diff --git a/.github/actions/constellation_create/action.yml b/.github/actions/constellation_create/action.yml index 340b45c1b..e77ba39e2 100644 --- a/.github/actions/constellation_create/action.yml +++ b/.github/actions/constellation_create/action.yml @@ -17,69 +17,77 @@ inputs: machineType: description: "Machine type of VM to spawn." required: true + kubernetesVersion: + description: "Kubernetes version to create the cluster from." + required: false runs: - using: 'composite' + using: "composite" steps: - - name: Install kubectl - run: | - curl -LO https://dl.k8s.io/release/v1.23.0/bin/linux/amd64/kubectl - install kubectl /usr/local/bin - shell: bash - - name: Install yq jq - run: | - sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64 - sudo add-apt-repository ppa:rmescandon/yq - sudo apt update - sudo apt install yq jq -y - shell: bash + - name: Install kubectl + run: | + curl -LO https://dl.k8s.io/release/v1.23.0/bin/linux/amd64/kubectl + install kubectl /usr/local/bin + shell: bash + - name: Install yq jq + run: | + sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64 + sudo add-apt-repository ppa:rmescandon/yq + sudo apt update + sudo apt install yq jq -y + shell: bash - - name: Constellation config generate - run: | - constellation config generate ${{ inputs.cloudProvider }} - yq eval -i \ - "(.provider | select(. | has(\"azure\")).azure.subscription) = \"0d202bbb-4fa7-4af8-8125-58c269a05435\" | - (.provider | select(. | has(\"azure\")).azure.tenant) = \"adb650a8-5da3-4b15-b4b0-3daf65ff7626\" | - (.provider | select(. | has(\"azure\")).azure.location) = \"North Europe\" | - (.provider | select(. | has(\"azure\")).azure.userAssignedIdentity) = \"/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.ManagedIdentity/userAssignedIdentities/constellation-dev-identity\"" \ - constellation-conf.yaml - yq eval -i \ - "(.provider | select(. | has(\"gcp\")).gcp.project) = \"constellation-331613\" | - (.provider | select(. | has(\"gcp\")).gcp.region) = \"europe-west3\" | - (.provider | select(. | has(\"gcp\")).gcp.zone) = \"europe-west3-b\"" \ - constellation-conf.yaml - shell: bash + - name: Constellation config generate + run: | + constellation config generate ${{ inputs.cloudProvider }} - - name: Set latest image - run: | - case $CSP in - azure) - LATEST_AZURE_IMAGE=$(az sig image-version list --resource-group constellation-images --gallery-name Constellation --gallery-image-definition constellation-coreos --query "sort_by([], &publishingProfile.publishedDate)[].id" -o table | tail -n 1) - yq eval -i "(.provider.azure.image) = \"${LATEST_AZURE_IMAGE}\"" constellation-conf.yaml - ;; - gcp) - LATEST_GCP_IMAGE_TIMESTAMP=$(gcloud compute images list --filter="name~'constellation-coreos-\d{10}'" --sort-by=creationTimestamp --project constellation-images --format="table(name)" | tail -n 1 | cut -d '-' -f3) - yq eval -i "(.provider.gcp.image) = \"projects/constellation-images/global/images/constellation-coreos-${LATEST_GCP_IMAGE_TIMESTAMP}\"" constellation-conf.yaml - ;; - esac - shell: bash - env: - CSP: ${{ inputs.cloudProvider }} + yq eval -i \ + "(.provider | select(. | has(\"azure\")).azure.subscription) = \"0d202bbb-4fa7-4af8-8125-58c269a05435\" | + (.provider | select(. | has(\"azure\")).azure.tenant) = \"adb650a8-5da3-4b15-b4b0-3daf65ff7626\" | + (.provider | select(. | has(\"azure\")).azure.location) = \"North Europe\" | + (.provider | select(. | has(\"azure\")).azure.userAssignedIdentity) = \"/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.ManagedIdentity/userAssignedIdentities/constellation-dev-identity\"" \ + constellation-conf.yaml + yq eval -i \ + "(.provider | select(. | has(\"gcp\")).gcp.project) = \"constellation-331613\" | + (.provider | select(. | has(\"gcp\")).gcp.region) = \"europe-west3\" | + (.provider | select(. | has(\"gcp\")).gcp.zone) = \"europe-west3-b\"" \ + constellation-conf.yaml - - name: Constellation create - run: | - echo "Creating cluster using config:" - cat constellation-conf.yaml - constellation create ${{ inputs.cloudProvider }} -c ${{ inputs.controlNodesCount }} -w ${{ inputs.workerNodesCount }} -t ${{ inputs.machineType }} --name e2e-test -y - shell: bash - - name: Upload constellation-state.json - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 - with: - name: constellation-state.json - path: constellation-state.json - if: ${{ always() && !env.ACT }} + if [ ${{ inputs.kubernetesVersion != '' }} = true ]; then + yq eval -i "(.kubernetesVersion) = ${{ inputs.kubernetesVersion }}" constellation-conf.yaml + fi + shell: bash - - name: Constellation init - run: | - if [ ${{ inputs.autoscale }} = true ]; then autoscale=--autoscale; fi - constellation init ${autoscale} - shell: bash + - name: Set latest image + run: | + case $CSP in + azure) + LATEST_AZURE_IMAGE=$(az sig image-version list --resource-group constellation-images --gallery-name Constellation --gallery-image-definition constellation-coreos --query "sort_by([], &publishingProfile.publishedDate)[].id" -o table | tail -n 1) + yq eval -i "(.provider.azure.image) = \"${LATEST_AZURE_IMAGE}\"" constellation-conf.yaml + ;; + gcp) + LATEST_GCP_IMAGE_TIMESTAMP=$(gcloud compute images list --filter="name~'constellation-coreos-\d{10}'" --sort-by=creationTimestamp --project constellation-images --format="table(name)" | tail -n 1 | cut -d '-' -f3) + yq eval -i "(.provider.gcp.image) = \"projects/constellation-images/global/images/constellation-coreos-${LATEST_GCP_IMAGE_TIMESTAMP}\"" constellation-conf.yaml + ;; + esac + shell: bash + env: + CSP: ${{ inputs.cloudProvider }} + + - name: Constellation create + run: | + echo "Creating cluster using config:" + cat constellation-conf.yaml + constellation create ${{ inputs.cloudProvider }} -c ${{ inputs.controlNodesCount }} -w ${{ inputs.workerNodesCount }} -t ${{ inputs.machineType }} --name e2e-test -y + shell: bash + - name: Upload constellation-state.json + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 + with: + name: constellation-state.json + path: constellation-state.json + if: ${{ always() && !env.ACT }} + + - name: Constellation init + run: | + if [ ${{ inputs.autoscale }} = true ]; then autoscale=--autoscale; fi + constellation init ${autoscale} + shell: bash diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml index 14b06e1e4..d4d9c0894 100644 --- a/.github/actions/e2e_test/action.yml +++ b/.github/actions/e2e_test/action.yml @@ -2,108 +2,112 @@ name: E2E test description: "Run Constellation e2e test." inputs: workerNodesCount: - description: 'Number of worker nodes to spawn.' + description: "Number of worker nodes to spawn." required: true controlNodesCount: - description: 'Number of control-plane nodes to spawn.' + description: "Number of control-plane nodes to spawn." required: true autoscale: - description: 'Autoscale?' + description: "Autoscale?" required: true cloudProvider: - description: 'Which cloud provider to use.' + description: "Which cloud provider to use." required: true machineType: - description: 'VM machine type. Make sure it matches selected cloud provider!' + description: "VM machine type. Make sure it matches selected cloud provider!" required: true gcp_service_account_json: - description: 'Service account with permissions to create Constellation on GCP.' + description: "Service account with permissions to create Constellation on GCP." required: false azure_credentials: - description: 'Credentials authorized to create Constellation on Azure.' + description: "Credentials authorized to create Constellation on Azure." required: false sonobuoyTestSuiteCmd: - description: 'Which tests should be run? Check README for guidance!' + description: "Which tests should be run? Check README for guidance!" required: true + kubernetesVersion: + description: "Kubernetes version to create the cluster from." + required: false msTeamsWebhook: - description: 'WebHook used to notify of failure.' + description: "WebHook used to notify of failure." required: true cosignPublicKey: - description: 'Cosign public key to sign measurements.' + description: "Cosign public key to sign measurements." required: false cosignPrivateKey: - description: 'Cosign private key to sign measurements.' + description: "Cosign private key to sign measurements." required: false cosignPassword: - description: 'Cosign password for private key.' + description: "Cosign password for private key." required: false awsAccessKeyID: - description: 'AWS access key ID to upload measurements.' + description: "AWS access key ID to upload measurements." required: false awsSecretAccessKey: - description: 'AWS secrets access key to upload measurements.' + description: "AWS secrets access key to upload measurements." required: false awsDefaultRegion: - description: 'AWS region of S3 bucket. to upload measurements.' + description: "AWS region of S3 bucket. to upload measurements." required: false awsBucketName: - description: 'AWS S3 bucket name to upload measurements.' + description: "AWS S3 bucket name to upload measurements." required: false runs: - using: 'composite' + using: "composite" steps: - - name: Build CLI - uses: ./.github/actions/build_cli + - name: Build CLI + uses: ./.github/actions/build_cli - - name: Login to GCP - uses: ./.github/actions/gcp_login - with: - gcp_service_account_json: ${{ inputs.gcp_service_account_json }} - if: ${{ inputs.cloudProvider == 'gcp' }} - - name: Login to Azure - uses: ./.github/actions/azure_login - with: - azure_credentials: ${{ inputs.azure_credentials }} - if: ${{ inputs.cloudProvider == 'azure' }} + - name: Login to GCP + uses: ./.github/actions/gcp_login + with: + gcp_service_account_json: ${{ inputs.gcp_service_account_json }} + if: ${{ inputs.cloudProvider == 'gcp' }} + - name: Login to Azure + uses: ./.github/actions/azure_login + with: + azure_credentials: ${{ inputs.azure_credentials }} + if: ${{ inputs.cloudProvider == 'azure' }} - - name: Create cluster - uses: ./.github/actions/constellation_create - with: - cloudProvider: ${{ inputs.cloudProvider }} - autoscale: ${{ inputs.autoscale }} - workerNodesCount: ${{ inputs.workerNodesCount }} - controlNodesCount: ${{ inputs.controlNodesCount }} - machineType: ${{ inputs.machineType }} - - name: Measure cluster - uses: ./.github/actions/constellation_measure - with: - cloudProvider: ${{ inputs.cloudProvider }} - cosignPublicKey: ${{ inputs.cosignPublicKey }} - cosignPrivateKey: ${{ inputs.cosignPrivateKey }} - cosignPassword: ${{ inputs.cosignPassword }} - awsAccessKeyID: ${{ inputs.awsAccessKeyID }} - awsSecretAccessKey: ${{ inputs.awsSecretAccessKey }} - awsDefaultRegion: ${{ inputs.awsDefaultRegion }} - awsBucketName: ${{ inputs.awsBucketName }} - - name: Run e2e tests - uses: ./.github/actions/sonobuoy - with: - sonobuoyTestSuiteCmd: ${{ inputs.sonobuoyTestSuiteCmd }} + - name: Create cluster + uses: ./.github/actions/constellation_create + with: + cloudProvider: ${{ inputs.cloudProvider }} + autoscale: ${{ inputs.autoscale }} + workerNodesCount: ${{ inputs.workerNodesCount }} + controlNodesCount: ${{ inputs.controlNodesCount }} + machineType: ${{ inputs.machineType }} + kubernetesVersion: ${{ inputs.kubernetesVersion }} + - name: Measure cluster + uses: ./.github/actions/constellation_measure + with: + cloudProvider: ${{ inputs.cloudProvider }} + cosignPublicKey: ${{ inputs.cosignPublicKey }} + cosignPrivateKey: ${{ inputs.cosignPrivateKey }} + cosignPassword: ${{ inputs.cosignPassword }} + awsAccessKeyID: ${{ inputs.awsAccessKeyID }} + awsSecretAccessKey: ${{ inputs.awsSecretAccessKey }} + awsDefaultRegion: ${{ inputs.awsDefaultRegion }} + awsBucketName: ${{ inputs.awsBucketName }} + - name: Run e2e tests + uses: ./.github/actions/sonobuoy + with: + sonobuoyTestSuiteCmd: ${{ inputs.sonobuoyTestSuiteCmd }} - - name: Notify teams channel - if: ${{ failure() && github.ref == 'refs/heads/main' }} - run: | - sudo apt-get install gettext-base -y - export TEAMS_JOB_NAME=${{ inputs.cloudProvider }} - export TEAMS_RUN_ID=${{ github.run_id }} - envsubst < teams-payload.json > to-be-send.json - curl \ - -H "Content-Type: application/json" \ - -d @to-be-send.json \ - "${{ inputs.msTeamsWebhook }}" - shell: bash - working-directory: .github/actions/e2e_test + - name: Notify teams channel + if: ${{ failure() && github.ref == 'refs/heads/main' }} + run: | + sudo apt-get install gettext-base -y + export TEAMS_JOB_NAME=${{ inputs.cloudProvider }} + export TEAMS_RUN_ID=${{ github.run_id }} + envsubst < teams-payload.json > to-be-send.json + curl \ + -H "Content-Type: application/json" \ + -d @to-be-send.json \ + "${{ inputs.msTeamsWebhook }}" + shell: bash + working-directory: .github/actions/e2e_test - - name: Always terminate cluster - if: always() - uses: ./.github/actions/constellation_destroy + - name: Always terminate cluster + if: always() + uses: ./.github/actions/constellation_destroy diff --git a/.github/workflows/e2e-test-azure-weekly.yml b/.github/workflows/e2e-test-azure-weekly.yml new file mode 100644 index 000000000..e2d529578 --- /dev/null +++ b/.github/workflows/e2e-test-azure-weekly.yml @@ -0,0 +1,33 @@ +name: e2e Test Azure Weekly +# This workflow only runs once per week. It executes the full e2e tests on the latest-1 and latest-2 versions. Currently 1.23 and 1.22. +# It is executed every sunday at 19:00. + +on: + workflow_dispatch: + schedule: + - cron: "0 19 * * 0" +jobs: + test-older-versions: + strategy: + matrix: + version: ["1.22", "1.23"] + runs-on: [self-hosted, edgserver] + container: + image: ghcr.io/catthehacker/ubuntu:act-latest + steps: + - name: Check out repository + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + with: + fetch-depth: 0 + - name: Run Azure E2E test + uses: ./.github/actions/e2e_test + with: + workerNodesCount: "2" + controlNodesCount: "1" + autoscale: "false" + cloudProvider: "azure" + machineType: "Standard_D4a_v4" + azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }} + sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml' + kubernetesVersion: ${{ matrix.version }} + msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} diff --git a/.github/workflows/e2e-test-azure.yml b/.github/workflows/e2e-test-azure.yml index 40f3c2349..fc108d535 100644 --- a/.github/workflows/e2e-test-azure.yml +++ b/.github/workflows/e2e-test-azure.yml @@ -3,34 +3,58 @@ name: e2e Test Azure on: workflow_dispatch: schedule: - - cron: '0 2 * * 2-6' + - cron: "0 0 * * 2-6" jobs: - e2e-test-azure: + test-latest: runs-on: [self-hosted, edgserver] container: image: ghcr.io/catthehacker/ubuntu:act-latest - options: --privileged steps: - - name: Check out repository - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - with: - fetch-depth: 0 - - name: Run Azure E2E test - uses: ./.github/actions/e2e_test - with: - workerNodesCount: '2' - controlNodesCount: '1' - autoscale: 'false' - cloudProvider: 'azure' - machineType: 'Standard_D4a_v4' - azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }} - # TODO: Remove E2E_SKIP once AB#2174 