Add workflow with DTS tests

.github/workflows/build.yml

@@ -0,0 +1,47 @@
+---
+name: Build DTS
+on:
+  workflow_call:
+    inputs:
+      cacheless:
+        type: boolean
+        required: true
+
+jobs:
+  build:
+    runs-on:
+      labels: dts-builder
+    steps:
+      - name: Checkout meta-dts repo
+        uses: actions/checkout@v4
+        with:
+          path: "meta-dts"
+      - name: Prepare cache-less build configuration
+        if: ${{ inputs.cacheless }}
+        shell: bash
+        run: |
+          sed -i '/cache.yml/d' meta-dts/kas.yml
+      - name: Build DTS image
+        shell: bash
+        id: build_image
+        run: |
+          for attempt in {1..5}; do
+            if kas-container build meta-dts/kas.yml; then
+              echo "Build command succeeded on attempt $attempt"
+              break
+            else
+              echo "Build command failed on attempt $attempt"
+              if [ $attempt -lt 5 ]; then
+                sleep 5
+              fi
+            fi
+          done
+        continue-on-error: true
+      - name: Report build command
+        run: |
+          if [ ${{ steps.build_image.outcome }} == 'failure' ]; then
+            echo "All build attempts failed."
+            exit 1
+          else
+            echo "At least one build attempt succeeded."
+          fi

.github/workflows/ci.yml

@@ -8,38 +8,9 @@ on:
 
 jobs:
   build:
-    name: Build system image
-    runs-on:
-      labels: dts-builder
-    steps:
-      - name: Checkout meta-dts repo
-        uses: actions/checkout@v2
-        with:
-          path: "meta-dts"
-      - name: Build DTS image
-        shell: bash
-        id: build_image
-        run: |
-          for attempt in {1..5}; do
-            if kas-container build meta-dts/kas.yml; then
-              echo "Build command succeeded on attempt $attempt"
-              break
-            else
-              echo "Build command failed on attempt $attempt"
-              if [ $attempt -lt 5 ]; then
-                sleep 5
-              fi
-            fi
-          done
-        continue-on-error: true
-      - name: Report build command
-        run: |
-          if [ ${{ steps.build_image.outcome }} == 'failure' ]; then
-            echo "All build attempts failed."
-            exit 1
-          else
-            echo "At least one build attempt succeeded."
-          fi
+    uses: ./.github/workflows/build.yml
+    with:
+      cacheless: false
   deploy-images:
     name: Deploy DTS artifacts on boot.dasharo.com and GitHub Release
     if: ${{ always() && contains(join(needs.*.result, ','), 'success') }}
@@ -152,4 +123,4 @@ jobs:
           rm -rf ~/.ssh/dts-ci-key
           rm -rf dts-release-cicd-pipeline
           rm -f ~/.ssh/gitea_dts_release_cicd
-          rm -rf build
+          rm -rf build meta-dts

.github/workflows/develop.yml

@@ -7,38 +7,9 @@ on:
 
 jobs:
   build:
-    name: Build system image
-    runs-on:
-      labels: dts-builder
-    steps:
-      - name: Checkout meta-dts repo
-        uses: actions/checkout@v2
-        with:
-          path: "meta-dts"
-      - name: Build DTS image
-        shell: bash
-        id: build_image
-        run: |
-          for attempt in {1..5}; do
-            if kas-container build meta-dts/kas.yml; then
-              echo "Build command succeeded on attempt $attempt"
-              break
-            else
-              echo "Build command failed on attempt $attempt"
-              if [ $attempt -lt 5 ]; then
-                sleep 5
-              fi
-            fi
-          done
-        continue-on-error: true
-      - name: Report build command
-        run: |
-          if [ ${{ steps.build_image.outcome }} == 'failure' ]; then
-            echo "All build attempts failed."
-            exit 1
-          else
-            echo "At least one build attempt succeeded."
-          fi
+    uses: ./.github/workflows/build.yml
+    with:
+      cacheless: false
   deploy-images:
     name: Deploy DTS artifacts on boot.dasharo.com
     if: ${{ always() && contains(join(needs.*.result, ','), 'success') }}
@@ -143,4 +114,4 @@ jobs:
           rm -rf ~/.ssh/dts-ci-key
           rm -rf dts-release-cicd-pipeline
           rm -f ~/.ssh/gitea_dts_release_cicd
-          rm -rf build
+          rm -rf build meta-dts

