Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

ci: upload container images when running e2e tests

Browse Source
This commit is contained in:
Malte Poll 2023-04-04 10:16:04 +02:00 committed by Malte Poll
parent 086c17fa23
commit 19ff132ee8
9 changed files with 88 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.github/actions/e2e_test/action.yml vendored
View File

@ -68,6 +68,12 @@ inputs:
buildBuddyApiKey:
description: "BuildBuddy API key for caching Bazel artifacts"
required: true
registry:
description: "Container registry to use"
required: true
githubToken:
description: "GitHub authorization token"
required: true
outputs:
kubeconfig:
@ -146,6 +152,11 @@ runs:
targetOS: ${{ steps.determine-build-target.outputs.hostOS }}
targetArch: ${{ steps.determine-build-target.outputs.hostArch }}
- name: Upload container images
if: inputs.cliVersion == ''
shell: bash
run: bazel run //:push
- name: Login to GCP (IAM service account)
if: inputs.cloudProvider == 'gcp'
uses: ./.github/actions/login_gcp
@ -161,6 +172,13 @@ runs:
# extend token expiry to 6 hours to ensure constellation can terminate
role-duration-seconds: 21600
- name: Log in to the Container registry
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # tag=v2.1.0
with:
registry: ${{ inputs.registry }}
username: ${{ github.actor }}
password: ${{ inputs.githubToken }}
- name: Login to Azure (IAM service principal)
if: inputs.cloudProvider == 'azure'
uses: ./.github/actions/login_azure

2
.github/workflows/e2e-test-daily.yml vendored
View File

@ -86,6 +86,8 @@ jobs:
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
registry: ghcr.io
githubToken: ${{ secrets.GITHUB_TOKEN }}
- name: Always terminate cluster
if: always()

3
.github/workflows/e2e-test-manual.yml vendored
View File

@ -206,6 +206,7 @@ jobs:
id-token: write
checks: write
contents: read
packages: write
needs: [find-latest-image, split-cliImageVersion]
if: always() && !cancelled()
steps:
@ -259,6 +260,8 @@ jobs:
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
registry: ghcr.io
githubToken: ${{ secrets.GITHUB_TOKEN }}
- name: Always terminate cluster
if: always()

2
.github/workflows/e2e-test-release.yml vendored
View File

@ -204,6 +204,8 @@ jobs:
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
registry: ghcr.io
githubToken: ${{ secrets.GITHUB_TOKEN }}
- name: Always terminate cluster
if: always()

2
.github/workflows/e2e-test-weekly.yml vendored
View File

@ -209,6 +209,8 @@ jobs:
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
registry: ghcr.io
githubToken: ${{ secrets.GITHUB_TOKEN }}
- name: Always terminate cluster
if: always()

8
.github/workflows/e2e-upgrade.yml vendored
View File

@ -83,6 +83,12 @@ on:
default: false
required: false
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_E2E_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_E2E_TENANT_ID }}
jobs:
e2e-upgrade:
runs-on: ubuntu-22.04
@ -142,6 +148,8 @@ jobs:
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}
azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
registry: ghcr.io
githubToken: ${{ secrets.GITHUB_TOKEN }}
- name: Run upgrade test
env:

49
.github/workflows/release-cli.yml vendored
View File

@ -7,12 +7,30 @@ on:
type: string
description: "Git ref to checkout"
required: false
pushContainers:
type: boolean
description: "Push containers pinned in the cli to container registry"
required: false
default: false
registry:
description: "Container registry to use"
type: string
default: ghcr.io
workflow_call:
inputs:
ref:
type: string
description: "Git ref to checkout"
required: true
pushContainers:
type: boolean
description: "Push containers pinned in the cli to container registry"
required: false
default: false
registry:
description: "Container registry to use"
type: string
default: ghcr.io
jobs:
build-cli:
@ -50,6 +68,37 @@ jobs:
name: constellation-${{ matrix.os }}-${{ matrix.arch }}
path: build/constellation-${{ matrix.os }}-${{ matrix.arch }}
push-containers:
runs-on: ubuntu-22.04
if: inputs.pushContainers
permissions:
actions: read
contents: write
id-token: write
packages: write
steps:
- name: Checkout
id: checkout
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
with:
ref: ${{ inputs.ref || github.head_ref }}
- name: Setup bazel
uses: ./.github/actions/setup_bazel
with:
useCache: "false"
- name: Log in to the Container registry
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # tag=v2.1.0
with:
registry: ${{ inputs.registry }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Upload referenced container images
shell: bash
run: bazel run //:push
provenance-subjects:
runs-on: ubuntu-22.04
needs:

