Skip to content

Added USE_CONFIDENTIAL_COMPUTING check #910

Added USE_CONFIDENTIAL_COMPUTING check

Added USE_CONFIDENTIAL_COMPUTING check #910

# These are end-to-end tests running on ephemeral DigitalOcean "Droplet" virtual machines
# with the different operating systems that are supported.
#
# The main focus of these tests is to ensure that the packaging works on all supported platforms
# and to ensure the compatibility of dependencies (system and vendored) across these platforms.
name: "Testing on DigitalOcean Droplets"
# Run automatically on main branches, Pull Request updates and allow manual execution using `workflow_dispatch`.
on:
push:
branches:
- main
pull_request:
types:
- "opened"
- "reopened"
- "synchronize"
- "ready_for_review"
workflow_dispatch:
jobs:
run_on_droplet:
name: "Test Droplet with ${{ matrix.os_config.os_name }}-${{ matrix.check_vm.alias }}"
runs-on: ubuntu-latest
concurrency: "${{ matrix.os_config.concurrency_group }}-${{ matrix.check_vm.alias }}"
timeout-minutes: 10
strategy:
matrix:
# Check compatibility with all supported OSes.
os_config:
- os_name: "Debian 11"
os_image: "debian-11-x64"
alias: "debian-11"
package_build_command: "all-podman-debian-11"
package_name: "aleph-vm.debian-11.deb"
concurrency_group: "droplet-aleph-vm-debian-11"
- os_name: "Debian 12"
os_image: "debian-12-x64"
alias: "debian-12"
package_build_command: "all-podman-debian-12"
package_name: "aleph-vm.debian-12.deb"
concurrency_group: "droplet-aleph-vm-debian-12"
- os_name: "Ubuntu 22.04"
os_image: "ubuntu-22-04-x64"
alias: "ubuntu-22-04"
package_build_command: "all-podman-ubuntu-2204"
package_name: "aleph-vm.ubuntu-22.04.deb"
concurrency_group: "droplet-aleph-vm-ubuntu-22-04"
# Check compatibility with all supported runtimes.
check_vm:
- alias: "runtime-6770" # Old runtime, using Debian 11
item_hash: "67705389842a0a1b95eaa408b009741027964edc805997475e95c505d642edd8"
query_params: "?retro-compatibility=true"
- alias: "runtime-3fc0" # Newer runtime, using Debian 12 but now old SDK
item_hash: "3fc0aa9569da840c43e7bd2033c3c580abb46b007527d6d20f2d4e98e867f7af"
query_params: "?retro-compatibility=true"
- alias: "runtime-63fa" # Latest runtime, using Debian 12 and SDK 0.9.0
item_hash: "63faf8b5db1cf8d965e6a464a0cb8062af8e7df131729e48738342d956f29ace"
query_params: ""
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install doctl
uses: digitalocean/action-doctl@v2
with:
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
- name: Setup SSH private key
run: |
mkdir ~/.ssh
echo $DIGITALOCEAN_SSH_PRIVATE_KEY | base64 --decode > ~/.ssh/id_ed25519
chmod 0700 ~/.ssh
chmod 0600 ~/.ssh/id_ed25519
env:
DIGITALOCEAN_SSH_PRIVATE_KEY: ${{ secrets.DIGITALOCEAN_SSH_PRIVATE_KEY }}
- name: Create the Droplet
run: |
doctl compute droplet create \
--image ${{ matrix.os_config.os_image }} \
--size c-4 \
--region ams3 \
--vpc-uuid 5976b7bd-4417-49e8-8522-672aaa920c30 \
--enable-ipv6 \
--ssh-keys ab:2b:25:16:46:6f:25:d0:80:63:e5:be:67:04:cb:64 \
aleph-vm-ci-${{ matrix.os_config.alias }}-${{ matrix.check_vm.alias }}
- name: Build Package
run: |
echo ALEPH_VM_SUPERVISOR_HOST=0.0.0.0 >> packaging/aleph-vm/etc/aleph-vm/supervisor.env
echo ALEPH_VM_ALLOCATION_TOKEN_HASH=9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 >> packaging/aleph-vm/etc/aleph-vm/supervisor.env
echo ALEPH_VM_CHECK_FASTAPI_VM_ID=${{ matrix.check_vm.item_hash }} >> packaging/aleph-vm/etc/aleph-vm/supervisor.env
echo ALEPH_VM_SENTRY_DSN=${{ secrets.SENTRY_DSN }} >> packaging/aleph-vm/etc/aleph-vm/supervisor.env
cd packaging && make ${{ matrix.os_config.package_build_command }} && cd ..
ls packaging/target
- name: Wait for the system to setup and boot
run: |
