electrocucaracha/Vagrantfile

## init.sh
#!/bin/bash
# SPDX-license-identifier: Apache-2.0
##############################################################################
# Copyright (c)
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################

set -o pipefail
set -o errexit
set -o nounset
if [[ "${MATTER_DEBUG:-false}" == "true" ]]; then
    set -o xtrace
    export PKG_DEBUG=true
fi

export HOME=${HOME:-$(pwd)}
export USER=${USER:-$(whoami)}
matter_img=${MATTER_IMG:-}
if [ "$(curl --connect-timeout 1 http://169.254.169.254/latest -s -o /dev/null -w "%{http_code}")" != "000" ]; then
    TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
    if [ "$(curl --connect-timeout 1 -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/Name -s -o /dev/null -w "%{http_code}")" == "200" ]; then
        name=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/tags/instance/Name)
        if [ -n "${name}" ]; then
            matter_img=${name//matter/}
        fi
    fi
fi

# info() - This function prints an information message in the standard output
function info {
    _print_msg "INFO" "$1"
}

function _print_msg {
    printf "\n%s - %s: %s\n" "$(date +%H:%M:%S)" "$1" "$2"
}

info "Starting test for matter$matter_img image"

# Install Requirements
info "Installing build dependencies"
if ! command -v curl; then
    # shellcheck disable=SC1091
    source /etc/os-release || source /usr/lib/os-release
    case ${ID,,} in
        ubuntu|debian)
            sudo apt-get update -qq > /dev/null
            sudo apt-get install -y -qq -o=Dpkg::Use-Pty=0 curl
        ;;
    esac
fi

# NOTE: Shorten link -> https://github.com/electrocucaracha/pkg-mgr_scripts
curl -fsSL http://bit.ly/install_pkg | PKG_COMMANDS_LIST="docker,act,git" bash

# Configure repositories
if [ ! -d /opt/connectedhomeip ]; then
    info "Cloning matter source code"
    sudo git clone --depth 1 --recursive --branch "${MATTER_BRANCH:-master}" \
    "https://github.com/${MATTER_REPO:-project-chip}/connectedhomeip" \
    /opt/connectedhomeip
    sudo chown -R "$USER" /opt/connectedhomeip
fi
find /opt/connectedhomeip/.github/workflows/ -name "*.yaml" -type f \
-exec sed -i "s|image: connectedhomeip/chip-build${matter_img}:.*|image: connectedhomeip/chip-build${matter_img}:latest|g" {} \;

info "Configuring act tool"
cat << EOT > "$HOME/.actrc"
-P ubuntu-latest=ghcr.io/catthehacker/ubuntu:full-latest
-P ubuntu-20.04=ghcr.io/catthehacker/ubuntu:full-20.04
-P ubuntu-18.04=ghcr.io/catthehacker/ubuntu:full-18.04
ubuntu-16.04=ghcr.io/catthehacker/ubuntu:full-16.04
EOT

# Build Docker image
if [[ -z "$(sudo docker images --filter=reference="connectedhomeip/chip-build${matter_img}:latest" -q)" ]]; then
    info "Building connectedhomeip/chip-build${matter_img} latest image"
    pushd "/opt/connectedhomeip/integrations/docker/images/chip-build${matter_img}"
    newgrp docker <<EONG
    ./build.sh --latest
EONG
    popd
fi

# Check GitHub Actions impacted
pushd /opt/connectedhomeip/
for workflow in $(grep -r "image: connectedhomeip/chip-build${matter_img}:latest" .github/workflows | awk -F ':' '{ print $1}' | sort | uniq); do
    for job in $(act --list | grep "$(basename "$workflow")" | awk '{ print $2}'); do
        info "Running $job job from $workflow workflow"
        trap "echo 'ERROR $job has failed'" EXIT
        newgrp docker <<EONG
        act --job "$job" --privileged
EONG
    done
done
popd

## main.tf
terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      # version = ">= 3.72" instance_metadata_tags support (# https://github.com/hashicorp/terraform-provider-aws/pull/22463)
      version = ">= 3.71"
    }
  }
}

