name: e2e test weekly on: workflow_dispatch: schedule: - cron: "0 3 * * 6" # At 03:00 on Saturday. jobs: find-latest-image: strategy: fail-fast: false matrix: refStream: ["ref/main/stream/nightly/?","ref/main/stream/debug/?", "ref/release/stream/stable/?"] name: Find latest image runs-on: ubuntu-22.04 permissions: id-token: write contents: read outputs: image-main-debug: ${{ steps.relabel-output.outputs.image-main-debug }} image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }} image-main-nightly: ${{ steps.relabel-output.outputs.image-main-nightly }} steps: - name: Checkout uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Select relevant image id: select-image-action uses: ./.github/actions/select_image with: osImage: ${{ matrix.refStream }} - name: Relabel output id: relabel-output shell: bash run: | ref=$(echo ${{ matrix.refStream }} | cut -d/ -f2) stream=$(echo ${{ matrix.refStream }} | cut -d/ -f4) echo "image-$ref-$stream=${{ steps.select-image-action.outputs.osImage }}" | tee -a "$GITHUB_OUTPUT" e2e-weekly: strategy: fail-fast: false max-parallel: 4 matrix: include: # # Tests on main-debug refStream # # sonobuoy full test on all k8s versions - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" provider: "gcp" kubernetes-version: "v1.28" - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" provider: "azure" kubernetes-version: "v1.28" - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" provider: "aws" kubernetes-version: "v1.28" - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" provider: "gcp" kubernetes-version: "v1.27" - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" provider: "azure" kubernetes-version: "v1.27" - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" provider: "aws" kubernetes-version: "v1.27" - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" provider: "gcp" kubernetes-version: "v1.26" - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" provider: "azure" kubernetes-version: "v1.26" - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" provider: "aws" kubernetes-version: "v1.26" # verify test on latest k8s version - test: "verify" refStream: "ref/main/stream/debug/?" provider: "gcp" kubernetes-version: "v1.28" - test: "verify" refStream: "ref/main/stream/debug/?" provider: "azure" kubernetes-version: "v1.28" azureSNPEnforcementPolicy: "equal" # This run checks for unknown ID Key disgests. - test: "verify" provider: "aws" refStream: "ref/main/stream/debug/?" kubernetes-version: "v1.28" # recover test on latest k8s version - test: "recover" refStream: "ref/main/stream/debug/?" provider: "gcp" kubernetes-version: "v1.28" - test: "recover" refStream: "ref/main/stream/debug/?" provider: "azure" kubernetes-version: "v1.28" - test: "recover" refStream: "ref/main/stream/debug/?" provider: "aws" kubernetes-version: "v1.28" # lb test on latest k8s version - test: "lb" refStream: "ref/main/stream/debug/?" provider: "gcp" kubernetes-version: "v1.28" - test: "lb" refStream: "ref/main/stream/debug/?" provider: "azure" kubernetes-version: "v1.28" - test: "lb" refStream: "ref/main/stream/debug/?" provider: "aws" kubernetes-version: "v1.28" # autoscaling test on latest k8s version - test: "autoscaling" refStream: "ref/main/stream/debug/?" provider: "gcp" kubernetes-version: "v1.28" - test: "autoscaling" refStream: "ref/main/stream/debug/?" provider: "azure" kubernetes-version: "v1.28" - test: "autoscaling" refStream: "ref/main/stream/debug/?" provider: "aws" kubernetes-version: "v1.28" # perf-bench test on latest k8s version, not supported on AWS - test: "perf-bench" refStream: "ref/main/stream/debug/?" provider: "gcp" kubernetes-version: "v1.28" - test: "perf-bench" refStream: "ref/main/stream/debug/?" provider: "azure" kubernetes-version: "v1.28" # malicious join test on latest k8s version - test: "malicious join" refStream: "ref/main/stream/debug/?" provider: "gcp" kubernetes-version: "v1.28" - test: "malicious join" refStream: "ref/main/stream/debug/?" provider: "azure" kubernetes-version: "v1.28" - test: "malicious join" refStream: "ref/main/stream/debug/?" provider: "aws" kubernetes-version: "v1.28" # self-managed infra test on latest k8s version # with Sonobuoy full - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" provider: "gcp" kubernetes-version: "v1.28" selfManagedInfra: "true" - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" provider: "azure" kubernetes-version: "v1.28" selfManagedInfra: "true" - test: "sonobuoy full" provider: "aws" refStream: "ref/main/stream/debug/?" kubernetes-version: "v1.28" selfManagedInfra: "true" # s3proxy test on latest k8s version - test: "s3proxy" refStream: "ref/main/stream/debug/?" provider: "gcp" kubernetes-version: "v1.28" # # Tests on release-stable refStream # # verify test on default k8s version - test: "verify" refStream: "ref/release/stream/stable/?" provider: "gcp" kubernetes-version: "v1.27" - test: "verify" refStream: "ref/release/stream/stable/?" provider: "azure" kubernetes-version: "v1.27" - test: "verify" refStream: "ref/release/stream/stable/?" provider: "aws" kubernetes-version: "v1.27" runs-on: ubuntu-22.04 permissions: id-token: write checks: write contents: read packages: write needs: [find-latest-image] steps: - name: Check out repository uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Run E2E test id: e2e_test uses: ./.github/actions/e2e_test with: workerNodesCount: "2" controlNodesCount: "3" cloudProvider: ${{ matrix.provider }} osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || needs.find-latest-image.outputs.image-main-debug }} isDebugImage: ${{ matrix.refStream == 'ref/main/stream/debug/?' }} cliVersion: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || '' }} kubernetesVersion: ${{ matrix.kubernetes-version }} refStream: ${{ matrix.refStream }} awsOpenSearchDomain: ${{ secrets.AWS_OPENSEARCH_DOMAIN }} awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }} awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }} gcpProject: constellation-e2e gcpClusterCreateServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com" gcpIAMCreateServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com" test: ${{ matrix.test }} buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} registry: ghcr.io githubToken: ${{ secrets.GITHUB_TOKEN }} cosignPassword: ${{ secrets.COSIGN_PASSWORD }} cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} fetchMeasurements: ${{ matrix.refStream != 'ref/release/stream/stable/?' }} azureSNPEnforcementPolicy: ${{ matrix.azureSNPEnforcementPolicy }} selfManagedInfra: ${{ matrix.selfManagedInfra == 'true' }} s3AccessKey: ${{ secrets.AWS_ACCESS_KEY_ID_S3PROXY }} s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }} - name: Always terminate cluster if: always() uses: ./.github/actions/constellation_destroy with: kubeconfig: ${{ steps.e2e_test.outputs.kubeconfig }} selfManagedInfra: ${{ matrix.selfManagedInfra == 'true' }} cloudProvider: ${{ matrix.provider }} azureClusterDeleteCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} gcpClusterDeleteServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com" - name: Always delete IAM configuration if: always() uses: ./.github/actions/constellation_iam_destroy with: cloudProvider: ${{ matrix.provider }} azureCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} gcpServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com" - name: Notify about failure if: | failure() && github.ref == 'refs/heads/main' && github.event_name == 'schedule' continue-on-error: true uses: ./.github/actions/notify_e2e_failure with: projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }} refStream: ${{ matrix.refStream }} test: ${{ matrix.test }} kubernetesVersion: ${{ matrix.kubernetes-version }} provider: ${{ matrix.provider }} selfManagedInfra: ${{ matrix.selfManagedInfra == 'true' }} e2e-upgrade: strategy: fail-fast: false max-parallel: 1 matrix: fromVersion: ["v2.13.0"] cloudProvider: ["gcp", "azure", "aws"] name: Run upgrade tests secrets: inherit permissions: id-token: write checks: write contents: read packages: write uses: ./.github/workflows/e2e-upgrade.yml with: fromVersion: ${{ matrix.fromVersion }} cloudProvider: ${{ matrix.cloudProvider }} nodeCount: '3:2' scheduled: ${{ github.event_name == 'schedule' }} e2e-mini: name: Run miniconstellation E2E test runs-on: ubuntu-22.04 environment: e2e permissions: id-token: write contents: read packages: write steps: - name: Checkout id: checkout uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Azure login OIDC uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 with: client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Run e2e MiniConstellation uses: ./.github/actions/e2e_mini with: azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} azureTenantID: ${{ secrets.AZURE_TENANT_ID }} buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} registry: ghcr.io githubToken: ${{ secrets.GITHUB_TOKEN }} - name: Notify about failure if: | failure() && github.ref == 'refs/heads/main' && github.event_name == 'schedule' continue-on-error: true uses: ./.github/actions/notify_e2e_failure with: projectWriteToken: ${{ secrets.PROJECT_WRITE_TOKEN }} test: "MiniConstellation" provider: "QEMU" e2e-windows: name: Run Windows E2E test permissions: id-token: write contents: read packages: write secrets: inherit uses: ./.github/workflows/e2e-windows.yml with: scheduled: ${{ github.event_name == 'schedule' }} e2e-tf-module: name: Test Terraform Module strategy: fail-fast: false max-parallel: 5 matrix: include: - provider: "gcp" - provider: "aws" - provider: "azure" permissions: id-token: write contents: read packages: write secrets: inherit uses: ./.github/workflows/e2e-test-tf-module.yml with: cloudProvider: "${{ matrix.provider }}"