constellation/.github/workflows/e2e-test-release.yml

name: e2e test release
# This workflow is not integrated with e2e-test-weekly since we want different tests to run during weekly and release testing.
# To integrate both tests we would need to pass executed tests as arguments.
# Defining the executed tests is currently the main point of the e2e-test-weekly workflow.
# e2e-test-release runs the same tests as e2e-test-weekly except:
# - any tests on the last release
# - loadbalancer tests for AWS. Test test is currently broken and should not block a release. AB#2780.
#
# The workflow is triggered by the completion of the release workflow.
# The workflow only executes, after being triggered, if the triggering workflow completed successfully.
# e2e-test-release uses the same branch as the triggering workflow and not the commit of the triggering workflow. This is because the release workflow produces further commits.
# e2e-test-release depends on the fact that actions/constellation_create does not overwrite the default osImage, if no osImage is supplied.

on:
  workflow_dispatch:
  workflow_run:
    workflows: ["Release"]
    types: [completed]

env:
  ARM_CLIENT_ID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
  ARM_CLIENT_SECRET: ${{ secrets.AZURE_E2E_CLIENT_SECRET }}
  ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}
  ARM_TENANT_ID: ${{ secrets.AZURE_E2E_TENANT_ID }}

jobs:
  on-failure-quit:
    runs-on: ubuntu-22.04
    if: github.event.workflow_run.conclusion == 'failure'
    steps:
      - run: |
          echo 'Release workflow failed, exiting..'
          exit 1

  e2e-tests:
    strategy:
      fail-fast: false
      max-parallel: 4
      matrix:
        test:
          [
            "sonobuoy full",
            "autoscaling",
            "perf-bench",
            "lb",
            "verify",
            "recover",
            "iamcreate",
          ]
        provider: ["gcp", "azure", "aws"]
        kubernetes-version: ["v1.24", "v1.25", "v1.26"]
        runner: [ubuntu-22.04, macos-12]
        exclude:
          # IAM create test runs only on latest kubernetes-version.
          - test: "iamcreate"
            kubernetes-version: "v1.24"
          - test: "iamcreate"
            kubernetes-version: "v1.25"
          # Verify test runs only on latest kubernetes-version.
          - test: "verify"
            kubernetes-version: "v1.24"
          - test: "verify"
            kubernetes-version: "v1.25"
          # Recover test runs only on latest kubernetes-version.
          - test: "recover"
            kubernetes-version: "v1.24"
          - test: "recover"
            kubernetes-version: "v1.25"
          # Autoscaling test runs only on latest kubernetes-version.
          - test: "autoscaling"
            kubernetes-version: "v1.24"
          - test: "autoscaling"
            kubernetes-version: "v1.25"
          # Perf-Bench test runs only on latest kubernetes-version.
          - test: "perf-bench"
            kubernetes-version: "v1.24"
          - test: "perf-bench"
            kubernetes-version: "v1.25"
          # lb test runs only on latest kubernetes-version.
          - test: "lb"
            kubernetes-version: "v1.24"
          - test: "lb"
            kubernetes-version: "v1.25"
          # Currently not supported on AWS.
          - test: "autoscaling"
            provider: "aws"
          - test: "perf-bench"
            provider: "aws"
          # Currently broken on AWS. Enable when AB#2780 is fixed.
          - test: "lb"
            provider: "aws"
    runs-on: ${{ matrix.runner }}
    permissions:
      id-token: write
      checks: write
      contents: read
    steps:
      - name: Install the basics tools (macOS)
        if: runner.os == 'macOS'
        shell: bash
        run: brew install coreutils kubectl bash

      - name: Checkout
        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
        with:
          fetch-depth: 0
          ref: ${{ !github.event.pull_request.head.repo.fork && github.event.workflow_run.head_branch || '' }}

      - name: Setup Go environment
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: "1.20.2"

      - name: Set up gcloud CLI (macOS)
        if: matrix.provider == 'gcp' && runner.os == 'macOS'
        uses: google-github-actions/setup-gcloud@62d4898025f6041e16b1068643bfc5a696863587 # v1.1.0

      - name: Login to Azure
        if: matrix.provider == 'azure'
        uses: ./.github/actions/login_azure
        with:
          azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}

      - name: Create Azure resource group
        id: az_resource_group_gen
        if: matrix.provider == 'azure'
        shell: bash
        run: |
          uuid=$(cat /proc/sys/kernel/random/uuid)
          name=e2e-test-${uuid%%-*}
          az group create --location northeurope --name "$name" --tags e2e
          echo "res_group_name=$name" >> "$GITHUB_OUTPUT"

