diff options
| author | Thomas Powell <powell@progress.com> | 2023-04-11 14:16:28 -0400 |
|---|---|---|
| committer | Thomas Powell <powell@progress.com> | 2023-04-11 14:16:28 -0400 |
| commit | e94a10435ae189ec9f6a661a8f885c3ea8749e6f (patch) | |
| tree | 33f36075ec668ef639dc65aab2d8acf1cabd8c3e | |
| parent | e7f02cf7ee339ebc0ac098e696a056ff6e0f6448 (diff) | |
| download | chef-e94a10435ae189ec9f6a661a8f885c3ea8749e6f.tar.gz | |
Chef 17 Foundation changes?
Signed-off-by: Thomas Powell <powell@progress.com>
22 files changed, 1164 insertions, 431 deletions
diff --git a/.buildkite-platform.json b/.buildkite-platform.json new file mode 100644 index 0000000000..10659e697e --- /dev/null +++ b/.buildkite-platform.json @@ -0,0 +1,4 @@ +{ + "chef_foundation": "2.0.0", + "omnibus_toolchain": "3.0.0" +} diff --git a/.buildkite/build-test-omnibus.sh b/.buildkite/build-test-omnibus.sh new file mode 100644 index 0000000000..5fd14bf2cf --- /dev/null +++ b/.buildkite/build-test-omnibus.sh @@ -0,0 +1,333 @@ +set -e pipefail + +if [[ -z "${BUILDKITE_BUILD_CREATOR_TEAMS:-}" ]] +then + echo "- block: Build & Test Omnibus Packages" + echo " prompt: Continue to run omnibus package build and tests for applicable platforms?" +else + echo "- wait: ~" +fi + +FILTER="${OMNIBUS_FILTER:=*}" + +# array of all container platforms in the format test-platform:build-platform +container_platforms=("amazon-2:centos-7" "amazon-2-arm:amazon-2-arm" "centos-6:centos-6" "centos-7:centos-7" "centos-7-arm:centos-7-arm" "centos-8:centos-8" "centos-8-arm:centos-8-arm" "sles-15-arm:sles-15-arm" "rhel-9:rhel-9" "rhel-9-arm:rhel-9-arm" "debian-9:debian-9" "debian-10:debian-9" "debian-11:debian-9" "ubuntu-1604:ubuntu-1604" "ubuntu-1804:ubuntu-1604" "ubuntu-2004:ubuntu-1604" "ubuntu-2204:ubuntu-1604" "ubuntu-1804-arm:ubuntu-1804-arm" "ubuntu-2004-arm:ubuntu-2004-arm" "ubuntu-2204-arm:ubuntu-2204-arm" "sles-15:sles-15" "windows-2019:windows-2019") + +# add rest of windows platforms to tests, if not on chef-oss org +if [ $BUILDKITE_ORGANIZATION_SLUG != "chef-oss" ] +then + container_platforms=( "${container_platforms[@]}" "windows-2012:windows-2019" "windows-2012r2:windows-2019" "windows-2016:windows-2019" "windows-2022:windows-2019" "windows-10:windows-2019" "windows-11:windows-2019" ) +fi + +# array of all esoteric platforms in the format test-platform:build-platform +esoteric_platforms=("el-7-ppc64:el-7-ppc64" "el-7-ppc64le:el-7-ppc64le" "el-7-s390x:el-7-s390x" "el-8-s390x:el-7-s390x" "freebsd-12-amd64:freebsd-12-amd64" "freebsd-13-amd64:freebsd-12-amd64" "mac_os_x-10.15-x86_64:mac_os_x-10.15-x86_64" "mac_os_x-11-x86_64:mac_os_x-10.15-x86_64" "mac_os_x-12-x86_64:mac_os_x-10.15-x86_64" "mac_os_x-11-arm64:mac_os_x-11-arm64" "mac_os_x-12-arm64:mac_os_x-11-arm64" "solaris2-5.11-i386:solaris2-5.11-i386" "solaris2-5.11-sparc:solaris2-5.11-sparc" "sles-12-s390x:sles-12-s390x" "sles-15-s390x:sles-12-s390x") + +omnibus_build_platforms=() +omnibus_test_platforms=() + +# build build array and test array based on filter +for platform in ${container_platforms[@]}; do + case ${platform%:*} in + $FILTER) + omnibus_build_platforms[${#omnibus_build_platforms[@]}]=${platform#*:} + omnibus_test_platforms[${#omnibus_test_platforms[@]}]=$platform + ;; + esac +done + +# remove duplicates from build array +if [[ ! -z "${omnibus_build_platforms:-}" ]] +then + omnibus_build_platforms=($(printf "%s\n" "${omnibus_build_platforms[@]}" | sort -u | tr '\n' ' ')) +fi + +## add esoteric platforms in chef/chef-canary +if [ $BUILDKITE_ORGANIZATION_SLUG != "chef-oss" ] +then + esoteric_build_platforms=() + esoteric_test_platforms=() + + # build build array and test array based on filter + for platform in ${esoteric_platforms[@]}; do + case ${platform%:*} in + $FILTER) + esoteric_build_platforms[${#esoteric_build_platforms[@]}]=${platform#*:} + esoteric_test_platforms[${#esoteric_test_platforms[@]}]=$platform + ;; + esac + done + + # remove duplicates from build array + # using shell parameter expansion this checks to make sure the esoteric_build_platforms array isn't empty if OMNIBUS_FILTER is only container platforms + # prevents esoteric_build_platforms unbound variable error + if [[ ! -z "${esoteric_build_platforms:-}" ]] + then + esoteric_build_platforms=($(printf "%s\n" "${esoteric_build_platforms[@]}" | sort -u | tr '\n' ' ')) + fi +fi + +# using shell parameter expansion this checks to make sure the omnibus_build_platforms array isn't empty if OMNIBUS_FILTER is only esoteric platforms +# prevents omnibus_build_platforms unbound variable error +container_platforms=("centos-7:centos-7" "centos-7-arm:centos-7-arm") + +if [[ ! -z "${omnibus_build_platforms:-}" ]] +then + for platform in ${omnibus_build_platforms[@]}; do + if [[ $platform != *"windows"* ]]; then + if [[ $platform == *"arm"* ]]; then + echo "- label: \":hammer_and_wrench::docker::muscle: $platform\"" + else + echo "- label: \":hammer_and_wrench::docker: $platform\"" + fi + echo " retry:" + echo " automatic:" + echo " limit: 1" + echo " key: build-$platform" + echo " agents:" + if [[ $platform == *"arm"* ]]; then + echo " queue: docker-linux-arm64" + else + echo " queue: default-privileged" + fi + echo " plugins:" + echo " - docker#v3.5.0:" + if [[ $platform == *"arm"* ]]; then + echo " image: chefes/omnibus-toolchain-${platform%????}:$OMNIBUS_TOOLCHAIN_VERSION" + else + echo " image: chefes/omnibus-toolchain-$platform:$OMNIBUS_TOOLCHAIN_VERSION" + fi + echo " privileged: true" + echo " propagate-environment: true" + echo " environment:" + echo " - ARTIFACTORY_PASSWORD" + echo " - ARTIFACTORY_API_KEY" + echo " - RPM_SIGNING_KEY" + echo " - CHEF_FOUNDATION_VERSION" + echo " commands:" + echo " - ./.expeditor/scripts/omnibus_chef_build.sh" + echo " timeout_in_minutes: 60" + else + echo "- label: \":hammer_and_wrench::windows: $platform\"" + echo " retry:" + echo " automatic:" + echo " limit: 1" + echo " key: build-$platform" + echo " agents:" + echo " queue: default-$platform-privileged" + echo " plugins:" + echo " - docker#v3.5.0:" + echo " image: chefes/omnibus-toolchain-$platform:$OMNIBUS_TOOLCHAIN_VERSION" + echo " shell:" + echo " - powershell" + echo " - \"-Command\"" + echo " propagate-environment: true" + echo " environment:" + echo " - CHEF_FOUNDATION_VERSION" + echo " - BUILDKITE_AGENT_ACCESS_TOKEN" + echo " - ARTIFACTORY_PASSWORD" + echo " - ARTIFACTORY_API_KEY" + echo " - AWS_ACCESS_KEY_ID" + echo " - AWS_SECRET_ACCESS_KEY" + echo " - AWS_SESSION_TOKEN" + echo " volumes:" + echo ' - "c:\\buildkite-agent:c:\\buildkite-agent"' + echo " commands:" + echo " - ./.expeditor/scripts/omnibus_chef_build.ps1" + echo " timeout_in_minutes: 120" + fi + done +fi + +if [ $BUILDKITE_ORGANIZATION_SLUG != "chef-oss" ] && [[ ! -z "${esoteric_build_platforms:-}" ]] +then + + for platform in ${esoteric_build_platforms[@]}; do + # replace . with _ in build key + build_key=$(echo $platform | tr . _) + echo "- env:" + if [ $platform == "el-7-ppc64" ] || [ $platform == "el-7-ppc64le" ] + then + echo " OMNIBUS_FIPS_MODE: true" + else + echo " OMNIBUS_FIPS_MODE: false" + fi + echo " IGNORE_CACHE: true" + echo " key: build-$build_key" + echo " label: \":hammer_and_wrench: $platform\"" + echo " retry:" + echo " automatic:" + echo " limit: 1" + echo " timeout_in_minutes: 120" + echo " agents:" + echo " queue: omnibus-$platform" + if [[ $platform == mac_os_x* ]] + then + echo " omnibus: builder" + echo " omnibus-toolchain: \"*\"" + fi + echo " plugins:" + echo " - chef/omnibus#852c8f81fb6dd12ff3471a8d825ec20a1168c4c4:" + echo " build: chef" + echo " chef-foundation-version: $CHEF_FOUNDATION_VERSION" + echo " config: omnibus/omnibus.rb" + echo " install-dir: \"/opt/chef\"" + if [ $build_key == "mac_os_x-10_15-x86_64" ] + then + echo " remote-host: buildkite-omnibus-$platform" + fi + echo " omnibus-pipeline-definition-path: \".expeditor/release.omnibus.yml\"" + if [ $build_key == "mac_os_x-11-arm64" ] + then + echo " concurrency: 1" + echo " concurrency_group: omnibus-$build_key/build/chef" + fi + done + + if [[ " ${esoteric_build_platforms[*]} " =~ "mac_os_x" ]] + then + echo "- key: notarize-macos" + echo " label: \":lock_with_ink_pen: Notarize macOS Packages\"" + echo " agents:" + echo " queue: omnibus-mac_os_x-12-x86_64" + echo " plugins:" + echo " - chef/omnibus#v0.2.83:" + echo " config: omnibus/omnibus.rb" + echo " remote-host: buildkite-omnibus-mac_os_x-12-x86_64" + echo " notarize-macos-package: chef" + echo " omnibus-pipeline-definition-path: \".expeditor/release.omnibus.yml\"" + echo " depends_on:" + for platform in ${esoteric_build_platforms[@]}; do + if [[ $platform =~ mac_os_x ]] + then + echo " - build-$(echo $platform | tr . _)" + fi + done + fi +fi + +if [ $BUILDKITE_PIPELINE_SLUG == "chef-chef-main-validate-release" ] +then + echo "- wait: ~" + echo "- key: create-build-record" + echo " label: \":artifactory: Create Build Record\"" + echo " plugins:" + echo " - chef/omnibus#v0.2.83:" + echo " create-build-record: chef" +fi + +echo "- wait: ~" + +# using shell parameter expansion this checks to make sure the omnibus_test_platforms array isn't empty if OMNIBUS_FILTER is only esoteric platforms +# prevents omnibus_test_platforms unbound variable error +if [[ ! -z "${omnibus_test_platforms:-}" ]] +then + for platform in ${omnibus_test_platforms[@]}; do + if [[ $platform != *"windows"* ]]; then + echo "- env:" + echo " OMNIBUS_BUILDER_KEY: build-${platform#*:}" + if [[ $platform == *"arm"* ]]; then + echo " label: \":mag::docker::muscle: ${platform%:*}\"" + else + echo " label: \":mag::docker: ${platform%:*}\"" + fi + echo " key: test-${platform%:*}" + echo " retry:" + echo " automatic:" + echo " limit: 1" + echo " agents:" + if [[ $platform == *"arm"* ]]; then + echo " queue: docker-linux-arm64" + else + echo " queue: default-privileged" + fi + echo " plugins:" + echo " - docker#v3.5.0:" + echo " image: chefes/omnibus-toolchain-${platform%:*}:$OMNIBUS_TOOLCHAIN_VERSION" + echo " privileged: true" + echo " propagate-environment: true" + echo " commands:" + echo " - ./.expeditor/scripts/download_built_omnibus_pkgs.sh" + echo " - omnibus/omnibus-test.sh" + echo " timeout_in_minutes: 60" + else + echo "- env:" + echo " OMNIBUS_BUILDER_KEY: build-${platform#*:}" + echo " label: \":mag::windows: ${platform%:*}\"" + echo " key: test-${platform%:*}" + echo " retry:" + echo " automatic:" + echo " limit: 1" + echo " agents:" + if [ $BUILDKITE_ORGANIZATION_SLUG == "chef-oss" ] + then + echo " queue: default-${platform%:*}-privileged" + else + echo " queue: omnibus-${platform%:*}-x86_64" + fi + echo " commands:" + echo " - ./.expeditor/scripts/download_built_omnibus_pkgs.ps1" + echo " - ./omnibus/omnibus-test.ps1" + echo " timeout_in_minutes: 120" + fi + done +fi + +# using shell parameter expansion this checks to make sure the esoteric_test_platforms array isn't empty if OMNIBUS_FILTER is only container platforms +# prevents esoteric_test_platforms unbound variable error +if [ $BUILDKITE_ORGANIZATION_SLUG != "chef-oss" ] && [[ ! -z "${esoteric_test_platforms:-}" ]] +then + + for platform in ${esoteric_test_platforms[@]}; do + build_key=$(echo ${platform#*:} | tr . _) + test_key=$(echo ${platform%:*} | tr . _) + echo "- env:" + if [ $build_key == "el-7-ppc64" ] || [ $build_key == "el-7-ppc64le" ] + then + echo " OMNIBUS_FIPS_MODE: true" + else + echo " OMNIBUS_FIPS_MODE: false" + fi + echo " OMNIBUS_BUILDER_KEY: build-${build_key}" + echo " key: test-${test_key}" + echo " label: \":mag: ${platform%:*}\"" + echo " retry:" + echo " automatic:" + echo " limit: 1" + echo " timeout_in_minutes: 90" + echo " agents:" + echo " queue: omnibus-${platform%:*}" + if [ $build_key == "mac_os_x-10_15-x86_64" ] || [ $build_key == "mac_os_x-11-arm64" ] + then + echo " omnibus: tester" + echo " omnibus-toolchain: \"*\"" + fi + echo " plugins:" + echo " - chef/omnibus#v0.2.83:" + echo " test: chef" + echo " test-path: omnibus/omnibus-test.sh" + echo " install-dir: \"/opt/chef\"" + if [[ ${platform%:*} == mac_os_x*x86_64 ]] + then + echo " remote-host: buildkite-omnibus-${platform%:*}" + fi + if [ $test_key == "mac_os_x-11-arm64" ] || [ $test_key == "mac_os_x-12-arm64" ] + then + echo " concurrency: 1" + echo " concurrency_group: omnibus-$test_key/test/chef" + fi + if [ $test_key == "freebsd-13-amd64" ] + then + echo " soft_fail: true" + fi + done +fi + +if [ $BUILDKITE_PIPELINE_SLUG == "chef-chef-main-validate-release" ] +then + echo "- wait: ~" + echo "- key: promote" + echo " label: \":artifactory: Promote to Current\"" + echo " plugins:" + echo " - chef/omnibus#v0.2.83:" + echo " promote: chef" +fi diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index 9af5d459b5..a00354fae1 100644 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -3,10 +3,31 @@ set -eu # Only execute in the verify pipeline -[[ "$BUILDKITE_PIPELINE_NAME" =~ verify$ ]] || exit 0 +[[ "$BUILDKITE_PIPELINE_NAME" =~ (verify|validate/(release|adhoc|canary)|habitat/build|habitat/test|docker/build|macos_universal_package)$ ]] docker ps || true -free -m || true + +# Get chef foundation version from the json file +CHEF_FOUNDATION_VERSION=$(cat .buildkite-platform.json | jq -r '.chef_foundation') +export CHEF_FOUNDATION_VERSION +echo "Chef Foundation Version: $CHEF_FOUNDATION_VERSION" + +OMNIBUS_TOOLCHAIN_VERSION=$(cat .buildkite-platform.json | jq -r '.omnibus_toolchain') +export OMNIBUS_TOOLCHAIN_VERSION +echo "Omnibus Toolchain Version: $OMNIBUS_TOOLCHAIN_VERSION" + +if [ $BUILDKITE_STEP_KEY == "build-windows-2019" ] && [[ "$BUILDKITE_ORGANIZATION_SLUG" =~ chef(-canary)?$ ]] +then + TOKEN=$(curl -sX PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600") + ROLE=$(curl -sH "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/iam/security-credentials/) + RESPONSE=$(curl -sH "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/iam/security-credentials/$ROLE) + AWS_ACCESS_KEY_ID=$(echo $RESPONSE | jq -r '.AccessKeyId') + export AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY=$(echo $RESPONSE | jq -r '.SecretAccessKey') + export AWS_SECRET_ACCESS_KEY + AWS_SESSION_TOKEN=$(echo $RESPONSE | jq -r '.Token') + export AWS_SESSION_TOKEN +fi # We've now seen cases where origin/main on the build hosts can get # out of date. This causes us to build components unnecessarily. @@ -36,3 +57,21 @@ if [[ "$BUILDKITE_BRANCH" != "main" ]]; then "Couldn't rebase onto main ([${main}](${github}${main})), building PR HEAD ([${pr_head}](${github}${pr_head}))." fi fi + +# Only if on chef-canary or chef org +if [[ ! "$BUILDKITE_STEP_KEY" =~ ^test.