mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-11 23:49:30 -05:00
ci: reduce amount of regular tests (#2885)
* .github: add e2e test to pr checklist * ci: use sonobuoy quick where possible * ci: run malicious join test on release * ci: remove self managed infra test * ci: remove non-example terraform test from weekly * ci: run Sonobuoy full on the latest k8s version weekly * ci: run weekly sonobuoy quick on all k8s versions * ci: don't run double sonobuoy tests on latest k8s version
This commit is contained in:
parent
befc7cdf63
commit
d5e4435e3d
2
.github/actions/cdbg_deploy/action.yml
vendored
2
.github/actions/cdbg_deploy/action.yml
vendored
@ -24,7 +24,7 @@ inputs:
|
|||||||
description: "The refStream of the image the test runs on."
|
description: "The refStream of the image the test runs on."
|
||||||
required: true
|
required: true
|
||||||
clusterCreation:
|
clusterCreation:
|
||||||
description: "How the infrastructure for the e2e test was created. One of [cli, self-managed, terraform]."
|
description: "How the infrastructure for the e2e test was created. One of [cli, terraform]."
|
||||||
default: "cli"
|
default: "cli"
|
||||||
|
|
||||||
runs:
|
runs:
|
||||||
|
10
.github/actions/constellation_create/action.yml
vendored
10
.github/actions/constellation_create/action.yml
vendored
@ -54,7 +54,7 @@ inputs:
|
|||||||
description: "Whether to use an internal load balancer for the control plane"
|
description: "Whether to use an internal load balancer for the control plane"
|
||||||
required: false
|
required: false
|
||||||
clusterCreation:
|
clusterCreation:
|
||||||
description: "How to create infrastructure for the e2e test. One of [cli, self-managed, terraform]."
|
description: "How to create infrastructure for the e2e test. One of [cli, terraform]."
|
||||||
default: "cli"
|
default: "cli"
|
||||||
marketplaceImageVersion:
|
marketplaceImageVersion:
|
||||||
description: "Marketplace OS image version. Used instead of osImage."
|
description: "Marketplace OS image version. Used instead of osImage."
|
||||||
@ -161,18 +161,10 @@ runs:
|
|||||||
sudo sh -c 'echo "127.0.0.1 license.confidential.cloud" >> /etc/hosts' || true
|
sudo sh -c 'echo "127.0.0.1 license.confidential.cloud" >> /etc/hosts' || true
|
||||||
|
|
||||||
- name: Constellation create (CLI)
|
- name: Constellation create (CLI)
|
||||||
if : inputs.clusterCreation != 'self-managed'
|
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
constellation apply --skip-phases=init,attestationconfig,certsans,helm,image,k8s -y --debug --tf-log=DEBUG
|
constellation apply --skip-phases=init,attestationconfig,certsans,helm,image,k8s -y --debug --tf-log=DEBUG
|
||||||
|
|
||||||
- name: Constellation create (self-managed)
|
|
||||||
if : inputs.clusterCreation == 'self-managed'
|
|
||||||
uses: ./.github/actions/self_managed_create
|
|
||||||
with:
|
|
||||||
cloudProvider: ${{ inputs.cloudProvider }}
|
|
||||||
attestationVariant: ${{ inputs.attestationVariant }}
|
|
||||||
|
|
||||||
- name: Cdbg deploy
|
- name: Cdbg deploy
|
||||||
if: inputs.isDebugImage == 'true'
|
if: inputs.isDebugImage == 'true'
|
||||||
uses: ./.github/actions/cdbg_deploy
|
uses: ./.github/actions/cdbg_deploy
|
||||||
|
13
.github/actions/constellation_destroy/action.yml
vendored
13
.github/actions/constellation_destroy/action.yml
vendored
@ -6,7 +6,7 @@ inputs:
|
|||||||
description: "The kubeconfig for the cluster."
|
description: "The kubeconfig for the cluster."
|
||||||
required: true
|
required: true
|
||||||
clusterCreation:
|
clusterCreation:
|
||||||
description: "How the infrastructure for the e2e test was created. One of [cli, self-managed, terraform]."
|
description: "How the infrastructure for the e2e test was created. One of [cli, terraform]."
|
||||||
default: "cli"
|
default: "cli"
|
||||||
gcpClusterDeleteServiceAccount:
|
gcpClusterDeleteServiceAccount:
|
||||||
description: "Service account with permissions to delete a Constellation cluster on GCP."
|
description: "Service account with permissions to delete a Constellation cluster on GCP."
