Update README.md

.github/workflows/e2e_libvirt.yaml

@@ -7,7 +7,7 @@ name: (Callable) libvirt e2e tests
 on:
   workflow_call:
     inputs:
-      qcow2_artifact:
+      podvm_image:
         required: true
         type: string
       install_directory_artifact:
@@ -27,7 +27,7 @@ env:
 
 jobs:
   test:
-    runs-on: az-ubuntu-2204
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
         uses: actions/checkout@v3
@@ -46,10 +46,12 @@ jobs:
         with:
           go-version: ${{ env.GO_VERSION }}
 
-      - uses: actions/download-artifact@v3
-        with:
-          name: ${{ inputs.qcow2_artifact }}
-          path: podvm
+      - name: Extract qcow2 from ${{ inputs.podvm_image }}
+        run: |
+           qcow2=$(echo ${{ inputs.podvm_image }} | sed -e "s#.*/\(.*\):.*#\1.qcow2#")
+           ./hack/download-image.sh ${{ inputs.podvm_image }} . -o ${qcow2}
+           echo "PODVM_QCOW2=$(pwd)/${qcow2}" >> "$GITHUB_ENV"
+        working-directory: podvm
 
       - name: Get the install directory
         if: ${{ inputs.install_directory_artifact != '' }}
@@ -154,7 +156,7 @@ jobs:
           export TEST_PROVISION="yes"
           export TEST_TEARDOWN="no"
           export TEST_PROVISION_FILE="$PWD/libvirt.properties"
-          export TEST_PODVM_IMAGE="${PWD}/podvm/${{ inputs.qcow2_artifact }}"
+          export TEST_PODVM_IMAGE="${{ env.PODVM_QCOW2 }}"
           export TEST_E2E_TIMEOUT="50m"
 
           make test-e2e

.github/workflows/e2e_on_pull.yaml

@@ -43,43 +43,32 @@ jobs:
 
   # Build the podvm images.
   #
-  # Currently it will not build the podvm, instead it downloads the qcow2 file
-  # from the built image. The file will be archived so that downstream jobs can
-  # just download the file on their runners.
-  podvm:
-    name: podvm
+  podvm_builder:
     needs: [authorize]
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: true
-      matrix:
-        os:
-          - centos
-          - ubuntu
-        provider:
-          - generic
-        arch:
-          - amd64
-    env:
-      registry: quay.io/confidential-containers
-      podvm_image: podvm-${{ matrix.provider }}-${{ matrix.os }}-${{ matrix.arch }}
-      qcow2: podvm-${{ matrix.provider }}-${{ matrix.os }}-${{ matrix.arch }}.qcow2
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
+    uses: ./.github/workflows/podvm_builder.yaml
+    with:
+      caa_src_ref: ${{ github.event.pull_request.head.sha }}
+      registry: ghcr.io/${{ github.repository_owner }}
+    secrets: inherit
 
-      - name: Extract the podvm qcow2
-        run: ./hack/download-image.sh ${{ env.registry }}/${{ env.podvm_image }} . -o ${{ env.qcow2 }}
-        working-directory: podvm
+  podvm_binaries:
+    needs: [podvm_builder]
+    uses: ./.github/workflows/podvm_binaries.yaml
+    with:
+      caa_src_ref: ${{ github.event.pull_request.head.sha }}
+      registry: ghcr.io/${{ github.repository_owner }}
+      builder_img_tag: ci-pr${{ github.event.number }}
+    secrets: inherit
 
-      - uses: actions/upload-artifact@v3
-        with:
-          name: ${{ env.qcow2 }}
-          path: podvm/${{ env.qcow2 }}
-          retention-days: 1
+  podvm:
+    needs: [podvm_binaries]
+    uses: ./.github/workflows/podvm.yaml
+    with:
+      caa_src_ref: ${{ github.event.pull_request.head.sha }}
+      registry: ghcr.io/${{ github.repository_owner }}
+      binaries_img_tag: ci-pr${{ github.event.number }}
+      builder_img_tag: ci-pr${{ github.event.number }}
+    secrets: inherit
 
