From 468487082a6cb759001de55f71d76956e41c3c96 Mon Sep 17 00:00:00 2001
From: Nicolas Mattia <nicolas.mattia@dfinity.org>
Date: Tue, 12 Nov 2024 16:23:29 +0100
Subject: [PATCH] wip

---
 rs/ic_os/metrics_tool/src/lib.rs           |  2 +-
 rs/tests/driver/src/driver/test_env_api.rs | 22 ++++++----
 rs/tests/system_tests.bzl                  | 48 ++++++++++++++++++----
 3 files changed, 56 insertions(+), 16 deletions(-)

diff --git a/rs/ic_os/metrics_tool/src/lib.rs b/rs/ic_os/metrics_tool/src/lib.rs
index 02bb129c55d..5269fa4bd1a 100644
--- a/rs/ic_os/metrics_tool/src/lib.rs
+++ b/rs/ic_os/metrics_tool/src/lib.rs
@@ -16,7 +16,7 @@ impl Metric {
         Self {
             name: name.to_string(),
             value,
-            annotation: "Custom metric".to_string(),
+            annotation: "Custom metric hahaho".to_string(),
             labels: Vec::new(),
         }
     }
diff --git a/rs/tests/driver/src/driver/test_env_api.rs b/rs/tests/driver/src/driver/test_env_api.rs
index cf415fe6873..5ccc5a45a6f 100644
--- a/rs/tests/driver/src/driver/test_env_api.rs
+++ b/rs/tests/driver/src/driver/test_env_api.rs
@@ -225,6 +225,7 @@ const INFRA_GROUP_CREATED_EVENT_NAME: &str = "infra_group_name_created_event";
 const KIBANA_URL_CREATED_EVENT_NAME: &str = "kibana_url_created_event";
 pub type NodesInfo = HashMap<NodeId, Option<MaliciousBehaviour>>;
 
+// TODO: necessary? why not used everywhere?
 pub fn bail_if_sha256_invalid(sha256: &str, opt_name: &str) -> Result<()> {
     let l = sha256.len();
     if !(l == 64 && sha256.chars().all(|c| c.is_ascii_hexdigit())) {
@@ -1127,7 +1128,9 @@ pub fn get_elasticsearch_hosts() -> Result<Vec<String>> {
 }
 
 pub fn get_ic_os_img_url() -> Result<Url> {
-    let url = read_dependency_from_env_to_string("ENV_DEPS__DEV_DISK_IMG_TAR_ZST_CAS_URL")?;
+    //let url = read_dependency_from_env_to_string("ENV_DEPS__DEV_DISK_IMG_TAR_ZST_CAS_URL")?;
+    let sha256 = get_ic_os_img_sha256()?;
+    let url = format!("https://artifacts.zh1-idx1.dfinity.network/cas/{sha256}");
     Ok(Url::parse(&url)?)
 }
 
@@ -1138,8 +1141,8 @@ pub fn get_ic_os_img_sha256() -> Result<String> {
 }
 
 pub fn get_malicious_ic_os_img_url() -> Result<Url> {
-    let url =
-        read_dependency_from_env_to_string("ENV_DEPS__DEV_MALICIOUS_DISK_IMG_TAR_ZST_CAS_URL")?;
+    let sha256 = get_malicious_ic_os_img_sha256()?;
+    let url = format!("https://artifacts.zh1-idx1.dfinity.network/cas/{sha256}");
     Ok(Url::parse(&url)?)
 }
 
@@ -1151,7 +1154,9 @@ pub fn get_malicious_ic_os_img_sha256() -> Result<String> {
 }
 
 pub fn get_ic_os_update_img_url() -> Result<Url> {
-    let url = read_dependency_from_env_to_string("ENV_DEPS__DEV_UPDATE_IMG_TAR_ZST_CAS_URL")?;
+    //let url = read_dependency_from_env_to_string("ENV_DEPS__DEV_UPDATE_IMG_TAR_ZST_CAS_URL")?;
+    let sha256 = get_ic_os_update_img_sha256()?;
+    let url = format!("https://artifacts.zh1-idx1.dfinity.network/cas/{sha256}");
     Ok(Url::parse(&url)?)
 }
 