export DROPLET_IPV4="$(doctl compute droplet get aleph-vm-ci-${{ matrix.os_config.alias }}-${{ matrix.check_vm.alias }} --output json | ./.github/scripts/extract_droplet_ipv4.py)"
until ssh-keyscan -H ${DROPLET_IPV4}; do sleep 1; done
timeout-minutes: 3
- name: Install Aleph-VM on the Droplet
run: |
export DROPLET_IPV4="$(doctl compute droplet get aleph-vm-ci-${{ matrix.os_config.alias }}-${{ matrix.check_vm.alias }} --output json | ./.github/scripts/extract_droplet_ipv4.py)"
ssh-keyscan -H ${DROPLET_IPV4} > ~/.ssh/known_hosts
# Wait a few seconds for DigitalOcean to setup the Droplet using apt, which conflicts with our comands:
sleep 5
# Wait for /var/lib/apt/lists/lock to be unlocked on the remote host via SSH.
while ssh root@${DROPLET_IPV4} lsof /var/lib/apt/lists/lock; do sleep 1; done
ssh root@${DROPLET_IPV4} DEBIAN_FRONTEND=noninteractive "apt-get -o DPkg::Lock::Timeout=60 update"
ssh root@${DROPLET_IPV4} DEBIAN_FRONTEND=noninteractive "apt-get -o DPkg::Lock::Timeout=60 upgrade -y"
ssh root@${DROPLET_IPV4} DEBIAN_FRONTEND=noninteractive "apt-get -o DPkg::Lock::Timeout=60 install -y docker.io apparmor-profiles"
ssh root@${DROPLET_IPV4} "docker run -d -p 127.0.0.1:4021:4021/tcp --restart=always --name vm-connector alephim/vm-connector:alpha"
scp packaging/target/${{ matrix.os_config.package_name }} root@${DROPLET_IPV4}:/opt
ssh root@${DROPLET_IPV4} DEBIAN_FRONTEND=noninteractive "apt-get -o DPkg::Lock::Timeout=60 install -y /opt/${{ matrix.os_config.package_name }}"
# Allow some time for IPFS Kubo to start
sleep 5
- name: Test Aleph-VM on the Droplet
id: test-aleph-vm
if: always()
continue-on-error: true
run: |
export DROPLET_IPV4="$(doctl compute droplet get aleph-vm-ci-${{ matrix.os_config.alias }}-${{ matrix.check_vm.alias }} --output json | ./.github/scripts/extract_droplet_ipv4.py)"
curl --retry 5 --max-time 10 --fail "http://${DROPLET_IPV4}:4020/about/usage/system"
curl --retry 5 --max-time 10 --fail "http://${DROPLET_IPV4}:4020/status/check/fastapi${{ matrix.check_vm.query_params }}"
- name: Test Aleph-VM on the Droplet again restarting the server first
if: steps.test-aleph-vm.outcome == 'failure'
run: |
export DROPLET_IPV4="$(doctl compute droplet get aleph-vm-ci-${{ matrix.os_config.alias }}-${{ matrix.check_vm.alias }} --output json | ./.github/scripts/extract_droplet_ipv4.py)"
# If the first execution fails, restart supervisor and try again
ssh root@${DROPLET_IPV4} "systemctl restart aleph-vm-supervisor"
sleep 5
curl --retry 5 --max-time 10 --fail "http://${DROPLET_IPV4}:4020/status/check/fastapi${{ matrix.check_vm.query_params }}"
- name: Schedule an instance on the Droplet by faking a call from the scheduler
run: |
export DROPLET_IPV4="$(doctl compute droplet get aleph-vm-ci-${{ matrix.os_config.alias }}-${{ matrix.check_vm.alias }} --output json | ./.github/scripts/extract_droplet_ipv4.py)"
curl --retry 5 --max-time 10 --fail -X POST -H "Content-Type: application/json" \
-H "X-Auth-Signature: test" \
-d '{"persistent_vms": [], "instances": ["${{ matrix.check_vm.item_hash }}"]}' \
"http://${DROPLET_IPV4}:4020/control/allocations"
- name: Fetch system usage endpoint
run: |
export DROPLET_IPV4="$(doctl compute droplet get aleph-vm-ci-${{ matrix.os_config.alias }}-${{ matrix.check_vm.alias }} --output json | ./.github/scripts/extract_droplet_ipv4.py)"
curl -X GET -H "Content-Type: application/json" \
"http://${DROPLET_IPV4}:4020/about/usage/system"
- name: Export aleph logs
if: always()
run: |
export DROPLET_IPV4="$(doctl compute droplet get aleph-vm-ci-${{ matrix.os_config.alias }}-${{ matrix.check_vm.alias }} --output json | ./.github/scripts/extract_droplet_ipv4.py)"
ssh root@${DROPLET_IPV4} "journalctl -u aleph-vm-supervisor"
- name: Cleanup
if: always()
run: |
doctl compute droplet delete -f aleph-vm-ci-${{ matrix.os_config.alias }}-${{ matrix.check_vm.alias }}