|
||||||
@ -72,18 +72,7 @@ runs:
|
|||||||
azure_credentials: ${{ inputs.azureClusterDeleteCredentials }}
|
azure_credentials: ${{ inputs.azureClusterDeleteCredentials }}
|
||||||
|
|
||||||
- name: Constellation terminate
|
- name: Constellation terminate
|
||||||
if: inputs.clusterCreation != 'self-managed'
|
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
constellation terminate --yes --tf-log=DEBUG
|
constellation terminate --yes --tf-log=DEBUG
|
||||||
|
|
||||||
- name: Constellation terminate (self-managed)
|
|
||||||
if: inputs.clusterCreation == 'self-managed'
|
|
||||||
shell: bash
|
|
||||||
working-directory: ${{ github.workspace }}/e2e-infra
|
|
||||||
run: |
|
|
||||||
terraform init
|
|
||||||
terraform destroy -auto-approve
|
|
||||||
|
|
||||||
rm -f ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
rm -f ${{ github.workspace }}/constellation-admin.conf
|
|
||||||
|
@ -33,7 +33,7 @@ inputs:
|
|||||||
description: "Kubernetes version of the cluster"
|
description: "Kubernetes version of the cluster"
|
||||||
required: false
|
required: false
|
||||||
clusterCreation:
|
clusterCreation:
|
||||||
description: "How the infrastructure for the e2e test was created. One of [cli, self-managed, terraform]."
|
description: "How the infrastructure for the e2e test was created. One of [cli, terraform]."
|
||||||
default: "cli"
|
default: "cli"
|
||||||
|
|
||||||
runs:
|
runs:
|
||||||
|
2
.github/actions/e2e_test/action.yml
vendored
2
.github/actions/e2e_test/action.yml
vendored
@ -77,7 +77,7 @@ inputs:
|
|||||||
internalLoadBalancer:
|
internalLoadBalancer:
|
||||||
description: "Enable internal load balancer for the cluster."
|
description: "Enable internal load balancer for the cluster."
|
||||||
clusterCreation:
|
clusterCreation:
|
||||||
description: "How to create infrastructure for the e2e test. One of [cli, self-managed, terraform]."
|
description: "How to create infrastructure for the e2e test. One of [cli,, terraform]."
|
||||||
default: "cli"
|
default: "cli"
|
||||||
s3AccessKey:
|
s3AccessKey:
|
||||||
description: "Access key for s3proxy"
|
description: "Access key for s3proxy"
|
||||||
|
@ -21,7 +21,7 @@ inputs:
|
|||||||
description: "Kubernetes version"
|
description: "Kubernetes version"
|
||||||
required: false
|
required: false
|
||||||
clusterCreation:
|
clusterCreation:
|
||||||
description: "How the infrastructure for the e2e test was created. One of [cli, self-managed, terraform]."
|
description: "How the infrastructure for the e2e test was created. One of [cli, terraform]."
|
||||||
required: false
|
required: false
|
||||||
|
|
||||||
runs:
|
runs:
|
||||||
|
113
.github/actions/self_managed_create/action.yml
vendored
113
.github/actions/self_managed_create/action.yml
vendored
@ -1,113 +0,0 @@
|
|||||||
name: Self-managed infrastructure creation
|
|
||||||
description: "Create the required infrastructure for a Constellation cluster manually."
|
|
||||||
|
|
||||||
inputs:
|
|
||||||
cloudProvider:
|
|
||||||
description: "The cloud provider the test runs on."
|
|
||||||
required: true
|
|
||||||
attestationVariant:
|
|
||||||
description: "The attestation variant to use."