# Configure the AWS Provider
provider "aws" {
  region = local.region
}

locals {
  region = "us-west-1"
}

module "matter_sg" {
  source  = "terraform-aws-modules/security-group/aws"
  version = "~> 4.0"

  name        = "matter-security_group"
  description = "Security group for accessing matter VMs from outside"
  vpc_id      = module.network_lab.vpc_id

  ingress_cidr_blocks = ["0.0.0.0/0"]
  ingress_rules       = ["all-icmp", "ssh-tcp"]
  egress_rules        = ["all-all"]
}

resource "aws_instance" "matter_instances" {
  for_each = toset(var.images)

  ami           = data.aws_ami.ubuntu.id
  instance_type = "c5.4xlarge"
  user_data     = file("init.sh")

  subnet_id              = element(module.network_lab.public_subnets, 0)
  vpc_security_group_ids = [module.matter_sg.security_group_id]

  key_name   = aws_key_pair.key_pair.id
  monitoring = true

  metadata_options {
    http_endpoint = "enabled"
    http_tokens   = "required"
    # instance_metadata_tags = "enabled"
  }

  root_block_device {
    encrypted   = true
    volume_size = 20
  }

  tags = {
    Name = "matter${each.key}"
  }
}

data "aws_ami" "ubuntu" {
  most_recent = true
  owners      = ["099720109477"]

  filter {
    name   = "name"
    values = ["ubuntu-minimal/images/hvm-ssd/ubuntu-focal-20.04-amd64-minimal-*"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }
}

resource "aws_key_pair" "key_pair" {
  public_key = file(var.ssh_public_key_path)
}

data "aws_availability_zones" "available" {
  state = "available"
}

module "network_lab" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "~> 3.0"

  name = "matter-network"
  cidr = "10.0.0.0/16"

  azs                = [data.aws_availability_zones.available.names[0]]
  private_subnets    = ["10.0.1.0/24"]
  public_subnets     = ["10.0.101.0/24"]
  enable_nat_gateway = true
}

## Vagrantfile
# frozen_string_literal: true

# -*- mode: ruby -*-
# vi: set ft=ruby :
##############################################################################
# Copyright (c)
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################

host = RbConfig::CONFIG['host_os']

no_proxy = ENV['NO_PROXY'] || ENV['no_proxy'] || '127.0.0.1,localhost'
(1..254).each do |i|
  no_proxy += ",10.0.2.#{i}"
end

case host
when /darwin/
  mem = `sysctl -n hw.memsize`.to_i / 1024
when /linux/
  mem = `grep 'MemTotal' /proc/meminfo | sed -e 's/MemTotal://' -e 's/ kB//'`.to_i
when /mswin|mingw|cygwin/
  mem = `wmic computersystem Get TotalPhysicalMemory`.split[1].to_i / 1024
end

Vagrant.configure('2') do |config|
  config.vm.provider :libvirt
  config.vm.provider :virtualbox

  config.vm.box = 'generic/ubuntu2004'
  config.vm.box_check_update = false
  config.vm.synced_folder './', '/vagrant'
  config.vm.provision 'shell', privileged: false do |sh|
    sh.env = {
      MATTER_IMG: ENV['MATTER_IMG'],
      MATTER_DEBUG: ENV['MATTER_DEBUG'] || 'true'
    }
    sh.inline = <<-SHELL
      set -o errexit
      set -o pipefail

      for matter_var in $(printenv | grep MATTER_); do echo "export $matter_var" | sudo tee --append /etc/environment ; done
      cd /vagrant
      ./init.sh | tee ~/init.log
    SHELL
  end

  %i[virtualbox libvirt].each do |provider|
    config.vm.provider provider do |p|
      p.cpus = ENV['CPUS'] || 2
      p.memory = ENV['MEMORY'] || mem / 1024 / 4
    end
  end
  config.vm.provider 'virtualbox' do |v|
    v.gui = false
    v.customize ['modifyvm', :id, '--nictype1', 'virtio', '--cableconnected1', 'on']
    # https://bugs.launchpad.net/cloud-images/+bug/1829625/comments/2
    v.customize ['modifyvm', :id, '--uart1', '0x3F8', '4']
    v.customize ['modifyvm', :id, '--uartmode1', 'file', File::NULL]
    # Enable nested paging for memory management in hardware
    v.customize ['modifyvm', :id, '--nestedpaging', 'on']
    # Use large pages to reduce Translation Lookaside Buffers usage
    v.customize ['modifyvm', :id, '--largepages', 'on']
    # Use virtual processor identifiers  to accelerate context switching
    v.customize ['modifyvm', :id, '--vtxvpid', 'on']
  end

