misc: run acceptance tests from github actions.

Author: Josh Carp

.github/workflows/build-test.yml

@@ -29,3 +29,53 @@ jobs:
         run: make test
       - name: lint
         run: make lint
+  acceptance:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - uses: hashicorp/setup-terraform@v3
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+      - uses: docker/setup-compose-action@v1
+      - uses: astral-sh/setup-uv@v6
+      - name: install oxide cli
+        run: |
+          mkdir -p bin
+          wget https://github.com/oxidecomputer/oxide.rs/releases/download/v0.13.0+20250730.0.0/oxide-cli-x86_64-unknown-linux-gnu.tar.xz
+          tar xvf oxide-cli-x86_64-unknown-linux-gnu.tar.xz
+          mv oxide-cli-x86_64-unknown-linux-gnu/oxide bin
+          echo "$(pwd)/bin" >> $GITHUB_PATH
+      # Run simulated omicron in the background with docker compose.
+      # TODO(jmcarp): support tests against multiple omicron versions.
+      # TODO(jmcarp): publish this image for faster builds.
+      - name: omicron-dev
+        working-directory: acctest
+        run: |
+          docker compose build
+          docker compose up --wait --wait-timeout 900
+      # We can't use `oxide auth login` here, since it requires a browser to
+      # complete the oauth device flow. Instead, fetch an auth token using a
+      # script that simulates the browser flow.
+      - id: auth-token
+        working-directory: acctest
+        run: |
+          echo "OXIDE_TOKEN=$(uv run auth.py)" >> $GITHUB_OUTPUT
+      - name: oxide-dependencies
+        run: |
+          sudo apt-get update && sudo apt-get install -y qemu-utils
+          wget https://dl-cdn.alpinelinux.org/alpine/v3.22/releases/cloud/generic_alpine-3.22.1-x86_64-bios-tiny-r0.qcow2
+          qemu-img convert -f qcow2 -O raw generic_alpine-3.22.1-x86_64-bios-tiny-r0.qcow2 alpine.raw
+          ./scripts/acc-test-setup.sh
+        env:
+          OXIDE_HOST: http://localhost:12220
+          OXIDE_TOKEN: ${{ steps.auth-token.outputs.OXIDE_TOKEN }}
+      - name: test
+        shell: bash
+        run: |
+          make testacc
+        env:
+          OXIDE_HOST: http://localhost:12220
+          OXIDE_TOKEN: ${{ steps.auth-token.outputs.OXIDE_TOKEN }}
+          OXIDE_TEST_IP_POOL_NAME: default
+          OXIDE_SILO_DNS_NAME: "*.sys.oxide-dev.test"

acctest/Dockerfile

@@ -0,0 +1,11 @@
+FROM rust
+
+SHELL ["/bin/bash", "-c"]
+
+RUN \
+  git clone https://github.com/oxidecomputer/omicron.git --depth 1 --branch jmcarp/prereqs-omit-sudo && \
+  cd omicron && \
+  source env.sh && \
+  ./tools/install_builder_prerequisites.sh -y -s
+
+WORKDIR omicron

acctest/auth.py

@@ -0,0 +1,53 @@
+# /// script
+# dependencies = [
+#   "httpx",
+# ]
+# ///
+
+import argparse
+import uuid
+
+import httpx
+
+
+def fetch_token(args):
+    # Get auth cookie via password login.
+    client = httpx.Client()
+    client.post(
+        f"{args.host}/v1/login/{args.silo}/local",
+        json={"username": args.username, "password": args.password},
+    ).raise_for_status()
+
+    # Start the device auth flow.
+    u = uuid.uuid4()
+    device_resp = httpx.post(f"{args.host}/device/auth", data={"client_id": str(u)})
+    device_resp.raise_for_status()
+    device_details = device_resp.json()
+
+    # Confirm the device via the authenticated session.
+    client.post(
+        f"{args.host}/device/confirm", json={"user_code": device_details["user_code"]}
+    ).raise_for_status()
+
+    # Fetch the token.
+    token_resp = httpx.post(
+        f"{args.host}/device/token",
+        data={
+            "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
+            "device_code": device_details["device_code"],
+            "client_id": str(u),
+        },
+    )
+    token_resp.raise_for_status()
+    return token_resp.json()["access_token"]
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument("--host", default="http://localhost:12220")
+    parser.add_argument("--silo", default="test-suite-silo")
+    parser.add_argument("--username", default="test-privileged")
+    parser.add_argument("--password", default="oxide")
+    args = parser.parse_args()
+
+    print(fetch_token(args))

acctest/docker-compose.yaml

@@ -0,0 +1,10 @@
+services:
+  omicron-dev:
+    build: .
+    command: /bin/bash -c 'source env.sh && cargo xtask omicron-dev run-all'
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:12220"]
+      interval: 5s
+      retries: 180
+    ports:
+    - "12220:12220"

scripts/acc-test-setup.sh

@@ -17,15 +17,15 @@ SILO_NAME=${OXIDE_SILO:-test-suite-silo}
 # qemu-img convert -f qcow2 -O raw generic_alpine-3.22.1-x86_64-bios-tiny-r0.qcow2 alpine.raw
 IMAGE_PATH=${OXIDE_IMAGE_PATH:-alpine.raw}
 
-# oxide project create --name $PROJECT_NAME --description $PROJECT_NAME
+oxide project create --name $PROJECT_NAME --description $PROJECT_NAME
 
-# # We need to create disks, images, etc., so override the default empty quota.
-# oxide silo quotas update --silo $SILO_NAME --cpus 100 --memory $((2 ** 40)) --storage $((2 ** 40))
+# We need to create disks, images, etc., so override the default empty quota.
+oxide silo quotas update --silo $SILO_NAME --cpus 100 --memory $((2 ** 40)) --storage $((2 ** 40))
 
-# # Set up the default IP pool, and add a range.
-# oxide ip-pool create --name default --description default
-# oxide ip-pool silo link --pool default --silo $SILO_NAME --is-default true
-# oxide ip-pool range add --first 10.0.1.0 --last 10.0.1.255 --pool default
+# Set up the default IP pool, and add a range.
+oxide ip-pool create --name default --description default
+oxide ip-pool silo link --pool default --silo $SILO_NAME --is-default true
+oxide ip-pool range add --first 10.0.1.0 --last 10.0.1.255 --pool default
 
 # The acceptance tests expect both at least a single project-scoped image and a
 # silo-scoped image. Import the same image twice, then promote one copy to the