Set up CI with Azure Pipelines

Sets up a pipeline to run FreeIPA build and tests in Azure Pipelines.

Azure Pipelines provides 10 parallel free runners for open source projects.
Use them to run following jobs:

 - Build: build RPMs and Fedora 30 container with them
 - Lint: run linting of the source code
 - Tox: run py36,pypi,pylint tests using Tox
 - Web UI unit tests: run Web UI unit tests with Grunt/QUnit/PhantomJS
 - XMLRPC tests: install FreeIPA server and run XMLRPC tests against it

All jobs are running in Fedora 30 containers. Build, Lint, Tox, and Web
UI unit tests run inside f30/fedora-toolbox container. Build job
generates a container with pre-installed FreeIPA packages using official
fedora:30 container. All containers are picked up from
registry.fedoraproject.org.

Artifacts from the build job are pushed to a pipeline storage and reused
in the XMLRPC tests. They also are accessible in the 'Summary' tab to
download.

XUnit and QUnit outputs from the tests that produce it are reported in
the 'Tests' tab.

Logs from individual steps from each job are available for review in
the 'Logs' tab. They also can be downloaded.

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>

8 files changed, 317 insertions, 0 deletions

diff --git a/ipatests/azure/Dockerfile.build-container b/ipatests/azure/Dockerfile.build-container
new file mode 100644
index 000000000..82fc65d0f
--- /dev/null
+++ b/ipatests/azure/Dockerfile.build-container
@@ -0,0 +1,17 @@
+FROM fedora:30
+MAINTAINER [FreeIPA Developers freeipa-devel@lists.fedorahosted.org]
+ENV container=docker LANG=en_US.utf8 LANGUAGE=en_US.utf8 LC_ALL=en_US.utf8
+
+ADD dist /root
+RUN echo 'deltarpm = false' >> /etc/dnf/dnf.conf \
+    && dnf update -y dnf \
+    && dnf install -y dnf-plugins-core sudo wget systemd firewalld nss-tools iptables \
+    && dnf config-manager '*modular*' --set-disabled \
+    && dnf install -y /root/rpms/*.rpm \
+    && dnf clean all && rm -rf /root/rpms /root/srpms \
+    && for i in /usr/lib/systemd/system/*-domainname.service; \
+    do sed -i 's#^ExecStart=/#ExecStart=-/#' $i ; done
+
+STOPSIGNAL RTMIN+3
+VOLUME ["/freeipa", "/run", "/tmp"]
+ENTRYPOINT [ "/usr/sbin/init" ]
diff --git a/ipatests/azure/azure-pipelines.yml b/ipatests/azure/azure-pipelines.yml
new file mode 100644
index 000000000..224519891
--- /dev/null
+++ b/ipatests/azure/azure-pipelines.yml
@@ -0,0 +1,165 @@
+trigger:
+- master
+
+variables:
+  TEST_RUNNER_IMAGE: freeipa-fedora-builder:latest
+  TEST_RUNNER_CONFIG: .test_runner_azure.yaml
+  PEP8_ERROR_LOG: pycodestyle_errors.log
+  CI_RESULTS_LOG: ci_results_$(System.PullRequest.PullRequestNumber).log
+  CI_BACKLOG_SIZE: 5000
+  CI_RUNNER_LOGS_DIR: logs
+  CI_RUNNER_LOG_ARCHIVE: $(System.PullRequest.PullRequestNumber)-job-$(Build.BuildId).tar.gz
+  TRAVIS_EVENT_TYPE: $(Build.Reason)
+  TRAVIS_BRANCH: $(System.PullRequest.TargetBranch)
+  localsdir: $(Build.Repository.LocalPath)
+  builddir: /__w/1/s
+
+jobs:
+- job: Build
+  pool:
+    vmImage: 'Ubuntu-16.04'
+  container:
+    image: registry.fedoraproject.org/f30/fedora-toolbox
+    options: --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --privileged
+  steps:
+    - template: templates/prepare-build.yml
+    - script: |
+        echo "Running autoconf generator"
+        ./autogen.sh
+      displayName: Configure the project
+    - script: |
+        echo "Running make target 'rpms'"
+        make V=0 rpms LOG_COMPILE='gdb -return-child-result -ex run -ex "thread apply all bt" -ex "quit" --args'
+      displayName: Build packages
+    - script: |
+        mkdir container
+        cp -pr dist container/