.github/workflows/test.yml

@@ -0,0 +1,130 @@
+---
+name: Run DTS tests
+on:
+  pull_request:
+    branches:
+      - 'main'
+jobs:
+  build-dts:
+    uses: ./.github/workflows/build.yml
+    with:
+      cacheless: false
+  run-tests:
+    name: Run DTS tests
+    if: ${{ github.head_ref == 'develop' && contains(join(needs.*.result, ','), 'success') }}
+    needs: build
+    runs-on:
+      labels: dts-builder
+    steps:
+      - name: Checkout OSFV repo
+        uses: actions/checkout@v4
+        with:
+          repository: 'Dasharo/open-source-firmware-validation'
+          path: 'open-source-firmware-validation'
+          submodules: 'recursive'
+          ref: 'develop'
+      - name: Run IPXE server
+        shell: bash
+        run: |
+          mkdir ipxe
+          cp build/tmp/deploy/images/genericx86-64/dts-base-image-genericx86-64.cpio.gz ipxe
+          cp build/tmp/deploy/images/genericx86-64/bzImage ipxe
+          echo -e "\n
+          #!ipxe\n
+          imgfetch --name file_kernel bzImage\n
+          imgfetch --name file_initrd dts-base-image-genericx86-64.cpio.gz\n
+          kernel file_kernel root=/dev/nfs initrd=file_initrd\n
+          boot" > ipxe/dts.ipxe
+          cd ipxe && python3-m http.server 4321 &
+      - name: Install requirements
+        shell: bash
+        run: |
+          cd open-source-firmware-validation
+          python3 -m virtualenv venv
+          source venv/bin/activate
+          pip install -r requirements.txt
+      - name: Run QEMU
+        shell: bash
+        id: run_qemu
+        run: |
+          cd open-source-firmware-validation/scripts/ci
+          mkdir qemu-data
+          touch qemu-data/hdd.qcow
+          ./qemu-run.sh nographic os &
+      - name: Create directory for logs
+        shell: bash
+        id: log_dirs
+        run: |
+          timestamp=$(date -u +%Y-%m-%dT%H:%M:%S%Z)
+          directory="/tmp/dts-test-ci-${timestamp}"
+          mkdir $directory
+          echo "directory=$directory" >> "$GITHUB_OUTPUT"
+      - name: Run tests
+        shell: bash
+        env:
+          LOG_DIR: ${{ steps.log_dirs.outputs.directory }}
+        run: |
+          cd open-source-firmware-validation
+          source venv/bin/activate
+          # This file is already present on dts-builder.
+          # It contains credentials for DPP subscriptions.
+          # It has the following form:
+          # DPP_PASSWORD="..."
+          # <SUBSCRIPTION_TYPE>_DOWNLOADS="download key"
+          # <SUBSCRIPTION_TYPE>_LOGS="logs key"
+          # (...)
+          source ~/.secrets/dpp-keys
+          ip_addr=$(ip -o -4 addr list eno2 | awk '{print $4}' | cut -d/ -f1)
+
+          robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no \
+          -v dpp_password:$DPP_PASSWORD -v dpp_download_key:$MSI_DOWNLOAD \
+          -v dpp_logs_key:$MSI_LOGS -v netboot_utilities_support:True \
+          -v dts_ipxe_link:http://${ip_addr}:4321/dts.ipxe
+          -i "msi" dts/dts-e2e.robot 2>&1 | tee $LOG_DIR/output_msi.log | grep "| PASS |\|| FAIL |"
+
+          robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no \
+          -v dpp_password:$DPP_PASSWORD -v dpp_download_key:$MSI_HEADS_DOWNLOAD \
+          -v dpp_logs_key:$MSI_HEADS_LOGS -v netboot_utilities_support:True \
+          -v dts_ipxe_link:http://${ip_addr}:4321/dts.ipxe
+          -i "msi_heads" dts/dts-e2e.robot 2>&1 | tee $LOG_DIR/output_msi_heads.log | grep "| PASS |\|| FAIL |"
+
+          robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no \
+          -v dpp_password:$DPP_PASSWORD -v dpp_download_key:$OPTIPLEX_DOWNLOAD \
+          -v dpp_logs_key:$OPTIPLEX_LOGS -v netboot_utilities_support:True \
+          -v dts_ipxe_link:http://${ip_addr}:4321/dts.ipxe
+          -i "optiplex" dts/dts-e2e.robot 2>&1 | tee $LOG_DIR/output_optiplex.log | grep "| PASS |\|| FAIL |"
+
+          robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no \
+          -v dpp_password:$DPP_PASSWORD -v dpp_download_key:$NOVACUSTOM_HEADS_DOWNLOAD \
+          -v dpp_logs_key:$NOVACUSTOM_HEADS_LOGS -v netboot_utilities_support:True \
+          -v dts_ipxe_link:http://${ip_addr}:4321/dts.ipxe
+          -i "novacustom_heads" dts/dts-e2e.robot 2>&1 | tee $LOG_DIR/output_nc_heads.log | grep "| PASS |\|| FAIL |"
+
+          robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no \
+          -v dpp_password:$DPP_PASSWORD -v dpp_download_key:$PCENGINES_DOWNLOAD \
+          -v dpp_logs_key:$PCENGINES_LOGS -v netboot_utilities_support:True \
+          -v dts_ipxe_link:http://${ip_addr}:4321/dts.ipxe
+          -i "pcengines" dts/dts-e2e.robot 2>&1 | tee $LOG_DIR/output_pcengines.log | grep "| PASS |\|| FAIL |"
+
+          robot -L TRACE -v config:qemu -v rte_ip:127.0.0.1 -v snipeit:no \
+          -v dpp_password:$DPP_PASSWORD -v dpp_download_key:$PCENGINES_SEABIOS_DOWNLOAD \
+          -v dpp_logs_key:$PCENGINES_SEABIOS_LOGS -v netboot_utilities_support:True \
+          -v dts_ipxe_link:http://${ip_addr}:4321/dts.ipxe
+          -i "pcengines_seabios" dts/dts-e2e.robot 2>&1 | tee $LOG_DIR/output_pcengines_seabios.log | grep "| PASS |\|| FAIL |"
+      - name: Copy log
+        shell: bash
+        env:
+          LOG_DIR: ${{ steps.log_dirs.outputs.directory }}
+        run: |
+          cp open-source-firmware-validation/log.html $LOG_DIR/log.html
+  cleanup:
+    name: Cleanup
+    if: always()
+    needs: run-tests
+    runs-on:
+      labels: dts-builder
+    steps:
+      - name: Cleanup after tests
+        shell: bash
+        run: |
+          rm -rf open-source-firmware-validation meta-dts build ipxe