  config.vm.provider :libvirt do |v, override|
    override.vm.synced_folder './', '/vagrant', type: 'nfs'
    v.random_hostname = true
    v.management_network_address = '10.0.2.0/24'
    v.management_network_name = 'administration'
    v.cpu_mode = 'host-passthrough'
  end

  if !ENV['http_proxy'].nil? && !ENV['https_proxy'].nil? && Vagrant.has_plugin?('vagrant-proxyconf')
    config.proxy.http = ENV['http_proxy'] || ENV['HTTP_PROXY'] || ''
    config.proxy.https    = ENV['https_proxy'] || ENV['HTTPS_PROXY'] || ''
    config.proxy.no_proxy = no_proxy
    config.proxy.enabled = { docker: false }
  end
end

## variables.tf
variable "ssh_public_key_path" {
  description = "SSH public key file path"
  default     = "~/.ssh/id_rsa.pub"
}

variable "images" {
  type    = list(string)
  default = ["", "-ameba", "-android", "-cirque", "-crosscompile", "-doxygen", "-efr32", "-esp32", "-esp32-qemu", "-infineon", "-k32w", "-mbed-os", "-nrf-platform", "-telink", "-tizen", "-vscode", "-zap"]
}
	#!/bin/bash
	# SPDX-license-identifier: Apache-2.0
	##############################################################################
	# Copyright (c)
	# All rights reserved. This program and the accompanying materials
	# are made available under the terms of the Apache License, Version 2.0
	# which accompanies this distribution, and is available at
	# http://www.apache.org/licenses/LICENSE-2.0
	##############################################################################

	set -o pipefail
	set -o errexit
	set -o nounset
	if [[ "${MATTER_DEBUG:-false}" == "true" ]]; then
	set -o xtrace
	export PKG_DEBUG=true
	fi

	export HOME=${HOME:-$(pwd)}
	export USER=${USER:-$(whoami)}
	matter_img=${MATTER_IMG:-}
	if [ "$(curl --connect-timeout 1 http://169.254.169.254/latest -s -o /dev/null -w "%{http_code}")" != "000" ]; then
	TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
	if [ "$(curl --connect-timeout 1 -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/tags/instance/Name -s -o /dev/null -w "%{http_code}")" == "200" ]; then
	name=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/tags/instance/Name)
	if [ -n "${name}" ]; then
	matter_img=${name//matter/}
	fi
	fi
	fi

	# info() - This function prints an information message in the standard output
	function info {
	_print_msg "INFO" "$1"
	}

	function _print_msg {
	printf "\n%s - %s: %s\n" "$(date +%H:%M:%S)" "$1" "$2"
	}

	info "Starting test for matter$matter_img image"

	# Install Requirements
	info "Installing build dependencies"
	if ! command -v curl; then
	# shellcheck disable=SC1091
	source /etc/os-release \|\| source /usr/lib/os-release
	case ${ID,,} in
	ubuntu\|debian)
	sudo apt-get update -qq > /dev/null
	sudo apt-get install -y -qq -o=Dpkg::Use-Pty=0 curl
	;;
	esac
	fi

	# NOTE: Shorten link -> https://github.com/electrocucaracha/pkg-mgr_scripts
	curl -fsSL http://bit.ly/install_pkg \| PKG_COMMANDS_LIST="docker,act,git" bash

