == 'schedule' && github.event.inputs.cron == ${{ env.CRON_START }} }}
+
+    outputs:
+      host_id: ${{ steps.set_secret.outputs.host_id }}
+    
+    steps:
+      - name: Create a host on AWS
+        # run: |
+          # Create host only - How to get host ID?
+          # podman run -d --name mac-host-create --rm \
+          # -v ${PWD}:/workspace:z \
+          # -e AWS_ACCESS_KEY_ID=${{ AWS_ACCESS_KEY_ID }} \
+          # -e AWS_SECRET_ACCESS_KEY='${{ AWS_SECRET_ACCESS_KEY }}' \
+          # -e AWS_DEFAULT_REGION=us-east-1 \
+          # quay.io/rhqp/qenvs:${{ matrix.qenvs-version }} aws \
+          #   mac create \
+          #     --host-only
+          #     --project-name mac-desktop \
+          #     --backed-url file:///workspace \
+          #     --conn-details-output /workspace \
+          # # Check logs 
+          # podman logs -f mac-host-create
+          # Simulate step that creates dedicatedHostID
+        run: |
+          # requires sudo! mkdir /workspace
+          mkdir workspace
+          echo "asd123-asd11-44556" >> $GITHUB_WORKSPACE/workspace/dedicatedHostID
+          # Read Host ID, encrypt it and pass it to the gha outputs
+          echo "Host ID: $(cat $GITHUB_WORKSPACE/workspace/dedicatedHostID)"
+
+      - name: Output encoded secrets
+        id: set_secret
+        run: |
+          host_id=$(cat $GITHUB_WORKSPACE/workspace/dedicatedHostID | base64 -w0 | base64 -w0)
+          echo "host_id is $host_id"
+          echo "host_id=$host_id" >> $GITHUB_OUTPUT
+
+  podman-e2e:
+    uses: ./.github/workflows/podman-e2e-mac.yaml
+    needs: createHostJob
+    secrets:
+      env_vars: |
+        HOST_ID=${{ needs.createHostJob.outputs.host_id }}
+
+  mac-template: 
+    uses: ./.github/workflows/mac-dummy-template.yaml
+    needs: createHostJob
+    secrets:
+      env_vars: |
+        HOST_ID=${{ needs.createHostJob.outputs.host_id }}
+
+  cleanUpJob:
+    runs-on: ubuntu-latest
+    needs: [createHostJob, podman-e2e, mac-template]
+    env:
+      env_vars: |
+        HOST_ID: ${{ needs.createHostJob.outputs.host_id }}
+    # if: ${{ github.event_name == 'schedule' && github.event.inputs.cron == ${{ env.CRON_END }} }}
+
+    # outputs:
+    #   host: ${{ steps.createHostJob.outputs.host }}
+
+    steps:
+      - name: Running Clean up Action
+        run: |
+          echo "Final job is running with HOST_ID=${{ needs.createHostJob.outputs.HOST_ID }}"
+          echo "Bye bye"
+
+      - name: Destroy instance
+        if: always()
+        # run: |
+          # # Destroy instance
+          # podman run -d --name mac-host-destroy --rm \
+          #   -v ${PWD}:/workspace:z \
+          #   -e AWS_ACCESS_KEY_ID=${{ AWS_ACCESS_KEY_ID }} \
+          #   -e AWS_SECRET_ACCESS_KEY='${{ AWS_SECRET_ACCESS_KEY }}' \
+          #   -e AWS_DEFAULT_REGION=us-east-1 \
+          #   quay.io/rhqp/qenvs:${{ matrix.qenvs-version }} aws \
+          #     mac destroy \
+          #     --host-only
+          #     --project-name mac-desktop \
+          #     --backed-url 'file:///workspace'
+          # # Check logs
+          # podman logs -f mac-host-destroy
+        run: |
+          echo "Destroying the AWS host using --host-only"

.github/workflows/podman-e2e-mac.yaml

@@ -0,0 +1,162 @@
+# This example workflow represents an independent workflow that tests something, runs after E2E test Job is finished
+# and makes use of startJob machine's access information
+
+name: Podman E2E with Podman installation on Mac OS
+
+on:
+  workflow_call:
+    secrets:
+      env_vars:
+        required: true
+  workflow_dispatch:
+    inputs:
+      host_id:
+        description: 'AWS Host ID'
+        type: string
+        required: false
+
+jobs:
+  podman-e2e:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        # version: ['13','14']
+        version: ['14']
+        # arch: ['m1', 'm2']
+        arch: ['m1']
+        qenvs-version: ['v0.6.1']
+
+    steps:
+    - name: Decode credentials as environment variables
+      # Runs only is the trigger event is a workflow call - run by mac-scheduler
+      if: github.event_name == 'workflow_call'
+      env:
+        env_vars: ${{ secrets.env_vars }}
+      run: |
+        echo "Getting HOST_ID from parent workflow"
+        for i in $env_vars; do
+          i=$(echo $i | sed 's/=.*//g')=$(echo ${i#*=} | base64 -di | base64 -di)
+          echo ::add-mask::${i#*=}
+          printf '%s\n' "$i" >> $GITHUB_ENV
+        done
+
+    - name: Set host id into environment variables
+      # Runs only is the trigger event is a workflow dispatch - run manually
+      if: github.event_name == 'workflow_dispatch'
+      env:
+        HOST_ID: ${{ github.event.inputs.host_id }}
+      run: |
+        echo "Setting HOST_ID from Workflow input: ${{ env.HOST_ID }}"
+
+    - name: Validate Host ID
+      run: |
+        # Secrets are now available as masked environment variable.