|
|
||||||
required: true
|
|
||||||
|
|
||||||
runs:
|
|
||||||
using: "composite"
|
|
||||||
steps:
|
|
||||||
- name: Copy Terraform configuration and Constellation config
|
|
||||||
shell: bash
|
|
||||||
working-directory:
|
|
||||||
run: |
|
|
||||||
cp -r ${{ github.workspace }}/terraform/infrastructure/${{ inputs.cloudProvider }} ${{ github.workspace }}/e2e-infra
|
|
||||||
cp ${{ github.workspace }}/constellation-conf.yaml ${{ github.workspace }}/e2e-infra
|
|
||||||
|
|
||||||
- name: Get CSP image reference
|
|
||||||
id: get_image
|
|
||||||
shell: bash
|
|
||||||
working-directory: ${{ github.workspace }}/e2e-infra
|
|
||||||
run: |
|
|
||||||
echo "image_ref=$(bazel run //hack/image-fetch:image-fetch)" >> $GITHUB_OUTPUT
|
|
||||||
|
|
||||||
- name: Write Terraform variables
|
|
||||||
shell: bash
|
|
||||||
working-directory: ${{ github.workspace }}/e2e-infra
|
|
||||||
run: |
|
|
||||||
echo "name = \"$(yq '.name' constellation-conf.yaml)\"" >> terraform.tfvars
|
|
||||||
echo "debug = $(yq '.debugCluster' constellation-conf.yaml)" >> terraform.tfvars
|
|
||||||
echo "custom_endpoint = \"$(yq '.customEndpoint' constellation-conf.yaml)\"" >> terraform.tfvars
|
|
||||||
echo "image_id = \"${{ steps.get_image.outputs.image_ref }}\"" >> terraform.tfvars
|
|
||||||
echo "node_groups = {
|
|
||||||
control_plane_default = {
|
|
||||||
role = \"$(yq '.nodeGroups.control_plane_default.role' constellation-conf.yaml)\"
|
|
||||||
zone = \"$(yq '.nodeGroups.control_plane_default.zone' constellation-conf.yaml)\"
|
|
||||||
instance_type = \"$(yq '.nodeGroups.control_plane_default.instanceType' constellation-conf.yaml)\"
|
|
||||||
disk_size = \"$(yq '.nodeGroups.control_plane_default.stateDiskSizeGB' constellation-conf.yaml)\"
|
|
||||||
disk_type = \"$(yq '.nodeGroups.control_plane_default.stateDiskType' constellation-conf.yaml)\"
|
|
||||||
initial_count = \"$(yq '.nodeGroups.control_plane_default.initialCount' constellation-conf.yaml)\"
|
|
||||||
}
|
|
||||||
worker_default = {
|
|
||||||
role = \"$(yq '.nodeGroups.worker_default.role' constellation-conf.yaml)\"
|
|
||||||
zone = \"$(yq '.nodeGroups.worker_default.zone' constellation-conf.yaml)\"
|
|
||||||
instance_type = \"$(yq '.nodeGroups.worker_default.instanceType' constellation-conf.yaml)\"
|
|
||||||
disk_size = \"$(yq '.nodeGroups.worker_default.stateDiskSizeGB' constellation-conf.yaml)\"
|
|
||||||
disk_type = \"$(yq '.nodeGroups.worker_default.stateDiskType' constellation-conf.yaml)\"
|
|
||||||
initial_count = \"$(yq '.nodeGroups.worker_default.initialCount' constellation-conf.yaml)\"
|
|
||||||
}
|
|
||||||
}" >> terraform.tfvars
|
|
||||||
if [[ "${{ inputs.cloudProvider }}" == 'aws' ]]; then
|
|
||||||
echo "iam_instance_profile_name_control_plane = \"$(yq '.provider.aws.iamProfileControlPlane' constellation-conf.yaml)\"" >> terraform.tfvars
|
|
||||||
echo "iam_instance_profile_name_worker_nodes = \"$(yq '.provider.aws.iamProfileWorkerNodes' constellation-conf.yaml)\"" >> terraform.tfvars
|
|
||||||
echo "region = \"$(yq '.provider.aws.region' constellation-conf.yaml)\"" >> terraform.tfvars
|
|
||||||
echo "zone = \"$(yq '.provider.aws.zone' constellation-conf.yaml)\"" >> terraform.tfvars
|
|
||||||
echo "enable_snp = $(yq '.attestation | has("awsSEVSNP")' constellation-conf.yaml)" >> terraform.tfvars
|
|
||||||
elif [[ "${{ inputs.cloudProvider }}" == 'azure' ]]; then
|
|
||||||
echo "location = \"$(yq '.provider.azure.location' constellation-conf.yaml)\"" >> terraform.tfvars
|
|
||||||
echo "create_maa = $(yq '.attestation | has("azureSEVSNP")' constellation-conf.yaml)" >> terraform.tfvars
|
|
||||||
echo "confidential_vm = $(yq '.attestation | has("azureTrustedLaunch") | not' constellation-conf.yaml)" >> terraform.tfvars
|
|
||||||
echo "secure_boot = $(yq '.provider.azure.secureBoot' constellation-conf.yaml)" >> terraform.tfvars
|
|
||||||
echo "resource_group = \"$(yq '.provider.azure.resourceGroup' constellation-conf.yaml)\"" >> terraform.tfvars
|
|
||||||
echo "user_assigned_identity = \"$(yq '.provider.azure.userAssignedIdentity' constellation-conf.yaml)\"" >> terraform.tfvars
|
|
||||||
elif [[ "${{ inputs.cloudProvider }}" == 'gcp' ]]; then
|
|
||||||
echo "project = \"$(yq '.provider.gcp.project' constellation-conf.yaml)\"" >> terraform.tfvars
|
|
||||||
