action.yaml

name: 'Devstack Swift Test Instance'

description: 'Create a openstack swift instance for test purpose'

inputs:
  network:
    description: >
      IPv4 network address and network prefix reserved for devstack server in CIDR notation.
      Network prefix bits must be less than 31 since an additional IPv4 address need to be allocated
      for the host. Update this option only if the default address conflicts with other Github 
      actions.
    required: true
    default: "10.100.115.2/24"

  use-cache:
    description: >
      Use Github action cache to speed up devstack build time. setup-devstack-swift will use
      1 GiB of cache, disable this only if other slower steps require that 1 GiB of 
      cache. Or the workflow runs are very infrequent, cache will be expired each time 
      (building from scratch and generating cache is slower than building from scratch alone).
    required: true
    default: "true"

  s3api:
    description: >
      Enable swift s3api middleware to emulate the S3 REST api on top of swift. 
    required: true
    default: "false"

  cache-key:
    description: >
      Cache key for the GitHub action cache used in this action.
      When set to an empty string, use the default cache key schema to generate one.
    required: true
    default: ""

outputs:
  credentials:
    description: >
      Credentials used to authenticate access to swift test instance.
      For swift API:
        It's OpenStack RC file style i.g. export <env-name>=<env-value>.
      For S3 API: 
        It's in ini file format with three keys: aws_access_key_id, aws_secret_access_key and endpoint_url.
    value: ${{ steps.output-credentials.outputs.credentials }}

runs:
  using: "composite"
  steps:
    - name: Allocate network address
      id: parse-network
      shell: python
      run: |
        import ipaddress
        import itertools
        import os

        interface = ipaddress.IPv4Interface("${{ inputs.network }}")
        address = interface.ip
        network = interface.network
        prefix_len = network.prefixlen
        if prefix_len >= 31:
            raise ValueError(
                "Network prefix length greater or equal to 31, can't allocate network address for host"
            )
        for host_address in itertools.islice(network, 1, None):
            if host_address != address:
                with open(os.environ['GITHUB_OUTPUT'], "a") as file:
                    print(f"devstack-ip={address}", file=file)
                    print(f"host-address={host_address}/{prefix_len}", file=file)
                break

    - name: Setup LXD
      shell: bash
      run: |
        sudo iptables -I DOCKER-USER  -j ACCEPT
        if snap list lxd 2> /dev/null; then
          for i in {1..10}; do
            if [ $i == 10 ]; then
              sudo snap refresh lxd --channel 5.21/stable
            else
              sudo snap refresh lxd --channel 5.21/stable && break || :
            fi
            sleep 5
          done
        else
          for i in {1..10}; do
            if [ $i == 10 ]; then
              sudo snap install lxd --channel 5.21/stable
            else
              sudo snap install lxd --channel 5.21/stable && break || :
            fi
            sleep 5
          done
        fi
        sudo lxd waitready
        sudo lxd init --auto
        sudo lxc project create devstack -c features.images=false
        sudo lxc profile show default | sudo lxc profile edit default --project devstack
        sudo lxc network create lxdbrstack ipv6.address=none ipv4.address=${{ steps.parse-network.outputs.host-address }} ipv4.nat=true --project devstack
        sudo lxc network detach-profile lxdbr0 default eth0 --project devstack
        sudo lxc network attach-profile lxdbrstack default eth0 --project devstack
        sudo chmod a+wr /var/snap/lxd/common/lxd/unix.socket
        bash -c "sudo usermod -a -G lxd $USER"

    - name: LXD Devstack Image Cache
      if: inputs.use-cache == 'true'
      id: devstack-swift-cache
      uses: actions/cache@v3
      with:
        path: ${{ github.workspace }}/.devstack/
        key: ${{ inputs.cache-key != '' && inputs.cache-key || format( 'lxd-devstack-keystone-swift-2023.2-22.04-{0}{1}', inputs.network, inputs.s3api == 'true' && '-s3api' || '') }}

    - name: Build Devstack Swift LXD Container
      if: inputs.use-cache != 'true' || steps.devstack-swift-cache.outputs.cache-hit != 'true'
      shell: bash
      run: |
        lxc init ubuntu:22.04 devstack --project devstack
        lxc network attach lxdbrstack devstack eth0 eth0 --project devstack
        lxc config device set devstack eth0 ipv4.address ${{ steps.parse-network.outputs.devstack-ip }} --project devstack
        lxc start devstack --project devstack
        echo waiting for initialization
        timeout 120s bash -c 'until lxc exec devstack --project devstack -- bash -c "[ -d /home/ubuntu ]"; do sleep 1 && echo .; done; echo'
        echo waiting for network
        timeout 120s bash -c 'until lxc exec devstack --project devstack -- bash -c "curl -sSL https://github.com/openstack/devstack.git -m 3 -o /dev/null"; do sleep 1; done; echo'
        lxc exec devstack --user 1000 --cwd /home/ubuntu --project devstack -- git clone -b unmaintained/2023.1 https://github.com/openstack/devstack.git
        lxc exec devstack --user 1000 --cwd /home/ubuntu --project devstack -- cp ./devstack/samples/local.conf ./devstack
        lxc exec devstack --user 1000 --cwd /home/ubuntu --project devstack -- sh -c "echo disable_all_services >> ./devstack/local.conf"
        lxc exec devstack --user 1000 --cwd /home/ubuntu --project devstack -- sh -c "echo enable_service key mysql s-proxy s-object s-container s-account >> ./devstack/local.conf"
        [ ${{ inputs.s3api }} = true ] && lxc exec devstack --user 1000 --cwd /home/ubuntu --project devstack -- sh -c "echo enable_service s3api >> ./devstack/local.conf"
        lxc exec devstack --user 1000 --cwd /home/ubuntu --project devstack -- sh -c "echo ENABLE_KSM=False >> ./devstack/local.conf"
        lxc exec devstack --cwd /home/ubuntu/devstack --project devstack -- sudo --login --user ubuntu /home/ubuntu/devstack/stack.sh
        lxc exec devstack --project devstack -- sh -c "echo > /etc/fstab"

