2022-10-24 12:47:03 -04:00
name : E2E meta test
description : "This test does the infrastructure management and runs the e2e test of your choice."
2022-05-09 03:45:59 -04:00
inputs :
workerNodesCount :
2022-08-09 04:02:15 -04:00
description : "Number of worker nodes to spawn."
2022-10-24 12:47:03 -04:00
required : false
default : "2"
2022-05-09 03:45:59 -04:00
controlNodesCount :
2022-08-09 04:02:15 -04:00
description : "Number of control-plane nodes to spawn."
2022-10-24 12:47:03 -04:00
required : false
default : "3"
2022-05-09 03:45:59 -04:00
cloudProvider :
2022-08-09 04:02:15 -04:00
description : "Which cloud provider to use."
2022-05-09 03:45:59 -04:00
required : true
machineType :
2022-08-09 04:02:15 -04:00
description : "VM machine type. Make sure it matches selected cloud provider!"
2022-09-03 04:21:19 -04:00
required : false
2022-10-21 04:16:44 -04:00
osImage :
2022-11-23 03:41:42 -05:00
description : "OS image to run."
2022-08-09 09:29:39 -04:00
required : true
isDebugImage :
2022-10-21 04:16:44 -04:00
description : "Is OS img a debug img?"
2022-08-09 09:29:39 -04:00
default : "true"
required : true
2022-09-13 10:01:47 -04:00
kubernetesVersion :
description : "Kubernetes version to create the cluster from."
required : false
2022-12-01 09:43:40 -05:00
keepMeasurements :
default : "false"
description : "Keep measurements embedded in the CLI."
2022-11-02 10:16:47 -04:00
gcpProject :
description : "The GCP project to deploy Constellation in."
required : false
2023-01-16 12:15:17 -05:00
gcp_service_account :
2022-08-09 04:02:15 -04:00
description : "Service account with permissions to create Constellation on GCP."
2022-05-09 03:45:59 -04:00
required : false
2022-08-29 02:55:36 -04:00
gcpClusterServiceAccountKey :
description : "Service account to use inside the created Constellation cluster on GCP."
required : false
2022-11-02 10:16:47 -04:00
azureSubscription :
description : "The Azure subscription ID to deploy Constellation in."
required : false
azureTenant :
description : "The Azure tenant ID to deploy Constellation in."
required : false
azureClientID :
description : "The client ID of the application registration created for Constellation in Azure."
required : false
2022-08-30 07:42:14 -04:00
azureClientSecret :
description : "The client secret value of the used secret"
required : false
2022-11-02 10:16:47 -04:00
azureUserAssignedIdentity :
description : "The Azure user assigned identity to use for Constellation."
required : false
2022-09-02 06:43:04 -04:00
azureResourceGroup :
description : "The resource group to use"
required : false
2022-10-24 12:47:03 -04:00
test :
2023-02-21 06:47:14 -05:00
description : "The test to run. Can currently be one of [sonobuoy full, sonobuoy quick, autoscaling, lb, k-bench, verify, recover, nop, iamcreate]."
2022-09-13 10:01:47 -04:00
required : true
2022-10-24 12:47:03 -04:00
sonobuoyTestSuiteCmd :
description : "The sonobuoy test suite to run."
required : false
2022-08-09 09:29:39 -04:00
2022-11-09 04:28:34 -05:00
outputs :
kubeconfig :
description : "The kubeconfig for the cluster."
value : ${{ steps.constellation-create.outputs.kubeconfig }}
2022-05-09 03:45:59 -04:00
runs :
2022-08-09 04:02:15 -04:00
using : "composite"
2022-05-09 03:45:59 -04:00
steps :
2022-10-24 12:47:03 -04:00
- name : Check input
2023-02-21 06:47:14 -05:00
if : (!contains(fromJson('["sonobuoy full", "sonobuoy quick", "autoscaling", "k-bench", "verify", "lb", "recover", "nop", "iamcreate"]'), inputs.test))
2022-10-24 12:47:03 -04:00
shell : bash
run : |
echo "Invalid input for test field: ${{ inputs.test }}"
exit 1
2022-11-02 11:34:30 -04:00
# K-Bench's network benchmarks require at least two distinct worker nodes.
- name : Validate k-bench inputs
if : inputs.test == 'k-bench'
shell : bash
run : |
if [[ "${{ inputs.workerNodesCount }}" -lt 2 ]]; then
echo "::error::Test K-Bench requires at least 2 worker nodes."
