CI: streamline packet jobs definition

- Take advantage of `parallel:matrix` to make the jobs definition shorter
  and more readable.
- Remove helper scripts which are no longer needed
- Remove redundant indirection in the gitlab-ci pipelines definitions
  (only one user)

.gitlab-ci.yml

@@ -59,18 +59,6 @@ before_script:
     - pre-commit            # lint
     - vagrant-validate      # lint
 
-.testcases: &testcases
-  extends: .job-moderated
-  interruptible: true
-  before_script:
-    - update-alternatives --install /usr/bin/python python /usr/bin/python3 1
-    - ./tests/scripts/rebase.sh
-    - ./tests/scripts/testcases_prepare.sh
-  script:
-    - ./tests/scripts/testcases_run.sh
-  after_script:
-    - ./tests/scripts/testcases_cleanup.sh
-
 # For failfast, at least 1 job must be defined in .gitlab-ci.yml
 # Premoderated with manual actions
 ci-not-authorized:

.gitlab-ci/packet.yml

@@ -1,6 +1,12 @@
 ---
 .packet:
-  extends: .testcases
+  extends: .job-moderated
+  interruptible: true
+  before_script:
+    - ./tests/scripts/rebase.sh
+    - mkdir -p cluster-dump
+  script:
+    - ./tests/scripts/testcases_run.sh
   variables:
     ANSIBLE_TIMEOUT: "120"
     CI_PLATFORM: packet
@@ -11,8 +17,12 @@
     - pipeline-image
     - ci-not-authorized
 
+# TODO: generate testcases matrixes from the files in tests/files/
+# this is needed to avoid the need for PR rebasing when a job was added or remvoed in the target branch
+# (currently, a removed job in the target branch breaks the tests, because the
+# pipeline definition is parsed by gitlab before the rebase.sh script)
 # CI template for PRs
-.packet_pr:
+packet_pr:
   stage: deploy-part1
   rules:
     - if: $PR_LABELS =~ /.*ci-short.*/
@@ -23,22 +33,39 @@
     - when: manual
       allow_failure: true
   extends: .packet
+  parallel:
+    matrix:
+      - TESTCASE:
+          - almalinux8-calico
+          - almalinux9-crio
+          - almalinux9-kube-ovn
+          - debian11-calico-collection
+          - debian11-macvlan
+          - debian12-cilium
+          - openeuler24-calico
+          - opensuse15-6-calico
+          - rockylinux8-calico
+          - rockylinux9-cilium
+          - ubuntu20-calico-all-in-one-hardening
+          - ubuntu20-cilium-sep
+          - ubuntu22-calico-all-in-one
+          - ubuntu22-calico-all-in-one-upgrade
+          - ubuntu24-calico-etcd-datastore
 
-  ## Uncomment this to have multiple stages
+# The ubuntu20-calico-all-in-one jobs are meant as early stages to prevent running the full CI if something is horribly broken
-  # needs:
+packet_ubuntu20-calico-all-in-one:
-  #   - packet_ubuntu20-calico-all-in-one
-
-.packet_pr_short:
   stage: deploy-part1
   extends: .packet
+  variables:
+    TESTCASE: ubuntu20-calico-all-in-one
   rules:
     - if: $CI_COMMIT_BRANCH =~ /^pr-.*$/
       when: on_success
     - when: manual
       allow_failure: true
 
-.packet_pr_manual:
+packet_pr_full:
-  extends: .packet_pr
+  extends: .packet
   stage: deploy-extended
   rules:
     - if: $PR_LABELS =~ /.*ci-full.*/
@@ -46,212 +73,72 @@
     # Else run as manual
     - when: manual
       allow_failure: true
+  parallel:
+    matrix:
+      - TESTCASE:
+          - almalinux9-calico-ha-ebpf
+          - almalinux9-calico-nodelocaldns-secondary
+          - debian11-custom-cni
+          - debian11-kubelet-csr-approver
+          - debian12-custom-cni-helm
+          - fedora39-calico-swap-selinux
+          - fedora39-crio
+          - ubuntu20-all-in-one-docker
+          - ubuntu20-calico-ha-wireguard
+          - ubuntu20-flannel-ha
+          - ubuntu20-flannel-ha-once
 