* ]] && [[ $BUILDKITE_ORGANIZATION_SLUG != "chef-oss" ]]; then + + export VAULT_ADDR="https://vault.ps.chef.co" + export VAULT_TOKEN=$(vault login -method=aws -path=aws/private-cd -token-only header_value=vault.ps.chef.co role=ci) + + if [[ ! $BUILDKITE_LABEL =~ macOS|mac_os_x ]]; then + lita_password=$(aws ssm get-parameter --name "artifactory-lita-password" --with-decryption --query Parameter.Value --output text) + export ARTIFACTORY_API_KEY=$(echo -n "lita:${lita_password}" | base64) + fi + export ARTIFACTORY_PASSWORD=$(vault kv get -field password account/static/artifactory/buildkite) + + # Only if on RPM-based Linux distros + if [[ "$BUILDKITE_LABEL" =~ rhel|sles|centos ]]; then + export RPM_SIGNING_KEY=$(vault kv get -field packages_at_chef_io account/static/packages/signing_certs) + fi +fi diff --git a/.buildkite/verify.adhoc.pipeline.sh b/.buildkite/verify.adhoc.pipeline.sh new file mode 100644 index 0000000000..c50ceffc09 --- /dev/null +++ b/.buildkite/verify.adhoc.pipeline.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +# exit immediately on failure, or if an undefined variable is used +set -eu + +echo "---" +echo "env:" +echo " BUILD_TIMESTAMP: $(date +%Y-%m-%d_%H-%M-%S)" +echo "steps:" +echo "" + +# include build and test omnibus pipeline +DIR="${BASH_SOURCE%/*}" +if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi +source "$DIR/build-test-omnibus.sh" diff --git a/.buildkite/verify.pipeline.sh b/.buildkite/verify.pipeline.sh new file mode 100644 index 0000000000..32abb1ed9d --- /dev/null +++ b/.buildkite/verify.pipeline.sh @@ -0,0 +1,179 @@ +#!/bin/bash + +# exit immediately on failure, or if an undefined variable is used +set -eu + +echo "---" +echo "env:" +echo " BUILD_TIMESTAMP: $(date +%Y-%m-%d_%H-%M-%S)" +echo "steps:" +echo "" + +test_platforms=("centos-6" "centos-7" "centos-8" "rhel-9" "debian-9" "ubuntu-1604" "sles-15") + +for platform in ${test_platforms[@]}; do + echo "- label: \"{{matrix}} $platform :ruby:\"" + echo " retry:" + echo " automatic:" + echo " limit: 1" + echo " agents:" + echo " queue: default-privileged" + echo " matrix:" + echo " - \"Unit\"" + echo " - \"Integration\"" + echo " - \"Functional\"" + echo " plugins:" + echo " - docker#v3.5.0:" + echo " image: chefes/omnibus-toolchain-${platform#*:}:$OMNIBUS_TOOLCHAIN_VERSION" + echo " privileged: true" + echo " environment:" + echo " - CHEF_FOUNDATION_VERSION" + echo " propagate-environment: true" + echo " commands:" + echo " - .expeditor/scripts/prep_and_run_tests.sh {{matrix}}" + echo " timeout_in_minutes: 60" +done + +win_test_platforms=("windows-2019:windows-2019") + +for platform in ${win_test_platforms[@]}; do + echo "- label: \"{{matrix}} ${platform#*:} :windows:\"" + echo " retry:" + echo " automatic:" + echo " limit: 1" + echo " agents:" + echo " queue: default-${platform%:*}-privileged" + echo " matrix:" + echo " - \"Unit\"" + echo " - \"Integration\"" + echo " plugins:" + echo " - docker#v3.5.0:" + echo " image: chefes/omnibus-toolchain-${platform#*:}:$OMNIBUS_TOOLCHAIN_VERSION" + echo " shell:" + echo " - powershell" + echo " - \"-Command\"" + echo " environment:" + echo " - CHEF_FOUNDATION_VERSION" + echo " propagate-environment: true" + echo " commands:" + echo " - .\.expeditor\scripts\prep_and_run_tests.ps1 {{matrix}}" + echo " timeout_in_minutes: 60" + +done + +for platform in ${win_test_platforms[@]}; do + echo "- label: \"Functional ${platform#*:} :windows:\"" + echo " retry:" + echo " automatic:" + echo " limit: 1" + echo " commands:" + echo " - .\.expeditor\scripts\prep_and_run_tests.ps1 Functional" + echo " agents:" + echo " queue: single-use-windows-2019-privileged" + echo " env:" + echo " - CHEF_FOUNDATION_VERSION" + echo " - .\.expeditor\scripts\prep_and_run_tests.ps1 {{matrix}}" + echo " timeout_in_minutes: 60" +done + +external_gems=("chef-zero" "cheffish" "chefspec" "knife-windows" "berkshelf") + +for gem in ${external_gems[@]}; do + echo "- label: \"$gem gem :ruby:\"" + echo " retry:" + echo " automatic:" + echo " limit: 1" + echo " agents:" + echo " queue: default" + echo " plugins:" + echo " - docker#v3.5.0:" + echo " image: chefes/omnibus-toolchain-ubuntu-1804:$OMNIBUS_TOOLCHAIN_VERSION" + echo " environment:" + echo " - CHEF_FOUNDATION_VERSION" + if [ $gem == "chef-zero" ] + then + echo " - PEDANT_OPTS=--skip-oc_id" + echo " - CHEF_FS=true" + fi + echo " propagate-environment: true" + # echo " - chef/cache#v1.5.0:" + # echo " s3_bucket: core-buildkite-cache-chef-oss-prod" + # echo " cached_folders:" + # echo " - vendor" + echo " timeout_in_minutes: 60" + echo " commands:" + echo " - .expeditor/scripts/bk_container_prep.sh" + if [ $gem == "berkshelf" ] + then + echo " - export PATH=\"/opt/chef/bin:/usr/local/sbin:/usr/sbin:/sbin:${PATH}\"" + echo " - apt-get update -y" + # cspell:disable-next-line + echo " - apt-get install -y graphviz" + echo " - bundle config set --local without omnibus_package" + else + echo " - export PATH=\"/opt/chef/bin:${PATH}\"" + echo " - bundle config set --local without omnibus_package" + echo " - bundle config set --local path 'vendor/bundle'" + fi + echo " - bundle install --jobs=3 --retry=3" + case $gem in + "chef-zero") + echo " - bundle exec tasks/bin/run_external_test chef/chef-zero main rake pedant" + ;; + "cheffish") + echo " - bundle exec tasks/bin/run_external_test chef/cheffish main rake spec" + ;; + "chefspec") + echo " - bundle exec tasks/bin/run_external_test chefspec/chefspec main rake" + ;; + "knife-windows") + echo " - bundle exec tasks/bin/run_external_test chef/knife-windows main rake spec" + ;; + "berkshelf") + echo " - bundle exec tasks/bin/run_external_test chef/berkshelf main rake" + ;; + *) + echo -e "\n Gem $gem is not valid\n" >&2 + exit 1 + ;; + esac +done + +habitat_plans=("linux" "linux-kernel2" "windows") + +for plan in ${habitat_plans[@]}; do + echo "- label: \":habicat: $plan plan\"" + echo " retry:" + echo " automatic:" + echo " limit: 1" + echo " agents:" + if [ $plan == "windows" ] + then + echo " queue: single-use-windows-2019-privileged" + else + echo " queue: single-use-privileged" + fi + # echo " plugins:" + # echo " - chef/cache#v1.5.0:" + # echo " s3_bucket: core-buildkite-cache-chef-oss-prod" + # echo " cached_folders:" + # echo " - vendor" + echo " timeout_in_minutes: 60" + echo " commands:" + if [ $plan == "windows" ] + then + echo " - ./.expeditor/scripts/verify-plan.ps1" + else + echo " - sudo ./.expeditor/scripts/install-hab.sh 'x86_64-$plan'" + echo " - sudo ./.expeditor/scripts/verify-plan.sh" + fi +done + +#include build and test omnibus pipeline +if [[ $BUILDKITE_ORGANIZATION_SLUG != "chef-oss" ]]; then + DIR="${BASH_SOURCE%/*}" + if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi + source "$DIR/build-test-omnibus.sh" +else + echo "--- Finished with chef-oss" +fi diff --git a/.expeditor/config.yml b/.expeditor/config.yml index e46a3a1f2c..ac2ec7360e 100644 --- a/.expeditor/config.yml +++ b/.expeditor/config.yml @@ -16,10 +16,38 @@ rubygems: - chef-config - chef-bin - chef-utils + - knife + +# At the given time, trigger the following scheduled workloads +# https://expeditor.chef.io/docs/getting-started/subscriptions/#scheduling-workloads +schedules: + - name: nightly_build_main + description: "Run a nightly build in the Buildkite pipeline" + cronline: "0 6 * * *" pipelines: - verify: public: true + env: + - IGNORE_ARTIFACTORY_RUBY_PROXY: false # Artifactory is throwing 500's when downloading some gems. + - validate/release: + definition: .expeditor/verify.pipeline.yml + env: + - IGNORE_CACHE: true # caching causes constant build failures + - IGNORE_ARTIFACTORY_RUBY_PROXY: false + - validate/adhoc: + definition: .expeditor/verify.adhoc.pipeline.yml + env: + - ADHOC: true + - IGNORE_CACHE: true # caching causes constant build failures + - IGNORE_ARTIFACTORY_RUBY_PROXY: false # Artifactory is throwing 500's when downloading some gems. + - validate/adhoc-canary: + canary: true + definition: .expeditor/verify.adhoc.pipeline.yml + env: + - ADHOC: true + - IGNORE_CACHE: true # caching causes constant build failures + - IGNORE_ARTIFACTORY_RUBY_PROXY: false # Artifactory is throwing 500's when downloading some gems. - docker/build: definition: .expeditor/docker-build.pipeline.yml trigger: default @@ -30,16 +58,23 @@ pipelines: - omnibus/release: env: - IGNORE_CACHE: true # caching causes constant build failures + - IGNORE_ARTIFACTORY_RUBY_PROXY: false - omnibus/adhoc: definition: .expeditor/release.omnibus.yml env: - ADHOC: true + - IGNORE_CACHE: true # caching causes constant build failures + - IGNORE_ARTIFACTORY_RUBY_PROXY: false # the adhoc-canary pipeline is used to test new omnibus workers - omnibus/adhoc-canary: canary: true definition: .expeditor/adhoc-canary.omnibus.yml env: - ADHOC: true + - IGNORE_ARTIFACTORY_RUBY_PROXY: false + - macos_universal_package: + description: Builds universal macos package using arch specific packages + definition: .expeditor/macos_universal_package.pipeline.yml github: # This deletes the GitHub PR branch after successfully merged into the release branch @@ -72,6 +107,7 @@ subscriptions: - workload: artifact_published:unstable:chef:{{version_constraint}} actions: - trigger_pipeline:docker/build + - trigger_pipeline:macos_universal_package - workload: artifact_published:current:chef:{{version_constraint}} actions: - bash:.expeditor/promote-docker-images.sh @@ -107,7 +143,12 @@ subscriptions: - "Expeditor: Skip Habitat" - "Expeditor: Skip All" only_if: built_in:bump_version - - trigger_pipeline:omnibus/release: + # - trigger_pipeline:omnibus/release: + # ignore_labels: + # - "Expeditor: Skip Omnibus" + # - "Expeditor: Skip All" + # only_if: built_in:bump_version + - trigger_pipeline:validate/release: ignore_labels: - "Expeditor: Skip Omnibus" - "Expeditor: Skip All" @@ -120,6 +161,9 @@ subscriptions: - trigger_pipeline:habitat/test # subscriptions to Ruby gem dependencies' releases, open PR for updates + - workload: ruby_gem_published:corefoundation-* + actions: + - bash:.expeditor/update_dep.sh - workload: ruby_gem_published:mixlib-archive-* actions: - bash:.expeditor/update_dep.sh @@ -222,7 +266,7 @@ subscriptions: - workload: ruby_gem_published:addressable-* actions: - bash:.expeditor/update_dep.sh - - workload: ruby_gem_published:proxifier-* + - workload: ruby_gem_published:proxifier2-* actions: - bash:.expeditor/update_dep.sh - workload: ruby_gem_published:syslog-logger-* @@ -239,4 +283,21 @@ subscriptions: - bash:.expeditor/update_dep.sh - workload: ruby_gem_published:fauxhai-ng-* actions: - - bash:.expeditor/update_dep.sh
\ No newline at end of file + - bash:.expeditor/update_dep.sh + # NOTE: The branch of Ohai here needs to be updated when setting up a stable branch of chef/chef + - workload: chef/ohai:main_completed:pull_request_merged:chef/ohai:main:* + actions: + - bash:.expeditor/update_bundler_dep.sh + # NOTE: When the stable branch of chef/chef is being cut you probably want to remove this subscription + - workload: chef/chefstyle:main_completed:pull_request_merged:chef/chefstyle:main:* + actions: + - bash:.expeditor/update_bundler_dep.sh + - workload: ruby_gem_published:train-rest-* + actions: + - bash:.expeditor/update_dep.sh + - workload: ruby_gem_published:train-winrm-* + actions: + - bash:.expeditor/update_dep.sh + - workload: schedule_triggered:chef/chef:main:nightly_build_main:* + actions: + - trigger_pipeline:validate/adhoc diff --git a/.expeditor/scripts/bk_container_prep.sh b/.expeditor/scripts/bk_container_prep.sh index e065f20579..20937b7eb8 100755 --- a/.expeditor/scripts/bk_container_prep.sh +++ b/.expeditor/scripts/bk_container_prep.sh @@ -1,10 +1,11 @@ # This script gets a container ready to run our various tests in BuildKite -echo "--- Container Config..." - -source /etc/os-release -echo $PRETTY_NAME +# Install Chef Foundation +echo "--- Installing Chef Foundation" +curl -fsSL https://omnitruck.chef.io/chef/install.sh | bash -s -- -c "current" -P "chef-foundation" -v "$CHEF_FOUNDATION_VERSION" +export PATH="/opt/chef/bin:${PATH}" +echo "--- Container Config..." echo "ruby version:" ruby -v echo "bundler version:" diff --git a/.expeditor/scripts/download_built_omnibus_pkgs.ps1 b/.expeditor/scripts/download_built_omnibus_pkgs.ps1 new file mode 100644 index 0000000000..fe6db486ba --- /dev/null +++ b/.expeditor/scripts/download_built_omnibus_pkgs.ps1 @@ -0,0 +1,11 @@ +$ErrorActionPreference = "Stop" + +Write-Host "--- Installing package from BuildKite" +buildkite-agent artifact download "pkg\*.msi" . --step "${Env:OMNIBUS_BUILDER_KEY}" +$package_file = (Get-ChildItem pkg -Filter "*.msi").FullName + +Write-Output "--- Installing $package_file" +Start-Process "$package_file" /quiet -Wait + +Write-Output "--- Deleting $package_file" +Remove-Item -Force "$package_file" -ErrorAction SilentlyContinue diff --git a/.expeditor/scripts/download_built_omnibus_pkgs.sh b/.expeditor/scripts/download_built_omnibus_pkgs.sh new file mode 100644 index 0000000000..0d7ef3efaa --- /dev/null +++ b/.expeditor/scripts/download_built_omnibus_pkgs.sh @@ -0,0 +1,45 @@ +#! /bin/bash +set -eu -o pipefail + +echo "--- Installing package from BuildKite" + +if [[ $OSTYPE == "msys" ]]; then + buildkite-agent artifact download "pkg\*.msi" . --step "$OMNIBUS_BUILDER_KEY" + package_file=$(find pkg/*) +else + extensions=( deb rpm amd64.sh ) + for ext in "${extensions[@]}" + do + buildkite-agent artifact download "pkg/*.${ext}" . --step "$OMNIBUS_BUILDER_KEY" || true + done + package_file=$(find pkg/*) +fi + +if [[ -z $package_file ]]; then + buildkite-agent annotate "Failed to download packages from the $OMNIBUS_BUILDER_KEY builder." --style "warning" --context "ctx-warn" || true + exit 1 +fi + +echo "--- Installing ${package_file}" +FILE_TYPE="${package_file##*.}" +case "$FILE_TYPE" in + "rpm") + if [[ "${IGNORE_INSTALL_DEPENDENCIES:-false}" == true ]]; then + IGNORE_DEPENDS_OPTION="--nodeps" + fi + sudo rpm -Uvh ${IGNORE_DEPENDS_OPTION:-} --oldpackage --replacepkgs "$package_file" + ;; + "deb") + if [[ "${IGNORE_INSTALL_DEPENDENCIES:-false}" == true ]]; then + IGNORE_DEPENDS_OPTION="--force-depends" + fi + sudo dpkg ${IGNORE_DEPENDS_OPTION:-} -i "$package_file" + ;; + "sh" ) + sudo sh "$package_file" + ;; + *) + echo "Unknown filetype: $FILE_TYPE" + exit 1 + ;; +esac diff --git a/.expeditor/scripts/omnibus_chef_build.ps1 b/.expeditor/scripts/omnibus_chef_build.ps1 new file mode 100644 index 0000000000..dc933c8a96 --- /dev/null +++ b/.expeditor/scripts/omnibus_chef_build.ps1 @@ -0,0 +1,74 @@ +$ScriptDir = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent + +if ($env:BUILDKITE_ORGANIZATION_SLUG -eq "chef-oss" ) +{ + Write-Output "--- Generating self-signed Windows package signing certificate" + $thumb = (New-SelfSignedCertificate -Type Custom -Subject "CN=Chef Software, O=Progress, C=US" -KeyUsage DigitalSignature -FriendlyName "Chef Software Inc." -CertStoreLocation "Cert:\LocalMachine\My" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}")).Thumbprint +} +else +{ + Write-Output "--- Installing Windows package signing certificate" + $windows_certificate_json = "windows-package-signing-certificate.json" + $windows_certificate_pfx = "windows-package-signing-certificate.pfx" + + aws ssm get-parameter --name "windows-package-signing-cert" --with-decryption --region "us-west-1" --query Parameter.Value --output text | Set-Content -Path $windows_certificate_json + If ($lastexitcode -ne 0) { Throw $lastexitcode } + + $cert_passphrase = Get-Content $windows_certificate_json | ConvertFrom-Json | Select-Object -ExpandProperty cert_passphrase | ConvertTo-SecureString -asplaintext -force + Get-Content $windows_certificate_json | ConvertFrom-Json | Select-Object -ExpandProperty cert_content_base64 | Set-Content -Path $windows_certificate_pfx + Remove-Item -Force $windows_certificate_json + Import-PfxCertificate $windows_certificate_pfx -CertStoreLocation Cert:\LocalMachine\My -Password $cert_passphrase + Remove-Item -Force $windows_certificate_pfx + $thumb = "13B510D1CF1B3467856A064F1BEA12D0884D2528" +} + +Write-Output "THUMB=$thumb" + +$env:ARTIFACTORY_BASE_PATH="com/getchef" +$env:ARTIFACTORY_ENDPOINT="https://artifactory-internal.ps.chef.co/artifactory" +$env:ARTIFACTORY_USERNAME="buildkite" + +Write-Output "--- Install Chef Foundation" +. { Invoke-WebRequest -useb https://omnitruck.chef.io/chef/install.ps1 } | Invoke-Expression; install -channel "current" -project "chef-foundation" -v $CHEF_FOUNDATION_VERSION + +$env:PROJECT_NAME="chef" +$env:OMNIBUS_PIPELINE_DEFINITION_PATH="${ScriptDir}/../release.omnibus.yml" +$env:OMNIBUS_SIGNING_IDENTITY="${thumb}" +$env:HOMEDRIVE = "C:" +$env:HOMEPATH = "\Users\ContainerAdministrator" +$env:OMNIBUS_TOOLCHAIN_INSTALL_DIR = "C:\opscode\omnibus-toolchain" +$env:SSL_CERT_FILE = "${env:OMNIBUS_TOOLCHAIN_INSTALL_DIR}\embedded\ssl\certs\cacert.pem" +$env:MSYS2_INSTALL_DIR = "C:\msys64" +$env:BASH_ENV = "${env:MSYS2_INSTALL_DIR}\etc\bash.bashrc" +$env:OMNIBUS_WINDOWS_ARCH = "x64" +$env:MSYSTEM = "MINGW64" +$omnibus_toolchain_msystem = & "${env:OMNIBUS_TOOLCHAIN_INSTALL_DIR}\embedded\bin\ruby" -e "puts RUBY_PLATFORM" +If ($omnibus_toolchain_msystem -eq "x64-mingw-ucrt") { + $env:MSYSTEM = "UCRT64" +} +$original_path = $env:PATH +$env:PATH = "${env:MSYS2_INSTALL_DIR}\$env:MSYSTEM\bin;${env:MSYS2_INSTALL_DIR}\usr\bin;${env:OMNIBUS_TOOLCHAIN_INSTALL_DIR}\embedded\bin;C:\wix;C:\Program Files (x86)\Windows Kits\8.1\bin\x64;${original_path}" +Write-Output "env:PATH = $env:PATH" + +Write-Output "--- Running bundle install for Omnibus" +Set-Location "$($ScriptDir)/../../omnibus" +bundle config set --local without development +bundle install +if ( -not $? ) { throw "Running bundle install failed" } + +Write-Output "--- Building Chef" +bundle exec omnibus build chef -l internal --override append_timestamp:false +if ( -not $? ) { throw "omnibus build chef failed" } + +Write-Output "--- Uploading package to BuildKite" +C:\buildkite-agent\bin\buildkite-agent.exe artifact upload "pkg/*.msi*" + +if ($env:BUILDKITE_ORGANIZATION_SLUG -ne "chef-oss" ) +{ + Write-Output "--- Setting up Gem API Key" + $env:GEM_HOST_API_KEY = "Basic ${env:ARTIFACTORY_API_KEY}" + + Write-Output "--- Publishing package to Artifactory" + bundle exec ruby "${ScriptDir}/omnibus_chef_publish.rb" + if ( -not $? ) { throw "chef publish failed" } +} diff --git a/.expeditor/scripts/omnibus_chef_build.sh b/.expeditor/scripts/omnibus_chef_build.sh new file mode 100644 index 0000000000..6d9c7dbe16 --- /dev/null +++ b/.expeditor/scripts/omnibus_chef_build.sh @@ -0,0 +1,54 @@ +#!/bin/bash +set -ueo pipefail + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + +export ARTIFACTORY_BASE_PATH="com/getchef" +export ARTIFACTORY_ENDPOINT="https://artifactory-internal.ps.chef.co/artifactory" +export ARTIFACTORY_USERNAME="buildkite" + +export PROJECT_NAME="chef" +export PATH="/opt/omnibus-toolchain/bin:${PATH}" +export OMNIBUS_FIPS_MODE="true" +export OMNIBUS_PIPELINE_DEFINITION_PATH="${SCRIPT_DIR}/../release.omnibus.yml" + +echo "--- Installing Chef Foundation" +curl -fsSL https://omnitruck.chef.io/chef/install.sh | bash -s -- -c "current" -P "chef-foundation" -v "$CHEF_FOUNDATION_VERSION" + +if [[ -f "/opt/omnibus-toolchain/embedded/ssl/certs/cacert.pem" ]]; then + export SSL_CERT_FILE="/opt/omnibus-toolchain/embedded/ssl/certs/cacert.pem" +fi + +if [[ "$BUILDKITE_LABEL" =~ rhel|sles|centos ]] && [[ $BUILDKITE_ORGANIZATION_SLUG != "chef-oss" ]]; then + export OMNIBUS_RPM_SIGNING_PASSPHRASE='' + + echo "$RPM_SIGNING_KEY" | gpg --import + + cat <<-EOF > ~/.rpmmacros + %_signature gpg + %_gpg_name Opscode Packages +EOF +fi + +echo "--- Running bundle install for Omnibus" +cd "${SCRIPT_DIR}/../../omnibus" +bundle config set --local without development +bundle install + +echo "--- Building Chef" +bundle exec omnibus build chef -l internal --override append_timestamp:false + +echo "--- Uploading package to BuildKite" +extensions=( bff deb dmg msi p5p rpm solaris amd64.sh i386.sh ) +for ext in "${extensions[@]}" +do + buildkite-agent artifact upload "pkg/*.${ext}*" +done + +if [[ $BUILDKITE_ORGANIZATION_SLUG != "chef-oss" ]]; then + echo "--- Setting up Gem credentials" + export GEM_HOST_API_KEY="Basic ${ARTIFACTORY_API_KEY}" + + echo "--- Publishing package to Artifactory" + bundle exec ruby "${SCRIPT_DIR}/omnibus_chef_publish.rb" +fi diff --git a/.expeditor/scripts/omnibus_chef_publish.rb b/.expeditor/scripts/omnibus_chef_publish.rb new file mode 100644 index 0000000000..9413e9740d --- /dev/null +++ b/.expeditor/scripts/omnibus_chef_publish.rb @@ -0,0 +1,93 @@ +#!/usr/bin/env ruby + +require 'artifactory' +require 'fileutils' +require 'json' +require 'omnibus' +require 'tempfile' +require 'rubygems/commands/push_command' +require 'yaml' + +OMNIBUS_PACKAGE_PATTERN = '**/{pkg,notarized}/*.{bff,deb,dmg,msi,p5p,rpm,solaris,amd64.sh,i386.sh}'.freeze + +def self.env_or_empty(key) + ENV[key] || '' +end + +def self.env_or_raise(key) + ENV[key] || raise("Required ENV variable `#{key}` is unset!") +end + +project_name = env_or_raise('PROJECT_NAME') +omnibus_pipeline_definition_path = env_or_raise('OMNIBUS_PIPELINE_DEFINITION_PATH') +artifactory_endpoint = env_or_raise('ARTIFACTORY_ENDPOINT') +artifactory_base_path = env_or_raise('ARTIFACTORY_BASE_PATH') +artifactory_username = env_or_raise('ARTIFACTORY_USERNAME') +artifactory_password = env_or_raise('ARTIFACTORY_PASSWORD') + +package_glob_pattern = "./#{OMNIBUS_PACKAGE_PATTERN}" + +puts "Publishing with glob pattern of #{package_glob_pattern}" +puts '' + +if File.exist?(omnibus_pipeline_definition_path) + omnibus_pipeline_definition = YAML.safe_load(File.read(omnibus_pipeline_definition_path)) + skip_artifactory_platforms = omnibus_pipeline_definition["skip-artifactory-platforms"] || [] + builder_to_testers_map = omnibus_pipeline_definition['builder-to-testers-map'] + + skip_artifactory_platforms.each do |skip_platform| + builder_to_testers_map.each { |builder, tester| tester.reject! { |tester| File.fnmatch(skip_platform, tester) } }.reject! { |builder, tester| tester.empty? } + end +end + +Omnibus::Config.artifactory_endpoint(artifactory_endpoint) +Omnibus::Config.artifactory_base_path(artifactory_base_path) +Omnibus::Config.artifactory_username(artifactory_username) +Omnibus::Config.artifactory_password(artifactory_password) +publisher = Omnibus::ArtifactoryPublisher.new( + package_glob_pattern, + repository: 'omnibus-unstable-local', + platform_mappings: builder_to_testers_map, + build_record: false +) + +if publisher.packages.empty? + puts "Could not locate any #{project_name} artifacts to publish." + return +else + publisher.publish do |package| + puts "Published '#{package.name}' for #{package.metadata[:platform]}-#{package.metadata[:platform_version]}-#{package.metadata[:arch]}" + end + + puts <<-EOH + +DONE! \\m/ + + EOH +end + +# This publishes the chef gem to artifactory +if (project_name == "chef") && (ENV['ADHOC'] != 'true') + GEM_PACKAGE_PATTERN = '**/[^/]*\.gem'.freeze + gem_base_name = project_name + project_source = "#{Omnibus::Config.base_dir}/**/src/#{gem_base_name}" + + # This will exclude any gems in a /spec/ directory + gems_found = Dir.glob("#{project_source}/#{GEM_PACKAGE_PATTERN}") - Dir.glob("#{project_source}/**/spec/#{GEM_PACKAGE_PATTERN}") + + # Sometimes there are multiple copies of a gem on disk -- only upload one copy. + gems_to_publish = gems_found.uniq { |gem| File.basename(gem) } + + puts "Publishing Gems from #{project_source}" + puts '' + + gems_to_publish.each do |gem_path| + puts 'Publishing gem ' + gem_path + artifactory_endpoint = "#{Omnibus::Config.artifactory_endpoint}/api/gems/omnibus-gems-local" + # This mimics the behavior of the gem command line, and is a public api: + # http://docs.seattlerb.org/rubygems/Gem/Command.html + gem_pusher = Gem::Commands::PushCommand.new + gem_pusher.handle_options [gem_path, '--host', artifactory_endpoint, '--verbose'] + gem_pusher.execute + end +end diff --git a/.expeditor/scripts/prep_and_run_tests.ps1 b/.expeditor/scripts/prep_and_run_tests.ps1 new file mode 100644 index 0000000000..0c804b6794 --- /dev/null +++ b/.expeditor/scripts/prep_and_run_tests.ps1 @@ -0,0 +1,27 @@ +param( + # The test type ot be run (unit, integration or functional) + [Parameter(Position=0)][String]$TestType +) + +. { Invoke-WebRequest -useb https://omnitruck.chef.io/chef/install.ps1 } | Invoke-Expression; install -channel "current" -project "chef-foundation" -v $CHEF_FOUNDATION_VERSION +$env:Path = 'C:\Program Files\Git\mingw64\bin;C:\Program Files\Git\usr\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Git\cmd;C:\Users\ContainerAdministrator\AppData\Local\Microsoft\WindowsApps;C:\opscode\chef\bin;C:\opscode\chef\embedded\bin' + +if ($TestType -eq 'Functional') { + winrm quickconfig -q +} + +Write-Output "--- Running Chef bundle install" +bundle install --jobs=3 --retry=3 + +switch ($TestType) { + "Unit" {[string[]]$RakeTest = 'spec:unit','component_specs'; break} + "Integration" {[string[]]$RakeTest = "spec:integration"; break} + "Functional" {[string[]]$RakeTest = "spec:functional"; break} + default {throw "TestType $TestType not valid"} +} + +foreach($test in $RakeTest) { + Write-Output "--- Chef $test run" + bundle exec rake $test + if (-not $?) { throw "Chef $test tests failed" } +} diff --git a/.expeditor/scripts/prep_and_run_tests.sh b/.expeditor/scripts/prep_and_run_tests.sh new file mode 100644 index 0000000000..c3e8771797 --- /dev/null +++ b/.expeditor/scripts/prep_and_run_tests.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash + +set -euo pipefail + +if [ -z "$1" ] + then + echo "No TestType supplied" +fi + +TestType=$1 + +curl -fsSL https://omnitruck.chef.io/chef/install.sh | bash -s -- -c "current" -P "chef-foundation" -v "$CHEF_FOUNDATION_VERSION" +export PATH="/opt/chef/bin:${PATH}" + +if [ "$TestType" == "Unit" ] +then + mkdir spec/data/nodes && touch spec/data/nodes/test.rb && touch spec/data/nodes/default.rb && touch spec/data/nodes/test.example.com.rb +fi + +echo "--- Running Chef bundle install" +bundle install --jobs=3 --retry=3 + +case $TestType in + + Unit) + RakeTest=("spec:unit" "component_specs") + ;; + + Integration) + RakeTest=("spec:integration") + ;; + + Functional) + RakeTest=("spec:functional") + ;; + + *) + echo -e "\nTestType $TestType not valid\n" >&2 + exit 1 + ;; +esac + +for test in "${RakeTest[@]}" +do + echo "--- Chef $test run" + bundle exec rake "$test" +done diff --git a/.expeditor/verify.adhoc.pipeline.yml b/.expeditor/verify.adhoc.pipeline.yml new file mode 100644 index 0000000000..12f140bdb4 --- /dev/null +++ b/.expeditor/verify.adhoc.pipeline.yml @@ -0,0 +1,12 @@ +--- +expeditor: + defaults: + buildkite: + retry: + automatic: + limit: 1 + timeout_in_minutes: 60 + +steps: + - command: .buildkite/verify.adhoc.pipeline.sh | buildkite-agent pipeline upload + label: ":pipeline: Upload" diff --git a/.expeditor/verify.pipeline.yml b/.expeditor/verify.pipeline.yml index 4e9abe2b59..d73e189094 100644 --- a/.expeditor/verify.pipeline.yml +++ b/.expeditor/verify.pipeline.yml @@ -1,401 +1,12 @@ --- expeditor: - cached_folders: - - vendor defaults: buildkite: retry: automatic: limit: 1 - timeout_in_minutes: 45 + timeout_in_minutes: 60 steps: - -######################################################################### - # Tests Ruby 2.6 -######################################################################### - -- label: "chef-utils Unit :ruby: 2.6" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - cd chef-utils - - bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec - expeditor: - executor: - docker: - image: rubydistros/ubuntu-18.04:2.6 - -- label: "chef-config Unit :ruby: 2.6" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - cd chef-config - - bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec - expeditor: - executor: - docker: - image: rubydistros/ubuntu-18.04:2.6 - -######################################################################### - # Tests Ruby 3.0 -######################################################################### - -- label: "Integration Ubuntu 18.04 :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - cd /workdir; bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:integration - expeditor: - executor: - docker: - image: rubydistros/ubuntu-18.04:3.0 - privileged: true - -- label: "Functional Ubuntu 18.04 :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - apt-get update -y - - apt-get install -y cron locales libarchive-dev # needed for functional tests to pass - - cd /workdir; bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:functional - expeditor: - executor: - docker: - image: rubydistros/ubuntu-18.04:3.0 - privileged: true - -- label: "Unit Ubuntu 18.04 :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - apt-get update -y - - apt-get install -y libarchive-dev - - bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:unit - - bundle exec rake component_specs - expeditor: - executor: - docker: - image: rubydistros/ubuntu-18.04:3.0 - -- label: "Integration Ubuntu 20.04 :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - cd /workdir; bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:integration - expeditor: - executor: - docker: - image: rubydistros/ubuntu-20.04:3.0 - privileged: true - -- label: "Functional Ubuntu 20.04 :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - apt-get update -y - - apt-get install -y cron locales libarchive-dev # needed for functional tests to pass - - cd /workdir; bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:functional - expeditor: - executor: - docker: - image: rubydistros/ubuntu-20.04:3.0 - privileged: true - -- label: "Unit Ubuntu 20.04 :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - apt-get update -y - - apt-get install -y libarchive-dev - - bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:unit - - bundle exec rake component_specs - expeditor: - executor: - docker: - image: rubydistros/ubuntu-20.04:3.0 - -- label: "Integration CentOS 7 :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - cd /workdir; bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:integration - expeditor: - executor: - docker: - image: rubydistros/centos-7:3.0 - privileged: true - -- label: "Functional CentOS 7 :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - yum install -y crontabs e2fsprogs - - yum install -y libarchive-devel - - cd /workdir; bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:functional - expeditor: - executor: - docker: - image: rubydistros/centos-7:3.0 - privileged: true - -- label: "Unit CentOS 7 :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - yum install -y libarchive-devel - - bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:unit - - bundle exec rake component_specs - expeditor: - executor: - docker: - image: rubydistros/centos-7:3.0 - -- label: "Integration openSUSE 15 :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - /workdir/.expeditor/scripts/zypper_prep.sh - - zypper install -y cron insserv-compat - - cd /workdir; bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:integration - expeditor: - executor: - docker: - image: rubydistros/opensuse-15:3.0 - privileged: true - -- label: "Functional openSUSE 15 :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - /workdir/.expeditor/scripts/zypper_prep.sh - - zypper install -y cronie insserv-compat - - zypper install -y libarchive-devel - - cd /workdir; bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:functional - expeditor: - executor: - docker: - image: rubydistros/opensuse-15:3.0 - privileged: true - -- label: "Unit openSUSE 15 :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - /workdir/.expeditor/scripts/zypper_prep.sh - - zypper install -y cron insserv-compat libarchive-devel - - bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:unit - - bundle exec rake component_specs - expeditor: - executor: - docker: - image: rubydistros/opensuse-15:3.0 - -- label: "Integration Fedora :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - cd /workdir; bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:integration - expeditor: - executor: - docker: - image: rubydistros/fedora-latest:3.0 - privileged: true - -- label: "Functional Fedora :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - dnf install -y crontabs e2fsprogs - - cd /workdir; bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:functional - expeditor: - executor: - docker: - image: rubydistros/fedora-latest:3.0 - privileged: true - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - -- label: "Unit Fedora :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - dnf install -y libarchive-devel - - bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec rake spec:unit - - bundle exec rake component_specs - expeditor: - executor: - docker: - image: rubydistros/fedora-latest:3.0 - -- label: "Functional Windows :ruby: 2.7" - commands: - - .expeditor/scripts/bk_win_functional.ps1 - expeditor: - executor: - windows: - privileged: true - single-use: true - shell: ["powershell", "-Command"] - -- label: "Integration Windows :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_win_integration.ps1 - expeditor: - executor: - docker: - host_os: windows - image: rubydistros/windows-2019:3.0 - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - shell: ["powershell", "-Command"] - -- label: "Unit Windows :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_win_unit.ps1 - expeditor: - executor: - docker: - host_os: windows - image: rubydistros/windows-2019:3.0 - environment: - - FORCE_FFI_YAJL=ext - - CHEF_LICENSE=accept-no-persist - shell: ["powershell", "-Command"] - -######################################################################### - # EXTERNAL GEM TESTING -######################################################################### - -- label: "chef-zero gem :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec tasks/bin/run_external_test chef/chef-zero main rake pedant - expeditor: - executor: - docker: - image: rubydistros/ubuntu-18.04:3.0 - environment: - - PEDANT_OPTS=--skip-oc_id - - CHEF_FS=true - -- label: "cheffish gem :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec tasks/bin/run_external_test chef/cheffish main rake spec - expeditor: - executor: - docker: - image: rubydistros/ubuntu-18.04:3.0 - -- label: "chefspec gem :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec tasks/bin/run_external_test chefspec/chefspec main rake - expeditor: - executor: - docker: - image: rubydistros/ubuntu-18.04:3.0 - -- label: "knife-windows gem :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - bundle config set --local without omnibus_package - - bundle config set --local path 'vendor/bundle' - - bundle install --jobs=3 --retry=3 - - bundle exec tasks/bin/run_external_test chef/knife-windows main rake spec - expeditor: - executor: - docker: - image: rubydistros/ubuntu-18.04:3.0 - -- label: "berkshelf gem :ruby: 3.0" - commands: - - /workdir/.expeditor/scripts/bk_container_prep.sh - - apt-get update -y - - apt-get install -y graphviz - - bundle config set --local without omnibus_package - - bundle install --jobs=3 --retry=3 - - bundle exec tasks/bin/run_external_test berkshelf/berkshelf main rake - expeditor: - executor: - docker: - image: rubydistros/ubuntu-18.04:3.0 - -- label: ":habicat: Linux plan" - commands: - - sudo ./.expeditor/scripts/install-hab.sh 'x86_64-linux' - - sudo ./.expeditor/scripts/verify-plan.sh - timeout_in_minutes: 60 - expeditor: - executor: - linux: - privileged: true - single-use: true - -- label: ":habicat: Linux plan (kernel2)" - commands: - - sudo ./.expeditor/scripts/install-hab.sh 'x86_64-linux-kernel2' - - sudo ./.expeditor/scripts/verify-plan.sh - timeout_in_minutes: 60 - expeditor: - executor: - linux: - privileged: true - single-use: true - -- label: ":habicat: Windows plan" - commands: - - ./.expeditor/scripts/verify-plan.ps1 - timeout_in_minutes: 60 - expeditor: - executor: - windows: - privileged: true - single-use: true - shell: ["powershell", "-Command"] + - command: .buildkite/verify.pipeline.sh | buildkite-agent pipeline upload + label: ":pipeline: Upload" diff --git a/omnibus/config/projects/chef.rb b/omnibus/config/projects/chef.rb index dd22f4654c..13f3ec1240 100644 --- a/omnibus/config/projects/chef.rb +++ b/omnibus/config/projects/chef.rb @@ -41,34 +41,8 @@ end override :chef, version: "local_source" -# Load dynamically updated overrides -overrides_path = File.expand_path("../../../../omnibus_overrides.rb", current_file) -instance_eval(IO.read(overrides_path), overrides_path) - -dependency "preparation" - -dependency "chef" - -# -# addons which require omnibus software defns (not direct deps of chef itself - RFC-063) -# -dependency "nokogiri" # (nokogiri cannot go in the Gemfile, see wall of text in the software defn) - -# FIXME?: might make sense to move dependencies below into the omnibus-software chef -# definition or into a chef-complete definition added to omnibus-software. -dependency "gem-permissions" +dependency "chef-local-source" dependency "shebang-cleanup" -dependency "version-manifest" -dependency "openssl-customization" - -# devkit needs to come dead last these days so we do not use it to compile any gems -if windows? - override :"ruby-windows-devkit", version: "4.5.2-20111229-1559" if windows_arch_i386? - dependency "ruby-windows-devkit" - dependency "ruby-windows-devkit-bash" -end - -dependency "ruby-cleanup" # further gem cleanup other projects might not yet want to use dependency "more-ruby-cleanup" @@ -98,8 +72,8 @@ package :msi do upgrade_code msi_upgrade_code wix_candle_extension "WixUtilExtension" wix_light_extension "WixUtilExtension" - signing_identity "AF21BA8C9E50AE20DA9907B6E2D4B0CC3306CA03", machine_store: true - parameters ChefLogDllPath: windows_safe_path(gem_path("chef-[0-9]*-mingw32/ext/win32-eventlog/chef-log.dll")), + signing_identity