constellation/.github/workflows/generate-measurements.yml
Fabian Kammel 21436e6592
use release cosign key only when releasing (#331)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-20 15:59:17 +02:00

84 lines
3.3 KiB
YAML

name: Generate measurements manually
on:
workflow_dispatch:
inputs:
cloudProvider:
description: "Which cloud provider to use."
type: choice
options:
- "azure"
- "gcp"
default: "gcp"
required: true
coreosImage:
description: "CoreOS image (full path). Examples are in internal/config/config.go."
type: string
required: true
isDebugImage:
description: "Is CoreOS image a debug image?"
type: boolean
required: true
jobs:
generate-measurements-manual:
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
- name: Setup Go environment
uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # tag=v3.3.1
with:
go-version: "1.19.2"
- name: Login to Azure
if: ${{ github.event.inputs.cloudProvider == 'azure' }}
uses: ./.github/actions/azure_login
with:
azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}
- name: Create Azure resource group
id: az_resource_group_gen
if: ${{ github.event.inputs.cloudProvider == 'azure' }}
shell: bash
run: |
uuid=$(cat /proc/sys/kernel/random/uuid)
name=e2e-test-${uuid%%-*}
az group create --location westus --name $name --tags e2e
echo "res_group_name=$name" >> $GITHUB_OUTPUT
- name: Create Cluster & Generate Measurements
uses: ./.github/actions/generate_measurements
with:
cloudProvider: ${{ github.event.inputs.cloudProvider }}
gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
azureClientSecret: ${{ secrets.AZURE_E2E_CLIENT_SECRET }}
azureResourceGroup: ${{ steps.az_resource_group_gen.outputs.res_group_name }}
coreosImage: ${{ github.event.inputs.coreosImage }}
isDebugImage: ${{ github.event.inputs.isDebugImage }}
cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
awsAccessKeyID: ${{ secrets.AWS_ACCESS_KEY_ID }}
awsSecretAccessKey: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
awsDefaultRegion: ${{ secrets.AWS_DEFAULT_REGION }}
awsBucketName: ${{ secrets.PUBLIC_BUCKET_NAME }}
- name: Always terminate cluster
if: always()
continue-on-error: true
uses: ./.github/actions/constellation_destroy
- name: Always destroy Azure resource group
if: ${{ always() && github.event.inputs.cloudProvider == 'azure' }}
shell: bash
run: |
az group delete \
--name ${{ steps.az_resource_group_gen.outputs.res_group_name }} \
--force-deletion-types Microsoft.Compute/virtualMachineScaleSets \
--force-deletion-types Microsoft.Compute/virtualMachines \
--no-wait \
--yes