Build(deps): Bump step-security/harden-runner from 2.12.2 to 2.13.0 #197
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: smoke-tests-bare-metal | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| - 'maint-**' | |
| pull_request: | |
| branches: | |
| - main | |
| - 'maint-**' | |
| env: | |
| BUILD_TYPE: 'Release' | |
| DPDK_VERSION: '25.03' | |
| DPDK_REBUILD: 'false' | |
| permissions: | |
| contents: read | |
| jobs: | |
| validation-build-mtl: | |
| runs-on: [Linux, self-hosted, DPDK] | |
| timeout-minutes: 60 | |
| outputs: | |
| pipenv-activate: ${{ steps.pipenv-install.outputs.VIRTUAL_ENV }} | |
| steps: | |
| - name: 'preparation: Harden Runner' | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - name: 'preparation: Restore valid repository owner and print env' | |
| if: always() | |
| run: | | |
| sudo chown -R "${USER}" "$(pwd)" || true | |
| env | grep TEST_ || true | |
| - name: 'preparation: Checkout MTL' | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| ref: '${{ github.ref }}' | |
| - name: 'preparation: Checkout DPDK' | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| if: env.DPDK_REBUILD == 'true' | |
| with: | |
| repository: 'DPDK/dpdk' | |
| ref: 'v${{ env.DPDK_VERSION }}' | |
| path: 'dpdk' | |
| - name: 'preparation: Checkout openh264' | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| repository: 'cisco/openh264' | |
| ref: 'openh264v2.4.0' | |
| path: 'openh264' | |
| - name: 'preparation: Checkout FFmpeg' | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| repository: 'FFmpeg/FFmpeg' | |
| ref: 'release/7.0' | |
| path: 'ffmpeg' | |
| - name: 'configuration: Install the build dependency' | |
| run: | | |
| sudo apt update | |
| sudo apt-get remove -y pipenv || true | |
| sudo apt-get install -y \ | |
| git gcc meson tar zip \ | |
| pkg-config \ | |
| python3 \ | |
| python3-pyelftools \ | |
| python3-virtualenv \ | |
| python3-pip \ | |
| libnuma-dev \ | |
| libjson-c-dev \ | |
| libpcap-dev \ | |
| libgtest-dev \ | |
| libsdl2-dev \ | |
| libsdl2-ttf-dev \ | |
| libssl-dev \ | |
| systemtap-sdt-dev \ | |
| libbpf-dev \ | |
| libelf1 \ | |
| gstreamer1.0-plugins-base \ | |
| gstreamer1.0-plugins-good \ | |
| gstreamer1.0-tools \ | |
| gstreamer1.0-libav \ | |
| libgstreamer1.0-dev \ | |
| libgstreamer-plugins-base1.0-dev | |
| - name: 'configuration: Apply dpdk patches' | |
| if: env.DPDK_REBUILD == 'true' | |
| run: | | |
| patch -d "dpdk" -p1 -i <(cat patches/dpdk/${{ env.DPDK_VERSION }}/*.patch) | |
| - name: 'installation: Build dpdk' | |
| working-directory: dpdk | |
| if: env.DPDK_REBUILD == 'true' | |
| run: | | |
| meson build | |
| ninja -C build | |
| sudo ninja -C build install | |
| - name: 'installation: Build mtl' | |
| run: | | |
| ./build.sh | |
| sudo ldconfig | |
| - name: 'installation: Build openh264' | |
| working-directory: openh264 | |
| run: | | |
| make -j "$(nproc)" | |
| sudo make install | |
| sudo ldconfig | |
| - name: 'installation: Build FFmpeg' | |
| working-directory: ffmpeg | |
| run: | | |
| git am ../ecosystem/ffmpeg_plugin/7.0/*.patch | |
| cp ../ecosystem/ffmpeg_plugin/mtl_*.c -rf libavdevice/ | |
| cp ../ecosystem/ffmpeg_plugin/mtl_*.h -rf libavdevice/ | |
| ./configure --enable-shared --disable-static --enable-nonfree --enable-pic --enable-gpl --enable-libopenh264 --enable-encoder=libopenh264 --enable-mtl | |
| make -j "$(nproc)" | |
| sudo make install | |
| sudo ldconfig | |
| - name: 'installation: Build GStreamer' | |
| working-directory: ecosystem/gstreamer_plugin | |
| run: | | |
| ./build.sh | |
| - name: 'installation: Install pipenv environment' | |
| working-directory: tests/validation | |
| id: pipenv-install | |
| run: | | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| pip install -r requirements.txt | |
