From 448079028d289b77ebc01efc052567b99782e058 Mon Sep 17 00:00:00 2001
From: Guilherme Gallo <guilherme.gallo@collabora.com>
Date: Mon, 31 Oct 2022 11:13:16 +0100
Subject: [PATCH] ci: Update piglit with s3 support

With new S3 support, we can use JWT-only server interaction via the
removal of `role-session` and `minio-host` arguments from PIGLIT_ARGS in
YAML.
This parameter change will come in a later commit.

Solved Conflicts:
	.gitlab-ci/container/build-piglit.sh
	.gitlab-ci/image-tags.yml

Signed-off-by: Guilherme Gallo <guilherme.gallo@collabora.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
(cherry picked from commit 70ce1dcacc92a816322082c8695569b6a91a1810)

Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/19604>
---
 .gitlab-ci/container/build-piglit.sh          |  5 ++
 .gitlab-ci/image-tags.yml                     |  2 +-
 .../build-piglit_backport-s3-migration.diff   | 72 +++++++++++++++++++
 3 files changed, 78 insertions(+), 1 deletion(-)
 create mode 100644 .gitlab-ci/piglit/build-piglit_backport-s3-migration.diff

diff --git a/.gitlab-ci/container/build-piglit.sh b/.gitlab-ci/container/build-piglit.sh
index 7d8af6277da..c5313e74108 100644
--- a/.gitlab-ci/container/build-piglit.sh
+++ b/.gitlab-ci/container/build-piglit.sh
@@ -5,6 +5,11 @@ set -ex
 git clone https://gitlab.freedesktop.org/mesa/piglit.git --single-branch --no-checkout /piglit
 pushd /piglit
 git checkout b2c9d8f56b45d79f804f4cb5ac62520f0edd8988
+
+# TODO: Remove the following patch when piglit commit got past
+# 1cd716180cfb6ef0c1fc54702460ef49e5115791
+git apply $OLDPWD/.gitlab-ci/piglit/build-piglit_backport-s3-migration.diff
+
 patch -p1 <$OLDPWD/.gitlab-ci/piglit/disable-vs_in.diff
 cmake -S . -B . -G Ninja -DCMAKE_BUILD_TYPE=Release $PIGLIT_OPTS $EXTRA_CMAKE_ARGS
 ninja $PIGLIT_BUILD_TARGETS
diff --git a/.gitlab-ci/image-tags.yml b/.gitlab-ci/image-tags.yml
index 8630020bb5c..bd19fe99d49 100644
--- a/.gitlab-ci/image-tags.yml
+++ b/.gitlab-ci/image-tags.yml
@@ -15,7 +15,7 @@ variables:
    DEBIAN_X86_TEST_VK_TAG: "2022-10-20-bindgen-zlib-cve"
 
    FEDORA_X86_BUILD_TAG: "2022-04-24-spirv-tools-5"
-   KERNEL_ROOTFS_TAG: "2022-10-20-bindgen-zlib-cve"
+   KERNEL_ROOTFS_TAG: "2022-11-03-piglit"
 
    WINDOWS_X64_VS_PATH: "windows/x64_vs"
    WINDOWS_X64_VS_TAG: "2022-06-15-vs-winsdk"
diff --git a/.gitlab-ci/piglit/build-piglit_backport-s3-migration.diff b/.gitlab-ci/piglit/build-piglit_backport-s3-migration.diff
new file mode 100644
index 00000000000..24586194dcf
--- /dev/null
+++ b/.gitlab-ci/piglit/build-piglit_backport-s3-migration.diff
@@ -0,0 +1,72 @@
+diff --git a/framework/replay/download_utils.py b/framework/replay/download_utils.py
+index 3119a24a2..4e776ca85 100644
+--- a/framework/replay/download_utils.py
++++ b/framework/replay/download_utils.py
+@@ -31,6 +31,7 @@ import xml.etree.ElementTree as ET
+ from email.utils import formatdate
+ from os import path
+ from time import time
++from urllib.parse import urlparse
+ import requests
+ from requests.adapters import HTTPAdapter, Retry
+ from requests.utils import requote_uri
+@@ -88,7 +89,7 @@ def get_minio_credentials(url):
+             minio_credentials['SessionToken'])
+ 
+ 
+-def get_authorization_headers(url, resource):
++def get_minio_authorization_headers(url, resource):
+     minio_key, minio_secret, minio_token = get_minio_credentials(url)
+ 
+     content_type = 'application/octet-stream'
+@@ -106,6 +107,17 @@ def get_authorization_headers(url, resource):
+     return headers
+ 
+ 
++def get_jwt_authorization_headers(url, resource):
++    date = formatdate(timeval=None, localtime=False, usegmt=True)
++    jwt = OPTIONS.download['jwt']
++    host = urlparse(url).netloc
++
++    headers = {'Host': host,
++               'Date': date,
++               'Authorization': 'Bearer %s' % (jwt)}
++    return headers
++
++
+ def download(url: str, file_path: str, headers, attempts=2) -> None:
+     """Downloads a URL content into a file
+ 
+@@ -174,7 +186,9 @@ def ensure_file(file_path):
+         assert OPTIONS.download['minio_bucket']
+         assert OPTIONS.download['role_session_name']
+         assert OPTIONS.download['jwt']
+-        headers = get_authorization_headers(url, file_path)
++        headers = get_minio_authorization_headers(url, file_path)
++    elif OPTIONS.download['jwt']:
++        headers = get_jwt_authorization_headers(url, file_path)
+     else:
+         headers = None
+ 
+diff --git a/unittests/framework/replay/test_download_utils.py b/unittests/framework/replay/test_download_utils.py
+index 1e78b26e7..749c5d835 100644
+--- a/unittests/framework/replay/test_download_utils.py
++++ b/unittests/framework/replay/test_download_utils.py
+@@ -195,3 +195,17 @@ class TestDownloadUtils(object):
+         get_request = requests_mock.request_history[1]
+         assert(get_request.method == 'GET')
+         assert(requests_mock.request_history[1].headers['Authorization'].startswith('AWS Key'))
++
++    def test_jwt_authorization(self, requests_mock):
++        """download_utils.ensure_file: Check we send the authentication headers to the server"""
++        # reset minio_host from previous tests
++        OPTIONS.download['minio_host'] = ''
++        OPTIONS.download['jwt'] = 'jwt'
++
++        assert not self.trace_file.check()
++        download_utils.ensure_file(self.trace_path)
++        TestDownloadUtils.check_same_file(self.trace_file, "remote")
++
++        get_request = requests_mock.request_history[0]
++        assert(get_request.method == 'GET')
++        assert(requests_mock.request_history[0].headers['Authorization'].startswith('Bearer'))