      - name: Run E2E test
        id: e2e_test
        uses: ./.github/actions/e2e_test
        with:
          workerNodesCount: "2"
          controlNodesCount: "3"
          cloudProvider: ${{ matrix.provider }}
          cliVersion: ""
          kubernetesVersion: ${{ matrix.kubernetes-version }}
          osImage: ""
          isDebugImage: "false"
          keepMeasurements: "true"
          awsOpenSearchDomain: ${{ secrets.AWS_OPENSEARCH_DOMAIN }}
          awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }}
          awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }}
          azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}
          azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }}
          azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
          azureClientSecret: ${{ secrets.AZURE_E2E_CLIENT_SECRET }}
          azureUserAssignedIdentity: ${{ secrets.AZURE_E2E_USER_ASSIGNED_IDENTITY }}
          azureResourceGroup: ${{ steps.az_resource_group_gen.outputs.res_group_name }}
          gcpProject: ${{ secrets.GCP_E2E_PROJECT }}
          gcp_service_account: "constellation-e2e@constellation-331613.iam.gserviceaccount.com"
          gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
          test: ${{ matrix.test }}
          buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}

      - name: Always terminate cluster
        if: always()
        continue-on-error: true
        uses: ./.github/actions/constellation_destroy
        with:
          kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}

      - name: Always delete IAM configuration
        if: always() && matrix.test == 'iamcreate' && matrix.provider != 'azure' # skip for Azure, as the SP / MI does not have the required permissions
        continue-on-error: true
        uses: ./.github/actions/constellation_iam_destroy

      - name: Notify teams channel
        if: failure() && github.ref == 'refs/heads/main'
        continue-on-error: true
        shell: bash
        working-directory: .github/actions/e2e_test
        run: |
          sudo apt-get install gettext-base -y
          export TEAMS_JOB_NAME=${{ matrix.provider }}
          export TEAMS_RUN_ID=${{ github.run_id }}
          envsubst < teams-payload.json > to-be-send.json
          curl                                          \
            -H "Content-Type: application/json"         \
            -d @to-be-send.json                         \
            "${{ secrets.MS_TEAMS_WEBHOOK_URI }}"

      - name: Always destroy Azure resource group
        if: always() && matrix.provider == 'azure'
        shell: bash
        run: |
          az group delete \
            --name ${{ steps.az_resource_group_gen.outputs.res_group_name }} \
            --force-deletion-types Microsoft.Compute/virtualMachineScaleSets \
            --force-deletion-types Microsoft.Compute/virtualMachines \
            --no-wait \
            --yes

  e2e-upgrade:
    strategy:
        fail-fast: false
        max-parallel: 1
        matrix:
          fromVersion:
            ["v2.6.0"]
          cloudProvider: ["gcp", "azure"]
    name: Run upgrade tests
    secrets: inherit
    permissions:
      id-token: write
      contents: read
    uses: ./.github/workflows/e2e-upgrade.yml
    with:
      fromVersion: ${{ matrix.fromVersion }}
      cloudProvider: ${{ matrix.cloudProvider }}
      workerNodesCount: 2
      controlNodesCount: 3
ci: add e2e-test-release workflow This workflow is used to run e2e tests in preparation to a release. It is triggered by the successful completion of the release workflow. Also trigger e2e-mini through the release workflow completion. This makes restarting the tests easier if they fail during release preparation. Co-authored-by: stdoutput <moritz.sanft@outlook.de> 2023-02-13 07:58:34 -05:00			`name: e2e test release`
			`# This workflow is not integrated with e2e-test-weekly since we want different tests to run during weekly and release testing.`
			`# To integrate both tests we would need to pass executed tests as arguments.`
			`# Defining the executed tests is currently the main point of the e2e-test-weekly workflow.`
			`# e2e-test-release runs the same tests as e2e-test-weekly except:`
			`# - any tests on the last release`
			`# - loadbalancer tests for AWS. Test test is currently broken and should not block a release. AB#2780.`
			`#`
			`# The workflow is triggered by the completion of the release workflow.`
			`# The workflow only executes, after being triggered, if the triggering workflow completed successfully.`
			`# e2e-test-release uses the same branch as the triggering workflow and not the commit of the triggering workflow. This is because the release workflow produces further commits.`
			`# e2e-test-release depends on the fact that actions/constellation_create does not overwrite the default osImage, if no osImage is supplied.`

			`on:`
			`workflow_dispatch:`
			`workflow_run:`
			`workflows: ["Release"]`
			`types: [completed]`