+        echo $HOST_D # or ${{ env.HOST_ID }}
+
+    - name: Create instance on the host passing --host-id
+      # run: |
+        # # Create instance with provided HOST_ID
+        # podman run -d --name mac-create --rm \
+        # -v ${PWD}:/workspace:z \
+        # -e AWS_ACCESS_KEY_ID=${{ AWS_ACCESS_KEY_ID }} \
+        # -e AWS_SECRET_ACCESS_KEY='${{ AWS_SECRET_ACCESS_KEY }}' \
+        # -e AWS_DEFAULT_REGION=us-east-1 \
+        # quay.io/rhqp/qenvs:${{ matrix.qenvs-version }} aws \
+        #   mac create \
+        #     --host-id ${{ env.HOST_ID }} 
+        #     --project-name mac-desktop \
+        #     --backed-url file:///workspace \
+        #     --conn-details-output /workspace \
+        #     --version '${{ matrix.version }}' \
+        #     --arch '${{ matrix.arch }}'
+        # # Check logs 
+        # podman logs -f mac-create
+      run: |
+        echo "Passing ${{ env.HOST_ID }} info"
+
+    # - name: Check instance system info
+    #   run: |
+    #     ssh -i id_rsa \
+    #       -o StrictHostKeyChecking=no \
+    #       -o UserKnownHostsFile=/dev/null \
+    #       -o ServerAliveInterval=30 \
+    #       -o ServerAliveCountMax=1200 \
+    #       $(cat username)@$(cat host) "systeminfo"
+
+    # - name: Emulate X session 
+    #   run: |
+    #     # use fake rdp to emulate an active x session
+    #     podman run -d --name x-session \
+    #       -e RDP_HOST=$(cat host) \
+    #       -e RDP_USER=$(cat username) \
+    #       -e RDP_PASSWORD=$(cat userpassword) \
+    #       quay.io/rhqp/frdp:v0.0.1
+    #     # Wait until the x session has been created
+    #     podman wait --condition running x-session
+    #     # Check logs for the x session
+    #     podman logs x-session
+        
+    # - name: Run podman desktop e2e
+    #   run: |
+    #     # Get latest built 
+    #     tag=$(curl --silent https://api.github.com/repos/containers/podman-desktop/releases | jq -r 'map(select(.prerelease)) | first | .tag_name')
+    #     # Run e2e tests
+    #     podman run --rm -d --name pd-e2e-mac \
+    #       -e TARGET_HOST=$(cat host) \
+    #       -e TARGET_HOST_USERNAME=$(cat username) \
+    #       -e TARGET_HOST_KEY_PATH=/data/id_rsa \
+    #       -e TARGET_FOLDER=pd-e2e \
+    #       -e TARGET_RESULTS=podman-desktop-e2e-results-${tag}.xml \
+    #       -e OUTPUT_FOLDER=/data \
+    #       -e DEBUG=true \
+    #       -v $PWD:/data:z \
+    #       quay.io/rhqp/podman-desktop-e2e:v1.1.0-windows-amd64  \
+    #           pd-e2e/run.ps1 \
+    #               -wslInstallFix 'false' \
+    #               -targetFolder pd-e2e \
+    #               -pdUrl "https://github.com/containers/podman-desktop/releases/download/${tag}/podman-desktop-${tag:1}.exe" \
+    #               -junitResultsFilename podman-desktop-e2e-results-${tag}.xml 
+    #     # Check logs 
+    #     podman logs -f pd-e2e-mac
+
+    - name: Destroy instance
+      if: always()
+      # run: |
+      #   # # Destroy instance
+      #   # podman run -d --name mac-destroy --rm \
+      #   #   -v ${PWD}:/workspace:z \
+      #   #   -e AWS_ACCESS_KEY_ID=${{ AWS_ACCESS_KEY_ID }} \
+      #   #   -e AWS_SECRET_ACCESS_KEY='${{ AWS_SECRET_ACCESS_KEY }}' \
+      #   #   -e AWS_DEFAULT_REGION=us-east-1 \
+      #   #   quay.io/rhqp/qenvs:${{ matrix.qenvs-version }} aws \
+      #   #     mac destroy \
+      #   #     --host-id ${{ env.HOST_ID }}
+      #   #     --project-name mac-desktop \
+      #   #     --backed-url 'file:///workspace'
+      #   # # Check logs
+      #   # podman logs -f mac-destroy
+      run: |
+        echo "Destroying instance with ${{ env.HOST_ID }}"
+
+    # - name: Publish Test Report
+    #   uses: mikepenz/action-junit-report@v4
+    #   if: always() # always run even if the previous step fails
+    #   with:
+    #     fail_on_failure: true
+    #     include_passed: true
+    #     detailed_summary: true
+    #     require_tests:  true
+    #     report_paths: '**/*results*.xml'
+
+    # - name: Upload e2e test artifacts
+    #   uses: actions/upload-artifact@v4
+    #   if: always()
+    #   with:
+    #     name: E2E-results-mac-${{ matrix.version }}${{ matrix.arch }}
+    #     path: |
+    #       podman-e2e-results-*.xml
+    #       podman-desktop-e2e-results-*.xml
+
+
+