tests: move to bats and simplify gha script

.github/workflows/tests.yml

@@ -57,223 +57,18 @@ jobs:
       - name: "Checkout code"
         uses: actions/checkout@v4
 
-      # Make sure we have the up-to-date version of all images we need as
-      # part of the deployment process
-      - name: "Pull all images"
-        run: |
-          docker pull ghcr.io/sc2-sys/containerd:$(grep -oP 'CONTAINERD_VERSION\s*=\s*"\K[^"]+' ./tasks/util/versions.py)
-          docker pull ghcr.io/sc2-sys/kata-containers:$(grep -oP 'KATA_VERSION\s*=\s*"\K[^"]+' ./tasks/util/versions.py)
-          docker pull ghcr.io/sc2-sys/nydus:$(grep -oP 'NYDUS_VERSION\s*=\s*"\K[^"]+' ./tasks/util/versions.py)
-          docker pull ghcr.io/sc2-sys/nydus-snapshotter:$(grep -oP 'NYDUS_SNAPSHOTTER_VERSION\s*=\s*"\K[^"]+' ./tasks/util/versions.py)
-
       - name: "Install SC2"
         run: ./bin/inv_wrapper.sh sc2.deploy --clean
 
-      - name: "Run python hello world (cold and warm starts)"
-        run: |
-          for runtime_class in ${{ matrix.runtime_classes }}; do
-            for flavour in "cold" "warm"; do
-              echo "Running test for ${runtime_class} (${flavour})..."
-
-              # If running a cold-start test, make sure to remove the image first
-              if [ "$flavour" == "cold" ]; then
-                sudo crictl rmi $(sudo crictl --runtime-endpoint unix:///run/containerd/containerd.sock images | grep sc2cr.io/applications/helloworld-py | awk '{print $3}') > /dev/null 2>&1
-              fi
-
-              # Deploy python pod
-              export SC2_RUNTIME_CLASS=${runtime_class}
-              envsubst < ./demo-apps/helloworld-py/deployment.yaml | ./bin/kubectl apply -f -
-
-              # Wait for pod to be ready
-              until [ "$(./bin/kubectl get pods -l ${{ env.POD_LABEL }} -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}')" = "True" ]; do echo "Waiting for pod to be ready..."; sleep 2; done
-              sleep 1
-
-              # Get the pod's IP
-              service_ip=$(./bin/kubectl get services -o jsonpath='{.items[?(@.metadata.name=="coco-helloworld-py-node-port")].spec.clusterIP}')
-              [ "$(curl --retry 3 -X GET ${service_ip}:8080)" = "Hello World!" ]
-              envsubst < ./demo-apps/helloworld-py/deployment.yaml | ./bin/kubectl delete -f -
-
-              # Wait for pod to be deleted
-              ./bin/kubectl wait --for=delete -l ${{ env.POD_LABEL }} pod --timeout=30s
-              # Extra cautionary sleep
-              sleep 5
-              echo "Test for ${runtime_class} (${flavour}) successful!"
-            done
-          done
-        env:
-          POD_LABEL: apps.sc2.io/name=helloworld-py
-
-      - name: "Fetch content (see #130)"
-        run: sudo ctr -n k8s.io content fetch -k sc2cr.io/applications/helloworld-py:unencrypted
-
-      - name: "Run Knative hello world"