			`env:`
			`ARM_CLIENT_ID: ${{ secrets.AZURE_E2E_CLIENT_ID }}`
			`ARM_CLIENT_SECRET: ${{ secrets.AZURE_E2E_CLIENT_SECRET }}`
			`ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}`
			`ARM_TENANT_ID: ${{ secrets.AZURE_E2E_TENANT_ID }}`

			`jobs:`
			`on-failure-quit:`
			`runs-on: ubuntu-22.04`
			`if: github.event.workflow_run.conclusion == 'failure'`
			`steps:`
			`- run: \|`
			`echo 'Release workflow failed, exiting..'`
			`exit 1`

ci: do not skip e2e-weekly if trigger is successful (#1584) 2023-04-03 07:40:42 -04:00			`e2e-tests:`
ci: add e2e-test-release workflow This workflow is used to run e2e tests in preparation to a release. It is triggered by the successful completion of the release workflow. Also trigger e2e-mini through the release workflow completion. This makes restarting the tests easier if they fail during release preparation. Co-authored-by: stdoutput <moritz.sanft@outlook.de> 2023-02-13 07:58:34 -05:00			`strategy:`
			`fail-fast: false`
			`max-parallel: 4`
			`matrix:`
			`test:`
			`[`
			`"sonobuoy full",`
			`"autoscaling",`
			`"perf-bench",`
			`"lb",`
			`"verify",`
			`"recover",`
			`"iamcreate",`
			`]`
			`provider: ["gcp", "azure", "aws"]`
			`kubernetes-version: ["v1.24", "v1.25", "v1.26"]`
			`runner: [ubuntu-22.04, macos-12]`
			`exclude:`
			`# IAM create test runs only on latest kubernetes-version.`
			`- test: "iamcreate"`
			`kubernetes-version: "v1.24"`
			`- test: "iamcreate"`
			`kubernetes-version: "v1.25"`
			`# Verify test runs only on latest kubernetes-version.`
			`- test: "verify"`
			`kubernetes-version: "v1.24"`
			`- test: "verify"`
			`kubernetes-version: "v1.25"`
			`# Recover test runs only on latest kubernetes-version.`
			`- test: "recover"`
			`kubernetes-version: "v1.24"`
			`- test: "recover"`
			`kubernetes-version: "v1.25"`
			`# Autoscaling test runs only on latest kubernetes-version.`
			`- test: "autoscaling"`
			`kubernetes-version: "v1.24"`
			`- test: "autoscaling"`
			`kubernetes-version: "v1.25"`
			`# Perf-Bench test runs only on latest kubernetes-version.`
			`- test: "perf-bench"`
			`kubernetes-version: "v1.24"`
			`- test: "perf-bench"`
			`kubernetes-version: "v1.25"`
			`# lb test runs only on latest kubernetes-version.`
			`- test: "lb"`
			`kubernetes-version: "v1.24"`
			`- test: "lb"`
			`kubernetes-version: "v1.25"`
			`# Currently not supported on AWS.`
			`- test: "autoscaling"`
			`provider: "aws"`
			`- test: "perf-bench"`
			`provider: "aws"`
			`# Currently broken on AWS. Enable when AB#2780 is fixed.`
			`- test: "lb"`
			`provider: "aws"`
			`runs-on: ${{ matrix.runner }}`
			`permissions:`
			`id-token: write`
			`checks: write`
			`contents: read`
			`steps:`
			`- name: Install the basics tools (macOS)`
			`if: runner.os == 'macOS'`
			`shell: bash`
			`run: brew install coreutils kubectl bash`

			`- name: Checkout`
deps: update GitHub action dependencies (#1591) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-04-03 10:36:43 -04:00			`uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0`
ci: add e2e-test-release workflow This workflow is used to run e2e tests in preparation to a release. It is triggered by the successful completion of the release workflow. Also trigger e2e-mini through the release workflow completion. This makes restarting the tests easier if they fail during release preparation. Co-authored-by: stdoutput <moritz.sanft@outlook.de> 2023-02-13 07:58:34 -05:00			`with:`
			`fetch-depth: 0`
			`ref: ${{ !github.event.pull_request.head.repo.fork && github.event.workflow_run.head_branch \|\| '' }}`

			`- name: Setup Go environment`
			`uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0`
			`with:`
			`go-version: "1.20.2"`