exit 1
fi
2022-09-14 11:41:47 -04:00
- name : Determine build target
id : determine-build-target
shell : bash
run : |
2022-10-12 05:43:32 -04:00
echo "hostOS=$(go env GOOS)" >> $GITHUB_OUTPUT
echo "hostArch=$(go env GOARCH)" >> $GITHUB_OUTPUT
2022-09-14 11:41:47 -04:00
2022-08-09 04:02:15 -04:00
- name : Build CLI
uses : ./.github/actions/build_cli
2022-09-14 11:41:47 -04:00
with :
targetOS : ${{ steps.determine-build-target.outputs.hostOS }}
targetArch : ${{ steps.determine-build-target.outputs.hostArch }}
2022-12-12 09:55:30 -05:00
enterpriseCLI : ${{ inputs.keepMeasurements }}
2022-09-14 11:41:47 -04:00
# macOS runners don't have Docker preinstalled, so they cannot build the bootstrapper.
# But we can use a Linux runner to build it and store/retrieve it from the action cache.
- name : Download the bootstrapper from cache
id : download-bootstrapper-cache
if : inputs.isDebugImage == 'true' && runner.os == 'macOS'
2023-02-21 07:49:47 -05:00
uses : actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
2022-09-14 11:41:47 -04:00
with :
key : bootstrapper-${{ github.sha }}
path : "build/bootstrapper"
2022-08-09 09:29:39 -04:00
- name : Build the bootstrapper
id : build-bootstrapper
2022-09-14 11:41:47 -04:00
if : inputs.isDebugImage == 'true' && runner.os != 'macOS'
2022-10-24 12:47:03 -04:00
uses : ./.github/actions/build_bootstrapper
2022-09-14 11:41:47 -04:00
2023-01-20 08:32:15 -05:00
# macOS runners don't have Docker preinstalled, so they cannot build the upgrade-agent.
# But we can use a Linux runner to build it and store/retrieve it from the action cache.
- name : Download the upgrade-agent from cache
id : download-upgrade-agent-cache
if : inputs.isDebugImage == 'true' && runner.os == 'macOS'
2023-02-21 07:49:47 -05:00
uses : actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # v3.2.6
2023-01-20 08:32:15 -05:00
with :
key : upgrade-agent-${{ github.sha }}
path : "build/upgrade-agent"
- name : Build the upgrade-agent
id : build-upgrade-agent
if : inputs.isDebugImage == 'true' && runner.os != 'macOS'
uses : ./.github/actions/build_upgrade_agent
2022-09-14 11:41:47 -04:00
- name : Build cdbg
id : build-cdbg
if : inputs.isDebugImage == 'true'
2022-10-24 12:47:03 -04:00
uses : ./.github/actions/build_cdbg
2022-09-14 11:41:47 -04:00
with :
targetOS : ${{ steps.determine-build-target.outputs.hostOS }}
targetArch : ${{ steps.determine-build-target.outputs.hostArch }}
2022-05-09 03:45:59 -04:00
2022-08-09 04:02:15 -04:00
- name : Login to GCP
2022-10-24 12:47:03 -04:00
if : inputs.cloudProvider == 'gcp'
2022-11-08 10:13:10 -05:00
uses : ./.github/actions/login_gcp
2022-08-09 04:02:15 -04:00
with :
2023-01-16 12:15:17 -05:00
service_account : ${{ inputs.gcp_service_account }}
2022-05-09 03:45:59 -04:00
2022-11-08 10:43:17 -05:00
- name : Login to AWS
if : inputs.cloudProvider == 'aws'
uses : aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # tag=v1.7.0
with :
role-to-assume : arn:aws:iam::795746500882:role/GithubActionsE2E
aws-region : eu-central-1
2022-11-14 08:14:42 -05:00
# extend token expiry to 6 hours to ensure constellation can terminate
role-duration-seconds : 21600
2022-11-08 10:43:17 -05:00
2023-02-21 06:47:14 -05:00
- name : Create IAM configuration
id : constellation-iam-create
if : inputs.test == 'iamcreate' && inputs.cloudProvider != 'azure' # skip for Azure, as the SP / MI does not have the required permissions
uses : ./.github/actions/constellation_iam_create
with :
cloudProvider : ${{ inputs.cloudProvider }}
awsZone : eu-central-1a
awsPrefix : e2e_${{ github.run_id }}_${{ github.run_attempt }}
azureRegion : northeurope
azureResourceGroup : e2e_${{ github.run_id }}_${{ github.run_attempt }}_rg
azureServicePrincipal : e2e_${{ github.run_id }}_${{ github.run_attempt }}_sp
gcpProjectID : ${{ inputs.gcpProject }}
gcpZone : europe-west3-b
