E2E tests on Azure (#109)

.github/actions/azure_login/action.yml

@@ -0,0 +1,29 @@
+name: azure_login
+description: "Login to Azure & configure az CLI."
+inputs:
+  azure_credentials:
+    description: 'Credentials authorized to create Constellation on Azure.'
+    required: true
+runs:
+  using: 'composite'
+  steps:
+  - name: Install az CLI
+    run: |
+      sudo apt-get update
+      sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg -y
+      curl -sL https://packages.microsoft.com/keys/microsoft.asc |
+        gpg --dearmor |
+        sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
+      AZ_REPO=$(lsb_release -cs)
+      echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" |
+          sudo tee /etc/apt/sources.list.d/azure-cli.list
+      sudo apt-get update
+      sudo apt-get install azure-cli -y
+      az help
+    shell: bash
+  # As described at:
+  # https://github.com/Azure/login#configure-deployment-credentials
+  - name: Login to Azure
+    uses: azure/login@v1
+    with:
+      creds: ${{ inputs.azure_credentials }}

.github/actions/constellation_create/action.yml

@@ -36,6 +36,7 @@ runs:
     with:
       name: constellation-state.json
       path: constellation-state.json
+    if: ${{ !env.ACT }}
   - name: Constellation init
     run: |
       if [ ${{ inputs.autoscale }} = true ]; then autoscale=--autoscale; fi

.github/actions/sonobuoy/action.yml

@@ -29,6 +29,6 @@ runs:
     shell: bash
   - name: Publish test results
     uses: mikepenz/action-junit-report@v3
-    if: always() # always run even if the previous step fails
+    if: ${{ !env.ACT }}
     with:
       report_paths: '**/junit_01.xml'

.github/docs/README.md

@@ -2,7 +2,7 @@
 
 ## Manual Trigger (workflow_dispatch)
 
-It is currently not possible to run a `workflow_dispatch` based workflow on a specific branch from the WebUI. If you need to do this, use the [GitHub CLI](https://github.com/cli/cli):
+It is currently not possible to run a `workflow_dispatch` based workflow on a specific branch, while it is not yet available in `main` branch, from the WebUI. If you would like to test your pipeline changes on a branch, use the [GitHub CLI](https://github.com/cli/cli):
 
 ```bash
 gh workflow run e2e-test.yml \
@@ -17,7 +17,7 @@ gh workflow run e2e-test.yml \
 Here are some examples for test suits you might want to run. Values for `sonobuoyTestSuiteCmd`:
 
 * `--mode quick`
-    * Runs a set of tests that are known to be quick to execute!
+    * Runs a set of tests that are known to be quick to execute! (<1 min)
 * `--e2e-focus "Services should be able to create a functioning NodePort service"`
     * Runs a specific test
 * `--mode certified-conformance`
@@ -35,20 +35,47 @@ Using [nektos/act](https://github.com/nektos/act) you can run GitHub actions loc
 act -j e2e-test
 ```
 
-### Wireguard
+### Simulate a `workflow_dispatch` event
 
-When running actions that use Wireguard, you need to provide additional capabilities to Docker:
+Create a new JSON file to describe the event ([relevant issue](https://github.com/nektos/act/issues/332), there are [no further information about structure of this file](https://github.com/nektos/act/blob/master/pkg/model/github_context.go#L11)):
+
+```json
+{
+  "action": "workflow_dispatch",
+  "inputs": {
+      "workerNodesCount": "2",
+      "controlNodesCount": "1",
+      "autoscale": false,
+      "cloudProvider": "gcp",
+      "machineType": "n2d-standard-2",
+      "sonobuoyTestSuiteCmd": "--mode quick"
+  }
+}
+```
+
+Then run act with the event as input:
 
 ```bash
-act --secret-file secrets.env --container-cap-add NET_ADMIN --container-cap-add SYS_MODULE --privileged
+act -j e2e-test --eventpath event.json
 ```
+
+### Wireguard
+
+When running actions that use Wireguard, you need to provide privileged capabilities to Docker:
+
+```bash
+act --privileged
+```
+
+Make sure there is no wg0 interface configured on your machine, else this will fail inside container.
+
 ### Authorizing GCP
 
 For creating Kubernetes clusters in GCP a local copy of the service account secret is required.
 
 1. [Create a new service account key](https://console.cloud.google.com/iam-admin/serviceaccounts/details/112741463528383500960/keys?authuser=0&project=constellation-331613&supportedpurview=project)
 2. Create a compact (one line) JSON representation of the file `jq -c`
-3. Create a secrets file for act to consume:
+3. Store in [GitHub Action Secret](https://github.com/edgelesssys/constellation/settings/secrets/actions) or create a local secret file for act to consume:
 
 ```bash
 $ cat secrets.env
@@ -56,3 +83,16 @@ GCP_SERVICE_ACCOUNT={"type":"service_account", ... }
 
 $ act --secret-file secrets.env
 ```
+
+### Authorizing Azure
+
+Create a new service principal:
+
+```bash
+az ad sp create-for-rbac --name "github-actions-e2e-tests" --role contributor --scopes /subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435 --sdk-auth
+az role assignment create --role "User Access Administrator" --scope /subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435 --assignee <SERVICE_PRINCIPAL_CLIENT_ID>
+```
+
+Next, [add API permissions to Managed Identity](https://github.com/edgelesssys/wiki/blob/master/other_tech/azure.md#adding-api-permission-to-managed-identity)
+
+Store output of `az ad sp ...` in [GitHub Action Secret](https://github.com/edgelesssys/constellation/settings/secrets/actions) or create a local secret file for act to consume.

.github/workflows/e2e-test.yml

@@ -12,7 +12,7 @@ on:
         default: '1'
         required: true
       autoscale:
-        description: 'Enable / Disable autoscaling.'
+        description: 'Autoscale?'
         type: boolean
         default: false
         required: true
@@ -21,7 +21,7 @@ on:
         type: choice
         options:
           - 'gcp'
-          - 'azure_not_yet_supported'
+          - 'azure'
         default: 'gcp'
         required: true
       machineType:
@@ -50,6 +50,10 @@ jobs:
       with:
         gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
       if: ${{ github.event.inputs.cloudProvider == 'gcp' }}
+    - name: Login to Azure
+      uses: ./.github/actions/azure_login
+      with:
+        azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}
 
     - name: Create cluster
       uses: ./.github/actions/constellation_create