			`- name: Set up gcloud CLI (macOS)`
			`if: matrix.provider == 'gcp' && runner.os == 'macOS'`
deps: update GitHub action dependencies (#1591) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-04-03 10:36:43 -04:00			`uses: google-github-actions/setup-gcloud@62d4898025f6041e16b1068643bfc5a696863587 # v1.1.0`
ci: add e2e-test-release workflow This workflow is used to run e2e tests in preparation to a release. It is triggered by the successful completion of the release workflow. Also trigger e2e-mini through the release workflow completion. This makes restarting the tests easier if they fail during release preparation. Co-authored-by: stdoutput <moritz.sanft@outlook.de> 2023-02-13 07:58:34 -05:00
			`- name: Login to Azure`
			`if: matrix.provider == 'azure'`
			`uses: ./.github/actions/login_azure`
			`with:`
			`azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}`

			`- name: Create Azure resource group`
			`id: az_resource_group_gen`
			`if: matrix.provider == 'azure'`
			`shell: bash`
			`run: \|`
			`uuid=$(cat /proc/sys/kernel/random/uuid)`
			`name=e2e-test-${uuid%%-*}`
			`az group create --location northeurope --name "$name" --tags e2e`
			`echo "res_group_name=$name" >> "$GITHUB_OUTPUT"`

			`- name: Run E2E test`
			`id: e2e_test`
			`uses: ./.github/actions/e2e_test`
			`with:`
			`workerNodesCount: "2"`
			`controlNodesCount: "3"`
			`cloudProvider: ${{ matrix.provider }}`
			`cliVersion: ""`
			`kubernetesVersion: ${{ matrix.kubernetes-version }}`
			`osImage: ""`
			`isDebugImage: "false"`
			`keepMeasurements: "true"`
			`awsOpenSearchDomain: ${{ secrets.AWS_OPENSEARCH_DOMAIN }}`
			`awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }}`
			`awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }}`
			`azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}`
			`azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }}`
			`azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }}`
			`azureClientSecret: ${{ secrets.AZURE_E2E_CLIENT_SECRET }}`
			`azureUserAssignedIdentity: ${{ secrets.AZURE_E2E_USER_ASSIGNED_IDENTITY }}`
			`azureResourceGroup: ${{ steps.az_resource_group_gen.outputs.res_group_name }}`
			`gcpProject: ${{ secrets.GCP_E2E_PROJECT }}`
			`gcp_service_account: "constellation-e2e@constellation-331613.iam.gserviceaccount.com"`
			`gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}`
			`test: ${{ matrix.test }}`
			`buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}`

			`- name: Always terminate cluster`
			`if: always()`
			`continue-on-error: true`
			`uses: ./.github/actions/constellation_destroy`
			`with:`
			`kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }}`

			`- name: Always delete IAM configuration`
			`if: always() && matrix.test == 'iamcreate' && matrix.provider != 'azure' # skip for Azure, as the SP / MI does not have the required permissions`
			`continue-on-error: true`
			`uses: ./.github/actions/constellation_iam_destroy`

			`- name: Notify teams channel`
			`if: failure() && github.ref == 'refs/heads/main'`
			`continue-on-error: true`
			`shell: bash`
			`working-directory: .github/actions/e2e_test`
			`run: \|`
			`sudo apt-get install gettext-base -y`
			`export TEAMS_JOB_NAME=${{ matrix.provider }}`
			`export TEAMS_RUN_ID=${{ github.run_id }}`
			`envsubst < teams-payload.json > to-be-send.json`
			`curl \`
			`-H "Content-Type: application/json" \`
			`-d @to-be-send.json \`
			`"${{ secrets.MS_TEAMS_WEBHOOK_URI }}"`

			`- name: Always destroy Azure resource group`
			`if: always() && matrix.provider == 'azure'`
			`shell: bash`
			`run: \|`
			`az group delete \`
			`--name ${{ steps.az_resource_group_gen.outputs.res_group_name }} \`
			`--force-deletion-types Microsoft.Compute/virtualMachineScaleSets \`
			`--force-deletion-types Microsoft.Compute/virtualMachines \`
			`--no-wait \`
			`--yes`

			`e2e-upgrade:`
			`strategy:`
			`fail-fast: false`
			`max-parallel: 1`
			`matrix:`
			`fromVersion:`
			`["v2.6.0"]`
			`cloudProvider: ["gcp", "azure"]`
			`name: Run upgrade tests`
			`secrets: inherit`
			`permissions:`
			`id-token: write`
			`contents: read`
			`uses: ./.github/workflows/e2e-upgrade.yml`
			`with:`
			`fromVersion: ${{ matrix.fromVersion }}`
			`cloudProvider: ${{ matrix.cloudProvider }}`
			`workerNodesCount: 2`
			`controlNodesCount: 3`