Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-25 17:21:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

E2E tests on Azure (#109)

Browse Source
This commit is contained in:
Fabian Kammel 2022-05-04 13:52:27 +02:00 committed by GitHub
parent 8444d5c515
commit f8f5d20f5b
5 changed files with 83 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
.github/actions/azure_login/action.yml vendored Normal file
View File

@ -0,0 +1,29 @@
name: azure_login
description: "Login to Azure & configure az CLI."
inputs:
azure_credentials:
description: 'Credentials authorized to create Constellation on Azure.'
required: true
runs:
using: 'composite'
steps:
- name: Install az CLI
run: |
sudo apt-get update
sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg -y
curl -sL https://packages.microsoft.com/keys/microsoft.asc |
gpg --dearmor |
sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
AZ_REPO=$(lsb_release -cs)
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" |
sudo tee /etc/apt/sources.list.d/azure-cli.list
sudo apt-get update
sudo apt-get install azure-cli -y
az help
shell: bash
# As described at:
# https://github.com/Azure/login#configure-deployment-credentials
- name: Login to Azure
uses: azure/login@v1
with:
creds: ${{ inputs.azure_credentials }}

1
.github/actions/constellation_create/action.yml vendored
View File

@ -36,6 +36,7 @@ runs:
with: with:
name: constellation-state.json name: constellation-state.json
path: constellation-state.json path: constellation-state.json
if: ${{ !env.ACT }}
- name: Constellation init - name: Constellation init
run: | run: |
if [ ${{ inputs.autoscale }} = true ]; then autoscale=--autoscale; fi if [ ${{ inputs.autoscale }} = true ]; then autoscale=--autoscale; fi

2
.github/actions/sonobuoy/action.yml vendored
View File

@ -29,6 +29,6 @@ runs:
shell: bash shell: bash
- name: Publish test results - name: Publish test results
uses: mikepenz/action-junit-report@v3 uses: mikepenz/action-junit-report@v3
if: always() # always run even if the previous step fails if: ${{ !env.ACT }}
with: with:
report_paths: '**/junit_01.xml' report_paths: '**/junit_01.xml'

52
.github/docs/README.md vendored
View File

@ -2,7 +2,7 @@
## Manual Trigger (workflow_dispatch) ## Manual Trigger (workflow_dispatch)
It is currently not possible to run a `workflow_dispatch` based workflow on a specific branch from the WebUI. If you need to do this, use the [GitHub CLI](https://github.com/cli/cli): It is currently not possible to run a `workflow_dispatch` based workflow on a specific branch, while it is not yet available in `main` branch, from the WebUI. If you would like to test your pipeline changes on a branch, use the [GitHub CLI](https://github.com/cli/cli):
```bash ```bash
gh workflow run e2e-test.yml \ gh workflow run e2e-test.yml \
@ -17,7 +17,7 @@ gh workflow run e2e-test.yml \
Here are some examples for test suits you might want to run. Values for `sonobuoyTestSuiteCmd`: Here are some examples for test suits you might want to run. Values for `sonobuoyTestSuiteCmd`:
* `--mode quick` * `--mode quick`
* Runs a set of tests that are known to be quick to execute! * Runs a set of tests that are known to be quick to execute! (<1 min)
* `--e2e-focus "Services should be able to create a functioning NodePort service"` * `--e2e-focus "Services should be able to create a functioning NodePort service"`
* Runs a specific test * Runs a specific test
* `--mode certified-conformance` * `--mode certified-conformance`
@ -35,20 +35,47 @@ Using [nektos/act](https://github.com/nektos/act) you can run GitHub actions loc
act -j e2e-test act -j e2e-test
``` ```
### Wireguard ### Simulate a `workflow_dispatch` event
When running actions that use Wireguard, you need to provide additional capabilities to Docker: Create a new JSON file to describe the event ([relevant issue](https://github.com/nektos/act/issues/332), there are [no further information about structure of this file](https://github.com/nektos/act/blob/master/pkg/model/github_context.go#L11)):
```json
{
"action": "workflow_dispatch",
"inputs": {
"workerNodesCount": "2",
"controlNodesCount": "1",
"autoscale": false,
"cloudProvider": "gcp",
"machineType": "n2d-standard-2",
"sonobuoyTestSuiteCmd": "--mode quick"
}
}
```
Then run act with the event as input:
```bash ```bash
act --secret-file secrets.env --container-cap-add NET_ADMIN --container-cap-add SYS_MODULE --privileged act -j e2e-test --eventpath event.json
``` ```
### Wireguard
When running actions that use Wireguard, you need to provide privileged capabilities to Docker:
```bash
act --privileged
```
Make sure there is no wg0 interface configured on your machine, else this will fail inside container.
### Authorizing GCP ### Authorizing GCP
For creating Kubernetes clusters in GCP a local copy of the service account secret is required. For creating Kubernetes clusters in GCP a local copy of the service account secret is required.
1. [Create a new service account key](https://console.cloud.google.com/iam-admin/serviceaccounts/details/112741463528383500960/keys?authuser=0&project=constellation-331613&supportedpurview=project) 1. [Create a new service account key](https://console.cloud.google.com/iam-admin/serviceaccounts/details/112741463528383500960/keys?authuser=0&project=constellation-331613&supportedpurview=project)
2. Create a compact (one line) JSON representation of the file `jq -c` 2. Create a compact (one line) JSON representation of the file `jq -c`
3. Create a secrets file for act to consume: 3. Store in [GitHub Action Secret](https://github.com/edgelesssys/constellation/settings/secrets/actions) or create a local secret file for act to consume:
```bash ```bash
$ cat secrets.env $ cat secrets.env
@ -56,3 +83,16 @@ GCP_SERVICE_ACCOUNT={"type":"service_account", ... }
$ act --secret-file secrets.env $ act --secret-file secrets.env
``` ```
### Authorizing Azure
Create a new service principal:
```bash
az ad sp create-for-rbac --name "github-actions-e2e-tests" --role contributor --scopes /subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435 --sdk-auth
az role assignment create --role "User Access Administrator" --scope /subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435 --assignee <SERVICE_PRINCIPAL_CLIENT_ID>
```
Next, [add API permissions to Managed Identity](https://github.com/edgelesssys/wiki/blob/master/other_tech/azure.md#adding-api-permission-to-managed-identity)
Store output of `az ad sp ...` in [GitHub Action Secret](https://github.com/edgelesssys/constellation/settings/secrets/actions) or create a local secret file for act to consume.

8
.github/workflows/e2e-test.yml vendored
View File

@ -12,7 +12,7 @@ on:
default: '1' default: '1'
required: true required: true
autoscale: autoscale:
description: 'Enable / Disable autoscaling.' description: 'Autoscale?'
type: boolean type: boolean
default: false default: false
required: true required: true
@ -21,7 +21,7 @@ on:
type: choice type: choice
options: options:
- 'gcp' - 'gcp'
- 'azure_not_yet_supported' - 'azure'
default: 'gcp' default: 'gcp'
required: true required: true
machineType: machineType:
@ -50,6 +50,10 @@ jobs:
with: with:
gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
if: ${{ github.event.inputs.cloudProvider == 'gcp' }} if: ${{ github.event.inputs.cloudProvider == 'gcp' }}
- name: Login to Azure
uses: ./.github/actions/azure_login
with:
azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}
- name: Create cluster - name: Create cluster
uses: ./.github/actions/constellation_create uses: ./.github/actions/constellation_create