name: E2E meta test description: "This test does the infrastructure management and runs the e2e test of your choice." inputs: workerNodesCount: description: "Number of worker nodes to spawn." required: false default: "2" controlNodesCount: description: "Number of control-plane nodes to spawn." required: false default: "3" cloudProvider: description: "Which cloud provider to use." required: true machineType: description: "VM machine type. Make sure it matches selected cloud provider!" required: false osImage: description: "OS image to run." required: true isDebugImage: description: "Is OS img a debug img?" default: "true" required: true kubernetesVersion: description: "Kubernetes version to create the cluster from." required: false gcpProject: description: "The GCP project to deploy Constellation in." required: false gcp_service_account_json: description: "Service account with permissions to create Constellation on GCP." required: false gcpClusterServiceAccountKey: description: "Service account to use inside the created Constellation cluster on GCP." required: false azureSubscription: description: "The Azure subscription ID to deploy Constellation in." required: false azureTenant: description: "The Azure tenant ID to deploy Constellation in." required: false azureClientID: description: "The client ID of the application registration created for Constellation in Azure." required: false azureClientSecret: description: "The client secret value of the used secret" required: false azureUserAssignedIdentity: description: "The Azure user assigned identity to use for Constellation." required: false azureResourceGroup: description: "The resource group to use" required: false test: description: "The test to run. Can currently be one of [sonobuoy full, sonobuoy quick, autoscaling, k-bench, nop]." required: true sonobuoyTestSuiteCmd: description: "The sonobuoy test suite to run." required: false outputs: kubeconfig: description: "The kubeconfig for the cluster." value: ${{ steps.constellation-create.outputs.kubeconfig }} runs: using: "composite" steps: - name: Check input if: ${{ !contains(fromJson('["sonobuoy full", "sonobuoy quick", "autoscaling", "k-bench", "nop"]'), inputs.test) }} shell: bash run: | echo "Invalid input for test field: ${{ inputs.test }}" exit 1 # K-Bench's network benchmarks require at least two distinct worker nodes. - name: Validate k-bench inputs if: inputs.test == 'k-bench' shell: bash run: | if [[ "${{ inputs.workerNodesCount }}" -lt 2 ]]; then echo "::error::Test K-Bench requires at least 2 worker nodes." exit 1 fi - name: Determine build target id: determine-build-target shell: bash run: | echo "hostOS=$(go env GOOS)" >> $GITHUB_OUTPUT echo "hostArch=$(go env GOARCH)" >> $GITHUB_OUTPUT - name: Build CLI uses: ./.github/actions/build_cli with: targetOS: ${{ steps.determine-build-target.outputs.hostOS }} targetArch: ${{ steps.determine-build-target.outputs.hostArch }} # macOS runners don't have Docker preinstalled, so they cannot build the bootstrapper. # But we can use a Linux runner to build it and store/retrieve it from the action cache. - name: Download the bootstrapper from cache id: download-bootstrapper-cache if: inputs.isDebugImage == 'true' && runner.os == 'macOS' uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3.0.11 with: key: bootstrapper-${{ github.sha }} path: "build/bootstrapper" - name: Build the bootstrapper id: build-bootstrapper if: inputs.isDebugImage == 'true' && runner.os != 'macOS' uses: ./.github/actions/build_bootstrapper - name: Build cdbg id: build-cdbg if: inputs.isDebugImage == 'true' uses: ./.github/actions/build_cdbg with: targetOS: ${{ steps.determine-build-target.outputs.hostOS }} targetArch: ${{ steps.determine-build-target.outputs.hostArch }} - name: Login to GCP if: inputs.cloudProvider == 'gcp' uses: ./.github/actions/login_gcp with: gcp_service_account_json: ${{ inputs.gcp_service_account_json }} - name: Login to AWS if: inputs.cloudProvider == 'aws' uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # tag=v1.7.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2E aws-region: eu-central-1 # extend token expiry to 6 hours to ensure constellation can terminate role-duration-seconds: 21600 - name: Create cluster id: constellation-create uses: ./.github/actions/constellation_create with: cloudProvider: ${{ inputs.cloudProvider }} gcpProject: ${{ inputs.gcpProject }} gcpClusterServiceAccountKey: ${{ inputs.gcpClusterServiceAccountKey }} workerNodesCount: ${{ inputs.workerNodesCount }} controlNodesCount: ${{ inputs.controlNodesCount }} machineType: ${{ inputs.machineType }} osImage: ${{ inputs.osImage }} isDebugImage: ${{ inputs.isDebugImage }} kubernetesVersion: ${{ inputs.kubernetesVersion }} azureSubscription: ${{ inputs.azureSubscription }} azureTenant: ${{ inputs.azureTenant }} azureClientID: ${{ inputs.azureClientID }} azureClientSecret: ${{ inputs.azureClientSecret }} azureUserAssignedIdentity: ${{ inputs.azureUserAssignedIdentity }} azureResourceGroup: ${{ inputs.azureResourceGroup }} # # Test payloads # - name: Nop test payload if: inputs.test == 'nop' shell: bash run: echo "::warning::This test has a nop payload. It doesn't run any tests." - name: Run sonobuoy quick test if: inputs.test == 'sonobuoy quick' uses: ./.github/actions/e2e_sonobuoy with: sonobuoyTestSuiteCmd: "--mode quick" kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }} - name: Run sonobuoy full test if: inputs.test == 'sonobuoy full' uses: ./.github/actions/e2e_sonobuoy with: # TODO: Remove E2E_SKIP once AB#2174 is resolved sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml' kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }} - name: Run autoscaling test if: inputs.test == 'autoscaling' uses: ./.github/actions/e2e_autoscaling with: kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }} - name: Run K-Bench if: inputs.test == 'k-bench' uses: ./.github/actions/e2e_kbench with: cloudProvider: ${{ inputs.cloudProvider }} kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}