echo "region = \"$(yq '.provider.gcp.region' constellation-conf.yaml)\"" >> terraform.tfvars
|
|
||||||
echo "zone = \"$(yq '.provider.gcp.zone' constellation-conf.yaml)\"" >> terraform.tfvars
|
|
||||||
fi
|
|
||||||
terraform fmt terraform.tfvars
|
|
||||||
echo "Using Terraform variables:"
|
|
||||||
cat terraform.tfvars
|
|
||||||
|
|
||||||
- name: Apply Terraform configuration
|
|
||||||
shell: bash
|
|
||||||
working-directory: ${{ github.workspace }}/e2e-infra
|
|
||||||
run: |
|
|
||||||
terraform init
|
|
||||||
terraform apply -auto-approve
|
|
||||||
|
|
||||||
- name: Patch MAA Policy
|
|
||||||
shell: bash
|
|
||||||
working-directory: ${{ github.workspace }}/e2e-infra
|
|
||||||
if: inputs.attestationVariant == 'azure-sev-snp'
|
|
||||||
run: |
|
|
||||||
constellation maa-patch $(terraform output attestation_url | jq -r)
|
|
||||||
|
|
||||||
- name: Write outputs to state file
|
|
||||||
shell: bash
|
|
||||||
working-directory: ${{ github.workspace }}/e2e-infra
|
|
||||||
run: |
|
|
||||||
yq eval '.version ="v1"' --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
yq eval ".infrastructure.initSecret =\"$(terraform output init_secret | jq -r | tr -d '\n' | hexdump -ve '/1 "%02x"' && echo '')\"" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
yq eval ".infrastructure.clusterEndpoint =\"$(terraform output out_of_cluster_endpoint | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
yq eval ".infrastructure.inClusterEndpoint =\"$(terraform output in_cluster_endpoint | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
yq eval ".infrastructure.ipCidrNode =\"$(terraform output ip_cidr_node | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
yq eval ".infrastructure.uid =\"$(terraform output uid | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
yq eval ".infrastructure.name =\"$(terraform output name | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
yq eval ".infrastructure.apiServerCertSANs =$(terraform output -json api_server_cert_sans)" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
if [[ "${{ inputs.cloudProvider }}" == 'azure' ]]; then
|
|
||||||
yq eval ".infrastructure.azure.resourceGroup =\"$(terraform output resource_group | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
yq eval ".infrastructure.azure.subscriptionID =\"$(terraform output subscription_id | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
yq eval ".infrastructure.azure.networkSecurityGroupName =\"$(terraform output network_security_group_name | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
yq eval ".infrastructure.azure.loadBalancerName =\"$(terraform output loadbalancer_name | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
yq eval ".infrastructure.azure.userAssignedIdentity =\"$(terraform output user_assigned_identity_client_id | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
yq eval ".infrastructure.azure.attestationURL =\"$(terraform output attestation_url | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
elif [[ "${{ inputs.cloudProvider }}" == 'gcp' ]]; then
|
|
||||||
yq eval ".infrastructure.gcp.projectID =\"$(terraform output project | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
yq eval ".infrastructure.gcp.ipCidrPod =\"$(terraform output ip_cidr_pod | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
|
|
||||||
fi
|
|
1
.github/pull_request_template.md
vendored
1
.github/pull_request_template.md
vendored
@ -26,6 +26,7 @@ Feel free to edit, complete or extend this list while the PR is open.
|
|||||||
### Checklist
|
### Checklist
|
||||||
<!-- Remove items that do not apply. For completed items, change [ ] to [x], or check after submitting. -->
|
<!-- Remove items that do not apply. For completed items, change [ ] to [x], or check after submitting. -->
|
||||||
<!-- more information in dev-docs/workflows/pull-request.md -->
|
<!-- more information in dev-docs/workflows/pull-request.md -->
|
||||||
|
- [ ] Run the E2E tests that are relevant to this PR's changes
|
||||||
- [ ] Update [docs](https://github.com/edgelesssys/constellation/tree/main/docs)
|
- [ ] Update [docs](https://github.com/edgelesssys/constellation/tree/main/docs)
|
||||||
- [ ] Add labels (e.g., for changelog category)
|
- [ ] Add labels (e.g., for changelog category)
|
||||||
- [ ] Is PR title adequate for changelog?
