canonical · phvalguima · Oct 19, 2023 · Oct 19, 2023 · Oct 20, 2023
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -12,24 +12,53 @@ on:
     - cron: "53 0 * * *" # Daily at 00:53 UTC
   # Triggered on push to branch "main" by .github/workflows/release.yaml
   workflow_call:
-    secrets:
-      CHARMHUB_TOKEN:
-        required: true
-      AWS_ACCESS_KEY:
-        required: true
-      AWS_SECRET_KEY:
-        required: true
-      GCP_ACCESS_KEY:
-        required: true
-      GCP_SECRET_KEY:
-        required: true
+#    secrets:
+#      CHARMHUB_TOKEN:
+#        required: true
+#      AWS_ACCESS_KEY:
+#        required: true
+#      AWS_SECRET_KEY:
+#        required: true
+#      GCP_ACCESS_KEY:
+#        required: true
+#      GCP_SECRET_KEY:
+#        required: true
+    inputs:
+      no-proxy:
+        default: "10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,194.169.254.133,.pc1.canonical.com,.openstack.partnercloud1.lan,127.0.0.1,localhost"
+        required: false
+        type: string
+      http-proxy:
+        default: "http://squid.internal:3128"
+        required: false
+        type: string
 
 jobs:
   lint:
     name: Lint
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux, X64, large, jammy]
     timeout-minutes: 5
     steps:
+      - name: Set up aproxy
+        run: |
+          sudo snap install aproxy --edge
+          sudo snap set aproxy proxy=squid.internal:3128
+          sudo nft -f - << EOF
+          define default-ip = $(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+')
+          define private-ips = { 10.0.0.0/8, 127.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16 }
+          table ip aproxy
+          flush table ip aproxy
+          table ip aproxy {
+                chain prerouting {
+                        type nat hook prerouting priority dstnat; policy accept;
+                        ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443
+                }
+                chain output {
+                        type nat hook output priority -100; policy accept;
+                        ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443
+                }
+          }
+          EOF
       - name: Checkout
         uses: actions/checkout@v3
       - name: Install tox
@@ -40,9 +69,29 @@ jobs:
 
   unit-test:
     name: Unit tests
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux, X64, large, jammy]
     timeout-minutes: 5
     steps:
+      - name: Set up aproxy
+        run: |
+          sudo snap install aproxy --edge
+          sudo snap set aproxy proxy=squid.internal:3128
+          sudo nft -f - << EOF
+          define default-ip = $(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+')
+          define private-ips = { 10.0.0.0/8, 127.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16 }
+          table ip aproxy
+          flush table ip aproxy
+          table ip aproxy {
+                chain prerouting {
+                        type nat hook prerouting priority dstnat; policy accept;
+                        ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443
+                }
+                chain output {
+                        type nat hook output priority -100; policy accept;
+                        ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443
+                }
+          }
+          EOF
       - name: Checkout
         uses: actions/checkout@v3
       - name: Install tox
@@ -52,9 +101,29 @@ jobs:
         run: tox run -e unit
   lib-check:
     name: Check libraries
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux, X64, large, jammy]
     timeout-minutes: 5
     steps:
+      - name: Set up aproxy
+        run: |
+          sudo snap install aproxy --edge
+          sudo snap set aproxy proxy=squid.internal:3128
+          sudo nft -f - << EOF
+          define default-ip = $(ip route get $(ip route show 0.0.0.0/0 | grep -oP 'via \K\S+') | grep -oP 'src \K\S+')
+          define private-ips = { 10.0.0.0/8, 127.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16 }
+          table ip aproxy
+          flush table ip aproxy
+          table ip aproxy {
+                chain prerouting {
+                        type nat hook prerouting priority dstnat; policy accept;
+                        ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443
+                }
+                chain output {
+                        type nat hook output priority -100; policy accept;
+                        ip daddr != \$private-ips tcp dport { 80, 443 } counter dnat to \$default-ip:8443
+                }
+          }
+          EOF
       - name: Checkout
         uses: actions/checkout@v3
         with:
@@ -67,7 +136,11 @@ jobs:
 
   build:
     name: Build charms
-    uses: canonical/data-platform-workflows/.github/workflows/build_charms_with_cache.yaml@v2
+    uses: canonical/data-platform-workflows/.github/workflows/build_charms_with_cache.yaml@add-aproxy-snap
+    with:
+      charmcraft-snap-revision: 1349  # version 2.3.0
+    permissions:
+      actions: write  # Needed to manage GitHub Actions cache
 
   integration-test:
     strategy:
@@ -87,7 +160,7 @@ jobs:
       - unit-test
       - lib-check
       - build
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux, X64, xlarge, jammy]
     timeout-minutes: 120
     steps:
       - name: Checkout
@@ -98,7 +171,7 @@ jobs:
         with:
           provider: lxd
           juju-channel: 3.1/stable
-          bootstrap-options: "--agent-version 3.1.6"
+          bootstrap-options: "--agent-version 3.1.6 --model-default juju-http-proxy=${{ inputs.http-proxy }} --model-default juju-https-proxy=${{ inputs.http-proxy }} --model-default juju-no-proxy=${{ inputs.no-proxy }} --model-default apt-http-proxy=${{ inputs.http-proxy }} --model-default apt-https-proxy=${{ inputs.http-proxy }} --model-default snap-http-proxy=${{ inputs.http-proxy }} --model-default snap-https-proxy=${{ inputs.http-proxy }}"
       - name: Download packed charm(s)
         uses: actions/download-artifact@v3
         with:
@@ -129,7 +202,7 @@ jobs:
         run: tox run -e ${{ matrix.tox-environments }} -- -m '${{ steps.select-tests.outputs.mark_expression }}'
         env:
           CI_PACKED_CHARMS: ${{ needs.build.outputs.charms }}
-          AWS_ACCESS_KEY: ${{ matrix.tox-environments != 'backup-integration' || secrets.AWS_ACCESS_KEY }}
-          AWS_SECRET_KEY: ${{ matrix.tox-environments != 'backup-integration' || secrets.AWS_SECRET_KEY }}
-          GCP_ACCESS_KEY: ${{ matrix.tox-environments != 'backup-integration' || secrets.GCP_ACCESS_KEY }}
-          GCP_SECRET_KEY: ${{ matrix.tox-environments != 'backup-integration' || secrets.GCP_SECRET_KEY }}
+#          AWS_ACCESS_KEY: ${{ matrix.tox-environments != 'backup-integration' || secrets.AWS_ACCESS_KEY }}
+#          AWS_SECRET_KEY: ${{ matrix.tox-environments != 'backup-integration' || secrets.AWS_SECRET_KEY }}
+#          GCP_ACCESS_KEY: ${{ matrix.tox-environments != 'backup-integration' || secrets.GCP_ACCESS_KEY }}
+#          GCP_SECRET_KEY: ${{ matrix.tox-environments != 'backup-integration' || secrets.GCP_SECRET_KEY }}
diff --git a/charmcraft.yaml b/charmcraft.yaml
@@ -9,6 +9,7 @@ bases:
     run-on:
       - name: "ubuntu"
         channel: "22.04"
+
 parts:
   charm:
     charm-binary-python-packages:
@@ -20,3 +21,6 @@ parts:
       - libssl-dev
       - rustc
       - cargo
+    # https://discourse.charmhub.io/t/charmcraft-launchpad-rust-ubuntu-lunar-weird-download-failures/12044
+    build-environment:
+      - CARGO_HTTP_MULTIPLEXING: "false"