mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
manual e2e tests: Add option to keep embedded measurements (#698)
This commit is contained in:
parent
4249050116
commit
b9fd8237b9
30
.github/actions/constellation_create/action.yml
vendored
30
.github/actions/constellation_create/action.yml
vendored
@ -23,6 +23,9 @@ inputs:
|
||||
kubernetesVersion:
|
||||
description: "Kubernetes version to create the cluster from."
|
||||
required: false
|
||||
keepMeasurements:
|
||||
default: "false"
|
||||
description: "Keep measurements embedded in the CLI."
|
||||
#
|
||||
# GCP specific inputs
|
||||
#
|
||||
@ -74,15 +77,13 @@ runs:
|
||||
(.provider | select(. | has(\"azure\")).azure.userAssignedIdentity) = \"${{ inputs.azureUserAssignedIdentity }}\" |
|
||||
(.provider | select(. | has(\"azure\")).azure.resourceGroup) = \"${{ inputs.azureResourceGroup }}\" |
|
||||
(.provider | select(. | has(\"azure\")).azure.appClientID) = \"${{ inputs.azureClientID }}\" |
|
||||
(.provider | select(. | has(\"azure\")).azure.clientSecretValue) = \"${{ inputs.azureClientSecret }}\" |
|
||||
(.provider | select(. | has(\"azure\")).azure.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}" \
|
||||
(.provider | select(. | has(\"azure\")).azure.clientSecretValue) = \"${{ inputs.azureClientSecret }}\"" \
|
||||
constellation-conf.yaml
|
||||
|
||||
yq eval -i \
|
||||
"(.provider | select(. | has(\"gcp\")).gcp.project) = \"${{ inputs.gcpProject }}\" |
|
||||
(.provider | select(. | has(\"gcp\")).gcp.region) = \"europe-west3\" |
|
||||
(.provider | select(. | has(\"gcp\")).gcp.zone) = \"europe-west3-b\" |
|
||||
(.provider | select(. | has(\"gcp\")).gcp.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}} |
|
||||
(.provider | select(. | has(\"gcp\")).gcp.serviceAccountKeyPath) = \"serviceAccountKey.json\"" \
|
||||
constellation-conf.yaml
|
||||
|
||||
@ -90,14 +91,33 @@ runs:
|
||||
"(.provider | select(. | has(\"aws\")).aws.region) = \"eu-central-1\" |
|
||||
(.provider | select(. | has(\"aws\")).aws.zone) = \"eu-central-1a\" |
|
||||
(.provider | select(. | has(\"aws\")).aws.iamProfileControlPlane) = \"e2e_test_control_plane_instance_profile\" |
|
||||
(.provider | select(. | has(\"aws\")).aws.iamProfileWorkerNodes) = \"e2e_test_worker_node_instance_profile\" |
|
||||
(.provider | select(. | has(\"aws\")).aws.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}" \
|
||||
(.provider | select(. | has(\"aws\")).aws.iamProfileWorkerNodes) = \"e2e_test_worker_node_instance_profile\"" \
|
||||
constellation-conf.yaml
|
||||
|
||||
if [ ${{ inputs.kubernetesVersion != '' }} = true ]; then
|
||||
yq eval -i "(.kubernetesVersion) = ${{ inputs.kubernetesVersion }}" constellation-conf.yaml
|
||||
fi
|
||||
|
||||
- name: Remove embedded measurements
|
||||
shell: bash
|
||||
if: ${{ inputs.keepMeasurements == 'false' }}
|
||||
run: |
|
||||
yq eval -i \
|
||||
"(.provider | select(. | has(\"aws\")).aws.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}" \
|
||||
constellation-conf.yaml
|
||||
|
||||
yq eval -i \
|
||||
"(.provider | select(. | has(\"azure\")).azure.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}" \
|
||||
constellation-conf.yaml
|
||||
|
||||
yq eval -i \
|
||||
"(.provider | select(. | has(\"gcp\")).gcp.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}"\
|
||||
constellation-conf.yaml
|
||||
|
||||
yq eval -i \
|
||||
"(.provider | select(. | has(\"qemu\")).qemu.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}" \
|
||||
constellation-conf.yaml
|
||||
|
||||
- name: Set image
|
||||
shell: bash
|
||||
env:
|
||||
|
4
.github/actions/e2e_test/action.yml
vendored
4
.github/actions/e2e_test/action.yml
vendored
@ -26,6 +26,9 @@ inputs:
|
||||
kubernetesVersion:
|
||||
description: "Kubernetes version to create the cluster from."
|
||||
required: false
|
||||
keepMeasurements:
|
||||
default: "false"
|
||||
description: "Keep measurements embedded in the CLI."
|
||||
gcpProject:
|
||||
description: "The GCP project to deploy Constellation in."