	# Configure repositories
	if [ ! -d /opt/connectedhomeip ]; then
	info "Cloning matter source code"
	sudo git clone --depth 1 --recursive --branch "${MATTER_BRANCH:-master}" \
	"https://github.com/${MATTER_REPO:-project-chip}/connectedhomeip" \
	/opt/connectedhomeip
	sudo chown -R "$USER" /opt/connectedhomeip
	fi
	find /opt/connectedhomeip/.github/workflows/ -name "*.yaml" -type f \
	-exec sed -i "s\|image: connectedhomeip/chip-build${matter_img}:.*\|image: connectedhomeip/chip-build${matter_img}:latest\|g" {} \;

	info "Configuring act tool"
	cat << EOT > "$HOME/.actrc"
	-P ubuntu-latest=ghcr.io/catthehacker/ubuntu:full-latest
	-P ubuntu-20.04=ghcr.io/catthehacker/ubuntu:full-20.04
	-P ubuntu-18.04=ghcr.io/catthehacker/ubuntu:full-18.04
	ubuntu-16.04=ghcr.io/catthehacker/ubuntu:full-16.04
	EOT

	# Build Docker image
	if [[ -z "$(sudo docker images --filter=reference="connectedhomeip/chip-build${matter_img}:latest" -q)" ]]; then
	info "Building connectedhomeip/chip-build${matter_img} latest image"
	pushd "/opt/connectedhomeip/integrations/docker/images/chip-build${matter_img}"
	newgrp docker <<EONG
	./build.sh --latest
	EONG
	popd
	fi

	# Check GitHub Actions impacted
	pushd /opt/connectedhomeip/
	for workflow in $(grep -r "image: connectedhomeip/chip-build${matter_img}:latest" .github/workflows \| awk -F ':' '{ print $1}' \| sort \| uniq); do
	for job in $(act --list \| grep "$(basename "$workflow")" \| awk '{ print $2}'); do
	info "Running $job job from $workflow workflow"
	trap "echo 'ERROR $job has failed'" EXIT
	newgrp docker <<EONG
	act --job "$job" --privileged
	EONG
	done
	done
	popd
	terraform {
	required_providers {
	aws = {
	source = "hashicorp/aws"
	# version = ">= 3.72" instance_metadata_tags support (# https://github.com/hashicorp/terraform-provider-aws/pull/22463)
	version = ">= 3.71"
	}
	}
	}

	# Configure the AWS Provider
	provider "aws" {
	region = local.region
	}

	locals {
	region = "us-west-1"
	}

	module "matter_sg" {
	source = "terraform-aws-modules/security-group/aws"
	version = "~> 4.0"

	name = "matter-security_group"
	description = "Security group for accessing matter VMs from outside"
	vpc_id = module.network_lab.vpc_id

	ingress_cidr_blocks = ["0.0.0.0/0"]
	ingress_rules = ["all-icmp", "ssh-tcp"]
	egress_rules = ["all-all"]
	}

	resource "aws_instance" "matter_instances" {
	for_each = toset(var.images)

	ami = data.aws_ami.ubuntu.id
	instance_type = "c5.4xlarge"
	user_data = file("init.sh")

	subnet_id = element(module.network_lab.public_subnets, 0)
	vpc_security_group_ids = [module.matter_sg.security_group_id]

	key_name = aws_key_pair.key_pair.id
	monitoring = true

	metadata_options {
	http_endpoint = "enabled"
	http_tokens = "required"
	# instance_metadata_tags = "enabled"
	}

	root_block_device {
	encrypted = true
	volume_size = 20
	}

	tags = {
	Name = "matter${each.key}"
	}
	}

	data "aws_ami" "ubuntu" {
	most_recent = true
	owners = ["099720109477"]

	filter {
	name = "name"
	values = ["ubuntu-minimal/images/hvm-ssd/ubuntu-focal-20.04-amd64-minimal-*"]
	}

	filter {
	name = "virtualization-type"
	values = ["hvm"]
	}
	}

	resource "aws_key_pair" "key_pair" {
	public_key = file(var.ssh_public_key_path)
	}

	data "aws_availability_zones" "available" {
	state = "available"
	}

	module "network_lab" {
	source = "terraform-aws-modules/vpc/aws"
	version = "~> 3.0"

	name = "matter-network"
	cidr = "10.0.0.0/16"

	azs = [data.aws_availability_zones.available.names[0]]
	private_subnets = ["10.0.1.0/24"]
	public_subnets = ["10.0.101.0/24"]
	enable_nat_gateway = true
	}
	# frozen_string_literal: true