|
- [ ] Is PR title adequate for changelog?
|
||||||
|
2
.github/workflows/e2e-test-daily.yml
vendored
2
.github/workflows/e2e-test-daily.yml
vendored
@ -48,7 +48,7 @@ jobs:
|
|||||||
kubernetesVersion: ["1.28"] # should be default
|
kubernetesVersion: ["1.28"] # should be default
|
||||||
attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
|
attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
|
||||||
refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
|
refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
|
||||||
test: ["sonobuoy full"]
|
test: ["sonobuoy quick"]
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
permissions:
|
permissions:
|
||||||
id-token: write
|
id-token: write
|
||||||
|
45
.github/workflows/e2e-test-release.yml
vendored
45
.github/workflows/e2e-test-release.yml
vendored
@ -209,29 +209,6 @@ jobs:
|
|||||||
runner: "ubuntu-22.04"
|
runner: "ubuntu-22.04"
|
||||||
clusterCreation: "cli"
|
clusterCreation: "cli"
|
||||||
|
|
||||||
# self-managed infra test on latest k8s version
|
|
||||||
# runs Sonobuoy full test
|
|
||||||
- test: "sonobuoy full"
|
|
||||||
attestationVariant: "gcp-sev-es"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
runner: "ubuntu-22.04"
|
|
||||||
clusterCreation: "self-managed"
|
|
||||||
- test: "sonobuoy full"
|
|
||||||
attestationVariant: "azure-sev-snp"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
runner: "ubuntu-22.04"
|
|
||||||
clusterCreation: "self-managed"
|
|
||||||
- test: "sonobuoy full"
|
|
||||||
attestationVariant: "azure-tdx"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
runner: "ubuntu-22.04"
|
|
||||||
clusterCreation: "self-managed"
|
|
||||||
- test: "sonobuoy full"
|
|
||||||
attestationVariant: "aws-sev-snp"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
runner: "ubuntu-22.04"
|
|
||||||
clusterCreation: "self-managed"
|
|
||||||
|
|
||||||
# s3proxy test on latest k8s version
|
# s3proxy test on latest k8s version
|
||||||
- test: "s3proxy"
|
- test: "s3proxy"
|
||||||
refStream: "ref/main/stream/debug/?"
|
refStream: "ref/main/stream/debug/?"
|
||||||
@ -240,6 +217,28 @@ jobs:
|
|||||||
runner: "ubuntu-22.04"
|
runner: "ubuntu-22.04"
|
||||||
clusterCreation: "cli"
|
clusterCreation: "cli"
|
||||||
|
|
||||||
|
# malicious join test on latest k8s version
|
||||||
|
- test: "malicious join"
|
||||||
|
refStream: "ref/main/stream/debug/?"
|
||||||
|
attestationVariant: "gcp-sev-es"
|
||||||
|
kubernetes-version: "v1.29"
|
||||||
|
clusterCreation: "cli"
|
||||||
|
- test: "malicious join"
|
||||||
|
refStream: "ref/main/stream/debug/?"
|
||||||
|
attestationVariant: "azure-sev-snp"
|
||||||
|
kubernetes-version: "v1.29"
|
||||||
|
clusterCreation: "cli"
|
||||||
|
- test: "malicious join"
|
||||||
|
refStream: "ref/main/stream/debug/?"
|
||||||
|
attestationVariant: "azure-tdx"
|
||||||
|
kubernetes-version: "v1.29"
|
||||||
|
clusterCreation: "cli"
|
||||||
|
- test: "malicious join"
|
||||||
|
refStream: "ref/main/stream/debug/?"
|
||||||
|
attestationVariant: "aws-sev-snp"
|
||||||
|
kubernetes-version: "v1.29"
|
||||||
|
clusterCreation: "cli"
|
||||||
|
|
||||||
#
|
#
|
||||||
# Tests on macOS runner
|
# Tests on macOS runner
|
||||||
#
|
#
|
||||||
|
89
.github/workflows/e2e-test-self-managed.yml
vendored
89
.github/workflows/e2e-test-self-managed.yml
vendored
@ -1,89 +0,0 @@
|
|||||||
name: e2e test self managed infrastructure
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_dispatch:
|
|
||||||
inputs:
|
|
||||||
nodeCount:
|
|
||||||
description: "Number of nodes to use in the cluster. Given in format `<control-plane nodes>:<worker nodes>`."