   # Build and push the cloud-api-adaptor image
   #
@@ -175,6 +164,6 @@ jobs:
           - amd64
     uses: ./.github/workflows/e2e_libvirt.yaml
     with:
-      qcow2_artifact: podvm-${{ matrix.provider }}-${{ matrix.os }}-${{ matrix.arch }}.qcow2
+      podvm_image: ghcr.io/${{ github.repository_owner }}/podvm-${{ matrix.provider }}-${{ matrix.os }}-${{ matrix.arch }}:ci-pr${{ github.event.number  }}
       install_directory_artifact: install_directory
       git_ref: ${{ github.event.pull_request.head.sha }}

.github/workflows/podvm.yaml

@@ -2,6 +2,18 @@ name: Create Pod VM Image
 on:
   workflow_call:
     inputs:
+      builder_img_tag:
+        default: 'latest'
+        required: false
+        type: string
+      binaries_img_tag:
+        default: 'latest'
+        required: false
+        type: string
+      caa_src_ref:
+        default: ''
+        required: false
+        type: string
       registry:
         default: 'quay.io/confidential-containers'
         required: false
@@ -32,6 +44,19 @@ jobs:
     steps:
     - name: Checkout Code
       uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+        ref: ${{ inputs.caa_src_ref }}
+
+    - name: Read properties from versions.yaml
+      run: |
+        # There reference to CAA sources will honored if passed to this
+        # workflow via inputs.
+        caa_src_ref="${{ inputs.caa_src_ref }}"
+        [ -n "$caa_src_ref" ] || \
+          caa_src_ref="$(yq '.git.cloud-api-adaptor.reference' versions.yaml)"
+        [ -n "$caa_src_ref" ]
+        echo "CAA_SRC_REF=${caa_src_ref}" >> $GITHUB_ENV
 
     #- name: Set up QEMU
     #  uses: docker/setup-qemu-action@v2
@@ -84,4 +109,6 @@ jobs:
           "ARCH=${{ matrix.arch }}"
           "UBUNTU_IMAGE_URL="
           "UBUNTU_IMAGE_CHECKSUM="
-          "BINARIES_IMG=${{ inputs.registry }}/podvm-binaries-${{ matrix.os }}-${{ matrix.arch }}"
+          "BINARIES_IMG=${{ inputs.registry }}/podvm-binaries-${{ matrix.os }}-${{ matrix.arch }}:${{ inputs.binaries_img_tag }}"
+          "BUILDER_IMG=${{ inputs.registry }}/podvm-builder-${{ matrix.os }}:${{ inputs.builder_img_tag }}"
+          "CAA_SRC_REF=${{ env.CAA_SRC_REF }}"

.github/workflows/podvm_binaries.yaml

@@ -2,6 +2,14 @@ name: Create Pod VM Binaries Image
 on:
   workflow_call:
     inputs:
+      builder_img_tag:
+        default: 'latest'
+        required: false
+        type: string
+      caa_src_ref:
+        default: ''
+        required: false
+        type: string
       registry:
         default: 'quay.io/confidential-containers'
         required: false
@@ -27,6 +35,19 @@ jobs:
     steps:
     - name: Checkout Code
       uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+        ref: ${{ inputs.caa_src_ref }}
+
+    - name: Read properties from versions.yaml
+      run: |
+        # There reference to CAA sources will honored if passed to this
+        # workflow via inputs.
+        caa_src_ref="${{ inputs.caa_src_ref }}"
+        [ -n "$caa_src_ref" ] || \
+          caa_src_ref="$(yq '.git.cloud-api-adaptor.reference' versions.yaml)"
+        [ -n "$caa_src_ref" ]
+        echo "CAA_SRC_REF=${caa_src_ref}" >> $GITHUB_ENV
 
     #- name: Set up QEMU
     #  uses: docker/setup-qemu-action@v2
@@ -83,5 +104,7 @@ jobs:
           podvm/${{ matrix.dockerfile }}
         build-args: |
           "ARCH=${{ matrix.arch }}"
+          "BUILDER_IMG=${{ inputs.registry }}/podvm-builder-${{ matrix.os }}:${{ inputs.builder_img_tag }}"
+          "CAA_SRC_REF=${{ env.CAA_SRC_REF }}"
           "UBUNTU_IMAGE_URL="
           "UBUNTU_IMAGE_CHECKSUM="

.github/workflows/podvm_builder.yaml

@@ -2,6 +2,10 @@ name: Create Pod VM Builder Image
 on:
   workflow_call:
     inputs:
+      caa_src_ref:
+        default: ''
+        required: false
+        type: string
       registry:
         default: 'quay.io/confidential-containers'
         required: false
@@ -28,6 +32,9 @@ jobs:
     steps:
     - name: Checkout Code
       uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+        ref: ${{ inputs.caa_src_ref }}
 
     - name: Read properties from versions.yaml
       run: |
@@ -47,7 +54,11 @@ jobs:
         [ -n "$caa_src" ]
         echo "CAA_SRC=${caa_src}" >> $GITHUB_ENV
 
-        caa_src_ref="$(yq '.git.cloud-api-adaptor.reference' versions.yaml)"
+        # There reference to CAA sources will honored if passed to this
+        # workflow via inputs.
+        caa_src_ref="${{ inputs.caa_src_ref }}"
+        [ -n "$caa_src_ref" ] || \
+          caa_src_ref="$(yq '.git.cloud-api-adaptor.reference' versions.yaml)"
         [ -n "$caa_src_ref" ]
         echo "CAA_SRC_REF=${caa_src_ref}" >> $GITHUB_ENV
 

.github/workflows/podvm_on_pull.yaml

@@ -0,0 +1,30 @@
+name: podvm_on_pull
+on:
+  workflow_dispatch:
+
+jobs:
+  podvm_builder:
+    uses: ./.github/workflows/podvm_builder.yaml
+    with:
+      #caa_src_ref: ${{ github.sha }}
+      caa_src_ref: ${{ github.ref }}
+      registry: ghcr.io/${{ github.repository_owner }}
+    secrets: inherit
+  podvm_binaries:
+    needs: [podvm_builder]
+    uses: ./.github/workflows/podvm_binaries.yaml
+    with:
+      #caa_src_ref: ${{ github.sha }}
+      caa_src_ref: ${{ github.ref }}
+      registry: ghcr.io/${{ github.repository_owner }}
+      builder_img_tag: ci-pr${{ github.event.number }}
+    secrets: inherit
+  podvm:
+    needs: [podvm_binaries]
+    uses: ./.github/workflows/podvm.yaml
+    with:
+      #caa_src_ref: ${{ github.sha }}
+      caa_src_ref: ${{ github.ref }}
+      registry: ghcr.io/${{ github.repository_owner }}
+      binaries_img_tag: ci-pr${{ github.event.number }}
+    secrets: inherit

README.md

@@ -7,7 +7,7 @@ virtualization support.
 ## Goals
 
 * Accept requests from Kata shim to create/delete Kata VM instances without requiring nested virtualization support.
-* Manage VM instances in the cloud to run pods using cloud (virtualization) provider APIs
+* Manage VM instances in the cloud to run pods using cloud (virtualizajlktion) provider APIs
 * Forward communication between kata shim on a worker node VM and kata agent on a pod VM
 * Provide a mechanism to establish a network tunnel between a worker and pod VMs to Kubernetes pod network
 

podvm/Dockerfile.podvm

@@ -35,7 +35,7 @@ RUN if [ -n "${CAA_SRC}" ]; then \
     if [ -n "${CAA_SRC_REF}" ]; then \
       cd cloud-api-adaptor && \
       git fetch origin ${CAA_SRC_REF} && \
-      git checkout FETCH_HEAD -b ${CAA_SRC_REF} ;\
+      git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\
     fi
 # Installs add-ons for foreign target, if required
 RUN ./cloud-api-adaptor/podvm/hack/cross-build-extras.sh

podvm/Dockerfile.podvm.centos

@@ -33,7 +33,7 @@ RUN if [ -n "${CAA_SRC}" ]; then \
      if [ -n "${CAA_SRC_REF}" ]; then \
        cd cloud-api-adaptor && \
        git fetch origin ${CAA_SRC_REF} && \
-       git checkout FETCH_HEAD -b ${CAA_SRC_REF} ;\
+       git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\
      fi
 
 # Defaults to CentOS 8-stream x86_64 image. These variables can be overriden as needed

podvm/Dockerfile.podvm.rhel

@@ -31,7 +31,7 @@ RUN if [ -n "${CAA_SRC}" ]; then \
      if [ -n "${CAA_SRC_REF}" ]; then \
        cd cloud-api-adaptor && \
        git fetch origin ${CAA_SRC_REF} && \
-       git checkout FETCH_HEAD -b ${CAA_SRC_REF} ;\
+       git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\
      fi
 