.github/workflows/weekly.yml

@@ -7,49 +7,9 @@ on:
 
 jobs:
   build:
-    name: Build system image without using cache
-    runs-on:
-      labels: dts-builder
-    steps:
-      - name: Prepare SSH key
-        shell: bash
-        env:
-          SSH_KEY: ${{secrets.SSH_KEY}}
-        run: |
-          echo -e ${SSH_KEY} > ~/.ssh/dts-ci-key
-          chmod 600 ~/.ssh/dts-ci-key
-      - name: Checkout meta-dts repo
-        uses: actions/checkout@v2
-        with:
-          path: "meta-dts"
-      - name: Prepare cache-less build configuration
-        shell: bash
-        run: |
-          sed -i '/cache.yml/d' meta-dts/kas.yml
-      - name: Build DTS image
-        shell: bash
-        id: build_image
-        run: |
-          for attempt in {1..5}; do
-            if kas-container build meta-dts/kas.yml; then
-              echo "Build command succeeded on attempt $attempt"
-              break
-            else
-              echo "Build command failed on attempt $attempt"
-              if [ $attempt -lt 5 ]; then
-                sleep 5
-              fi
-            fi
-          done
-        continue-on-error: true
-      - name: Report build command
-        run: |
-          if [ ${{ steps.build_image.outcome }} == 'failure' ]; then
-            echo "All build attempts failed."
-            exit 1
-          else
-            echo "At least one build attempt succeeded."
-          fi
+    uses: ./.github/workflows/build.yml
+    with:
+      cacheless: true
   deploy-cache:
     name: Deploy cache on cache.dasharo.com
     if: always()