91
.github/workflows/release.yml vendored
View File

@ -126,84 +126,9 @@ jobs:
git diff --staged --quiet || git commit -m "chore: update version.txt to ${{ inputs.version }}"
git push origin "${BRANCH}"
micro-services:
name: Build micro services
runs-on: ubuntu-22.04
needs: [verify-inputs, prepare-release-branch]
permissions:
contents: read
packages: write
strategy:
matrix:
koTarget:
[
./joinservice/cmd,
./keyservice/cmd,
./verify/cmd,
./operators/constellation-node-operator,
]
include:
- koTarget: ./joinservice/cmd
name: join-service
- koTarget: ./keyservice/cmd
name: key-service
- koTarget: ./verify/cmd
name: verification-service
- koTarget: ./operators/constellation-node-operator
name: node-operator
steps:
- name: Checkout
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
with:
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
- name: Build ${{ matrix.name }} micro service
uses: ./.github/actions/build_micro_service_ko
with:
koTarget: ${{ matrix.koTarget }}
name: ${{ matrix.name }}
pushTag: ${{ inputs.version }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
micro-services-metadata:
name: Build docker images
runs-on: ubuntu-22.04
needs: [verify-inputs, prepare-release-branch]
permissions:
contents: read
packages: write
strategy:
matrix:
appName: [qemu-metadata-api, libvirt]
include:
- appName: qemu-metadata-api
dockerfile: ./hack/qemu-metadata-api/Dockerfile
- appName: libvirt
dockerfile: ./cli/internal/libvirt/Dockerfile
steps:
- name: Checkout
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
with:
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
- name: Build docker image
uses: ./.github/actions/build_micro_service
with:
name: ${{ matrix.appName }}
pushTag: ${{ inputs.version }}
projectVersion: ${{ needs.verify-inputs.outputs.WITHOUT_V }}
dockerfile: ${{ matrix.dockerfile }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
update-versions:
name: Update container image versions
needs: [verify-inputs, micro-services, micro-services-metadata]
needs: [verify-inputs, prepare-release-branch]
runs-on: ubuntu-22.04
permissions:
contents: write
@ -217,23 +142,11 @@ jobs:
with:
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
- name: Install crane
uses: ./.github/actions/setup_crane
- name: Update enterprise image version
run: |
sed -i "s/defaultImage = \"v[0-9]\+\.[0-9]\+\.[0-9]\+\"/defaultImage = \"${VERSION}\"/" internal/config/images_enterprise.go
git add internal/config/images_enterprise.go
- name: Update micro service versions
run: |
for service in node-operator join-service key-service verification-service qemu-metadata-api; do
name=ghcr.io/edgelesssys/constellation/${service}
digest=$(crane digest "${name}:${VERSION}")
sed -i "s#\"${name}:v[0-9]\+\.[0-9]\+\.[0-9]\+[^@]*@sha256:[0-9a-f]\+\"#\"${name}:${VERSION}@${digest}\"#" internal/versions/versions.go
done
git add internal/versions/versions.go
- name: Commit
run: |
git config --global user.name "edgelessci"
@ -323,9 +236,11 @@ jobs:
actions: read
contents: write
id-token: write
packages: write
secrets: inherit
with:
ref: "refs/tags/${{ inputs.version }}"
pushContainers: true
pr-get-changes-back-into-main:
name: PR to Merge changes from release branch into main

1
.github/workflows/warm-bazel-cache.yml vendored
View File

@ -23,6 +23,7 @@ jobs:
- name: Build common targets
run: |
bazel build \
//:devbuild \
//bazel/ci/... \
//bootstrapper/cmd/bootstrapper:bootstrapper_linux_amd64 \
//cli:cli_oss_linux_amd64 \