+        cp ipatests/azure/Dockerfile.build-container container/Dockerfile
+        cd container
+        docker build -t freeipa-fedora-builder .
+        docker save freeipa-fedora-builder | gzip > '$(builddir)/freeipa-fedora-builder-container.tar.gz'
+      displayName: Create container image for test
+    - template: templates/publish-build.yml
+
+- job: Lint
+  pool:
+    vmImage: 'Ubuntu-16.04'
+  container:
+    image: registry.fedoraproject.org/f30/fedora-toolbox
+    options: --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --privileged
+  steps:
+    - template: templates/prepare-build.yml
+    - script: |
+        echo "Running autoconf generator"
+        ./autogen.sh
+      displayName: Configure the project
+    - script: |
+        echo "Running make target 'lint'"
+        make V=0 lint
+      displayName: Lint sources
+
+- job: Tox
+  pool:
+    vmImage: 'Ubuntu-16.04'
+  container:
+    image: registry.fedoraproject.org/f30/fedora-toolbox
+    options: --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --privileged
+  steps:
+    - template: templates/prepare-build.yml
+    - task: UsePythonVersion@0
+      inputs:
+        versionSpec: 3.6
+        architecture: x64
+    - script: |
+        sudo dnf -y install nss-tools
+        python3 -m pip install --upgrade pip setuptools pycodestyle
+      displayName: 'Install prerequisites'
+    - script: |
+        echo "Running tox"
+        export LANG=en_US.utf8
+        export LC_CTYPE=en_US.utf8
+        locale
+        tox -e py36,pypi,pylint3
+      displayName: Tox
+    - task: PublishTestResults@2
+      inputs:
+        testResultsFiles: '.tox/**/junit-*.xml'
+        testRunTitle: 'Tox results'
+      condition: succeededOrFailed()
+
+- job: WebUI_Unit_Tests
+  pool:
+    vmImage: 'Ubuntu-16.04'
+  container:
+    image: registry.fedoraproject.org/f30/fedora-toolbox
+    options: --cap-add=SYS_PTRACE --security-opt seccomp=unconfined --privileged
+  steps:
+    - template: templates/prepare-build.yml
+    - task: UsePythonVersion@0
+      inputs:
+        versionSpec: 3.6
+        architecture: x64
+    - script: |
+        sudo dnf -y install npm fontconfig
+      displayName: 'Install prerequisites'
+    - script: |
+        echo "Running autoconf generator"
+        ./autogen.sh
+      displayName: Configure the project
+    - script: |
+        echo "Running WebUI unit tests"
+        cd $(builddir)/install/ui/js/libs && make
+        cd $(builddir)/install/ui && npm install
+        cd $(builddir)/install/ui && node_modules/grunt/bin/grunt --verbose test
+      displayName: WebUI Unit Tests
+    - task: PublishTestResults@2
+      inputs:
+        testResultsFiles: 'install/ui/_build/test-reports/TEST-*.xml'
+        testRunTitle: 'Web UI unit test results'
+      condition: succeededOrFailed()
+
+- job: Test
+  dependsOn: Build
+  condition: succeeded()
+  pool:
+    vmImage: 'Ubuntu-16.04'
+  strategy:
+    matrix:
+        Base_tests:
+          TEST_TITLE: 'Base'
+          TASK_TO_RUN: run-tests
+          TESTS_TO_RUN: "test_cmdline
+                test_install
+                test_ipaclient
+                test_ipalib
+                test_ipaplatform
+                test_ipapython
+                test_ipaserver"
+        XMLRPC_tests:
+          TEST_TITLE: 'XMLRPC'
+          TASK_TO_RUN: run-tests
+          TESTS_TO_RUN: "test_xmlrpc/test_*.py"
+  steps:
+    - template: templates/setup-test-environment.yml
+      parameters:
+        pythonVersion: '3.6'
+        architecture: 'x64'
+        logsPath: '$(CI_RUNNER_LOGS_DIR)'
+    - script: |
+        sudo modprobe ip6_tables
+      displayName: Make sure IPv6 firewall support is allowed