	# -- mode: ruby --
	# vi: set ft=ruby :
	##############################################################################
	# Copyright (c)
	# All rights reserved. This program and the accompanying materials
	# are made available under the terms of the Apache License, Version 2.0
	# which accompanies this distribution, and is available at
	# http://www.apache.org/licenses/LICENSE-2.0
	##############################################################################

	host = RbConfig::CONFIG['host_os']

	no_proxy = ENV['NO_PROXY'] \|\| ENV['no_proxy'] \|\| '127.0.0.1,localhost'
	(1..254).each do \|i\|
	no_proxy += ",10.0.2.#{i}"
	end

	case host
	when /darwin/
	mem = `sysctl -n hw.memsize`.to_i / 1024
	when /linux/
	mem = `grep 'MemTotal' /proc/meminfo \| sed -e 's/MemTotal://' -e 's/ kB//'`.to_i
	when /mswin\|mingw\|cygwin/
	mem = `wmic computersystem Get TotalPhysicalMemory`.split[1].to_i / 1024
	end

	Vagrant.configure('2') do \|config\|
	config.vm.provider :libvirt
	config.vm.provider :virtualbox

	config.vm.box = 'generic/ubuntu2004'
	config.vm.box_check_update = false
	config.vm.synced_folder './', '/vagrant'
	config.vm.provision 'shell', privileged: false do \|sh\|
	sh.env = {
	MATTER_IMG: ENV['MATTER_IMG'],
	MATTER_DEBUG: ENV['MATTER_DEBUG'] \|\| 'true'
	}
	sh.inline = <<-SHELL
	set -o errexit
	set -o pipefail

	for matter_var in $(printenv \| grep MATTER_); do echo "export $matter_var" \| sudo tee --append /etc/environment ; done
	cd /vagrant
	./init.sh \| tee ~/init.log
	SHELL
	end

	%i[virtualbox libvirt].each do \|provider\|
	config.vm.provider provider do \|p\|
	p.cpus = ENV['CPUS'] \|\| 2
	p.memory = ENV['MEMORY'] \|\| mem / 1024 / 4
	end
	end
	config.vm.provider 'virtualbox' do \|v\|
	v.gui = false
	v.customize ['modifyvm', :id, '--nictype1', 'virtio', '--cableconnected1', 'on']
	# https://bugs.launchpad.net/cloud-images/+bug/1829625/comments/2
	v.customize ['modifyvm', :id, '--uart1', '0x3F8', '4']
	v.customize ['modifyvm', :id, '--uartmode1', 'file', File::NULL]
	# Enable nested paging for memory management in hardware
	v.customize ['modifyvm', :id, '--nestedpaging', 'on']
	# Use large pages to reduce Translation Lookaside Buffers usage
	v.customize ['modifyvm', :id, '--largepages', 'on']
	# Use virtual processor identifiers to accelerate context switching
	v.customize ['modifyvm', :id, '--vtxvpid', 'on']
	end

	config.vm.provider :libvirt do \|v, override\|
	override.vm.synced_folder './', '/vagrant', type: 'nfs'
	v.random_hostname = true
	v.management_network_address = '10.0.2.0/24'
	v.management_network_name = 'administration'
	v.cpu_mode = 'host-passthrough'
	end

	if !ENV['http_proxy'].nil? && !ENV['https_proxy'].nil? && Vagrant.has_plugin?('vagrant-proxyconf')
	config.proxy.http = ENV['http_proxy'] \|\| ENV['HTTP_PROXY'] \|\| ''
	config.proxy.https = ENV['https_proxy'] \|\| ENV['HTTPS_PROXY'] \|\| ''
	config.proxy.no_proxy = no_proxy
	config.proxy.enabled = { docker: false }
	end
	end
	variable "ssh_public_key_path" {
	description = "SSH public key file path"
	default = "~/.ssh/id_rsa.pub"
	}

	variable "images" {
	type = list(string)
	default = ["", "-ameba", "-android", "-cirque", "-crosscompile", "-doxygen", "-efr32", "-esp32", "-esp32-qemu", "-infineon", "-k32w", "-mbed-os", "-nrf-platform", "-telink", "-tizen", "-vscode", "-zap"]
	}