constellation/.github/workflows/e2e-ssh.yml

name: e2e test emergency ssh

on:
  workflow_dispatch:
  push:
    paths:
      - cli/internal/cmd/ssh*.go
      - terraform/infrastructure/aws/**
      - terraform/infrastructure/azure/**
      - terraform/infrastructure/gcp/**

jobs:
  ssh:
    runs-on: ubuntu-24.04
    strategy:
      matrix:
        attestationVariant: ["gcp-sev-es", "gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Get Latest Image
        id: find-latest-image
        uses: ./.github/actions/find_latest_image

      - name: Split attestationVariant
        id: split-attestationVariant
        shell: bash
        run: |
          attestationVariant="${{ matrix.attestationVariant }}"
          cloudProvider="${attestationVariant%%-*}"

          echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT"

      - name: test
        uses: ./.github/actions/e2e_test
        with:
          workerNodesCount: "1"
          controlNodesCount: "1"
          cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
          attestationVariant: ${{ matrix.attestationVariant }}
          osImage: ${{ steps.find-latest-image.outputs.image }}
          isDebugImage: ${{ steps.find-latest-image.outputs.isDebugImage }}
          gcpProject: constellation-e2e
          gcpClusterCreateServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com"
          gcpIAMCreateServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"
          kubernetesVersion: "v1.28"
          test: "emergency ssh"
          azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
          azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
          azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
          registry: ghcr.io
          githubToken: ${{ secrets.GITHUB_TOKEN }}
          encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

      - name: Always terminate cluster
        if: always()
        uses: ./.github/actions/constellation_destroy
        with:
          kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}
          clusterCreation: "cli"
          cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
          azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
          gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com"

      - name: Always delete IAM configuration
        if: always()
        uses: ./.github/actions/constellation_iam_destroy
        with:
          cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
          azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
          gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"

      - name: Update tfstate
        if: always()
        env:
          GH_TOKEN: ${{ github.token }}
        uses: ./.github/actions/update_tfstate
        with:
          name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}
          runID: ${{ github.run_id }}
          encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

      - name: Notify about failure
        if: |
          failure() &&
          github.ref == 'refs/heads/main' &&
          github.event_name == 'schedule'
        continue-on-error: true
        uses: ./.github/actions/notify_e2e_failure
        with:
          projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }}
          refStream: ${{ matrix.refStream }}
          test: ${{ matrix.test }}
          kubernetesVersion: ${{ matrix.kubernetesVersion }}
          provider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}
          attestationVariant: ${{ matrix.attestationVariant }}
          clusterCreation: "cli"
Wrote structure for e2e test 2025-02-13 13:55:09 +01:00			`name: e2e test emergency ssh`

			`on:`
			`workflow_dispatch:`
			`push:`
			`paths:`
			`- cli/internal/cmd/ssh*.go`
			`- terraform/infrastructure/aws/**`
			`- terraform/infrastructure/azure/**`
			`- terraform/infrastructure/gcp/**`

			`jobs:`
			`ssh:`
added forgotten machine type 2025-02-13 15:18:48 +01:00			`runs-on: ubuntu-24.04`
Wrote structure for e2e test 2025-02-13 13:55:09 +01:00			`strategy:`
			`matrix:`
Implemented `e2e-ssh` workflow 2025-02-13 14:47:22 +01:00			`attestationVariant: ["gcp-sev-es", "gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]`
ordered steps into step key 2025-02-13 15:20:31 +01:00			`steps:`
			`- name: Checkout`
fix indentation 2025-02-13 15:21:29 +01:00			`id: checkout`
			`uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2`
Implemented `e2e-ssh` workflow 2025-02-13 14:47:22 +01:00
ordered steps into step key 2025-02-13 15:20:31 +01:00			`- name: Get Latest Image`
			`id: find-latest-image`
			`uses: ./.github/actions/find_latest_image`
Implemented `e2e-ssh` workflow 2025-02-13 14:47:22 +01:00
ordered steps into step key 2025-02-13 15:20:31 +01:00			`- name: Split attestationVariant`
fix indentation 2025-02-13 15:21:29 +01:00			`id: split-attestationVariant`
			`shell: bash`
			`run: \|`
			`attestationVariant="${{ matrix.attestationVariant }}"`
			`cloudProvider="${attestationVariant%%-*}"`
Implemented `e2e-ssh` workflow 2025-02-13 14:47:22 +01:00
fix indentation 2025-02-13 15:21:29 +01:00			`echo "cloudProvider=${cloudProvider}" \| tee -a "$GITHUB_OUTPUT"`
Implemented `e2e-ssh` workflow 2025-02-13 14:47:22 +01:00
ordered steps into step key 2025-02-13 15:20:31 +01:00			`- name: test`
			`uses: ./.github/actions/e2e_test`
			`with:`
			`workerNodesCount: "1"`
			`controlNodesCount: "1"`
			`cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}`
			`attestationVariant: ${{ matrix.attestationVariant }}`
			`osImage: ${{ steps.find-latest-image.outputs.image }}`
			`isDebugImage: ${{ steps.find-latest-image.outputs.isDebugImage }}`
			`gcpProject: constellation-e2e`
			`gcpClusterCreateServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com"`
			`gcpIAMCreateServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"`
			`kubernetesVersion: "v1.28"`
			`test: "emergency ssh"`
			`azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}`
			`azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}`
			`azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}`
			`registry: ghcr.io`
			`githubToken: ${{ secrets.GITHUB_TOKEN }}`
			`encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}`
Implemented `e2e-ssh` workflow 2025-02-13 14:47:22 +01:00
ordered steps into step key 2025-02-13 15:20:31 +01:00			`- name: Always terminate cluster`
			`if: always()`
			`uses: ./.github/actions/constellation_destroy`
			`with:`
			`kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}`
			`clusterCreation: "cli"`
			`cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}`
			`azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}`
			`gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com"`
Implemented `e2e-ssh` workflow 2025-02-13 14:47:22 +01:00
ordered steps into step key 2025-02-13 15:20:31 +01:00			`- name: Always delete IAM configuration`
			`if: always()`
			`uses: ./.github/actions/constellation_iam_destroy`
			`with:`
			`cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}`
			`azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}`
			`gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com"`
Implemented `e2e-ssh` workflow 2025-02-13 14:47:22 +01:00
ordered steps into step key 2025-02-13 15:20:31 +01:00			`- name: Update tfstate`
			`if: always()`
			`env:`
			`GH_TOKEN: ${{ github.token }}`
			`uses: ./.github/actions/update_tfstate`
			`with:`
			`name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}`
			`runID: ${{ github.run_id }}`
			`encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}`
Implemented `e2e-ssh` workflow 2025-02-13 14:47:22 +01:00
ordered steps into step key 2025-02-13 15:20:31 +01:00			`- name: Notify about failure`
			`if: \|`
			`failure() &&`
			`github.ref == 'refs/heads/main' &&`
			`github.event_name == 'schedule'`
			`continue-on-error: true`
			`uses: ./.github/actions/notify_e2e_failure`
			`with:`
			`projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }}`
			`refStream: ${{ matrix.refStream }}`
			`test: ${{ matrix.test }}`
			`kubernetesVersion: ${{ matrix.kubernetesVersion }}`
			`provider: ${{ steps.split-attestationVariant.outputs.cloudProvider }}`
			`attestationVariant: ${{ matrix.attestationVariant }}`
			`clusterCreation: "cli"`