feat: run integration tests on more platforms

Author: Molter73

.github/workflows/integration-tests.yml

@@ -27,6 +27,9 @@ jobs:
         vm:
           - fedora-coreos
           - fcarm
+          - rhel
+          - rhel-arm64
+          - rhcos
 
     steps:
     - uses: actions/checkout@v4
@@ -80,11 +83,25 @@ jobs:
         quay:
           username: ${{ secrets.QUAY_RHACS_ENG_RO_USERNAME }}
           password: ${{ secrets.QUAY_RHACS_ENG_RO_PASSWORD }}
+        excluded_vms:
+        # RHEL 8 doesn't handle file creation properly,
+        # need more investigation
+        - rhel-8
+        - rhcos-412-86-202402272018-0-gcp-x86-64
+        - rhcos-414-92-202407091253-0-gcp-x86-64
+        # BPF trampolines are only implemented starting with RHEL 10
+        - rhel-9-arm64
         EOF
 
     - name: Create Test VMs
+      env:
+        ANSIBLE_CONFIG: "${{ github.workspace }}/collector/ansible/ansible.cfg"
       run: |
-        make -C "./collector/ansible" create-ci-vms
+        ansible-playbook \
+          -i "${GITHUB_WORKSPACE}/collector/ansible/ci" \
+          -e @vars.yml \
+          --tags setup,provision \
+          "${GITHUB_WORKSPACE}/collector/ansible/integration-tests.yml"
 
     - name: Run the tests
       env:
@@ -103,17 +120,17 @@ jobs:
     - name: Unarchive logs
       if: always()
       run: |
-        cd "${GITHUB_WORKSPACE}/fact/tests"
-        if [[ -f "logs.tar.gz" ]]; then
-          tar xzf "logs.tar.gz"
-          rm -f "logs.tar.gz"
-        fi
+        cd "/tmp/fact/tests"
+        for file in logs/*.tar.gz; do
+          tar xzf "$file"
+          rm -f "$file"
+        done
 
     - name: Test summary
       uses: test-summary/action@v2
       if: always()
       with:
-        paths: ${{ github.workspace }}/fact/tests/results.xml
+        paths: /tmp/fact/tests/*-results.xml
 
     - name: Store artifacts
       if: always()
@@ -125,6 +142,6 @@ jobs:
       with:
         name: ${{ matrix.vm }}-test-logs
         path: |
-          ${{ github.workspace }}/fact/tests/logs
-          ${{ github.workspace }}/fact/tests/results.xml
+          /tmp/fact/tests/logs
+          /tmp/fact/tests/*-results.xml
         if-no-files-found: ignore

ansible/group_vars/all.yml

@@ -1,2 +1,3 @@
 ---
 runtime_command: docker
+runtime_host: 'unix:///var/run/docker.sock'

ansible/group_vars/platform_rhcos.yml

@@ -1,2 +1,3 @@
 ---
 ansible_user: core
+runtime_host: "unix:///run/podman/podman.sock"

ansible/group_vars/platform_rhcos_arm64.yml

@@ -1,2 +1,3 @@
 ---
 ansible_user: core
+runtime_host: "unix:///run/podman/podman.sock"

ansible/group_vars/platform_rhel.yml

@@ -0,0 +1,2 @@
+---
+runtime_host: "unix:///run/podman/podman.sock"

ansible/group_vars/platform_rhel_arm64.yml

@@ -0,0 +1,2 @@
+---
+runtime_host: "unix:///run/podman/podman.sock"

ansible/run-tests.yml

@@ -5,57 +5,90 @@
     FACT_IMAGE_NAME: "{{ fact.image | default(None) }}"
 
   tasks:
-    - name: Install dependencies
-      become: true
-      community.general.rpm_ostree_pkg:
-        apply_live: true
-        name:
-          - make
-          - python3-packaging
-          - python3-requests
-        state: present
-
-    - name: Login to quay.io
-      community.docker.docker_login:
-        registry_url: quay.io
-        username: "{{ quay.username }}"
-        password: "{{ quay.password }}"
-
     - name: Clone the repo
       ansible.builtin.git:
         repo: https://github.com/stackrox/fact
-        dest: ./fact
+        dest: /tmp/fact
         version: "{{ fact.version }}"
         update: false
 