-        run: |
-          for runtime_class in ${{ matrix.runtime_classes }}; do
-            echo "Running test for ${runtime_class}..."
-            export SC2_RUNTIME_CLASS=${runtime_class}
-            envsubst < ./demo-apps/helloworld-knative/service.yaml | ./bin/kubectl apply -f -
-            sleep 1
-
-            # Get the service URL
-            service_url=$(./bin/kubectl get ksvc helloworld-knative  --output=custom-columns=URL:.status.url --no-headers)
-            [ "$(curl --retry 3 ${service_url})" = "Hello World!" ]
-
-            # Wait for pod to be deleted
-            envsubst < ./demo-apps/helloworld-knative/service.yaml | ./bin/kubectl delete -f -
-            ./bin/kubectl wait --for=delete -l ${{ env.POD_LABEL }} pod --timeout=60s
-
-            # Extra cautionary sleep
-            sleep 5
-            echo "Test for ${runtime_class} successful!"
-          done
+      - name: "Install BATS"
+        run: sudo -E apt install -y bats
         env:
-          POD_LABEL: apps.sc2.io/name=helloworld-py
-
-      - name: "Run nydus lazy guest-pulling test"
-        run: |
-          export SC2_RUNTIME_CLASS=qemu-${{ matrix.tee }}-sc2
-          export POD_LABEL="apps.sc2.io/name=helloworld-py"
-
-          # ----- Python Test ----
-
-          echo "Running python test..."
-          envsubst < ./demo-apps/helloworld-py-nydus/deployment.yaml | ./bin/kubectl apply -f -
-
-          # Wait for pod to be ready
-          until [ "$(./bin/kubectl get pods -l ${POD_LABEL} -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}')" = "True" ]; do echo "Waiting for pod to be ready..."; sleep 2; done
-          sleep 1
-
-          # Get the pod's IP
-          service_ip=$(./bin/kubectl get services -o jsonpath='{.items[?(@.metadata.name=="coco-helloworld-py-node-port")].spec.clusterIP}')
-          [ "$(curl --retry 3 -X GET ${service_ip}:8080)" = "Hello World!" ]
-          envsubst < ./demo-apps/helloworld-py-nydus/deployment.yaml | ./bin/kubectl delete -f -
-
-          # Wait for pod to be deleted
-          ./bin/kubectl wait --for=delete -l ${POD_LABEL} pod --timeout=30s
-
-          # Extra cautionary sleep
-          sleep 5
-          echo "Python test succesful!"
-
-          # ----- Knative Test ----
-          envsubst < ./demo-apps/helloworld-knative-nydus/service.yaml | ./bin/kubectl apply -f -
-          sleep 1
-
-          # Get the service URL
-          service_url=$(./bin/kubectl get ksvc helloworld-knative  --output=custom-columns=URL:.status.url --no-headers)
-          [ "$(curl --retry 3 ${service_url})" = "Hello World!" ]
-
-          # Wait for pod to be deleted
-          envsubst < ./demo-apps/helloworld-knative-nydus/service.yaml | ./bin/kubectl delete -f -
-          ./bin/kubectl wait --for=delete -l ${POD_LABEL} pod --timeout=60s
+          DEBIAN_FRONTEND: noninteractive
 