@@ -1174,8 +1179,8 @@ pub fn get_ic_os_update_img_test_sha256() -> Result<String> {
 }
 
 pub fn get_malicious_ic_os_update_img_url() -> Result<Url> {
-    let url =
-        read_dependency_from_env_to_string("ENV_DEPS__DEV_MALICIOUS_UPDATE_IMG_TAR_ZST_CAS_URL")?;
+    let sha256 = get_malicious_ic_os_update_img_sha256()?;
+    let url = format!("https://artifacts.zh1-idx1.dfinity.network/cas/{sha256}");
     Ok(Url::parse(&url)?)
 }
 
@@ -1212,8 +1217,9 @@ pub fn get_mainnet_ic_os_update_img_url() -> Result<Url> {
 }
 
 pub fn get_hostos_update_img_test_url() -> Result<Url> {
-    let url =
-        read_dependency_from_env_to_string("ENV_DEPS__DEV_HOSTOS_UPDATE_IMG_TEST_TAR_ZST_CAS_URL")?;
+    // TODO: look up from env (no need to repeat this every time)
+    let sha256 = get_hostos_update_img_test_sha256()?;
+    let url = format!("https://artifacts.zh1-idx1.dfinity.network/cas/{sha256}");
     Ok(Url::parse(&url)?)
 }
 
diff --git a/rs/tests/system_tests.bzl b/rs/tests/system_tests.bzl
index 4b92839ac27..b46e8d4c35d 100644
--- a/rs/tests/system_tests.bzl
+++ b/rs/tests/system_tests.bzl
@@ -20,11 +20,30 @@ def _run_system_test(ctx):
         is_executable = True,
         content = """#!/bin/bash
             set -eEuo pipefail
+
+            # TODO: explain
+            for image in $ICOS_IMAGES; do
+                echo found ic-os image "$image"
+                image_sha256=$(sha256sum "$image" | cut -d' ' -f1)
+                echo "  sha256: '$image_sha256'"
+                url="https://artifacts.zh1-idx1.dfinity.network/cas/$image_sha256"
+
+                echo "  image CAS URL is '$url'"
+
+                if ! curl --silent --fail --head "$url" >/dev/null; then
+                    echo "  image not uploaded yet, uploading"
+                    curl --silent --fail "$url" --upload-file "$image"
+                else
+                    echo "  image already uploaded"
+                fi
+            done
+
             # We export RUNFILES such that the from_location_specified_by_env_var() function in
             # rs/rust_canisters/canister_test/src/canister.rs can find canisters
             # relative to the $RUNFILES directory.
             export RUNFILES="$PWD"
             KUBECONFIG=$RUNFILES/${{KUBECONFIG:-}}
+
             mkdir "$TEST_TMPDIR/root_env"
             "$RUNFILES/{test_executable}" \
               --working-dir "$TEST_TMPDIR" \
@@ -51,13 +70,21 @@ def _run_system_test(ctx):
     env |= {
         "VOLATILE_STATUS_FILE_PATH": ctx.version_file.short_path,
     }
+
+    # TODO: explain
+    icos_images = ctx.files.icos_images
+    env |= {
+        "ICOS_IMAGES": " ".join([ image.short_path for image in icos_images ]),
+    }
+
     if ctx.executable.colocated_test_bin != None:
         env["COLOCATED_TEST_BIN"] = ctx.executable.colocated_test_bin.short_path
 
     if k8s:
         env["KUBECONFIG"] = ctx.file._k8sconfig.path
 
-    runtime_deps = [depset([ctx.file._k8sconfig])]
+    runtime_deps = [depset([ctx.file._k8sconfig] + icos_images)]
+
     for target in ctx.attr.runtime_deps:
         runtime_deps.append(target.files)
 
@@ -96,6 +123,7 @@ run_system_test = rule(
         "_k8s": attr.label(default = "//rs/tests:k8s"),
         "_k8sconfig": attr.label(allow_single_file = True, default = "@kubeconfig//:kubeconfig.yaml"),
         "runtime_deps": attr.label_list(allow_files = True),
+        "icos_images": attr.label_list(allow_files = True),
         "env_deps": attr.label_keyed_string_dict(allow_files = True),
         "env_inherit": attr.string_list(doc = "Specifies additional environment variables to inherit from the external environment when the test is executed by bazel test."),
     },
@@ -195,31 +223,35 @@ def system_test(
     # NOTE: we use "ENV_DEPS__" as prefix for env variables, which are passed to system-tests via Bazel.
     _env_deps[_guestos + "version.txt"] = "ENV_DEPS__IC_VERSION_FILE"
 
+    icos_images = []
+
     if uses_guestos_dev:
-        _env_deps[_guestos + "disk-img.tar.zst.cas-url"] = "ENV_DEPS__DEV_DISK_IMG_TAR_ZST_CAS_URL"
+        icos_images.append(_guestos + "disk-img.tar.zst")
         _env_deps[_guestos + "disk-img.tar.zst.sha256"] = "ENV_DEPS__DEV_DISK_IMG_TAR_ZST_SHA256"
-        _env_deps[_guestos + "update-img.tar.zst.cas-url"] = "ENV_DEPS__DEV_UPDATE_IMG_TAR_ZST_CAS_URL"
+
+        icos_images.append(_guestos + "update-img.tar.zst")
         _env_deps[_guestos + "update-img.tar.zst.sha256"] = "ENV_DEPS__DEV_UPDATE_IMG_TAR_ZST_SHA256"
 
     if uses_hostos_dev_test:
-        _env_deps[_hostos + "update-img-test.tar.zst.cas-url"] = "ENV_DEPS__DEV_HOSTOS_UPDATE_IMG_TEST_TAR_ZST_CAS_URL"
+        icos_images.append(_hostos + "update-img-test.tar.zst")
         _env_deps[_hostos + "update-img-test.tar.zst.sha256"] = "ENV_DEPS__DEV_HOSTOS_UPDATE_IMG_TEST_TAR_ZST_SHA256"
 
+    # TODO: whole block unused?
     if uses_setupos_dev:
         _env_deps[_setupos + "disk-img.tar.zst"] = "ENV_DEPS__DEV_SETUPOS_IMG_TAR_ZST"
         _env_deps["//rs/ic_os/dev_test_tools/setupos-disable-checks"] = "ENV_DEPS__SETUPOS_DISABLE_CHECKS"
         _env_deps["//rs/ic_os/dev_test_tools/setupos-inject-configuration"] = "ENV_DEPS__SETUPOS_INJECT_CONFIGS"
 
     if uses_guestos_dev_test:
-        _env_deps[_guestos + "update-img-test.tar.zst.cas-url"] = "ENV_DEPS__DEV_UPDATE_IMG_TEST_TAR_ZST_CAS_URL"
+        icos_images.append(_guestos + "update-img-test.tar.zst")
         _env_deps[_guestos + "update-img-test.tar.zst.sha256"] = "ENV_DEPS__DEV_UPDATE_IMG_TEST_TAR_ZST_SHA256"
 
     if malicious:
         _guestos_malicous = "//ic-os/guestos/envs/dev-malicious:"
 
-        _env_deps[_guestos_malicous + "disk-img.tar.zst.cas-url"] = "ENV_DEPS__DEV_MALICIOUS_DISK_IMG_TAR_ZST_CAS_URL"
+        icos_images.append(_guestos_malicous + "disk-img.tar.zst")
         _env_deps[_guestos_malicous + "disk-img.tar.zst.sha256"] = "ENV_DEPS__DEV_MALICIOUS_DISK_IMG_TAR_ZST_SHA256"
-        _env_deps[_guestos_malicous + "update-img.tar.zst.cas-url"] = "ENV_DEPS__DEV_MALICIOUS_UPDATE_IMG_TAR_ZST_CAS_URL"
+        icos_images.append(_guestos_malicous + "update-img.tar.zst")
         _env_deps[_guestos_malicous + "update-img.tar.zst.sha256"] = "ENV_DEPS__DEV_MALICIOUS_UPDATE_IMG_TAR_ZST_SHA256"
 
     run_system_test(
@@ -228,6 +260,7 @@ def system_test(
         runtime_deps = runtime_deps,
         env_deps = _env_deps,
         env = env,
+        icos_images = icos_images,
         env_inherit = env_inherit,
         tags = tags + ["requires-network", "system_test"] +
                (["manual"] if "experimental_system_test_colocation" in tags else []),
@@ -264,6 +297,7 @@ def system_test(
         env_deps = _env_deps,
         env_inherit = env_inherit,
         env = env,
+        icos_images = icos_images,
         tags = tags + ["requires-network", "system_test"] +
                (["colocated"] if "experimental_system_test_colocation" in tags else ["manual"]) +
                additional_colocate_tags,