|
|
||||||
default: "3:2"
|
|
||||||
type: string
|
|
||||||
attestationVariant:
|
|
||||||
description: "Which attestation variant to use."
|
|
||||||
type: choice
|
|
||||||
options:
|
|
||||||
- "gcp-sev-es"
|
|
||||||
- "azure-sev-snp"
|
|
||||||
- "azure-tdx"
|
|
||||||
- "aws-sev-snp"
|
|
||||||
default: "azure-sev-snp"
|
|
||||||
required: true
|
|
||||||
runner:
|
|
||||||
description: "Architecture of the runner that executes the CLI"
|
|
||||||
type: choice
|
|
||||||
options:
|
|
||||||
- "ubuntu-22.04"
|
|
||||||
- "macos-12"
|
|
||||||
default: "ubuntu-22.04"
|
|
||||||
test:
|
|
||||||
description: "The test to run."
|
|
||||||
type: choice
|
|
||||||
options:
|
|
||||||
- "sonobuoy quick"
|
|
||||||
- "sonobuoy full"
|
|
||||||
- "autoscaling"
|
|
||||||
- "lb"
|
|
||||||
- "perf-bench"
|
|
||||||
- "verify"
|
|
||||||
- "recover"
|
|
||||||
- "malicious join"
|
|
||||||
- "nop"
|
|
||||||
required: true
|
|
||||||
kubernetesVersion:
|
|
||||||
description: "Kubernetes version to create the cluster from."
|
|
||||||
default: "1.28"
|
|
||||||
required: true
|
|
||||||
cliVersion:
|
|
||||||
description: "Version of a released CLI to download. Leave empty to build the CLI from the checked out ref."
|
|
||||||
type: string
|
|
||||||
default: ""
|
|
||||||
required: false
|
|
||||||
imageVersion:
|
|
||||||
description: "Full name of OS image (CSP independent image version UID). Leave empty for latest debug image on main."
|
|
||||||
type: string
|
|
||||||
default: ""
|
|
||||||
required: false
|
|
||||||
machineType:
|
|
||||||
description: "Override VM machine type. Leave as 'default' or empty to use the default VM type for the selected cloud provider."
|
|
||||||
type: string
|
|
||||||
default: "default"
|
|
||||||
required: false
|
|
||||||
regionZone:
|
|
||||||
description: "Region or zone to create the cluster in. Leave empty for default region/zone."
|
|
||||||
type: string
|
|
||||||
git-ref:
|
|
||||||
description: "Git ref to checkout."
|
|
||||||
type: string
|
|
||||||
default: "head"
|
|
||||||
required: false
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
e2e-test:
|
|
||||||
permissions:
|
|
||||||
id-token: write
|
|
||||||
checks: write
|
|
||||||
contents: read
|
|
||||||
packages: write
|
|
||||||
secrets: inherit
|
|
||||||
uses: ./.github/workflows/e2e-test.yml
|
|
||||||
with:
|
|
||||||
nodeCount: ${{ inputs.nodeCount }}
|
|
||||||
attestationVariant: ${{ inputs.attestationVariant }}
|
|
||||||
runner: ${{ inputs.runner }}
|
|
||||||
test: ${{ inputs.test }}
|
|
||||||
kubernetesVersion: ${{ inputs.kubernetesVersion }}
|
|
||||||
cliVersion: ${{ inputs.cliVersion }}
|
|
||||||
imageVersion: ${{ inputs.imageVersion }}
|
|
||||||
machineType: ${{ inputs.machineType }}
|
|
||||||
regionZone: ${{ inputs.regionZone }}
|
|
||||||
git-ref: ${{ inputs.git-ref }}
|
|
||||||
clusterCreation: "self-managed"
|
|
86
.github/workflows/e2e-test-weekly.yml
vendored
86
.github/workflows/e2e-test-weekly.yml
vendored
@ -51,7 +51,7 @@ jobs:
|
|||||||
# Tests on main-debug refStream
|
# Tests on main-debug refStream
|
||||||
#
|
#
|
||||||
|
|
||||||
# sonobuoy full test on all k8s versions
|
# Sonobuoy full test on latest k8s version
|
||||||
- test: "sonobuoy full"
|
- test: "sonobuoy full"
|
||||||
refStream: "ref/main/stream/debug/?"