-          # Extra cautionary sleep
-          sleep 5
-          echo "Knative test succesful!"
-
-      - name: "Run nydus host-share test"
-        # Host-share mechanisms seem not to work with TDX
-        if: ${{ matrix.tee != 'tdx' }}
-        run: |
-          # Change the snapshotter mode and purge (necessary to clear
-          # containred's content store)
-          ./bin/inv_wrapper.sh nydus-snapshotter.set-mode host-share
-          sleep 2
-          ./bin/inv_wrapper.sh nydus-snapshotter.purge
-
-          export SC2_RUNTIME_CLASS=qemu-${{ matrix.tee }}-sc2
-          export POD_LABEL="apps.sc2.io/name=helloworld-py"
-
-          # When updating the runtime we update all the config files, so we
-          # need to re-start the cache
-          sudo -E ./vm-cache/target/release/vm-cache restart
-
-          # ----- Python Test ----
-
-          echo "Running python test..."
-          envsubst < ./demo-apps/helloworld-py/deployment.yaml | ./bin/kubectl apply -f -
-
-          # Wait for pod to be ready
-          until [ "$(./bin/kubectl get pods -l ${POD_LABEL} -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}')" = "True" ]; do echo "Waiting for pod to be ready..."; sleep 2; done
-          sleep 1
-
-          # Get the pod's IP
-          service_ip=$(./bin/kubectl get services -o jsonpath='{.items[?(@.metadata.name=="coco-helloworld-py-node-port")].spec.clusterIP}')
-          [ "$(curl --retry 3 -X GET ${service_ip}:8080)" = "Hello World!" ]
-          envsubst < ./demo-apps/helloworld-py/deployment.yaml | ./bin/kubectl delete -f -
-
-          # Wait for pod to be deleted
-          ./bin/kubectl wait --for=delete -l ${POD_LABEL} pod --timeout=30s
-
-          # Extra cautionary sleep
-          sleep 5
-          echo "Python test succesful!"
-
-          # ----- Knative Test ----
-          envsubst < ./demo-apps/helloworld-knative/service.yaml | ./bin/kubectl apply -f -
-          sleep 1
-
-          # Get the service URL
-          service_url=$(./bin/kubectl get ksvc helloworld-knative  --output=custom-columns=URL:.status.url --no-headers)
-          [ "$(curl --retry 3 ${service_url})" = "Hello World!" ]
-
-          # Wait for pod to be deleted
-          envsubst < ./demo-apps/helloworld-knative/service.yaml | ./bin/kubectl delete -f -
-          ./bin/kubectl wait --for=delete -l ${POD_LABEL} pod --timeout=60s
-
-          # Extra cautionary sleep
-          sleep 5
-          echo "Knative test succesful!"
-
-          # Change the snapshotter mode back again (and purge)
-          #
-          ./bin/inv_wrapper.sh nydus-snapshotter.set-mode guest-pull
-          sleep 2
-          ./bin/inv_wrapper.sh nydus-snapshotter.purge
-
-      - name: "Enable default-memory annotation"
-        run: |
-          for runtime_class in ${{ matrix.runtime_classes }}; do
-            ./bin/inv_wrapper.sh kata.enable-annotation default_memory --runtime ${runtime_class}
-            # Here we benefit that the last variable is the one we want to use
-            # for vm-cache
-            export SC2_RUNTIME_CLASS=${runtime_class}
-          done
-
-          # Aftre changing the annotation of the qemu-snp-sc2 runtime class we
-          # need to restart the VM cache
-          sudo -E ./vm-cache/target/release/vm-cache restart
-
-      - name: "Fetch content (see #130)"
-        run: |
-          sudo ctr -n k8s.io content fetch -k sc2cr.io/system/knative-sidecar@sha256:79d5f6031f308cee209c4c32eeab9113b29a1ed4096c5d657504096734ca3b1d
-          sudo ctr -n k8s.io content fetch registry.k8s.io/pause:3.8
-
-      - name: "Run knative chaining demo"
-        run: |
-          for runtime_class in ${{ matrix.runtime_classes }}; do
-            echo "Running test for ${runtime_class}..."
-            export SC2_RUNTIME_CLASS=${runtime_class}
-            envsubst < ./demo-apps/knative-chaining/chaining.yaml | ./bin/kubectl apply -f -
-            sleep 1
-
-            # Curl the channel URL
-            ./demo-apps/knative-chaining/curl_cmd.sh
-
-            # Wait for pod 3 to be scaled down
-            until [ "$(kubectl -n ${{ env.NAMESPACE }} logs -l ${{ env.POD_LABEL_THREE }} | grep 'cloudevent(s3): done!' | wc -l)" = "1" ]; do echo "Waiting for chain to finish..."; sleep 2; done
-
-            # Finally, clear-up
-            envsubst < ./demo-apps/knative-chaining/chaining.yaml | ./bin/kubectl delete -f -
-
-            # Extra cautionary sleep
-            sleep 5
-            echo "Test for ${runtime_class} successful!"
-          done
+      - name: "Run integration tests"
+        run: bats ./tests
         env:
-          NAMESPACE: chaining-test
-          POD_LABEL_ONE: apps.sc2.io/name=knative-chaining-one
-          POD_LABEL_THREE: apps.sc2.io/name=knative-chaining-three
+          SC2_TEE: ${{ matrix.tee }}
 