-.packet_pr_extended:
+# Need an update of the container image to use schema v2
-  extends: .packet_pr
+# update: quay.io/kubespray/vm-amazon-linux-2:latest
+packet_manual:
+  extends: packet_pr_full
+  parallel:
+    matrix:
+      - TESTCASE:
+          - amazon-linux-2-all-in-one
+  rules:
+    - when: manual
+      allow_failure: true
+
+packet_pr_extended:
+  extends: .packet
   stage: deploy-extended
   rules:
     - if: $PR_LABELS =~ /.*(ci-extended|ci-full).*/
       when: on_success
     - when: manual
       allow_failure: true
+  parallel:
+    matrix:
+      - TESTCASE:
+          - almalinux9-calico
+          - almalinux9-calico-remove-node
+          - almalinux9-docker
+          - debian11-docker
+          - debian12-calico
+          - debian12-docker
+          - opensuse15-6-docker-cilium
+          - rockylinux9-calico
+          - ubuntu20-calico-etcd-kubeadm
+          - ubuntu22-all-in-one-docker
+          - ubuntu24-all-in-one-docker
+          - ubuntu24-calico-all-in-one
 
-# CI template for periodic CI jobs
 # Enabled when PERIODIC_CI_ENABLED var is set
-.packet_periodic:
+packet_periodic:
   only:
     variables:
       - $PERIODIC_CI_ENABLED
   allow_failure: true
   extends: .packet
-
+  parallel:
-# The ubuntu20-calico-all-in-one jobs are meant as early stages to prevent running the full CI if something is horribly broken
+    matrix:
-packet_ubuntu20-calico-all-in-one:
+      - TESTCASE:
-  stage: deploy-part1
+          - debian11-calico-upgrade
-  extends: .packet_pr_short
+          - debian11-calico-upgrade-once
-  variables:
+          - debian12-cilium-svc-proxy
-    RESET_CHECK: "true"
+          - fedora39-calico-selinux
-
+          - fedora40-docker-calico
-# ### PR JOBS PART2
+          - ubuntu20-calico-etcd-kubeadm-upgrade-ha
-
+          - ubuntu20-calico-ha-recover
-packet_ubuntu20-crio:
+          - ubuntu20-calico-ha-recover-noquorum
-  extends: .packet_pr_manual
-
-packet_ubuntu22-calico-all-in-one:
-  extends: .packet_pr
-
-packet_ubuntu22-calico-all-in-one-upgrade:
-  extends: .packet_pr
-  variables:
-    UPGRADE_TEST: graceful
-
-packet_ubuntu24-calico-etcd-datastore:
-  extends: .packet_pr
-
-packet_almalinux9-crio:
-  extends: .packet_pr
-
-packet_almalinux9-kube-ovn:
-  extends: .packet_pr
-
-packet_debian11-calico-collection:
-  extends: .packet_pr
-
-packet_debian11-macvlan:
-  extends: .packet_pr
-
-packet_debian12-cilium:
-  extends: .packet_pr
-
-packet_almalinux8-calico:
-  extends: .packet_pr
-
-packet_rockylinux8-calico:
-  extends: .packet_pr
-
-packet_rockylinux9-cilium:
-  extends: .packet_pr
-  variables:
-    RESET_CHECK: "true"
-
-# Need an update of the container image to use schema v2
-# update: quay.io/kubespray/vm-amazon-linux-2:latest
-packet_amazon-linux-2-all-in-one:
-  extends: .packet_pr_manual
-  rules:
-    - when: manual
-      allow_failure: true
-
-packet_opensuse15-6-calico:
-  extends: .packet_pr
-
-packet_ubuntu20-cilium-sep:
-  extends: .packet_pr
-
-packet_openeuler24-calico:
-  extends: .packet_pr
-
-packet_ubuntu20-calico-all-in-one-hardening:
-  extends: .packet_pr
-
-## Extended
-packet_debian11-docker:
-  extends: .packet_pr_extended
-
-packet_debian12-docker:
-  extends: .packet_pr_extended
-
-packet_debian12-calico:
-  extends: .packet_pr_extended
-
-packet_almalinux9-calico-remove-node:
-  extends: .packet_pr_extended
-  variables:
-    REMOVE_NODE_CHECK: "true"
-    REMOVE_NODE_NAME: "instance-3"
-
-packet_rockylinux9-calico:
-  extends: .packet_pr_extended
-
-packet_almalinux9-calico:
-  extends: .packet_pr_extended
-
-packet_almalinux9-docker:
-  extends: .packet_pr_extended
-
-packet_opensuse15-6-docker-cilium:
-  extends: .packet_pr_extended
-
-packet_ubuntu24-calico-all-in-one:
-  extends: .packet_pr_extended
-
-packet_ubuntu20-calico-etcd-kubeadm:
-  extends: .packet_pr_extended
-
-packet_ubuntu24-all-in-one-docker:
-  extends: .packet_pr_extended
-
-packet_ubuntu22-all-in-one-docker:
-  extends: .packet_pr_extended
-
-# ### MANUAL JOBS
-packet_fedora39-crio:
-  extends: .packet_pr_manual
-
-packet_ubuntu20-flannel-ha:
-  extends: .packet_pr_manual
-
-packet_ubuntu20-all-in-one-docker:
-  extends: .packet_pr_manual
-
-packet_ubuntu20-flannel-ha-once:
-  extends: .packet_pr_manual
-
-packet_fedora39-calico-swap-selinux:
-  extends: .packet_pr_manual
-
-packet_almalinux9-calico-ha-ebpf:
-  extends: .packet_pr_manual
-
-packet_almalinux9-calico-nodelocaldns-secondary:
-  extends: .packet_pr_manual
-
-packet_debian11-custom-cni:
-  extends: .packet_pr_manual
-
-packet_debian11-kubelet-csr-approver:
-  extends: .packet_pr_manual
-
-packet_debian12-custom-cni-helm:
-  extends: .packet_pr_manual
-
-packet_ubuntu20-calico-ha-wireguard:
-  extends: .packet_pr_manual
-
-# PERIODIC
-packet_fedora40-docker-calico:
-  stage: deploy-extended
-  extends: .packet_periodic
-  variables:
-    RESET_CHECK: "true"
-
-packet_fedora39-calico-selinux:
-  stage: deploy-extended
-  extends: .packet_periodic
-
-packet_ubuntu20-calico-etcd-kubeadm-upgrade-ha:
-  stage: deploy-extended
-  extends: .packet_periodic
-  variables:
-    UPGRADE_TEST: basic
-
-
-packet_debian11-calico-upgrade-once:
-  stage: deploy-extended
-  extends: .packet_periodic
-  variables:
-    UPGRADE_TEST: graceful
-
-packet_ubuntu20-calico-ha-recover:
-  stage: deploy-extended
-  extends: .packet_periodic
-  variables:
-    RECOVER_CONTROL_PLANE_TEST: "true"
-    RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[2:]:kube_control_plane[1:]"
-
-packet_ubuntu20-calico-ha-recover-noquorum:
-  stage: deploy-extended
-  extends: .packet_periodic
-  variables:
-    RECOVER_CONTROL_PLANE_TEST: "true"
-    RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[1:]:kube_control_plane[1:]"
-
-packet_debian11-calico-upgrade:
-  stage: deploy-extended
-  extends: .packet_periodic
-  variables:
-    UPGRADE_TEST: graceful
-
-packet_debian12-cilium-svc-proxy:
-  stage: deploy-extended
-  extends: .packet_periodic