-    - name: Install python packages
-      ansible.builtin.pip:
-        requirements: ./fact/tests/requirements.txt
-        chdir: "{{ ansible_env.HOME }}"
-        virtualenv: ./fact/.venv
-        virtualenv_command: python3 -m venv
+    - name: Log into quay.io
+      become: true
+      shell:
+        cmd: "{{ runtime_command }} login -u {{ quay.username }} --password-stdin quay.io"
+        stdin: "{{ quay.password }}"
+
+    - name: Copy podman auth
+      become: true
+      shell:
+        cmd: |
+          mkdir -p ~/.docker/
+          if [[ -f "${XDG_RUNTIME_DIR:-}/containers/auth.json" ]]; then
+              AUTH_FILE="${XDG_RUNTIME_DIR:-}/containers/auth.json"
+          elif [[ -f "/run/containers/0/auth.json" ]]; then
+              AUTH_FILE="/run/containers/0/auth.json"
+          else
+              echo &>2 "No valid auth.json file found"
+              exit 1
+          fi
+          cp "${AUTH_FILE}" ~/.docker/config.json
+        creates: ~/.docker/config.json
+      when: runtime_command == "podman"
 
     - block:
+      # There are some ansible modules that we could use to modularize
+      # this next task, however they required some Python modules to be
+      # installed on the managed VM that may not be available (like
+      # python3-packaging), so we stick to a shell as ugly as it is.
       - name: Run tests
+        become: true
+        environment:
+          DOCKER_HOST: "{{ runtime_host }}"
         ansible.builtin.shell:
           cmd: |
-            cd "${HOME}/fact"
-            source ".venv/bin/activate"
-            make integration-tests
+            set -euo pipefail
+            cd "/tmp/fact/tests"
+
+            # Setup the virtual environment
+            python3 -m venv .venv
+            source .venv/bin/activate
+            pip install -r requirements.txt
+
+            # Generate gRPC files
+            python3 -m grpc_tools.protoc \
+                -I../third_party/stackrox/proto \
+                --python_out=. \
+                --pyi_out=. \
+                --grpc_python_out=. \
+                ../third_party/stackrox/proto/internalapi/sensor/collector.proto \
+                ../third_party/stackrox/proto/internalapi/sensor/sfa.proto \
+                ../third_party/stackrox/proto/internalapi/sensor/sfa_iservice.proto
+
+            # Run the tests
+            pytest --image="${FACT_IMAGE_NAME}" --junit-xml=results.xml
+
       always:
+      - name: Make logs directories
+        ansible.builtin.file:
+          state: directory
+          path: /tmp/fact/tests/logs
+          recurse: true
+        delegate_to: localhost
+
       - name: Retrieve results
         ansible.builtin.fetch:
-          src: "{{ ansible_env.HOME }}/fact/tests/results.xml"
-          dest: ../tests/
+          src: /tmp/fact/tests/results.xml
+          dest: "/tmp/fact/tests/{{ vm_config }}-results.xml"
           flat: true
 
       - name: Compress log files
         community.general.archive:
-          path: "{{ ansible_env.HOME }}/fact/tests/logs"
-          dest: "{{ ansible_env.HOME }}/fact/tests/logs.tar.gz"
+          path: /tmp/fact/tests/logs
+          dest: "/tmp/fact/tests/{{ vm_config }}.tar.gz"
 
       - name: Fetch log files
         ansible.builtin.fetch:
-          src: "{{ ansible_env.HOME }}/fact/tests/logs.tar.gz"
-          dest: ../tests/logs.tar.gz
+          src: "/tmp/fact/tests/{{ vm_config }}.tar.gz"
+          dest: /tmp/fact/tests/logs/
+          validate_checksum: false
           flat: true