    - name: Generate Devstack Image Snapshot
      if: inputs.use-cache == 'true' && steps.devstack-swift-cache.outputs.cache-hit != 'true'
      shell: bash
      run: |
        mkdir .devstack
        cd .devstack
        lxc stop devstack --project devstack
        lxc snapshot devstack devstack-snapshot --project devstack
        lxc publish devstack/devstack-snapshot --alias devstack-swift --project devstack
        lxc image export devstack-swift devstack-swift --project devstack
        lxc image delete devstack-swift --project devstack
        lxc start devstack --project devstack

    - name: Resume Devstack Swift Image From Tarball
      if: inputs.use-cache == 'true' && steps.devstack-swift-cache.outputs.cache-hit == 'true'
      shell: bash
      run: |
        cd .devstack
        lxc image import devstack-swift.tar.gz --alias devstack-swift --project devstack
        lxc init devstack-swift devstack --project devstack
        lxc network attach lxdbrstack devstack eth0 eth0 --project devstack
        lxc config device set devstack eth0 ipv4.address ${{ steps.parse-network.outputs.devstack-ip }} --project devstack
        lxc start devstack --project devstack

    - name: Create Credentials
      shell: bash
      run: |
        timeout 120s bash -c "until [[ \$(lxc list -c4 --format csv devstack --project devstack) ]]; do sleep 1 && echo .; done; echo"
        lxc exec devstack --project devstack -- bash -c ". /home/ubuntu/devstack/openrc &> /dev/null && printenv | grep OS_ | grep -v OS_AUTH_URL | sed 's/^/export /g'" > credentials
        echo "export OS_AUTH_URL=http://$(lxc list -c4 --format csv devstack --project devstack | cut -d' ' -f1)/identity" >> credentials
        cat credentials

    - name: Ensure Devstack Running
      shell: bash
      run: |
        . credentials
        WAIT=0
        until [ $WAIT -eq 10 ] || curl -sf $OS_AUTH_URL -o /dev/null --max-time 1; do
            echo .
            sleep $(( WAIT++ ))
        done
        [ $WAIT -lt 10 ]

    - name: Convert Credentials to S3 Style
      if: inputs.s3api == 'true'
      shell: python
      run: |
        import os
        import re
        import json
        import posixpath
        import subprocess
        import configparser
        import urllib.request

        rc_parser = configparser.ConfigParser()
        rc_parser.optionxform = str
        rc_file = open("credentials").read()
        rc_file = re.sub("^export ", "", rc_file, flags=re.MULTILINE)
        rc_parser.read_string("[default]\n" + rc_file)
        os.environ.update(rc_parser["default"])

        auth_url = posixpath.join(os.getenv("OS_AUTH_URL"), "v3/auth/tokens")
        response = urllib.request.urlopen(urllib.request.Request(
            url=auth_url,
            method="POST",
            data=json.dumps(
                {
                    "auth": {
                        "identity": {
                            "methods": ["password"],
                            "password": {
                                "user": {
                                    "name": os.getenv("OS_USERNAME"),
                                    "domain": {"id": os.getenv("OS_USER_DOMAIN_ID")},
                                    "password": os.getenv("OS_PASSWORD")
                                }
                            }
                        },
                        "scope": {
                            "project": {
                                "name": os.getenv("OS_PROJECT_NAME"),
                                "domain": {"id": os.getenv("OS_PROJECT_DOMAIN_ID")}
                            }
                        }
                    }
                }).encode(),
            headers={"Content-Type": "application/json"}
        ))

        with response as f:
            token = json.loads(f.read().decode())
        swift_service = [
            service for service in token["token"]["catalog"]
            if service["name"] == "swift"
        ][0]
        swift_endpoint = [
            endpoint["url"] for endpoint in swift_service["endpoints"]
            if endpoint["interface"] == "admin"
        ][0]
        ec2_credential_create_cmd = [
            "lxc", "exec", "devstack", "--project", "devstack", "--",
            "bash", "-c",
            ". /home/ubuntu/devstack/openrc &> /dev/null && openstack ec2 credentials create -f json"
        ]
        ec2_credential = json.loads(subprocess.check_output(ec2_credential_create_cmd))
        credentials = [
            "[default]",
            f"aws_access_key_id = {ec2_credential['access']}",
            f"aws_secret_access_key = {ec2_credential['secret']}",
            f"endpoint_url = {swift_endpoint}"
        ]
        credentials = "\n".join(credentials)
        with open("credentials", "w+") as f:
            f.write(credentials)
        print(credentials)

    - name: Output Credentials
      id: output-credentials
      shell: bash
      run: |
        echo "credentials<<EOF" >> $GITHUB_OUTPUT
        sed -e '$a\' credentials >> $GITHUB_OUTPUT
        echo "EOF" >> $GITHUB_OUTPUT
        rm credentials