diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml index 4d642ead9..6505259f9 100644 --- a/.github/actions/e2e_test/action.yml +++ b/.github/actions/e2e_test/action.yml @@ -24,45 +24,24 @@ inputs: description: "Is CoreOS img a debug img?" default: "true" required: true + kubernetesVersion: + description: "Kubernetes version to create the cluster from." + required: false gcp_service_account_json: description: "Service account with permissions to create Constellation on GCP." required: false gcpClusterServiceAccountKey: description: "Service account to use inside the created Constellation cluster on GCP." required: false - sonobuoyTestSuiteCmd: - description: "Which tests should be run? Check README for guidance!" - required: true - kubernetesVersion: - description: "Kubernetes version to create the cluster from." - required: false - cosignPublicKey: - description: "Cosign public key to sign measurements." - required: false - cosignPrivateKey: - description: "Cosign private key to sign measurements." - required: false - cosignPassword: - description: "Cosign password for private key." - required: false - awsAccessKeyID: - description: "AWS access key ID to upload measurements." - required: false - awsSecretAccessKey: - description: "AWS secrets access key to upload measurements." - required: false - awsDefaultRegion: - description: "AWS region of S3 bucket. to upload measurements." - required: false - awsBucketName: - description: "AWS S3 bucket name to upload measurements." - required: false azureClientSecret: description: "The client secret value of the used secret" required: false azureResourceGroup: description: "The resource group to use" required: false + sonobuoyTestSuiteCmd: + description: "Which tests should be run? Check README for guidance!" + required: true runs: using: "composite" @@ -99,17 +78,6 @@ runs: azureClientSecret: ${{ inputs.azureClientSecret }} azureResourceGroup: ${{ inputs.azureResourceGroup }} - - name: Measure cluster - uses: ./.github/actions/constellation_measure - with: - cloudProvider: ${{ inputs.cloudProvider }} - cosignPublicKey: ${{ inputs.cosignPublicKey }} - cosignPrivateKey: ${{ inputs.cosignPrivateKey }} - cosignPassword: ${{ inputs.cosignPassword }} - awsAccessKeyID: ${{ inputs.awsAccessKeyID }} - awsSecretAccessKey: ${{ inputs.awsSecretAccessKey }} - awsDefaultRegion: ${{ inputs.awsDefaultRegion }} - awsBucketName: ${{ inputs.awsBucketName }} - name: Run e2e tests uses: ./.github/actions/sonobuoy with: diff --git a/.github/actions/generate_measurements/action.yml b/.github/actions/generate_measurements/action.yml new file mode 100644 index 000000000..ef863ca13 --- /dev/null +++ b/.github/actions/generate_measurements/action.yml @@ -0,0 +1,111 @@ +name: Generate measurements +description: "Generates measurements for a specific image" +inputs: + cloudProvider: + description: "Which cloud provider to use." + required: true + coreosImage: + description: "CoreOS image to run. The default value 'debug-latest' will select the latest available debug image." + required: true + isDebugImage: + description: "Is CoreOS img a debug img?" + required: true + workerNodesCount: + description: "Number of worker nodes to spawn." + required: false + default: "1" + controlNodesCount: + description: "Number of control-plane nodes to spawn." + required: false + default: "1" + machineType: + description: "VM machine type. Make sure it matches selected cloud provider!" + required: false + kubernetesVersion: + description: "Kubernetes version to create the cluster from." + required: false + default: "1.23" + autoscale: + description: "Autoscale?" + required: false + default: "false" + gcp_service_account_json: + description: "Service account with permissions to create Constellation on GCP." + required: false + gcpClusterServiceAccountKey: + description: "Service account to use inside the created Constellation cluster on GCP." + required: false + azureClientSecret: + description: "The client secret value of the used secret" + required: false + azureResourceGroup: + description: "The resource group to use" + required: false + cosignPublicKey: + description: "Cosign public key to sign measurements." + required: true + cosignPrivateKey: + description: "Cosign private key to sign measurements." + required: true + cosignPassword: + description: "Cosign password for private key." + required: true + awsAccessKeyID: + description: "AWS access key ID to upload measurements." + required: true + awsSecretAccessKey: + description: "AWS secrets access key to upload measurements." + required: true + awsDefaultRegion: + description: "AWS region of S3 bucket. to upload measurements." + required: true + awsBucketName: + description: "AWS S3 bucket name to upload measurements." + required: true + +runs: + using: "composite" + steps: + - name: Build CLI + uses: ./.github/actions/build_cli + - name: Build the bootstrapper + id: build-bootstrapper + uses: ./.github/actions/build_bootstrapper + if: ${{ inputs.isDebugImage == 'true' }} + - name: Build debugd + id: build-debugd + uses: ./.github/actions/build_debugd + if: ${{ inputs.isDebugImage == 'true' }} + + - name: Login to GCP + uses: ./.github/actions/gcp_login + with: + gcp_service_account_json: ${{ inputs.gcp_service_account_json }} + if: ${{ inputs.cloudProvider == 'gcp' }} + + - name: Create cluster + uses: ./.github/actions/constellation_create + with: + cloudProvider: ${{ inputs.cloudProvider }} + gcpClusterServiceAccountKey: ${{ inputs.gcpClusterServiceAccountKey }} + autoscale: ${{ inputs.autoscale }} + workerNodesCount: ${{ inputs.workerNodesCount }} + controlNodesCount: ${{ inputs.controlNodesCount }} + machineType: ${{ inputs.machineType }} + coreosImage: ${{ inputs.coreosImage }} + isDebugImage: ${{ inputs.isDebugImage }} + kubernetesVersion: ${{ inputs.kubernetesVersion }} + azureClientSecret: ${{ inputs.azureClientSecret }} + azureResourceGroup: ${{ inputs.azureResourceGroup }} + + - name: Measure cluster + uses: ./.github/actions/constellation_measure + with: + cloudProvider: ${{ inputs.cloudProvider }} + cosignPublicKey: ${{ inputs.cosignPublicKey }} + cosignPrivateKey: ${{ inputs.cosignPrivateKey }} + cosignPassword: ${{ inputs.cosignPassword }} + awsAccessKeyID: ${{ inputs.awsAccessKeyID }} + awsSecretAccessKey: ${{ inputs.awsSecretAccessKey }} + awsDefaultRegion: ${{ inputs.awsDefaultRegion }} + awsBucketName: ${{ inputs.awsBucketName }} diff --git a/.github/workflows/generate-measurements.yml b/.github/workflows/generate-measurements.yml new file mode 100644 index 000000000..b030a3a50 --- /dev/null +++ b/.github/workflows/generate-measurements.yml @@ -0,0 +1,78 @@ +name: Generate measurements manually + +on: + workflow_dispatch: + inputs: + cloudProvider: + description: "Which cloud provider to use." + type: choice + options: + - "azure" + - "gcp" + default: "gcp" + required: true + coreosImage: + description: "CoreOS image (full path). Examples are in internal/config/config.go." + type: string + required: true + isDebugImage: + description: "Is CoreOS image a debug image?" + type: boolean + required: true + +jobs: + generate-measurements-manual: + runs-on: ubuntu-latest + steps: + - name: Check out repository + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + + - name: Login to Azure + if: ${{ github.event.inputs.cloudProvider == 'azure' }} + uses: ./.github/actions/azure_login + with: + azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }} + + - name: Create Azure resource group + id: az_resource_group_gen + if: ${{ github.event.inputs.cloudProvider == 'azure' }} + shell: bash + run: | + uuid=$(cat /proc/sys/kernel/random/uuid) + name=e2e-test-${uuid%%-*} + az group create --location westus --name $name --tags e2e + echo "::set-output name=res_group_name::$name" + + - name: Create Cluster & Generate Measurements + uses: ./.github/actions/generate_measurements + with: + cloudProvider: ${{ github.event.inputs.cloudProvider }} + gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} + gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }} + azureClientSecret: ${{ secrets.AZURE_E2E_CLIENT_SECRET }} + azureResourceGroup: ${{ steps.az_resource_group_gen.outputs.res_group_name }} + coreosImage: ${{ github.event.inputs.coreosImage }} + isDebugImage: ${{ github.event.inputs.isDebugImage }} + cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }} + cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} + cosignPassword: ${{ secrets.COSIGN_PASSWORD }} + awsAccessKeyID: ${{ secrets.AWS_ACCESS_KEY_ID }} + awsSecretAccessKey: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + awsDefaultRegion: ${{ secrets.AWS_DEFAULT_REGION }} + awsBucketName: ${{ secrets.PUBLIC_BUCKET_NAME }} + + - name: Always terminate cluster + if: always() + continue-on-error: true + uses: ./.github/actions/constellation_destroy + + - name: Always destroy Azure resource group + if: ${{ always() && github.event.inputs.cloudProvider == 'azure' }} + shell: bash + run: | + az group delete \ + --name ${{ steps.az_resource_group_gen.outputs.res_group_name }} \ + --force-deletion-types Microsoft.Compute/virtualMachineScaleSets \ + --force-deletion-types Microsoft.Compute/virtualMachines \ + --no-wait \ + --yes