 ARG IMAGE_URL="/tmp/rhel.qcow2"

podvm/Dockerfile.podvm_binaries

@@ -32,7 +32,7 @@ RUN if [ -n "${CAA_SRC}" ]; then \
     if [ -n "${CAA_SRC_REF}" ]; then \
       cd cloud-api-adaptor && \
       git fetch origin ${CAA_SRC_REF} && \
-      git checkout FETCH_HEAD -b ${CAA_SRC_REF} ;\
+      git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\
     fi
 # Installs add-ons for foreign target, if required
 RUN ./cloud-api-adaptor/podvm/hack/cross-build-extras.sh

podvm/Dockerfile.podvm_binaries.centos

@@ -32,7 +32,7 @@ RUN if [ -n "${CAA_SRC}" ]; then \
     if [ -n "${CAA_SRC_REF}" ]; then \
       cd cloud-api-adaptor && \
       git fetch origin ${CAA_SRC_REF} && \
-      git checkout FETCH_HEAD -b ${CAA_SRC_REF} ;\
+      git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\
     fi
 
 RUN cd cloud-api-adaptor/podvm && \

podvm/Dockerfile.podvm_binaries.rhel

@@ -32,7 +32,7 @@ RUN if [ -n "${CAA_SRC}" ]; then \
     if [ -n "${CAA_SRC_REF}" ]; then \
       cd cloud-api-adaptor && \
       git fetch origin ${CAA_SRC_REF} && \
-      git checkout FETCH_HEAD -b ${CAA_SRC_REF} ;\
+      git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\
     fi
 
 RUN cd cloud-api-adaptor/podvm && \

podvm/Dockerfile.podvm_builder

@@ -63,7 +63,15 @@ RUN echo $CAA_SRC
 
 RUN echo $CAA_SRC_REF
 
-RUN git clone ${CAA_SRC} -b ${CAA_SRC_REF} cloud-api-adaptor
+RUN if [ -n "${CAA_SRC}" ]; then \
+      rm -rf cloud-api-adaptor && \
+      git clone ${CAA_SRC} cloud-api-adaptor;\
+    fi && \
+    if [ -n "${CAA_SRC_REF}" ]; then \
+      cd cloud-api-adaptor && \
+      git fetch origin ${CAA_SRC_REF} && \
+      git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\
+    fi
 RUN git clone ${KATA_SRC} kata-containers
 RUN cd kata-containers && git checkout ${KATA_SRC_BRANCH}
 

podvm/Dockerfile.podvm_builder.centos

@@ -64,7 +64,15 @@ RUN echo $CAA_SRC
 
 RUN echo $CAA_SRC_REF
 
-RUN git clone ${CAA_SRC} -b ${CAA_SRC_REF} cloud-api-adaptor
+RUN if [ -n "${CAA_SRC}" ]; then \
+      rm -rf cloud-api-adaptor && \
+      git clone ${CAA_SRC} cloud-api-adaptor;\
+    fi && \
+    if [ -n "${CAA_SRC_REF}" ]; then \
+      cd cloud-api-adaptor && \
+      git fetch origin ${CAA_SRC_REF} && \
+      git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\
+    fi
 RUN git clone ${KATA_SRC} kata-containers
 RUN cd kata-containers && git checkout ${KATA_SRC_BRANCH}
 

podvm/Dockerfile.podvm_builder.rhel

@@ -60,7 +60,15 @@ RUN echo $CAA_SRC
 
 RUN echo $CAA_SRC_REF
 
-RUN git clone ${CAA_SRC} -b ${CAA_SRC_REF} cloud-api-adaptor
+RUN if [ -n "${CAA_SRC}" ]; then \
+      rm -rf cloud-api-adaptor && \
+      git clone ${CAA_SRC} cloud-api-adaptor;\
+    fi && \
+    if [ -n "${CAA_SRC_REF}" ]; then \
+      cd cloud-api-adaptor && \
+      git fetch origin ${CAA_SRC_REF} && \
+      git checkout FETCH_HEAD -B ${CAA_SRC_REF} ;\
+    fi
 RUN git clone ${KATA_SRC} kata-containers
 RUN cd kata-containers && git checkout ${KATA_SRC_BRANCH}