constellation/.github/docs/README.md
2022-05-04 13:52:27 +02:00

3.5 KiB

Actions & Workflows

Manual Trigger (workflow_dispatch)

It is currently not possible to run a workflow_dispatch based workflow on a specific branch, while it is not yet available in main branch, from the WebUI. If you would like to test your pipeline changes on a branch, use the GitHub CLI:

gh workflow run e2e-test.yml \
    --ref feat/e2e_pipeline \                       # On your specific branch!
    -F autoscale=false -F cloudProvider=gcp \       # With your ...
    -F controlNodesCount=1 -F workerNodesCount=2 \  # ... settings
    -F machineType=n2d-standard-2

E2E Test Suites

Here are some examples for test suits you might want to run. Values for sonobuoyTestSuiteCmd:

  • --mode quick
    • Runs a set of tests that are known to be quick to execute! (<1 min)
  • --e2e-focus "Services should be able to create a functioning NodePort service"
    • Runs a specific test
  • --mode certified-conformance
    • For K8s conformance certification test suite

Check Sonobuoy docs for more examples.

Local Development

Using nektos/act you can run GitHub actions locally.

Specific Jobs

act -j e2e-test

Simulate a workflow_dispatch event

Create a new JSON file to describe the event (relevant issue, there are no further information about structure of this file):

{
  "action": "workflow_dispatch",
  "inputs": {
      "workerNodesCount": "2",
      "controlNodesCount": "1",
      "autoscale": false,
      "cloudProvider": "gcp",
      "machineType": "n2d-standard-2",
      "sonobuoyTestSuiteCmd": "--mode quick"
  }
}

Then run act with the event as input:

act -j e2e-test --eventpath event.json

Wireguard

When running actions that use Wireguard, you need to provide privileged capabilities to Docker:

act --privileged

Make sure there is no wg0 interface configured on your machine, else this will fail inside container.

Authorizing GCP

For creating Kubernetes clusters in GCP a local copy of the service account secret is required.

  1. Create a new service account key
  2. Create a compact (one line) JSON representation of the file jq -c
  3. Store in GitHub Action Secret or create a local secret file for act to consume:
$ cat secrets.env
GCP_SERVICE_ACCOUNT={"type":"service_account", ... }

$ act --secret-file secrets.env

Authorizing Azure

Create a new service principal:

az ad sp create-for-rbac --name "github-actions-e2e-tests" --role contributor --scopes /subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435 --sdk-auth
az role assignment create --role "User Access Administrator" --scope /subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435 --assignee <SERVICE_PRINCIPAL_CLIENT_ID>

Next, add API permissions to Managed Identity

Store output of az ad sp ... in GitHub Action Secret or create a local secret file for act to consume.