| echo "VIRTUAL_ENV=$PWD/venv/bin/activate" >> "$GITHUB_ENV" | |
| validation-run-tests: | |
| needs: [validation-build-mtl] | |
| runs-on: [Linux, self-hosted, DPDK] | |
| timeout-minutes: 720 | |
| env: | |
| PYTEST_RETRIES: '3' | |
| steps: | |
| - name: Replace secrets in example config files | |
| run: | | |
| sed -i "s+MTL_PATH_PLACEHOLDER+${{ secrets.BARE_METAL_MTL_PATH }}+" tests/validation/configs/test_config.yaml | |
| sed -i "s/IP_ADDRESS_PLACEHOLDER/${{ secrets.BARE_METAL_IP_ADDRESS }}/" tests/validation/configs/topology_config.yaml | |
| sed -i "s/SSH_PORT_PLACEHOLDER/${{ secrets.BARE_METAL_SSH_PORT }}/" tests/validation/configs/topology_config.yaml | |
| sed -i "s/USERNAME_PLACEHOLDER/${{ secrets.BARE_METAL_USERNAME }}/" tests/validation/configs/topology_config.yaml | |
| sed -i "s+KEY_PATH_PLACEHOLDER+${{ secrets.BARE_METAL_SSH_KEY_PATH }}+" tests/validation/configs/topology_config.yaml | |
| - name: 'preparation: Harden Runner' | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - name: 'preparation: Evaluate choosen validation-test-port-p and validation-test-port-r' | |
| run: | | |
| eval "export TEST_PORT_P=TEST_VF_PORT_P_0" | |
| eval "export TEST_PORT_R=TEST_VF_PORT_P_1" | |
| echo "TEST_PORT_P=${TEST_PORT_P}" >> "$GITHUB_ENV" | |
| echo "TEST_PORT_R=${TEST_PORT_R}" >> "$GITHUB_ENV" | |
| echo "TEST_PORT_P=${TEST_PORT_P}" | |
| echo "TEST_PORT_R=${TEST_PORT_R}" | |
| - name: 'preparation: Kill MtlManager and pytest routines' | |
| run: | | |
| sudo killall -SIGINT pipenv || true | |
| sudo killall -SIGINT pytest || true | |
| sudo killall -SIGINT MtlManager || true | |
| - name: 'preparation: Create VFs' | |
| run: | | |
| sudo rmmod irdma || true | |
| sudo ./script/nicctl.sh create_vf "${TEST_PF_PORT_P}" || true | |
| sudo ./script/nicctl.sh create_vf "${TEST_PF_PORT_R}" || true | |
| - name: 'preparation: Start MtlManager at background' | |
| run: | | |
| sudo MtlManager & | |
| - name: 'execution: Run validation-bare-metal tests in virtual environment' | |
| run: | | |
| sudo tests/validation/venv/bin/python3 -m pytest --topology_config=tests/validation/configs/topology_config.yaml --test_config=tests/validation/configs/test_config.yaml -m smoke --template=html/index.html --report=report.html | |
| - name: "upload report" | |
| id: upload-report | |
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: smoke-tests-report | |
| path: | | |
| report.html | |
| - name: "Add report to summary" | |
| if: always() | |
| run: | | |
| { | |
| echo "## Smoke Tests Report" | |
| echo "" | |
| # Check if JSON report exists | |
| if [ -f "report.json" ]; then | |
| # Parse JSON report | |
| PASSED=$(jq '.summary.passed // 0' report.json) | |
| FAILED=$(jq '.summary.failed // 0' report.json) | |
| SKIPPED=$(jq '.summary.skipped // 0' report.json) | |
| ERROR=$(jq '.summary.errors // 0' report.json) | |
| # Add summary stats | |
| echo "| Status | Count |" | |
| echo "| ------ | ----- |" | |
| echo "| ✅ Passed | ${PASSED:-0} |" | |
| echo "| ❌ Failed | ${FAILED:-0} |" | |
| echo "| ⚠️ Error | ${ERROR:-0} |" | |
| echo "| ⏭️ Skipped | ${SKIPPED:-0} |" | |
| echo "" | |
| # Add test result details if available | |
| TOTAL=$((${PASSED:-0} + ${FAILED:-0} + ${ERROR:-0} + ${SKIPPED:-0})) | |
| echo "**Total Tests:** $TOTAL" | |
| echo "" | |
| if [ "${FAILED:-0}" -gt 0 ] || [ "${ERROR:-0}" -gt 0 ]; then | |
| echo "❌ **Some tests failed!** Please check the detailed report." | |
| else | |
| echo "✅ **All tests passed!**" | |
| fi | |
| echo "" | |
| # Add link to full report artifact | |
| echo "📄 [Download Full HTML Report](https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}/artifacts/${{ steps.upload-report.outputs.artifact-id }})" | |
| else | |
| echo "❌ No report.json file was generated" | |
| fi | |
| } >> "$GITHUB_STEP_SUMMARY" |