chore: update gha in main

[gatici]

1. Trigger main workflow on:
   • Pull requests targeting the main branch.
   • Push operations to the main branch or to any tags that match the pattern v.
2. Run staticcheck, linting, license-check, fossa scan and unit tests
3. If unit-tests, lint, and staticcheck jobs passes, runs E2E tests.
4. E2E tests, builds and pushes a Docker image for testing in a dummy repository, thenexecutes tests, and cleans up the Docker image afterward.
   Important: We used a dummy docker repository here because a pull request can not access project secrets before merge.
   Now, docker token is exposed which shouldn't. We need to find to a way to handle it in better way.
5. if E2E tests passes, based on changes in the VERSION file, new releases are tagged.
6. A new Docker image is pushed for tagged releases to the specified Docker registry (docker.io).
7. Automatically increments the version after a change and creates a pull request to update the VERSION file.

[gatici]

Failing with this error.

sudo /var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml wait deployment -n kube-system --for=condition=available --all --timeout=300s
error: no matching resources found
make[1]: *** [Makefile:261: /home/runner/aether-in-a-box//build/milestones/k8s-ready] Error 1
make[1]: Leaving directory '/home/runner/aether-in-a-box'
make: *** [Makefile:117: run-aiab] Error 2
Error: Process completed with exit code

[gab-arrobo]

@gatici,
FYI, I think you can use this GHA: https://github.com/marketplace/actions/kind-cluster instead

[gab-arrobo]

Please check whether the issue with the CRDs (e2e GHA) is due to the registries I removed in this commit: gab-arrobo/aether-in-a-box@22a1595

[ghislainbourgeois]

Shouldn't this use the shared workflow files? For testing, I think we can target the branch directly.

[gatici]

Shouldn't this use the shared workflow files? For testing, I think we can target the branch directly.

This PR is only for testing and never will be merged.

[gab-arrobo]

@gatici @ghislainbourgeois, I think we can avoid using the DockerHub credentials by using a local registry with the help of this GitHub Action (https://docs.docker.com/build/ci/github-actions/local-registry/). What do you think? The only thing is that I am pretty certain current Helm Charts do not support different registry per NF's image. That is, all images should come from the same registry. However, this is something we can properly address in the Sdcore Hel Charts

[gatici]

@gatici @ghislainbourgeois, I think we can avoid using the DockerHub credentials by using a local registry with the help of this GitHub Action (https://docs.docker.com/build/ci/github-actions/local-registry/). What do you think? The only thing is that I am pretty certain current Helm Charts do not support different registry per NF's image. That is, all images should come from the same registry. However, this is something we can properly address in the Sdcore Hel Charts

Hello @gab-arrobo ,
I updated E2E tests section to use charmed-kubernetes using relevant Github action. Helm chart is deployed successfully. At the moment, UPF pod stuck in init status. Other pods become active.
I guess the following line is the reason of the problem.
https://github.com/omec-project/sdcore-helm-charts/blob/4bf08f220245f3d8384126a96b5c2ccec4f8003b/bess-upf/templates/statefulset-upf.yaml#L101
5:03
Where is the PCIDEVICE_INTEL_COM_INTEL_SRIOV_DPDK variable defined ? Could you please help on this ?
I sent you the UPF pod details through Slack.
Many thanks!

[gab-arrobo]

@gatici,
From the e2e-test log, there is an error loading the sdcore-5g-values.yaml because of this Condition path '5g-ran-sim.enable' for chart 5g-ran-sim returned non-bool value, the value should be either true or false, but since the file is not properly passed, the variable enable: ${ENABLE_GNBSIM} (https://github.com/gab-arrobo/aether-in-a-box/blob/master/sd-core-5g-values.yaml#L361) is not getting overwritten. Therefore, it looks like the other values are not being overwritten, either. So, the default deployment mode for the UPF is DPDK and that might be the reason why your UPF pod get stuck in initialization state.

WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/runner/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/runner/.kube/config
Release "sd-core" does not exist. Installing it now.
dependencies.go:63: Warning: Condition path '5g-ran-sim.enable' for chart 5g-ran-sim returned non-bool value
coalesce.go:237: warning: skipped value for kafka.config: Not a table.
Error: context deadline exceeded
make[1]: *** [Makefile:344: /home/runner/aether-in-a-box//build/milestones/5g-core] Error 1
make[1]: Leaving directory '/home/runner/aether-in-a-box'
make: *** [Makefile:118: run-aiab] Error 2
Error: Process completed with exit code 2.

[gatici]

@gatici, From the e2e-test log, there is an error loading the sdcore-5g-values.yaml because of this Condition path '5g-ran-sim.enable' for chart 5g-ran-sim returned non-bool value, the value should be either true or false, but since the file is not properly passed, the variable enable: ${ENABLE_GNBSIM} (https://github.com/gab-arrobo/aether-in-a-box/blob/master/sd-core-5g-values.yaml#L361) is not getting overwritten. Therefore, it looks like the other values are not being overwritten, either. So, the default deployment mode for the UPF is DPDK and that might be the reason why your UPF pod get stuck in initialization state.

WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/runner/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/runner/.kube/config
Release "sd-core" does not exist. Installing it now.
dependencies.go:63: Warning: Condition path '5g-ran-sim.enable' for chart 5g-ran-sim returned non-bool value
coalesce.go:237: warning: skipped value for kafka.config: Not a table.
Error: context deadline exceeded
make[1]: *** [Makefile:344: /home/runner/aether-in-a-box//build/milestones/5g-core] Error 1
make[1]: Leaving directory '/home/runner/aether-in-a-box'
make: *** [Makefile:118: run-aiab] Error 2
Error: Process completed with exit code 2.

Hello Gabriel,
ENABLE_GNBSIM is set to true while we are running helm command. It should not create a problem.
This error happened once ( strange) but it does not appear again.
gnbsim and UPF pod does not become available.
And I am suspicious about Multus.

gatici@gaticipc:~/omec/gatici/sdcore-helm-charts$ kubectl get pod -n omec2
NAME                           READY   STATUS     RESTARTS   AGE
amf-7645cd8d75-hb482           1/1     Running    0          36m
ausf-764c8b5bc4-tcldh          1/1     Running    0          36m
gnbsim-0                       0/1     Init:0/1   0          36m
init-net-v7qxk                 1/1     Running    0          36m
kafka-0                        1/1     Running    0          36m
metricfunc-6c4885b477-ftgcm    1/1     Running    0          36m
mongodb-0                      1/1     Running    0          36m
mongodb-1                      1/1     Running    0          36m
mongodb-arbiter-0              1/1     Running    0          36m
nrf-5cbc95d9fb-9nknj           1/1     Running    0          36m
nssf-6bc6d746c-gtbrq           1/1     Running    0          36m
pcf-5856f96854-8h46l           1/1     Running    0          36m
sd-core-zookeeper-0            1/1     Running    0          36m
simapp-6887895b44-v6zbz        1/1     Running    0          36m
smf-758c87c9bf-j4h9v           1/1     Running    0          36m
udm-7dd7698685-mcrzx           1/1     Running    0          36m
udr-6d7666db5c-j5ck7           1/1     Running    0          36m
upf-0                          0/5     Init:0/1   0          36m
upf-adapter-54fc984c8f-brpwm   1/1     Running    0          36m
webui-6457c55d55-s8b5c         1/1     Running    0          36m

Here are the latest results.

gatici@gaticipc:~/omec/gabarabo/aether-in-a-box$ make 5g-test
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/gatici/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/gatici/.kube/config
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "flannel" chart repository
...Successfully got an update from the "atomix" chart repository
...Successfully got an update from the "rancher" chart repository
...Successfully got an update from the "incubator" chart repository
...Successfully got an update from the "onosproject" chart repository
...Successfully got an update from the "cord" chart repository
...Successfully got an update from the "aether" chart repository
Update Complete. ⎈Happy Helming!⎈
NODE_IP=192.168.1.117 DATA_IFACE=data RAN_SUBNET=192.168.251.0/24 ENABLE_GNBSIM=true envsubst < /home/gatici/omec/gabarabo/aether-in-a-box//sd-core-5g-values.yaml | \
helm upgrade --create-namespace --install --wait  \
        --namespace omec2 \
        --values - \
        sd-core \
        aether/sd-core --version 2.1.0
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/gatici/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/gatici/.kube/config
Release "sd-core" does not exist. Installing it now.
coalesce.go:175: warning: skipped value for kafka.config: Not a table.
Error: client rate limiter Wait returned an error: rate: Wait(n=1) would exceed context deadline
make: *** [Makefile:344: /home/gatici/omec/gabarabo/aether-in-a-box//build/milestones/5g-core] Error 1

[gab-arrobo]

Why do you change this? You can leave it as 2023-present

[gab-arrobo]

I would delete the name

Suggested change

name: Dockerfile linter

[gab-arrobo]

As far I know and tested, you do not need sudo in GitHub runners

Suggested change

	sudo microk8s addons repo add community https://github.com/canonical/microk8s-community-addons --reference feat/strict-fix-multus
	sudo microk8s enable multus
	sudo microk8s kubectl -n kube-system rollout status daemonset/kube-multus-ds
	sudo microk8s kubectl auth can-i create network-attachment-definitions
	microk8s addons repo add community https://github.com/canonical/microk8s-community-addons --reference feat/strict-fix-multus
	microk8s enable multus
	microk8s kubectl -n kube-system rollout status daemonset/kube-multus-ds
	microk8s kubectl auth can-i create network-attachment-definitions

[gab-arrobo]

Same as previous comment

Suggested change

	sudo microk8s kubectl config view --raw > $HOME/.kube/config
	microk8s kubectl config view --raw > $HOME/.kube/config

[gab-arrobo]

Suggested change

	yq -i '.5g-control-plane.images |= {"amf": "localhost:32000/5gc-amf:amf-testing"}' sd-core-5g-values.yaml && \
	yq -i '.5g-control-plane.images.tags |= {"amf": "localhost:32000/5gc-amf:amf-testing"}' sd-core-5g-values.yaml && \