|
refStream: "ref/main/stream/debug/?"
|
||||||
attestationVariant: "gcp-sev-es"
|
attestationVariant: "gcp-sev-es"
|
||||||
@ -73,48 +73,50 @@ jobs:
|
|||||||
kubernetes-version: "v1.29"
|
kubernetes-version: "v1.29"
|
||||||
clusterCreation: "cli"
|
clusterCreation: "cli"
|
||||||
|
|
||||||
- test: "sonobuoy full"
|
# Sonobuoy quick test on all but the latest k8s versions
|
||||||
|
- test: "sonobuoy quick"
|
||||||
refStream: "ref/main/stream/debug/?"
|
refStream: "ref/main/stream/debug/?"
|
||||||
attestationVariant: "gcp-sev-es"
|
attestationVariant: "gcp-sev-es"
|
||||||
kubernetes-version: "v1.28"
|
kubernetes-version: "v1.28"
|
||||||
clusterCreation: "cli"
|
clusterCreation: "cli"
|
||||||
- test: "sonobuoy full"
|
- test: "sonobuoy quick"
|
||||||
refStream: "ref/main/stream/debug/?"
|
refStream: "ref/main/stream/debug/?"
|
||||||
attestationVariant: "azure-sev-snp"
|
attestationVariant: "azure-sev-snp"
|
||||||
kubernetes-version: "v1.28"
|
kubernetes-version: "v1.28"
|
||||||
clusterCreation: "cli"
|
clusterCreation: "cli"
|
||||||
- test: "sonobuoy full"
|
- test: "sonobuoy quick"
|
||||||
refStream: "ref/main/stream/debug/?"
|
refStream: "ref/main/stream/debug/?"
|
||||||
attestationVariant: "azure-tdx"
|
attestationVariant: "azure-tdx"
|
||||||
kubernetes-version: "v1.28"
|
kubernetes-version: "v1.28"
|
||||||
clusterCreation: "cli"
|
clusterCreation: "cli"
|
||||||
- test: "sonobuoy full"
|
- test: "sonobuoy quick"
|
||||||
refStream: "ref/main/stream/debug/?"
|
refStream: "ref/main/stream/debug/?"
|
||||||
attestationVariant: "aws-sev-snp"
|
attestationVariant: "aws-sev-snp"
|
||||||
kubernetes-version: "v1.28"
|
kubernetes-version: "v1.28"
|
||||||
clusterCreation: "cli"
|
clusterCreation: "cli"
|
||||||
|
|
||||||
- test: "sonobuoy full"
|
- test: "sonobuoy quick"
|
||||||
refStream: "ref/main/stream/debug/?"
|
refStream: "ref/main/stream/debug/?"
|
||||||
attestationVariant: "gcp-sev-es"
|
attestationVariant: "gcp-sev-es"
|
||||||
kubernetes-version: "v1.27"
|
kubernetes-version: "v1.27"
|
||||||
clusterCreation: "cli"
|
clusterCreation: "cli"
|
||||||
- test: "sonobuoy full"
|
- test: "sonobuoy quick"
|
||||||
refStream: "ref/main/stream/debug/?"
|
refStream: "ref/main/stream/debug/?"
|
||||||
attestationVariant: "azure-sev-snp"
|
attestationVariant: "azure-sev-snp"
|
||||||
kubernetes-version: "v1.27"
|
kubernetes-version: "v1.27"
|
||||||
clusterCreation: "cli"
|
clusterCreation: "cli"
|
||||||
- test: "sonobuoy full"
|
- test: "sonobuoy quick"
|
||||||
refStream: "ref/main/stream/debug/?"
|
refStream: "ref/main/stream/debug/?"
|
||||||
attestationVariant: "azure-tdx"
|
attestationVariant: "azure-tdx"
|
||||||
kubernetes-version: "v1.27"
|
kubernetes-version: "v1.27"
|
||||||
clusterCreation: "cli"
|
clusterCreation: "cli"
|
||||||
- test: "sonobuoy full"
|
- test: "sonobuoy quick"
|
||||||
refStream: "ref/main/stream/debug/?"
|
refStream: "ref/main/stream/debug/?"
|
||||||
attestationVariant: "aws-sev-snp"
|
attestationVariant: "aws-sev-snp"
|
||||||
kubernetes-version: "v1.27"
|
kubernetes-version: "v1.27"
|
||||||
clusterCreation: "cli"
|
clusterCreation: "cli"
|
||||||
|
|
||||||
|
|
||||||
# verify test on latest k8s version
|
# verify test on latest k8s version
|
||||||
- test: "verify"
|
- test: "verify"
|
||||||
refStream: "ref/main/stream/debug/?"
|
refStream: "ref/main/stream/debug/?"
|
||||||
@ -222,72 +224,6 @@ jobs:
|
|||||||
# kubernetes-version: "v1.29"
|
# kubernetes-version: "v1.29"
|
||||||
# clusterCreation: "cli"
|
# clusterCreation: "cli"
|
||||||
|
|
||||||
# malicious join test on latest k8s version
|
|
||||||
- test: "malicious join"
|
|
||||||
refStream: "ref/main/stream/debug/?"
|
|
||||||
attestationVariant: "gcp-sev-es"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
clusterCreation: "cli"
|
|
||||||
- test: "malicious join"
|
|
||||||
refStream: "ref/main/stream/debug/?"
|
|
||||||
attestationVariant: "azure-sev-snp"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
clusterCreation: "cli"
|
|
||||||
- test: "malicious join"
|
|
||||||
refStream: "ref/main/stream/debug/?"
|
|
||||||
attestationVariant: "azure-tdx"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
clusterCreation: "cli"
|
|
||||||
- test: "malicious join"
|
|
||||||
refStream: "ref/main/stream/debug/?"
|
|
||||||
attestationVariant: "aws-sev-snp"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
clusterCreation: "cli"
|
|
||||||
|
|
||||||
# self-managed infra test on latest k8s version
|
|
||||||
# with Sonobuoy full
|
|
||||||
- test: "sonobuoy full"
|
|
||||||
refStream: "ref/main/stream/debug/?"
|
|
||||||
attestationVariant: "gcp-sev-es"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
clusterCreation: "self-managed"
|
|
||||||
- test: "sonobuoy full"
|
|
||||||
refStream: "ref/main/stream/debug/?"
|
|
||||||
attestationVariant: "azure-sev-snp"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
clusterCreation: "self-managed"
|
|
||||||
- test: "sonobuoy full"
|
|
||||||
refStream: "ref/main/stream/debug/?"
|
|
||||||
attestationVariant: "azure-tdx"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
clusterCreation: "self-managed"
|
|
||||||
- test: "sonobuoy full"
|
|
||||||
attestationVariant: "aws-sev-snp"
|
|
||||||
refStream: "ref/main/stream/debug/?"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
clusterCreation: "self-managed"
|
|
||||||
|
|
||||||
- test: "sonobuoy full"
|
|
||||||
refStream: "ref/main/stream/debug/?"
|
|
||||||
attestationVariant: "gcp-sev-es"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
clusterCreation: "terraform"
|
|
||||||
- test: "sonobuoy full"
|
|
||||||
refStream: "ref/main/stream/debug/?"
|
|
||||||
attestationVariant: "azure-sev-snp"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
clusterCreation: "terraform"
|
|
||||||
- test: "sonobuoy full"
|
|
||||||
refStream: "ref/main/stream/debug/?"
|
|
||||||
attestationVariant: "azure-tdx"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
clusterCreation: "terraform"
|
|
||||||
- test: "sonobuoy full"
|
|
||||||
refStream: "ref/main/stream/debug/?"
|
|
||||||
attestationVariant: "aws-sev-snp"
|
|
||||||
kubernetes-version: "v1.29"
|
|
||||||
clusterCreation: "terraform"
|
|
||||||
|
|
||||||
# s3proxy test on latest k8s version
|
# s3proxy test on latest k8s version
|
||||||
- test: "s3proxy"
|
- test: "s3proxy"
|
||||||
refStream: "ref/main/stream/debug/?"
|
refStream: "ref/main/stream/debug/?"
|
||||||
|
2
.github/workflows/e2e-test.yml
vendored
2
.github/workflows/e2e-test.yml
vendored
@ -114,7 +114,7 @@ on:
|
|||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: false
|
||||||
clusterCreation:
|
clusterCreation:
|
||||||
description: "How to create infrastructure for the e2e test. One of [cli, self-managed, terraform]."
|
description: "How to create infrastructure for the e2e test. One of [cli, terraform]."
|
||||||
type: string
|
type: string
|
||||||
default: "cli"
|
default: "cli"
|
||||||
marketplaceImageVersion:
|
marketplaceImageVersion:
|
||||||
|
Loading…
Reference in New Issue
Block a user