ENV.fetch("OMNIBUS_SIGNING_IDENTITY", "13B510D1CF1B3467856A064F1BEA12D0884D2528"), machine_store: true + parameters ChefLogDllPath: windows_safe_path(gem_path("chef-[0-9]*-x64-mingw-ucrt/ext/win32-eventlog/chef-log.dll")), ProjectLocationDir: project_location_dir end diff --git a/omnibus/config/software/chef-foundation.rb b/omnibus/config/software/chef-foundation.rb new file mode 100644 index 0000000000..67bd53643d --- /dev/null +++ b/omnibus/config/software/chef-foundation.rb @@ -0,0 +1,21 @@ +name "chef-foundation" +license "Apache-2.0" +license_file "LICENSE" + +# Grab accompanying notice file. +# So that Open4/deep_merge/diff-lcs disclaimers are present in Omnibus LICENSES tree. +license_file "NOTICE" + +skip_transitive_dependency_licensing true + +if windows? + source path: "c:/opscode/chef" +else + source path: "/opt/chef" +end + +relative_path "chef-foundation" + +build do + sync "#{project_dir}", "#{install_dir}" +end diff --git a/omnibus/config/software/chef-local-source.rb b/omnibus/config/software/chef-local-source.rb new file mode 100644 index 0000000000..f4edbf791a --- /dev/null +++ b/omnibus/config/software/chef-local-source.rb @@ -0,0 +1,127 @@ +# +# Copyright:: Copyright (c) Chef Software Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# expeditor/ignore: no version pinning + +name "chef" +default_version "main" + +license "Apache-2.0" +license_file "LICENSE" + +# Grab accompanying notice file. +# So that Open4/deep_merge/diff-lcs disclaimers are present in Omnibus LICENSES tree. +license_file "NOTICE" + +skip_transitive_dependency_licensing false + +# For the specific super-special version "local_source", build the source from +# the local git checkout. This is what you'd want to occur by default if you +# just ran omnibus build locally. +version("local_source") do + source path: "#{project.files_path}/../..", + # Since we are using the local repo, we try to not copy any files + # that are generated in the process of bundle installing omnibus. + # If the install steps are well-behaved, this should not matter + # since we only perform bundle and gem installs from the + # omnibus cache source directory, but we do this regardless + # to maintain consistency between what a local build sees and + # what a github based build will see. + options: { exclude: [ "omnibus/vendor" ] } +end + +# For any version other than "local_source", fetch from github. +# This is the behavior the transitive omnibus software deps such as chef-dk +# expect. +if version != "local_source" + source git: "https://github.com/chef/chef.git" +end + +# In order to pass notarization we need to sign any binaries and libraries included in the package. +# This makes sure we include and bins and libs that are brought in by gems. +ruby_version = "3.1.2" +ruby_version = ruby_version.split(".")[0..1].join(".") +ruby_mmv = "#{ruby_version}.0" +ruby_dir = "#{install_dir}/embedded/lib/ruby/#{ruby_mmv}" +gem_dir = "#{install_dir}/embedded/lib/ruby/gems/#{ruby_mmv}" +bin_dirs bin_dirs.concat ["#{gem_dir}/gems/*/bin/**"] +lib_dirs ["#{ruby_dir}/**", "#{gem_dir}/extensions/**", "#{gem_dir}/bundler/gems/extensions/**", "#{gem_dir}/bundler/gems/*", "#{gem_dir}/bundler/gems/*/lib/**", "#{gem_dir}/gems/*", "#{gem_dir}/gems/*/lib/**", "#{gem_dir}/gems/*/ext/**"] + +dependency "chef-foundation" + +relative_path "chef" + +build do + env = with_standard_compiler_flags(with_embedded_path) + + # The --without groups here MUST match groups in https://github.com/chef/chef/blob/main/Gemfile + excluded_groups = %w{docgen chefstyle} + excluded_groups << "ruby_prof" if aix? + excluded_groups << "ruby_shadow" if aix? + excluded_groups << "ed25519" if solaris2? + + # these are gems which are not shipped but which must be installed in the testers + bundle_excludes = excluded_groups + %w{development test} + + bundle "install --without #{bundle_excludes.join(" ")}", env: env + + ruby "post-bundle-install.rb", env: env + + # use the rake install task to build/install chef-config/chef-utils + command "rake install:local", env: env + + gemspec_name = if windows? + # Chef18 is built with ruby3.1 so platform name is changed. + RUBY_PLATFORM == "x64-mingw-ucrt" ? "chef-universal-mingw-ucrt.gemspec" : "chef-universal-mingw32.gemspec" + else + "chef.gemspec" + end + + # This step will build native components as needed - the event log dll is + # generated as part of this step. This is why we need devkit. + gem "build #{gemspec_name}", env: env + + # ensure we put the gems in the right place to get picked up by the publish scripts + delete "pkg" + mkdir "pkg" + copy "chef*.gem", "pkg" + + # Always deploy the powershell modules in the correct place. + if windows? + mkdir "#{install_dir}/modules/chef" + copy "distro/templates/powershell/chef/*", "#{install_dir}/modules/chef" + end + + block do + # cspell:disable-next-line + appbundle "chef", lockdir: project_dir, gem: "inspec-core-bin", without: excluded_groups, env: env + # cspell:disable-next-line + appbundle "chef", lockdir: project_dir, gem: "chef-bin", without: excluded_groups, env: env + # cspell:disable-next-line + appbundle "chef", lockdir: project_dir, gem: "chef", without: excluded_groups, env: env + # cspell:disable-next-line + appbundle "chef", lockdir: project_dir, gem: "ohai", without: excluded_groups, env: env + end + + # The rubyzip gem ships with some test fixture data compressed in a format Apple's notarization service + # cannot understand. We need to delete that archive to pass notarization. + block "Delete test folder of rubyzip gem so downstream projects pass notarization" do + env["VISUAL"] = "echo" + %w{rubyzip}.each do |gem| + gem_install_dir = shellout!("#{install_dir}/embedded/bin/gem open #{gem}", env: env).stdout.chomp + remove_directory "#{gem_install_dir}/test" + end + end +end diff --git a/omnibus/omnibus-test.sh b/omnibus/omnibus-test.sh index 47b21ae431..47b21ae431 100644..100755 --- a/omnibus/omnibus-test.sh +++ b/omnibus/omnibus-test.sh diff --git a/omnibus/omnibus.rb b/omnibus/omnibus.rb index 99817f7caf..b29aea5a70 100644 --- a/omnibus/omnibus.rb +++ b/omnibus/omnibus.rb @@ -35,7 +35,7 @@ use_git_caching true # Enable S3 asset caching # ------------------------------ -use_s3_caching true +use_s3_caching ENV.fetch("OMNIBUS_USE_S3_CACHING", false) s3_access_key ENV["AWS_ACCESS_KEY_ID"] s3_secret_key ENV["AWS_SECRET_ACCESS_KEY"] s3_bucket "opscode-omnibus-cache" diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 2aa3b2a1cd..78bc0e361e 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -138,12 +138,17 @@ RSpec.configure do |config| config.filter_run_excluding skip_buildkite: true if ENV["BUILDKITE"] + config.filter_run_excluding fips_mode: !fips_mode_build? + # Skip fips on windows + # config.filter_run_excluding :fips_mode if windows? + config.filter_run_excluding windows_only: true unless windows? config.filter_run_excluding not_supported_on_windows: true if windows? config.filter_run_excluding not_supported_on_macos: true if macos? config.filter_run_excluding macos_only: true unless macos? config.filter_run_excluding not_macos_gte_11: true if macos_gte_11? config.filter_run_excluding not_supported_on_aix: true if aix? + config.filter_run_excluding not_supported_on_freebsd_gte_12_3: true if freebsd_gte_12_3? config.filter_run_excluding not_supported_on_solaris: true if solaris? config.filter_run_excluding not_supported_on_gce: true if gce? config.filter_run_excluding win2012r2_only: true unless windows_2012r2? |