+    - template: templates/run-test.yml
+      parameters:
+        containerName: 'freeipa-fedora-builder:latest'
+        logsPath: '$(CI_RUNNER_LOGS_DIR)'
+        testToRun: '$(TASK_TO_RUN)'
+        testParams: '$(TESTS_TO_RUN)'
+    - task: PublishTestResults@2
+      inputs:
+        testResultsFiles: 'nosetests.xml'
+        testRunTitle: 'XMLRPC test results'
+      condition: succeededOrFailed()
+    - template: templates/save-test-artifacts.yml
+      parameters:
+        logsPath: '$(CI_RUNNER_LOGS_DIR)'
+        logsArtifact: '$(TEST_TITLE)-logs-$(CI_RUNNER_LOG_ARCHIVE)'
diff --git a/ipatests/azure/azure-run-tests.sh b/ipatests/azure/azure-run-tests.sh
new file mode 100755
index 000000000..7b05af1b5
--- /dev/null
+++ b/ipatests/azure/azure-run-tests.sh
@@ -0,0 +1,43 @@
+#!/bin/bash -ex
+server_realm=EXAMPLE.TEST
+server_domain=example.test
+server_password=Secret123
+
+# Expand list of tests into -k...  -k... -k... .. sequence
+tests_to_run=$(eval "eval echo -k{$(echo $TESTS_TO_RUN | sed -e 's/[ \t]+*/,/g')}")
+
+systemctl --now enable firewalld
+ipa-server-install -U --domain ${server_domain} --realm ${server_realm} -p ${server_password} -a ${server_password} --setup-dns --setup-kra --auto-forwarders
+sed -ri "s/mode = production/mode = development/" /etc/ipa/default.conf
+systemctl restart httpd.service
+firewall-cmd --add-service={freeipa-ldap,freeipa-ldaps,dns}
+
+
+cd /freeipa
+
+echo ${server_password} | kinit admin && ipa ping
+cp -r /etc/ipa/* ~/.ipa/
+echo ${server_password} > ~/.ipa/.dmpw
+echo 'wait_for_dns=5' >> ~/.ipa/default.conf
+ipa-test-config --help
+ipa-test-task --help
+ipa-run-tests --with-xunit -k-{test_integration,test_webui,test_ipapython/test_keyring.py,test_dns_soa} -v ${tests_to_run}
+grep -n -C5 BytesWarning /var/log/httpd/error_log
+ipa-server-install --uninstall -U
+# second uninstall to verify that --uninstall without installation works
+ipa-server-install --uninstall -U
+firewall-cmd --remove-service={freeipa-ldap,freeipa-ldaps,dns}
+
+mkdir -p /freeipa/logs
+cd /freeipa/logs
+journalctl -b --no-pager > systemd_journal.log
+tar --ignore-failed-read -cvf var_log.tar \
+    /var/log/dirsrv \
+    /var/log/httpd \
+    /var/log/ipa* \
+    /var/log/krb5kdc.log \
+    /var/log/pki \
+    systemd_journal.log
+
+ls -laZ /etc/dirsrv/slapd-*/ /etc/httpd/alias/ /etc/pki/pki-tomcat/alias/ || true
+
diff --git a/ipatests/azure/templates/prepare-build.yml b/ipatests/azure/templates/prepare-build.yml
new file mode 100644
index 000000000..3987e6da4
--- /dev/null
+++ b/ipatests/azure/templates/prepare-build.yml
@@ -0,0 +1,11 @@
+steps:
+- script: |
+    sudo rm -rf /var/cache/dnf/*
+    echo 'Disable modular repositories'
+    sudo dnf config-manager '*modular*' --set-disabled
+    sudo dnf makecache || :
+    echo "Installing base development environment"
+    sudo dnf install -y gdb make autoconf rpm-build gettext-devel automake libtool 'nodejs(abi) < 11' docker python3-paramiko || :
+    echo "Installing FreeIPA development dependencies"
+    sudo dnf builddep -y --skip-broken -D "with_wheels 1" -D "with_lint 1" --spec freeipa.spec.in --best --allowerasing --setopt=install_weak_deps=False || :
+  displayName: Prepare build environment
diff --git a/ipatests/azure/templates/publish-build.yml b/ipatests/azure/templates/publish-build.yml
new file mode 100644
index 000000000..45d6df893
--- /dev/null
+++ b/ipatests/azure/templates/publish-build.yml
@@ -0,0 +1,12 @@
+steps:
+- task: PublishPipelineArtifact@0
+  displayName: Publish packages
+  inputs:
+    artifactName: 'packages-$(Build.BuildId)-$(Agent.OS)-$(Agent.OSArchitecture)'
+    targetPath: $(Agent.BuildDirectory)/s/dist