tests/cloud_playbooks/roles/packet-ci/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: Include custom vars for ci job
-  include_vars: "../files/{{ lookup('ansible.builtin.env', 'CI_JOB_NAME') }}.yml"
+  include_vars: "../files/{{ lookup('ansible.builtin.env', 'TESTCASE') }}.yml"
   when: molecule_yml is not defined
 
 - name: Generate SSH keypair

tests/files/almalinux9-calico-remove-node

@@ -0,0 +1,2 @@
+REMOVE_NODE_CHECK=true
+REMOVE_NODE_NAME=instance-3

tests/files/debian11-calico-upgrade

@@ -0,0 +1 @@
+UPGRADE_TEST=graceful

tests/files/debian11-calico-upgrade-once

@@ -0,0 +1 @@
+UPGRADE_TEST=graceful

tests/files/fedora40-docker.calico

@@ -0,0 +1 @@
+RESET_CHECK=true

tests/files/rockylinux9-cilium

@@ -0,0 +1 @@
+RESET_CHECK=true

tests/files/ubuntu20-calico-all-in-one

@@ -0,0 +1 @@
+RESET_CHECK=true

tests/files/ubuntu20-calico-etcd-kubeadm-upgrade-ha

@@ -0,0 +1 @@
+UPGRADE_TEST=basic

tests/files/ubuntu20-calico-ha-recover

@@ -0,0 +1,2 @@
+RECOVER_CONTROL_PLANE_TEST=true
+RECOVER_CONTROL_PLANE_TEST_GROUPS="etcd[2:]:kube_control_plane[1:]"