       - name: "Clean-up"
         if: always()

README.md

@@ -51,11 +51,11 @@ export SC2_RUNTIME_CLASS=qemu-snp-sc2
 
 # Knative demo
 envsubst < ./demo-apps/helloworld-knative/service.yaml | kubectl apply -f -
-curl $(kubectl get ksvc helloworld-knative  --output=custom-columns=URL:.status.url --no-headers)
+curl $(kubectl -n sc2-demo get ksvc helloworld-knative  --output=custom-columns=URL:.status.url --no-headers)
 
 # Non-Knative demo
 envsubst < ./demo-apps/helloworld-py/deployment.yaml | kubectl apply -f -
-curl $(kubectl get services -o jsonpath='{.items[?(@.metadata.name=="coco-helloworld-py-node-port")].spec.clusterIP}'):8080
+curl $(kubectl -n sc2-demo get services -o jsonpath='{.items[?(@.metadata.name=="coco-helloworld-py-node-port")].spec.clusterIP}'):8080
 ```
 
 for more complex applications and workloads, please check our [applications](

bin/workon.sh

@@ -39,13 +39,13 @@ TEE_DETECT_BINARY=${TEE_DETECT_ROOT}/target/release/tee-detect
 cargo build -q --release --manifest-path ${TEE_DETECT_ROOT}/Cargo.toml
 
 if "${TEE_DETECT_BINARY}" snp; then
-    TEE=snp
+    export SC2_TEE=snp
     export SC2_RUNTIME_CLASS=qemu-snp-sc2
 elif "${TEE_DETECT_BINARY}" tdx; then
-    TEE=tdx
+    export SC2_TEE=tdx
     export SC2_RUNTIME_CLASS=qemu-tdx-sc2
 else
-    TEE=none
+    export SC2_TEE=none
     echo "sc2-deploy: WARN: neither SNP nor TDX is enabled"
 fi
 
@@ -75,7 +75,7 @@ echo ""
 echo "----------------------------------"
 echo "CLI for SC2 Deployment Scripts"
 echo "CoCo Version: ${COCO_VERSION}"
-echo "TEE: ${TEE}"
+echo "TEE: ${SC2_TEE}"
 echo "----------------------------------"
 echo ""
 

demo-apps/helloworld-knative-nydus/service.yaml

@@ -1,7 +1,13 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: sc2-demo
+---
 apiVersion: serving.knative.dev/v1
 kind: Service
 metadata:
   name: helloworld-knative
+  namespace: sc2-demo
 spec:
   template:
     metadata:

demo-apps/helloworld-knative/service.yaml

@@ -1,7 +1,13 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: sc2-demo
+---
 apiVersion: serving.knative.dev/v1
 kind: Service
 metadata:
   name: helloworld-knative
+  namespace: sc2-demo
 spec:
   template:
     metadata:

demo-apps/helloworld-py-nydus/deployment.yaml

@@ -1,7 +1,13 @@
 apiVersion: v1
+kind: Namespace
+metadata:
+  name: sc2-demo
+---
+apiVersion: v1
 kind: Service
 metadata:
   name: coco-helloworld-py-node-port
+  namespace: sc2-demo
 spec:
   type: NodePort
   selector:
@@ -16,6 +22,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: coco-helloworld-py
+  namespace: sc2-demo
   labels:
     apps.sc2.io/name: helloworld-py
 spec:

demo-apps/helloworld-py/Dockerfile

@@ -2,10 +2,10 @@
 FROM python:3.10-slim
 
 # Allow statements and log messages to immediately appear in the Knative logs
-ENV PYTHONUNBUFFERED True
+ENV PYTHONUNBUFFERED=True
 
 # Copy local code to the container image.
-ENV APP_HOME /app
+ENV APP_HOME=/app
 WORKDIR $APP_HOME
 COPY . ./
 

demo-apps/helloworld-py/deployment.yaml

@@ -1,7 +1,13 @@
 apiVersion: v1
+kind: Namespace
+metadata:
+  name: sc2-demo
+---
+apiVersion: v1
 kind: Service
 metadata:
   name: coco-helloworld-py-node-port
+  namespace: sc2-demo
 spec:
   type: NodePort
   selector:
@@ -16,6 +22,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: coco-helloworld-py
+  namespace: sc2-demo
   labels:
     apps.sc2.io/name: helloworld-py
 spec:

demo-apps/knative-chaining/Dockerfile

@@ -1,4 +1,4 @@
-FROM rust:1.80
+FROM rust:1.84
 
 WORKDIR /app
 COPY . ./