+- task: PublishPipelineArtifact@0
+  displayName: Publish container image
+  inputs:
+    artifactName: 'image-$(Build.BuildId)-$(Agent.OS)-$(Agent.OSArchitecture)'
+    targetPath: $(Agent.BuildDirectory)/s/freeipa-fedora-builder-container.tar.gz
+
diff --git a/ipatests/azure/templates/run-test.yml b/ipatests/azure/templates/run-test.yml
new file mode 100644
index 000000000..ae4ae3cfd
--- /dev/null
+++ b/ipatests/azure/templates/run-test.yml
@@ -0,0 +1,23 @@
+parameters:
+  imageName: 'freeipa-fedora-builder:latest'
+  containerName: 'container'
+  logsPath: 'logs'
+  testToRun: 'lint'
+  testParams: ''
+
+steps:
+- script: |
+    cnt=`docker create --hostname ipa.example.test --privileged -v $(Build.Repository.LocalPath):/freeipa -t  ${{parameters.imageName}} /usr/sbin/init`
+    echo "##vso[task.setvariable variable=containerName;isOutput=true]$cnt"
+  name: createContainer
+  displayName: Create container for running a test
+- script: |
+    docker start $(createContainer.containerName)
+    docker inspect $(createContainer.containerName)
+  displayName: Start container for running a test
+- script: |
+    docker exec --env TESTS_TO_RUN='${{parameters.testParams}}' \
+                --privileged -t \
+                $(createContainer.containerName) \
+                /bin/bash --noprofile --norc -x /freeipa/ipatests/azure/azure-${{parameters.testToRun}}.sh
+  displayName: Run test
diff --git a/ipatests/azure/templates/save-test-artifacts.yml b/ipatests/azure/templates/save-test-artifacts.yml
new file mode 100644
index 000000000..b06a767fb
--- /dev/null
+++ b/ipatests/azure/templates/save-test-artifacts.yml
@@ -0,0 +1,11 @@
+parameters:
+  logsPath: 'logs'
+  logsArtifact: 'logs-$(Build.BuildId)-$(Agent.OS)-$(Agent.OSArchitrecture)'
+steps:
+- task: PublishPipelineArtifact@0
+  displayName: Publish logs
+  inputs:
+    artifactName: ${{parameters.logsArtifact}}
+    targetPath: ${{parameters.logsPath}}
+  condition: always()
+
diff --git a/ipatests/azure/templates/setup-test-environment.yml b/ipatests/azure/templates/setup-test-environment.yml
new file mode 100644
index 000000000..07ee6f493
--- /dev/null
+++ b/ipatests/azure/templates/setup-test-environment.yml
@@ -0,0 +1,35 @@
+parameters:
+  pythonVersion: '3.6'
+  architecture: 'x64'
+  pythonExec: 'python3'
+  logsPath: 'logs'
+  logsArtifact: 'logs-$(Build.BuildId)-$(Agent.OS)-$(Agent.OSArchitrecture)'
+steps:
+- script: |
+    echo '{ "ipv6": true, "fixed-cidr-v6": "2001:db8::/64" }' > docker-daemon.json
+    sudo cp docker-daemon.json /etc/docker/daemon.json
+    sudo chown root:root /etc/docker/daemon.json
+    sudo systemctl restart docker
+  displayName: Configure containerization to allow IPv6 network
+- task: UsePythonVersion@0
+  inputs:
+    versionSpec: ${{parameters.pythonVersion}}
+    architecture: ${{parameters.architecture}}
+- script: |
+    ${{parameters.pythonExec}} -m pip install --upgrade pip setuptools pycodestyle
+  displayName: 'Install prerequisites'
+- task: DownloadPipelineArtifact@0
+  displayName: Download prebuilt packages
+  inputs:
+    artifactName: 'packages-$(Build.BuildId)-$(Agent.OS)-$(Agent.OSArchitecture)'
+    targetPath: $(Agent.BuildDirectory)/s/dist
+- task: DownloadPipelineArtifact@0
+  displayName: Download pre-built container
+  inputs:
+    artifactName: 'image-$(Build.BuildId)-$(Agent.OS)-$(Agent.OSArchitecture)'
+    targetPath: $(Agent.BuildDirectory)/s
+- script: |
+    docker load --input $(Agent.BuildDirectory)/s/freeipa-fedora-builder-container.tar.gz
+    docker images
+    docker inspect freeipa-fedora-builder:latest
+  displayName: Import pre-built container to the engine