is resolved - sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml' - msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} - cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }} - cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} - cosignPassword: ${{ secrets.COSIGN_PASSWORD }} - awsAccessKeyID: ${{ secrets.AWS_ACCESS_KEY_ID }} - awsSecretAccessKey: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - awsDefaultRegion: ${{ secrets.AWS_DEFAULT_REGION }} - awsBucketName: ${{ secrets.PUBLIC_BUCKET_NAME }} + - name: Check out repository + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + with: + fetch-depth: 0 + - name: Run Azure E2E test + uses: ./.github/actions/e2e_test + with: + workerNodesCount: "2" + controlNodesCount: "1" + autoscale: "false" + cloudProvider: "azure" + machineType: "Standard_D4a_v4" + azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }} + # TODO: Remove E2E_SKIP once AB#2174 is resolved + sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml' + msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} + cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }} + cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} + cosignPassword: ${{ secrets.COSIGN_PASSWORD }} + awsAccessKeyID: ${{ secrets.AWS_ACCESS_KEY_ID }} + awsSecretAccessKey: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + awsDefaultRegion: ${{ secrets.AWS_DEFAULT_REGION }} + awsBucketName: ${{ secrets.PUBLIC_BUCKET_NAME }} + + test-older-versions: + strategy: + matrix: + version: ["1.22", "1.23"] + runs-on: [self-hosted, edgserver] + container: + image: ghcr.io/catthehacker/ubuntu:act-latest + steps: + - name: Check out repository + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + with: + fetch-depth: 0 + - name: Run Azure E2E test + uses: ./.github/actions/e2e_test + with: + workerNodesCount: "2" + controlNodesCount: "1" + autoscale: "false" + cloudProvider: "azure" + machineType: "Standard_D4a_v4" + azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }} + sonobuoyTestSuiteCmd: "--mode quick" + kubernetesVersion: ${{ matrix.version }} + msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} diff --git a/.github/workflows/e2e-test-gcp-weekly.yml b/.github/workflows/e2e-test-gcp-weekly.yml new file mode 100644 index 000000000..ddf2dd4c6 --- /dev/null +++ b/.github/workflows/e2e-test-gcp-weekly.yml @@ -0,0 +1,33 @@ +name: e2e Test GCP Weekly +# This workflow only runs once per week. It executes the full e2e tests on the latest-1 and latest-2 versions. Currently 1.23 and 1.22. +# It is executed every sunday at 00:00. + +on: + workflow_dispatch: + schedule: + - cron: "0 0 * * 0" +jobs: + test-older-versions: + strategy: + matrix: + version: ["1.22", "1.23"] + runs-on: [self-hosted, edgserver] + container: + image: ghcr.io/catthehacker/ubuntu:act-latest + steps: + - name: Check out repository + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + with: + fetch-depth: 0 + - name: Run GCP E2E test + uses: ./.github/actions/e2e_test + with: + workerNodesCount: "2" + controlNodesCount: "1" + autoscale: "false" + cloudProvider: "gcp" + machineType: "n2d-standard-2" + gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} + sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml' + kubernetesVersion: ${{ matrix.version }} + msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} diff --git a/.github/workflows/e2e-test-gcp.yml b/.github/workflows/e2e-test-gcp.yml index de1f11bf5..1597a5368 100644 --- a/.github/workflows/e2e-test-gcp.yml +++ b/.github/workflows/e2e-test-gcp.yml @@ -3,34 +3,58 @@ name: e2e Test GCP on: workflow_dispatch: schedule: - - cron: '0 4 * * 2-6' + - cron: "0 2 * * 2-6" jobs: - e2e-test-gcp: + test-latest: runs-on: [self-hosted, edgserver] container: image: ghcr.io/catthehacker/ubuntu:act-latest - options: --privileged steps: - - name: Check out repository - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - with: - fetch-depth: 0 - - name: Run GCP E2E test - uses: ./.github/actions/e2e_test - with: - workerNodesCount: '2' - controlNodesCount: '1' - autoscale: 'false' - cloudProvider: 'gcp' - machineType: 'n2d-standard-2' - gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} - # TODO: Remove E2E_SKIP once AB#2174 is resolved - sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml' - msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} - cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }} - cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} - cosignPassword: ${{ secrets.COSIGN_PASSWORD }} - awsAccessKeyID: ${{ secrets.AWS_ACCESS_KEY_ID }} - awsSecretAccessKey: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - awsDefaultRegion: ${{ secrets.AWS_DEFAULT_REGION }} - awsBucketName: ${{ secrets.PUBLIC_BUCKET_NAME }} + - name: Check out repository + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + with: + fetch-depth: 0 + - name: Run GCP E2E test + uses: ./.github/actions/e2e_test + with: + workerNodesCount: "2" + controlNodesCount: "1" + autoscale: "false" + cloudProvider: "gcp" + machineType: "n2d-standard-2" + gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} + # TODO: Remove E2E_SKIP once AB#2174 is resolved + sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml' + msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} + cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }} + cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} + cosignPassword: ${{ secrets.COSIGN_PASSWORD }} + awsAccessKeyID: ${{ secrets.AWS_ACCESS_KEY_ID }} + awsSecretAccessKey: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + awsDefaultRegion: ${{ secrets.AWS_DEFAULT_REGION }} + awsBucketName: ${{ secrets.PUBLIC_BUCKET_NAME }} + + test-older-versions: + strategy: + matrix: + version: ["1.22", "1.23"] + runs-on: [self-hosted, edgserver] + container: + image: ghcr.io/catthehacker/ubuntu:act-latest + steps: + - name: Check out repository + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + with: + fetch-depth: 0 + - name: Run GCP E2E test + uses: ./.github/actions/e2e_test + with: + workerNodesCount: "2" + controlNodesCount: "1" + autoscale: "false" + cloudProvider: "gcp" + machineType: "n2d-standard-2" + gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} + sonobuoyTestSuiteCmd: "--mode quick" + kubernetesVersion: ${{ matrix.version }} + msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} diff --git a/.github/workflows/e2e-test-manual.yml b/.github/workflows/e2e-test-manual.yml index b51639a95..316026b3a 100644 --- a/.github/workflows/e2e-test-manual.yml +++ b/.github/workflows/e2e-test-manual.yml @@ -36,11 +36,10 @@ on: description: "Which tests should be run? Check README for guidance!" default: "--mode quick" required: true - -# Abort runs of *this* workflow, if a new commit with the same ref is pushed. -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true + kubernetesVersion: + description: "Kubernetes version to create the cluster from." + default: "1.24" + required: true jobs: e2e-test-manual: @@ -59,4 +58,5 @@ jobs: gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }} sonobuoyTestSuiteCmd: ${{ github.event.inputs.sonobuoyTestSuiteCmd }} + kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }} msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} diff --git a/CHANGELOG.md b/CHANGELOG.md index a5c7379a8..60afaba8d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Security ### Internal +- Run e2e tests on all supported versions. ## [1.4.0] - 2022-08-02