name: e2e test daily on: workflow_dispatch: schedule: - cron: "0 3 * * 2-5" # At 03:00 on every day-of-week from Tuesday through Friday. jobs: find-latest-image: strategy: fail-fast: false matrix: refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"] name: Find latest image runs-on: ubuntu-22.04 permissions: id-token: write contents: read outputs: image-main-debug: ${{ steps.relabel-output.outputs.image-main-debug }} image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }} steps: - name: Checkout uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Select relevant image id: select-image-action uses: ./.github/actions/select_image with: osImage: ${{ matrix.refStream }} - name: Relabel output id: relabel-output shell: bash run: | ref=$(echo ${{ matrix.refStream }} | cut -d/ -f2) stream=$(echo ${{ matrix.refStream }} | cut -d/ -f4) echo "image-$ref-$stream=${{ steps.select-image-action.outputs.osImage }}" | tee -a "$GITHUB_OUTPUT" e2e-daily: strategy: fail-fast: false max-parallel: 5 matrix: kubernetesVersion: ["1.27"] # should be default provider: ["gcp", "azure", "aws"] refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"] test: ["sonobuoy full"] runs-on: ubuntu-22.04 permissions: id-token: write checks: write contents: read packages: write needs: [find-latest-image] steps: - name: Check out repository uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Run E2E test id: e2e_test uses: ./.github/actions/e2e_test with: workerNodesCount: "2" controlNodesCount: "3" cloudProvider: ${{ matrix.provider }} osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || needs.find-latest-image.outputs.image-main-debug }} isDebugImage: ${{ matrix.refStream == 'ref/main/stream/debug/?' }} cliVersion: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || '' }} refStream: ${{ matrix.refStream }} gcpProject: ${{ secrets.GCP_E2E_PROJECT }} gcpClusterCreateServiceAccount: "constellation-e2e-cluster@constellation-331613.iam.gserviceaccount.com" gcpIAMCreateServiceAccount: "constellation-iam-e2e@constellation-331613.iam.gserviceaccount.com" gcpInClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }} kubernetesVersion: ${{ matrix.kubernetesVersion }} test: ${{ matrix.test }} buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} registry: ghcr.io githubToken: ${{ secrets.GITHUB_TOKEN }} cosignPassword: ${{ secrets.COSIGN_PASSWORD }} cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} fetchMeasurements: ${{ matrix.refStream != 'ref/release/stream/stable/?' }} awsOpenSearchDomain: ${{ secrets.AWS_OPENSEARCH_DOMAIN }} awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }} awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }} - name: Always terminate cluster if: always() uses: ./.github/actions/constellation_destroy with: kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }} - name: Always delete IAM configuration if: always() uses: ./.github/actions/constellation_iam_destroy with: cloudProvider: ${{ matrix.provider }} azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} gcpServiceAccount: "constellation-iam-e2e@constellation-331613.iam.gserviceaccount.com" - name: Always upload Terraform logs if: always() uses: ./.github/actions/upload_terraform_logs with: artifactNameSuffix: ${{ steps.e2e_test.outputs.namePrefix }} - name: Notify about failure if: | failure() && github.ref == 'refs/heads/main' && github.event_name == 'schedule' continue-on-error: true uses: ./.github/actions/notify_failure with: projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }} teamsWebhookUri: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} refStream: ${{ matrix.refStream }} test: ${{ matrix.test }} kubernetesVersion: ${{ matrix.kubernetesVersion }} provider: ${{ matrix.provider }} e2e-mini: name: Run miniconstellation E2E test runs-on: ubuntu-22.04 environment: e2e permissions: id-token: write contents: read packages: write steps: - name: Checkout id: checkout uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Azure login OIDC uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Run e2e MiniConstellation uses: ./.github/actions/e2e_mini with: azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} azureTenantID: ${{ secrets.AZURE_TENANT_ID }} buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} registry: ghcr.io githubToken: ${{ secrets.GITHUB_TOKEN }} - name: Notify about failure if: | failure() && github.ref == 'refs/heads/main' && github.event_name == 'schedule' continue-on-error: true uses: ./.github/actions/notify_failure with: projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }} teamsWebhookUri: ${{ secrets.MS_TEAMS_WEBHOOK_URI }} test: "MiniConstellation" provider: "QEMU"