ci: enable gcp-sev-snp for daily tests (#3058)

* Run gcp-sev-snp debug e2e test in daily
* Fix verify e2e test not creating json file for gcp-sev-snp

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2024-05-03 08:18:21 +02:00 committed by GitHub
parent 259e85d9c1
commit 35bd805bec
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 18 additions and 14 deletions

View File

@ -66,12 +66,16 @@ runs:
forwarderPID=$!
sleep 5
if [[ ${{ inputs.attestationVariant }} == "azure-sev-snp" ]] || [[ ${{ inputs.attestationVariant }} == "aws-sev-snp" ]]; then
case "${{ inputs.attestationVariant }}"
in
"azure-sev-snp"|"aws-sev-snp"|"gcp-sev-snp")
echo "Extracting TCB versions for API update"
constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090 -o json > "snp-report-${node}.json"
else
;;
*)
constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090
fi
;;
esac
kill $forwarderPID
done
@ -90,11 +94,6 @@ runs:
COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
run: |
if [[ ${{ inputs.attestationVariant }} == "aws-sev-snp" ]] && constellation version | grep -q "v2.13."; then
echo "Skipping TCB upload for AWS on CLI v2.13"
exit 0
fi
reports=(snp-report-*.json)
if [ -z ${#reports[@]} ]; then
exit 1

View File

@ -46,10 +46,15 @@ jobs:
max-parallel: 5
matrix:
kubernetesVersion: ["1.28"] # should be default
# TODO(msanft): Enable GCP SEV-SNP once stable GCP SEV-SNP images exist.
attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
attestationVariant: ["gcp-sev-es", "gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
test: ["sonobuoy quick"]
exclude:
# TODO(v2.18 msanft): Remove exclude rule for GCP SEV-SNP stable once images exist.
- kubernetesVersion: "1.28"
attestationVariant: "gcp-sev-snp"
refStream: "ref/release/stream/stable/?"
test: "sonobuoy quick"
runs-on: ubuntu-22.04
permissions:
id-token: write