Continuous Integration (CI) Whonix Testing - Automated Test Suite

Patrick · June 22, 2023, 3:50pm

Building Whonix for Debian bookworm on Debian bookworm is still a bit difficult because VirtualBox is neither available from Debian stable repository, Debian fasttrack nor Oracle repository.

At the moment it can only be installed from Debian sid which is good enough at least for development purposes and CI. Since this is a moving target (now it’s Debian sid, in the future hopefully at least fasttrack), could you please leave VirtualBox installation on the CI server to a script that I would maintain?

Patrick · June 23, 2023, 1:22pm

This command should work for VirtualBox installation on Debian bookworm:

~/derivative-maker/packages/kicksecure/usability-misc/usr/bin/installer-dist --non-interactive --virtualbox-only --log-level=info

And if not, then I would fix it.

(related: Whonix Linux Installer - Development Discussion)

Mycobee · June 28, 2023, 3:51am

Aight @Patrick, it took a few hours but the CI should be running on Debian 12 and installing VirtualBox from the installer-dist script

github.com/derivative-maker/derivative-maker

CI Debian 12 Update

derivative-maker:master ← Whonix:ci-virtualbox-update

opened 02:48AM - 28 Jun 23 UTC

Mycobee

+22 -39

## Description - Update CI runner to use Debian 12 - Improve connection time…out errors by forcing wait until connection established - Add installation of VirtualBox with builtin `installer-dist` script instead of apt package - Add CI logging for VirtualBox installation and gather artifact - Allow CI testing for commits on branches named using pattern `ci*`

I am heads down in my ecommerce work for the next few weeks still, but will come back in full force and make package_parser more performant and satisfy html requirements. Then we can work on getting OpenQA running for GUI testing

Mycobee · June 28, 2023, 4:46am

Build successful with debian 12 and the install script

Remove tasks to delete existing VMs since VPS is newly created · Whonix/derivative-maker@3a045b1 · GitHub

Patrick · July 5, 2023, 12:36pm

Excellent! Thank you, most helpful!

Mycobee · July 7, 2023, 5:04pm

State of Automated GUI Testing

Posting so I remember historical context later of all the shit I did. It might be a while until this gets revisted, due to all the work that must be done with whonix/ks package site builder

Current Progress

Pulled WATS in to a repo I could work on GitHub - Mycobee/whonix_automated_test_suite: Whonix Automated GUI Testing Suite for CI
Set up automated builder CI pipeline to have two different paths…GUI builds happen when a tag is pushed, and headless builds happen when a commit is pushed. Ideally, in the future GUI testing will occur any time a tag is pushed.
made some of progress installing a GUI on the VPS host here and here
ran in to glitchy bugs using GUI and VNC on remote debian VPS host

Steps to Move Forward

Fix GUI host bugs…hopefully with Jeremy’s suggestion…otherwise may have to use terraform and AWS to remotely provision ec2 instance with GPU installed
Have CI run existing flaky wats suite for proof of concept (small lift once GUI bugs are ironed out…see previous PRs listed above)
Implement OpenQA testing…once this is in place building automated gui testing should be much more stable and dependable…iteration should be quicker.

Patrick · October 5, 2023, 5:15am

CI broken.

Mycobee · October 20, 2023, 2:12pm

Sorry for the delays. I was travelling, then I got sick as shit. Finally got around to fixing it this morning

Patrick · October 21, 2023, 11:54am

Do we need to gather_build_logs.yml or could we just use github’s default log function?

Patrick · October 21, 2023, 7:56pm

Maybe github has a maximum log size function?

Mycobee · October 22, 2023, 2:11pm

Githubs default log function is very useful for the contaimer they spin up, but it does not give us much observability on our digital ocean VM where the derivative maker building occurs. The ansible log gathering logic gives us much more detailed output when things break on the build step itself

Mycobee · November 3, 2023, 7:23pm

CI Roadmap

Moving forward with CI, here are some useful improvements to our CI

Preconfigured Runner VPS

We should utilize an existing img file in digitalocean instead of installing and configuring the box every time CI runs. We should split the ansible tasks out to have a build_machine_image role. The role should install all needed depedencies including virtualbox, and do all configuration unrelated to the actual code changes in derivative-maker

The role should conditionally run, ONLY when git changes are in the ./automated_builder directory. It should tag the new image in a sane way, and publish the image to digital ocean.

When a code change happens in any directory that is not ./automated_builder, the CI should load this image and run the steps to install the source code, and build the whonix images

Parallelize Builds

The workstation and the gateway do not need to run on the same machine. CI should spin up two VPS machines and run the builds in parallel. The logs should be updated to reflect these separate builds, and tagging of machines should be updated in digitalocean. Teardown should successfully destroy all these machines, and run regardless of any behavior.

We should assess the CPU and Memory usage of our images, and then decide whether or not we can scale down based on that. We should only use as much machine as we need to run the build efficiently, to save costs. CI is cheap as it is, but the cheaper we can make things, the better.

~~This might mean making different sized images for commit builds (headless), and tag builds (GUI + full depedencies)~~

Upon further research, both builds must be on same host. Investigate running these with gnu parallel on the same host, and determine how big of a box is needed to run as fast as possible without being over provisioned.

Documentation Overhaul

As CI becomes more leveraged, we need good documentation so that it can be more maintainable and understood. The wiki should be updated and we should ensure that we have some sort of visual representation of how the system works.

OpenQA Setup in CI

This one is going to be a big fucking task, but super important to the future of both Whonix and KS. We need a useful OpenQA setup. This probably will need to be split in to multiple subtasks.

Exploration of Further CI Usage

Take stock of other things we can automatically build with CI to ensure integrity

VirtualBox installer script? Etc. Some of this can likely be done with OpenQA, but there might be areas of our codebase we can utilize CI to make life easier for us all, and improve the development cycle.

Patrick · November 3, 2023, 7:53pm

Sounds all good!

This is nice however the prepare-release step requires both images to be present on the same hard drive.

Mycobee · November 3, 2023, 7:57pm

Ahh good to know. That would suck to do all that work and get blocked by that.

Patrick · April 19, 2024, 1:25pm

CI started having issues.

Lots of these.

warning: 766957415d1add40f1c1a4d6b308d7396446782e:.gitmodules, multiple configurations found for ‘submodule.packages/anon-apt-sources-list.path’. Skipping second one!

Not reproducible outside of the CI.

And somehow automated_builder/roles/headless-build/tasks/install_source.yml does not pass command line arguments to automated_builder/roles/common/templates/install_source.sh, hence the git checkout is failing.

Mycobee · April 19, 2024, 3:47pm

Yeah somehow not reading environment variables with branch name. Ill look in to it

Mycobee · April 29, 2024, 10:47pm

Hey @Patrick

Finally got a chance to dig in to this. Got the CI script install_source.sh working on my branch ci-fix-empty-env-vars

Unfortunately now the virtualbox installation script is failing. Any idea why?

/bin/sh: 1: /home/ansible/derivative-maker/packages/kicksecure/usability-misc/usr/bin/dist-installer-cli: not found

Once this is fixed, CI should be working again. Github changed around the name of some of their environment variables which broke our pipeline