|
||||
required: false
|
||||
@ -149,6 +152,7 @@ runs:
|
||||
osImage: ${{ inputs.osImage }}
|
||||
isDebugImage: ${{ inputs.isDebugImage }}
|
||||
kubernetesVersion: ${{ inputs.kubernetesVersion }}
|
||||
keepMeasurements: ${{ inputs.keepMeasurements }}
|
||||
azureSubscription: ${{ inputs.azureSubscription }}
|
||||
azureTenant: ${{ inputs.azureTenant }}
|
||||
azureClientID: ${{ inputs.azureClientID }}
|
||||
|
20
.github/docs/release.md
vendored
20
.github/docs/release.md
vendored
@ -71,23 +71,25 @@ This checklist will prepare `v1.3.0` from `v1.2.0`. Adjust your version numbers
|
||||
gh workflow run build-os-image.yml --ref release/v$minor -F debug=false -F imageVersion=v$ver
|
||||
```
|
||||
|
||||
11. Run manual E2E tests using [Linux](/.github/workflows/e2e-test-manual.yml) and [macOS](/.github/workflows/e2e-test-manual-macos.yml) to confirm functionality and stability.
|
||||
11. [Generate measurements](/.github/workflows/generate-measurements.yml) for the images.
|
||||
|
||||
```sh
|
||||
gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=azure -F machineType=Standard_DC4as_v5 -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false
|
||||
gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=azure -F machineType=Standard_DC4as_v5 -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false
|
||||
gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=gcp -F machineType=n2d-standard-4 -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false
|
||||
gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=gcp -F machineType=n2d-standard-4 -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false
|
||||
gh workflow run generate-measurements.yml --ref release/v$minor -F osImage=v$ver -F isDebugImage=false -F signMeasurements=true
|
||||
```
|
||||
|
||||
12. [Generate measurements](/.github/workflows/generate-measurements.yml) for the images.
|
||||
12. Update expected measurements in [`measurements.go`](/internal/attestation/measurements/measurements.go) using the generated measurements from step 12 and **push your changes**.
|
||||
|
||||
13. Run manual E2E tests using [Linux](/.github/workflows/e2e-test-manual.yml) and [macOS](/.github/workflows/e2e-test-manual-macos.yml) to confirm functionality and stability.
|
||||
|
||||
```sh
|
||||
gh workflow run generate-measurements.yml --ref release/v$minor -F osImage=v$ver -F isDebugImage=false -F signMeasurements=true
|
||||
gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=aws -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true
|
||||
gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=aws -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true
|
||||
gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=azure -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true
|
||||
gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=azure -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true
|
||||
gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=gcp -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true
|
||||
gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=gcp -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true
|
||||
```
|
||||
|
||||
13. Update expected measurements in [`measurements.go`](/internal/attestation/measurements/measurements.go) using the generated measurements from step 12 and **push your changes**.
|
||||
|
||||
14. Create a new tag on this release branch.
|
||||
|
||||
```sh
|
||||
|
6
.github/workflows/e2e-test-manual-macos.yml
vendored
6
.github/workflows/e2e-test-manual-macos.yml
vendored
@ -33,6 +33,11 @@ on:
|
||||
description: "Kubernetes version to create the cluster from."
|
||||
default: "1.24"
|
||||
required: true
|
||||
keepMeasurements:
|
||||
description: "Keep measurements embedded in the CLI."
|
||||
type: boolean
|
||||
default: false
|
||||
required: false
|
||||
osImage:
|
||||
description: "Full name of OS image (CSP independent image version UID)."
|
||||
type: string
|
||||
@ -139,6 +144,7 @@ jobs:
|
||||
gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
|
||||
test: ${{ github.event.inputs.test }}
|
||||
kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }}
|
||||
keepMeasurements: ${{ github.event.inputs.keepMeasurements }}
|
||||
azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}
|
||||
azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }}
|
||||
azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
|
||||
|
6
.github/workflows/e2e-test-manual.yml
vendored
6
.github/workflows/e2e-test-manual.yml
vendored
@ -34,6 +34,11 @@ on:
|
||||
description: "Kubernetes version to create the cluster from."
|
||||
default: "1.24"
|
||||
required: true
|
||||
keepMeasurements:
|
||||
description: "Keep measurements embedded in the CLI."
|
||||
type: boolean
|
||||
default: false
|
||||
required: false
|
||||
osImage:
|
||||
description: "Full name of OS image (CSP independent image version UID)."
|
||||
type: string
|
||||
@ -135,6 +140,7 @@ jobs:
|
||||
gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
|
||||
test: ${{ github.event.inputs.test }}
|
||||
kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }}
|
||||
keepMeasurements: ${{ github.event.inputs.keepMeasurements }}
|
||||
azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}
|
||||
azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }}
|
||||
azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
|
||||
|
Loading…
Reference in New Issue
Block a user