tests/files/ubuntu20-calico-ha-recover-noquorum

@@ -0,0 +1,2 @@
+RECOVER_CONTROL_PLANE_TEST=true
+RECOVER_CONTROL_PLANE_TEST_GROUPS="etcd[1:]:kube_control_plane[1:]"

tests/files/ubuntu22-calico-all-in-one-upgrade

@@ -0,0 +1 @@
+UPGRADE_TEST=graceful

tests/scripts/md-table/main.py

@@ -90,7 +90,7 @@ for f in files:
 
     container_manager = y.get('container_manager', 'containerd')
     network_plugin = y.get('kube_network_plugin', 'calico')
-    x = re.match(r"^[a-z-]+_([a-z0-9]+).*", f.name)
+    x = re.match(r"^([a-z-]+_)?([a-z0-9]+).*", f.name)
-    operating_system = x.group(1)
+    operating_system = x.group(2)
     data.set(container_manager=container_manager, network_plugin=network_plugin, os=operating_system)
 print(data.jinja(), file=open(args.output, 'w'))

tests/scripts/testcases_cleanup.sh

@@ -1,4 +0,0 @@
-#!/bin/bash
-set -euxo pipefail
-
-make -C tests delete-${CI_PLATFORM} -s

tests/scripts/testcases_prepare.sh

@@ -1,7 +0,0 @@
-#!/bin/bash
-set -euxo pipefail
-
-mkdir -p /.ssh
-mkdir -p cluster-dump
-mkdir -p $HOME/.ssh
-ansible-playbook --version

tests/scripts/testcases_run.sh

@@ -1,19 +1,9 @@
 #!/bin/bash
 set -euxo pipefail
 
-echo "CI_JOB_NAME is $CI_JOB_NAME"
+echo "TESTCASE is $TESTCASE"
 
-if [[ "$CI_JOB_NAME" =~ "upgrade" ]]; then
+source tests/files/$TESTCASE || true
-  if [ "${UPGRADE_TEST}" == "false" ]; then
-    echo "Job name contains 'upgrade', but UPGRADE_TEST='false'"
-    exit 1
-  fi
-else
-  if [ "${UPGRADE_TEST}" != "false" ]; then
-    echo "UPGRADE_TEST!='false', but job names does not contain 'upgrade'"
-    exit 1
-  fi
-fi
 
 # Check out latest tag if testing upgrade
 if [ "${UPGRADE_TEST}" != "false" ]; then
@@ -31,7 +21,7 @@ make -C tests create-${CI_PLATFORM} -s
 # Test collection build and install by installing our collection, emptying our repository, adding
 # cluster.yml, reset.yml, and remote-node.yml files that simply point to our collection's playbooks, and then
 # running the same tests as before
-if [[ "${CI_JOB_NAME}" =~ "collection" ]]; then
+if [[ "${TESTCASE}" =~ "collection" ]]; then
   # Build and install collection
   ansible-galaxy collection build
   ansible-galaxy collection install kubernetes_sigs-kubespray-$(grep "^version:" galaxy.yml | awk '{print $2}').tar.gz
@@ -69,7 +59,7 @@ shift
 # We can set --limit here and still pass it as supplemental args because `--limit`  is a 'last one wins' option
 ansible-playbook \
     -e @tests/common_vars.yml \
-    -e @tests/files/${CI_JOB_NAME}.yml \
+    -e @tests/files/${TESTCASE}.yml \
     -e local_release_dir=${PWD}/downloads \
     "$@" \
     ${playbook}
@@ -111,10 +101,10 @@ run_playbook tests/testcases/015_check-nodes-ready.yml
 
 ## Test that all nodes are Ready
 
-if [[ ! ( "$CI_JOB_NAME" =~ "macvlan" ) ]]; then
+if [[ ! ( "$TESTCASE" =~ "macvlan" ) ]]; then
     run_playbook tests/testcases/020_check-pods-running.yml
     run_playbook tests/testcases/030_check-network.yml
-    if [[ ! ( "$CI_JOB_NAME" =~ "hardening" ) ]]; then
+    if [[ ! ( "$TESTCASE" =~ "hardening" ) ]]; then
       # TODO: We need to remove this condition by finding alternative container
       # image instead of netchecker which doesn't work at hardening environments.
       run_playbook tests/testcases/040_check-network-adv.yml