ci: make sure permissions to terminate cluster are always set for e2e upgrade (#2298)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2023-09-01 16:15:13 +02:00 committed by GitHub
parent 75ce11af14
commit a4d6016ae5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -206,22 +206,24 @@ jobs:
uses: ./.github/actions/login_azure uses: ./.github/actions/login_azure
with: with:
azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
- name: Migrate config - name: Migrate config
id: constellation-config-migrate id: constellation-config-migrate
run: | run: |
./build/constellation config migrate --debug ./build/constellation config migrate --debug
- name: Upgrade IAM configuration - name: Upgrade IAM configuration
id: constellation-iam-upgrade id: constellation-iam-upgrade
uses: ./.github/actions/constellation_iam_upgrade uses: ./.github/actions/constellation_iam_upgrade
- name: Login to GCP (Cluster service account) - name: Login to GCP (Cluster service account)
if: inputs.cloudProvider == 'gcp' if: always() && inputs.cloudProvider == 'gcp'
uses: ./.github/actions/login_gcp uses: ./.github/actions/login_gcp
with: with:
service_account: "constellation-e2e-cluster@constellation-331613.iam.gserviceaccount.com" service_account: "constellation-e2e-cluster@constellation-331613.iam.gserviceaccount.com"
- name: Login to AWS (Cluster role) - name: Login to AWS (Cluster role)
if: inputs.cloudProvider == 'aws' if: always() && inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
@ -230,7 +232,7 @@ jobs:
role-duration-seconds: 21600 role-duration-seconds: 21600
- name: Login to Azure (Cluster service principal) - name: Login to Azure (Cluster service principal)
if: inputs.cloudProvider == 'azure' if: always() && inputs.cloudProvider == 'azure'
uses: ./.github/actions/login_azure uses: ./.github/actions/login_azure
with: with:
azure_credentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} azure_credentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }}