Feat/measurements in e2e (#218)

* Make e2e pipeline use the latest image available. * Use pcr-reader to read & store measurements. * buildvcs false in ci * only notify teams on main * plain yq syntax, since if already checks for csp * previous version of yq requires explicit eval * fix pcr-reader call * actually pass variable between jobs * fix typo * Make order of images consistent. * read measurements after create Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2025-01-11 15:39:33 -05:00 · 2022-06-20 10:30:59 +02:00 · 2022-06-20 10:30:59 +02:00 · d856b0cd86
commit d856b0cd86
parent 3de5fd47b5
4 changed files with 56 additions and 3 deletions
--- a/.github/actions/build_cli/action.yml
+++ b/.github/actions/build_cli/action.yml
@ -23,3 +23,10 @@ runs:
      echo "$(pwd)" >> $GITHUB_PATH
      export PATH="$PATH:$(pwd)"
    shell: bash
+  - name: Build hack/pcr-reader
+    run: |
+      cd hack/pcr-reader/
+      go build -buildvcs=false .
+      echo "$(pwd)" >> $GITHUB_PATH
+      export PATH="$PATH:$(pwd)"
+    shell: bash
--- a/.github/actions/constellation_create/action.yml
+++ b/.github/actions/constellation_create/action.yml
@ -20,19 +20,43 @@ runs:
  using: 'composite'
  steps:
  - name: Install wireguard
-    run: sudo apt-get update && sudo apt-get install wireguard iproute2 -y
+    run: sudo apt-get update && sudo apt-get install wireguard iproute2 jq -y
    shell: bash
  - name: Install kubectl
    run: |
      curl -LO https://dl.k8s.io/release/v1.23.0/bin/linux/amd64/kubectl
      install kubectl /usr/local/bin
    shell: bash
+  - name: Install yq
+    run: |
+      sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64
+      sudo add-apt-repository ppa:rmescandon/yq
+      sudo apt update
+      sudo apt install yq -y
+    shell: bash
+
  - name: Constellation config generate
    run: |
      constellation config generate ${{ inputs.cloudProvider }}
    shell: bash
+
+  - name: Set latest Azure image
+    run: |
+      LATEST_AZURE_IMAGE=$(az sig image-version list --resource-group constellation-images --gallery-name Constellation --gallery-image-definition constellation-coreos --query "sort_by([], &publishingProfile.publishedDate)[].id" -o table | tail -n 1)
+      yq eval -i "(.provider.azure.image) = \"${LATEST_AZURE_IMAGE}\"" constellation-conf.yaml
+    shell: bash
+    if: ${{ inputs.cloudProvider == 'azure' }}
+  - name: Set latest GCP image
+    run: |
+      LATEST_GCP_IMAGE_TIMESTAMP=$(gcloud compute images list --filter="name~'constellation-coreos-\d{10}'" --sort-by=creationTimestamp --project constellation-images --format="table(name)" | tail -n 1 | cut -d '-' -f3)
+      yq eval -i "(.provider.gcp.image) = \"projects/constellation-images/global/images/constellation-coreos-${LATEST_GCP_IMAGE_TIMESTAMP}\"" constellation-conf.yaml
+    shell: bash
+    if: ${{ inputs.cloudProvider == 'gcp' }}
+
  - name: Constellation create
    run: |
+      echo "Creating cluster using config:"
+      cat constellation-conf.yaml
      constellation create ${{ inputs.cloudProvider }} -c ${{ inputs.controlNodesCount }} -w ${{ inputs.workerNodesCount }} -t ${{ inputs.machineType }} --name e2e-test -y
    shell: bash
  - name: Upload constellation-state.json
@ -41,6 +65,28 @@ runs:
      name: constellation-state.json
      path: constellation-state.json
    if: ${{ always() && !env.ACT }}
+
+  - name: Read Coordinator IP (Azure)
+    run: |
+      echo COORD_IP=$(jq -r .azurecoordinators[].PublicIP constellation-state.json) >> $GITHUB_ENV
+    shell: bash
+    if: ${{ inputs.cloudProvider == 'azure' }}
+  - name: Read Coordinator IP (GCP)
+    run: |
+      echo COORD_IP=$(jq -r .gcpcoordinators[].PublicIP constellation-state.json) >> $GITHUB_ENV
+    shell: bash
+    if: ${{ inputs.cloudProvider == 'gcp' }}
+  - name: Fetch PCRs
+    run: |
+      pcr-reader --coord-ip ${{ env.COORD_IP }} -o measurements.go
+    shell: bash
+  - name: Upload measurements
+    uses: actions/upload-artifact@v3
+    with:
+      name: measurements.go
+      path: measurements.go
+    if: ${{ !env.ACT }}
+
  - name: Constellation init
    run: |
      if [ ${{ inputs.autoscale }} = true ]; then autoscale=--autoscale; fi
--- a/.github/actions/e2e_test/action.yml
+++ b/.github/actions/e2e_test/action.yml
@ -59,7 +59,7 @@ runs:
      sonobuoyTestSuiteCmd: ${{ inputs.sonobuoyTestSuiteCmd }}

  - name: Notify teams channel
-    if: failure()
+    if: ${{ failure() && github.ref == 'refs/heads/main' }}
    run: |
      sudo apt-get install gettext-base -y
      export TEAMS_JOB_NAME=${{ inputs.cloudProvider }}
--- a/debugd/README.md
+++ b/debugd/README.md
@ -68,7 +68,7 @@ With `cdbg` and `yq` installed in your path:
 For GCP, run the following command to get a list of all constellation debug images, sorted by their creation date:

 ```shell
-gcloud compute images list --filter="name~'constellation-coreos-debugd.+'" --sort-by=~creationTimestamp --project constellation-images
+gcloud compute images list --filter="name~'constellation-coreos-debugd.+'" --sort-by=creationTimestamp --project constellation-images
 ```

 Choose the newest debugd image with the naming scheme `constellation-coreos-debugd-<timestamp>`.