gcpServiceAccountID : e2e-${{ github.run_id }}-${{ github.run_attempt }}-sa
2022-08-09 04:02:15 -04:00
- name : Create cluster
2022-10-24 12:47:03 -04:00
id : constellation-create
2022-08-09 04:02:15 -04:00
uses : ./.github/actions/constellation_create
with :
cloudProvider : ${{ inputs.cloudProvider }}
2022-11-02 10:16:47 -04:00
gcpProject : ${{ inputs.gcpProject }}
2022-08-29 02:55:36 -04:00
gcpClusterServiceAccountKey : ${{ inputs.gcpClusterServiceAccountKey }}
2022-08-09 04:02:15 -04:00
workerNodesCount : ${{ inputs.workerNodesCount }}
controlNodesCount : ${{ inputs.controlNodesCount }}
machineType : ${{ inputs.machineType }}
2022-10-21 04:16:44 -04:00
osImage : ${{ inputs.osImage }}
2022-08-09 09:29:39 -04:00
isDebugImage : ${{ inputs.isDebugImage }}
2022-08-09 04:02:15 -04:00
kubernetesVersion : ${{ inputs.kubernetesVersion }}
2022-12-01 09:43:40 -05:00
keepMeasurements : ${{ inputs.keepMeasurements }}
2022-11-02 10:16:47 -04:00
azureSubscription : ${{ inputs.azureSubscription }}
azureTenant : ${{ inputs.azureTenant }}
azureClientID : ${{ inputs.azureClientID }}
2022-08-30 07:42:14 -04:00
azureClientSecret : ${{ inputs.azureClientSecret }}
2022-11-02 10:16:47 -04:00
azureUserAssignedIdentity : ${{ inputs.azureUserAssignedIdentity }}
2022-09-02 06:43:04 -04:00
azureResourceGroup : ${{ inputs.azureResourceGroup }}
2023-02-21 06:47:14 -05:00
existingConfig : ${{ steps.constellation-iam-create.outputs.existingConfig }}
2022-09-02 06:43:04 -04:00
2022-10-24 12:47:03 -04:00
#
# Test payloads
#
2022-10-28 09:51:43 -04:00
- name : Nop test payload
if : inputs.test == 'nop'
shell : bash
run : echo "::warning::This test has a nop payload. It doesn't run any tests."
2022-10-28 05:01:31 -04:00
- name : Run sonobuoy quick test
if : inputs.test == 'sonobuoy quick'
2022-10-25 09:39:54 -04:00
uses : ./.github/actions/e2e_sonobuoy
2022-08-09 04:02:15 -04:00
with :
2022-10-24 12:47:03 -04:00
sonobuoyTestSuiteCmd : "--mode quick"
kubeconfig : ${{ steps.constellation-create.outputs.kubeconfig }}
2022-11-29 04:49:10 -05:00
cloudProvider : ${{ inputs.cloudProvider }}
2022-10-24 12:47:03 -04:00
- name : Run sonobuoy full test
if : inputs.test == 'sonobuoy full'
2022-10-25 09:39:54 -04:00
uses : ./.github/actions/e2e_sonobuoy
2022-10-24 12:47:03 -04:00
with :
# TODO: Remove E2E_SKIP once AB#2174 is resolved
sonobuoyTestSuiteCmd : '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml'
kubeconfig : ${{ steps.constellation-create.outputs.kubeconfig }}
2022-11-29 04:49:10 -05:00
cloudProvider : ${{ inputs.cloudProvider }}
2022-10-24 12:47:03 -04:00
- name : Run autoscaling test
if : inputs.test == 'autoscaling'
uses : ./.github/actions/e2e_autoscaling
with :
kubeconfig : ${{ steps.constellation-create.outputs.kubeconfig }}
2022-11-01 07:23:01 -04:00
2022-12-21 04:49:21 -05:00
- name : Run lb test
if : inputs.test == 'lb'
uses : ./.github/actions/e2e_lb
with :
kubeconfig : ${{ steps.constellation-create.outputs.kubeconfig }}
2022-11-01 07:23:01 -04:00
- name : Run K-Bench
if : inputs.test == 'k-bench'
2022-11-08 10:13:10 -05:00
uses : ./.github/actions/e2e_kbench
2022-11-01 07:23:01 -04:00
with :
cloudProvider : ${{ inputs.cloudProvider }}
kubeconfig : ${{ steps.constellation-create.outputs.kubeconfig }}
2023-01-09 02:54:41 -05:00
- name : Run constellation verify test
if : inputs.test == 'verify'
2023-01-17 05:28:28 -05:00
uses : ./.github/actions/e2e_verify
2023-01-09 02:54:41 -05:00
with :
cloudProvider : ${{ inputs.cloudProvider }}
osImage : ${{ inputs.osImage }}
2023-01-19 04:41:07 -05:00
- name : Run recover test
if : inputs.test == 'recover'
uses : ./.github/actions/e2e_recover
with :
controlNodesCount : ${{ inputs.controlNodesCount }}
kubeconfig : ${{ steps.constellation-create.outputs.kubeconfig }}
masterSecret : ${{ steps.constellation-create.outputs.masterSecret }}