Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

ci: enable gcp-sev-snp for daily tests (#3058)

Browse Source 
* Run gcp-sev-snp debug e2e test in daily
* Fix verify e2e test not creating json file for gcp-sev-snp

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2024-05-03 08:18:21 +02:00 committed by GitHub
parent 259e85d9c1
commit 35bd805bec
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.github/actions/e2e_verify/action.yml vendored
View File

@ -66,12 +66,16 @@ runs:
forwarderPID=$! forwarderPID=$!
sleep 5 sleep 5
if [[ ${{ inputs.attestationVariant }} == "azure-sev-snp" ]] || [[ ${{ inputs.attestationVariant }} == "aws-sev-snp" ]]; then case "${{ inputs.attestationVariant }}"
echo "Extracting TCB versions for API update" in
constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090 -o json > "snp-report-${node}.json" "azure-sev-snp"|"aws-sev-snp"|"gcp-sev-snp")
else echo "Extracting TCB versions for API update"
constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090 constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090 -o json > "snp-report-${node}.json"
fi ;;
*)
constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090
;;
esac
kill $forwarderPID kill $forwarderPID
done done
@ -90,11 +94,6 @@ runs:
COSIGN_PASSWORD: ${{ inputs.cosignPassword }} COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }} COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
run: | run: |
if [[ ${{ inputs.attestationVariant }} == "aws-sev-snp" ]] && constellation version | grep -q "v2.13."; then
echo "Skipping TCB upload for AWS on CLI v2.13"
exit 0
fi
reports=(snp-report-*.json) reports=(snp-report-*.json)
if [ -z ${#reports[@]} ]; then if [ -z ${#reports[@]} ]; then
exit 1 exit 1

11
.github/workflows/e2e-test-daily.yml vendored
View File

@ -46,10 +46,15 @@ jobs:
max-parallel: 5 max-parallel: 5
matrix: matrix:
kubernetesVersion: ["1.28"] # should be default kubernetesVersion: ["1.28"] # should be default
# TODO(msanft): Enable GCP SEV-SNP once stable GCP SEV-SNP images exist. attestationVariant: ["gcp-sev-es", "gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"] refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
test: ["sonobuoy quick"] test: ["sonobuoy quick"]
exclude:
# TODO(v2.18 msanft): Remove exclude rule for GCP SEV-SNP stable once images exist.
- kubernetesVersion: "1.28"
attestationVariant: "gcp-sev-snp"
refStream: "ref/release/stream/stable/?"
test: "sonobuoy quick"
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
permissions: permissions:
id-token: write id-token: write
@ -129,7 +134,7 @@ jobs:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
uses: ./.github/actions/update_tfstate uses: ./.github/actions/update_tfstate
with: with:
name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }} name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}
runID: ${{ github.run_id }} runID: ${{ github.run_id }}
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}