name: e2e test release # This workflow is not integrated with e2e-test-weekly since we want different tests to run during weekly and release testing. # To integrate both tests we would need to pass executed tests as arguments. # Defining the executed tests is currently the main point of the e2e-test-weekly workflow. # e2e-test-release runs the same tests as e2e-test-weekly except: # - any tests on the last release # - loadbalancer tests for AWS. Test test is currently broken and should not block a release. AB#2780. # # The workflow is triggered as the last step of the release workflow. on: workflow_dispatch: inputs: ref: type: string description: "Git ref to checkout" required: false targetVersion: type: string description: "Target version to test" required: true regionZone: description: "Region or zone to run e2e tests in. Leave empty for default region/zone." type: string workflow_call: inputs: ref: type: string description: "Git ref to checkout" required: true targetVersion: type: string description: "Target version to test" required: true jobs: e2e-tests: strategy: fail-fast: false max-parallel: 9 matrix: include: # # Tests on ubuntu runner # # sonobuoy full test on all k8s versions - test: "sonobuoy full" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.29" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.29" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.29" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "azure-tdx" kubernetes-version: "v1.29" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.29" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.28" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.28" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.28" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "azure-tdx" kubernetes-version: "v1.28" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.28" runner: "ubuntu-22.04" clusterCreation: "cli" # verify test on latest k8s version - test: "verify" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "verify" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "verify" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "verify" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "verify" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" # recover test on latest k8s version - test: "recover" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "recover" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "recover" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "recover" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "recover" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" # lb test on latest k8s version - test: "lb" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "lb" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "lb" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "lb" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "lb" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" # autoscaling test on latest k8s version - test: "autoscaling" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "autoscaling" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "autoscaling" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "autoscaling" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "autoscaling" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" # perf-bench test on latest k8s version - test: "perf-bench" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "perf-bench" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "perf-bench" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "perf-bench" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "perf-bench" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" # s3proxy test on latest k8s version - test: "s3proxy" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" # malicious join test on latest k8s version - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" clusterCreation: "cli" runner: "ubuntu-22.04" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" clusterCreation: "cli" runner: "ubuntu-22.04" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" clusterCreation: "cli" runner: "ubuntu-22.04" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" clusterCreation: "cli" runner: "ubuntu-22.04" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" clusterCreation: "cli" runner: "ubuntu-22.04" # # Tests on macOS runner # # Skipping verify test on MacOS since the runner uses a different version of sed # TODO(3u13r): Update verify test to work on MacOS runners # - test: "verify" # attestationVariant: "azure-sev-snp" # kubernetes-version: "v1.30" # runner: "macos-12" - test: "recover" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" runner: "macos-12" clusterCreation: "cli" runs-on: ${{ matrix.runner }} permissions: id-token: write checks: write contents: read packages: write actions: write steps: - name: Install the basics tools (macOS) if: runner.os == 'macOS' shell: bash run: brew install coreutils kubectl bash - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ inputs.ref || github.head_ref }} - name: Split attestationVariant id: split-attestationVariant shell: bash run: | attestationVariant="${{ matrix.attestationVariant }}" cloudProvider="${attestationVariant%%-*}" echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT" - name: Set up gcloud CLI (macOS) if: steps.split-attestationVariant.outputs.provider == 'gcp' && runner.os == 'macOS' uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0 - name: Run E2E test id: e2e_test uses: ./.github/actions/e2e_test with: workerNodesCount: "2" controlNodesCount: "3" cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }} attestationVariant: ${{ matrix.attestationVariant }} cliVersion: "" kubernetesVersion: ${{ matrix.kubernetes-version }} osImage: "" isDebugImage: "false" regionZone: ${{ inputs.regionZone }} awsOpenSearchDomain: ${{ secrets.AWS_OPENSEARCH_DOMAIN }} awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }} awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }} gcpProject: constellation-e2e gcpClusterCreateServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com" gcpIAMCreateServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com" test: ${{ matrix.test }} azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} registry: ghcr.io cosignPassword: ${{ secrets.COSIGN_PASSWORD }} cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} githubToken: ${{ secrets.GITHUB_TOKEN }} clusterCreation: ${{ matrix.clusterCreation }} s3AccessKey: ${{ secrets.AWS_ACCESS_KEY_ID_S3PROXY }} s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }} encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() uses: ./.github/actions/constellation_destroy with: kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }} clusterCreation: ${{ matrix.clusterCreation }} cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }} azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com" - name: Always delete IAM configuration if: always() uses: ./.github/actions/constellation_iam_destroy with: cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }} azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com" - name: Update tfstate if: always() env: GH_TOKEN: ${{ github.token }} uses: ./.github/actions/update_tfstate with: name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }} runID: ${{ github.run_id }} encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} e2e-upgrade: strategy: fail-fast: false max-parallel: 1 matrix: fromVersion: ["v2.18.0"] attestationVariant: ["gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] name: Run upgrade tests secrets: inherit permissions: id-token: write contents: read checks: write packages: write actions: write uses: ./.github/workflows/e2e-upgrade.yml with: fromVersion: ${{ matrix.fromVersion }} toImage: ${{ inputs.targetVersion }} attestationVariant: ${{ matrix.attestationVariant }} nodeCount: '3:2' gitRef: ${{ inputs.ref || github.head_ref }}